<andrea_togni:matrix.org> Hello, sorry for the very late reply. I was reading through the debate on OVK, and some random and naive and non-technical considerations came to mind:

<andrea_togni:matrix.org> 1) The bogeyman scenario is described as "hypothetical". However, it is a fact that regulators use wrong technical arguments to put people in jail (see Samourai and Tornado), that BS companies get a lot of government money claiming they are able to track funds, which is not true even for bitcoin, and that BS companies provide [... too long, see mrelay.p2pool.observer/e/3LuCkOEKbjhCX29q ]

<andrea_togni:matrix.org> 2) Wrt "sheep", it must be taken into account that the majority of people falls in this category, and that widespread sheep-like behavior may become extremely dangerous for all users. See the covid madness for reference.

<andrea_togni:matrix.org> 3) It seems that current view keys are almost as powerful as OVK. However, someone may see this as an argument against current view keys and not in favor of OVK. If the claim is that OVK are easier to use for well-intentioned people than IVK, this holds also for malicious regulators.

<andrea_togni:matrix.org> 4) It's true that regulators may just "ask" for the spending keys (and indeed they are trying to push this). However, in the West there is some (pretty weak) resistance to outright property confiscation (see the years-long debate on the use of Russian assets in European banks), and basically no political resistance to p[... more lines follow, see mrelay.p2pool.observer/e/3LuCkOEKbjhCX29q ]

<rbrunner7> As I see it, the most important, and most dangerous scenario is not merely "Exchanges have to ask for OVKs". Before the scenario becomes dangerous, it must go much, much further.

<rbrunner7> So far exchanges have simply and without fuss dropped Monero as soon as there was some regulatory headwind. With an OVK collecting rule, they may simply continue to do so instead of actually starting to collect OVKs. So the scenario contains the IMHO improbable component that no, they don't drop, but continue to support Monero, and take on the additional burden to collect OVKs.

<rbrunner7> We have exchanges the world over. If only a few regulators start demanding OVK collection, you can still just take an exchange in another country. So the scenario contains the IMHO improbable component that basically all the regulators the world over will act in unison regarding OVK collection.

<rbrunner7> Even with OVK collection, you as as user can simply start to create many new wallets to mostly evade and have wallets with again secret OVKs at your hand. The scenario contains the IMHO improbable component that people won't do that.

Remember post FCMP++ collecting many keys doesn't allow statistical decoy analysis

<rbrunner7> Only if some parties manage to build up massive collections of OVKs, covering a sizable number of all existing Monero wallets, only then you can effectively start to pressure people regarding clean and dirty Monero. E.g. with the exchange refusing your XMR because they arrived in your wallet from a wallet that did not itself a [... too long, see mrelay.p2pool.observer/e/q-jfkOEKb1QwVkJ0 ]

Output tagging also does not work similarly

<rbrunner7> Such massive collections in single hands are an IMHO improbable component of a really dangerous scenario.

rbrunner7: and in this case you don't need OVK, just IVK

<rbrunner7> Yeah, some massive collections of IVKs to the job almost as nicely of course.

<rbrunner7> No, this is a "bogeyman" of enormous proportions, if 5 of 6 already very improbable things must happen all together until it gets really dangerous.

<rbrunner7> And well, if you want to be afraid about regulators starting to ask about seeds before you are allowed on exchanges, that little gem of a danger needs only a single improbable thing to happen: That regulators stop to care about some established property rights.

<rbrunner7> Can we please worry about things that are more probable by several freaking magnitudes and just let our devs continue to implement OVKs? Thanks for your attention to this matter lol.

<jberman> @andrea_togni:matrix.org: 1. The boogeyman arguments are described as "hypothetical" because they are the dictionary definition of hypothetical. It's a hypothesized scenario that does not exist. View keys (with virtually the same properties in the vast majority of cases) exist today and are not required by any businesses.

<jberman> 2. For those of us who are not sheep, improving security primarily (and usability secondarily) for users is how to help foster and strengthen a sound parallel economy. You shouldn't let your fear of sheep limit security.

<jberman> 3. "If the claim is that OVK are easier to use for well-intentioned people than IVK, this holds also for malicious regulators." You claimed malicious regulators use wrong technical arguments to put people in jail. By your own logic, OVK vs. IVK should make no difference in that regard, yet still no boogeyman requires it today, nor does anyone willy nilly give their view key out.

<jberman> 4. "and basically no political resistance to privacy violation" This is false, have you heard of the crypto wars? See Junger v. Daley, see Bernstein v. United States. There are plenty of more recent examples as well.

<jberman> 5. "At the very least, this "side-effect" should be communicated transparently to the community" -> 3 years ago, I delivered a 40+ minute presentation on this and explicitly acknowledged this argument as a con of the key: youtube.com/watch?v=dw6GKFhKKBE

<321bob321> Its quit offensive calling people sheep when you live in a non oppressive country

<321bob321> There are valid concerns with giving the option

<jberman> People who give up their private keys to appease regulators are sheep whom I don't mind offending

<jberman> Please take offense

<untraceable> Based

<321bob321> Sounds like regulator

<321bob321> Sheep are the ones who comply

<jberman> @321bob321: yes

<rbrunner7> I for one can forgive @jberman:monero.social to use that controversial term. It's still clear what he means, and his arguments look sound to me. On Reddit, the dev team was repeatedly accused of being "compromised" - I survived that as well.

<321bob321> Talking about the option not the people

<andrea_togni:matrix.org> I guess the disagreement is on the perception of the regulatory attack. To me it seems wrong to overestimate the adversary and think that they will carry out a highly sophisticated attack. It is more probable (or at least not so unlikely) that they see a new feature and just say "let's exploit it", even if the way they do it m [... too long, see mrelay.p2pool.observer/e/8YuFmuEKVWhYR0Zx ]

<hbs:matrix.org> 1/ Add OVK to information transmitted as part of the Travel Rule - just a vote away, invoke AML / CFT > <@rbrunner7> Such massive collections in single hands are an IMHO improbable component of a really dangerous scenario.

<hbs:matrix.org> 2/ Add OVK to information reported as part of DAC8/CARF reporting - same

<hbs:matrix.org> 3/ Set up cross country exchange of collected OVKs - rather easy to pass

<hbs:matrix.org> 4/ there you have the massive collection, and in many of hands

<hooftly:matrix.org> You can institute the same rule with the same process and just impose it on wallets right now to all build an exportWithTransaction() function that sends key images with the view key every TX.

Has the following question been asked and is it answerable?

How many OVKs, I guess % wise, need to be collected in order to jeopardize other monero users privacy?

I assume the scenario is with FCMP++

It might help in putting the various views presented here in perspective.

Is this actually a useful question?

<kayabanerve:matrix.org> Everyone's? FCMPs remove the contamination risk from rings.

jeopardizing others was one of the arguments

so it all comes down to how people deal with the rules made by regulators

<ack-j:matrix.org> The chain reaction attack dies with fcmp++

<ack-j:matrix.org> github.com/monero-project/research-…ability%20in%20CryptoNote%202.0.pdf

<one-horse-wagon> @hbs:matrix.org: Let's look at your nightmare scenario. Let's assume regulators and BS companies now have 90% of all the OVKs. I'm in the 10% that never gave up my OVK. If I send or receive XMR to someone in my 10% group, regulators can see absolutely nothing. If I send or receive XMR to someone in the 90% group, regu [... too long, see mrelay.p2pool.observer/e/6NjSoeEKUHFIZlpN ]

<one-horse-wagon> If you are foolish enough to give up your OVK, you compromise only yourself.