XMR vs DRK

[majamina]

I posted a silly meme in response to the silliness of your response to a technical dissection of the operational security that truly is necessary in the real world that we live in.

Re-read your own post. You basically said "I know devs. All that stuff is not really necessary because it is hard to do."

no i didn't say that at all. i'm saying that you'd be surprised at some of the code that goes into production finance systems that run people's money. big money.

why is questioning an enterprise-grade list of opsec measures for masternodes silly....the design does not require these measures....explain why I'm wrong instead of posting silly memes...

[1714470137]

1714470137

[1714470137]

1714470137

[1714470137]

1714470137

[1714470137]

1714470137

[Anon136]

https://www.mixcloud.com/dogedradio/monero-coin-interview/

This interviewer is ssssllllllooooowwww. Good lord how hard is it to understand the concept of running one node and multiple wallets. It probably makes him a good interviewer since a lot of the listeners aren't particularly technically inclined but man that was hard to listen to.

Anyway thanks for the link. 4hours of conversation with the devs. Very glad you linked this.

[fluffypony]

Why is it all-or-nothing?

Why does a masternode need to failover? If my masternode fails today, nothing happens to the network other than masternode count is reduced by 1. Please explain this point before we move on...

Because the more honest MasterNodes there are the harder it is for a sophisticated attacker to gain a foothold. If MN operators don't have a failover it gives our sophisticated attacker an easy in - break into the colo cage, and since the operator can't just abandon the infrastructure and failover to a new (and unknown to the attacker) location, he either opens himself up by going to the DC (and getting arrested / strong-armed into assisting LEA) or he abandons the infrastructure and then spends days / weeks setting up anew, during which time there's 1 less MasterNode. Perform this against multiple operators simultaneously and they'll strike gold (especially since there will be many MNs clustered at datacenters like Ecatel).

Remember: literally every key differentiating factor for Darkcoin (Darksend, InstantX) requires the MasterNode network. For it to be safe, successful, and robust, you have to have all MasterNodes acting like ultra-paranoid DNM operators. Anything less than absolute operational perfection for the entire MN network puts people at risk and degrades functionality, to a greater or lesser degree.

[majamina]

Unless a person is mixing after every transaction they perform I'd say it's no more private than Bitcoin. If the level of privacy is solely dependent on the user acting in a sane and self-serving manner then they may as well use Bitcoin. For example: Bob has 100 DRK. He uses Darksend to pre-mix these. Now he takes these 100 DRK that are in address drkaaaa0001 and goes and buys something on SilkEvolutionReloaded3 for 20 DRK. The remaining 80 DRK come back into his wallet to address drkbbbb0002. A few days later he goes and buys a coffee at StarBucks for 1 DRK. Because LEA receive feeds from our proverbial StarBucks in this thought experiment they are immediately able to see that change from an illicit transaction has been used at StarBucks, and now they have video footage and the guy's car registration number.

Thus there is a dependency on the user exercising sufficient opsec, else they will compromise themselves as they are lulled into a false sense of privacy.

hmm, interesting and worth some consideration.

so you are saying that if someone is stupid enough to send more coins than they need to a dark market, spend some of them on something illegal, then send unmixed change from the dark market back to their own wallet they compromise their privacy.

fair point I suppose, but I don't see a huge 'opsec' challenge to avoid this

[5w00p]

So, now you are saying "It's ok, because lots of people are lazy and untechnical."

Explain how you are wrong. Where should I start.
I think a decent place to begin is with the revelations of a little-known former NSA contractor of the name Ed Snowden. Have you possibly heard of him? Watched a documentary called "Citizen Four" yet?

All this stuff is NOT a fairytale. It is NOT a tinfoil hat thing. The very simple fact of it all is that every single bit (and I do mean bit, as in 0 or 1, bit) that traverses any portion of the telecommunications infrastructure of virtually any NATO or similarly-allied nation on this planet is sniffed and inspected by hordes of incredibly powerful computers, and stored for posterity on unbelievably large data farms for possible later investigation by teams of real human beings.

Please wake up and smell the feces.

[majamina]

Why is it all-or-nothing?

Why does a masternode need to failover? If my masternode fails today, nothing happens to the network other than masternode count is reduced by 1. Please explain this point before we move on...

Because the more honest MasterNodes there are the harder it is for a sophisticated attacker to gain a foothold. If MN operators don't have a failover it gives our sophisticated attacker an easy in - break into the colo cage, and since the operator can't just abandon the infrastructure and failover to a new (and unknown to the attacker) location, he either opens himself up by going to the DC (and getting arrested / strong-armed into assisting LEA) or he abandons the infrastructure and then spends days / weeks setting up anew, during which time there's 1 less MasterNode. Perform this against multiple operators simultaneously and they'll strike gold (especially since there will be many MNs clustered at datacenters like Ecatel).

Remember: literally every key differentiating factor for Darkcoin (Darksend, InstantX) requires the MasterNode network. For it to be safe, successful, and robust, you have to have all MasterNodes acting like ultra-paranoid DNM operators. Anything less than absolute operational perfection for the entire MN network puts people at risk and degrades functionality, to a greater or lesser degree.

so the scenario is a co-ordinated attack on lots of masternodes, but you won't say how many masternodes need to be compromised....i think you need to for this argument to stand up.

[othe]

Why is it all-or-nothing?

Why does a masternode need to failover? If my masternode fails today, nothing happens to the network other than masternode count is reduced by 1. Please explain this point before we move on...

Because the more honest MasterNodes there are the harder it is for a sophisticated attacker to gain a foothold. If MN operators don't have a failover it gives our sophisticated attacker an easy in - break into the colo cage, and since the operator can't just abandon the infrastructure and failover to a new (and unknown to the attacker) location, he either opens himself up by going to the DC (and getting arrested / strong-armed into assisting LEA) or he abandons the infrastructure and then spends days / weeks setting up anew, during which time there's 1 less MasterNode. Perform this against multiple operators simultaneously and they'll strike gold (especially since there will be many MNs clustered at datacenters like Ecatel).

Remember: literally every key differentiating factor for Darkcoin (Darksend, InstantX) requires the MasterNode network. For it to be safe, successful, and robust, you have to have all MasterNodes acting like ultra-paranoid DNM operators. Anything less than absolute operational perfection for the entire MN network puts people at risk and degrades functionality, to a greater or lesser degree.

so the scenario is a co-ordinated attack on lots of masternodes, but you won't say how many masternodes need to be compromised....i think you need to for this argument to stand up.

Are you that narrow minded that you think the only possible way to deanonymize darkcoin is owning all masternodes?

[majamina]

So, now you are saying "It's ok, because lots of people are lazy and untechnical."

no i'm not saying that. fluffypony said 'the level of rigour that is generally accepted as necessary when every line of code can mean the wiping out of someone's saving or the end of a person's means of income' - i'm just making a comment that this perceived level as rigour is perhaps not as pervasive in financial software development as you might imagine. I'm not saying it's OK, you made that bit up

Explain how you are wrong. Where should I start.
I think a decent place to begin is with the revelations of a little-known former NSA contractor of the name Ed Snowden. Have you possibly heard of him? Watched a documentary called "Citizen Four" yet?

All this stuff is NOT a fairytale. It is NOT a tinfoil hat thing. The very simple fact of it all is that every single bit (and I do mean bit, as in 0 or 1, bit) that traverses any portion of the telecommunications infrastructure of virtually any NATO or similarly-allied nation on this planet is sniffed and inspected by hordes of incredibly powerful computers, and stored for posterity on unbelievably large data farms for possible later investigation by teams of real human beings.

Please wake up and smell the feces.

how does this relate to opsec requirements for masternodes?

[majamina]

Are you that narrow minded that you think the only possible way to deanonymize darkcoin is owning all masternodes?

Not at all, but that's not what we're talking about. Do you want me to talk about something we're not talking about, in response to something that we are?

[5w00p]

fluffypony fucking told you how it relates to masternodes in the fucking original dissection that you said "Naw man, that ain't needed cuz I said it ain't needed."

Are you mentally challenged?

[BlockaFett]

Are you that narrow minded that you think the only possible way to deanonymize darkcoin is owning all masternodes?

Not at all, but that's not what we're talking about. Do you want me to talk about something we're not talking about, in response to something that we are?

^ you made the mistake of asking a Monero dev for a straight answer. YOU MUST BE NEW HERE

[BlockaFett]

fluffypony fucking told you how it relates to masternodes in the fucking original dissection that you said "Naw man, that ain't needed cuz I said it ain't needed."

Are you mentally challenged?

where did he? 

[othe]

The Masternodes are a part of your fucking consensus system if u still don't see how you should secure them the best way possible is beyond anyone with a brain and basic knowledge of it security.

[majamina]

fluffypony fucking told you how it relates to masternodes in the fucking original dissection that you said "Naw man, that ain't needed cuz I said it ain't needed."

Are you mentally challenged?

he told me that it's needed in case people compromise sections of the network by whatever means....he didn't say how much of the network needs to be compromise, so how can we assess if the measures are required?

failover capacity and opsec measures should be based on operational risk...we haven't quantified the operational risk, i.e. number of masternodes that need to be compromised, so how can we define these measures?

[fluffypony]

so you are saying that if someone is stupid enough to send more coins than they need to a dark market, spend some of them on something illegal, then send unmixed change from the dark market back to their own wallet they compromise their privacy.

fair point I suppose, but I don't see a huge 'opsec' challenge to avoid this

No, you're misunderstanding how cryptocurrency works. Let me use a simplified example.

Your wallet balance doesn't actually exist. It's instead a representation of all of the unspent transaction outputs (utxos) in your wallet. Let's say you have the following UTXOs:

Amount	|	Address
100 DRK	|	AAAA
100 DRK	|	BBBB
100 DRK	|	CCCC

Now you send those off for pre-mixing. Your wallet's UTXOs now look like this:

Amount	|	Address
50 DRK	|	ABAB
25 DRK	|	CDCD
25 DRK	|	EFEF
180 DRK	|	GHGH
20 DRK	|	IJIJ

You now buy something on SuperDodgyMarket for 10 DRK, the address you've got to send it to is XXZZ. As you can see, you don't have a 10 DRK output in your utxoset. So you HAVE to use an output > 10 DRK. Thus the resulting transaction looks like this:

Inputs:

Amount	|	From Address
50 DRK	|	ABAB

Outputs:

Amount	|	From Address
10 DRK	|	XXZZ
40 DRK	|	KLKL

As a result, your wallet's utxoset now looks like this:

Amount	|	Address
25 DRK	|	CDCD
25 DRK	|	EFEF
180 DRK	|	GHGH
20 DRK	|	IJIJ
40 DRK	|	KLKL

This is not anything "stupid" you've done, this is through the normal course of things. It doesn't matter what you do next, your entire set of "anonymised" outputs is now at risk because of the 40 DRK in KLKL that you will use in the normal course of things (eg. if you need to send 200 DRK to an exchange your wallet may pick the 180 DRK output and the tainted 40 DRK output, and now you're screwed).

This has nothing to do with MasterNode opsec, that's a different matter. This has to do with Darksend's anonymity not being "good enough" (remember I was replying to Macno, so different conversation to the MN threat model) because users can and will be deanonymised after the fact. Thus for users to actually take advantage of Darkcoin's privacy they are required to practice strict opsec of their own, remixing their entire wallet after every transaction. The slightest mistake or relaxation on their part can mean they are instantly compromised (from a privacy perspective). And if you've got to exercise such strict opsec as a user, why not just use Bitcoin?

[BlockaFett]

The Masternodes are a part of your fucking consensus system if u still don't see how you should secure them the best way possible is beyond anyone with a brain and basic knowledge of it security.

which conversation are you talking about?

Fluffy is now saying that every MN owner needs a failover or it's easier to compromise the MN Network

majamina then asked ergo how many MN need to be compromised to backup that proposition?

it's a fair question but instead of getting an answer he is being called 'mentally challenged' for asking someone to prove what they are saying?

[megges]

you admit xmr team is building rock solid stuff. I am suggesting for you now as drk prise has risen significiantly to cash some (not all) of your drk and diversifying into xmr. After all the crypto is like a raffle and it is good to have some variety in portfolio in case some coin rises significiantly.

I do have an XMR position, but only like 10% of my DRK holdings so barely a hedge.

What I'm questioning about XMR is time-to-market and the real-world necessity of the ultra-robust tech. If DRK is fit-for-purpose in the majority of real-world use cases and gets over the line first in terms of adoption and scalability, where does that leave XMR?

For which real world cases is Darksend not secure enough?

Unless a person is mixing after every transaction they perform I'd say it's no more private than Bitcoin. If the level of privacy is solely dependent on the user acting in a sane and self-serving manner then they may as well use Bitcoin. For example: Bob has 100 DRK. He uses Darksend to pre-mix these. Now he takes these 100 DRK that are in address drkaaaa0001 and goes and buys something on SilkEvolutionReloaded3 for 20 DRK. The remaining 80 DRK come back into his wallet to address drkbbbb0002. A few days later he goes and buys a coffee at StarBucks for 1 DRK. Because LEA receive feeds from our proverbial StarBucks in this thought experiment they are immediately able to see that change from an illicit transaction has been used at StarBucks, and now they have video footage and the guy's car registration number.

Thus there is a dependency on the user exercising sufficient opsec, else they will compromise themselves as they are lulled into a false sense of privacy.

Thats not how darksend is intended to work (or work) ... after mixing the denominations stay in the mixed address, so after you darksend 100 DRK you got for example 100 addresses with 1 DRK i each ... the correlation between these addresses is not there, thats what darksend is made for.

So if you send a darksend with 20 coins, there is no changeaddress used fpr the remaining 80 drk in your wallet, because they are all in other addresses (dominated for 1 drk each) ...

your approach sounds more like the coinjoin method, but thats not how darksend uses, it uses a portion from coinjoin with various additions, like denomination, to get around that problem what you are talking about

[BlockaFett]

you admit xmr team is building rock solid stuff. I am suggesting for you now as drk prise has risen significiantly to cash some (not all) of your drk and diversifying into xmr. After all the crypto is like a raffle and it is good to have some variety in portfolio in case some coin rises significiantly.

I do have an XMR position, but only like 10% of my DRK holdings so barely a hedge.

What I'm questioning about XMR is time-to-market and the real-world necessity of the ultra-robust tech. If DRK is fit-for-purpose in the majority of real-world use cases and gets over the line first in terms of adoption and scalability, where does that leave XMR?

For which real world cases is Darksend not secure enough?

Unless a person is mixing after every transaction they perform I'd say it's no more private than Bitcoin. If the level of privacy is solely dependent on the user acting in a sane and self-serving manner then they may as well use Bitcoin. For example: Bob has 100 DRK. He uses Darksend to pre-mix these. Now he takes these 100 DRK that are in address drkaaaa0001 and goes and buys something on SilkEvolutionReloaded3 for 20 DRK. The remaining 80 DRK come back into his wallet to address drkbbbb0002. A few days later he goes and buys a coffee at StarBucks for 1 DRK. Because LEA receive feeds from our proverbial StarBucks in this thought experiment they are immediately able to see that change from an illicit transaction has been used at StarBucks, and now they have video footage and the guy's car registration number.

Thus there is a dependency on the user exercising sufficient opsec, else they will compromise themselves as they are lulled into a false sense of privacy.

Thats not how darksend is intended to work (or work) ... after mixing the denominations stay in the mixed address, so after you darksend 100 DRK you got for example 100 addresses with 1 DRK i each ... the correlation between these addresses is not there, thats what darksend is made for.

So if you send a darksend with 20 coins, there is no changeaddress used fpr the remaining 80 drk in your wallet, because they are all in other addresses ...

And therefore everything Fluffy said here is wrong:

Unless a person is mixing after every transaction they perform I'd say it's no more private than Bitcoin. If the level of privacy is solely dependent on the user acting in a sane and self-serving manner then they may as well use Bitcoin. For example: Bob has 100 DRK. He uses Darksend to pre-mix these. Now he takes these 100 DRK that are in address drkaaaa0001 and goes and buys something on SilkEvolutionReloaded3 for 20 DRK. The remaining 80 DRK come back into his wallet to address drkbbbb0002. A few days later he goes and buys a coffee at StarBucks for 1 DRK. Because LEA receive feeds from our proverbial StarBucks in this thought experiment they are immediately able to see that change from an illicit transaction has been used at StarBucks, and now they have video footage and the guy's car registration number.

meaning he has no idea what he is talking about

[5w00p]

Basically, you want to be spoon-fed, despite the fact that you keep spitting out everything that is fed to you.

You want an exact technical analysis of the weaknesses in a system whose blatant and glaring weaknesses have already been pointed out many times, despite the fact that each time these weaknesses are pointed out, you go: "Look over there, a birdy!"

I might as well explain it to my pet fish, as at least he eats what is fed to him and doesn't argue with sound reasoning.

[fluffypony]

Thats not how darksend is intended to work (or work) ... after mixing the denominations stay in the mixed address, so after you darksend 100 DRK you got for example 100 addresses with 1 DRK i each ... the correlation between these addresses is not there, thats what darksend is made for.

So if you send a darksend with 20 coins, there is no changeaddress used fpr the remaining 80 drk in your wallet, because they are all in other addresses ...

I understand that, but you will get change the minute you pay for something with a decimal place.

Unless you're saying merchants have to price things in multiples of $5.18 (at this moment) and can't deviate from that?