Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1164. (Read 4670673 times)

Let's say you have a wallet with a balance of 123.45 Monero and you want to transfer all of it.  As a fee will be deducted, how do you do this if you don't know what the fee is ahead of time?

The FBI has statutory authority by Congress to access any computer anywhere in the world. Jurisdictional considerations ONLY apply to property held by American citizens, and jurisdiction in this context has nothing to do with geography.

The FBI is the state sponsored hacker. They can and do with impunity, hack and penetrate and privilege escalate and data dump and image any machine they can get in to. And they will retrieve data for years before there is ever a trial or court case or conviction. Neither the machine owner or the data center knows anything about it, necessarily.

Back to Masternodes. **WE KNOW WHERE ALL THE MASTERNODES ARE** , they are on Amazon, Digital Ocean, and a small subset are run on other providers and personal computers. Literally simple memory dumps get you the whole path. There is no omnipotent adversary to hypothesize about, they can just do literal memory dumps, constitutionally to US citizens with liberally approved warrants, and with impunity to non-US citizens. The minority of people running masternodes on their raspberry pi's are the only ones that are outside of the dragnet, in this scenario, LEA has all the data they need for most transactions AND then you are trusting the remaining individual ones not to be doing their own transaction monitoring/logging.

Darkcoin isn't at an evolutionary dead end with this reality, they can try to obfuscate IP's of masternodes retroactively, they can try to do that multipath whatever. LEA just goes to the biggest data centers, looks for a particular software process and gets all the same data anyway! Whooooops.

Read a freaking indictment or two, they do this shit all the time. No conspiracies necessary.

1. FBI has no jurisdiction in Russia, China, or anywhere else but USA. Fact is, a lot of people run their nodes in Amazon etc right now because that's what the first tutorials for running a node told them to. When/if Darkcoin becomes so big that some agencies actually get interested in it enough to try to spy on, the rewards from running a masternode will be large enough to afford your own dedicated servers in where ever you choose.

2. But not every operator will, and then your spy operation will fail and you just paid huge amounts of money for nothing. You'll need either (almost) everything or you'll fail.

3. The higher the incentive to ddos other masternodes, the higher the price must be. And the higher the price is, the stronger nodes you can afford to run. Also, this is something that the devs are aware of, and working towards a solution:


Agree, now we can go back to Monero.

1. Do you need to compromise 100% of masternodes to yield useful data? Would 50% or 80% yield nothing useful? No, with time and luck and hard work, compromising less than 100% of the network could yield results.

2. Just because an adversary has the willing cooperation of some cloud service providers doesn't mean that this adversary can magically break all encryption at the click of a button. Not every adversary is all-powerful.

Every Fortune 500 company is a target for corporate espionage. Every black market organization is a target for law enforcement. The simple fact is that there are far more potential targets available than there are pursuers. Like a hawk choosing his target amongst a flock of pigeons, your adversary will choose the targets that are easiest. The weakest. As the saying goes, you don't need to run faster than the bear or swim faster than the shark; you just need to be faster than your friend.

So four members of the high school swim team are swimming in the ocean. Danny "Donuts" Dollar is an obese 1st year student who was forced onto the swim team by his parents.
Billy "The Bicycle" Bitcoin is a bronze medalist slacker who often misses swim practice and mainly focuses on cycling, not swimming. Donnie "The Dolphin" Darkcoin, is a hard working 4th year veteran of the swim team who consistently takes second. Mario "The Missile" Monero is both hardworking and a genetically gifted 3rd year athlete who is being lauded as the next Michael Phelps. As they frolic and play in the ocean, three hungry sharks approach. Who is going to live to swim another day? Maybe all. Maybe none.

I don't want to get too off-topic, as this is a Monero thread, but there are a couple of points to bear in mind:

1. We don't even need an attacker with the NSA's scope. Law enforcement like the FBI can easily get the legal right to wiretap masternodes. Many of these masternodes run on virtualised machines, which means the hosting provider can snoop the OS status and memory. Virtually all of them could be under the purview of LEA, and thus long-term monitoring would be invisible.

2. Over and above that, there's massive incentive for masternode operators to make extra money by selling access to their logs. Not every operator is a rational actor, not every operator is a libertarian.

3. As long as operators earn based on what they process there will be an incentive for masternode operators to attack each other. This is a classic case of Prisoner's Dilemma.

The most concerning is 3, as there really is little that can be done to fix that. You can't evenly split rewards, as then there's no longer an incentive for a masternode to be honest (not that there's much incentive for that right now). When this has been mentioned before the knee-jerk reaction is "they'll never do that!" However, one need only take a look at how Bitcoin mining pools operate to see that this is a very real problem. Two references that make for good reading are: Ittay Eyal's "The Miner's Dilemma", and the paper "When Bitcoin Mining Pools Run Dry" by Aron Laszka et. al. This is, of course, quite a well-known issue amongst those in the know: 1, 2, 3

If anyone wants to continue this conversation feel free to start a new thread, otherwise we can go back to talking about Monero:)

It's not up just yet, but Tippero will have this enabled sometime in the next couple days. It was supposed to go up for the cricket games in february but this seems like a good occasion to debut it early

I'll post details when it's ready.

Relying on masternodes for privacy requires luck and trust.

It is no more "questionable gains" than the people who would run the nodes for profit. If you want to spy, you still get the profit plus the information.

Regarding Darkcoin as it's mentioned in that PR material - there is a statement, that says "if these Masternodes are compromised by a malicious actor, then the anonymity can be broken".

Compromising 100% of the masternodes (thousands, not hundreds) is no easy feat, and if you're dealing with an adversary that can accomplish that, then they are powerful enough they can surely just simply compromise your personal computer and save a lot of time and money.

And, let's even assume that they compromise 100% of the nodes for a while - they could only spy on the pre-mixing that happens during that time. They can't break anonymous transfers that have already happened, and they can't break anonymous transfers that happen if the coins have already been anonymized previously. Trying to take over the whole masternode network would just be a lot of effort for questionable gains.

This has already been covered in the OpenAlias standard, although this functionality is not yet available in simplewallet -

There are really only 2-3 major DMs at any given time and only a handful of gambling sites doing all the volume with a handful of administrators in charge of them. Major corporations are also command-and-control topdown hierarchical organizations. Most of the world's wealth is also concentrated among few people. Therefore, the choice to adopt new currencies for corporate finance, offshore banking  or DMs alike will come down to decisions made by a very small number of highly intelligent, sophisticated, ultraparanoid people.

Already, several people have been arrested in connection with IP analysis. Several Coinbase accounts have been shut down in connection with blockchain analysis. Amazon and any other corporation will cooperate with LE to quietly comandeer hosted DRK masternodes. It's just a disaster waiting to happen. Any discerning leader is going to realize that.

There is a reason why people around the world are using AK-47s. It's not because Kalashnikov had a degree in marketing.

I talk about drugs all day long with DopeCoin as you said consumers don't dictate the coin they use for them, it is the DM operator who sets the tone for it so you are spot on. We got listed on SRR. We have no shame in saying so. Its about what the DM wants.

edit: keep in mind SRR actually eats up your coins so providing an extra layer of privacy as the alt-coin is converted over to Bitcoins.

I think it's going to be more an issue of dm operators migrating from TOR to I2P. DM operators will do what is in their best interest, not have consumers dictate the coin they should use to them; they're taking the brunt of the risk and they supply the product that the consumer wants--good luck telling them that they should use a coin because it has better marketing. When's the last time you saw a drug dealer with a cc reader? And before anyone jumps on me and says, "Oh, but Monero's so much more than the dark markets, ect,..." I've never said otherwise. What I am saying is that dm is the market that can make or break Monero. Do you think a CEO is going to entrust the secrecy of a project on a coin that failed publicly with dm? I wouldn't....

just a little thought i was having on my mind.. based on no of articles and discussions taking place lately, looks like year 2015 is going to set solid footwork towards crypto currency regulation and come hard on exchanges that don't follow regulatory framework. that will probably incite more interest towards darkcoin first since it's more marketed but the neverending issues surrounding its master nodes and premined stash may prove to be disastrous in the end turning all that avalanche of attention to monero... by then monero should be ready for all that love...  

just to reiterate coinbase already received approval to be fully regulated, gemini is next on the list... i don't know how you guys see it but i see this very bullish for monero in the long run.. As soon as monero's targets are achieved and get stable i'm expecting it to start picking up a lot more interest from exchanges and merchants...

http://www.coindesk.com/anonymous-bitcoin-backgrounder-policymakers/

Yes that's right. Mymonero could be logging your access (which could be avoided by using Tor, assuming you trust Tor) and does have your view key (no way to avoid this) and could itself be logging your transactions, so there is still a potential loss of privacy compared to running your own node over i2p. That is going to be the gold standard eventually. I'm not sure how openalias is going to work over i2p, but I'm sure we'll come up with something. Openalias is one of those standards that can work over almost anything, since it is just an appropriately formatted text string.

In that instance, what about using mymonero.com? Then it wouldn't be your IP making the request, would it?

Thanks for the clarification. When i2p is integrated, will openalias be useable without exposing ip addresses?

No.

stealth addresses + ring signatures = the anonymity/privacy part of cryptonote. There are other parts of cryptonote too, that have nothing to do with privacy. I2p integration is planned to add another expect of privacy to Monero, though that isn't part of the original cryptonote design. There is no coinjoin to it at all, that's a completely different approach.

Maybe.  There are some name servers that claim not to log, though you can't really verify this. Also, in most cases your request goes through intermediate name servers (at your ISP, or google, or some such).

However, for maximum privacy you probably don't want to use this feature.

It was done in Blender, which exports the animation as a whole bunch of png files that were then made into a gif using ImageMagick.