<torir:matrix.org> I'm trying to think of situations where a government would choose to demand Outgoing View Keys (OVK) with the CARROT upgrade as opposed to simply banning Monero outright or forcing the use of a backdoored wallet that reports transactions. I can't really think of any. An OVK on its own doesn't provide useful information about r [... too long, see mrelay.p2pool.observer/e/zrTly78KbTRUMERW ]

<torir:matrix.org> Considering that a CARROT wallet has more features that just auditability, such as post-quantum forward secrecy for internal transactions, I think having CARROT as default is more sensible. If we are concerned about governments demanding keys, I think we need to rethink entirely how wallets are generated rather than merely tweaking the addressing protocol.

<torir:matrix.org> For instance, what if multiple full wallets could be generated from one seed, with each sub-wallet having its own seed and primary address? If these wallets could be nested endlessly, it would provide strong deniability, as no one could tell if a seed you provide is the actual seed, or a sub-seed of a different wallet.

<torir:matrix.org> You could probably already do that sort of thing today by hashing your existing wallet seed and turning that into a new wallet seed... but I don't know what sort of security properties that setup would have.

<torir:matrix.org> Personally I would love the ability to generate an OVK for only one account in my wallet, rather than for the entire thing.

<dgently:catgirl.cloud> Do people have only 1 wallet?

<torir:matrix.org> If you have a hardware wallet, maybe.

<torir:matrix.org> Managing multiple wallets can be a pain compared to the convenience of accounts, but I do manage multiple wallets.

<torir:matrix.org> It would be impossible to determine if someone has multiple wallets from OVKs alone, in any case, which is why I don't think governments would bother trying to do it. Or if they did, it would be bypassed as easily as people are bypassing age checks in the UK with VPNs right now.

<torir:matrix.org> Even if every wallet after FCMP++ was released immediately used CARROT, it would be an endless cat-and-mouse game for a government to try to surveil it with OVKs alone. Governments would eventually resort to bans or backdoored wallets.

<ofrnxmr:xmr.mx> > <@torir:matrix.org> Considering that a CARROT wallet has more features that just auditability, such as post-quantum forward secrecy for internal transactions, I think having CARROT as default is more sensible. If we are concerned about governments demanding keys, I think we need to rethink entirely how wallets are generated rather than merely tweaking the addressing protocol.

<ofrnxmr:xmr.mx> They can be. Its how ...offsets or passphrases work.. or encrypted seeds. I cant say i know the difference