Topic: MyMonero.com - Security Issues - page 3. (Read 8226 times)

Without the spendkey you don´t see what outputs have been spend etc.
MyMonero users are less private, obviously, but that doesn´t endanger the others.

You have Mobile/Webwallets for DASHSCAM. It´s just that they don´t support a single bit of anonymity i.e. darksend.


Another lie - MoneroX works fine on Linux, Windows and OSX.
Works and looks the same as Bitcoin QT, aka Dashcoin QT.



It´s none of your fucking business, it´s really that simple.  Who are you to tell people what to use and where to trade? So we have to spread it out to 10 untrustworthy exchanges instead of 1 trustworthy?
Even ignoring the fact that we tried to get volume on Bittrex https://bittrex.zendesk.com/hc/en-us/articles/204310644-Year-long-XMR-giveaway- and even sponsored XMR for that? If people still prefer Polo, then they use Polo and it´s their decision.


Obviously because you are an idiot who wasn´t even able to check the sourcecode :-) No i am not talking to someone who knows sth. Definately not.
You see in the JS what is send to the server and what not, no need to make stupid speculations. Just go and check it.

I would say so but I am not the person to do that.  

And they can fix it I think by making a decent official wallet so users a) don't need MyMonero b) other exchanges can add XMR and Polo isn't central point to manipulate

It looks like you've really hit a sore spot. Maybe this warrants further investigation.

1. Lol, you still don´t get how Monero works :-)

--My understanding is that Monero is Cryptonote and I use that so my transactions / balances are then untraceable.  My point is that *they are not untraceable if I use MyMonero*, which a large % of users do.

2. Thats a blatant lie, no one has to, its just an option. Most people don´t want to use the Full node, especially not traders. FACT. Blockchain.info is prolly the most used BTC Wallet too. Why doesn´t DRK have a real web wallet? After over one year, are you guys to incapable to create one? Prolly because for your scam, you don´t even need mass adoption :-)

--Webwallet on an anonymous/untraceable coin seems like the most inappropriate thing you could develop to me, that's why I imagine Dark or any other anon coin didn't do it, and is why it makes me suspicious of the motives of the people who have done that for Monero.  As to forcing people to use it, I never said that - you just have to make the alternatives unusable for the average user, which they are in Monero's case, after 1 year.

3. Poloniex is the most trust worthy exchange we have. Fact. Why should we move somewhere else. We can trade where we want, only a fucking Dashtard Nazi would tell others where to trade their coins, it´s their own fucking business where they want to trade.

--Real basic stuff as to why having all your volume on one exchange isn't healthy...and in the context of what I am saying could be extremely unhealthy.

4. What Privacy? It´s run by Riccardo. Where is the sourcecode for Blockchain.info? Wheres the sourcecode to commercial product XYZ?? Oh wait, in the browser in case of Mymonero. idiot.

--No offense, you call me an idiot, but I don't think you know the first thing about how web tech works and you are talking to some who does..  the javascript is client side but anything can be going on on the server side, e.g.. the database, and without it being open sourced we have no idea how that works or what data is being collected / how it is being stored

I'm not trying to discredit you I am discrediting you as a wanabe SJW. You presented one side of a story and you never even contact the people involved to try and see if there even is another side.

Also with the information itself I guess you're not just a fuck face SJW you're also a stupid one. I already blew up your 'information' you just don't seem to want to read.

Dude you are spinning so much bullshit it's coming out your ears.


All this stuff you're saying doesn't matter. You had a moral obligation, especially as a self-appointed 'investigator' for bitcointalk, to act responsibly. Sending what you wrote on this thread privately to someone DOESN'T TAKE MORE WORK THAN MAKING THIS THREAD!

Also I know this is the altcoin section and there are a lot of scammers and delusional idiots but take a minute to think about how cryptocurrency works. For PoW whoever controls 51% of the hashrate makes the rules. For PoS whoever controls 51% of the currency makes the rules. With Bitcoin the mining network is so big that it's basically impossible for anyone to buy up 51% of the hashing power and make their own rules. But for EVERY SINGLE ALTCOIN including Darkcoin and Monero and Peercoin and Litecoin and Dogecoin and fucking everything there are single people with enough money to take over the mining network, forget about companies or the NSA or Israel. No altcoin is secure, they're just a collection of mostly-shit hoping to be less-shit one day.

Pointing out that an altcoin only has one web wallet or one main exchange is a big fucking whoop, because if that altcoin is successful there will be others and not everyone will use web wallets anyway. The entire argument you're trying to make is a load of SJW 'save the people of bitcointalk' bullshit from a child who doesn't know how to act like a responsible adult.

Oh and bro this took me one minute of google to find. Makes your entire attempt to make some link between the web wallet and polo seem pretty fucking suspect.

https://bittrex.zendesk.com/hc/en-us/articles/204310644-Year-long-XMR-giveaway-
https://bittrex.zendesk.com/hc/en-us/articles/204527664

1. Lol, you still don´t get how Monero works :-)

2. Thats a blatant lie, no one has to, its just an option. Most people don´t want to use the Full node, especially not traders. FACT. Blockchain.info is prolly the most used BTC Wallet too. Why doesn´t DRK have a real web wallet? After over one year, are you guys to incapable to create one? Prolly because for your scam, you don´t even need mass adoption :-)

3. Poloniex is the most trust worthy exchange we have. Fact. Why should we move somewhere else. We can trade where we want, only a fucking Dashtard Nazi would tell others where to trade their coins, it´s their own fucking business where they want to trade.

4. What Privacy? It´s run by Riccardo. You are the only one here hiding in the Dark (literally) between a made up nickname, why all the privacy?? Where is the sourcecode for Blockchain.info? Wheres the sourcecode to commercial product XYZ?? Oh wait, in the browser in case of Mymonero. idiot.

Like othe already said, XMR has been on top of the voting list at cryptsy for several months. Instead of really adding it, they still come up with flimsy pretexts (e.g. we're still in the process of adding it (they already said this a year ago)). Devs even offered to help with the integration, there is a guide to full php integration avaible, but they never bothered to ask for help. They will probably add it some time in the future, but this could still take a while.

I can not comment on Mymonero, but like MikeCorleone already said, if you are worried about MyMonero, please ask fluffypony himself. He is in almost everyday in #monero on freenode, so what's stopping you? If you didn't even contact him about your "worries", then this is just pure FUD spreading in my opinion.

No disrespect again but I am not invested in Monero and I never lost anything due to Monero so not like I care to go to all that trouble.

And i'm not disclosing a technical exploit that then renders Monero vulnerable based on the info I posted (which was speculation anyway) - I am saying the structure enables whoever owns MyMonero to exploit the market in financial terms because then it allows front-running on Poloniex where all the volume is. And the other things like no viable official wallet after so much time compound the problem and make me suspicious but how can I know what's happening behind the scenes.  The anonymity problems and letting Google in on the action is secondary today I would imagine.

Not much more for me to say - solution is get rid of MyMonero (by making a viable / usable official wallet that most users then actually adopt) and spread volume across exchanges: scam not possible, problem solved.

Also i'm not the person to look into this any further as I already explained i have conflict of interest so I think I should leave it there

You sound exactly like a fucking SJW! This just reinforces my belief man, SJWs are just cowards pretending they're doing everyone a favor and saving them.

This is what SJWs don't realize and what you don't realize: Maybe by talking to him you make him realize there's an issue, and he works to fix it, and then afterwards you're able to jointly release a statement pointing out the problem and what was done to fix it. Or you talk to him, he explains something to you, and you get a litebulb moment and then understand why it's not a big deal (I'm not saying it isn't a big deal I'm just saying this is one possible outcome). Or maybe he's a complete asshole to you and then you actually have! something! to! post! on! the! fucking! forum! except! your! stupid! opinion!

http://en.wikipedia.org/wiki/Responsible_disclosure go read and see what adults do when they think they've found a security problem.

Hi - no disrespect, but what exactly is Fluffy's word on any of this supposed to prove?  If my concern is a structural problem with Monero that is unhealthy and I ask him if he's using that to gain market info and then trade big on Poloniex where volume is all locked in and he says "oh no, not doing that" - then I shouldn't have posted this?  And he's free to come here to discuss, why do I need to contact him privately?

EDIT: again, I am not trying to single out Fluffy here and attack him.  I am saying MyMonero / 95% Polo volume seems like a bad idea basically because it *enables* someone to take advantage and undermines the core selling point of the coin, I don't know if anyone is doing that or not.

That is really shitty man. We aren't children on the playground gossiping about each other. Why would you post on the forum without first talking to the person you are accusing and asking them wtf is going on? You are no better than every fucking whiteknight SJW posting on tumblr. People like you make me sick.

Grow up and stop acting like a kid. Just send the dude a message and tell him what you're worried about. Are you so scared of him that you're posting this shit on a forum thread first? Coward.

7. Host has access to view key

1. if you don't mask your IP, host knows your physical location

2. host gets info on type of client you are using

3. embedding google analytics lets google know same and also enables you to be identified cross-domain on Google side (so who you are based on every other site you use basically)

4. if you don't use fake email, host knows your email

5. anything you type in a form on the site can be accessed retained by the site owner obviously (so all you financial info in XMR terms and what you are doing with funds)

6. ISP knows you are a MyMonero visitor and has to record this by law in a lot of countries and disclose if required

But that's not the main issue.....

It's the *financial information* that MyMonero has access to, that *no one else* has access to due to it being a Cryptonote coin, that is the real issue I am trying to ask about here...

Please explain technically how mymonero can de-anonimize users.

I am honestly curious, thank you.

EDIT: before anyone goes off on a tangent: No I am not affiliated in any way, shape or form with mymonero.com. I sport it in my signature because I am aware of the difficulties some people have with the CLI wallet.

I haven't investigated this yet.  That's why the title is "investigate?".  

This is just seeing what other people think to find out if it is worth investigating.

So far all my points have been dismissed..

In terms of input from Fluffy, he is welcome to answer my above questions, this is an open forum

This thread is really interesting. I like that BlockaFett has taken it on himself to investigate, and I think that should be praised. I have a few questions for you, BlockaFett, mostly around some more details of your investigation, as I think that will help us understand your conclusions.

1. How often have you approached Fluffypony to discuss your concerns? Was it just the one conversation, or multiple conversations?
2. What communications medium did you use: emails or skype or Bitcointalk pm or something?
3. Are you willing to show us the conversations you've had with him whilst you were investigating this, assuming he is ok with them being posted up?
4. I assume the conversations you've had with Fluffypony about this ended badly, can you tell us more about what he said to you in private that led to you putting this post up?
5. Have you spoken to him since putting this post up, and has he given you any more feedback?

I really think it's important that we get the answers to these questions, that way we also get his side of things.

PS. For next time it would be great if you could put the conversations up along with your investigation otherwise you're nothing more than a SJW and you lose credibility (obviosly not the case now:-) :-)

please, people. dont waste your enegry on this....
its not worth it. his questions are all fake