Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1595. (Read 4671953 times)

That's not the way it works. The "reveal" does not reveal which transaction it is, it reveals that they were involved in a transaction (this we could deduce already) and the exact amount (ie. let's ignore spurious outputs / change outputs), so it's not the same as revealing the one-time private key for a transaction. What we're talking about is a reveal that is no different to a screenshot of a person transacting (as has been posted in this thread) that contains full details of their transaction (destination address, amount, mixin count, payment ID). How exactly would you prevent that information from being revealed? You can't.

Monero is meant to solve that exact problem - what happens if we know the address of the recipient? Can we do anything with it? It's a stealth address, so good luck getting anything out of that. Ring signatures are an additional layer on top of that, and they exist to protect you when a transaction is compromised. They're a level of ambiguity, not a level of anonymity. Privacy is accorded by the stealth addresses, ambiguity gives you plausible deniability in the event that someone else in in the signature group for a particular input is compromised.

Edit: just to add, this stuff is inherent in the protocol. We're not suggesting changes, we're telling you what is already there. Reading the whitepaper is probably a good starting point to understanding why this exists in the protocol:)

Yes this is what I am thinking. This talk worries me greatly.

Actually it isn't, if you want a high degree of anonymity. The more transparent transactions you have, the more you undermine the anonymity of the non-transparent transactions.

Doesnt this impose a cost on people who want privacy? Having some of the network activity revealed allows concerned entities to deduce other information more easily. For example say you have a ring signature with 2 parties and the other party reveals which input is his, now they have deduced who the other participant is (atleast they have deduced his pseudonym, still not a good thing). This means that inorder to regain their privacy, people who want privacy now have to use a higher mixin count to achieve the same thing.

It seems to me that, unless this evaluation is totally wrong, this charity should just use bitcoin.

I'm glad to see this. Having options is better than having none

Noodle, wolf0, or others who've hacked on CryptoNight -- did I capture the salient points in this, or would you change anything?

https://www.dropbox.com/s/3yoovsi0gk9n88a/cryptonight_tmp.pdf

(Figure showing the basic processing steps in the inner loop of CryptoNight).

As dga has already pointed out, you don't want to create a scenario where guilt-by-association exists. Monero's privacy is a feature, but it's not the only feature.

David's quote is misleading, he didn't mean that regulators can magically peer into the blockchain and trace transactions. He meant that in a situation where you run a charity, for instance, you would publish the viewkey along with some form of per-tx signature so regulators concerned with ensuring charities are run appropriately can peek into your books and see your accounts. Another use-case could be for a company to let its accountants, bookkeepers, and exco have visibility on the account and on the movement of funds. Or a married couple that want a shared account.

Monero is private by default, transparent optional. The choice of whether privacy is relinquished for a particular wallet is the user's and the user's alone.

lol - he reminds me so much of this dude: https://bitcointalksearch.org/topic/confession-of-a-degenerate-642090

lols, my thoughts exactly Mumbles...why not just claim you're a nigerian prince who enjoys trading alts?

So...lets see if I understand this correctly...

1) You have a ton of alt coins already...but you want to borrow more
2) You have hundreds of thousands in transactions in poker but you can't affort $500 to $1200 worth of some other alt coins?
3) You have been trading for 7 months, yet don't have enough money for your trading.

Got it. Where can I send you money? I would like to be part of this right away!  

BCN is dead. XMR is the de facto standard for CryptoNote coins just by looking at BCN/XMR parings on Poloniex (similar to [YourCoinHere]/BTC)

I'll take that bet. How many XMR/BTC do you want to bet? And what type of DAC do we want to use as the basis for the bet?

Whoever said that is either a complete idiot or a liar. Ethereum is a platform that can run autonomous corporations and even create other currencies on top of it. Monero is just a (quite nice) currency.

Current price and volume of BCN would be the best explanation for the behavior of some BCN butthurt in this very thread 

We're trying to model deanonymizing attack vectors on the network right now with some math grads, but at least mixin >= 1.

This is a very reassuring thing to read. Particularly this "mandatory participation in anonymity sets" i am very strongly in favor of. What sort of mixin minimums are you guys thinking of at this time? it seems like a mixin count of 2 or greater would probably get the job done well enough and be a good trade off where as mixin 1 is probably too low.

We're working now to add better privacy features, like mandatory participation in anonymity sets, a proper I2P protocol for transaction submission to network nodes, and more elaborate methods of transferring funds that obfuscate transaction submission time to the network and transaction destinations.

Of course, if the NSA is sitting sniffing your personal packets off your network, there may not be a lot to help you at the current time. Other persons are working on some censorship free networks for the near future, and there are becoming better ways to enter the internet using physical cash. Privacy online is a difficult thing to achieve.

Ignore DRK and BCN trollers  

Have you filled XMR survey?

https://docs.google.com/forms/d/1JqIXkjKpcEpv6lyH6SD22f_Ny0i-rhM9bV21WcOFstw/viewform

Survey summary https://docs.google.com/forms/d/1JqIXkjKpcEpv6lyH6SD22f_Ny0i-rhM9bV21WcOFstw/viewanalytics?usp=form_confirm

Actually, that's an interesting bigger-picture question.

Is the network stronger if an anonymous technology is used for all transactions, where a fraction of them are deliberately made transparent;

or is the network stronger if BTC is used for transparent transactions and XMR/BBR/foo is used only for anonymous transactions?

My concern about the latter is guilt-by-association.  We know, for example, that the NSA archives permanently all encrypted data, but (publicly says) that it does not retain certain classes of unencrypted data.

One or two anonymous transactions per minute may be much more easily traced via traffic analysis than 1000 anonymous transactions per minute mixed together with 10 deanonymized transactions.  This is based, admittedly, on the assumption that people who don't carefully ask the question of whether they want anonymity will default to BTC.

All can vote for Monero here;
https://bitcointalksearch.org/topic/poll-what-anonymous-coin-will-succed-568166

or you can vote for StealthCoin