Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1956. (Read 4670562 times)
As far as your IP given away, who cares? All anyone can tell is that you used MRO and sent some amount somewhere and thats all right?
I am starting to see higher lows and higher highs on a 15 min chart, so I am starting to feel vindicated in the claim that 0.0026 was the bottom. I expected a faster recovery to .005, which was wrong, but I am happy to wait for it in this, more sustainable, regime.
I love your market analysis. Please keep it coming.
On the issue of bloat, there is a very simple way to reduce it. Just use a mixin count of 1 (mixing two outputs). This still gives deniability although it does not give great tracing resistance. But to get back tracing resistance, do multiple transactions in sequence. If you do 7 transactions each with 2-way mixing, you have tracing resistance of 128 with bloat of only 13x. In practice there is per-transaction overhead not just per signature so maybe something like 3 or 4 is better than two. But you certainly never need to use very high mixin counts. Eventually wallets can be made to do this automatically.
Question 1: Can it be set with something like a slide-bar, on demand, per transaction? Like I want to launder it 5 times or 2 times.
Sure. Currently the wallet asks for a mixin count, but it can also ask for a sequential mix count. The tradeoff here is that the wallet will need to remain active to send the sequence over time and there needs to be enough of a volume of transactions on the network in which to hide your sequence. With enormous volume on the network it might be acceptable to blast out the entire chain at once, but that won't be for a very long time. If you just blast out the sequence in an otherwise low-volume network, it is obvious what you did and the true input must come from one of the two inputs of the first in the chain.
This ends up being something in between coinjoin and a static mixin in terms of tradoffs, though I think with a somewhat less extreme example than 2x10 (say mixin of 5 done 2-3 times) the exposure to blockchain tracing is pretty small.
Quote
Question 2: Can an evil entity attack the blockchain by artificially bloating it with tons of bogus transactions? What would be the estimated cost of the attacker in order to make the blockchain unusable?
This is why there need to be transaction fees set at close to the actual cost of handling transactions, ideally using a market-based mechanism since central planning on what transcation costs "should be" will likely fail. There is such a mechanism in the cryptonote paper but it is currently not fully implemented and not at all tested (that we know -- it is possible that cryptonote did sims).
The devils only fight when they are able to see the angels advance.
Absolutly love this. I took your advice the first time you posted about prices and I do not regret it in the least. Thank you much for you input
I am starting to see higher lows and higher highs on a 15 min chart, so I am starting to feel vindicated in the claim that 0.0026 was the bottom. I expected a faster recovery to .005, which was wrong, but I am happy to wait for it in this, more sustainable, regime.
As I become more familiar with the tech and the dev team, my confidence in the likelihood that this coin will attain leadership in its market has increased continuously. I'm unlikely to increase my stake very much, but happy to stay in once I get to 8:1 BTC:MRO, and looking forward to seeing facts on the ground which justify a more closely balanced allocation.
The number of trolls may be annoying, but it is also a kind of validation. The devils only fight when they are able to see the angels advance. Calm, confident, and factually sound will win the PR marathon.
As I become more familiar with the tech and the dev team, my confidence in the likelihood that this coin will attain leadership in its market has increased continuously. I'm unlikely to increase my stake very much, but happy to stay in once I get to 8:1 BTC:MRO, and looking forward to seeing facts on the ground which justify a more closely balanced allocation.
The number of trolls may be annoying, but it is also a kind of validation. The devils only fight when they are able to see the angels advance. Calm, confident, and factually sound will win the PR marathon.
On the issue of bloat, there is a very simple way to reduce it. Just use a mixin count of 1 (mixing two outputs). This still gives deniability although it does not give great tracing resistance. But to get back tracing resistance, do multiple transactions in sequence. If you do 7 transactions each with 2-way mixing, you have tracing resistance of 128 with bloat of only 13x. In practice there is per-transaction overhead not just per signature so maybe something like 3 or 4 is better than two. But you certainly never need to use very high mixin counts. Eventually wallets can be made to do this automatically.
Question 1: Can it be set with something like a slide-bar, on demand, per transaction? Like I want to launder it 5 times or 2 times.
Question 2: Can an evil entity attack the blockchain by artificially bloating it with tons of bogus transactions? What would be the estimated cost of the attacker in order to make the blockchain unusable?
Yes, but if the protocol is giving you away if you don't use IP obfuscation, then how is that anonymous in itself?
Anonymous is an ambiguous term, it means different things to different people, in different contexts
Look back at the first post on this thread. Monero (really Cryptonote, on which it is based) does not promise anonymity. It promises things like "blockchain analysis resistance." The Monero team in particular is not promising "anonymity" to anyone. We are saying that this technology protects your privacy much better than alternatives such as bitcoin, which it most certainly does.
Used carefully (which includes care about revealing your IP address), it can probably maintain anonymity, but no one is promising that. Who knows what back doors there might be in any encryption algorithm, your computer's chips, etc. IF you go far enough down the rabbit hole, you can't promise -- nor be confident about -- anything.
So let's keep the straw men to a minimum and focus the conversation on what MRO does, is trying to do, and might do in the future.
Anyone have a mining guide on these?
Have you forgotten that he critics Darkcoin even more ?
Dude, even though you seem to be on the MRO side of this debate, your post has nothing to do with MRO.
Please take it elsewhere.
If we have to we will switch to a self-moderated thread but I'd rather not do that.
He bases this on 2 things:
1. He wants built-in IP obfuscation. You could also argue that it's an independent function that's already available with other software. In any case, I think CN-based coins will eventually have I2P once a dev gets around to it. It makes sense to make it easier (for the less technically-capable user), but this is not a systemic limitation and it doesn't have anything to do with CN v. Zero v. CoinJoin.
He also wants something better than Tor or I2P. I asked him what, and he said what he envisioned that exist yet.
AnonyMint is an idealist who will find fault in everything (not that there's anything wrong with that). You should maybe see his other post where he compared the practical aspects of the various anonymity systems and said CN probably has the best trade-off choices. gmaxwell said the same.
1. He wants built-in IP obfuscation. You could also argue that it's an independent function that's already available with other software. In any case, I think CN-based coins will eventually have I2P once a dev gets around to it. It makes sense to make it easier (for the less technically-capable user), but this is not a systemic limitation and it doesn't have anything to do with CN v. Zero v. CoinJoin.
He also wants something better than Tor or I2P. I asked him what, and he said what he envisioned that exist yet.
AnonyMint is an idealist who will find fault in everything (not that there's anything wrong with that). You should maybe see his other post where he compared the practical aspects of the various anonymity systems and said CN probably has the best trade-off choices. gmaxwell said the same.Yes, but if the protocol is giving you away if you don't use IP obfuscation, then how is that anonymous in itself?
That's why I'd not use "true anonymity", "pretend anonymity" etc so easily.
Quote
2. He misunderstood the implementation of ring signatures. Outputs are broken down so matching pairs can always be found and rendered indistinguishable. He initially thought that they weren't, which would require exact matching of totals. Hence the comment that the opportunity to use ring signatures is rare. You can actually always use them with the way BCN implemented it. (It's actually CoinJoin that has this very problem, because it requires concurrent participants.)
Ok, so in your understanding, has Anonymint been in error of judgement and that BCN offers True Anonyminity[TM] as it is right now, with no mods?
On the issue of bloat, there is a very simple way to reduce it. Just use a mixin count of 1 (mixing two outputs). This still gives deniability although it does not give great tracing resistance. But to get back tracing resistance, do multiple transactions in sequence. If you do 7 transactions each with 2-way mixing, you have tracing resistance of 128 with bloat of only 13x. In practice there is per-transaction overhead not just per signature so maybe something like 3 or 4 is better than two. But you certainly never need to use very high mixin counts. Eventually wallets can be made to do this automatically.
On pruning there are definitely solutions. An really obvious one with some equally obvious tradeoffs is to drop everything more than a year old. It means if you want to keep your coins you have to move them once a year (or use a service provider to do it), and that you don't want to choose mixins from very old transactions. I think there are other solutions as well.
On pruning there are definitely solutions. An really obvious one with some equally obvious tradeoffs is to drop everything more than a year old. It means if you want to keep your coins you have to move them once a year (or use a service provider to do it), and that you don't want to choose mixins from very old transactions. I think there are other solutions as well.
Ok, I'm clueless.
Question: Is Anonymint clueless? Is he blind that he does not see "actual anonymity"? When he says that most of the anonymity will come from IP obfuscation, is that a vote of confidence for the protocol itself?
AnonyMint was not fully understanding Crytonote in that quote. And he was referring to another issue of privacy which is hiding IP address, not the point you are using to bash Cryptonote.
I don't know why Darkcoin fan boys seems to worship AnonyMint so much, they refer to him everytime they're bashing other competitors.
Have you forgotten that he critics Darkcoin even more ?
https://bitcointalksearch.org/topic/m.5458409
https://bitcointalksearch.org/topic/m.5465510
I already answered that and you can use tor and i2p just fine with monero already.
You seem to have no clue about IT in general if you aren't able to route Monero through tor via tsocks or use a VM system like Whonix which has a decided TOR Gateway VM.
google: proxifier, tsocks, whonix etc...
Crypto Zoidberg is correct...
AlexGR, it would be nice if u stay in your DRK thread, we all know you are a big bagholder there and we don't care about it, this is about Monero and nothing else.
The quantum computer nonsense is also already answered.
You seem to have no clue about IT in general if you aren't able to route Monero through tor via tsocks or use a VM system like Whonix which has a decided TOR Gateway VM.
google: proxifier, tsocks, whonix etc...
Crypto Zoidberg is correct...
AlexGR, it would be nice if u stay in your DRK thread, we all know you are a big bagholder there and we don't care about it, this is about Monero and nothing else.
The quantum computer nonsense is also already answered.
I recommend to DRK holders that they partially diversify to put an end to this obvious insecurity. Diversification is smart financially, too.
If sync time is your argument against actual anonymity rather than pretend anonymity, that's rather unconvincing.
Ok, I'm clueless.
Question: Is Anonymint clueless? Is he blind that he does not see "actual anonymity"? When he says that most of the anonymity will come from IP obfuscation, is that a vote of confidence for the protocol itself?
He bases this on 2 things:
1. He wants built-in IP obfuscation. You could also argue that it's an independent function that's already available with other software. In any case, I think CN-based coins will eventually have I2P once a dev gets around to it. It makes sense to make it easier (for the less technically-capable user), but this is not a systemic limitation and it doesn't have anything to do with CN v. Zero v. CoinJoin.
He also wants something better than Tor or I2P. I asked him what, and he said what he envisioned doesn't exist yet.
AnonyMint is an idealist who will find fault in everything (not that there's anything wrong with that). You should maybe see his other post where he compared the practical aspects of the various anonymity systems and said CN probably has the best trade-off choices. gmaxwell said the same. I'm paraphrasing - neither of them are necessarily pro-CN.2. He misunderstood the implementation of ring signatures. Outputs are broken down so matching pairs can always be found and rendered indistinguishable. He initially thought that they weren't, which would require exact matching of totals. Hence the comment that the opportunity to use ring signatures is rare. You can actually always use them with the way BCN implemented it. (It's actually CoinJoin that has this very problem, because it requires concurrent participants.)
pump starting
Buy and sell your MRO at https://cryptonote.exchange.to
Don't use Poloniex. Had several withdrawal issues, site constantly fails to load...
Don't use Poloniex. Had several withdrawal issues, site constantly fails to load...
I've had some withdrawal issues with cryptonote coins as well. They seem to be working out the bugs and their support has been helpful. So far no funds have been lost. So I would say be cautious but would not make a blanket statement to avoid the exchange. This is my personal opinion.
I already answered that and you can use tor and i2p just fine with monero already.
You seem to have no clue about IT in general if you aren't able to route Monero through tor via tsocks or use a VM system like Whonix which has a decided TOR Gateway VM.
google: proxifier, tsocks, whonix etc...
Crypto Zoidberg is correct...
AlexGR, it would be nice if u stay in your DRK thread, we all know you are a big bagholder there and we don't care about it, this is about Monero and nothing else.
The quantum computer nonsense is also already answered.
You seem to have no clue about IT in general if you aren't able to route Monero through tor via tsocks or use a VM system like Whonix which has a decided TOR Gateway VM.
google: proxifier, tsocks, whonix etc...
Crypto Zoidberg is correct...
AlexGR, it would be nice if u stay in your DRK thread, we all know you are a big bagholder there and we don't care about it, this is about Monero and nothing else.
The quantum computer nonsense is also already answered.
Very nice post sir.
How did you gain this deep knowledge of the protocols? If you are a coin dev if it would be great to have you on board this project.
How did you gain this deep knowledge of the protocols? If you are a coin dev if it would be great to have you on board this project.
That's why eizh is on the core team:)
here is crypto-zoigberg response to annonymints concerns: maybe somone with knowledge can compare and discuss
CryptoNote's one-time ring signature as a way of obfuscating who is the payer (the spender), is optional and can only be used when there are other payees who have matching input amounts. In other words, it can't do any obfuscation for you on spending unless there are other coins that have the same balance as yours.
[/quote]
That's why coinbase and wallet by default split outs into standart amounts, and when you need to send money to someone anonymously you almost always have some outs for mixin, you can learn this in Bytecoin blockchain, just check blockchain index.
That very infrequent opportunity for use is coupled with constant use of elliptical curve cryptography which is known to be broken under quantum computing, as well is suspect to broken by the NSA[1] or could be broken since it is number theoretic public key cryptography.
Quantum computer is like Schrödinger's cat - it is both real and unreal. 
The worst that can happend in case that quantum computer will become a real is hard fork.
And the use of one-time ring signatures mucks up the pruning of the block chain of spent addresses. There is a tweak to improve this over the current CryptoNote (one of the tweaks I alluded to upthread).
For this reason in Boolberry we chaged tx identification from whole blob hash to tx_prefix hash, and when blockchain entry will be covered by checkpoin the ring signatures could be cutoff.Bottom line is most of your anonymity will come from obfuscating your IP address with something more reliable than Tor and I2P, not from the block chain mixing of CryptoNote or Zerocash/coin, i.e. if your IP is correlated to your identity, then the one-time ring signature doesn't obscure your identity when you spend.
I disagree with you here. Crypto-currency, particularly Boolberry/CryptoNote, is a set of rules which is obligatory for all. First of all it is a currency_core that doesn't even know about network protocols or ip addresses.
It's just guarantees compliance with currency rules.
You (or anonymint) actually talks here about the way of delivering transactions to crypto currency net. But even if we don't provide a way to anonymize your ip now, just act via third party anonymizer if you prefer.
The case where the one-time ring signature is really useful is a transaction with multiple inputs wherein the spender is merging his coins, thus enabling tracing of those coins to the same entity (the current spender). And it is very unfortunate the one-time ring signature is optional in this case, because it is the identity of the upchain spenders who suffer from this action by the current spender, thus the motivation is not there.
If i understand you right, we solved this problem by adding attribute to each out, that can force spender to use this out only with ring singature.So we can see as it is currently structured, CryptoNote doesn't really support anonymity much.
Sorry to blow holes in your enthusiasm. Reality sucks if you haven't taken the time to do some serious work before launching.
Note that the use of a separate payee address for each transaction is a very useful strategy. This is a positive aspect of CryptoNote that adds anonymity, but again it is not so effective without reliable IP obfuscation, as the payee will reveal himself on spending.
Sorry to blow holes in your enthusiasm. Reality sucks if you haven't taken the time to do some serious work before launching.
Note that the use of a separate payee address for each transaction is a very useful strategy. This is a positive aspect of CryptoNote that adds anonymity, but again it is not so effective without reliable IP obfuscation, as the payee will reveal himself on spending.
Thanks for this post, you didn't blew holes in our enthusiasm. We still belive that this is most interesting technology in crypto-currencies field.
[/quote]
[/quote]
If sync time is your argument against actual anonymity rather than pretend anonymity, that's rather unconvincing.
Ok, I'm clueless.
Question: Is Anonymint clueless? Is he blind that he does not see "actual anonymity"? When he says that most of the anonymity will come from IP obfuscation, is that a vote of confidence for the protocol itself?
CryptoNote / Monero et al
CryptoNote's one-time ring signature as a way of obfuscating who is the payer (the spender), is optional and can only be used when there are other payees who have matching input amounts. In other words, it can't do any obfuscation for you on spending unless there are other coins that have the same balance as yours.
That very infrequent opportunity for use is coupled with constant use of elliptical curve cryptography which is known to be broken under quantum computing, as well is suspect to broken by the NSA[1] or could be broken since it is number theoretic public key cryptography.
And the use of one-time ring signatures mucks up the pruning of the block chain of spent addresses. There is a tweak to improve this over the current CryptoNote (one of the tweaks I alluded to upthread).
Bottom line is most of your anonymity will come from obfuscating your IP address with something more reliable than Tor and I2P, not from the block chain mixing of CryptoNote or Zerocash/coin, i.e. if your IP is correlated to your identity, then the one-time ring signature doesn't obscure your identity when you spend.
The case where the one-time ring signature is really useful is a transaction with multiple inputs wherein the spender is merging his coins, thus enabling tracing of those coins to the same entity (the current spender). And it is very unfortunate the one-time ring signature is optional in this case, because it is the identity of the upchain spenders who suffer from this action by the current spender, thus the motivation is not there.
So we can see as it is currently structured, CryptoNote doesn't really support anonymity much.
Sorry to blow holes in your enthusiasm. Reality sucks if you haven't taken the time to do some serious work before launching.
Note that the use of a separate payee address for each transaction is a very useful strategy. This is a positive aspect of CryptoNote that adds anonymity, but again it is not so effective without reliable IP obfuscation, as the payee will reveal himself on spending.
CryptoNote's one-time ring signature as a way of obfuscating who is the payer (the spender), is optional and can only be used when there are other payees who have matching input amounts. In other words, it can't do any obfuscation for you on spending unless there are other coins that have the same balance as yours.
That very infrequent opportunity for use is coupled with constant use of elliptical curve cryptography which is known to be broken under quantum computing, as well is suspect to broken by the NSA[1] or could be broken since it is number theoretic public key cryptography.
And the use of one-time ring signatures mucks up the pruning of the block chain of spent addresses. There is a tweak to improve this over the current CryptoNote (one of the tweaks I alluded to upthread).
Bottom line is most of your anonymity will come from obfuscating your IP address with something more reliable than Tor and I2P, not from the block chain mixing of CryptoNote or Zerocash/coin, i.e. if your IP is correlated to your identity, then the one-time ring signature doesn't obscure your identity when you spend.
The case where the one-time ring signature is really useful is a transaction with multiple inputs wherein the spender is merging his coins, thus enabling tracing of those coins to the same entity (the current spender). And it is very unfortunate the one-time ring signature is optional in this case, because it is the identity of the upchain spenders who suffer from this action by the current spender, thus the motivation is not there.
So we can see as it is currently structured, CryptoNote doesn't really support anonymity much.
Sorry to blow holes in your enthusiasm. Reality sucks if you haven't taken the time to do some serious work before launching.
Note that the use of a separate payee address for each transaction is a very useful strategy. This is a positive aspect of CryptoNote that adds anonymity, but again it is not so effective without reliable IP obfuscation, as the payee will reveal himself on spending.
Jump to: