Monero attempting another attack on Dash PrivateSend Technology
This will be attempt number four or five i think ? (frankly i lost count over the years).
In this case we have Flenst, a person with ties to Monero where he did some translation work for them and
who seems to have a rather unsuccessfull history of trying to find attack vectors on Dash PrivateSend in the past,
according to comments in the reddit threads and according the title of his first reddit thread.
Flenst first started a reddit thread in our dashpay sub reddit a few days ago and then duplicated that thread into
the reddit CryptoCurrency forum yesterday. At no point was there made an effort by Flenst to contact Dash Dev Team
about finding a possible vulnerability in the Dash PrivateSend technology. Luckily this turned out to be not a vulnerability in code,
but more an issue with users using low number of rounds and throwing fixed known Dash addresses (exchange address for example)
at the start of the mixing process, thereby possibly leaking traceability.
The first reddit that Flenst started in our own dashpay reddit sub forum, got some 52 upvotes but did not reach hot status.
Which is most likely why a duplicate thread was created in the CryptoCurrency thread in order to get more attention to it (206 upvotes and a lot of negative off topic comments about Dash). Indicating this is more likely just another effort by Monero to discredit Dash PrivateSend.
Links to the two reddit threads in question :
https://www.reddit.com/r/dashpay/comments/bj7kh0/i_traced_a_privatesend_this_time_no_educated_guess/https://www.reddit.com/r/CryptoCurrency/comments/bkwat1/around_13_of_dashs_privatesends_are_traceable_to/Unfortunely for Flenst the 4 Round PrivateSend transaction which he stumbled upon and used as example on how traceable this
PrivateSend transaction really is, turned out to be a 2 Round PrivateSend transaction and also his methods of gathering information
turned out to be not completely accurate, according UdjinM6, lead developer of Dash.
Important to note is that Flenst was unaware that you can actually mix with just 2 rounds (default is 4 rounds, but you can set it to 2 rounds which gives you the weakest privacy all the way up to 16 rounds which gives you the strongest privacy).
If someone chooses the lowest possible number of rounds to mix (2 rounds), they should obviously be aware that they are
sacrificing privacy strength for speed (with just 2 rounds the mixing process takes a lot less time).
Also something that negatively impacts Dash privacy is the use of fixed, known addresses (exchange addresses for example),
which should be avoided by users at the start of the mixing process, as it pretty much cancels out the mixing process.
This is pretty much common sense, but still important to remember.
What can be learned from this, one may wonder ?
* To those trying to find attack vectors on Dash PrivateSend, they should really try consulting with the Dash Dev Team first for some basic fact checking, before making hyped threads like these on Reddit, as neglecting to do so will at some point undermine the orginal poster's credibility.
* To Dash users planning to use Dash PrivateSend : simply be aware when using the lowest number of rounds to mix (2 rounds), you will be using the lowest form of privacy on your PrivateSend transaction. Try to at least use 8 rounds of mixing to get some strong privacy on your transactions or accept that by lowering the number of rounds, that you will be having less privacy on your transaction. Also make sure you dont include fixed known Dash addresses (like exchange addresses) at the start of your mixing process and that your PrivateSend transaction amount does not exactly match the amount you had before you started to mix. At last, be informed that the CoinJoin mixing (which lays at the heart of Dash PrivateSend) can have a very low anonymity set, specially on smaller networks.
Thats all folks !
