pull down to refresh
This is someone who enjoys burning money. By investing in something that has never passed its 2017 ATH. By mining something that's less profitable than faucet farming. By posting on SN and getting zero tips. He doesn't deserve our replies.
at least his name is an advance warning.
Every currency in human history has been totally private, so we have no other similar disaster scenario to even compare this to.
You go on to """refute""" this point, but really you don't address this at all. The simple fact of the matter is that bitcoin reveals all transactions on a public ledger, which is a significant downgrade in privacy compared to most forms of money for most human history, even credit cards, and this obviously will restrict the way in which people will be able to use it safely. If bitcoin becomes mainstream, its lack of privacy will be abused by criminals to extort businesses, it will be abused by foreign governments to crush dissent.
Your ""rebuttal""" here is just that we can't compare bitcoin to traditional money. Yeah? Well we can compare it to monero or zcoin which does retain privacy characteristics of traditional cash while maintaining the decentralization of bitcoin. The question is this: why shouldn't bitcoin be upgraded to include real privacy measures?
Now we have coinjoin collaborative spend implementations which do a level of privacy and I think we could have serious discussions about making Bitcoin wallets default to a coinjoin.
CoinJoin is not an effective privacy measure because the anonymity set is tiny. The only way to get acceptable privacy in this day and age is to use ring signatures or zk-SNARKS because you need those with good coins to protect those with tainted coins. Even if you don't get caught, you are dealing with someone else's tainted coins because mixing is non-mandatory in bitcoin. In a mandatory-privacy system like monero, all coins are equally "tainted" to outsiders and the only possible concern is output poisoning (which is a probabilistic attack).
With ring signatures, for example, you don't need to co-ordinate with anyone (so long as you are reasonably careful in decoy selection) because you don't need anyone else's permission to use their outputs as decoys. In contrast, CoinJoin is reliant on a centralized coordination server, and weak to sybil attacks to the extent that it decentralized. CopeJoin: not as decentralized as once thought! https://www.coindesk.com/tech/2022/03/14/wasabi-wallets-coinjoin-coordinator-to-blacklist-certain-bitcoin-transactions/
Furthermore, there is no way that everyone on Bitcoin can use CoinJoin to get a comparable level of privacy to Zcoin, Monero, etc. because of the limited blocksize. Even for the few that are able to use CoinJoin, the fees will be exorbitant.
On bitcoin, the only way to get acceptable privacy is through CoinSwaps, which is essentially the same thing as depositing and withdrawing from a custodial exchange. This actually works because it severs the link between your input and your output on-chain, but it requires that you trust the swapper not to rat you out. Like CoinJoin it is centralized and weak because there is not a big enough crowd for you to hide in. Authorities can safely assume that all transactions that have gone through CoinJoin are involved in some unlawful activity (if not directly, then through money laundering), and can force businesses not to accept coins originating those outputs.
The creator of Bitcoin also intended for Bitcoin to have a casino in Bitcoin core, which proved to be bloat. [...] For things like a value overflow incident
Monero is a lot less bloated than Bitcoin so these issues won't come up. Monero does not even have scripting so that class of attack won't even occur. Bulletproofs are pretty solid mathematicially. Even if you are against bloat, the solution is pretty clear: just reduce the attack/vuln surface of bitcoin by removing all unnecessary features from bitcoin through the use of a hard fork.
The government wants to shut down Monero, they can now freely create a custom built computer specially designed to mine Monero and because the devs don't know about it, they have no knowledge about the necessity to fork it.
It is impossible to build a custom computer for mining monero because monero's proof-of-work function is optimised for attributes of general-purpose processors (superscalar execution, speculative execution, etc). By creating a computer to specifically mine monero, you will effectively need to recreate every part of a CPU, and the end product will not be able to compete with off-the-shelf CPUs which are just accessible to everyone and employ much larger economies of scale in their manufacturing.
See https://github.com/tevador/RandomX/blob/master/doc/design.md
This is not the case in bitcoin, which uses a special-purpose proof-of-work function and is reliant on a handful of large players (antminer, etc.) to produce mining hardware. Intel is working on Bitcoin ASICs (https://www.intel.com/content/www/us/en/products/docs/blockchain/custom-asic-product-brief.html) what happens if the government decides to withhold those ASICs from the public, or only allow them to be sold to certain licensed businesses that agree not to mine blocks with transactions the government doesn't like. With the censorship of Tornado Cash, this is more likely than you might think. What is stopping the government from doing the same to coins mixed with CoinJoin?
Furthermore, what stops some dominant ASIC manufacturer (or their host government) from planting a backdoor in their miners that allows them to take over the bitcoin network?
Monero has low transaction fees.
Because hardly anyone uses it
Monero has low transaction fees because it has an adjustable blocksize and it uses bulletproofs+ for privacy which has a decent tradeoff between transaction size and privacy. The monero transaction rate has only continued to increase since inception: https://bitinfocharts.com/comparison/monero-transactions.html
Every currency in human history has been totally private, so we have no other similar disaster scenario to even compare this to
And then I linked an article which described huge structures that were spent by declaring the spend to the entire island rather than being physically moved anywhere. So we do have something to compare it to. That was my only point. That we do have something to compare it to, the rest was simply an explanation of what it is.
As far as the coinjoin thing goes, I am well aware of Wasabi, their move was very unpopular, as a result a lot of people stopped using them. Also, hey we have payjoin too: https://en.bitcoin.it/wiki/PayJoin
Now with the blocksize thing again. Don't forget we're talking about storing 13 years of transaction history. Thing takes up 1TB. Its ironic to bring up Sybil attacks since more people being able to host their own node keeps Sybil attacks at bay. On the topic of blocksize and privacy, there is a large Elephant in the room that has not been brought up and its name is Lightning, as in the Lightning Network. Taproot introduced the ability to make Lightning Network channel establishment transactions look the same as any other on-chain transaction.
Just to foot stomp one more time, this is more about being unwilling to accept the tradeoffs of bulletproofs than it is about how private Bitcoin actually is. That is the priority. If the ability to ensure the network is not absolutely broken can not be assured, then the privacy of those broken transactions don't really matter.
Bloat is not the only source of vulnerabilities. Cryptography itself is not forever. Just look at all the issues people have found over the years for RSA: https://www.sjoerdlangkemper.nl/2019/06/19/attacking-rsa/
Satoshi even worried that at some point SHA1 could have a mathematical method for solving for hashes in the opposite of the intended direction if mathematicians were given enough time (even if that time is 100 years) to figure it out. Auditability means that if a mathematical flaw is found, a fork to a more secure method is reasonable.
You also don't need to hard fork to remove the current features of Bitcoin. All of Bitcoin's upgrades have been soft forks and as such version 1 still works just as well as version 23 if that is the node you prefer to run.
It is impossible to build a custom computer for mining monero because monero's proof-of-work function is optimised for attributes of general-purpose processors
This is worse. General purpose processing manufacturers have a limit to CPU core numbers that are worthwhile to market to the general populace, but a government military computer made for general processing could be repurposed after it gets done with its attack to do whether simulations or advisory communications cryptography cracking. Knowing this means attacking Monero would be a side project rather than the main goal of building such a computer that might simply be used one weekend to ensure the success of one mission and go back to what it was made to do before the mission afterwards, saving the government money.
what happens if the government decides to withhold those ASICs from the public, or only allow them to be sold to certain licensed businesses that agree not to mine blocks with transactions the government doesn't like.
When speaking about governments, you always have to ask, which government? Is there an adversarial government which might benefit from undermining the plans of another government? The answer is typically yes. Remember, you need 51% of that hash power, to either mine empty blocks, or reorder transactions (double spend). We also already have examples of mining pools which only mine OFAC compliant blocks. Those pools have to compete with pools who do not mine OFAC compliant blocks. Even if delayed, someone will mine the block with your OFAC rebellious transaction and if that transaction is a lightning network channel establishment, you don't worry about miners for a while. Perhaps you would then payjoin and get out of the OFAC eye altogether.
I would like to foot stomp again, that the priority is the unwillingness to accept the negatives of bulletproofs, than it is about privacy, which we can figure out given enough time.
Furthermore, what stops some dominant ASIC manufacturer (or their host government) from planting a backdoor in their miners that allows them to take over the bitcoin network?
Flashing your ASIC with a hash verified OS.
https://braiins.com/os/open-source
Which I'll grant you does not stop a hardware backdoor, but hardware backdoors can't be updated with the newest OFAC rules the same way software backdoors can, and if the hardware backdoor injects code into software, then it increases its chances of detection. I would love to see more tools for auditing hardware backdoors though.
Anyway, its weird you bring up this point and even talk about Intel, when Intel CPUs are being used to mine Monero...so its just the same situation.
The Monero transaction rate has only continued to increase since inception:
https://bitinfocharts.com/comparison/transactions-btc-xmr.html#3y
Yeah that one is Bitcoin transactions and Monero transactions on the same chart as each other. This is what I mean by no one uses it. Monero has not been tested to its limits the same way that Bitcoin has.
Its ironic to bring up Sybil attacks since more people being able to host their own node keeps Sybil attacks at bay.
Those extra nodes are worthless because they cannot mine or combat double-spending in any real way. They do not meaningfully add to the decentralization or security of the network. The ASIC miners that actually secure the network can afford a single TB of hard disk space- it is insignificant in the total cost of their operations.
there is a large Elephant in the room that has not been brought up and its name is Lightning
The LN is not a privacy system just because it does not explicitly publicize the total transaction history, it leaks metadata to discovering parties. I don't know of a single lightning implementation that uses a separate "stealth" network that could actually facilitate private spends. Even if there is some more private mechanism for the LN that I am overlooking, everything is connected to the non-private L1: that is to say that you must fund the channels somehow, likely with KYC/AML coins.
Knowing this means attacking Monero would be a side project rather than the main goal of building such a computer that might simply be used one weekend to ensure the success of one mission and go back to what it was made to do before the mission afterwards, saving the government money.
It's largely irrelevant since the vast majority of the world's computing power is in personal computers, not supercomputers.
We also already have examples of mining pools which only mine OFAC compliant blocks. Those pools have to compete with pools who do not mine OFAC compliant blocks.
In this hypothetical scenario, the gov. is restricting the use of new ASICs, so those non-compliant miners would be using old hardware and would eventually get out-competed by complaint miners with newer hardware and higher hashrate.
Perhaps you would then payjoin and get out of the OFAC eye altogether.
PayJoin is an interesting idea though, I'll look into it.
Flashing your ASIC with a hash verified OS.
Does not work. Whoever creates the ASICs can plant whatever backdoor they want as a variant of the evil maid attack. It's not necessarily a given that you will be able to detect or counteract that. "Flashing a verified OS" is only verifying everything above ring 0, this goes deeper than ring 0.
Anyway, its weird you bring up this point and even talk about Intel, when Intel CPUs are being used to mine Monero...so its just the same situation.
And AMD CPUs, and ARM64 CPUs, and POWER9 CPUs, etc. There is enough diversity in the CPU market to avoid this type of catastrophe.
Are you really gonna make me do this?
Its shitcoin slaying kind of day I suppose.
First of all, every commodity based money, but Bitcoin is not commodity based money (obviously) neither is Monero. Bitcoin (The gold standard from which all shitcoins have forked) is ledger or account based money
https://www.bbc.com/travel/article/20180502-the-tiny-island-with-human-sized-money
It would seem as though Bitcoin was inspired by F.A. Hayek's ideas:
"That's why I'm now pleading, for what I've called 'Denationalization of Money.'
While governments can stop people from issuing money, they can hardly stop them from opening accounts in something. After all, in the modern world, hand to hand money, coins, and paper, is no longer the most important. Credits and credit cards are substitutes.
So I think we can forget about existing money, and existing banks, and open a system of accounts which will displace money" --F.A. Hayek.
A system of accounts. That's what Bitcoin is. Now we have coinjoin collaborative spend implementations which do a level of privacy and I think we could have serious discussions about making Bitcoin wallets default to a coinjoin.
The creator of Bitcoin also intended for Bitcoin to have a casino in Bitcoin core, which proved to be bloat. Satoshi was really just a guy who figured out how to combine hash cash with bittorrent to create a system of accounts. The fact that bulletproofs have not been implemented in Bitcoin is due to the necessity to audit the main chain:
For things like a value overflow incident: https://en.bitcoin.it/wiki/Value_overflow_incident
To detect chain splits:
https://github.com/bitcoin/bips/blob/master/bip-0050.mediawiki
We want to achieve privacy, but we want to do it in the most sound and secure way possible
The government wants to shut down Monero, they can now freely create a custom built computer specially designed to mine Monero and because the devs don't know about it, they have no knowledge about the necessity to fork it. A double spend occurs, and Monero does not have the auditability to detect it, and so the government decides that for a specific strategic mission where they need to delay or keep away forever some transaction, they just mine empty blocks forever and Monero will reward them for doing so, because transaction fees do not mean anything.