Hi, I bought into drk back when it was .002ish, glad to be on board and am very excited. Have two questions though if someone has a second...
1) If darksend is anonymous and untraceable, how do I prove I made a payment to someone who says "they didn't receive it"?
He generates an address for you, you send him the money and you then check his balance in the blockchain for that specific address that the money arrived.
2) What's to keep the NSA or similar from hosting their own master node (or 10, they have the budget) and logging transactions that come through to defeat the anonymity?
When Evan started it, I don't think NSA-proofing was the goal. I don't know if it was even conceived as possible. The goal was to provide anonymity that would probably be good for 99.99% of the cases but perhaps beatable by an "adversary" as the NSA if they put the effort to it because they would be able to monitor networks, devices, emails, pretty much everything.
As the heat started rising with Anonymint's constructive criticism, and later on with Bytecoin ring signatures, the perception cultivated was that "Darkcoin's anonymity is weak". By "weak" = not NSA-proof, which is interesting because right now, as they all are, there is no single solution providing NSA-proof levels of anonymity (Bytecoin and clones not excluded) by itself and without extra measures being taken. Zerocoin would be the only solution to do that, but it has other issues.
As a sidenote: If you have to be the NSA to "crack" the anonymity, for all intents and purposes the solutions provided are good for 99% of the cases - like people not wanting their transactions being public, or citizens of some country (other than the US which lack NSA resources) who want to evade their government crackdown on cryptos.
Anyway, the solution that Evan thought to counter the issue of a large adversary controlling a number of nodes (beyond the negative incentive of 1000 DRK requirement), was to use multiple DarkSends through multiple nodes. This would require NSA to not control a few or the majority, but something like 90% of the network in order to be able to map the transactions. Because if the transaction hopped between, say, 10 nodes and 2 were not controlled, that would be an issue of losing track of the money flow.
I
think (haven't analyzed it - the specs change all the time) this solution was not eventually implemented in DarkSend (but I figure it should be an option if the alternative fails). Evan has now thought something different to do with this, and we are all weird on what it is. We'll find out...
