[XMR] Monero - A secure, private, untraceable cryptocurrency

[BanditryAndLoot]

All the above comments are correct. What I was talking about was about the ability of one specific authority to link your IP with your XMR address. Many people out there (including me for a rather long time) were using their exchange addresses for donations and/or transactions. Like you said, this is a fatal error. Sorry if I was misunderstood.

I agree with you, exchanges will have data that is linked to both your ip address and your account on their website. Apart from using email addresses that are not tied to you, and even possibly accessing the exchange from a vpn/tor service (or spoofed mac addressing), the incoming and outgoing transactions on the Monero blockchain will be tougher to link, in the future, with an ip address.

The ongoing work on the i2pd development, and (assumed?) future integration into the Monero client will make ip addresses unlinkable with addresses in the wallet, even though that would be very tough to do anyways even without i2p.

So, worst case is that the exchange can be asked to provide only proof of an account you managed to authorities, and not necessarily be able to provide proof that you owned the money in the account. I believe that will give an edge, if nothing else.

So your choice to claim ownership or not, is still largely in your own hands. Your choice to obscure your identity from involvement with Monero at all, that's a tougher issue that will require all parties involved to secure (Yourself, the monero client, and the exchange in this example). Fortunately, 2 out of 3 is mostly enough to obscure yourself quite effectively.

ADD:

Of course, if you were to purchase XMR on the exchange with an altcoin or bitcoin that you purchased with fiat money/something else, and never withdraw it from the exchange to your own wallet, then of course your movements can be identified, provided you use the same email address/ip addresses across accounts. This will also be addressed, as the tools of mass adoption are refined to the point where an average user feels comfortable and is capable of running the wallet software on their computer.

Perhaps large purchases might best be done by renting or purchasing mining equipment, as that can already be done through a vpn/tor service IIRC?

[1714200176]

1714200176

[1714200176]

1714200176

[1714200176]

1714200176

[1714200176]

1714200176

[1714200176]

1714200176

[macsga]

All the above comments are correct. What I was talking about was about the ability of one specific authority to link your IP with your XMR address. Many people out there (including me for a rather long time) were using their exchange addresses for donations and/or transactions. Like you said, this is a fatal error. Sorry if I was misunderstood.

I agree with you, exchanges will have data that is linked to both your ip address and your account on their website. Apart from using email addresses that are not tied to you, and even possibly accessing the exchange from a vpn/tor service, the incoming and receiving transactions on the Monero blockchain will be tougher to link, in the future, with an ip address.

The ongoing work on the i2pd development, and (assumed?) future integration into the Monero client will make ip addresses unlinkable with addresses in the wallet, even though that would be very tough to do anyways even without i2p.

So, worst case is that the exchange can be asked to provide only proof of an account you managed to authorities, and not necessarily be able to provide proof that you owned the money in the account. I believe that will give an edge, if nothing else.

So your choice to claim ownership or not, is still largely in your own hands.

ADD:

Of course, if you were to purchase XMR on the exchange with an altcoin or bitcoin that you purchased with fiat money/something else, and never withdraw it from the exchange to your own wallet, then of course your movements can be identified. This will also be addressed, as the tools of mass adoption are refined to the point where an average user feels comfortable and is capable of running the wallet software on their computer.

Perhaps large purchases might best be done by renting or purchasing mining equipment, as that can already be done through a vpn/tor service IIRC?

a. This is an extraordinary prospect; thanks for bringing it up. I do have a question though... Could the ISP of yours (provided they're aware) pinpoint your XMR transaction in some way? (ie: by sniffing header i2pd packages?)

b. This is the way I bought the majority of the stash of mine. I mine a little right now with a small office farm. Are you referring to the possibility of renting a botnet just for the mining purposes? Hmm... Depends who's door you're going to knock.

Addition for your consideration (rather old article but describes what I had in mind):
http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption

[BanditryAndLoot]

a. This is an extraordinary prospect; thanks for bringing it up. I do have a question though... Could the ISP of yours (provided they're aware) pinpoint your XMR transaction in some way? (ie: by sniffing header i2pd packages?)

Big data analysis is a big business. Currently, most of it revolves around creating scoring programs to capture targeted data, even if that data is encrypted in your TLS/SSL protocol using RSA, ECDH_ECDSA, ECDHE_ECDSA, ECDH_RSA, ECDHE_RSA, it's still collected and stored based on a multitude of scoring systems, for possible 'pinpointing' later. This means that one of the major movements we're seeing is a literal countdown, equivalent to the ball dropping on new years, of valid quantum computers being developed. After that, someone would have to develop a quantum algorithm for specifically breaking each one of those in the protocol, which also involves working this out mathematically before a valid implementation can even be attempted on the computer. That's just internet traffic, which likely has multitudes of levels of more juicy information in it than a Monero transaction right now.

I believe the way i2p would work with Monero, is that they would still possibly be able to pinpoint 'an' i2p package (not being able to identify what's in it, however), possibly from your ip address (which you can also obscure through a VPN). Anyways, that package would have a very tough time being tracked back to your ip address (someone else will be better able to explain i2p to you than me), but you should be able to use other things like mac address spoofing to give yourself even more unlinkability.

Long story short .. it would be a lot of work, and Bitcoin and likely every other Altcoin, along with just about every internet protocol in use, as well as most encryption standards in use today, would all likely be broken long before someone picks your individual transaction from your individual address (let alone even scored high enough to capture the data - blockchains are a little different though) from the blockchain, and links it to another of your individual transactions, and same address, as the encryption used to prevent double spending on these blockchains is not yet secure against quantum algorithms.

If that's not a lot of security in 2014, I really don't know what else to try for here

As for a quick answer to your question: Yes, but the timeframe in which they are capable of identifying exactly everything, is likely outside of a decade. Possibly even lifetime, but who knows! Even then, it still has to be economically feasible, so they likely aren't looking for Johnny buying weed. There's still a long way to go, provided everyone takes the right steps.

b. This is the way I bought the majority of the stash of mine. I mine a little right now with a small office farm. Are you referring to the possibility of renting a botnet just for the mining purposes? Hmm... Depends who's door you're going to knock.

I'd advocate for an investment of your own mining equipment, before ever contacting a botnet operator and buying from them directly, but it's your choice. Fortunately, they would also likely be privacy-minded as well, so at least there's that in common.

[macsga]

a. This is an extraordinary prospect; thanks for bringing it up. I do have a question though... Could the ISP of yours (provided they're aware) pinpoint your XMR transaction in some way? (ie: by sniffing header i2pd packages?)

Big data analysis is a big business. Currently, most of it revolves around creating scoring programs to capture targeted data, even if that data is encrypted in your TLS/SSL protocol using RSA, ECDH_ECDSA, ECDHE_ECDSA, ECDH_RSA, ECDHE_RSA, it's still collected and stored based on a multitude of scoring systems, for possible 'pinpointing' later. This means that one of the major movements we're seeing is a literal countdown, equivalent to the ball dropping on new years, of valid quantum computers being developed. After that, someone would have to develop a quantum algorithm for specifically breaking each one of those in the protocol. That's just internet traffic, which likely has multitudes of levels of more juicy information in it than a Monero transaction right now.

I believe the way i2p would work with Monero, is that they would still be able to pinpoint 'an' i2p package, possibly from your ip address (which you can also obscure through a VPN). Anyways, that package would have a very tough time being tracked back to your ip address (someone else will be better able to explain i2p to you than me), but you should be able to use other things like mac address spoofing to give yourself even more unlinkability.

Long story short .. it would be a lot of work, and Bitcoin and likely every other Altcoin, along with just about every internet protocol in use, as well as most encryption standards in use today, would all likely be broken long before someone picks your individual transaction from your individual address (let alone even scored high enough to capture the data - blockchains are a little different though), and links it to another of your individual transactions, and same address, as the encryption used to prevent double spending on these blockchains is not yet secure against quantum algorithms.

If that's not a lot of security in 2014, I really don't know what else to try for here

As for a quick answer to your question: Yes, but the timeframe in which they are capable of identifying exactly everything, is likely outside of a decade. Possibly even lifetime, but who knows! Even then, it still has to be economically feasible, so they likely aren't looking for Johnny buying weed. There's still a long way to go, provided everyone takes the right steps.

b. This is the way I bought the majority of the stash of mine. I mine a little right now with a small office farm. Are you referring to the possibility of renting a botnet just for the mining purposes? Hmm... Depends who's door you're going to knock.

I'd advocate for an investment of your own mining equipment, before ever contacting a botnet operator and buying from them directly, but it's your choice. Fortunately, they would also likely be privacy-minded as well, so at least there's that in common.

Part of what I do for living is dealing with security systems. I assure you there's none without a flaw; (correction:except it's offline) at least one that "somebody with the proper funds and equipment" won't be able to pinpoint who you really are. I've invested in XMR for various reasons, but mainly because of that possibility it offers. Let's see how it evolves. I've got a lot of faith to the people involved.

[BanditryAndLoot]

Addition for your consideration (rather old article but describes what I had in mind):
http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption

I didn't see this until after. That's a pretty decent article.

The National Security Agency has made repeated attempts to develop attacks against people using Tor, a popular tool designed to protect online anonymity, despite the fact the software is primarily funded and promoted by the US government itself.

They've failed to make the point that due to the fact that it was funded and promoted by the USG, it's likely still in use by the USG, albeit it's not likely TOR to them, but some standard that uses onion routing. It's probably been better developed for sure, but the infrastructure is likely similar, see here:

Militaries use Tor

Field agents: It is not difficult for insurgents to monitor Internet traffic and discover all the hotels and other locations from which people are connecting to known military servers. Military field agents deployed away from home use Tor to mask the sites they are visiting, protecting military interests and operations, as well as protecting themselves from physical harm.

Hidden services: When the Internet was designed by DARPA, its primary purpose was to be able to facilitate distributed, robust communications in case of local strikes. However, some functions must be centralized, such as command and control sites. It's the nature of the Internet protocols to reveal the geographic location of any server that is reachable online. Tor's hidden services capacity allows military command and control to be physically secure from discovery and takedown.

Intelligence gathering: Military personnel need to use electronic resources run and monitored by insurgents. They do not want the webserver logs on an insurgent website to record a military address, thereby revealing the surveillance.

While they don't mention specifically which military uses TOR, it remains an avenue for obscured communications for them. Likely, efforts to undermine the actual protocol would prove to be a double-edged sword. Additionally, being the original developers of the software with the most resources, they would logically stand to have the highest chances of breaking the protocol if it was possible to do so.

Really, the best known tactic they can apply is setting up as many exit/enter nodes as possible, and hoping that their own personal nodes are used randomly by a single user in a single session (timing attacks). This gives them the ability to track one single access, or communication, between you and whoever you're dealing with, and even then they'd still have to work around encryption if they couldn't subpoena the third party you were working with. As soon as you have a new 'identity' (every single time you access TOR, or whenever you click new identity), they have to wait until the same scenario occurs again. The chances of this happening decrease drastically with the number of enter/exit nodes on the network. So, its real shortcoming here is that it's just not being used enough yet. Of course, there's still some implementation issues to work out just like anything else, but the protocol is quite secure overall.

The other tactic they mention here:

The trick, detailed in a top-secret presentation titled 'Peeling back the layers of Tor with EgotisticalGiraffe', identified website visitors who were using the protective software and only executed its attack – which took advantage of vulnerabilities in an older version of Firefox – against those people. Under this approach, the NSA does not attack the Tor system directly. Rather, targets are identified as Tor users and then the NSA attacks their browsers.

Firstly, note that the outdated firefox browser was the weak link, an implementation issue which led to the knowledge of 'TOR usage'. This type of discovery would likely place your IP address at a high enough 'score' to record data. Again though, this can be mitigated very well by more users using TOR, which would deter continued tracking. Alternatively again, you can use mac address spoofing, so regardless of the IP packet monitoring, all of the data cannot be traced to your hardware, unless they were to break the encryption, or the site you were accessing was capable of being subpoena'd .. in which case they could possibly cross reference the users of their site that came in through known TOR nodes (some are unknown, like new ones), which would still leave you with plausible deniability if there were a large amount of their customer base using TOR, so they would have a tough time linking yourself to anything more than what you were already linked to.

Only through cross referencing multiple sites that came through TOR nodes could they even begin to link that you're the user using TOR that accessed that website from your ISP IP address, unless they had access to your computer (they likely can get this a different way than TOR).

Either way, Monero is working to integrate I2P. As a difference, I believe I2P lets you construct a type of anonymous whitelist, giving you the ability to 'discard' nodes that are questionable. Check here for info about that. Additionally, it looks like anyone running an I2P program becomes part of the network, where with TOR you have to provide a node specifically set up to handle network traffic (so you can do firefox, etc. without setting up a TOR node and instead just install the program on your computer). This leads to some heavy scaling issues, but for something with very little information going across the network like a crytpocurrency network, it sounds like a good match .. I just don't think you're gonna have everyone streaming videos on it 24/7.

Yes, everything has its trade-offs. I'm looking forward to where this ends up as well!

[kazuki49]

XMR bullish news (future) http://rt.com/business/200883-banking-secrecy-obsolete-berlin-tax/

[Jungian]

XMR bullish news (future) http://rt.com/business/200883-banking-secrecy-obsolete-berlin-tax/

And crypto in general. Tax heaven.

[Wekkel]

[macsga]

Either way, Monero is working to integrate I2P. As a difference, I believe I2P lets you construct a type of anonymous whitelist, giving you the ability to 'discard' nodes that are questionable. Check here for info about that. Additionally, it looks like anyone running an I2P program becomes part of the network, where with TOR you have to provide a node specifically set up to handle network traffic (so you can do firefox, etc. without setting up a TOR node and instead just install the program on your computer). This leads to some heavy scaling issues, but for something with very little information going across the network like a crytpocurrency network, it sounds like a good match .. I just don't think you're gonna have everyone streaming videos on it 24/7.

Yes, everything has its trade-offs. I'm looking forward to where this ends up as well!

Like I said on my first post that fired up all this conversation here: "NOTHING you're doing online is anonymous". The only thing we can do about it is taking our precautions; you see, I don't want to do illegal things with my money. I just want my invisibleness. Without it, most people who will own some serious amount of cryptocurrencies will have to change their lives for the worse when -and if- they go up the hill. I don't want my life to change. I also don't want some agency on my back hunting me down to get my XMRs or BTCs.

Just for the record though, if you seek for a good place to look for serious anonymity https://qubes-os.org/ is what you should look first (and probably last).
Maybe XMR implementation within this OS should be adequate enough for 99% of the users out there.

Cheers.

[akula999]

Hi All. I'm going to transfer some money into BTC tomorrow morning. I want to purchase some more XMR but I'm worried. Where is the bottom? .0017? .0016? .0015? Anyone have any idea ? I'm going to guess .0016 but who knows.

[owlcatz]

Hi All. I'm going to transfer some money into BTC tomorrow morning. I want to purchase some more XMR but I'm worried. Where is the bottom? .0017? .0016? .0015? Anyone have any idea ? I'm going to guess .0016 but who knows.

Nobody knows the bottom. reality bites, sorry.

[eizh]

Hi All. I'm going to transfer some money into BTC tomorrow morning. I want to purchase some more XMR but I'm worried. Where is the bottom? .0017? .0016? .0015? Anyone have any idea ? I'm going to guess .0016 but who knows.

You have two risks. One is permanent capital loss of course. The other is missing the boat because rises tend to be sudden, dramatic, and over very quickly (followed by a long stagnation or decay until the next explosion). Currently there's someone capable of dumping large quantities (>20k XMR) regularly and we don't know when this will stop. It's entirely personal how you want to balance that risk vs. the risk of missing out if it goes up and stays up.

[BanditryAndLoot]

Just for the record though, if you seek for a good place to look for serious anonymity https://qubes-os.org/ is what you should look first (and probably last).
Maybe XMR implementation within this OS should be adequate enough for 99% of the users out there.

That thing looks beautiful!

It just does so much .. automatically! And more!

FUTURE:
Support for deterministic builds

I can only imagine how insanely complicated proxy VM's could be used in a cloud-based Qubes would be to sort out who was who.

The
biggest problem here is that the Xen infrastructure, e.g. the Xen Daemon
(xend)'s management interface, has not been designed to allow for secure
control of Xen by an unprivileged user. So, there doesn't seem to be a
secure way to e.g. allow user Alice to talk to Xend in order to control
her VMs, but at the same time to not introduce huge attack surface that
might let her escalate to root.

Oh well.

No Samba yet though

Looks like a hell of a learning curve, but it's like Tails on steroids.

I'm kind of excited to try it out in a few days.

[Techone]

Hi All. I'm going to transfer some money into BTC tomorrow morning. I want to purchase some more XMR but I'm worried. Where is the bottom? .0017? .0016? .0015? Anyone have any idea ? I'm going to guess .0016 but who knows.

You have two risks. One is permanent capital loss of course. The other is missing the boat because rises tend to be sudden, dramatic, and over very quickly (followed by a long stagnation or decay until the next explosion). Currently there's someone capable of dumping large quantities (>20k XMR) regularly and we don't know when this will stop. It's entirely personal how you want to balance that risk vs. the risk of missing out if it goes up and stays up.

Well, actually one can know when this is going to stop.
There are only two entities dumping XMR right now in large scale on a regular basis:

1. A few large scale GPU miners --> they will stop dumping when there is another coin being more profitable to mine´n´dump. According to coinwarz this would be when XMR hits 0.0017
2. A guy from an exchange that filed for bankruptcy defrauding some of his former customers...[just my wild imagination of course, no accusations made, no names called]

[lakala]

I hope so.  I hate PoS

[burnbabyburn71]

Hi All. I'm going to transfer some money into BTC tomorrow morning. I want to purchase some more XMR but I'm worried. Where is the bottom? .0017? .0016? .0015? Anyone have any idea ? I'm going to guess .0016 but who knows.

It touched 15 on Bittrex a while ago, although Bittrex has basically no volume.

[e-coinomist]

Firstly, note that the outdated firefox browser was the weak link, an implementation issue which led to the knowledge of 'TOR usage'. This type of discovery would likely place your IP address at a high enough 'score' to record data.

Firstly, note that the "was outdated" excuse got installed after Snowden blown the lid of. Firefox is infected purposefully and on a whole. Each and every version.

Second, everybody who is a human "scores". You are a suspect regardless of your action. Labor camps are still due to construction.

Surveillance and forced work are the foundation pillars of every dictatorship. Watch Animals Farm, read 1984, then you know.
Have a nice day.

[bublik750]

Mintpal returned you coins?

[novag]

Mintpal returned you coins?

No.

[bublik750]

Mintpal returned you coins?

No.

xyeвo........
on Russian it means: "badly that did not return"