In the Technical Overview of your "whitepaper", the "non-custodial exchange process" describes a normal centralized custodial exchange process just like your current website does if we go there and start an XMR to BTC exchange.

Apparently it's a marketing trick to gather attention with a "whitepaper" generated fully with ChatGPT that emphasize your brand name all around targeting users that do not pay attention to what's written in there.

Take for instance Step 3 of your "non-custodial exchange protocol process":


This is a robotic description of what users do after creating an XMR to BTC order on your website - they send XMR to the generated address by your system which forwards their funds to your current liquidity provider. You take the full custody of funds from that step to the exchange completion and there is absolutely nothing about that description where we can observe a non-custodial process.

The paragraph looks "detailed" because apart from saying that user transfers XMR to your address, the rest of it is just a summary of privacy benefits Monero provides. "Okay ChatGPT, just add a wall of text describing what Monero is".
The paragraph's title and contents have absolutely no relevance to the technical description of a decentralized protocol.

All the rest of that "whitepaper" is a flood of essays on given titles generated by ChatGPT. Have you made it with an intention to troll the fact that nowadays almost nobody reads whitepapers? This is the only point I can congratulate you on here with an A+ aval, since you almost managed to trick everybody.

And what's the most funny here is the "whitepaper" title itself: "Introducing True Non-Custodial Swaps for Monero: Whitepaper". Is your non-custodial swap protocol for Monero is called "Whitepaper"?

Let us know when we can read about the actual "non-custodial exchange protocol", because your current whitepaper and website are definitely not about it at all, nor there is any working Github link where your "open-source" protocol can be observed.


They certainly won't and it's very likely to be vice-versa.

While it's good to have services like this even that I personally think they are already too many on Telegram, its users should not forget about the fact that usage of Telegram bots eliminate entirely the privacy factor while using them.

This is just a reminder that Telegram bots, group chats and standard chats DO NOT HAVE ANY END-TO-END ENCRYPTION which makes all the chat logs stored on their servers and available to the Telegram law enforcement compliance team for further extraction any time later, without a need of employing any additional decryption.

The only communication channel on Telegram that enables end-to-end encryption is the feature called "Secret Chats", which is only available for person-to-person chats and is not even available in their official desktop app since the project launch.

Thereby, I suggest OP to make a SimpleX Chat bot instead, which would guarantee privacy by full and default end-to-end encryption of the data transmitted between it and its users.

SimpleX Chat is available on F-Droid which is another good security factor that guarantees users get app builds without any source code modifications during build process (this feature is called "reproducible builds" and it's a very important security feature since very few Android app users build binaries from sources themselves).


In case that exchange guarantees no risks associated with suspension and confiscation of your funds and specially given the untraceable currency you get, 5% is a reasonable rate, given that using most exchanges nowadays represents risks of losing 100% of the amount where they could ask you for SoF, KYC and other nonsense and even refuse to return your funds later. You've got a great example of this here.

By the way, I am yet to find policies in regards to risk screening of incoming transactions by the OP's service and therefore here is my question to the OP: what are risks if somebody sends 50 BTC coming from OFAC-listed address to your service? (I have provided an example with maximum risk so we can get straight to the point)

Well, it seems to be definitive then in case there will be no more changes to the proposed draft.

Because the mixer's admin logged in here on 30th made a post promising an update, but then theymos banned them and locked the topic. Some people said their channel was active after 30th and there is a new .onion link, however, since I don't use Telegram I couldn't confirm that. I've set the state to 'SEIZED' while there is no information on a new .onion.

theymos,

could you tell me whether my service's thread that ony lists and discusses mixers will be allowed here or I should wipe it before January? The thread in question: https://bitcointalk.org/index.php?topic=5476445

The thread itself doesn't link any mixers, only the site that does.

I have launched a mixer directory site: mixhub.to / yroltzbszl45er3ii2fhwt4grrcy3mqhsyovveufuhtyqi5oswpu2uid.onion

Thread: https://bitcointalk.org/index.php?topic=5476445.0

It has the following features:

• Registering and commenting as a Bitcointalk user (in fact the only way to post comments)
• Mixer admin access
• Support ticketing system for data suggestions

The platform already got 3 mixer reps registered and verified today and I expect almost all the listed mixers have their reps onboarded by the end of this month.

[PROJECT ABANDONED]

There are some mixers that currently provide access to their platforms via Telegram bots.

If you plan to use one, you should be aware that Telegram bots don't use end-to-end encryption and store all the chat log data in plaintext on Telegram servers available for extraction by the Telegram team. The company can hand over your personal info and mixing data anytime to authorities upon a simple request.
Authorities will be able to deanonymize your mixed transactions by simply looking up an output address you provided to the bot and subsequently looking up for the corresponding input address provided in the bot's responses.

This is also known that Telegram collaborate with the law enforcement and doesn't provide end-to-end encryption for their standard and bot chats in order to have chat logs accessible for the extraction upon law enforcement requests:

https://www.spiegel.de/netzwelt/apps/telegram-gibt-nutzerdaten-an-das-bundeskriminalamt-a-0e4d3fcb-8081-4b87-b062-db412bbc294b
Translated: https://www.bitdefender.com/blog/hotforsecurity/der-spiegel-says-telegram-gave-user-data-to-german-police-in-fight-against-terrorism-child-abuse/

The only way to encrypt Telegram communications is by using Secret Chats, that are not available for chatting with bots nor used by default for "normal" chats, that are also prone to server-side logging in the plain text.

If a mixer provides an interface in a Telegram bot, (a) its operators are either unaware of security implications for its users, which means the service shouldn't be trusted overall or (b) that mixer is providing a service via an unencrypted channel with a purpose to undermine users privacy/anonymity.

The following data will be available upon a request originating from a LE agency to provide chat logs from a Telegram bot for each user who interacted with it: username (if defined); phone number; IP address; Telegram client details; OS; chat logs revealing all the input/output address information and UTXOs involved; subsequently if they start investigating a specific user: all user's contacts; the chat logs from all other normal Telegram chats and bots may be revealed, unless the user have used "secret chats" (E2E).

This concern also addresses using any other services via Telegram bots, such as exchanges or any other services that process personal/sensitive data.

It seems you have misread something and got it wrong, since my OP doesn't contain any question. This is just an informative discussion thread. Skip on to memecoin threads if you are not interested in this subject, otherwise, please stay on topic.

Monero's official Community Crowdfunding System (CCS) wallet was drained of 2675.73 XMR and their team still is still unable to find a root cause.

There is an ongoing discussion in their official Github repository:

https://github.com/monero-project/meta/issues/916 [CCS Wallet Incident #916]

The community suggests it happened due to bad operational and informational security practices of the team that had access to the wallet.

Hey guys I am wondering are there any more sites for anonymous public file sharing, that also support uploading via command-line? Here is the list i am currently using

https://transfer.sh
https://uguu.se
https://oshi.at
https://tempfile.cloud
https://file.io
https://0x0.st

Please share more if you know some, they are always super useful!

Since AOSP comes without Google Apps by default, it means it has no Play store. https://f-droid.org is a great alternative as an app store for fully open source software. It includes applications such as
Shelter to isolate untrusted apps from your personal data
Firefox Klar for privacy browsing
K-9 mail client
Linphone for SIP communications
OpenVPN client
Revolution IRC client
ownCloud,Nextcloud clients
NewPipe a YouTube client
Yalp store, Aurora store for downloading apps from Play Store without Google account
MaterialFBook for accessing Facebook without its official app, Tinfoil for Twitter
Telegram FOSS build,
Silence for encrypted SMS chats
Delta Chat for encrypted secure instant messaging over email (has a Telegram-like interface and group chats)
orBot as a Tor client ( thanks to https://guardianproject.info )
among a big variety of other privacy-oriented apps.

Open GApps is a fully open source Google Apps alternative.

I disagree with all the above posters except ts.


Quite a common myth, please look at the amount of cryptomarket breaches for the past years including 2018. Exchanges care so much about 2FA just because most of them are not ready to take responsibility once their resources are hacked and 2FA minimizes the risk of unauthorized withdrawals. Most code base of crypto exchanges is acquired on Indian and Russian cheap outsource market, which is very well known for bad security, thus, forcing 2FA is more an excuse for bad security than some reasonable thing.
There is a well known fact there are 2 category of Internet users, these who care about their online security and these who don't. Unfortunately second party is bigger, but these who deal with online valuable assets and not only use facebook should be aware of security and they are responsible for their credentials in the first place.

To summarize, exchanges that force 2FA admit the possibility of being hacked which means they are not confident with security of their sites. An ability to create the exchange should not be enough requirement for launching it, the ability to secure it should be most priority.

You are using Google captcha, so no, I will not register on your site or use it.
One quest per day that requires me to identify cars just to login on bitcointalk is quite enough for me.

This is a highly recommended hoster if you value privacy. No bullshit.

Every single existing government is: conspiracy, lies, crime, corruption, misrepresentation, bribery, freemasonry, embezzlement and so on...
So, no.

I used it once in my life and glad i quit instantly once tried.
It starts to make you headaches once you access your account using Tor. Privacy? Forget about it. My dislike level for FB is same as for google captcha (hey bitcointalk)

I like using your bot, it's pretty convenient

OP: No you aren't stupid, but bitpay staff is: lacking documentation, no description with manuals on how to make payments with new protocol, no warning on invoice pages, and the most important part:

I wasted a whole day on understanding why Electrum 3.0.4 is not recognizing the new bitpay URL, giving me the following error:
"payment URL not pointing to a valid server"

Turned out that their payment protocol server uses some kind of CDN that deny Tor Exit Nodes. My Electrum is communicating via Tor, because my goal is staying fully anonymous on the Internet, which I am successful at. (don't tell me some bs such as "it's impossible". i don't use social networks)
So I bought a linux VPS (from a provider that doesn't use bitpay of course) to make an anonymous payment using Electrum headless for a Bitpay invoice of another VPS provider.
First of all, I am now migrating away from every service that now use Bitpay for accepting Bitcoins, demonstrating my own protest.

Yes, I am very disappointed with Bitpay not permitting to use Tor with payment protocol. Bitpay definitely doesn't want you to stay private on the Internet.