Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1679. (Read 4670972 times)

Careful there.  You'd be surprised how much can be leaked by even this.  PIDs are pretty bad.

A non-rolling PID gives away the distribution of customer payments to the merchant, and the number of customers.  An adversary with many nodes could, over time, learn the likely originating node for a particular payment ID (based upon where it sees it first).  If that per-merchant ID is hosted on the same machine as your normal wallet, you're leaking quite a bit.

Even a rolling PID eliminates the benefit of shattering the transaction into fixed-sized pieces for the purposes of mixing.  Nervous nervous.

For newbies, Monero devs core team is working on to embed a database, such as rocksdb,

http://rocksdb.org/

to fix blockchain bloating issue. It is one of the tasks, see github repo for all details,

https://github.com/monero-project/bitmonero/network

As for now hot fix is simply switching to 64-bit executables, migration instructions were posted earlier this thread bold font by florida.haunted.

I do remember...guess I didn't read that carefully tho

Oh, perhaps you missed the Monero pizza auction?
I have a score to settle with fluffy since then  

lololol that is one cheesy motherfucking pizza

Apologies for the slight off-topic:
If anyone has plans to develop an online wallet for Monero sometime in the future, please PM me if you'd like to have the very meaningful 'monujo.com' domain. I will carry on with plans of my own if there are no takers, but knowing what little time I have available, I'd be happy to let it go towards deserving hands. This is not a straight up market offer - if the Monero team expresses that they want the domain for an 'official' platform, it's theirs for the prize of a pizza.

_{(Pizza is currently valued at exactly 250 XMR. Oh yeah fluffy, the pizza man is back to haunt you!)}
Cheers,
~ Myagui

Re: payment id

Even if the merchant never changes your payment ID at all (or does so in an insecure manner) you can protect you own privacy by designating a single wallet for all transactions to the merchant and then funding that wallet from your "real" wallet using suitable mixing.

I've never been a fan of the pid feature especially in the half baked manner it is currently implemented but privacy-wise effective work arounds exist.

It has been raised in #monero-dev a number of times, and we are considering options. It's not a priority, in sense of it needing to be done in the next two weeks, but we are cognisant of the need to change this and to change it soon.

Personally, I don't see how a rolling payment ID when coupled with a reasonable mixin reduces the anonymity set in any specific or measurable manner, but I understand that most merchant systems won't roll the payment ID over. In terms of threats to anonymity via a reduction in the anonymity set, this is actually quite far down the list. Identifying payments by the uniqueness in the amount is a considerably more realistic threat, and we are combating that by looking at fixed denominations (eg. 1, 2, 5, 10, 20, 50, 100 and so on).

I'd also hazard to say that as a dev team, our focus is on a combination of privacy, untraceability, and security, but we are also trying to figure out how to achieve usability and solve pressing technical concerns. Everything will evolve and improve over time, getting caught up on any single hurdle at this early juncture is just going to mean we're running pillar-to-post. We know academically where weaknesses lie (see the latest annotated whitepaper), and we are expanding that to implementation weaknesses in the code as well. The result of all of this will be a stronger cryptocurrency that can only improve on the reasonably high privacy Monero already provides:)

I think the takeaway here is that this is a world currency. Some of us live in happier places than others and some of us have more trust in our governments than others. When it comes to identifying weaknesses in systems it's important to view things from the most corrupt perspective possible, because someone out there will attempt to exploit it.

yea unfortunately some amount of immoral things will come with this. it will help to facilitate kidnappings for ransom for example . Its very sad indeed, unfortunately life is all about trade-offs and sometimes you have to make hard choices.

In that case, I should rephrase.

Maybe immoral would be better instead of illegal, since all the things you've listed are immoral by the governments themselves.

But anyway, you guys are right. I was too quick to judge.

Heck yes i want people to be able to do "illegal" things. If the government says that all jews must report to the camps and that people are not allowed to hide them in their attic, hell yes i want people to be able to break that law. If the government says that saudi woman are not allowed to own private property than hell yes i want saudi woman to be able to break that law. If the government says that joe must fund some immoral war of aggression hell yes i want joe to have the tools necessary to break that law. Im not going to be coy about the fact that i want people to have the tools necessary to avoid exploitation at the hands of well armed tyrants. Im not ashamed of that. I'm not going to apologize for that. And i dont give a damn what other people think of me, or the technology that i use, because of it. But i assure you, it has nothing to do with me personally wanting to be able to buy drugs and get away with it.

Unfortunately, it is the only way to identify payments at this point. And I don't believe a better alternative is even a priority.

I think so. Thanks for pointing it out. I already raised the concern to BoolBerry dev crypto_zoidberg few days ago. He said payment ID is for exchanges only. It should not be used in other contexts

I agree. I forgot the meaning of the word private. What you do in your private time is for you to know only, whether you wish to share it or not.

Spoken like a true politician. "Why do you want privacy if you have nothing to hide?"

My reasons for privacy, legal or not, are none of your fucking business. And that's the point of Monero. All transactions should be private, without anyone having to justify themselves to anyone else.

I was just getting ready to fire back a heavy worded, not well thought out, assault.

But, it seems you guys are right. Monero should aim to be as private/anonymous as possible. Anything less is "giving in".

However, I got Very irritated seeing Anon136's response, it seemed like he only wanted the coin to do "illegal" things, that shouldn't be in the public eye. I believe in privacy centric coins, simply because we need them. In an ever growing, transparent world, were the government(NSA etc), are spying on every civilian in America, and in many parts around the world, we need things that would remind us that we are in control over our lives and our selves.



"than ill just take my capital elsewhere", Hehe I may seem like a immature noob, but I also contemplate investing a sizable amount in Cryptonote coins, well over 300k, much contemplation, little time.

What would "ruin it" is a coin that attempts to do it all. Monero is a coin for private transactions. If you want to make a "non-private" transaction, use bitcoin (or fiat, for that matter).

What stops governments from forcing businesses to require Pay IDs when accepting monero? What stops governments from forcing exchanges to use Pay IDs when users withdraw monero? Once anonymity can be circumvented, regulators will find a way to make it always so.

If we want anonymity to be protected, then every transaction on the block chain must be private.

You know what. The beauty of it is that we dont have to agree. If the devs of this project sacrifice the anonymity of users who need anonymity just so that it can have the flexability to do the things that we already have other cryptos for, than ill just take my capital elsewhere . We can both get what we want. Though i would posit that if you are willing to sacrafice the anonymity of everyone so that this network can be used like bitcoin, why not just go use bitcoin, it already isnt anonymous and it already works like bitcoin.

hear hear. this is not going to far. we dont need to fill the market niche of more transparent coins like bitcoin. we dont need to allow people the option to do things transparently. if they want that than they can go to bitcoin. we should be focusing on MAXIMUM anonymity and we should recognize that this will necissarily make transactions more expensive on our network than on bitcoin. but thats ok! this network isnt for average joe to buy his popcorn and dish soap. this is for people who need protection and are willing to pay for it. if you want to buy popcorn and hand soap, use bitcoin. anything that one user can do that might harm the anonymity of another user MUST be stopped.