Pages:
Author

Topic: The TRUTH about Darkcoin: ZERO Anonymity, EASY DOS attacks, & Amateur code base! - page 4. (Read 9018 times)

member
Activity: 92
Merit: 10
I won't even speak at the fud in this thread. I think pointing people to this post made in our most recent testing session might help shed some light on the ds+ process.

https://darkcointalk.org/threads/instantx-testing-v10-17.3083/page-36#post-32290

This is only the first 3 rounds Smiley

This might help if you can't follow that post. It is Evan's talk from a recent crypto conference.

https://www.youtube.com/watch?v=4Y9wO9v2nMw
legendary
Activity: 1442
Merit: 1018
Anonymity through obscurity. Unless you can actually prove without a reasonable doubt that Address A paid Address Z with a factor of 3^8 pathways, by all means, knock yourself out. The masternodes used per round are random and only know their inputs and outputs. You would need control over all the masternodes in the chain used (however many rounds the user specifies) to be able to knowingly link A to Z.

At this point it doesnt matter that Anonymity in Darkcoin works or not because its over a clay base of masternodes.

Right, the most logical of counter-arguments. That "clay base" you speak of has substantial capital behind it. I'd take this "clay base" over a straw house any day of the week.
legendary
Activity: 1442
Merit: 1018
I normally stay well clear of these debates, for obvious reasons, but I do get frustrated when I see well-articulated responses from people who are clearly intelligent advocating this obviously broken architecture, mostly through much hand-waving and placating each other.

Masternodes have to be available and connected to in real time in order to be used. Mixing is based entirely on their availability. Thus, in order to control a substantial number of masternodes one merely has to own a handful, and make the rest of the masternode network unreachable.

For even a script-kiddie-level attacker these techniques and funds are easily found.

Need to render 1100 masternodes unreachable? No problem - SNMP amplification attacks will let you use a handful of boxes to amplify the bandwidth under your control. When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

The most critical take away for you today is that this problem is unsolvable at the userland level. In other words, no matter how much dev worship there is there isn't a magical line of code that can be written that can prevent amplification attacks from devices and servers that are unrelated to and unconnected to the Darkcoin network. It is something that cannot be controlled or influenced.

The solution would literally be for Darkcoin to scrap masternodes and go back to the proverbial drawing board to find an architecture that uses passive blockchain mixing or similar, but I suspect it is too late and there are too many stubborn heads for that.

Exactly this.

I have read little things here and there about DarkCoin not actually being anonymous because you have to create anonymity on the protocol level. Monero/Cryptonote has good anonymity because it splits up all of your blocks over different people when you send the transaction but the drawback to this is that it creates more data on the Blockchain. In DarkCoins case, the mixing nodes would present more of a risk since a script could be run in order to link transactions, plus the nodes can be taken offline and disrupt the network.

Anonymity through obscurity. Unless you can actually prove without a reasonable doubt that Address A paid Address Z with a factor of 3^8 pathways, by all means, knock yourself out. The masternodes used per round are random and only know their inputs and outputs. You would need control over all the masternodes in the chain used (however many rounds the user specifies) to be able to knowingly link A to Z.
legendary
Activity: 882
Merit: 1024
I normally stay well clear of these debates, for obvious reasons, but I do get frustrated when I see well-articulated responses from people who are clearly intelligent advocating this obviously broken architecture, mostly through much hand-waving and placating each other.

Masternodes have to be available and connected to in real time in order to be used. Mixing is based entirely on their availability. Thus, in order to control a substantial number of masternodes one merely has to own a handful, and make the rest of the masternode network unreachable.

For even a script-kiddie-level attacker these techniques and funds are easily found.

Need to render 1100 masternodes unreachable? No problem - SNMP amplification attacks will let you use a handful of boxes to amplify the bandwidth under your control. When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

The most critical take away for you today is that this problem is unsolvable at the userland level. In other words, no matter how much dev worship there is there isn't a magical line of code that can be written that can prevent amplification attacks from devices and servers that are unrelated to and unconnected to the Darkcoin network. It is something that cannot be controlled or influenced.

The solution would literally be for Darkcoin to scrap masternodes and go back to the proverbial drawing board to find an architecture that uses passive blockchain mixing or similar, but I suspect it is too late and there are too many stubborn heads for that.

Exactly this.

I have read little things here and there about DarkCoin not actually being anonymous because you have to create anonymity on the protocol level. Monero/Cryptonote has good anonymity because it splits up all of your blocks over different people when you send the transaction but the drawback to this is that it creates more data on the Blockchain. In DarkCoins case, the mixing nodes would present more of a risk since a script could be run in order to link transactions, plus the nodes can be taken offline and disrupt the network.
hero member
Activity: 2170
Merit: 640
Undeads.com - P2E Runner Game
But its an interesting point.
Hosting masternodes has to be on a level.

I'd suggest to move it into the IP6 address space completely and provide any amount of failover IPs for such scenarios.
Many datacenters offer that already, even in the IP4 space.
hero member
Activity: 2170
Merit: 640
Undeads.com - P2E Runner Game
Especially if coming from somebody promoting or owning the website mymonero.com.
Why don't you just blow it off the table, if its so easy?
Or ask BCX to do it, he seems to be open for good and easy fun.
full member
Activity: 226
Merit: 100
I normally stay well clear of these debates, for obvious reasons, but I do get frustrated when I see well-articulated responses from people who are clearly intelligent advocating this obviously broken architecture, mostly through much hand-waving and placating each other.

Masternodes have to be available and connected to in real time in order to be used. Mixing is based entirely on their availability. Thus, in order to control a substantial number of masternodes one merely has to own a handful, and make the rest of the masternode network unreachable.

For even a script-kiddie-level attacker these techniques and funds are easily found.

Need to render 1100 masternodes unreachable? No problem - SNMP amplification attacks will let you use a handful of boxes to amplify the bandwidth under your control. When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

The most critical take away for you today is that this problem is unsolvable at the userland level. In other words, no matter how much dev worship there is there isn't a magical line of code that can be written that can prevent amplification attacks from devices and servers that are unrelated to and unconnected to the Darkcoin network. It is something that cannot be controlled or influenced.

The solution would literally be for Darkcoin to scrap masternodes and go back to the proverbial drawing board to find an architecture that uses passive blockchain mixing or similar, but I suspect it is too late and there are too many stubborn heads for that.

Exactly this.
hero member
Activity: 2170
Merit: 640
Undeads.com - P2E Runner Game
When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

That's true.


Not quite, it only applies if the machine runs a DNS server.
Do Masternodes run BIND or something?
legendary
Activity: 2156
Merit: 1131
When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

That's true.
legendary
Activity: 1036
Merit: 1000
Drk is weak
Buy ShadowCash the next big thing..
donator
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
I normally stay well clear of these debates, for obvious reasons, but I do get frustrated when I see well-articulated responses from people who are clearly intelligent advocating this obviously broken architecture, mostly through much hand-waving and placating each other.

Masternodes have to be available and connected to in real time in order to be used. Mixing is based entirely on their availability. Thus, in order to control a substantial number of masternodes one merely has to own a handful, and make the rest of the masternode network unreachable.

For even a script-kiddie-level attacker these techniques and funds are easily found.

Need to render 1100 masternodes unreachable? No problem - SNMP amplification attacks will let you use a handful of boxes to amplify the bandwidth under your control. When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

The most critical take away for you today is that this problem is unsolvable at the userland level. In other words, no matter how much dev worship there is there isn't a magical line of code that can be written that can prevent amplification attacks from devices and servers that are unrelated to and unconnected to the Darkcoin network. It is something that cannot be controlled or influenced.

The solution would literally be for Darkcoin to scrap masternodes and go back to the proverbial drawing board to find an architecture that uses passive blockchain mixing or similar, but I suspect it is too late and there are too many stubborn heads for that.
hero member
Activity: 534
Merit: 500
OP really does seem to be a fudder... Tongue
legendary
Activity: 1092
Merit: 1000
Sorry, maybe i have should use "Darkcoin uses Central Servers" couldn't see that people are that shallow not to see its a central system.
And by the way, what it have to do with de-anonymization ? Who is mixing your network would you say? Santa claus ?

Quote
1240 Masternodes
($2,952,000)

To have a 40% chance of de-anonimizing the network with 8 rounds of mixing, you would currently have to hold 90% of the masternodes. This means going into the market and buying 1,120,000 darkcoins.
This would push the price of dark into the billions, market would become bullish, removing coins from the market. I don't think someone could buy that amount of coins in the first place.
Also the price of darkcoin being so high, insentivises new investors to buy and setup more masternodes - further de-centralizing the network.

Using same argument on and on which is totally not true.

You still think the Government will buy any coins from Darkcoin just to shut it down ? This theorie is laughable when you have centralized server system which can be hacked or shutdown. No VPN will save you from this.


You know i usually encrypt my secret messages with a 1240 x Rot13 encryption just to be sure its secure.
Same thing with having 5 Firewalls won't give you any advances in security

I agree that the "buying darkcoin to destroy darkcoin" is laughable, your absolutely correct! It's a ridicules idea that one entity could even buy the amount needed to subvert the network in that way, thanks for supporting that.

Definition-Centralize

concentrate (control of an activity or organization) under a single authority.

Masternodes are not quite centralized, as the majority of nodes are hosted on 2 VPS providers (Amazon/Vultr).
This is a problem i agree, but at this point its more of proof of concept, if MN become more profitable to run,
the incentive will emerge to setup your own mini "datacenter" and host the node from your own home.

I'm already considering this.

Now if at least 10% of the current network did this, 126 individual nodes would be live. The hacker would need to attack each node individually.
And so what if he did? Darksend's process picks a masternode randomly, how would the attacker know which node to attack at a specific time if the selection process isn't already determined?

In relation to your comment's on security, I use at least 8 round's of mixing  Cool
legendary
Activity: 3066
Merit: 1188
Scenario, Government is telling most of their cooperated country's to ban/filter all connection to the Masternode server, since they are hosted by mainly a VPN which has rules as when you don't follow them means your details will be released to Government authorities.

So what you will do if no VPN or country will allow you to host a Masternode server ?

That's true. For example quite a lot of masternodes are hosted on Amazon and the government could just instruct Amazon to boot anyone off that's hosting a Darkcoin masternode.

But lets think this through for a minute. For that to happen, Darkcoin would have to have been successful enough to pose a significant threat in one way or another. It's not the type of thing that they could do clandestinely.

Secondly, (and this is where the "decentralised" aspect comes in) masternodes can upped in minutes on any server - it doesn't have to be in any particular country or with a commercial hoster. If you take a look at the current coverage map, they're all over the place - the US, Europe, Asia, Russia, Australia.

Thirdly, you're only addressing the technology the way it's configured at the moment. This is an evolving project. It's already blown way past many of the limitations of only a few months ago - not least the fact that the anonymisation is now done pre-emptively rather than in realtime which makes it almost independent of any weaknesses in whatever mixing algorithm is might use due to massive redundancy.

That ability to make such quantum leap architectural revisions to address emerging issues from trialling is thanks to the 2-tier design which keeps the blockchain integrity solid while allowing for more fundamental development in the masternode network. Whatever limitations are imposed by that design, you can expect them to be addressed with similar success as work goes on.

EDIT: In fact it's being done as we speak: https://darkcointalk.org/threads/instantx-testing-v10-17.3083/page-28#post-31968
legendary
Activity: 3066
Merit: 1188
You still think the Government will buy any coins from Darkcoin just to shut it down ? This theorie is laughable when you have centralized server system which can be hacked or shutdown. No VPN will save you from this.

You cannot shut down an architecture which is decentralised.

I think you're confusing the word "centralised" with the "2-tier" and trying to make out they're the same thing. They are not the same thing.

A "centralised" network is one that has a single central controlling authority. A decentralised one is a network that does not. (The clue is in the word single.)

Nor is it a question of number. There could be only 2 masternodes in the entire world and it still wouldn't be centralised because those 2 masternodes could not prevent another 50,000 from spouting up elsewhere. In other words those 2 masternodes do not constitute a central controlling authority.

As for "buying them all up", if you properly think it through to its ultimate conclusion then even that doesn't work. Although it's a hypothetical possibility, Darkcoin belongs to a technological generation which is characterised by open source reproducibility. Everything can be reproduced: if masternode ownership gets compromised, new ones will appear. If the entire network gets compromised, a new one can just spring up elsewhere.

It isn't a viable proposition because there isn't one aspect of the Darkcoin network - or for any other cryptocurrency network - that can't be extended or reproduced. The reason for that. again, is that there is no single controlling authority (i.e. it's decentralised).

Far from being a weakness, Darkcoin's masternode network gives it massive redundancy because whatever the merits of its particular mixing algos at any given moment, they can be re-applied many times pre-emptively as opposed to having "only one shot at it" when a user performs a transaction.

IMO, Darkcoin stands at the door of very widescale adoption right now because in addition to all the above, it also retains the legacy commercial interface which makes it readily adoptable by new and existing vendors.

All round - it's the business !

hero member
Activity: 2170
Merit: 640
Undeads.com - P2E Runner Game
Put up or shut up, fudder.

This is a moderated Thread if you think i'm fudding for telling the truth then why don't you try to Censor me ?

You're not worth it.
hero member
Activity: 2170
Merit: 640
Undeads.com - P2E Runner Game
Put up or shut up, fudder.
legendary
Activity: 1092
Merit: 1000
Can these servers be shut down by governments?

Very easy, you should just check what they done to TOR, then you will notice that they could easy de-anonymize Darkcoin.
But i think Evan Duffield know that they only have a pseudo anonymizer.


First you say darkcoin uses one server, then you are corrected and told the number is more like 1240 individual servers,
but still the venom splats all over my screen.
Masternodes are hosted on different VPS providers, different locations all around the world and will soon be hosted by individuals!

What has servers being shut down by the government got to do with de-anonymization?
Shutting masternode servers down would not de-anonymize darkcoin? I don't understand what your saying?

I think you are mixing stories here.

You are infact talking about the majority of exit nodes on the tor network being FED controlled, and the parallels between tornodes and Darks masternodes.

Currently

1240 Masternodes
($2,952,000)

To have a 40% chance of de-anonimizing the network with 8 rounds of mixing, you would currently have to hold 90% of the masternodes. This means going into the market and buying 1,120,000 darkcoins.
This would push the price of dark into the billions, market would become bullish, removing coins from the market. I don't think someone could buy that amount of coins in the first place.
Also the price of darkcoin being so high, insentivises new investors to buy and setup more masternodes - further de-centralizing the network.
sr. member
Activity: 406
Merit: 250
Can these servers be shut down by governments?
legendary
Activity: 882
Merit: 1024
You meant "only time will tell", or did you wanted to say it is selling time?

Not sure what you mean by this, are you selling your coins?
Pages:
Jump to: