Pages:
Author

Topic: Can someone really explain which coins are truly anonymous? - page 2. (Read 3101 times)

hero member
Activity: 770
Merit: 629

I asked this several times: can someone who knows, explain whether Zcash has *obligatory* anonymity (with or without optional disclosure), or just *optional* anonymity ?


due to the amount of recources it needs to create such a zcash transaction i dont think we will see a system where it is mandatory that soon.

This I also understood, and then when I tried to read the white paper, this doesn't occur in the text as far as I can see.  I only see transactions with "notes" (which are anonymous) and "in the clear" coin transactions, in such a way, that you cannot have an "in the clear" input and an "in the clear" output at the same time, which makes me think, that after all, it is mandatory.

So I'm kind of confused between "it is too complex to do for every transaction" on one hand, and in the white paper, there is no other way than to do it that way.  But maybe the white paper is ONLY describing the optional, heavy, anonymous transactions, and maybe there are simple "in the clear" transactions next to it.  But I couldn't find that information on the zerocoin site (I may simply not be looking in the right place).
newbie
Activity: 23
Merit: 0
Anon coins like dash and monero are not 100% anon? I thought they are all 100% anon.
sr. member
Activity: 453
Merit: 500
hello world
monero is truly anonymous, or zerocash which is coming, all those that use zero knowledge proof are real anon, bitcoin is only half anon instead

I asked this several times: can someone who knows, explain whether Zcash has *obligatory* anonymity (with or without optional disclosure), or just *optional* anonymity ?

Monero has obligatory anonymity, and optional disclosure.

It is very important to have obligatory anonymity or the anonymity isn't worth much.  This is also (amongst others) a problem with DASH for instance.  Anonymity must be "normal" and "by the masses not needing it" in order for it to work.  If only people needing it, use it, they stand out in the clear as needing anonymity.



due to the amount of recources it needs to create such a zcash transaction i dont think we will see a system where it is mandatory that soon.
sr. member
Activity: 476
Merit: 251
Another good crypto note to look out for is DigitalNote since it offers the same ring signature transactions as monero as well as anonymous encrypted messaging.

Although I must say that it is ridiculous to expect a coin to be 100% anonymous. That is impossible and anything close to it would need tools that have nothing to do with crypto currencies.
legendary
Activity: 3318
Merit: 1133
Leading Crypto Sports Betting & Casino Platform
And the thread became a country war using a keyboard.

Maybe a change in the thread title will make this informative.  Tongue
hero member
Activity: 770
Merit: 629
monero is truly anonymous, or zerocash which is coming, all those that use zero knowledge proof are real anon, bitcoin is only half anon instead

I asked this several times: can someone who knows, explain whether Zcash has *obligatory* anonymity (with or without optional disclosure), or just *optional* anonymity ?

Monero has obligatory anonymity, and optional disclosure.

It is very important to have obligatory anonymity or the anonymity isn't worth much.  This is also (amongst others) a problem with DASH for instance.  Anonymity must be "normal" and "by the masses not needing it" in order for it to work.  If only people needing it, use it, they stand out in the clear as needing anonymity.

hero member
Activity: 770
Merit: 629
...

This was a good read, thank you.
Just I am not sure, this is how all Cryptonote coins work, or only Monero? Or it is the RingCT they want(ed) to implement lately in Monero?
However, it sounds good.

This is cryptonote.  RingCT is even more subtle: it also hides the amounts in the transaction, which was still a "privacy leak" of some sorts in the original cryptonote protocol: you could still see in the clear the *amounts* of transactions, which could be correlated with real-world purchases or earlier amounts. 

legendary
Activity: 2590
Merit: 1022
Leading Crypto Sports Betting & Casino Platform
monero is truly anonymous, or zerocash which is coming, all those that use zero knowledge proof are real anon, bitcoin is only half anon instead
newbie
Activity: 2
Merit: 0
well, i thing if we talk about coins, its not about "who first" my friend but this about "who highest value". well as i know bitcoin was first. why??? because nakamoto must call lawyer to proof his self his not develope bitcoin at first time  Smiley Smiley
legendary
Activity: 1106
Merit: 1000
I'm fully aware of the global surveillance but I feel like some here have a Snowden complex thinking their every move is tracked...Sorry to tell you but your 10 bitcoins of Dash are not an NSA priority....dicks
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
...

This was a good read, thank you.
Just I am not sure, this is how all Cryptonote coins work, or only Monero? Or it is the RingCT they want(ed) to implement lately in Monero?
However, it sounds good.
hero member
Activity: 770
Merit: 629
You are right about the resources, but Anon or Vpn make little difference,

I don't believe that.  If it were, they wouldn't fight it.  It would be the perfect honey pot.  Let people have TOR, let them have VPN, and let them think they are safe, and we can just read what they do and go after them.  The more TOR, the merrier for TPTB under your hypothesis.  While you're right that these tools only give limited protection, it DOES piss them off.

(unless we have to anticipate them more, and they will "fight" it, just to *seem* pissed off, and then they will "lose" the fight so that people REALLY think that they are safe, while all TOR traffic is immediately without cost decripted, sourced, and analysed by them, laughing their asses off).

My bet is that it DOES annoy them for sure.

BTW, as far as I know, TOR was NOT compromised as such.  TOR was DDossed which allows for some time correlation analysis if you happen to use TOR at that moment and one is watching your connections, but this is proper to any low-latency system, and TOR itself tells you that this kind of stuff is outside of their threat model even though they are now working on mitigating it to an extend.


hero member
Activity: 770
Merit: 629
Imho the Cryptonote coins are the closest ones to anonymous nowadays. There's Monero and many more.
Afaik they do the mixing using random other nodes from the network, so the chance they are compromised is slim.
Just you have to set in your transaction a high enough mixin. Afaik Monero enforces now at least 3, I don't know about others.

It is a common misconception that monero is some "automated mixing without masternodes".  It is more subtle than that.  
As you probably know, in bitcoin, a transaction consists of saying which input transaction you use (by indicating this explicitly, and by signing with a signature of the secret key that goes with that former transaction output).  In a mixer, you make a transaction with several inputs *which are all really used*, but you pay back the same sums to the owners in new addresses.  In other words, you have, say, 3 inputs A, B and C (of identical amounts) and you produce 3 outputs (of same amounts) D, E and F.   The mixer doesn't say whether D came from A, from B or from C, but is is one of the three.  However, you KNOW that amongst D, E and F, there is A *FOR SURE*.

In a cryptonote transaction (such as used with monero), what happens is that there is a transaction from { A , B OR C} to D.  You have no idea whether A actually went somewhere.  A could very well NOT be used.   It could in fact be B who made a transaction to D, and A never moved his funds.  It is just that the original transaction, and the signature, were obfuscated in a ring signature scheme where two other random signatures (A and C) were picked from the block chain.

Note that there is no "mixer node" or anything involved.  The transaction sending wallet on your computer is the one using the extra signatures that it picks off from the block chain to compose a transaction containing this ring signature, composed of your real signature, and a few others picked from the block chain at random. (*)

So while the big difference is that in a mixer, {A, B, C} to {D, E, F} guarantees you that A moved his funds to one of D,  E or F, with a ring signature, if there is a transaction {A, B, C} to D, you have no idea whether A, B or C was the one moving his funds.  You know that 2 of the 3 are randomly picked signatures which have nothing to do with this transaction.

This makes "coin couloring" impossible, and makes all coins equivalent.
Indeed, suppose a "thief" has stolen funds in address B.  Suppose that exchanges and other people don't want the thief to use his funds.  They can now refuse all coins that have a transaction history including B.  Even if *you* wouldn't mind accepting them, YOU would be the one not able to spend them afterwards, so you are somehow obliged to boycott the "thief" too. Suppose that that thief uses a mixer.  You now know that D, E or F are the thieves' funds.  Now, idiots who mixed with the thief in the mixer can be punished, because you could now say that D, E AND F are boycotted.  Nobody is going to be willing to mix with the thief.  One could, in the end, implement a soft fork where transactions with a history leading to B are made non-accepted.

Consider the same story in monero.  The "thief" has his funds in B.  But just *any* transaction can randomly select B's signature to obfuscate just ANY transaction.  So a transaction where B's signature occurs, and which COULD possibly be B moving his funds, will UNAVOIDABLY occur, even if the thief doesn't do anything.  Sooner or later, his signature will appear, say, in a transaction G.  And somewhat later, the signature of G will also be randomly selected for another transaction H.  And so on.  After a while, MANY transactions will be "contaminated" by B's signature or its descendent transactions - while in reality, the "thief" may still hold his funds in B.   If we "block" all descendants of B's signature, then we end up blocking most of the transactions, while those have nothing to do with B.
So the longer you wait, the more B's signature will occur somewhere in the potential pasts of just any transaction, and there's no way to block B, even not with a soft fork.  This is what makes monero essentially fungible (which comes down to making past payments anonymous).

(*) you may ask how it comes that you need your private key to make a signature of your transaction, and that you can "pick random signatures off the block chain" while of course you don't know the private keys (but only the public keys which are the addresses).  This is the magic of ring signatures.   A ring signature needs ONE private key, and N-1 public keys, to fabricate a ring signature R.  Someone who has the N public keys (but no private key) can verify that there was a private key used to fabricate R, but he doesn't know WHICH of the N possible was the private key, and which were the N-1 public keys.  While only you have your private key, you can pick as many public keys (addresses) from the block chain as you want.
There's more to it, but this is the gist.
newbie
Activity: 29
Merit: 0
Quote
Time for the weekly update from the Team.

When we last reported I had completed the first cut of the brand new Anonymous Transaction System. This week I have been focusing on refining the first cut of code to make sure everything is accounted for and there are no possible errors. Everything seems to be working great so far and I have sent a bunch of successful transactions over the test net!

For anyone wondering how our anonymous system works, I would like to attempt to explain it. We are unlike any other Anon Crypto in the market and we are definitely not just DASH with extra bells and whistles as has been quoted in this thread. Hold on to your hats, this is the definitive answer of how our system works. It's complicated (and long sorry) but its important..

Instead of sending coins directly from Address A to Address B (like a regular Bitcoin), or from Address A through Addresses X,Y,Z to Address B (like a mixer or Dash), our system uses double encryption and a secondary block chain (Nav Subchain) to securely and fully anonymously send transactions through our network. From a user perspective its very easy to use. All you have to do is tick the "Send NAV Anonymously" box and click send. There's no pre-mixing, there's no command line gobbledegook. Just tick the box and press send.

When you choose to perform an anonymous send, firstly your wallet asks one of our Anonymous receiving servers via HTTPS for a short lived RSA public key. Address B is then encrypted by your wallet with the public key the receiving server sent. Address B is never broadcast from the Address A's wallet over the network in an unencrypted stated, not even over HTTPS which has been proven to be vulnerable (read: heartbleed). If you understand about RSA Public / Private keypair encryption, it is by nature asymmetric. The public key which we send out can only be used for encrypting. The public key is physically incapable of decrypting data so there's no security issue with broadcasting the public key to Address A's wallet over HTTPS. Only the server which issues the public key is able to decrypt with the private key, which never leaves the server and which are periodically deleted. So after a short period of time, it is literally impossible even for the server which sent the public key to decrypt Address B.

Once Address B is securely encrypted by your wallet, the coins are then sent from Address A to a wallet address owned by the Anonymous receiving server which provided the RSA Public Key to your wallet. The encrypted Address B is attached as an extra argument on the Nav Coin block chain transaction itself. There are no sql databases involved, all data storage is happening on the block chain and by the very nature of how block chains work, is decentralised.

When the receiving server sees the unspent Nav transaction in its wallet, it decrypts attached Address B with the private key which matches the public key it sent to Address A's wallet, then communicates to one of the Anonymous sending servers to repeat the initial task. It asks the sending server for its own short lived public RSA key which the receiving server then uses to re-encrypt Address B. The receiving server then creates a random amount of randomly valued transactions NOT on the Nav Coin block chain but on the Nav Subchain (which is an entirely separate block chain). These transactions all have a freshly re-encrypted version of Address B attached them and are sent to random addresses owned by the chosen Anonymous sending server.

When the sending server sees the unspent Nav Subchain transactions arrive in its wallet, it decrypts attached Address B, adds up the transactions, re-randomizes the number of transactions and transaction values and creates them as real Nav Coin transactions back on the main Nav Coin block chain. These coins are taken from an existing pool of Nav Coin which are stored on the server and are not the original coins sent from Address A.

In fact, the Nav which Address A sent are only ever used to replenish the Nav pool on the sending server for future transactions, they are never used in the same transaction chain as what end up in Address B. This is how we explicitly break the link between Address A and Address B on the Nav block chain.

Think of the Subchain as a transaction director rather than actually performing transactions itself. Receiving severs use the subchain to instruct the sending server who to send Nav to and how much to send.

The reason we use a Subchain as the transaction director between servers is that it maintains all the advantages of a decentralised block chain and none of the risks of relying on a corruptible, hack-able database server or direct (read: intercept-able) communication.

If someone were to literally burn our anonymous servers to the ground, as long as there is still a copy of the Nav Coin and Nav Subchain block chains out there somewhere, we can restore their wallet.dat(s) to new servers and they will resume exactly where they left off at the oldest unspent transaction in their wallet. Ahhh, the beauty of block chain technology! I don't miss the horrors of MySQL for one moment!

I've drawn this diagram as a (over) simplified way to visualise what I am talking about:

http://i.imgur.com/saHxf5T.jpg

The important points to remember are that the sent Nav and the received Nav can not be transactionally linked on the same block chain. Any information that is transmitted along the subchain is randomized and re-encrypted so it can not positively identified as connected to the original transaction on the Nav block chain. All encryption keys are only used for a short period of time and then deleted, making all expired transaction records impossible to decrypt.

I know this is confusing as hell if you're not a tech-wizard, Sophia and Mark are working on a layman's translation of this information for a press release as we speak.

For those who weren't around for the last iteration of the Anon system, here is what an anonymous transaction looks like in the transaction history:

http://i.imgur.com/PZSN9Nr.png

You can see at 28/08/2016 20:22 I send 100 NAV to address NegpeVty... (an anonymous receiving address) and then at 28/08/2016 22:13 I received 7 transactions of various amounts which total to ~99.4 NAV (100 - 0.5% anon processing fee - regular transaction fees).

If I open the transaction details of the sent 100 NAV you can see the encrypted Address B (which in this case was my own address) attached here to the block chain transaction as 'anon-destination':

http://i.imgur.com/p3anzYr.png

You will notice these sent to and receiving transactions are nearly 2 hours apart, this is only because I am running the Anon network in test mode where I am manually inspecting and running the scripts while I debug and refine the code. In reality it would be a maximum of around 5 minutes between Address A sending and Address B receiving.

In regards to my progress, you can see here I have successfully sent and received transactions through the new Anonymous network. I am finishing my refinements this week and myself and Shahim will begin to deploy and test this on the live network next week. Once we are happy the live network is operating without a hitch we will open it to the public for use. We have not set an official launch date yet as we do not have crystal balls to predict what problems may arise when we begin live testing. We will keep you all posted with our progress and attempt to release the live network as soon as is practical and safe.

Once the new anon scripts are live, I think that will jump us to approximately 80% complete on the decentralisation project progress. I will immediately continue to work on that with the intention of getting that released as soon as possible. Hopefully you can see that the nature of the technology is very complex in itself and when you combine attempting to safely decentralise the system, it becomes exponentially more difficult. However, I believe that I am very close to a working solution for decentralisation and am confident that I can get it out there within a reasonable timeframe.

In the mean time, Soopy has been working on a fix for some of the syncing issues users have been reporting on the desktop wallet as well as investigating the compiling issues of the OSX wallet. Soopy and Shahim have been testing the thin desktop client which we also hope to release soon. Sophia, Mark and Strugg have been working hard on our marketing strategy, preparing press releases and marketing materials for our upcoming feature releases (thin client, mac wallet, anon-relaunch and decentralisation).

Everyone is working hard to pull this all together and we are glad to have you all along for the ride as supporters, investors and friends.

Till next week, please keep the questions coming and we will endeavour to answer them all.

Talk soon,
Craig.


legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Imho the Cryptonote coins are the closest ones to anonymous nowadays. There's Monero and many more.
Afaik they do the mixing using random other nodes from the network, so the chance they are compromised is slim.
Just you have to set in your transaction a high enough mixin. Afaik Monero enforces now at least 3, I don't know about others.

For Dash afaik you have to trust the masternodes that do your mixing are cont compromised.
For Bitcoin mixers you have to trust the mixer and I heard discussions that mixing too big amounts is not really possible / untraceable.
And there are other coins I don't know of.

Now, I just have some ideas on how these coins work, you should really check on the coin's ANN thread for more detailed and better explanation.


Also it doesn't matter which is 100% anonymous if your OS is tracking you. So there are many more things to add up to achieve 100% anon.
hero member
Activity: 2814
Merit: 911
Have Fun )@@( Stay Safe
Thanks everyone for answering a question I didn't actually ask.


Is it so hard for people to put aside their agenda to answer a fucking question. I asked about the actual transaction nothing about IP addresses and postal addresses...damn. Did you think I thought a crypto currency would magically make my home address disappear? And who said anything about using a bank account?

Here in bitcointalk you could hear a variety of answers  Grin hope you found the answer by now,in my opinion Monero ,Digitalnote,Zcash, bikercoin are billed as untraceable currencies. I would prefer Monero if i want to make an untraceable transaction.
member
Activity: 113
Merit: 10
DopeCoin Is Here Join the Revolution!
can you dev a coin with a fork from inception? if you can then why dont  they
legendary
Activity: 1092
Merit: 1000
Although I agree with most of what you say in principle, you should also see the other side of the medal.  Even though TPTB have a lot of resources, their resources are not infinite, and every anon technique costs them a finite amount of resources to deal with it.  In the end they will go broke if they will try to go after everyone, in the same way the soviet empire collapsed.
The biggest problem is not so much TPTB, but rather the immense herd of brainless people not realizing this.

Compare it to downloading copyrighted movies.  If you do this open in the clear, you get trouble.  If you use a VPN, the effort to track you is most of the time too much of a hassle and too little gain for them to annoy you.  But don't use a VPN to organize a killing of a US president of course.

This is why you should consider your threat model.



You are right about the resources, but Anon or Vpn make little difference,
The only real protection is the one that comes from not standing out, being part of the biggest amount of users as possible in plain sight,
in other words , so much data is collected unless they have a reference point to cross reference you & your activities , it will go unnoticed no matter what you do.

The enemy of privacy has always been the cross referencing.

Using Tor or Anon will be a reference point, that is used in cross referencing your activities.
(It will act as a spotlight instead of camouflage.)
http://themerkle.com/fbi-can-obtain-a-warrant-if-you-run-tor-come-december/

To be anon, You have to get Fake IDs, setup a Fake Background, rent a place with the fake id & use the fake bank account you setup.
Don't forget to be in disguise during all of this, and get out of their before your activities bring in the Gov Officials.
And if you do all of that it does not matter what coin, you use , because the only thing you really care about, them finding out who you are is anon.
True Anon is a Life Style not something a coin can give you.

 Cool
hero member
Activity: 770
Merit: 629
But surely there is a way to circumvent them? Use a VPN that does not log your activity, use Tor or I2P, use a darknet email or a fake email, stop using banks and use only bitcoin, and then get a PO box. I know there will be holes where the authorities could catch you but if you are careful and keep track of your anonymity religiously you can do it.

VPN are Traceable, Tor has been compromised ,
To even Buy a Large Volume of BTC requires your ID, the exchanges track you.
PO boxes required multiple forms of ID including Photo.

What about the fact you are all living in a Police State / World , do you not comprehend.
Everything warned about in the Books 1984 & Brave New World has either already happen or happening as we type.

These Systems were engineer from the very beginning to Spy on you.
Internet protocol was designed by ARPANET but funded by Defense Advanced Research Projects Agency (DARPA)
Tor was designed by U.S. Naval Intelligence

The only way to circumvent a system designed to track you is not to use it when you don't want to be tracked.  Tongue

 Cool

Although I agree with most of what you say in principle, you should also see the other side of the medal.  Even though TPTB have a lot of resources, their resources are not infinite, and every anon technique costs them a finite amount of resources to deal with it.  In the end they will go broke if they will try to go after everyone, in the same way the soviet empire collapsed.
The biggest problem is not so much TPTB, but rather the immense herd of brainless people not realizing this.

Compare it to downloading copyrighted movies.  If you do this open in the clear, you get trouble.  If you use a VPN, the effort to track you is most of the time too much of a hassle and too little gain for them to annoy you.  But don't use a VPN to organize a killing of a US president of course.

This is why you should consider your threat model.
legendary
Activity: 1092
Merit: 1000
Some replies here are such bullshit. Not everyone lives in the US under the NSA. Of course if the coin is untraceable you can send end to end anonymously. Walk into any PC room in Asia and send for one thing. You sad sack of Yankee fucks.

You're really just not bright at all are you.

Read the News about the FBI arrests on dummies that thought they were safe behind Tor.
Hell, Kim Dot.Com even lived in a foreign country and the US went after his ass.
There are places where the US does not even contact the local authorities they just go in and snatch your ass and bring you to the US.
There are court orders to arrest foreign people who have never even been on US Soil.

Are there Cameras in your little Asian PC room , did you pay with credit card, were you smart enough to mask the network address of your ethernet or wireless device which can lead to the serial number of your PC and be used to track every single IP , it ever connected too.
Is there anyone in that little cafe , that knows who you are, what you drive , or the times you come in.
Did you make sure the NSA firmware was not on your Harddrive before you even purchased it, that will id your system and give them a backdoor in.

No you think just because you use a coin that claims anon , you are safe, No but you are stupid.
Which exchange did you buy that anon coin, that tracked your IP info, did they require ID & Email ,
or even if you purchased it from someone on the street , you don't know if they are selling your information or not.
http://themerkle.com/ever-heard-of-an-a-i-bot-being-arrested/
Quote
A bot created by Carmen Weisskopf and Domagoj Smoljo was arrested last year by Swiss authorities.
The bot, who is being referred to as RDS, or Random Dark net Shopper.
The bot journeyed deep into dark net, purchasing and ordering illegal goods on dozens of markets.
The bot even went as far as sending items back to the original shipper just to show off.

Believe what you want, but hear this , Anon coins won't protect you at all.
You actually probably be more anon wearing a disguise and paying with fiat or gold (without serial #s) than any online crypto.

 Cool  

FYI:
And don't think for a second that the other Countries like China are not doing similar reconnaissance on all Cyber activities.
http://www.salon.com/2013/10/26/12_other_governments_that_enjoy_spying_on_their_citizens_partner/
Quote
3) China

China spies on its own citizens — that’s no secret. The country has a vast digital empire to perform such tasks. But the domestic spying has gotten so out of control in China that its public officials are even spying on each other. Many Chinese officials have found wires in their offices and cars. Some have even found them in their showers. Communist Party member Bo Xilai went as far as wiretapping the president. Before meetings, Chinese officials now often hug so they can pat each other down.
https://www.hrw.org/news/2011/09/22/why-are-people-disappearing-china
http://www.theguardian.com/world/ng-interactive/2016/jun/09/the-disappeared-faces-human-rights-activists-china-silence
Pages:
Jump to: