Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1301. (Read 4670643 times)

It touched 15 on Bittrex a while ago, although Bittrex has basically no volume.

I hope so.  I hate PoS

Well, actually one can know when this is going to stop.
There are only two entities dumping XMR right now in large scale on a regular basis:

1. A few large scale GPU miners --> they will stop dumping when there is another coin being more profitable to mine´n´dump. According to coinwarz this would be when XMR hits 0.0017
2. A guy from an exchange that filed for bankruptcy defrauding some of his former customers...[just my wild imagination of course, no accusations made, no names called]

That thing looks beautiful!

It just does so much .. automatically! And more!



I can only imagine how insanely complicated proxy VM's could be used in a cloud-based Qubes would be to sort out who was who.
Oh well.

No Samba yet though

Looks like a hell of a learning curve, but it's like Tails on steroids.

I'm kind of excited to try it out in a few days.

You have two risks. One is permanent capital loss of course. The other is missing the boat because rises tend to be sudden, dramatic, and over very quickly (followed by a long stagnation or decay until the next explosion). Currently there's someone capable of dumping large quantities (>20k XMR) regularly and we don't know when this will stop. It's entirely personal how you want to balance that risk vs. the risk of missing out if it goes up and stays up.

Nobody knows the bottom. reality bites, sorry.

Hi All. I'm going to transfer some money into BTC tomorrow morning. I want to purchase some more XMR but I'm worried. Where is the bottom? .0017? .0016? .0015? Anyone have any idea ? I'm going to guess .0016 but who knows.

Like I said on my first post that fired up all this conversation here: "NOTHING you're doing online is anonymous". The only thing we can do about it is taking our precautions; you see, I don't want to do illegal things with my money. I just want my invisibleness. Without it, most people who will own some serious amount of cryptocurrencies will have to change their lives for the worse when -and if- they go up the hill. I don't want my life to change. I also don't want some agency on my back hunting me down to get my XMRs or BTCs.

Just for the record though, if you seek for a good place to look for serious anonymity https://qubes-os.org/ is what you should look first (and probably last).
Maybe XMR implementation within this OS should be adequate enough for 99% of the users out there.

Cheers.

And crypto in general. Tax heaven.

XMR bullish news (future) http://rt.com/business/200883-banking-secrecy-obsolete-berlin-tax/

I didn't see this until after. That's a pretty decent article.

They've failed to make the point that due to the fact that it was funded and promoted by the USG, it's likely still in use by the USG, albeit it's not likely TOR to them, but some standard that uses onion routing. It's probably been better developed for sure, but the infrastructure is likely similar, see here:


While they don't mention specifically which military uses TOR, it remains an avenue for obscured communications for them. Likely, efforts to undermine the actual protocol would prove to be a double-edged sword. Additionally, being the original developers of the software with the most resources, they would logically stand to have the highest chances of breaking the protocol if it was possible to do so.

Really, the best known tactic they can apply is setting up as many exit/enter nodes as possible, and hoping that their own personal nodes are used randomly by a single user in a single session (timing attacks). This gives them the ability to track one single access, or communication, between you and whoever you're dealing with, and even then they'd still have to work around encryption if they couldn't subpoena the third party you were working with. As soon as you have a new 'identity' (every single time you access TOR, or whenever you click new identity), they have to wait until the same scenario occurs again. The chances of this happening decrease drastically with the number of enter/exit nodes on the network. So, its real shortcoming here is that it's just not being used enough yet. Of course, there's still some implementation issues to work out just like anything else, but the protocol is quite secure overall.

The other tactic they mention here:


Firstly, note that the outdated firefox browser was the weak link, an implementation issue which led to the knowledge of 'TOR usage'. This type of discovery would likely place your IP address at a high enough 'score' to record data. Again though, this can be mitigated very well by more users using TOR, which would deter continued tracking. Alternatively again, you can use mac address spoofing, so regardless of the IP packet monitoring, all of the data cannot be traced to your hardware, unless they were to break the encryption, or the site you were accessing was capable of being subpoena'd .. in which case they could possibly cross reference the users of their site that came in through known TOR nodes (some are unknown, like new ones), which would still leave you with plausible deniability if there were a large amount of their customer base using TOR, so they would have a tough time linking yourself to anything more than what you were already linked to.

Only through cross referencing multiple sites that came through TOR nodes could they even begin to link that you're the user using TOR that accessed that website from your ISP IP address, unless they had access to your computer (they likely can get this a different way than TOR).

Either way, Monero is working to integrate I2P. As a difference, I believe I2P lets you construct a type of anonymous whitelist, giving you the ability to 'discard' nodes that are questionable. Check here for info about that. Additionally, it looks like anyone running an I2P program becomes part of the network, where with TOR you have to provide a node specifically set up to handle network traffic (so you can do firefox, etc. without setting up a TOR node and instead just install the program on your computer). This leads to some heavy scaling issues, but for something with very little information going across the network like a crytpocurrency network, it sounds like a good match .. I just don't think you're gonna have everyone streaming videos on it 24/7.

Yes, everything has its trade-offs. I'm looking forward to where this ends up as well!

Part of what I do for living is dealing with security systems. I assure you there's none without a flaw; (correction:except it's offline) at least one that "somebody with the proper funds and equipment" won't be able to pinpoint who you really are. I've invested in XMR for various reasons, but mainly because of that possibility it offers. Let's see how it evolves. I've got a lot of faith to the people involved.

Big data analysis is a big business. Currently, most of it revolves around creating scoring programs to capture targeted data, even if that data is encrypted in your TLS/SSL protocol using RSA, ECDH_ECDSA, ECDHE_ECDSA, ECDH_RSA, ECDHE_RSA, it's still collected and stored based on a multitude of scoring systems, for possible 'pinpointing' later. This means that one of the major movements we're seeing is a literal countdown, equivalent to the ball dropping on new years, of valid quantum computers being developed. After that, someone would have to develop a quantum algorithm for specifically breaking each one of those in the protocol, which also involves working this out mathematically before a valid implementation can even be attempted on the computer. That's just internet traffic, which likely has multitudes of levels of more juicy information in it than a Monero transaction right now.

I believe the way i2p would work with Monero, is that they would still possibly be able to pinpoint 'an' i2p package (not being able to identify what's in it, however), possibly from your ip address (which you can also obscure through a VPN). Anyways, that package would have a very tough time being tracked back to your ip address (someone else will be better able to explain i2p to you than me), but you should be able to use other things like mac address spoofing to give yourself even more unlinkability.

Long story short .. it would be a lot of work, and Bitcoin and likely every other Altcoin, along with just about every internet protocol in use, as well as most encryption standards in use today, would all likely be broken long before someone picks your individual transaction from your individual address (let alone even scored high enough to capture the data - blockchains are a little different though) from the blockchain, and links it to another of your individual transactions, and same address, as the encryption used to prevent double spending on these blockchains is not yet secure against quantum algorithms.

If that's not a lot of security in 2014, I really don't know what else to try for here

As for a quick answer to your question: Yes, but the timeframe in which they are capable of identifying exactly everything, is likely outside of a decade. Possibly even lifetime, but who knows! Even then, it still has to be economically feasible, so they likely aren't looking for Johnny buying weed. There's still a long way to go, provided everyone takes the right steps.


I'd advocate for an investment of your own mining equipment, before ever contacting a botnet operator and buying from them directly, but it's your choice. Fortunately, they would also likely be privacy-minded as well, so at least there's that in common.

a. This is an extraordinary prospect; thanks for bringing it up. I do have a question though... Could the ISP of yours (provided they're aware) pinpoint your XMR transaction in some way? (ie: by sniffing header i2pd packages?)

b. This is the way I bought the majority of the stash of mine. I mine a little right now with a small office farm. Are you referring to the possibility of renting a botnet just for the mining purposes? Hmm... Depends who's door you're going to knock.

Addition for your consideration (rather old article but describes what I had in mind):
http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption

I agree with you, exchanges will have data that is linked to both your ip address and your account on their website. Apart from using email addresses that are not tied to you, and even possibly accessing the exchange from a vpn/tor service (or spoofed mac addressing), the incoming and outgoing transactions on the Monero blockchain will be tougher to link, in the future, with an ip address.

The ongoing work on the i2pd development, and (assumed?) future integration into the Monero client will make ip addresses unlinkable with addresses in the wallet, even though that would be very tough to do anyways even without i2p.

So, worst case is that the exchange can be asked to provide only proof of an account you managed to authorities, and not necessarily be able to provide proof that you owned the money in the account. I believe that will give an edge, if nothing else.

So your choice to claim ownership or not, is still largely in your own hands. Your choice to obscure your identity from involvement with Monero at all, that's a tougher issue that will require all parties involved to secure (Yourself, the monero client, and the exchange in this example). Fortunately, 2 out of 3 is mostly enough to obscure yourself quite effectively.

ADD:

Of course, if you were to purchase XMR on the exchange with an altcoin or bitcoin that you purchased with fiat money/something else, and never withdraw it from the exchange to your own wallet, then of course your movements can be identified, provided you use the same email address/ip addresses across accounts. This will also be addressed, as the tools of mass adoption are refined to the point where an average user feels comfortable and is capable of running the wallet software on their computer.

Perhaps large purchases might best be done by renting or purchasing mining equipment, as that can already be done through a vpn/tor service IIRC?

All the above comments are correct. What I was talking about was about the ability of one specific authority to link your IP with your XMR address. Many people out there (including me for a rather long time) were using their exchange addresses for donations and/or transactions. Like you said, this is a fatal error. Sorry if I was misunderstood.

Thank you very much.



For the security issue, I'd say that even if he doesn't change the address, the lazy user has not much to lose. And creating a new wallet now and then is not a hard task.

But managing multiple wallets in one software is a good point and I wish to see the day we will have a wallet software that behaves (at least) like MultiBit or MultiDoge, with all wallets in one program.
(Maybe this goes also as an idea for the guys that worked/work on the current GUI wallets)

I'm for making software where even the laziest user benefits. This issue may ultimately become a matter of semantics, of course; I don't know the full design trajectory of Monero. All I'm saying is that this component of the reasoning that we have against people reusing addresses in cryptocurrencies still pertains to Monero. While Monero doesn't have the primary issue to avoid, that is, where people are able to check someone's balance and transaction history at any publicly disclosed address, Monero still runs into the problem of someone's identifiable information contained in third party databases being cross referenced, whenever or wherever it is that they've reused their Monero address.

Therefore, it seems that there is still an important usage case for having the software make effortless the management of multiple Monero addresses (or accounts, if you prefer). While Monero seems to get rid of the need to generate and manage a new address for every single transaction, there is still a need to generate and manage new addresses for each privacy case where external cross-referencing might be plausible.

I don't doubt that there are smarter people who have already thought through all of this, but it does seem to be a usage case that hasn't been fully fleshed out from a practical standpoint in the software (and please correct me if I'm wrong). It seems to currently be a clumsy situation to manage multiple Monero accounts. Each requires its own instance of the wallet software to be running, and each requires its own backup mnemonic. All I'm interested in here is achieving the maximum security that we can in the least tedious way possible for users.

It was delayed for a day, because fluffypony was traveling.