Why risk off chain routing attacks when (some future non-existant) on-chain system can be made exponentially more secure, with greater scrutiny of the components parts (encryption) then some large and nearly impossible to analyze set of interconnected elements.
+1.
That snippet from smooth was entirely FUD. He has a category error is misequating Tor or I2P with all possible formations of off chain mixing. There are forms which are mathematically modeled.
2. Whereas with Cryptonote (and Zerocash) what needs to be unencrypted is neatly compressed with complete organization on the block chain, off chain routing can create mazes of extreme complexity. In the asymptotic case, the authorities would need to cross correlate every encrypted packet ever sent on the internet.
Only if things are implemented "properly" at every level. That is a huge assumption I'm not prepared to make with any of the current altcoin efforts. I'd rather rely on well-designed and well-vetted encryption.
I made that same point myself. Note you did not refute #1.
Implementations of large systems that require sending information around the internet to mixing nodes and such has a huge attack surface. Cryptography implementations are potentially orders of magnitude smaller (and Cryptonote really isn't that complex) so far, far easier to vet at a systemic level.
FUD per the above reply to robinwilliams and #6 below.
Granted the issue of quantum computing vulnerability is valid, but it likely to be a acceptable risk to a great many users, but not to you. Fair enough. Build something better.
You CN people keep trying to pigeon-hole my #1 it as quantum computing only whereas I have shown you that small characteristic discrete logarithms were cracked in 2013 and they speculate about moving to higher characteristics. You ignore the fact that differential cryptanalysis breakthrough in the past broke almost all known encryption at the time (1970s), and nobody knew it had been cracked for many years. Heck discrete logarithm might be cracked now by the NSA and they are not telling us. Thus being able to use multiple layer encryption methods is essential to any level of great trust for anonymity, because unlike for spending, anonymity needs to remain uncracked for a long time into the future.
3. Cryptonote has no IP obfuscation built in (yet), thus unless you are using Tor with it, the on chain anonymity is already cracked. Which means even if you use Tor, if the others in your anonymity set ring didn't use Tor, then you are de-anonymized. And even when Cryptonote adds I2P or Tor support by default, it isn't planned to be supported for mining, and those low-latency mixnets are shown in research to be vulnerable to timing analysis. There are mathematically characterized better designs for IP obfuscation for crypto-currency than I2P and Tor.
Tor is already supported for mining. There is no reason why you can't connect to a pool using Tor. Most pools require no registration, so any coins that go back to you via pool payments can't be traced to you by any mechanism other than attacking Tor.
I said built-in so everyone uses it. Meaning dumb users click and go.
Also using Tor puts those miners at a disadvantage in speed compared to those who don't.
And Tor (and I2P) anonymity is not well characterized mathematically. Many argue they are not reliably anonymous.
So if you argue against off chain mixing, you fail to note that your on chain depends on your off chain IP obfuscation, so your entire thesis of defense collapses in a house of cards.Also note you did not refute #5 (well you can't because you don't know my designs).
5. You won't get decentralized mining without off chain anonymity.
Not proven, nor proven that you can get decentralized mining with off chain anonymity.
You haven't learned by now to respect my knowledge yet. But one day you will learn that when I make a statement like that, it has been vetted.
So again I reiterate, why risk it with on chain anonymity when there can be designs that are exponentially more secure with your anonymity into the future?
Why risk off chain routing attacks when (some future non-existant) on-chain system can be made exponentially more secure, with greater scrutiny of the components parts (encryption) then some large and nearly impossible to analyze set of interconnected elements.
See, FUD works in either direction. Stop doing it, and start building.
Did I ever disagree publicly with building?
Am I not doing a service to readers by sharing insights into the factors they must consider?
Have Cryptonote proven everything about its anonymity? (big fat no! see #6 below)
My post wasn't written in salesman tone. It was an intellectual exchange.
6. The claim that Cryptonote has a larger anonymity set because it can mix from the entire history of the block chain, whereas CoinJoin has a simultaneity constraint, is not true because to be prunable the rings must be restricted to small groups, and as I showed in my bounty algorithm upthread, if you allow widely overlapping mixing then the rings can in theory be de-anonymized.
You didn't show anything at all about the scope and degree of unmixing, so we have nothing to say here, just more FUD.
In short, prove on-chain wrong by constructing something better. Until then you are behaving similar to the shills you hate.
Until you run the bounty algorithm on your real block chain, you don't know either how much of Cryptonote anonymity is being de-anonymized by overly overlapped rings.
If on balance, you consider that Cryptonote can never scale to micro payments, it seems the ship is leaning to one side.