[PROJECT ABANDONED]

There are some mixers that currently provide access to their platforms via Telegram bots.

If you plan to use one, you should be aware that Telegram bots don't use end-to-end encryption and store all the chat log data in plaintext on Telegram servers available for extraction by the Telegram team. The company can hand over your personal info and mixing data anytime to authorities upon a simple request.
Authorities will be able to deanonymize your mixed transactions by simply looking up an output address you provided to the bot and subsequently looking up for the corresponding input address provided in the bot's responses.

This is also known that Telegram collaborate with the law enforcement and doesn't provide end-to-end encryption for their standard and bot chats in order to have chat logs accessible for the extraction upon law enforcement requests:

https://www.spiegel.de/netzwelt/apps/telegram-gibt-nutzerdaten-an-das-bundeskriminalamt-a-0e4d3fcb-8081-4b87-b062-db412bbc294b
Translated: https://www.bitdefender.com/blog/hotforsecurity/der-spiegel-says-telegram-gave-user-data-to-german-police-in-fight-against-terrorism-child-abuse/

The only way to encrypt Telegram communications is by using Secret Chats, that are not available for chatting with bots nor used by default for "normal" chats, that are also prone to server-side logging in the plain text.

If a mixer provides an interface in a Telegram bot, (a) its operators are either unaware of security implications for its users, which means the service shouldn't be trusted overall or (b) that mixer is providing a service via an unencrypted channel with a purpose to undermine users privacy/anonymity.

The following data will be available upon a request originating from a LE agency to provide chat logs from a Telegram bot for each user who interacted with it: username (if defined); phone number; IP address; Telegram client details; OS; chat logs revealing all the input/output address information and UTXOs involved; subsequently if they start investigating a specific user: all user's contacts; the chat logs from all other normal Telegram chats and bots may be revealed, unless the user have used "secret chats" (E2E).

This concern also addresses using any other services via Telegram bots, such as exchanges or any other services that process personal/sensitive data.

[Timeline:]

Monero's official Community Crowdfunding System (CCS) wallet was drained of 2675.73 XMR and their team still is still unable to find a root cause.

There is an ongoing discussion in their official Github repository:

https://github.com/monero-project/meta/issues/916 [CCS Wallet Incident #916]

The community suggests it happened due to bad operational and informational security practices of the team that had access to the wallet.

Timeline:

• April 12, 2020: New CCS wallet is created by fluffypony (on a dedicated wallet laptop, a Purism Librem 14, running Qubes) and the seed shared with Luigi, half via the Wire app, and half via GPG-encrypted email -- fluffypony and Luigi are the only parties with known access to the CCS seed.
• 2020-2023: (Luigi's side) a single use Ubuntu system is set up to run a Monero node and CCS wallet; the hot wallet is on a Windows 10 Pro desktop where it has been since 2017; Luigi makes payments from the hot wallet and tops it up from the CCS Wallet (via SSH), occasionally as needed.
• August 3, 2021: shortly after fluffypony's arrest, most of the CCS wallet was swept by Luigi to the hot wallet as a short-term measure pending more information about the nature of the arrest
• (a few weeks/months later) fluffypony's arrest is determined not crypto-related; reverted to previous behavior of large CCS balance, small hot wallet balance
• May 10, 2023: last transfer was made by Luigi from CCS wallet to hot wallet
• September 1 11:58pm - September 2 12:07am, 2023: CCS wallet was swept in 9 transactions, IDs:

ffc82e64dde43d3939354ca1445d41278aef0b80a7d16d7ca12ab9a88f5bc56a
08487d5dbf53dfb60008f6783d2784bc4c3b33e1a7db43356a0f61fb27ab90cc
4b73bd9731f6e188c6fcebed91cc1eb25d2a96d183037c3e4b46e83dbf1868a9
8a5ed5483b5746bd0fa0bc4b7c4605dda1a3643e8bb9144c3f37eb13d46c1441
56dd063f42775600adf03ae1e7d7376813d9640c65f08916e3802dbfee489e2c
e2ab762927637fe0255246f8795a02bd7bb99f905ae7afc21284e6ff9e7f73db
9bf312ed09da1e7dfce281a76ae2fc5b7b9edc35d31c9eb46b21d38500716b6b
837de977651136c18b0018269626be7155d477cc731c5ca907608a2db57ff6a8
9c278d1496788aee6c7f26556a3f6f2cbb7e109cd20400e0b2381f6c2d4e29f4
(wallet was then empty)

• September 2023: donations come in for Lovera CCS (the only proposal that was in Funding Required)
• September 28, 2023: Luigi logs into CCS wallet to top up hot wallet, finding (after syncing from May 10th as expected) a balance of ~4.6 XMR, representing September donations for Lovera; no additional transfers occurred after September 2
• September 28, 2023 (a few hours later): Luigi has call with binaryFate on what has been discovered; General Fund is confirmed to be intact. Shortly after, Luigi, binaryFate, and fluffypony have a call discussing the situation.
• September 28 - now: Core Team discusses internally; Luigi and fluffypony forensic efforts -- unfortunately, to date, no evidence of breach has been identified

Open questions:

• How do we achieve CCS continuity for existing contributors? Core team is in favor of covering existing liabilities from the General Fund.
• How do we structure the CCS going forward?
• How did the breach occur?

Hey guys I am wondering are there any more sites for anonymous public file sharing, that also support uploading via command-line? Here is the list i am currently using

https://transfer.sh
https://uguu.se
https://oshi.at
https://tempfile.cloud
https://file.io
https://0x0.st

Please share more if you know some, they are always super useful!

DELETED