Can someone really explain which coins are truly anonymous?

[dinofelis]

Thanks everyone for answering a question I didn't actually ask.

"You actually didn't intend to ask but asked nevertheless".

Is it so hard for people to put aside their agenda to answer a fucking question. I asked about the actual transaction nothing about IP addresses and postal addresses...damn. Did you think I thought a crypto currency would magically make my home address disappear? And who said anything about using a bank account?

It is quite simple, in fact.

In bitcoin-like currencies, your transaction links a previous transaction or a set of previous transactions (where you received the coins) and the future transaction(s) of the receiver(s).  This is pseudonymous, in the sense that nobody knows (apart from you broadcasting your transaction with your IP, on your computer, etc...) who you are, you are just a bitcoin wallet address.... UNLESS they find out who was ONE of the previous transaction owners or they find out who was one of the FUTURE transaction owners.  For instance, if a previous transaction owner was an exchange, then this exchange knows of course that YOU (Jack Smith) have withdrawn the funds to THAT address, or you bought a smartphone with your bitcoins at THAT store, and they know of course that it was YOU (Jack Smith) who paid them with those coins.

As coins hop from transaction to transaction, and this is fully traceable on the bitcoin block chain, it is sufficient to have SOME "real world identities" along that chain, to be able to resolve most of the identities along.  This comes about because you have to combine several of your own addresses to arrive at the right amount of coins to pay someone, and to get back some change.

Imagine you have withdrawn 5 bitcoin from exchange A, to address J1.
Imagine you have done a shady deal with Joe, and got 3 bitcoin to address J2.

Now, imagine you pay a gaming computer for 7 bitcoin at store B.  Your wallet will combine addresses J1 and J2 into 8 bitcoin, and send 7 of them to store B, and you get 1 back in change address J3.

Suppose now that you pay a coffee at starbucks C for 0.01 coin.  You will use address J3 (and get back 0.95 at address J4), and they know it is you.

Now, suppose that law enforcement caught Willy, the guy with whom Joe did affairs, and got his coins from.  Willy doesn't say anything, but they found his bitcoin wallet on his computer and found his addresses (they didn't even need to have the secret key for that).  Suppose that the coffee shop works regularly with law enforcement too.

Now, they see that from one of Willy's addresses, after a few hops, the coins (YOUR coins) arrived at the coffee shop:

In fact, the hops were: (Willy) - (Joe X) - your J2 - your J3 - the starbucks C address.

Law enforcement now needs to resolve X, J2 and J3.  They know J3, because starbucks tells them: it is yours !
They know that Willy's coins went through you to buy a coffee.  But you could have gotten those coins J3 "honestly" from the guy owning J2.  So they now have to resolve J2 and X.  They know that J2 was combined with J1 to do a transaction (to store B, but they don't even have to know that).  There are hence chances that J1 and J2 belong to the same person.  Now, J1 is known by an exchange, it is YOUR address.

This is sufficient to know that J2 is yours, and hence that you got money from a guy that did business with Willy.  That's reason enough to come and ask you some nasty questions.  You cannot deny that you are the owner of J2.  You mixed it with J1 which is definitely yours, and you were still the owner of J3 which came out of a transaction.  So you MUST be the owner of J2.

The only thing that law enforcement knew, where your interaction with an exchange, your interaction with a coffee shop, and Willy's interaction with Joe.

At no point they knew anything about Joe's wallet (the don't yet know who Joe is, but you are going to tell them if they use rubber hose cryptography), nor about your wallets.

This is the fundamental problem with traceable coins like bitcoin, ethereum, and all the rest.

Now, for mixers.  The trick is that many people wanting to hide their addresses from their identities, put their coins in a big transaction where they get them out again.  Whether that is a good, or rather a bad idea, depends on how often and by how many people it is actually used.  If you mix your coins J2 with S1 and S2, where S1 and S2 are also shady people, then 1) it is somewhat more work to trace the network, but they payoff is that 2) they will catch more shady guys along !

You need more "contact points" to resolve the mixer, but you will also catch more fish !

It is only if mixers are used regularly, by MOST (innocent) people, that mixers help.   If they are MOSTLY used by people wanting to hide their transactions, then mixing is actually a bait for law enforcement/TPTB.

Also, mixers are specific entities that KNOW of course the mixing.  In as much as they are centralized entities like exchanges, they are more dangerous than not mixing, because you don't know what they do with this knowledge ; if they are distributed entities, you might very well be mixing on an FBI node without knowing.

This is BTW why OPSEC and anonymity go together and you cannot just consider them two different problems.

This is why *optional mixing* such as in DASH or with centralized tumblers, is something that can make your anonymity decrease as well as increase.  There are two potential problems with it: 1) the "optional" part, if not enough people use it and 2) the fact that the knowledge exists somewhere out there, in the mixer and you don't know what they do with it (voluntary or even not voluntary, if their OPSEC is not OK).

So mixers on transparent block chains can help, but can also be a problem, depending on how distributed the mixers are, and how much they are actually used normally.

Monero type block chains are different.  You could say that at first sight, monero transactions "do a random mix" at every transaction.  That would already be nice, because 1) there are no centralized mixers 2) every user uses it automatically all the time.  That's already very very good and solves the issues we mentioned earlier.  But monero does in fact more.  A transaction is not a genuine mixing, but an obfuscation of WHAT is the real previous transaction amongst several.

In monero, you only know that this transaction got its input from SOME of these previous transactions, where only the owner of the previous transaction output knows which one it is, and the others got used (without their knowledge and without them doing what so ever) to obfuscate the signature.

So, when you pay starbucks, starbucks only knows that they got paid, MAYBE from output J3, maybe from output Q, maybe from output R, maybe from output S.  When looking into the chain, they see that J3 got a return, maybe from J2, maybe from T, maybe from U, maybe from V.

The anonymity is not total, in the sense that IF law enforcement gets Willy AND if law enforcement uses sufficiently their rubber hose so that Willy gives his secret key to them, THEN they can find out that Willy did the transaction Willy - Joe (X).
(remember that they didn't need the secret key to see what were Willy's transactions, only his unlocked wallet, for the bitcoin stuff).

Now, they can see that X was (maybe) used in a transaction to J2, or maybe in a transaction to M, or maybe in a transaction to N, or ... maybe not at all.  They don't know whether Joe spend his money or not, and whether his signature got only randomly used in other obfuscating transactions, or whether there was a genuine transaction.

But there IS an arborescence on the block chain that allows for a path from X to the coffee shop, that goes through J2 and J3.  This is still visible, although it could be a fake path, and there are many other paths.

The more transactions there are between X and the coffee shop, the more this web of potentially fake paths becomes dense, but it is not "total".

So this is the kind of anonymity you get with monero.

With Zcash, the anonymity is total.  Instead of having a finite set of random signatures at each step, you could say (although technically it is different) that ZCASH is like monero, where at each transaction, ALL signatures on the block chain are used.  There's strictly no relationship between X and the coffee shop.  If the anonymity is used each time in ZCASH, something I can't figure out.  I used to think it was not (that there are also transactions "in the clear" such as with zerocoin) but I don't know now.

[kiklo]

Some replies here are such bullshit. Not everyone lives in the US under the NSA. Of course if the coin is untraceable you can send end to end anonymously. Walk into any PC room in Asia and send for one thing. You sad sack of Yankee fucks.

You're really just not bright at all are you.

Read the News about the FBI arrests on dummies that thought they were safe behind Tor.
Hell, Kim Dot.Com even lived in a foreign country and the US went after his ass.
There are places where the US does not even contact the local authorities they just go in and snatch your ass and bring you to the US.
There are court orders to arrest foreign people who have never even been on US Soil.

Are there Cameras in your little Asian PC room , did you pay with credit card, were you smart enough to mask the network address of your ethernet or wireless device which can lead to the serial number of your PC and be used to track every single IP , it ever connected too.
Is there anyone in that little cafe , that knows who you are, what you drive , or the times you come in.
Did you make sure the NSA firmware was not on your Harddrive before you even purchased it, that will id your system and give them a backdoor in.

No you think just because you use a coin that claims anon , you are safe, No but you are stupid.
Which exchange did you buy that anon coin, that tracked your IP info, did they require ID & Email ,
or even if you purchased it from someone on the street , you don't know if they are selling your information or not.
http://themerkle.com/ever-heard-of-an-a-i-bot-being-arrested/

A bot created by Carmen Weisskopf and Domagoj Smoljo was arrested last year by Swiss authorities.
The bot, who is being referred to as RDS, or Random Dark net Shopper.
The bot journeyed deep into dark net, purchasing and ordering illegal goods on dozens of markets.
The bot even went as far as sending items back to the original shipper just to show off.

Believe what you want, but hear this , Anon coins won't protect you at all.
You actually probably be more anon wearing a disguise and paying with fiat or gold (without serial #s) than any online crypto.

   

FYI:
And don't think for a second that the other Countries like China are not doing similar reconnaissance on all Cyber activities.
http://www.salon.com/2013/10/26/12_other_governments_that_enjoy_spying_on_their_citizens_partner/

3) China

China spies on its own citizens — that’s no secret. The country has a vast digital empire to perform such tasks. But the domestic spying has gotten so out of control in China that its public officials are even spying on each other. Many Chinese officials have found wires in their offices and cars. Some have even found them in their showers. Communist Party member Bo Xilai went as far as wiretapping the president. Before meetings, Chinese officials now often hug so they can pat each other down.

https://www.hrw.org/news/2011/09/22/why-are-people-disappearing-china
http://www.theguardian.com/world/ng-interactive/2016/jun/09/the-disappeared-faces-human-rights-activists-china-silence

[dinofelis]

But surely there is a way to circumvent them? Use a VPN that does not log your activity, use Tor or I2P, use a darknet email or a fake email, stop using banks and use only bitcoin, and then get a PO box. I know there will be holes where the authorities could catch you but if you are careful and keep track of your anonymity religiously you can do it.

VPN are Traceable, Tor has been compromised ,
To even Buy a Large Volume of BTC requires your ID, the exchanges track you.
PO boxes required multiple forms of ID including Photo.

What about the fact you are all living in a Police State / World , do you not comprehend.
Everything warned about in the Books 1984 & Brave New World has either already happen or happening as we type.

These Systems were engineer from the very beginning to Spy on you.
Internet protocol was designed by ARPANET but funded by Defense Advanced Research Projects Agency (DARPA)
Tor was designed by U.S. Naval Intelligence

The only way to circumvent a system designed to track you is not to use it when you don't want to be tracked.  

 

Although I agree with most of what you say in principle, you should also see the other side of the medal.  Even though TPTB have a lot of resources, their resources are not infinite, and every anon technique costs them a finite amount of resources to deal with it.  In the end they will go broke if they will try to go after everyone, in the same way the soviet empire collapsed.
The biggest problem is not so much TPTB, but rather the immense herd of brainless people not realizing this.

Compare it to downloading copyrighted movies.  If you do this open in the clear, you get trouble.  If you use a VPN, the effort to track you is most of the time too much of a hassle and too little gain for them to annoy you.  But don't use a VPN to organize a killing of a US president of course.

This is why you should consider your threat model.

[kiklo]

Although I agree with most of what you say in principle, you should also see the other side of the medal.  Even though TPTB have a lot of resources, their resources are not infinite, and every anon technique costs them a finite amount of resources to deal with it.  In the end they will go broke if they will try to go after everyone, in the same way the soviet empire collapsed.
The biggest problem is not so much TPTB, but rather the immense herd of brainless people not realizing this.

Compare it to downloading copyrighted movies.  If you do this open in the clear, you get trouble.  If you use a VPN, the effort to track you is most of the time too much of a hassle and too little gain for them to annoy you.  But don't use a VPN to organize a killing of a US president of course.

This is why you should consider your threat model.

You are right about the resources, but Anon or Vpn make little difference,
The only real protection is the one that comes from not standing out, being part of the biggest amount of users as possible in plain sight,
in other words , so much data is collected unless they have a reference point to cross reference you & your activities , it will go unnoticed no matter what you do.

The enemy of privacy has always been the cross referencing.

Using Tor or Anon will be a reference point, that is used in cross referencing your activities.
(It will act as a spotlight instead of camouflage.)
http://themerkle.com/fbi-can-obtain-a-warrant-if-you-run-tor-come-december/

To be anon, You have to get Fake IDs, setup a Fake Background, rent a place with the fake id & use the fake bank account you setup.
Don't forget to be in disguise during all of this, and get out of their before your activities bring in the Gov Officials.
And if you do all of that it does not matter what coin, you use , because the only thing you really care about, them finding out who you are is anon.
True Anon is a Life Style not something a coin can give you.

 

[DOPECOINRULES]

can you dev a coin with a fork from inception? if you can then why dont  they

[eaLiTy]

Thanks everyone for answering a question I didn't actually ask.


Is it so hard for people to put aside their agenda to answer a fucking question. I asked about the actual transaction nothing about IP addresses and postal addresses...damn. Did you think I thought a crypto currency would magically make my home address disappear? And who said anything about using a bank account?

Here in bitcointalk you could hear a variety of answers  hope you found the answer by now,in my opinion Monero ,Digitalnote,Zcash, bikercoin are billed as untraceable currencies. I would prefer Monero if i want to make an untraceable transaction.

[NeuroticFish]

Imho the Cryptonote coins are the closest ones to anonymous nowadays. There's Monero and many more.
Afaik they do the mixing using random other nodes from the network, so the chance they are compromised is slim.
Just you have to set in your transaction a high enough mixin. Afaik Monero enforces now at least 3, I don't know about others.

For Dash afaik you have to trust the masternodes that do your mixing are cont compromised.
For Bitcoin mixers you have to trust the mixer and I heard discussions that mixing too big amounts is not really possible / untraceable.
And there are other coins I don't know of.

Now, I just have some ideas on how these coins work, you should really check on the coin's ANN thread for more detailed and better explanation.


Also it doesn't matter which is 100% anonymous if your OS is tracking you. So there are many more things to add up to achieve 100% anon.

[Sall]

Time for the weekly update from the Team.

When we last reported I had completed the first cut of the brand new Anonymous Transaction System. This week I have been focusing on refining the first cut of code to make sure everything is accounted for and there are no possible errors. Everything seems to be working great so far and I have sent a bunch of successful transactions over the test net!

For anyone wondering how our anonymous system works, I would like to attempt to explain it. We are unlike any other Anon Crypto in the market and we are definitely not just DASH with extra bells and whistles as has been quoted in this thread. Hold on to your hats, this is the definitive answer of how our system works. It's complicated (and long sorry) but its important..

Instead of sending coins directly from Address A to Address B (like a regular Bitcoin), or from Address A through Addresses X,Y,Z to Address B (like a mixer or Dash), our system uses double encryption and a secondary block chain (Nav Subchain) to securely and fully anonymously send transactions through our network. From a user perspective its very easy to use. All you have to do is tick the "Send NAV Anonymously" box and click send. There's no pre-mixing, there's no command line gobbledegook. Just tick the box and press send.

When you choose to perform an anonymous send, firstly your wallet asks one of our Anonymous receiving servers via HTTPS for a short lived RSA public key. Address B is then encrypted by your wallet with the public key the receiving server sent. Address B is never broadcast from the Address A's wallet over the network in an unencrypted stated, not even over HTTPS which has been proven to be vulnerable (read: heartbleed). If you understand about RSA Public / Private keypair encryption, it is by nature asymmetric. The public key which we send out can only be used for encrypting. The public key is physically incapable of decrypting data so there's no security issue with broadcasting the public key to Address A's wallet over HTTPS. Only the server which issues the public key is able to decrypt with the private key, which never leaves the server and which are periodically deleted. So after a short period of time, it is literally impossible even for the server which sent the public key to decrypt Address B.

Once Address B is securely encrypted by your wallet, the coins are then sent from Address A to a wallet address owned by the Anonymous receiving server which provided the RSA Public Key to your wallet. The encrypted Address B is attached as an extra argument on the Nav Coin block chain transaction itself. There are no sql databases involved, all data storage is happening on the block chain and by the very nature of how block chains work, is decentralised.

When the receiving server sees the unspent Nav transaction in its wallet, it decrypts attached Address B with the private key which matches the public key it sent to Address A's wallet, then communicates to one of the Anonymous sending servers to repeat the initial task. It asks the sending server for its own short lived public RSA key which the receiving server then uses to re-encrypt Address B. The receiving server then creates a random amount of randomly valued transactions NOT on the Nav Coin block chain but on the Nav Subchain (which is an entirely separate block chain). These transactions all have a freshly re-encrypted version of Address B attached them and are sent to random addresses owned by the chosen Anonymous sending server.

When the sending server sees the unspent Nav Subchain transactions arrive in its wallet, it decrypts attached Address B, adds up the transactions, re-randomizes the number of transactions and transaction values and creates them as real Nav Coin transactions back on the main Nav Coin block chain. These coins are taken from an existing pool of Nav Coin which are stored on the server and are not the original coins sent from Address A.

In fact, the Nav which Address A sent are only ever used to replenish the Nav pool on the sending server for future transactions, they are never used in the same transaction chain as what end up in Address B. This is how we explicitly break the link between Address A and Address B on the Nav block chain.

Think of the Subchain as a transaction director rather than actually performing transactions itself. Receiving severs use the subchain to instruct the sending server who to send Nav to and how much to send.

The reason we use a Subchain as the transaction director between servers is that it maintains all the advantages of a decentralised block chain and none of the risks of relying on a corruptible, hack-able database server or direct (read: intercept-able) communication.

If someone were to literally burn our anonymous servers to the ground, as long as there is still a copy of the Nav Coin and Nav Subchain block chains out there somewhere, we can restore their wallet.dat(s) to new servers and they will resume exactly where they left off at the oldest unspent transaction in their wallet. Ahhh, the beauty of block chain technology! I don't miss the horrors of MySQL for one moment!

I've drawn this diagram as a (over) simplified way to visualise what I am talking about:

https://i.imgur.com/saHxf5T.jpg

The important points to remember are that the sent Nav and the received Nav can not be transactionally linked on the same block chain. Any information that is transmitted along the subchain is randomized and re-encrypted so it can not positively identified as connected to the original transaction on the Nav block chain. All encryption keys are only used for a short period of time and then deleted, making all expired transaction records impossible to decrypt.

I know this is confusing as hell if you're not a tech-wizard, Sophia and Mark are working on a layman's translation of this information for a press release as we speak.

For those who weren't around for the last iteration of the Anon system, here is what an anonymous transaction looks like in the transaction history:

https://i.imgur.com/PZSN9Nr.png

You can see at 28/08/2016 20:22 I send 100 NAV to address NegpeVty... (an anonymous receiving address) and then at 28/08/2016 22:13 I received 7 transactions of various amounts which total to ~99.4 NAV (100 - 0.5% anon processing fee - regular transaction fees).

If I open the transaction details of the sent 100 NAV you can see the encrypted Address B (which in this case was my own address) attached here to the block chain transaction as 'anon-destination':

https://i.imgur.com/p3anzYr.png

You will notice these sent to and receiving transactions are nearly 2 hours apart, this is only because I am running the Anon network in test mode where I am manually inspecting and running the scripts while I debug and refine the code. In reality it would be a maximum of around 5 minutes between Address A sending and Address B receiving.

In regards to my progress, you can see here I have successfully sent and received transactions through the new Anonymous network. I am finishing my refinements this week and myself and Shahim will begin to deploy and test this on the live network next week. Once we are happy the live network is operating without a hitch we will open it to the public for use. We have not set an official launch date yet as we do not have crystal balls to predict what problems may arise when we begin live testing. We will keep you all posted with our progress and attempt to release the live network as soon as is practical and safe.

Once the new anon scripts are live, I think that will jump us to approximately 80% complete on the decentralisation project progress. I will immediately continue to work on that with the intention of getting that released as soon as possible. Hopefully you can see that the nature of the technology is very complex in itself and when you combine attempting to safely decentralise the system, it becomes exponentially more difficult. However, I believe that I am very close to a working solution for decentralisation and am confident that I can get it out there within a reasonable timeframe.

In the mean time, Soopy has been working on a fix for some of the syncing issues users have been reporting on the desktop wallet as well as investigating the compiling issues of the OSX wallet. Soopy and Shahim have been testing the thin desktop client which we also hope to release soon. Sophia, Mark and Strugg have been working hard on our marketing strategy, preparing press releases and marketing materials for our upcoming feature releases (thin client, mac wallet, anon-relaunch and decentralisation).

Everyone is working hard to pull this all together and we are glad to have you all along for the ride as supporters, investors and friends.

Till next week, please keep the questions coming and we will endeavour to answer them all.

Talk soon,
Craig.

[dinofelis]

Imho the Cryptonote coins are the closest ones to anonymous nowadays. There's Monero and many more.
Afaik they do the mixing using random other nodes from the network, so the chance they are compromised is slim.
Just you have to set in your transaction a high enough mixin. Afaik Monero enforces now at least 3, I don't know about others.

It is a common misconception that monero is some "automated mixing without masternodes".  It is more subtle than that.  
As you probably know, in bitcoin, a transaction consists of saying which input transaction you use (by indicating this explicitly, and by signing with a signature of the secret key that goes with that former transaction output).  In a mixer, you make a transaction with several inputs *which are all really used*, but you pay back the same sums to the owners in new addresses.  In other words, you have, say, 3 inputs A, B and C (of identical amounts) and you produce 3 outputs (of same amounts) D, E and F.   The mixer doesn't say whether D came from A, from B or from C, but is is one of the three.  However, you KNOW that amongst D, E and F, there is A *FOR SURE*.

In a cryptonote transaction (such as used with monero), what happens is that there is a transaction from { A , B OR C} to D.  You have no idea whether A actually went somewhere.  A could very well NOT be used.   It could in fact be B who made a transaction to D, and A never moved his funds.  It is just that the original transaction, and the signature, were obfuscated in a ring signature scheme where two other random signatures (A and C) were picked from the block chain.

Note that there is no "mixer node" or anything involved.  The transaction sending wallet on your computer is the one using the extra signatures that it picks off from the block chain to compose a transaction containing this ring signature, composed of your real signature, and a few others picked from the block chain at random. (*)

So while the big difference is that in a mixer, {A, B, C} to {D, E, F} guarantees you that A moved his funds to one of D,  E or F, with a ring signature, if there is a transaction {A, B, C} to D, you have no idea whether A, B or C was the one moving his funds.  You know that 2 of the 3 are randomly picked signatures which have nothing to do with this transaction.

This makes "coin couloring" impossible, and makes all coins equivalent.
Indeed, suppose a "thief" has stolen funds in address B.  Suppose that exchanges and other people don't want the thief to use his funds.  They can now refuse all coins that have a transaction history including B.  Even if *you* wouldn't mind accepting them, YOU would be the one not able to spend them afterwards, so you are somehow obliged to boycott the "thief" too. Suppose that that thief uses a mixer.  You now know that D, E or F are the thieves' funds.  Now, idiots who mixed with the thief in the mixer can be punished, because you could now say that D, E AND F are boycotted.  Nobody is going to be willing to mix with the thief.  One could, in the end, implement a soft fork where transactions with a history leading to B are made non-accepted.

Consider the same story in monero.  The "thief" has his funds in B.  But just *any* transaction can randomly select B's signature to obfuscate just ANY transaction.  So a transaction where B's signature occurs, and which COULD possibly be B moving his funds, will UNAVOIDABLY occur, even if the thief doesn't do anything.  Sooner or later, his signature will appear, say, in a transaction G.  And somewhat later, the signature of G will also be randomly selected for another transaction H.  And so on.  After a while, MANY transactions will be "contaminated" by B's signature or its descendent transactions - while in reality, the "thief" may still hold his funds in B.   If we "block" all descendants of B's signature, then we end up blocking most of the transactions, while those have nothing to do with B.
So the longer you wait, the more B's signature will occur somewhere in the potential pasts of just any transaction, and there's no way to block B, even not with a soft fork.  This is what makes monero essentially fungible (which comes down to making past payments anonymous).

(*) you may ask how it comes that you need your private key to make a signature of your transaction, and that you can "pick random signatures off the block chain" while of course you don't know the private keys (but only the public keys which are the addresses).  This is the magic of ring signatures.   A ring signature needs ONE private key, and N-1 public keys, to fabricate a ring signature R.  Someone who has the N public keys (but no private key) can verify that there was a private key used to fabricate R, but he doesn't know WHICH of the N possible was the private key, and which were the N-1 public keys.  While only you have your private key, you can pick as many public keys (addresses) from the block chain as you want.
There's more to it, but this is the gist.

[dinofelis]

You are right about the resources, but Anon or Vpn make little difference,

I don't believe that.  If it were, they wouldn't fight it.  It would be the perfect honey pot.  Let people have TOR, let them have VPN, and let them think they are safe, and we can just read what they do and go after them.  The more TOR, the merrier for TPTB under your hypothesis.  While you're right that these tools only give limited protection, it DOES piss them off.

(unless we have to anticipate them more, and they will "fight" it, just to *seem* pissed off, and then they will "lose" the fight so that people REALLY think that they are safe, while all TOR traffic is immediately without cost decripted, sourced, and analysed by them, laughing their asses off).

My bet is that it DOES annoy them for sure.

BTW, as far as I know, TOR was NOT compromised as such.  TOR was DDossed which allows for some time correlation analysis if you happen to use TOR at that moment and one is watching your connections, but this is proper to any low-latency system, and TOR itself tells you that this kind of stuff is outside of their threat model even though they are now working on mitigating it to an extend.

[NeuroticFish]

...

This was a good read, thank you.
Just I am not sure, this is how all Cryptonote coins work, or only Monero? Or it is the RingCT they want(ed) to implement lately in Monero?
However, it sounds good.

[nextgencoin]

I'm fully aware of the global surveillance but I feel like some here have a Snowden complex thinking their every move is tracked...Sorry to tell you but your 10 bitcoins of Dash are not an NSA priority....dicks

[andrianregar]

well, i thing if we talk about coins, its not about "who first" my friend but this about "who highest value". well as i know bitcoin was first. why??? because nakamoto must call lawyer to proof his self his not develope bitcoin at first time  

[Ayers]

monero is truly anonymous, or zerocash which is coming, all those that use zero knowledge proof are real anon, bitcoin is only half anon instead

[dinofelis]

...

This was a good read, thank you.
Just I am not sure, this is how all Cryptonote coins work, or only Monero? Or it is the RingCT they want(ed) to implement lately in Monero?
However, it sounds good.

This is cryptonote.  RingCT is even more subtle: it also hides the amounts in the transaction, which was still a "privacy leak" of some sorts in the original cryptonote protocol: you could still see in the clear the *amounts* of transactions, which could be correlated with real-world purchases or earlier amounts. 

[dinofelis]

monero is truly anonymous, or zerocash which is coming, all those that use zero knowledge proof are real anon, bitcoin is only half anon instead

I asked this several times: can someone who knows, explain whether Zcash has *obligatory* anonymity (with or without optional disclosure), or just *optional* anonymity ?

Monero has obligatory anonymity, and optional disclosure.

It is very important to have obligatory anonymity or the anonymity isn't worth much.  This is also (amongst others) a problem with DASH for instance.  Anonymity must be "normal" and "by the masses not needing it" in order for it to work.  If only people needing it, use it, they stand out in the clear as needing anonymity.

[danherbias07]

And the thread became a country war using a keyboard.

Maybe a change in the thread title will make this informative. 

[Rockie1234]

Another good crypto note to look out for is DigitalNote since it offers the same ring signature transactions as monero as well as anonymous encrypted messaging.

Although I must say that it is ridiculous to expect a coin to be 100% anonymous. That is impossible and anything close to it would need tools that have nothing to do with crypto currencies.

[medusa13]

monero is truly anonymous, or zerocash which is coming, all those that use zero knowledge proof are real anon, bitcoin is only half anon instead

I asked this several times: can someone who knows, explain whether Zcash has *obligatory* anonymity (with or without optional disclosure), or just *optional* anonymity ?

Monero has obligatory anonymity, and optional disclosure.

It is very important to have obligatory anonymity or the anonymity isn't worth much.  This is also (amongst others) a problem with DASH for instance.  Anonymity must be "normal" and "by the masses not needing it" in order for it to work.  If only people needing it, use it, they stand out in the clear as needing anonymity.

due to the amount of recources it needs to create such a zcash transaction i dont think we will see a system where it is mandatory that soon.

[irishbeer]

Anon coins like dash and monero are not 100% anon? I thought they are all 100% anon.