-
m-relay
<basses:matrix.org> now I'm rethinking about the decision of writing a blog post about chainalysis, take a look on how Tor project handles such situation
blog.torproject.org/tor-is-still-safe
-
m-relay
<basses:matrix.org> being transparent is better than looking like you are trying to hide it
-
m-relay
<ofrnxmr:xmr.mx> Who's trying to hide anything? why would we acknowledge what we've already acknowledged
-
m-relay
<ofrnxmr:xmr.mx> Theres a whole youtube series about how to break monero, called breaking monero
-
m-relay
<ofrnxmr:xmr.mx> If you want to write a blog post,
github.com/monero-prohect/monero-site
-
m-relay
<basses:matrix.org> for the ones that don't know
-
m-relay
<ofrnxmr:xmr.mx> Nobody is stopping you
-
m-relay
<basses:matrix.org> I wasn't saying that I'm the one writing about it, rather someone one from MRL or knowledgeable.
-
m-relay
<ofrnxmr:xmr.mx> we dont pay 100k/yr to devs and reseaeches to they can spend 6hrs at 1.1xmr/hr to write a blog post that will be read by 14 people
-
m-relay
<ofrnxmr:xmr.mx> i'd prefer devs spend their time working on monero
-
m-relay
<basses:matrix.org> source on 14 people?
-
m-relay
<ofrnxmr:xmr.mx> And again, the fact is that monero is not perfect
-
m-relay
<ofrnxmr:xmr.mx> There are no guidelines on churning
-
m-relay
<ofrnxmr:xmr.mx> Weve been recommending against remote nodes _forever_
-
m-relay
<basses:matrix.org> or you are just throwing random made-up statistics?
-
m-relay
<ofrnxmr:xmr.mx> yes
-
m-relay
<basses:matrix.org> not constructive
-
m-relay
<ofrnxmr:xmr.mx> Neither is cheerleading
-
m-relay
<ofrnxmr:xmr.mx> Go write the post or find someone who has nothing better to do
-
m-relay
-
m-relay
<ofrnxmr:xmr.mx> ? Why would i care to be distracted by fud?
-
m-relay
<basses:matrix.org> perhaps you are not, but outsiders maybe
-
m-relay
<ofrnxmr:xmr.mx> is it true that decoys can be elimited? OF COURSE
-
m-relay
<ofrnxmr:xmr.mx> Its always been true
-
m-relay
<ofrnxmr:xmr.mx> Is it possible to use off chain data to trace the path of monero spending? OF COURSE! Its always been true
-
m-relay
<ofrnxmr:xmr.mx> If it wasnt, we would never had standardized ring size, increased ring size, planned to increase with seraphis, or threw that all away in favor of FCMP
-
m-relay
<ofrnxmr:xmr.mx> Rings are trash and always have been
-
m-relay
<ofrnxmr:xmr.mx> p2pool had to hard fork to stop damaging rings
-
m-relay
<ofrnxmr:xmr.mx> There are 2 mrl issues (108 and 109) that targeted the pollution of ribs via coinbase outputs
-
m-relay
<ofrnxmr:xmr.mx> The only thing that matters is that we get fcmp out the door
-
m-relay
<ofrnxmr:xmr.mx> Because there is NO fact based advice on how to best manage monero outputs
-
m-relay
<ofrnxmr:xmr.mx> Stealth addresses and CT (amounts) are the only things truly private in monero
-
m-relay
<ofrnxmr:xmr.mx> The tx graph is not
-
m-relay
<basses:matrix.org> Anyways, I think that being transparent through official mediums (like blog, which is turning into just a changelog) is the right approach instead of letting rumors spread, which also keeps your community knowledgable with current development/attack vectors so they can base their threat model correctly.
-
m-relay
<ofrnxmr:xmr.mx> The blog has a big post about fcmp on it
-
m-relay
<ofrnxmr:xmr.mx> "so they can" do what? They cant
-
m-relay
<ofrnxmr:xmr.mx> all they can do is use a _trusted_ onion node, or a node that they run themself
-
m-relay
<ofrnxmr:xmr.mx> sit back and wait for fcmp
-
m-relay
<ofrnxmr:xmr.mx> "dont use clearnet nodes without a vpn/tor" is common sense
-
m-relay
<ofrnxmr:xmr.mx> It doesnt matter how private your blockchain is if your connecting over clearnet to broadcast your txid directly to them
-
m-relay
<ofrnxmr:xmr.mx> Also, youre the only person in monero i see asking questions. Even chainalysis is having the video taken down _everywhere_
-
m-relay
<ofrnxmr:xmr.mx> Monero are the ones keeping the video circulating.
-
m-relay
<basses:matrix.org> Monero market itself as community-driven, there should be transparency about everthing going in community.
-
m-relay
<basses:matrix.org> wym?
-
m-relay
<ofrnxmr:xmr.mx> i mean, the video link has beem DCMA'd everywhere
-
m-relay
<ofrnxmr:xmr.mx> We've put up torrent, hosted it on personal websites, odysee, etc
-
m-relay
<basses:matrix.org> yea?
-
m-relay
<ofrnxmr:xmr.mx> We're the ones spreading the video around, because theres nothing new or exciting in it
-
m-relay
<ofrnxmr:xmr.mx> We have a hackerone telling ppl bot to use remote nodes from many months ago
-
m-relay
<basses:matrix.org> ik, but this irrelevant to what I was suggesting, it looks like the actual project is out of loop/not caring while the community do care.
-
m-relay
<ofrnxmr:xmr.mx> We had PSA's telling ppl bot to use remote nodes for years due to malicious high fee
-
m-relay
<ofrnxmr:xmr.mx> And the software itself (cli) warns users not to use remote nodes
-
m-relay
<basses:matrix.org> hackerone is a bug bounty platform...
-
m-relay
<ofrnxmr:xmr.mx> The community is spreading the video,
-
m-relay
<ofrnxmr:xmr.mx> "the actual project" == the community
-
m-relay
<nihilist:nowhere.moe> Yea i saw that, when you want to use a non-onion node it forces you to type a long argument lol
-
m-relay
<ofrnxmr:xmr.mx> I mean, it was disclosed on reddit
-
m-relay
-
m-relay
<ofrnxmr:xmr.mx> "this-is-probably-a-spy-node"
-
m-relay
<basses:matrix.org> Exactly, that is why I suggested that so monero community can have a legit source to share instead of comments scattered.
-
m-relay
<ofrnxmr:xmr.mx> Magic blog post
-
m-relay
<ofrnxmr:xmr.mx> New blog post "i thought we told yall to stop using remote nodes?"
-
m-relay
<nihilist:nowhere.moe> Perhaps a forum would better fit the need ? Like discourse ?
-
m-relay
-
m-relay
<nihilist:nowhere.moe> (Correct me if I'm missing the point)
-
m-relay
<ofrnxmr:xmr.mx> I think the post is like "water is wet"
-
m-relay
<ofrnxmr:xmr.mx> Why are we wasting writing blog post to explain things that are obvious
-
m-relay
<ofrnxmr:xmr.mx> the fud screenshot you posted has NOTHING to do with the video
-
m-relay
<ofrnxmr:xmr.mx> Its just dero "account model" fud
-
m-relay
<basses:matrix.org> that is opposite of what I'm saying, but yes, discourse is a lot better & reliable for managing long discussions/threads that Reddit and group messsaging platforms
-
m-relay
<ofrnxmr:xmr.mx> Dero, yknow, the chain that had everythinf incl amoints unravelled, and is still unfixed
-
m-relay
<basses:matrix.org> missing the point of the current discussion, but discourse is also a great idea that I suggested before
-
m-relay
<ofrnxmr:xmr.mx> Its called "dont feed the trolls"
-
m-relay
<ofrnxmr:xmr.mx> chainalysis didnt do anything special. And the ppl spreading fud are bag holders of a deanonymized chain
-
m-relay
<nihilist:nowhere.moe> I think torproject could be copied on that, they have a blog where they share the latest news, and they also have a discourse for their community
-
m-relay
<basses:matrix.org> acknowleding an issue doesn't imply "feeding trools"
-
m-relay
<basses:matrix.org> acknowleding an issue doesn't imply "feeding trolls"
-
m-relay
<ofrnxmr:xmr.mx> acknowledging what issue?
-
m-relay
<ofrnxmr:xmr.mx> Please explain what were acknowledging
-
m-relay
<ofrnxmr:xmr.mx> "dont use remote nodes"?
-
m-relay
-
m-relay
<ofrnxmr:xmr.mx> Old news
-
m-relay
<basses:matrix.org> some people are very over protective about Monero being hidden dev/not engaging with the community
-
m-relay
<ofrnxmr:xmr.mx> That CEX can keep track of the outputs the decoys that they own?
-
m-relay
<ofrnxmr:xmr.mx> old news
-
m-relay
<basses:matrix.org> yes, a reminder
-
m-relay
<ofrnxmr:xmr.mx> we have one every 3 months
-
m-relay
<basses:matrix.org> where?
-
m-relay
<ofrnxmr:xmr.mx> The spam that caused a "black marble" attack was like 4 months ago
-
m-relay
<nihilist:nowhere.moe> Could be a "best opsec practices" section somewhere, saying that to maintain anonymity its best to do x y z
-
m-relay
<ofrnxmr:xmr.mx> There isnt any
-
m-relay
<basses:matrix.org> was there a blog post about it?
-
m-relay
<ofrnxmr:xmr.mx> Dont use remote nodes, uae onion nodes if you must
-
m-relay
<ofrnxmr:xmr.mx> Idk, you read the blog, not me
-
m-relay
<ofrnxmr:xmr.mx> We have list.getmonero.org as well
-
m-relay
<ofrnxmr:xmr.mx> But its pretty much dead
-
m-relay
<basses:matrix.org> there is not, could have written about it as he was the one researched about the spam attack
-
m-relay
-
m-relay
<basses:matrix.org> other than that you will keep news agencies claiming "anonymous sources" etc for info regarding some specific
-
m-relay
<basses:matrix.org> other than that you will keep news agencies claiming "anonymous sources" etc for info regarding some specific situation
-
m-relay
<ofrnxmr:xmr.mx> Some news channel claimes that MAGIC is in charge of the technical direction of monero
-
m-relay
<basses:matrix.org> there's no need to continue arguing about a transparency issue and being more engaging in with the community
-
m-relay
<ofrnxmr:xmr.mx> Write the post!!
-
m-relay
<basses:matrix.org> yes, that is what I'm talking about
-
m-relay
<basses:matrix.org> someone from MRL or that keeps up with MRL discussions
-
m-relay
<ofrnxmr:xmr.mx> Mrl doesnt discuss this
-
m-relay
<basses:matrix.org> bruh wtf
-
m-relay
<basses:matrix.org> u reply before thinking for 1 sec?
-
m-relay
-
m-relay
<ofrnxmr:xmr.mx> mrl doesnt discuss off chain tracing using 9yr old methods
-
m-relay
<basses:matrix.org> >Chainalysis capabilities video.
-
m-relay
<nihilist:nowhere.moe> Frankly, the Achilles heel that chainalysis is targeting here, is the trust people have in centralised exchanges
-
m-relay
<ofrnxmr:xmr.mx> and remote nodes
-
m-relay
<nihilist:nowhere.moe> It is from that, mainly that they can do stuff
-
m-relay
<ofrnxmr:xmr.mx> You dont have to run a cex to own the output distribution
-
m-relay
<ofrnxmr:xmr.mx> You can just spam the network
-
m-relay
<ofrnxmr:xmr.mx> And keep track of every output that you created and control
-
m-relay
<ofrnxmr:xmr.mx> You can also dust wallets of potential targets and perform EAE if users arent paying attn
-
m-relay
<ofrnxmr:xmr.mx> Literally hours of videos from sarang and sgp are better training vids than chainalysis
-
m-relay
<monerobull:matrix.org> way easier to just have the FBI ask the CEX on your behalf though
-
m-relay
<monerobull:matrix.org> and free!
-
m-relay
<ofrnxmr:xmr.mx> Spamming outputs to yourself doesnt cost a lot either
-
m-relay
<ofrnxmr:xmr.mx> especially if the goal is just to create black marbles while avoiding block size increase (using lowest fee, and cycling)
-
m-relay
<monerobull:matrix.org> its still free vs spending
-
m-relay
<ofrnxmr:xmr.mx> And not as useful lol
-
m-relay
<monerobull:matrix.org> they didnt even bother to run proper fake nodes which would have cost what? $30 per month? and those are very useful, in fact, their most useful asset
-
m-relay
<ofrnxmr:xmr.mx> cex data is nice, but 50% of tx vs 99% is a big diff
-
m-relay
<ofrnxmr:xmr.mx> They literally did tho
-
m-relay
<monerobull:matrix.org> you need to spam a loooooooot to get 99% tx
-
m-relay
<monerobull:matrix.org> they proxied to other real nodes
-
m-relay
<ofrnxmr:xmr.mx> no. You need to spam 110ktx/day
-
m-relay
<ofrnxmr:xmr.mx> Type, 90*%
-
m-relay
<ofrnxmr:xmr.mx> They disnt tho
-
m-relay
<ofrnxmr:xmr.mx> that was playing devils advocate
-
m-relay
<monerobull:matrix.org> they did though
-
m-relay
<ofrnxmr:xmr.mx> they disnt
-
m-relay
<ofrnxmr:xmr.mx> The node is still up and isnt proxied afaict
-
m-relay
<monerobull:matrix.org> or am i retarded and dont understand the digilol article
-
m-relay
<ofrnxmr:xmr.mx> And they have THOUSANDs of ips pointing at their own real nkde
-
m-relay
<ofrnxmr:xmr.mx> Digilol spoke to rupee who claimed he didnt control those ip's anymore
-
m-relay
<monerobull:matrix.org> so they have one real node and a bunch of proxies
-
m-relay
<monerobull:matrix.org> even without the video leaking, that could have been discovered
-
m-relay
<ofrnxmr:monero.social>
96.43.139.226
-
m-relay
-
m-relay
<ofrnxmr:xmr.mx> Not in the list
-
m-relay
<ofrnxmr:xmr.mx> This is 1 of like 10 nodes that rupee controlled where the ip was supposedly "lost"
-
m-relay
-
m-relay
<ofrnxmr:xmr.mx> If its proxied to another node, it still makes 0 sense for them not to run the node themselves, with the ability to tamper with relay times and decoys
-
m-relay
<ofrnxmr:xmr.mx> I'm sure they didnt have 100s or 1000s of nodes, but they likely had that many ips proxied to their node
-
m-relay
<ofrnxmr:xmr.mx> I also wouldnt be surprised if they were running the majority on --public-node IPs (simple/bootstrap mode)
-
m-relay
-
m-relay
<ofrnxmr:monero.social> These nodes were in the video and are still active today
-
plowsof
--public-node is opt in , nuff said
-
plowsof
Makes sense from a personal privacy / resource perspective but its reducing the pool of available nodes for simple mode
-
plowsof
The problem cant be solved can it. Trusted nodes can still be spy nodes unless you can see the server before your very eyes
-
m-relay
<ofrnxmr:monero.social> Trust nodes = people you actually trust
-
m-relay
<ofrnxmr:monero.social> Not some fake trust
-
m-relay
<ofrnxmr:monero.social> public-node has to be opt-in, because it can obliterate your data cap
-
m-relay
<ofrnxmr:monero.social> Which is also why its a dream honeypot
-
m-relay
<ofrnxmr:monero.social> Bad actors nodes likely ALL have it enabled
-
m-relay
<ofrnxmr:monero.social> I wouldnt mind if --public-mode was killed altogether
-
m-relay
<ofrnxmr:monero.social> You can use boostrap mode and specify a daemon. No reason to tell advertise rpc to random strangers over p2p network
-
m-relay
<ofrnxmr:monero.social> I really see absolutely NO good reason for --public-node. It doesnt even need a replacement, just kill it with fire
-
m-relay
<ofrnxmr:monero.social> 1. Local node
-
m-relay
<ofrnxmr:monero.social> 2. Enter a node that you trust
-
m-relay
<ofrnxmr:monero.social> nobody needs "use random rasp pi or honeypot"
-
m-relay
<321bob321:monero.social> Me i have lollies
-
m-relay
<basses:matrix.org> Candies*
-
m-relay
<321bob321:monero.social> Thats merica!
-
m-relay
<basses:matrix.org> wording matters, or you will get caught in 4k 📷