reply on: Is ecash private enough for dark markets? \ stacker news ~privacy

pull down to refresh

34 sats \ 2 replies \ @supertestnet 12 Jan \ parent \ on: Is ecash private enough for dark markets? privacy

Those criminals were caught in your first link because of the fiat on/off ramps they were using

Link?

and feds in their groupchat

Source?

All it does is let's you see the Monero blockchain which you can already do with any Monero block explorer

It also does this: for about one in five transactions, it automatically eliminates every decoy spender and heuristically identifies the real spender. It does this by exploiting weaknesses in monero's decoy selection algorithm that are widely known in the monero ecosystem and actively being fixed, e.g. through FCMPs. I've never seen a monero block explorer do that.

vast majority are using custodians and LSPs

Do you have evidence of this?

which both diminish Lightnings privacy guarantees

They have tradeoffs. The custodian or LSP knows additional data about your transaction; everyone else knows less data. Some LN custodians and LSPs have really good privacy policies (e.g. most ecash mints) and that is possibly why some LN users prefer to use them rather than do all the work themselves.

Using a remote node on Monero, behind Tor/VPN, is much more accessible

And much less private. P2P traffic is not encrypted on monero so in addition to seeing all your transactions (which, in monero, expose a lot of your data), your peers also get extra data about where a transaction originated. Dandelion helps with this, but it's not foolproof. P2P traffic ought to be encrypted imo like it is on lightning, so that your peers cannot see whether the message you are sending is a transaction or a probe or something else. (You know, like we do in lightning.)

13 sats \ 1 reply \ @yo2xncv0 15 Jan

The onus should be on the original people claiming that Monero was traced, but ok I'll play the game. All articles about the arrests mention credit card fraud and the Mercari e-commerce platform in connection to how they were caught (or give no details at all on how they "traced" Monero): https://u.today/100-million-yen-crypto-scam-exposed-via-monero-xmr-data-in-japan-organizer-arrested https://regtechtimes.com/18-caught-in-monero-money-laundering-scheme-in/ https://www.perigon.io/news/finance/2024/10/21/japan-arrests-18-monero-fraud-case https://cryptoslate.com/japanese-authorities-dismantle-monero-linked-scam-in-landmark-investigation/

Your tool doesn't "automatically eliminates every decoy spender and heuristically identifies the real spender". It's all manual guessing. It's a glorified Monero block explorer that you added buttons onto.

Some LN custodians and LSPs have really good privacy policies

You must be kidding. Privacy policies? Lol

You talk about encryption on P2P Lightning traffic as if it applies to the vast majority of Lightning users on custodians and LSPs. Using a remote Monero node reveals far less data to 3rd parties than custodial LN or LSPs, enforced by encryption (not privacy policies), and all without giving up custody to ecash mints.

Like I said the remote node can't see amounts, addresses, balances, true spend, etc: https://localmonero.co/knowledge/remote-nodes-privacy

21 sats \ 0 replies \ @supertestnet 15 Jan

Your tool doesn't "automatically eliminates every decoy spender and heuristically identifies the real spender". It's all manual guessing.

It's not all manual guessing, it automatically applies heuristics when possible. You can see an example in this video:

Note that I don't manually guess anything. I simply pick a transaction from a recent block and it automatically identifies the decoys: namely, every Possible Spender except #1 is (according to the automatically-applied heuristics) a decoy. #1 is the "real" spender.

The heuristic applied in that case is called Recency Bias and is discussed as a standard characteristic of monero's decoy selection algorithm in the excellent Breaking Monero series (see Episode 5).

The recency bias heuristic takes advantage of the fact that the decoy selection algorithm used in the most popular monero wallets is biased toward selecting keys from recently created txos (on the principle that actively circulating coins are more likely to be spent than old ones). When you have a group of "new coin" decoys, coins that are significantly older stick out like a sore thumb, and you can plausibly identify them as the real spender's coins.

Consequently, I didn't need to manually eliminate the decoys; my software simply noticed that every decoy in the example transaction was a recently-created txo, but there was one txo that was much older. That one stuck out and, per this heuristic, was the real spender, because it is very unlikely that the decoy selection algorithm would choose that txo.