13:03:53 Hi all, what would the implications be of a snoopy actor knowing the true spend in a ring, if one’s public key never appears on chain? How useful is it to be able to probabilistically trace true spends, if you don’t know the wallets from which the spends originate? 13:11:37 You don't trace the wallet, you trace individual outputa 13:11:40 s/outputa/outputs/ 13:12:01 And when outputs show up together, you know they belong to the same wallet/person 14:13:10 Thank you for the reply endor. So the best a snoopy actor can infer is that a group out outputs belong to one individual, but since one’s address doesn’t appear on chain they would need information from exchanges or vendors to figure out the public key of the suspect right? 14:14:05 Basically, probabilistic tracing enables them to determine outputs that belong to one individual/group, but they can’t determine who this actor is without external information from something like a Crypto exchange right? 14:26:28 IMHO, stealth addresses without ring signatures are overrated. 14:27:17 >they can’t determine who this actor is without external information from something like a Crypto exchange right 14:27:17 This is also mostly true for Bitcoin and other similar UTXO coins, too. 14:27:42 Monero's ring signatures are critical for privacy. 14:29:52 And careful decoy selection is critical to defeat probabilistic analysis of ring members. 14:30:15 But of course I would say that since I am working on improved decoy selection :) 14:36:56 "IMHO, stealth addresses without..." <- there's talks of stealth addresses for bitcoin. means fuck all since users will just merge inputs after receiving them anyway 14:39:44 I mostly agree. BCH has reusable payment addresses, which are bitcoin version of stealth addreses, in a beta stage of development: 14:39:50 https://news.bitcoin.com/reusable-payment-addresses-new-tool-to-provide-more-privacy-in-bitcoin-cash/ 14:40:49 Reusable payment addresses + CashFusion (a CoinJoin implementation) does provide some privacy. 15:00:49 I understand your opinion here and I defer to you here as you are more familiar with the technicalities. However, it’s true that a snippet needs some external information right? Or are stealth addresses not very strong / deterministically broken? 15:01:00 Snooper* 15:02:20 But a noticeable difference between Monero and Bitcoin is that your pubkey does appear on chain in Bitcoin, but not in Monero? 15:04:15 You need to make a distinction: which public key? 15:13:38 Signing off for now...going to go debug a few things... 16:30:19 "I mostly agree. BCH has reusable..." <- at least BCH is open to privacy improvements 16:30:48 "Reusable payment addresses..." <- thats essentiall stealth address + ring sigs on monero. the missing part is encrypted amounts 16:31:04 s/essentiall/essentially/, s/missing/secret/, s/part/sauce/ 16:31:32 has BCH ever considered CT? 16:39:20 r4v3r23: Confidential transactions have been discussed, but there is no consensus for it now. I don't see it happening in the forseeable future. The BCH community likes privacy, but they also like being able to add up the total supply on a "calculator". There are big UX trade-offs with enforced enhanced privacy, too. 16:47:01 A primary address starting with a 4 or a sub address starting with an 8 that you generate locally. It seems like the “snoopy person” would only be able to gain substantial information if they could link one time address associated with outputs to a primary or sub address. 16:47:16 Not sure if you guys have any comments regarding that 17:19:13 Go watch the breaking monero series 17:19:39 A lot of cases have been covered