I don't know if Darkcoin is designed to allow you to send over Tor.
Even if it is, Tor will not hide your IP reliably from snooping agencies. Tor is better than nothing, but there are designs which can hide your IP absolutely and reliably. I don't think anyone has implemented such a design yet for the way we need to use it.
There is a Sr. Member who posted couple of functional DRK Tor nodes a few pages back. Any coin using the bitcoin source can Tor
darkcoind --help
needs to use it. So it needs to be turned on by default. Because as the participants in your Darksend mix lose anonymity, then you lose anonymity too even if you used Tor.
The only feature of Darkcoin is claimed anonymity now correct? The cpu-only aspect is crossed out on the web page.
Thus shouldn't your anonymity be actually stronger otherwise an altcoin is simply going to do it better than Darksend.
Don't worry about Zerocash, it takes 9ms verification per transaction (Zerocoin is 500msec). That won't scale. Your competition won't come from Zerocash. It will come from another altcoin.
Higher end CPUs still mine nearly as well as the GPUs do. I don't think anything says "CPU only" anymore.
Would you feel Darkcoin is threatened if another altcoin has true cpu-only and very strong anonymity?
Any way I am happy to read below you are thinking about how to improve the anonymity. Your prior reply had me worried that you actually wanted to make it weaker on purpose. Now I see you are open to improving it.
That is 2012 document. Many think NSA has control over most or many of the nodes on Tor. Remember these servers cost a lot of money and who is providing that for free and getting nothing in return?
Warning FAQ: Tor doesn't protect you from a global adversary:
https://tails.boum.org/doc/about/warning/index.en.html#index7h1http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29#Exit_node_eavesdroppingI was thinking more about Divide and Conquer, I believe it's vulnerable to Sybil attacks. I don't think you can do decentralized DarkSend without collateral, otherwise what would stop 100 nodes from taking up 80% of the spots per DarkSend session and forcing the divide and conquer algorithm to go 20 or 30 levels before filtering them out (EVERY SESSION)?
Agreed it is. I think I had figured that out before when I mentioned it in the CoinJoin thread and dismissed it. I apparently forgot that since.
I have a new idea for you. You could force each input to be accompanied by an anonymous proof-of-work that costs considerable computing time. Then move the collateral payment to accompany outputs stage.
I think most users wouldn't mind expending 5 minutes computing time before they send a mix transaction.
I have another idea as well. On failure only, every input into the mix could reveal which collateral payment they sent in the output stage, so you can isolate the input that was the adversary. Then you blacklist that input. The inputs anonymity is destroyed because no mix transaction was completed. But how can you blacklist system wide? How can you trust that node didn't lie just so it could blacklist someone's coins?
Of course I want something that is as secure as possible. But there are lots of trade offs that need to be made to ensure that most users needs are covered while keeping usability at it's maximum.
Using a PoW like that was one of my first ideas to protecting against a Sybil attack
So what is the cost?
There must be a cost to using this anonymous network, otherwise like you say there will be issues with millions of accounts popping up. I’m not dead set on which solution(s) to implement, but here’s a couple ideas:
Burnt Identities
Higher difficulty shares to the current block would be mined and then stored in the blockchain permanently. Multiple of these would be used for each transaction and would be “burnt” when misused, causing the attacker to have to mine them again.
The problem with PoW type solutions is the NSA and other powerful entities would have cheap access to large amounts of processing power. Plus, making a user do that hinders the usability of the product.
I like collateral transactions because it accomplishes the same thing and they can be increases to a point where attacking the network becomes way too expensive to do efficiently. Plus, if someone was attacking the network we could ban their collateral inputs by tracing the payments back to the source and isolating them individually.
