01:23:25 Hi, I'm new here, do you have any suggestions for a monero wallet, I don't know the types. Please help, thank you. 01:26:04 what sort of user are you? 01:33:09 <321bob321:monero.social> Apple/andriod/Linux/windows,GUI,CLI 04:34:20 I suggest command like monerod if you can handle it 😄 06:51:11 Yep, the cli tools are great. 06:51:11 If you can't handle those (which is not an insult), you can use the GUI apps. From GUI frontends among such projects I've seen, Monero definitely rules. 12:47:36 Consider using Zcash 12:47:43 Monero is vulnerable after OPSEAD and is no longer secure 12:48:59 o_0 12:49:18 there's a reason why damn near nobody uses zcash 12:49:37 despite it being older and in theory more established 12:51:39 No one will use Monero soon. Monero shills are hiding the discovery of OPSEAD. Once OPSEAD becomes more well-known, DNMs will switch to Zcash. Ring signatures are not secure compared to zk-snarks 12:52:39 Monero had a good run 12:53:02 zcash: It's spelled OSPEAD! 12:54:08 Monero is vulnerable after OSPEAD and is no longer secure 12:54:20 No one will use Monero soon. Monero shills are hiding the discovery of OSPEAD. Once OSPEAD becomes more well-known, DNMs will switch to Zcash. Ring signatures are not secure compared to zk-snarks 12:54:34 Fixed jajaja 12:59:00 Monero was always vulnerable, btw, and the shills were lying to you. Zcash is seriously better 12:59:34 It's why Edward Snowden chose Zcash over Monero 13:07:10 (: https://bitinfocharts.com/comparison/transactions-xmr-zec.html#alltime 13:08:29 You're just like the Bitcoiners who show a chart of BTC/XMR whenever valid criticisms come up against BTC 13:08:57 one of the most important aspect of money is having other users to interact with =p 13:08:59 No one from this community has provided a valid criticism against Zcash. It's just dubious arguments about transaction numbers, centralization (when everything is open source and free), or misinformation 13:09:17 I'm just playing, why would anyone seriously engage a troll? 13:09:26 u show up here and say "debate me or I win" lmao 13:09:44 You don't understand how zkp work. Zcash doesn't use vulnerable decoy transactions like Monero 13:10:34 I've never even heard of zcash 13:10:59 Because of the shills' efforts 13:11:04 Can you link me some papers that talk about its security strategies and threat models? 13:11:14 And what it does to protect against those models 13:11:24 Yeah because it's not even in the top 100, has a for profit company behind it that takes 10% of mining rewards.... and wait, did they abandon PoW yet? smdh 13:12:02 No, I won't participate in that kind of shilling. I don't know if it's allowed here. I'm not a paid shill like some Monero supporters. DYOR 13:12:06 shit I remember when XMR and ZEC were like the same price, but Electric Coin Company dumps on y'all hard af 13:12:32 I'm just here to say Monero isn't vulnerable, Zcash is an option 13:12:40 I'm just here to say Monero is vulnerable, Zcash is an option 13:12:42 so true 13:13:05 I'm legitimately asking for information about how zcash works 13:13:06 thanks for sharing 13:13:10 Is that shilling? 13:13:33 try the ZEC channel 13:13:39 Yes, because I have to provide links to Zcash resources and sites on a Monero channel 13:13:57 I feel like most of us are adults and can handle criticism 13:14:03 wownero is better than zcash 13:14:06 yeah Shuroii stop shilling zcash 13:14:07 And posting resources can hardly be considered criticism 13:14:23 1 WOW = 1 WOW 13:14:26 🙏 13:14:49 Proof that Monero is vulnerable: https://github.com/Rucknium/OSPEAD 13:15:43 This guy shows up to FUD us with research that the XMR community paid for 13:15:46 hilarious 13:15:48 here shuroii https://www.reddit.com/r/Monero/comments/1hcv37n/a_comparison_of_moneros_privacy_with_fcmp_versus/ 13:16:05 I do 13:16:30 One of many vulnerabilities. You also have to watch Breaking Monero, and there are still some left that haven't been discovered 13:16:40 Shuroii: 13:16:57 zcash wallets cant even rotate the T addr 13:17:06 I'm committed to providing unbiased information 13:17:15 Rucknium (the author) is literally in the room with us bro 13:17:29 I think this post doesn't have an accessible source; I'm prompted to sign into X if I want to read more than just the image 13:17:35 Surely zcash has a paper? 13:17:54 Breaking Monero was also made by community members. Nobody hides anything 13:17:57 zcash has a more centralized supply allocation than the federal reserve 13:18:27 By all means watch it, I recommend it to people all the time 13:18:49 https://safereddit.com/r/Monero/comments/1hcv37n/a_comparison_of_moneros_privacy_with_fcmp_versus/ Shuroii 13:19:11 Breaking Monero was created by a one individual from the Monero community, while the other person is connected to law enforcement (FBI) 13:19:40 How can someone claim zcash to he decentralized when it has a 20% tax on emissions 13:20:00 False 13:20:06 Shuroii: before you ask, https://xcancel.com/iAnonymous3000/status/1867117434718568747 13:20:12 ??? 13:20:13 Thanks, but the Reddit page wasn't what I took issue with; the actual meat of the discussion was on the thread posted on X, which us behind a- 13:20:16 Thanks! 13:20:30 You haven't kept up with Zcash developments in some time, and I can tell 13:20:50 Whats zcash' dev tax rate today? 13:21:26 0% 13:21:58 The Zcash Foundation is actually facing financial challenges, and it's not without its flaws 13:22:18 Source? 13:22:25 DYOR 13:22:33 I can't post links 13:23:07 This isnt TG. You can post links 13:23:34 Zcash Foundation? What happened to Electric COin COmpany 13:23:48 All i'm getting is "plans" to reduce (which they've been promising for many years) 13:24:01 Did they switch over to Proof of Stake yet btw? That's about when I actually did stop following development 13:24:10 It still exists 13:24:53 PoS = Poop on Stick 13:24:58 This is interesting, I'd like to read more about FCMP. Moreover, the thread mentions shielded transactions are optional. Isn't that a pretty big flaw? 13:26:38 No, not really. Unlike Monero, Zcash doesn't use decoy transactions 13:26:59 Isn't a big requirement of shielded transactions that it has other shielded transactions to hide themselves with? 13:27:08 yes 13:27:12 Shuroii is on to something 13:27:14 Or am I understanding the thread wrong 13:27:33 This reminds me a lot of PKCE in OpenID Connect 13:28:00 anonymity pools are bad 13:28:01 Where it's technically optional to implement, but not implementing it means you're left open to a suite of MITM attacks 13:28:05 I think the standard ZEC wallet went to shielded by default when Halo2 launched 13:28:11 That's good 13:28:33 what happened to all the tx that were exposed? 13:28:54 But what about malicious users intentionally disabling this security feature? Would that have an effect on the privacy of shielded transactions? 13:29:07 Unless you interact with a cex 🥲 13:29:18 I think Monero's layered approach is good though like, even if Ring Signatures are completely broken, addresses and amounts stay hidden. Plus I notice mr zcash is avoiding talking about fcmp. I don't see how ZEC possible remotely catches up in adoption before fcmp, even ignoring everything else 13:29:22 I feel like that'd be a pretty reasonable attack; make fake fog with transactions that go back and forth 13:29:36 zcash sir 13:29:45 Wheres source for 0% 13:30:10 Security should have a layered approach for sure; this is how it's handled in secure corporate environments 13:30:14 I even tried to askgpt 13:30:31 Don't put all your eggs in one basket, and all that 13:30:38 All i can find is a community vote saying to keep it 13:30:46 FCMP++ is super complex and the X post oversimplified it. It will heavily bloat the chain, increase transaction time for merchants/swaps, and there's still more to it 13:31:16 https://electriccoin.co/blog/eccs-position-on-the-zcash-dev-fund/ 13:31:17 Ended November of last year apparently 13:31:19 Obviously there's a requirement to compromise between speed/convenience and security 13:31:38 But I feel like fragmentation is a good thing in this case? 13:31:52 just kidding, 10% no longer goes to ECC but zcash foundation and.... grants committee still get some percent??? 13:31:59 so they just changed who the dev tax goes to 13:32:02 "It will increase transaction times to over 40 minutes for merchant and swap services 13:32:05 It will increase transaction times to over 40 minutes for merchant and swap services 13:32:23 nah we about to get transaction chaining it's gonna be sexy 13:32:23 Currency 1 could be more security focused whilst currency 2 makes some tradeoffs in favour of speed 13:32:47 Isn't that still faster than an average BTC transaction? I feel like I have to wait an eternity on mine 13:32:54 zcash: Are you getting your information from a LLM chat bot? 13:33:09 And where are you even getting that number from? 13:33:10 No 13:33:15 A lot of your info on FCMP is incorrect 13:33:24 No it isn't 13:33:43 FCMP tx sizes are smaller than Zcash Orchard txs 13:33:44 40 minutes as a flat increase? Will this get better or worse over time as more transactions are made? 13:34:01 And FCMP doesn't change tx confirmation times 13:34:49 It will require merchants and swap services with multiple inputs to consolidate their transactions, which can take up to 40 minutes or longer for many of them. As I mentioned earlier, this is just one aspect of the issue 13:35:25 The increase in transaction times is not flat; rather, it depends on the number of inputs 13:35:45 Oh, that. Only a very small number of txs would be affected by a max inputs rules. 13:35:53 I feel like this could be solved by just checking the timer on your transaction API and not chaining transactions if your API isn't being used enough to justify it? Or is this mandatory/should be mandatory for security? 13:35:59 It won't significantly impact most ordinary users 13:36:01 are you including consolidation transactions in the confirmation time somehow?? 13:36:24 That's why I focused on merchant and swap services specifically 13:36:34 It's mandatory 13:38:09 Seraphis/JAMTIS, a more efficient alternative to FCMP++, was abandoned in favor of FCMP++ due to the black marble flood attack vulnerability. Numerous security concerns... 13:38:27 What's the black marble flood attack? 13:39:12 https://electriccoin.co/blog/a-proposal-for-the-next-zcash-dev-fund/ posted right after 13:39:30 Using remote nodes introduces an additional risk of insecurity. To clarify, I recommend reviewing the OSPEAD and watching Breaking Monero, as well as forming your own informed opinion on which coin to use 13:39:40 @Rucknium your repository is very informative, thank you for posting it 13:39:45 I'll read through it when I can 13:39:58 Using remote nodes introduces an additional risk of insecurity. To clarify, I recommend reviewing the OSPEAD report and watching Breaking Monero, as well as forming your own informed opinion on which coin to use 13:40:15 spam early 2023 is suspected to be a black marble attack. This attack consists into placing a lot of outputs on the chain that you know is belonging to you in an attempt to reduce the security margin of decoy selection (since you can eliminate in future transactions outputs decoys that you know is belonging to you) 13:40:36 Still better than using electrum 13:41:01 I see 13:41:26 Rucknium made a detailed analysis of the implication of a black marble attack in the condition of this spam that occured 13:41:32 This is wrong 13:41:40 Monero's Electrum wallet alternative is highly susceptible to a supply chain attack 13:41:45 Of course it is 13:41:49 I'm not familiar with zcash's systems, but is a similar attack possible on zcash? If it isn't, why not? 13:42:17 zcash transform lie or concerns into "unbiased informations" 13:42:41 Monero's Electrum wallet? 13:42:45 we don't have that 13:42:47 Seraphis/jamtis uses ringct. Its a more efficient version of ringct. Both seraphis and jamtis can bebused with fcmp 13:42:49 too bad 13:43:02 Feather Wallet 13:43:23 Feather Wallet have forked from Electrum long ago, so idk what is your supply chain attack concern about 13:43:26 No.. thats a normal wallet 13:43:35 from scratch? 13:43:37 Probably means Feather, whose UI is Electrum-like, yet doesn't use BTC's electrum server "backend". 13:43:39 thats nice 13:43:47 GUIX build process? 13:43:59 Did Feather ever start from the Electrum code base? 13:44:06 I mean, it doesnt use electrum servers, it uses monero nodes 13:44:10 Someone already tried to host a feather wallet phishing site. Didnt last long 13:44:32 i think it was just inspired by, but not sure 13:44:52 That's what I think, too 13:45:05 tobtoht can easily introduce a backdoor. It is only maintained by one developer and has not been audited. For all we know, the wallet could use insecure RNG to steal funds 13:45:26 When generating the polyseed 13:45:34 Do zcash and Monero both have a reference wallet to compare against one another? How do they have supply chain security? 13:45:51 I.E. signed builds/commits, transparent change history 13:46:10 If CI is used, where is that hosted, on whose hardware 13:46:12 sorry sir, Supply chain security is about third-party, not first-party 13:46:13 Is that signed in any way 13:46:15 Yes and yes ... 13:46:47 And feather is bootstrappable lol. 13:46:55 Fully reproducible 13:47:08 "Oh no! the maintainers of an application can backdoor it" => yes, yes that's not a vulnerability 13:47:10 How can I verify that the copy of the source code of say, Montero's GUI wallet, is not altered by the platform hosting it? 13:47:12 dumbass 13:47:25 That's great! 13:47:46 GUI on linux ans mac is reproducible 13:48:08 you verify the hashes of your build against the signed hashes 13:48:33 A wallet with insecure RNG can still be compiled and used, as long as it has not been rigorously audited it's not secure 13:48:56 I'll list the known vulnerabilities without getting into semantic debates 13:49:00 That's good 13:49:32 And what about the validity of those signatures? Have developers of these projects gotten compromised before? 13:49:56 feather actually has a very cool feature to let you use physical dice rolls as an additional source of entropy 13:49:58 Is there any protection mechanism in place for if a private key were to be compromised? 13:50:10 We have "build partied" where multiple devs produce the same binaries 13:50:22 That's cool 13:50:51 The signed hashes (for nearly allntop cryptos) are attested to and uploaded to a git repo by multiple people 13:50:53 yeah I participate in builds for Monero and feather and I'm nobody, it's an open process, more people the better 13:51:01 So if a developer were to produce a binary that differs from the rest despite using "the same" codebase, we'd be able to tell that they're compromised in some form? 13:51:06 Feather has build parties too 13:51:26 Yes 13:51:41 The hash would mismatch 13:51:43 Seems fair 13:51:53 zcash other FUD you have in mind 13:51:55 Is this standard practice for both zcash and Monero projects? 13:52:01 Who cares when there is only one developer with access to the codebase? What they can do is change the source code, introduce a vulnerability, and even if all builds are the same, it doesn't matter unless it's audited. Open source isn't magic 13:52:15 That's true 13:52:48 But if you're using software written and audited by only a single person for such a high security requirement situation, that may not be the right choice 13:53:13 And it may be wise for the developer of such software to invest in measures to prove they're not compromised 13:53:15 No one is actively reviewing all the libraries and code that tobtoht has written. I tried, but it's too long 13:53:24 Such as the aforementioned build parties 13:53:54 "too long" ;) 13:53:58