-
CEO_of_Linuxdo monero devs have any clue how kripos monero tracing works? is it suspected to be different from a dust attack?
-
br-m<gan:skhron.org> I thought it's already established that Monero isn't really vulnerable to dusting attacks?
-
Cindy_CEO_of_Linux: It could be real, or it could be the feds using this opportunity to create FUD and bluff again
-
CEO_of_LinuxCindy_ i don't think they can bluff in the court case tho. they need to show how they obtained the evidence
-
Cindy_Well there is no court case
-
Cindy_At least I haven't found one
-
Cindy_I'm betting 99% it's just crappy opsec and timing attacks on exchanges
-
Cindy_This isn't the first time they lied out of their ass, they like doing it so that they can create some FUD around technology and discourage people from even trying
-
CEO_of_Linuxseems a bit random for norway to do that
-
br-m<gan:skhron.org> CEO_of_Linux: You've read the news beyond its headline?
-
yanmaaniCindy_ there were arrests made, i presume there will be a court case sooner or later
-
yanmaanibut it's not amazon
-
Cindy_There are other ways of deanonymizing people than just attacking Monero
-
yanmaaniI wrote my theory above
-
Cindy_It's like having a giant fortified gate but your walls are made out of cardboard
-
yanmaaniI think that they have some kind of limited attack and found a clever way to use it
-
Cindy_yanmaani: What's your theory?
-
Cindy_I wasn't on here to see it
-
Cindy_Does it have to do with the coinbase outputs
-
CEO_of_Linuxcoinbase doesn't list monero
-
Cindy_Coinbase as in the first transaction where a output is created
-
Cindy_Not the company
-
CEO_of_Linuxah sorry
-
yanmaaniCindy_: If you look what they write, they use a very specific phrasing: "track the use of Monero in specific cases. This method ... enabled us to identify individuals who paid ... Kripos has also identified two sellers"
-
yanmaaniThey are clearly stating that they were able to identify buyers
-
yanmaaniWhile strongly hinting that the sellers were caught for different reasons
-
Cindy_So the sellers got the $5 wrench?
-
yanmaaniThe other thing is, maybe it's just how it got translated but
-
yanmaani"Track the use of monero"?
-
yanmaaniWhy not "track monero" or "track monero transactions"
-
Cindy_I think it has to do with the site they were using
-
yanmaaniSo my guess would be maybe some kind of side channel, maybe network related, OR
-
yanmaanisomething like, first they spent $10 on a site
-
yanmaanithen spent $10 elsewhere
-
yanmaaniThen spend $10 on that site again
-
yanmaaniWhoever runs that site can now make a very strong guess on which ring member was the real transaction.
-
Cindy_Ah yeah true
-
yanmaaniI'm not saying I'm confident of my theory, but it logically fits the details of their claims
-
Cindy_How would a side channel occur?
-
yanmaaniCindy_: Well if for example you broadcast transactions on clearnet, you do not use a VPN, and they simply monitor your network traffic
-
yanmaanithat sort of thing
-
Cindy_I mean wouldn't the timing be vastly different from when they made the offer?
-
Cindy_Oh
-
Cindy_Classic chainlytics attack
-
Cindy_Getting the txid and then tracking their IP along with it
-
CEO_of_Linuxthere are also the malicious nodes that were discovered which afaik nobody knows yet what kind of attack they were being used for
-
yanmaaniwell they also have more resources; they could theoretically do much worse
-
Cindy_That would make sense if they also had the sellers too
-
yanmaanilike "select * from isp where port = 18081"
-
Cindy_It would be plausible really, we're talking about pedophiles
-
yanmaaniand then just look at who makes outgoing data transactions on that port a few minutes before a transaction of interest enters the mempool
-
Cindy_They aren't really the smartest tool in the shed
-
Cindy_yanmaani: How would you know if someone made a transaction or was just trying to fetch new blocks?
-
Cindy_I'm assuming node traffic is encrypted (it would be dumb if it wasn't)
-
Cindy_So the signal would be polluted with block update requests
-
yanmaaniCindy_: well, a block download goes in the other direction :)
-
Cindy_Yeah I know but I mean users polling a node for updates
-
Cindy_Like "what block number are you on?" Over and over again
-
yanmaanithose requests should be smaller, no?
-
yanmaaniyou could also correlate it with the exact size of the transaction
-
CEO_of_Linuxdifferent package sizes, handshakes, timing, etc.
-
yanmaanias a transaction won't really compress well
-
yanmaani^
-
Cindy_True
-
yanmaanithere are defenses against it, im not aware of such techniques actually being used anywhere
-
yanmaanibut norway is a small country, i think ISP market is very concentrated
-
CEO_of_Linuxmullvad has DAITA for that
-
yanmaanistate owns major telecom
-
Cindy_I think TLS has some padding btw
-
Cindy_For the connection data
-
yanmaanithey also do some intense stuff "to protect the children"
-
CEO_of_Linuxthis is all assuming their wallet was connected to the clearnet. but they were obviously using tor, at least to access the dark web
-
Cindy_I don't know if it's to the extent to the size of an average Monero transaction
-
Cindy_CEO_of_Linux: DAITA is just connection padding
-
yanmaaniyeah, it's just a theory. if you want to get REALLY paranoid you can of course say, well if you look at all these tor users here, and then we look at who was connected when X Y and Z happened ...
-
yanmaanii mean it can't be more than few thousand people right?
-
yanmaanibut this is really too depressing to think of
-
yanmaanibecause even though it';s an admirable goal it implies mass surveillance has gone so far that you can just ...
-
Cindy_Yeah
-
CEO_of_Linuxnah Tor has a lot more users. all cybercrime operates on it
-
Cindy_On another topic (and I know I probably repeated it): payto:// now supports Monero
-
Cindy_I thought the GNU Taler guys would not like it, but uhh
-
Cindy_They didn't care much
-
CEO_of_LinuxI'm a bit confused tbh. because it's obvious LEA has some insane capabilities. they were insane in the snowden leaks, they only got better since then. but there seem to be very few busts compared to the horrifying amount of crime
-
CEO_of_Linuxi'm not really sure what's going on. there's some cognitive dissonace in all of this
-
CEO_of_Linuxi remember a few months ago there were two guys who threw a grenade inside a cafe in Paris then ran away. they live streamed the whole thing. they never got caught
-
CEO_of_Linuxhow is that possible
-
Cindy_Incompetence
-
yanmaanipeople shoot each otehr while livestreaming with their face and get away with it. and then there was the actually competent guy who killed the health insurance ceo
-
CEO_of_Linuxgotta use the good stuff to protect the ceos
-
Cindy_I hate how the EU gov completely nerfed GNU Taler
-
Cindy_It used to be privacy for the buyer, but now it has KYC and age verification
-
CEO_of_Linuxjust reading on taler now. it seems like it provides privacy only in so far as you trust the taler exchange to implement the blind signature protocol correctly?
-
CEO_of_Linuxany entity that interfaces with the fiat banking system is going to have to do KYC
-
Cindy_Not like it really matters because of the KYC
-
Cindy_Taler is just an extension of the fiat banking system, not a cryptocurrency
-
Cindy_A payment network/system or something
-
BlueyHealerYeah really curious to hear more about that because every time I heard about "tracing Monero" (like in the Chainalysis leak) there was a "gotcha".
-
BlueyHealerI recall one case where the culprit was exchanging exact amoungs on a cooperating swapper
-
br-m<jeffro256> Regarding the USA, the Roman Sterlingov case demonstrated that BS companies can hand wave away the rigorousness of their techniques and just tell the jury "trust me bro, the clusters are speaking to me". Also IDK about standards of evidence in Norway, where Kripos is HQ'ed. > <CEO_of_Linux> Cindy_ i don't think they can bluff in the court case tho. they need to show how they obtained the evidence
-
br-m<jeffro256> As far as it has been applied so far in the US, BS companies actually can sort of bluff.
-
BlueyHealerCindy_ | It used to be privacy for the buyer, but now it has KYC and age verification <- I recall watching a presentation on Taler and tbh I still don't entirely understand it. So what point is there now?
-
br-m<jeffro256> So far BS on transparent chains like BTC fails the Daubert Standard, but I guess that US courts don't care about that anymore
-
CEO_of_Linuxthe BS theory would work better for an individual caught using parallel construction. but this was a large operation that conssitently gave them multiple results
-
BlueyHealerOn one hand, I REALLY want for something less resource-intensive than crypto to fill the "non-KYC payment" niche, but at least this implementation is not it. I wonder if there's any way forward with the core technology?
-
CEO_of_Linuxthere are cryptos which aren't resource intensive. but they're not as robust i guess
-
BlueyHealerLike?
-
CEO_of_Linuxthe ones that use proof of stake
-
BlueyHealerAh, that. Yeah, that's kinda concerning. Also, is the resource intensivity that much lower? Either way, that seems so easily controllable so idk if there even is any point in that direction...
-
CEO_of_Linuxit's much lower yeah
-
BlueyHealerLike, I still hope that we figure something less resource-intense eventually.
-
br-m<jeffro256> Alledegely... > <CEO_of_Linux> the BS theory would work better for an individual caught using parallel construction. but this was a large operation that conssitently gave them multiple results
-
chiselfuseif i have a wallet seed and no key images or knowledge of whether any funds were ever present on it, would putting it in the gui show me all historical incoming transactions to it or would i have to manually force the gui to calculate all possible addresses in all possible accounts ((2^32)^2 i think?) for it to scan the blockchain for old incoming tx's to any of them?
-
br-m<rbrunner7> chiselfuse: If it's the seed of a wallet that was used "normally" it's enough to just restore and let the GUI wallet app do its work; just make sure to give it the correct restore height (before any transactions happened) and it will find transactions to the main "4" address and also transactions to subaddresses in any accounts that were used.
-
chiselfuserbrunner7: really? how does that work?
-
br-m<ofrnxmr> The lookahead generates/scans the first 50 account and 200 subaddresses of each of them
-
br-m<rbrunner7> Not sure what you mean with "really". If nothing really special happened with the wallet, accounts and subaddresses with low numbers were used, and it will catch those
-
br-m<ofrnxmr> If funds are found on any if those, the lookahead is offset by the last address or account with funds on it
-
chiselfuseofrnxmr: and if funds aren't found it stops after 50x200 accounts?
-
br-m<ofrnxmr> yes
-
chiselfuseofrnxmr: but isn't that unreliable? what if someone had used account 51 and none of the preceeding ones
-
br-m<ofrnxmr> Then you change the lookahead before scanning the block those txs were in, or when you create/restore the wallet
-
chiselfuseis there an option for that in the gui or do i use the cli
-
br-m<ofrnxmr> Use the cli
-
br-m<ofrnxmr> Easiest way is to use the commandline flag when restoring the wallet
-
chiselfuseofrnxmr: which commandline flag are you talking about
-
br-m<ofrnxmr:xmr.mx> Are you on linux?
-
br-m<ofrnxmr:xmr.mx> ./monero-wallet-cli --help | grep subaddress
-
br-m<rbrunner7> "but isn't that unreliable?" In theory, yes. As a prank, or to scam you, somebody can send funds to subaddress #1,000,000. You will never find those funds unless you get to know somehow which index was used.
-
br-m<rbrunner7> But under normal circumstances this all does not really apply and you could as well worry that in the next second an asteroid will hit your house, and that's the end of the story ...
-
chiselfuseofrnxmr: oh, i thought you were talking of a cli flag to the gui
-
chiselfuserbrunner7: yea i guess. i still wonder how expensive it would be to scan (2^32)^2 addresses just to be exhaustive
-
chiselfuseafaik the account is int32 and so is the address index
-
br-m<rbrunner7> I am pretty sure that with the way it's currently implemented your RAM would not be enough to hold the necessary lookup tables, and even if, preparing those tables might take days.
-
br-m<rbrunner7> Seraphis (which won't get implemented) had a way to solve this problem, interestingly, but the necessary data was one of the reasons Seraphis addresses would have been very long.
10 minutes ago