So we've all been seeing a lot of hype around XSPEC on this forum, some members claiming it's a scam, others calling for proof, I've put this together to give my take as a senior software developer on what I feel proves it.
First off, a member on here under the name gunner833 found some interesting points about the xspec developer, you can view these findings here:
https://bitcointalk.org/index.php?topic=2839833.02 key points from this thread, the developer is in his 20s yet has claimed to have 20+ years experience, the developer also owned a bar for 2 years which wen't bankrupt, leaving him with $90,000 in tax debt... you can read his thread for more details, you can also see the shills claiming this isn't a big deal or just a small white lie, make your own mind up on this.
Now putting that aside, let's look at what xspec actually is:
It's a complete mirror copy of Shadow Cash and the Umbra wallet, they've changed some colours and the logo/name from the Umbra source code, picture below gives an idea
Shadow Cash is a dead project, initially XSPEC made no claims of their coin being a fork of this project, they've been called out for this and admit it is, but claim they're making improvements to ring signatures and have added obfs4 to the project.
Doing a bit more digging, I wanted to see what these improvement claims were and also wanted to see how they've implemented obfs4 to their coin, I was very shocked with what I found, even for what I consider a scam project they've done such little work it blows my mind.
Now remember, XSPEC is open source and their project is on github, you can view the full commit history of the project which also proves they only have 1 developer for any one questioning this, here is what I found by going through their code commits:
1. The "ehancements" made to ring signatures:
Here is a code snippet of the only changes in their source code relating to ring signatures, here is the original code from Shadow Cash
if (!wallet->AddAnonInputs(RING_SIG_2,
This bit of code uses a ring size of 2 in shadow cash, now let's look at the "enhancements" made by Spectrecoin
if (!wallet->AddAnonInputs(nRingSize == 1 ? RING_SIG_1 : RING_SIG_2,
So what we have here for those who can't read code, "if value of nRingSize is equal to 1 then use a ring size of 1 other wise use a ring size of 2"
So what has changed? pretty well nothing, they've allowed for a ring size of 1 which is a bad move, a ring size of 2 is stronger than a ring size of 1, Monero has a minimal ring size of 5 I believe.
Here is another code change commit by XSPEC, they've changed this from Shadow Cash
tr("Confirm send coins"), tr("Are you sure you want to send?\nRing size of one is not anonymous, and harms the network.").arg(formatted.join(tr(" and "))), QMessageBox::Yes|QMessageBox::Cancel, QMessageBox::Cancel);
To this
tr("Confirm send coins"), tr("Are you sure you want to send?\nRing size of one is not anonymous.").arg(formatted.join(tr(" and "))), QMessageBox::Yes|QMessageBox::Cancel, QMessageBox::Cancel);
They've removed this message from the warning alert "and harms the network"
So the so called enhancements to ring signatures are anything but, and to me it looks more like an absolute nothing change just for the sake of saying "I've changed it", he's made the anonymity weaker by reducing the ring size, perhaps he views transaction speed marketing as something more important than anonymity on a stealth coin, a smaller ring size = less secure but faster, larger = more secure but slower, this change could of been performed by a very junior developer in a few minutes, yet this downgrade is being pushed as one of the big changes
2. obfs4 implementation:
This is the second biggest point around XSPEC, they've implemented obfs4 which Shadow Cash did not have, you can find open source code online for obfs4 implementation so I wen't digging through the XSPEC code expecting to find this, what I found blew my mind, here is the code snippet which shows you the obfs4 implementation in XSPEC
if (stat("obfs4proxy.exe", &sb) == 0 && sb.st_mode & S_IXUSR) {
clientTransportPlugin = "obfs4 exec obfs4proxy.exe";
}
#else
if ((stat("obfs4proxy", &sb) == 0 && sb.st_mode & S_IXUSR) || !std::system("which obfs4proxy")) {
clientTransportPlugin = "obfs4 exec obfs4proxy";
To sum up what this small block of code does, it executes the obfs4proxy.exe process, there is absolutely no code in XSPEC for the obfs4 other than executing an exe file, now let's take a look where this .exe file came from
\Tor Browser\Browser\Tor\Pluggable Transports\obfs4proxy.exe
So if you install TOR on your computer, you'll find the obfs4proxy.exe file in the TOR Pluggable Transports folder, so this great obfs4 implentation by XSPEC is nothing more than taking an executable file from TOR which runs along with the wallet, just like it does the TOR browser
That alone is enough to prove to me this is a very very shady project, so I've dug through pretty well all of their commits to see if they've actually done any work over the last year, extremely surprised no one has brought this up yet, but their changes are as follow:
1. Changing wallet colour, version numbers, the name and logo
2. Upgrading to newer versions of libraries
3. Executing the TOR obfs4 executable
4. Allowing for an insecure ring size of 1
All up the above changes are less than a days work for even a mid level developer, the interesting part of going through their commits is there are actually examples of nothing commits, cutting code, moving it up a few lines and recommitting just to increment the number of changes shown on GitHub.
The biggest body of work they've done is their donation platform and website.. very shady if you've got time to setup a donation platform but do no work on the actual coin.
Also the developer has made claims of big things coming in Feb, here we are in March and we see no changes on Github, no new version, no changes, just the prior things I've listed above.
The other concerning thing is the poor spread on this coin, you can view it's richlist and see the top 10 hold over 30% of XSPEC and the top 20 hold over 40%.
We will see shills in here trying to pick at the most minor detail of this post, but let me just start off by asking for some one to explain the above code findings? If you've come here to defend this coin then realise the code findings are what this thread is mostly about, so I want to see some points around that rather than the typical garbage from the XSPEC shills.