This is by no means a comprehensive analysis. This analysis misses the most major limitation with Monero's decoy based approach to transaction obfuscation: Eve-Alice-Eve attacks (also known as ABA attacks). It also misses an analysis of the possible insecurity of churning and a significant history of randomness implementation errors and flooding attacks specific to Monero. The exact consequences of some of these attacks remain an open question, but worthy of mention.
A simple and surprising limitation of Monero and any other decoy-based approach is that if you repeatedly withdraw money from one exchange and then deposit it to another, those transactions are not private (edit: even if we ignore payment value). This is a form of Eve-Alice-Eve attack.
Monero uses decoy transactions to obscure the transaction history on-chain, but it does not remove the history. There's a reason every other major privacy protocol (Zcash, Tornado Cash, Railgun, Aleo, Penumbra, etc.) does not use Monero's decoy-based approach, and even the Monero developers are moving to the standard zero-knowledge proof over an accumulator (IIRC a merkle tree like everyone else) based approach that they call Full Chain Anonymity Proofs.
As a meta-comment, this is one of a genre of Monero "privacy" analysis documents that are circulated as a way to claim there are no known actively used exploits. This is little better than the classic "my scheme is secure; here's a bounty for anyone who breaks it" form of cryptographic analysis we often see with flawed encryption schemes. Breaks will not always be public.
mike_d · 12h ago
I will word this carefully since I previously worked on crypto de-anonymization attacks, but nothing in this "analysis" seems to be grounded in more than the blockchain developers echo chamber of self congratulation.
Amusingly, assume the CIA has figured out a clever trick for opening up Acme Secure Envelopes in transit. If they publish a report detailing at length how amazing and tamper proof Acme products are, the world would take note and sales would plummet overnight. If, however, you publish the same report on a blog about how to mail documents securely...
Calwestjobs · 6h ago
Your point is correct, you sound like salty CIA spreading FUD because it is job of NSA to provide them with solution which did not came. :) So you are saying that ZKSnarks are CIA approved ? XD
duke_leto · 9h ago
100% agree that this is not a comprehensive analysis.
For instance, recently a core Monero dev published something called OSPEAD which is a proposed fix to the "Map Decoder Attack" which he also publicly disclosed at the same time : https://github.com/Rucknium/OSPEAD
The TLDR is that Monero has about 75% less privacy than anybody thought, and this attack is still "live" in production.
It requires a mandatory upgrade by every node on the network to fix and as far as I know, no fix has been decided upon yet. The attack can be combined with other attacks to completely de-anonymize transactions.
I recently wrote about the bug and my proposed mitigation that users can do to regain privacy here: https://duke.hush.is/memos/6/ . AMA, if you desire.
This attack (and mitigation) is not getting the attention it deserves, partially because it is technical and hard to explain and partially because it does not serve the interests of content marketers and Monero influencers.
Monero is indeed moving to ZK proofs because they are mathematically superior in every way. At a very high level, they are moving towards being more like Zcash but they are not using Zcash ZK machinery, they are rolling their own. They are called "Full Chain Membership Proofs" or FCMPs. You can read the paper about those here: https://github.com/kayabaNerve/fcmp-plus-plus-paper/blob/dev...
As another example, recently an anonymous researcher published http://maldomapyy5d5wn7l36mkragw3nk2fgab6tycbjlpsruch7kdninh... (you will need Tor Browser to access that) which explains how the Monero network is being spied on by malicious nodes, with the end result being that transaction id's can be linked to IP addresses.
There are various other examples of de-anonymization attacks on Monero but OSPEAD and network spying (which can be combined) are some of the worst, because they are very inexpensive and effective.
No comments yet
yieldcrv · 21h ago
Correct, I don't find these to be limitations for any user of Monero, its just a way not to use it.
> repeatedly withdraw money from one exchange and then deposit it to another
right, don't do that. Withdraw to your wallet. Wait several days. Transfer elsewhere in different denominations.
Problem solved for everything you wrote, and its been nearly the same for the entire lifespan of Monero, 11 years now.
> Breaks will not always be public.
There are court cases that give the confidence necessary. It is also something to stay abreast of. Always just ask yourself who the transaction is intended to be hidden from.
beeflet · 18h ago
>right, don't do that. Withdraw to your wallet. Wait several days. Transfer elsewhere in different denominations.
Unfortunately, it doesn't work like that. The EAE attacks only require that the end destination is colluding with the start destination.
Like everything with decoys, privacy is stochastic. So I wouldn't go around making absolute claims about the privacy as many proponents of monero like to do. The developers advise against making these sorts of claims. Monero makes privacy a lot easier, but it's not perfect.
>There are court cases that give the confidence necessary. It is also something to stay abreast of. Always just ask yourself who the transaction is intended to be hidden from.
In the free world, we have the concept of innocent-until-proven-guilty and evidence-beyond-a-reasonable-doubt. Decoy-based approaches give you plausible deniability, but this often isn't enough for more domains where a lower standard of proof is needed.
Fortunately, all this and more will be fixed in FCMP++ upgrade.
yieldcrv · 15h ago
Thats good FCMP++ will fix it
Right now it seems Eve just needs to do a dust attack and addresses she’s seen before
And wallets like Featherwallet just need to segregate dust from the pool of outputs, and that kind of attack is totally thwarted
Fortunately Eve doesnt know if an address is part of the same wallet and Featherwallet hides the ability to reuse addresses, although users are lazy and may rely on old addresses being accepted destinations for anyone sending them funds. It would be great if wallets notified of dust, or asked you to recognize transactions in.
bcoates · 13h ago
"right, don't do that."
As a non-user of Monero, how do I find out what the security properties are and what information is leaked when various actions are taken? The OP's analysis is deeply lacking in this and the apparent rule against repeated transactions is non-obvious
yieldcrv · 12h ago
At this point I’m not sure
there would be the monero subreddit where you could ask these questions
LLMs would be trained on them by now
Books like Mastering Monero exist, and will become obsolete if the proposed upgrades go through
Annual DNM OPSEC GUIDE will likely cover it (darknet market operational security guide)
Calwestjobs · 5h ago
"There are court cases that give the confidence necessary. " NO!
many times police will made up "plausible way" how they uncovered something, but this "plausible way" was constructed after the "secret" or illegal way was employed to do it.
rephrase : police will do illegal thing to obtain info where you stash your drugs. for example installing NGO Pegasus to your phone, gps tracker under car... so they already have that info. then they call anonymously 911 saying there is smell of gas on street. (maybe they even spray some of mercaptan to make it even more plausible) firefighters, etc will come investigate gas leak and police will say that they uncovered drug stash in investigation of gas leak... illegal way to obtain info, then brainstorming how to make that data available "lawfully". they will not tell in front of judge/court about first part... so no your assumption is not correct.
in computer world it is million time easier.
99% of youtube videos about criminals failing at operational security is intentionally bad information.
IF you are believed to be criminal / "bad person" police(men) will justify doing almost anything, because you are bad person IN THEIR EYES.
also they are trained to and expected to disinform :
For example, Ross Ulbricht. every news paper said that "closing his laptop lid will lock his computer and police will be unable to decrypt it" they pushed it and said it so many times that researchers jumped on LUKS and in 1.5 years there was almost complete rewrite of LUKS.... (not even talking about constant TOR effort)
Whole not closing his notebook also proves that they obtain data legally. It does not say they did not have that data already.
One info can mean multiple things to multitude of people.
FabHK · 22h ago
Fun fact: After some $330m of BTC were stolen last month, Monero spiked 40%+, presumably because the proceeds of that theft were laundered.
Wouldn't the interface between BTC and Monero be the weak point? Where do they make that swap reliably?
ofjcihen · 19h ago
I wonder how common this kind of swapping is. Its an interesting financial vehicle when a valid and legal investment strategy is to try to time the laundering of different assets.
multjoy · 19h ago
It's massively common. USDT is the usual coin of choice because even though the ledger is public, the convenience and relative stability massively outweighs the security risks. In the jobs I've seen, the marks will be 'investing' in BTC but the criminals will be moving those funds out into USDT the moment it hits the bandit wallet.
hoppp · 18h ago
USDT can be frozen so its not the best choice. Its definitely a failure of the Tether team if criminals can openly use it to launder funds without it getting frozen, but they are famously anti regulation.
stephen_g · 11h ago
From what I've heard about Tether (allegedly printing tethers backed by loans to insiders, or backed by very risky commercial paper, or even potentially billions of USDT backed by nothing), I think being useful for money laundering is the least of anyone's worries...
cempaka · 12h ago
The usefulness in money laundering is a feature not a bug, and is why Tether is permitted to continue operating.
No comments yet
yieldcrv · 21h ago
> presumably because the proceeds of that theft were laundered
this phrase highlights some really common but unnecessary misunderstandings
1) the proceeds swapped to Monero. there is nothing "presumably" about that because we can see they were swapped to Monero. It isn't a correlation, the instant exchanges show and retain records that they were swapped to Monero.
2) they are unlinking the origin and destination of illicitly obtained funds, so that is laundering BUT
3) its equally as likely that Monero is the destination. there is no further swapping out to hide. no further laundering to complete. Monero can be used to purchase goods, services, and invest with as well. I think this is as misunderstood as people actually wanting to hold bitcoin was 10 years ago.
4) Monero is an old coin, from one of the first crypto cycles, one thing that's held people back from using it and other mixers is the liquidity. If a large hack of funds used any one of them, then most of the funds coming out would be probabilistically part of the hack and illicit. But if MANY of the hacks used it and other licit sources, this would improve the liquidity for everyone and other hacks. Liquidity begets liquidity. It was only a matter of time before someone started it.
IceHegel · 23h ago
All I know is that if the government is trying to ban it, the tech probably works.
DJHenry56 · 23h ago
I agree, that's the biggest proof so far.
Retric · 16h ago
Alternatively, because they’re talking about banning it without actually banning it, it must be compromised.
No comments yet
TarikHassan3 · 23h ago
Great article, and I'm glad to see privacy being a focus in a cryptocurrency, but I would like to see some other sources that aren't also promoting the token.
That said, I do think it's got the brightest future of any coin besides BTC for the very reason.
candiddevmike · 22h ago
Preface this by saying I am not a fan of any cryptocurrency, but I really struggle to understand why Monero has a smaller market cap than BTC. It has to be inertia related right? Monero just seems like a fundamentally better piece of technology.
Are there scaling issues with Monero, similar/worse than BTC?
tromp · 21h ago
Yes, it scales much worse:
* node resources scale with the size of the UTXO set (unspent outputs), which in Monero's case balloons to the entire TXO set (all outputs, orders of magnitude larger)
* a typical 2-input 2-output transaction is 4 times larger
* wallets have to track all outputs to choose random decoys for transaction inputs
One can argue that this is the price to pay for significantly better privacy, but the largest benefits come from having no visible amounts or addresses, which can be achieved with significantly better scalability than BTC [1].
>but the largest benefits come from having no visible amounts or addresses
MWEB is certainly an improvement over transparent transactions (and other methods such as coinjoin, coinswap, cashfusion, etc.), and I welcome the litecoin upgrade. I agree that decoy-based privacy is weak.
However, I don't believe that the mimblewimble meets the standard of privacy needed for most users. It's not the visible amounts and addresses, but the links between transactions that are the main problem. CTs on their own are just a "nice-to-have".
The end goal should be a zcash or firo style of privacy. I think you can scale that to a global network with an adjustable block size, payment channels, and atomic swaps between multiple cryptocurrencies. The problem is that zcash and firo have weak tokenomics compared to monero. Grin will have a hard time finding an initial niche that isn't currently satisfied by monero, and if it does take off, its changes could be merged into bitcoin (https://www.truthcoin.info/blog/imex/).
proxynoproxy · 19h ago
Don’t forget that opaque blockchains can have invisible inflation. Transparent blockchains will always be worth more, as the user can verify that inflation has not occurred.
This applies to grin as much as xmr.
tromp · 17h ago
Indeed that is one downside of hiding amounts, as shown in row "Fully auditable supply" in [1]. Finding out just one discrete log (log_G(H)) can collapse the whole system with undetectable inflation.
In opaque blockchains, the mechanism that prevents inflation is the same mechanism that prevents double-spending. The user can verify that inflation has not occurred by running a monero node.
Everything considered, I don't think that the risk of a monero inflation bug is greater than a bitcoin inflation bug when you consider the complexity associated with scripting.
Tari uses Mimblewimble (privacy coin developed by previous Monero devs with a focus on privacy), so we're not far from being able to benefit from it.
PokedBear · 21h ago
It doesn't need a lot of speculative value in order to be useful. It just needs enough value to make the transactions meaningful. And that means people are a lot less likely to drive up the price via speculation.
sfjailbird · 21h ago
Isn't BTC privacy achievable these days with coinjoin, lightning network etc.? In that case no much reason for monero.
tsimionescu · 21h ago
It still seems fantastical to me that lightning network is presented as "something running on BTC", when it is "something running completely separately, instead of BTC". Transactions on Lightning network are not transactions on BTC, and have none of the guarantees of BTC (and in fact have no reliable guarantees of no double spending).
The only way to get BTC-like guarantees of no double-spending for Lightning network transactions is to put every transaction on the BTC block chain ("close the channel" after every transaction). And then, of course, you get back all of the problems of BTC (minuscule TPS not enough for a small village, 0 privacy, huge energy costs).
swores · 20h ago
If what tsimionescu says about Lightning is wrong, can somebody kindly reply to them explaining why rather than just downvoting which doesn't help anyone. (Maybe there's a reason they were downvoted that isn't their being wrong, but I don't see what that would be.)
(And sorry for going against the guidelines and talking about downvotes, but I'm really just asking for someone to either confirm what they said is right or explain why it isn't, I'm not caring about the votes themselves.)
As that post makes clear at the end, if you don't monitor the BTC block chain actively (with an app or by paying a third party you trust to hopefully do it for you), you can be cheated out of your BTC with Lightning.
8note · 12h ago
not a downvoter, but a criticism is yhat BTC doesnt actually offer defenses agaisnt double spend, at least when you use it to buy something.
if the chain swaps a month from now and drops my bbq purchase, the bbq shop isnt getting their bbq back, even though i get my BTC back on the new chain. the ethereum fork for ethereum classic also doubled everyone's wallets, which i'd consider to be a double spend
The double spend protection is quite limited, so whats the big loss from lightning?
tsimionescu · 8h ago
First, if people didn't believe that BTC protects from double spend, then it would not be used by anybody. Secondly, the whole point of the proof of work scheme is that it's impossible, or at least extraordinarily costly, for anyone to outrun the main chain enough to publish a new block that replaces blocks from a week ago. It's in fact considered impossible for blocks from an hour or so ago.
So, assuming the BBQ supplier waited about an hour for confirmation, the chance that the money would be lost is minuscule with BTC transactions. With Lightning transactions, the same is not true at all - the customer could close their channel abruptly two months later when the BBQ joint is on vacation, and the money would suddenly vanish forever (assuming they don't catch the fraud in the time window before it becomes permanent).
Of course, in both cases, if you're the person who sent the money and the BBQ never arrived, you're out of luck entirely. Which is why the claim that BTC or Lightning enable trustless monetary transactions is mostly bogus, even with a no-double-spend guarantee. And waiting one hour for a payment to a BBQ joint to clear is basically unworkable (and the reality is more like two hours - one hour for the transaction to make it to be mined, and the other hour to confirm the block where it was included remains permanent).
protocolture · 16h ago
>It has to be inertia related right?
Consider that a lot of Bitcoin is assumed to be locked up.
If an old satoshi wallet started moving funds, the price would probably halve.
lawn · 19h ago
> Are there scaling issues with Monero, similar/worse than BTC?
While there are scaling issues with BTC it's severely worsened by the fact that BTC had refused to scale on-chain.
Monero is technically much harder to scale but since it doesn't have the same self-imposed restriction it can handle more transactions than Bitcoin can.
im3w1l · 21h ago
One important factor is that Monero are printed at a constant rate, unlike BTC that are printed at an exponentially slowing rate.
A constant rate of printing means the supply is uncapped but the inflation rate will approach zero.
Monero's choice is arguably better for actual use as a currency, as the printing will prevent deflation from lost coins. But it makes it less attractive as an investment.
wkat4242 · 4h ago
> But it makes it less attractive as an investment.
For me that's a feature not a bug. The investor cryptobros have thoroughly killed the interest in BTC as a real payment method and made it just a vaporware pyramid scheme. They have accumulated a lot of influence.
Also they corrupted the whole idea behind bitcoin which was independence from the old centralised banking system where others control your money. To guarantee their investments they've rebuilt the whole old system in bitcoin with the exchanges and some regulators even demanding you use them to store your BTC.
No comments yet
short_sells_poo · 21h ago
Mindshare and hype tend to be self reinforcing and create their own gravity. BTC has the largest market share because it has the largest market share. The moment it got derivatives and ETFs listed and traded on major US exchanges (e.g. CME futures), it became the clear winner because if you are a hedge fund and want to get on the crypto bandwagon, it's easily accessible, liquid and doesn't require extra paperwork. So you trade that instead of going on some unregulated exchange where you might end up as a news headline of "Hedge Fund loses money in crypto exchange exit scam".
dboreham · 21h ago
> better piece of technology
Technology quality is uncorrelated with market cap. This would be like saying Frontier Airlines should have a higher market cap than United because one uses Linux and the other is still on mainframes..
ujkhsjkdhf234 · 21h ago
BTC is not about usefulness. The Bitcoin community has abandoned all of the original principles that made them. It is now just about line goes up and make money.
MoneroDotForex · 21h ago
The Monero community is the one that at least tries to emulate to Satoshi's Bitcoin.
stuxnet79 · 22h ago
> That said, I do think it's got the brightest future of any coin besides BTC for the very reason.
Brightest future in terms of what? Traction? Market cap? This is what I thought 7 years ago, and I beefed up my XMR position as a result. Meanwhile, Bitcoin an objectively inferior technology, has 25x since then.
welsandjeremy · 23h ago
The recent ByBit hack and subsequent takedown of the exchange that was used to convert the USDT and BTC to Monero essentially proves that XMR is private from even western governments.
jijijijij · 20h ago
It's evidence at best.
zargon · 22h ago
I can’t find a date on this article. And this is exactly the type of content that needs a date.
MoneroDotForex · 21h ago
Thank you for the input. As the linked news and opinion blog's editor I saw a spike in traffic from this HN thread, and I'm happy to answer any question anyone here may have about it. I have added the date and author's name to this article and will make that the standard.
LegionMammal978 · 22h ago
2024-12-23 through 2024-12-30, if the HTML metadata is to be believed. It's always a pain when article-oriented websites try to hide this sort of thing.
madars · 21h ago
This reads like standard AI slop. A giveaway is structured Attempt/Methodology/Efficacy pattern repeated all the way through the article, while top level categories are overlapping. (ZeroGPT: "Your Text is Likely generated by AI/GPT".)
password4321 · 20h ago
What is the least amount of effort to setup a Monero address like a tip jar, deferring transfers and if necessary even checking the balance until setting up something more full-blown later?
Once you create a wallet and write down the seed phrase, generate a "view key".
Creating a new wallet from this "view key" allows you to see incoming transactions to your addresses, but not spend them. So you don't need as much security for "view-only" wallets.
You can generate an address from either wallet. It's a long string of numbers and letters that begins with an "8", under "Receive".
password4321 · 20h ago
I don't have a link but I vaguely recall some criminal being tracked down because they cashed out the exact same value of Monero they received for their crime in a single transaction. I believe this falls under item 1 in the article but the reference link does not even discuss Monero.
I am interested in any references to tracking Monero in criminal court cases. So far it seems to be one of the most effective ways to "keep getting away with it".
woah · 18h ago
Timing and amount correlation is something that not even the most sophisticated cryptography can stop.
ddtaylor · 21h ago
I was interested to see some AI providers support crypto as their payment. I think we are entering a future where AI regulation puts more people on the darknet.
jijijijij · 19h ago
Very cyberpunk and all, but how are AI regulations driving people to the darknet? You think those highly centralized billion dollar compute operations will secretly offer hidden services so people can ... what? Generate fucked up shit without restrictions? Lol, you could probably do traffic analysis with thermal imaging from a satellite.
ddtaylor · 19h ago
> Generate fucked up shit without restrictions?
No, that already exists and is not relevant IMO. My comment has nothing to do with what kind of content you generate.
The USA in specific has had a similar problem before with encryption being classified as a munition making very problematic to import or export encryption. That's actually pretty well documented in various pieces of Java code from Sun if you're curious, because different algorithms could not be part of the JRE/JDK that was distributed publicly.
Your mention of "highly centralized billion dollar compute operations" is actually related to the training of the models not the inference. Doing inference for many of these models is readily available at modest consumer hardware availability. There are many different ways to break up models (MoE) etc. The notion that you need a large super computer to do inference is unfounded.
Also, as a reminder, cryptocurrency mining has already proven this to be a thing. Some stay above ground, some go to geopolitical areas for shelter and some stay underground entirely.
For your entertainment I will also include a more simplified play-by-play of how this can play out in the near future:
1. OpenAI or some other USA based AI company continues to get outplayed by foreign models (Qwen, Deepseek)
2. Company cries to government
3. Government does a similar munitions or tariff to what we saw with encryption. Requires at the least anyone wanting to use AI gets one from the good boy list etc.
Now you either (a) use only AI from the good boy list and get outplayed in the global marketplace where our main export is global technology or (b) start acting like a Chinese citizen and using a VPN to access AI services not available only on the approved good boy list.
I will stop here because the rest is already very well documented with how this progresses and you get the same result as the darknet marketplaces (DNM). DNS censorship for AI services not on the good boy list. DNS censorship and legal pressure for VPNs that allow non-good-boy-list services, etc.
Why wouldn't someone change a few .com endpoints to .onion and keep it moving while you send some coin to a wallet?
hoppp · 18h ago
There is no point in hosting Ai endpoint on a .onion domain. The point of Tor is privacy so if you want private Ai prompts just run a local model.
The philosophy behind Tor is maximum privacy, the most private way to do AI is locally.
ddtaylor · 16h ago
There is a large market for people who need/use AI inference that have no interest in maintaining any of the infrastructure associated with it.
asdff · 16h ago
I thought Tor was already a honeypot?
jijijijij · 18h ago
Good times, when you were able to restrict information export through airport security... Don't forget Paypal and Wikileaks! Oh my bad, that was Bitcoin talk. That's not a currency anymore, but an asset. Like gold.
> Doing inference for many of these models is readily available at modest consumer hardware availability.
Then why exactly do I need a darknet service for that, instead of running it locally?
> Now you either (a) use only AI from the good boy list and get outplayed in the global marketplace where our main export is global technology or (b) start acting like a Chinese citizen and using a VPN to access AI services not available only on the approved good boy list.
Yeah, businesses are totally gonna buy tons of crypto to pay for outlawed services from China to stay competitive. Instead of running models locally as you suggested above. And of course the government will just fold in face of this crypto enabled libertarian hell.. I mean utopia. Can't beat math, amirite? There will be no more taxes, everyone will be free, armed and get as much fentanyl as they want, and we will just build a Dyson sphere around the sun to power this awesome new financial behemoth. It will be so worth it.
Better invest now!
ddtaylor · 16h ago
> Good times, when you were able to restrict information export through airport security... Don't forget Paypal and Wikileaks! Oh my bad, that was Bitcoin talk. That's not a currency anymore, but an asset. Like gold.
All of that is irrelevant to the context at hand. How good, trade-worthy, or the value of a cryptocurrency is not directly tied to the amount of computation work done to mine the coin. All different combinations exist.
> Then why exactly do I need a darknet service for that, instead of running it locally?
For the same reason most people are completely capable of running a modest PostgreSQL server with Nginx or a few docker containers on their hardware, yet they pay for the service of other people doing it. The same is true for backup, storage, and a plethora of other services they gladly fork over a few dollars for.
It being over the darknet is not a techncial requirement, it's an economic / market requirement.
> Yeah, businesses are totally gonna buy tons of crypto to pay for outlawed services from China to stay competitive
They already gladly look the other way and do shady things to procure data.
> Instead of running models locally as you suggested above.
Weird, when they tried to do that the DNS resolution for the domain name failed. Guess they'll fire up their VPN to start grabbing the model, etc. Maybe just by AICoin and move on?
> And of course the government will just fold in face of this crypto enabled libertarian hell.
For about 15 years you have been able to go into a .onion and grab whatever you what on a DNM. Many have been taken down. You can currently go on a .onion domain and grab whatever you want.
> I mean utopia. Can't beat math, amirite?
They seem able to catch a DNM every once in a while, but there are always a dozen or so viable and active alternatives.
> There will be no more taxes, everyone will be free, armed and get as much fentanyl as they want
I'm fairly certain the United States is getting as much fentanyl as it wants already. You can walk to some place in any city and get it in pill form quickly and cheaply. How much involvement the DNMs have in that right now I don't know. In the past some DNMs have policed that and some provided "quality testing" to verify the lack of presence of fentanyl in other substances.
After this is implemented, it will really strengthen its privacy. It will take a few years of development, iteration and planning. Move slow and... don't break things?
storus · 18h ago
Given EU is going to ban all privacy-preserving cryptocurrencies in 2027, what are the options for EU citizens?
protocolture · 16h ago
Do it anyway
john_alan · 20h ago
I work in applied cryptography and XMR is my preferred cryptocurrency.
woah · 18h ago
Why not Zcash?
RandomBacon · 13h ago
Monero doesn't have a dev tax.
Though Zcash proponents will say the tax is a good thing. The tax is so good, that instead of getting rid of the tax after half of the coins were mined like the developers originally promised, the devs kept the dev tax for all of the mined coins.
linschn · 17h ago
Not the OP, but Zcash's privacy feztures are optional and seldom used in practice, whereas monero is secure by default. It helps with blending in the crowd.
john_alan · 6h ago
right, plus the anonymity set size, plus the original trusted setup (now largely resolved)
yieldcrv · 21h ago
> Conclusion: Monero’s Privacy Remains Resilient
tl;dr every method from the private sector and the state has resulted in nothing, or an upgrade to the Monero network
for anyone interested in using Monero, consider using Feather Wallet. This wallet implements some better best practices than the community's wallet.
Feather Wallet does initial syncing over clearnet for speed, and then connects to TOR and then only connects to other nodes hosted over Onion network. So you aren't even needing to connect to exit nodes.
It also hides the root address which starts with 4, and only shows you subaddresses that starts with 8. I always felt it was important that nobody ever could distinguish between a root address and subaddress.
It ensures you don't re-use addresses, which is an ancient and still relevant best practice that most cryptocurrencies and wallet have avoided for user experience. Feather Wallet makes it easy though.
Timing attacks are still relevant. For anyone aiming to use Monero as merely a conduit, wait 1 week or 2 before moving funds out, and move them out in different denominations than you put in. (In comparison, if you put $50,000 of XMR in, and a couple ours later moved $50,000 of XMR out in one transaction, this could realistically deanonymize you.)
The more people using Monero for benign but equally as private purposes, the more it improves the utility of Monero for everyone.
mrbluecoat · 23h ago
DERO could be an alternative with their full encryption of user balances and transactions
TBaaddi · 22h ago
Monero has been used and proven for over a decade.
No one wants to switch to some unknown tech with an unknown development team.
DaSHacka · 22h ago
The latter is arguably the more important of the two.
I remember a scare some years back around a Monero developer that turned out to be a nothingburger, but it goes to show how important it is that the core development team is trustworthy, or at least sticks to their beliefs and don't capitulate to third-parties (whether public or private in nature).
Monero is the one coin I can confidently say I trust the core developers on, it's had a strong history of making the right decisions where it counts in my opinion (breaking ASICs w/the monero-classic situation, making the official client default to downloading the entire chain, etc)
OsrsNeedsf2P · 22h ago
How much of the Monero development team is actually known? Last I checked some of their core team were anonymous but that might have changed
arccy · 21h ago
known as in have a proven reputation / track record.
MoneroDotForex · 21h ago
Proven but pseudonymous, like Satoshi was.
Adopted and used first by darkweb pot dealers, like Bitcoin was.
Price supressed by government and banking hostility, like Bitcoin was.
beeflet · 18h ago
Dero privacy got busted about a year ago due to developer incompetence
After seeing this and their weak attempts at making a CPU-based PoW, I don't have any confidence in dero or its developers.
stasmo · 23h ago
If the US debt problem leads to capital controls, using Monero will become a federal offence overnight. Might as well call it money-laundering coin.
ChrisfromLees · 23h ago
Do you think that is a likely scenario under this government?
ty6853 · 22h ago
IDK about this particular administration, but the government did place Tornado cash on the sanctions list (now removed). Which does operate differently than monero, but from the view of a bureaucrat I think similar effect.
ujkhsjkdhf234 · 21h ago
Yes. I would bet on it. Certain Democrats don't like Monero because of the criminal activity around it. If the king told Republicans to ban it, they would be able to get enough Dems on board to avoid any filibuster problems.
yieldcrv · 21h ago
> Might as well call it money-laundering coin
The state's concept of money is private and it has just enjoyed help in getting data about electronic ledgers for the last 55 years, by deputizing banks. And for the last 18 it has also enjoyed public ledgers of crypto currencies.
But the successful stigma of financial privacy doesn't invent its right to having data. This is just a privilege, and private money is a reversion to the mean.
im3w1l · 21h ago
I long used to think that private money was a good thing for freedom helping the little guy living under state repression, but I'm recently starting to worry that it will do the opposite, by helping the ultra-rich engage in corrupt schemes.
The rumors that people bought Trump-coin for the sole purpose of currying favor got to me.
hiatus · 11h ago
> but I'm recently starting to worry that it will do the opposite, by helping the ultra-rich engage in corrupt schemes.
The rumors that people bought Trump-coin for the sole purpose of currying favor got to me.
How would government knowing exactly who spends what where help in that scenario?
yieldcrv · 21h ago
None of the transactions systems are aiming to solve for that. The legacy financial system enables this too. Trump coin just happens to be more liquid than expensive dinner seats, campaign donations, and less cumbersome than a Trust. It is not private.
So its fine to feel disillusioned from that goal because it was a misplaced goal.
Monero on the other hand is private by default, and you can disclose transactions. It has optional auditability. This is a power dynamic I can appreciate.
8note · 12h ago
a bigger better thing it does is fund the north korean nuclear program.
easy to steal, liquid to sell, cant be confiscated.
yieldcrv · 5h ago
North Koreans are getting employed by US tech companies and just getting payroll over clearnet to normal banking, and wiring that to the state. They’re not even hacking
Yeah their expropriations in Monero are occurring too, but I can’t levy a separate higher standard when this other thing is happening
NoMoreNicksLeft · 23h ago
Money laundering is that crime where you commit the unforgivable offense of not telling the government how you earned your wages and interfering with their unconstitutional war against drugs, right? The one that makes it so they can confiscate the money out of your pocket if you're walking around with cash?
Given that, "money laundering coin" just sounds like great marketing. I'm already half-sold.
greenavocado · 22h ago
The second capital controls drop, the feds will rebrand privacy as "terrorism" faster than you can say "civil forfeiture."
ty6853 · 22h ago
Lol they already have. Hawaladars are basically synonymous with terrorists now.
ty6853 · 22h ago
No I think money laundering is when you knowingly mix proceeds of crime, obscuring it.
Like if I make drug dealing illegal, then require drug dealer to pay taxes. And then take the tax money, and conceal and intermix it into the form of the value of the 8th street bridge to cross the creek.
NoMoreNicksLeft · 20h ago
>No I think money laundering is when you knowingly mix proceeds of crime, obscuring it.
I can exempt myself from the $10k deposit/withdrawal/structuring rules at the bank by affirming to them that it's not the proceeds of a crime? If a cop decides to take the $300 out of my wallet, I just state "that's not drug money" and he has to give it back then and there?
Keep in mind that I can lose the money without a conviction, trial, or even being charged, so I don't think this has anything to do with it being the proceeds of a crime.
8note · 11h ago
properly, money laundering is:
1. a predicate crime - the illegal thing you did to make money
2. placement - getting that money into the financial system
2. layering - hiding the money in legitimate transactions
3. integration - getting the money out
it sounds like you do have the predicate crime though, in some form of illegal drug dealing, since you mention trying to interfere with the government. if you actually think its unconstitutional, you might consider getting caught, and bringing your case up to the supreme court so that it can be struck for being unconstitutional.
A simple and surprising limitation of Monero and any other decoy-based approach is that if you repeatedly withdraw money from one exchange and then deposit it to another, those transactions are not private (edit: even if we ignore payment value). This is a form of Eve-Alice-Eve attack.
Monero uses decoy transactions to obscure the transaction history on-chain, but it does not remove the history. There's a reason every other major privacy protocol (Zcash, Tornado Cash, Railgun, Aleo, Penumbra, etc.) does not use Monero's decoy-based approach, and even the Monero developers are moving to the standard zero-knowledge proof over an accumulator (IIRC a merkle tree like everyone else) based approach that they call Full Chain Anonymity Proofs.
As a meta-comment, this is one of a genre of Monero "privacy" analysis documents that are circulated as a way to claim there are no known actively used exploits. This is little better than the classic "my scheme is secure; here's a bounty for anyone who breaks it" form of cryptographic analysis we often see with flawed encryption schemes. Breaks will not always be public.
Amusingly, assume the CIA has figured out a clever trick for opening up Acme Secure Envelopes in transit. If they publish a report detailing at length how amazing and tamper proof Acme products are, the world would take note and sales would plummet overnight. If, however, you publish the same report on a blog about how to mail documents securely...
For instance, recently a core Monero dev published something called OSPEAD which is a proposed fix to the "Map Decoder Attack" which he also publicly disclosed at the same time : https://github.com/Rucknium/OSPEAD
The TLDR is that Monero has about 75% less privacy than anybody thought, and this attack is still "live" in production. It requires a mandatory upgrade by every node on the network to fix and as far as I know, no fix has been decided upon yet. The attack can be combined with other attacks to completely de-anonymize transactions. I recently wrote about the bug and my proposed mitigation that users can do to regain privacy here: https://duke.hush.is/memos/6/ . AMA, if you desire.
This attack (and mitigation) is not getting the attention it deserves, partially because it is technical and hard to explain and partially because it does not serve the interests of content marketers and Monero influencers.
Monero is indeed moving to ZK proofs because they are mathematically superior in every way. At a very high level, they are moving towards being more like Zcash but they are not using Zcash ZK machinery, they are rolling their own. They are called "Full Chain Membership Proofs" or FCMPs. You can read the paper about those here: https://github.com/kayabaNerve/fcmp-plus-plus-paper/blob/dev...
As another example, recently an anonymous researcher published http://maldomapyy5d5wn7l36mkragw3nk2fgab6tycbjlpsruch7kdninh... (you will need Tor Browser to access that) which explains how the Monero network is being spied on by malicious nodes, with the end result being that transaction id's can be linked to IP addresses.
There are various other examples of de-anonymization attacks on Monero but OSPEAD and network spying (which can be combined) are some of the worst, because they are very inexpensive and effective.
No comments yet
> repeatedly withdraw money from one exchange and then deposit it to another
right, don't do that. Withdraw to your wallet. Wait several days. Transfer elsewhere in different denominations.
Problem solved for everything you wrote, and its been nearly the same for the entire lifespan of Monero, 11 years now.
> Breaks will not always be public.
There are court cases that give the confidence necessary. It is also something to stay abreast of. Always just ask yourself who the transaction is intended to be hidden from.
Unfortunately, it doesn't work like that. The EAE attacks only require that the end destination is colluding with the start destination.
Like everything with decoys, privacy is stochastic. So I wouldn't go around making absolute claims about the privacy as many proponents of monero like to do. The developers advise against making these sorts of claims. Monero makes privacy a lot easier, but it's not perfect.
>There are court cases that give the confidence necessary. It is also something to stay abreast of. Always just ask yourself who the transaction is intended to be hidden from.
In the free world, we have the concept of innocent-until-proven-guilty and evidence-beyond-a-reasonable-doubt. Decoy-based approaches give you plausible deniability, but this often isn't enough for more domains where a lower standard of proof is needed.
Fortunately, all this and more will be fixed in FCMP++ upgrade.
Right now it seems Eve just needs to do a dust attack and addresses she’s seen before
And wallets like Featherwallet just need to segregate dust from the pool of outputs, and that kind of attack is totally thwarted
Fortunately Eve doesnt know if an address is part of the same wallet and Featherwallet hides the ability to reuse addresses, although users are lazy and may rely on old addresses being accepted destinations for anyone sending them funds. It would be great if wallets notified of dust, or asked you to recognize transactions in.
As a non-user of Monero, how do I find out what the security properties are and what information is leaked when various actions are taken? The OP's analysis is deeply lacking in this and the apparent rule against repeated transactions is non-obvious
there would be the monero subreddit where you could ask these questions
LLMs would be trained on them by now
Books like Mastering Monero exist, and will become obsolete if the proposed upgrades go through
Annual DNM OPSEC GUIDE will likely cover it (darknet market operational security guide)
many times police will made up "plausible way" how they uncovered something, but this "plausible way" was constructed after the "secret" or illegal way was employed to do it.
rephrase : police will do illegal thing to obtain info where you stash your drugs. for example installing NGO Pegasus to your phone, gps tracker under car... so they already have that info. then they call anonymously 911 saying there is smell of gas on street. (maybe they even spray some of mercaptan to make it even more plausible) firefighters, etc will come investigate gas leak and police will say that they uncovered drug stash in investigation of gas leak... illegal way to obtain info, then brainstorming how to make that data available "lawfully". they will not tell in front of judge/court about first part... so no your assumption is not correct.
in computer world it is million time easier.
99% of youtube videos about criminals failing at operational security is intentionally bad information.
IF you are believed to be criminal / "bad person" police(men) will justify doing almost anything, because you are bad person IN THEIR EYES.
also they are trained to and expected to disinform :
For example, Ross Ulbricht. every news paper said that "closing his laptop lid will lock his computer and police will be unable to decrypt it" they pushed it and said it so many times that researchers jumped on LUKS and in 1.5 years there was almost complete rewrite of LUKS.... (not even talking about constant TOR effort)
Whole not closing his notebook also proves that they obtain data legally. It does not say they did not have that data already.
One info can mean multiple things to multitude of people.
https://x.com/zachxbt/status/1916756932763046273
No comments yet
this phrase highlights some really common but unnecessary misunderstandings
1) the proceeds swapped to Monero. there is nothing "presumably" about that because we can see they were swapped to Monero. It isn't a correlation, the instant exchanges show and retain records that they were swapped to Monero.
2) they are unlinking the origin and destination of illicitly obtained funds, so that is laundering BUT
3) its equally as likely that Monero is the destination. there is no further swapping out to hide. no further laundering to complete. Monero can be used to purchase goods, services, and invest with as well. I think this is as misunderstood as people actually wanting to hold bitcoin was 10 years ago.
4) Monero is an old coin, from one of the first crypto cycles, one thing that's held people back from using it and other mixers is the liquidity. If a large hack of funds used any one of them, then most of the funds coming out would be probabilistically part of the hack and illicit. But if MANY of the hacks used it and other licit sources, this would improve the liquidity for everyone and other hacks. Liquidity begets liquidity. It was only a matter of time before someone started it.
No comments yet
That said, I do think it's got the brightest future of any coin besides BTC for the very reason.
Are there scaling issues with Monero, similar/worse than BTC?
* node resources scale with the size of the UTXO set (unspent outputs), which in Monero's case balloons to the entire TXO set (all outputs, orders of magnitude larger)
* a typical 2-input 2-output transaction is 4 times larger
* wallets have to track all outputs to choose random decoys for transaction inputs
One can argue that this is the price to pay for significantly better privacy, but the largest benefits come from having no visible amounts or addresses, which can be achieved with significantly better scalability than BTC [1].
[1] https://forum.grin.mw/t/scalability-vs-privacy-chart/8114
MWEB is certainly an improvement over transparent transactions (and other methods such as coinjoin, coinswap, cashfusion, etc.), and I welcome the litecoin upgrade. I agree that decoy-based privacy is weak.
However, I don't believe that the mimblewimble meets the standard of privacy needed for most users. It's not the visible amounts and addresses, but the links between transactions that are the main problem. CTs on their own are just a "nice-to-have".
The end goal should be a zcash or firo style of privacy. I think you can scale that to a global network with an adjustable block size, payment channels, and atomic swaps between multiple cryptocurrencies. The problem is that zcash and firo have weak tokenomics compared to monero. Grin will have a hard time finding an initial niche that isn't currently satisfied by monero, and if it does take off, its changes could be merged into bitcoin (https://www.truthcoin.info/blog/imex/).
[1] https://phyro.github.io/grinvestigation/why_grin.html
Everything considered, I don't think that the risk of a monero inflation bug is greater than a bitcoin inflation bug when you consider the complexity associated with scripting.
https://www.moneroinflation.com/inflation
The only way to get BTC-like guarantees of no double-spending for Lightning network transactions is to put every transaction on the BTC block chain ("close the channel" after every transaction). And then, of course, you get back all of the problems of BTC (minuscule TPS not enough for a small village, 0 privacy, huge energy costs).
(And sorry for going against the guidelines and talking about downvotes, but I'm really just asking for someone to either confirm what they said is right or explain why it isn't, I'm not caring about the votes themselves.)
if the chain swaps a month from now and drops my bbq purchase, the bbq shop isnt getting their bbq back, even though i get my BTC back on the new chain. the ethereum fork for ethereum classic also doubled everyone's wallets, which i'd consider to be a double spend
The double spend protection is quite limited, so whats the big loss from lightning?
So, assuming the BBQ supplier waited about an hour for confirmation, the chance that the money would be lost is minuscule with BTC transactions. With Lightning transactions, the same is not true at all - the customer could close their channel abruptly two months later when the BBQ joint is on vacation, and the money would suddenly vanish forever (assuming they don't catch the fraud in the time window before it becomes permanent).
Of course, in both cases, if you're the person who sent the money and the BBQ never arrived, you're out of luck entirely. Which is why the claim that BTC or Lightning enable trustless monetary transactions is mostly bogus, even with a no-double-spend guarantee. And waiting one hour for a payment to a BBQ joint to clear is basically unworkable (and the reality is more like two hours - one hour for the transaction to make it to be mined, and the other hour to confirm the block where it was included remains permanent).
Consider that a lot of Bitcoin is assumed to be locked up.
If an old satoshi wallet started moving funds, the price would probably halve.
While there are scaling issues with BTC it's severely worsened by the fact that BTC had refused to scale on-chain.
Monero is technically much harder to scale but since it doesn't have the same self-imposed restriction it can handle more transactions than Bitcoin can.
A constant rate of printing means the supply is uncapped but the inflation rate will approach zero.
Monero's choice is arguably better for actual use as a currency, as the printing will prevent deflation from lost coins. But it makes it less attractive as an investment.
For me that's a feature not a bug. The investor cryptobros have thoroughly killed the interest in BTC as a real payment method and made it just a vaporware pyramid scheme. They have accumulated a lot of influence.
Also they corrupted the whole idea behind bitcoin which was independence from the old centralised banking system where others control your money. To guarantee their investments they've rebuilt the whole old system in bitcoin with the exchanges and some regulators even demanding you use them to store your BTC.
No comments yet
Technology quality is uncorrelated with market cap. This would be like saying Frontier Airlines should have a higher market cap than United because one uses Linux and the other is still on mainframes..
Brightest future in terms of what? Traction? Market cap? This is what I thought 7 years ago, and I beefed up my XMR position as a result. Meanwhile, Bitcoin an objectively inferior technology, has 25x since then.
Once you create a wallet and write down the seed phrase, generate a "view key". Creating a new wallet from this "view key" allows you to see incoming transactions to your addresses, but not spend them. So you don't need as much security for "view-only" wallets.
You can generate an address from either wallet. It's a long string of numbers and letters that begins with an "8", under "Receive".
I am interested in any references to tracking Monero in criminal court cases. So far it seems to be one of the most effective ways to "keep getting away with it".
The USA in specific has had a similar problem before with encryption being classified as a munition making very problematic to import or export encryption. That's actually pretty well documented in various pieces of Java code from Sun if you're curious, because different algorithms could not be part of the JRE/JDK that was distributed publicly.
Your mention of "highly centralized billion dollar compute operations" is actually related to the training of the models not the inference. Doing inference for many of these models is readily available at modest consumer hardware availability. There are many different ways to break up models (MoE) etc. The notion that you need a large super computer to do inference is unfounded.
Also, as a reminder, cryptocurrency mining has already proven this to be a thing. Some stay above ground, some go to geopolitical areas for shelter and some stay underground entirely.
For your entertainment I will also include a more simplified play-by-play of how this can play out in the near future:
1. OpenAI or some other USA based AI company continues to get outplayed by foreign models (Qwen, Deepseek)
2. Company cries to government
3. Government does a similar munitions or tariff to what we saw with encryption. Requires at the least anyone wanting to use AI gets one from the good boy list etc.
Now you either (a) use only AI from the good boy list and get outplayed in the global marketplace where our main export is global technology or (b) start acting like a Chinese citizen and using a VPN to access AI services not available only on the approved good boy list.
I will stop here because the rest is already very well documented with how this progresses and you get the same result as the darknet marketplaces (DNM). DNS censorship for AI services not on the good boy list. DNS censorship and legal pressure for VPNs that allow non-good-boy-list services, etc.
Why wouldn't someone change a few .com endpoints to .onion and keep it moving while you send some coin to a wallet?
The philosophy behind Tor is maximum privacy, the most private way to do AI is locally.
> Doing inference for many of these models is readily available at modest consumer hardware availability.
Then why exactly do I need a darknet service for that, instead of running it locally?
> Now you either (a) use only AI from the good boy list and get outplayed in the global marketplace where our main export is global technology or (b) start acting like a Chinese citizen and using a VPN to access AI services not available only on the approved good boy list.
Yeah, businesses are totally gonna buy tons of crypto to pay for outlawed services from China to stay competitive. Instead of running models locally as you suggested above. And of course the government will just fold in face of this crypto enabled libertarian hell.. I mean utopia. Can't beat math, amirite? There will be no more taxes, everyone will be free, armed and get as much fentanyl as they want, and we will just build a Dyson sphere around the sun to power this awesome new financial behemoth. It will be so worth it.
Better invest now!
All of that is irrelevant to the context at hand. How good, trade-worthy, or the value of a cryptocurrency is not directly tied to the amount of computation work done to mine the coin. All different combinations exist.
> Then why exactly do I need a darknet service for that, instead of running it locally?
For the same reason most people are completely capable of running a modest PostgreSQL server with Nginx or a few docker containers on their hardware, yet they pay for the service of other people doing it. The same is true for backup, storage, and a plethora of other services they gladly fork over a few dollars for.
It being over the darknet is not a techncial requirement, it's an economic / market requirement.
> Yeah, businesses are totally gonna buy tons of crypto to pay for outlawed services from China to stay competitive
They already gladly look the other way and do shady things to procure data.
> Instead of running models locally as you suggested above.
Weird, when they tried to do that the DNS resolution for the domain name failed. Guess they'll fire up their VPN to start grabbing the model, etc. Maybe just by AICoin and move on?
> And of course the government will just fold in face of this crypto enabled libertarian hell.
For about 15 years you have been able to go into a .onion and grab whatever you what on a DNM. Many have been taken down. You can currently go on a .onion domain and grab whatever you want.
> I mean utopia. Can't beat math, amirite?
They seem able to catch a DNM every once in a while, but there are always a dozen or so viable and active alternatives.
> There will be no more taxes, everyone will be free, armed and get as much fentanyl as they want
I'm fairly certain the United States is getting as much fentanyl as it wants already. You can walk to some place in any city and get it in pill form quickly and cheaply. How much involvement the DNMs have in that right now I don't know. In the past some DNMs have policed that and some provided "quality testing" to verify the lack of presence of fentanyl in other substances.
After this is implemented, it will really strengthen its privacy. It will take a few years of development, iteration and planning. Move slow and... don't break things?
Though Zcash proponents will say the tax is a good thing. The tax is so good, that instead of getting rid of the tax after half of the coins were mined like the developers originally promised, the devs kept the dev tax for all of the mined coins.
tl;dr every method from the private sector and the state has resulted in nothing, or an upgrade to the Monero network
for anyone interested in using Monero, consider using Feather Wallet. This wallet implements some better best practices than the community's wallet.
Feather Wallet does initial syncing over clearnet for speed, and then connects to TOR and then only connects to other nodes hosted over Onion network. So you aren't even needing to connect to exit nodes.
It also hides the root address which starts with 4, and only shows you subaddresses that starts with 8. I always felt it was important that nobody ever could distinguish between a root address and subaddress.
It ensures you don't re-use addresses, which is an ancient and still relevant best practice that most cryptocurrencies and wallet have avoided for user experience. Feather Wallet makes it easy though.
Timing attacks are still relevant. For anyone aiming to use Monero as merely a conduit, wait 1 week or 2 before moving funds out, and move them out in different denominations than you put in. (In comparison, if you put $50,000 of XMR in, and a couple ours later moved $50,000 of XMR out in one transaction, this could realistically deanonymize you.)
The more people using Monero for benign but equally as private purposes, the more it improves the utility of Monero for everyone.
No one wants to switch to some unknown tech with an unknown development team.
I remember a scare some years back around a Monero developer that turned out to be a nothingburger, but it goes to show how important it is that the core development team is trustworthy, or at least sticks to their beliefs and don't capitulate to third-parties (whether public or private in nature).
Monero is the one coin I can confidently say I trust the core developers on, it's had a strong history of making the right decisions where it counts in my opinion (breaking ASICs w/the monero-classic situation, making the official client default to downloading the entire chain, etc)
Adopted and used first by darkweb pot dealers, like Bitcoin was.
Price supressed by government and banking hostility, like Bitcoin was.
https://gist.github.com/kayabaNerve/b754e9ed9fa4cc2c607f38a8...
After seeing this and their weak attempts at making a CPU-based PoW, I don't have any confidence in dero or its developers.
The state's concept of money is private and it has just enjoyed help in getting data about electronic ledgers for the last 55 years, by deputizing banks. And for the last 18 it has also enjoyed public ledgers of crypto currencies.
But the successful stigma of financial privacy doesn't invent its right to having data. This is just a privilege, and private money is a reversion to the mean.
The rumors that people bought Trump-coin for the sole purpose of currying favor got to me.
How would government knowing exactly who spends what where help in that scenario?
So its fine to feel disillusioned from that goal because it was a misplaced goal.
Monero on the other hand is private by default, and you can disclose transactions. It has optional auditability. This is a power dynamic I can appreciate.
easy to steal, liquid to sell, cant be confiscated.
Yeah their expropriations in Monero are occurring too, but I can’t levy a separate higher standard when this other thing is happening
Given that, "money laundering coin" just sounds like great marketing. I'm already half-sold.
Like if I make drug dealing illegal, then require drug dealer to pay taxes. And then take the tax money, and conceal and intermix it into the form of the value of the 8th street bridge to cross the creek.
I can exempt myself from the $10k deposit/withdrawal/structuring rules at the bank by affirming to them that it's not the proceeds of a crime? If a cop decides to take the $300 out of my wallet, I just state "that's not drug money" and he has to give it back then and there?
Keep in mind that I can lose the money without a conviction, trial, or even being charged, so I don't think this has anything to do with it being the proceeds of a crime.
1. a predicate crime - the illegal thing you did to make money 2. placement - getting that money into the financial system 2. layering - hiding the money in legitimate transactions 3. integration - getting the money out
it sounds like you do have the predicate crime though, in some form of illegal drug dealing, since you mention trying to interfere with the government. if you actually think its unconstitutional, you might consider getting caught, and bringing your case up to the supreme court so that it can be struck for being unconstitutional.