Oddbean new post about login | logout “Bitcoin’s lack of privacy is not an accident & it’s not the result of negligence. It’s a deliberate choice, as cowardly devs & sellout community members deliberately ignore a decade of research & experimentation.” Nothing says “world's reserve currency ” like research and experimentation.... Given that Zcash and Monero have all had multiple inflation exploits that could have killed them completely, I'm happy to be called a coward for ensuring that our best chance at a digital currency doesn't get killed by a simple exploit. And yes, this choice is not due to negligence! Quite the opposite in fact. nostr:nevent1qqsrygggyvutgv99fy0seg04q4vlhqywsv0p4dm8c6fvhwpwdp0xvnqpz4mhxue69uhkummnw3ezummcw3ezuer9wchsygzsq4xs0ckd7v43qdth00vu7uue9f9wytu3c998vtha4fdlv86825psgqqqqqqs0hstxr
OK but you didn't address Dandelion+
There also good reasons why Dandelion isn't in Bitcoin Core (yet). But why do a simple google search to learn why if you can score engagement by complaining? This doesn't give me too confidence in the new publication, though of course I'm happy to be wrong. https://bitcoin.stackexchange.com/questions/81503/what-is-the-tradeoff-between-privacy-and-implementation-complexity-of-dandelion
speaking of Dandelion, has anyone yet made a stand-alone bitcoin P2P transaction broadcast tool using arti (https://tpo.pages.torproject.net/core/arti/ )? like https://github.com/laanwj/bitcoin-submittx but it wouldn't use a SOCKS proxy to an existing Tor daemon but handles the Tor network handling internally nostr:nevent1qvzqqqqqqypzpp59a0hkv5ecm45nrckvmu7pnk0sukssvly33u3wwzquy4v037hcqqs0pga3kvduve5rzvg2zhrqa5c5qdw2ad0rvdasnvgyu25lj5c83qsv9w79g
one one hand this would be the highest privacy transaction submission method, because it shares no state with any continuously running P2P daemon that may be fingerprinted or tracked over time by spy nodes on the other i'm not entirely sure, because if something connects to the Tor network just to drop off a transaction, that may raise some red flags and make it easier to perform some classes of timing correlations against
Related comment and pull request: https://github.com/bitcoin/bitcoin/pull/29415#issuecomment-1936003083
yes the thing is that this really depends on the threat scenario, which likely differs per person, and per country my impression from the Tor people has always been "it's good to run the entire node over Tor because that creates noise to hide the signal", but it also has drawbacks, eg the contents of your peers list and other things are very personal to your node and it's easy to expose those inadvertently or indirectly
Mmh, I can't recall anymore precisely and the code for it might be gone, but I think I at least used arti to submit tx to an electrum server.
Thx for sharing that. I wonder if this was the source of the DoS attacks on the Monero blockchain a few years ago. Either way seems those wrinkles have been ironed out, so not sure if this old stack exchange answer still applies.
1. I suspect Monero's mempool works differently from the Bitcoin Core implementation. 2. A lack of attacks does not mean the problem is solved.
1. Makes sense 2. Yeah but that's life. Sha256 is not provably secure. But because there are no known attacks we trust it
There's a massive gap between the confidence you can have in sha256 and that of the mempool of Bitcoin, let alone that of Monero (which has fewer incentives to be attacked, e.g. no second layer protocol that relies on it).
Monero has fewer incentives to attack it? Are you even serious? Hace you been sleeping under a rock for the last 5 years?
I'm smelling a strawman
On bitcoin you could literally steal money with a good mempool attack, by closing a lightning channel with a previous state in your favor and censoring your peer to broadcast the real final state. There's good money to be made. On Monero the only financial incentive is your government sponsored wage to de-anonymize users. It's motivating if got the job, but it's not like there's a sea of APT actors continuously looking on how to steal the cake, like North Korean Lazarus Group did on a bunch of ethereum L2 bridges (which I admit are much lower hanging fruits, but I'm sure one day they'll take a look into bitcoin L2s).
You can't spend unconfirmed transactions in Monero, so the mempool is much simpler.
this is the general theme, bitcoin has more considerations than just privacy, while monero has it as their marketing and can focus on it at the expense of everything else for one, syncing a monero node takes ages, and requires fast storage for the entire block chain instead of only a UTXO database, do people generally run their own monero node? if not and they're using some wallet provider, that's not great for privacy either also yes things like potential DoS attacks might fly under the radar for a more obscure coin, but wouldn't for bitcoin
Monero is also much simpler in many ways. Supporting L2's properly requires a surprising amount of work on mempool behavior, and of course, a script system that Monero just doesn't have. Of course, I think Bitcoin Core has overcomplicated certain aspects of mempool behavior. But even ignoring that disagreement it would _still_ be much more complex than Monero. I have a Monero node on my laptop – running in Qubes of course. On top of it being slow, the database implementation fragments the hell out of the disk image file due to how it does so many writes to arbitrary locations. One of these days I might just give up on that node... 😂
People in general run their own nodes. Are you talking about syncing your wallet or downloading the blockchain and staying in sync with the P2P network? Those two are distinct things in Monero.
i meant syncing the block chain (for a local wallet) how does the wallet-only sync work? is it some kind of SPV or electrum kind of mode, where it queries a node for transactions specific to it?
You scan through everything client-side, many monero wallets do this. There is no SPV and headers are not checked either.
So by "everything" you mean any arbitrary spam sent to you by some random guy on the internet? And you're performing something like ecdh on it to see if you're being paid?
So these "lite" wallets connect to a remote node and, query the transaction data from them through a rpc interface and scan through it on their side. They trust the remote node to speak the truth when scanning to not feed it fake transaction data. So in the worst case you might calculate a faked balance and transaction history.
Well in the worst case you use 100% until your battery dies and find nothing? Most bip158 light wallets don't do much checking either, their worst case is limited to downloading all blocks. Which in practice also means a dead battery an no transaction history.
Monero wallets are optimized to sync from the block height where the first incoming transaction happened. Even light mobile wallets like Cake will download block filters to avoid reliance on any Electrum-type of server. They also use a BIP39-style backup as default in all wallets including the full node/CPU mining one. Maybe you should give it a try, the amount of progress that they made is really impressive.
"really impressive" Those are all things Bitcoin wallets do. Heck, Bitcoin pioneered block filters. What's actually really impressive is implementing Lightning.
Speaking of implementing Lighting, Decred has built a much more reliable version of it which has nearly 0% failed payments. They also have base layer privacy. Haven’t heard anyone in Bitcoin speaking about it. https://www.youtube.com/live/jKDJ06Pgu9A?si=4XjrrWAgQYCCGfAs
🤖 Tracking strings detected and removed! 🔗 Clean URL(s): https://www.youtube.com/live/jKDJ06Pgu9A ❌ Removed parts: ?si=4XjrrWAgQYCCGfAs
Bitcoin Silent Payment syncing is shit compared to Monero. Even after recent improvements. I attempted for the 3rd time to give it a chance. Extremely slow.
Silent Payment syncing on a full node, which you should have anyway, should add less than 1% overhead. For light clients there isn't even a full spec yet on how to do that, so I'm not sure what mechanism you used. It should be comparable to bip158 sync. In any case Silent Payments are just a way to avoid address reuse, they're not trying to achieve the same thing as Monero.
Sure, ideally, but realistically the vast majority of users are not going to ever run a node. There are millions of Bitcoiners, yet only ~50,000 node runners at best. And the privacy implications are not as detrimental to Monero users for using a public node as they are for Bitcoin since amounts and receivers are still not visible to malicious nodes. Monero syncing is relatively fast even when using a public remote node, so not sure why it's so much slower for Bitcoin SP. Cake and Silentium are the only wallets that I know of right now that have Silent Payments Silent Payments also allow you to post a public address and still prevent third parties from knowing what addresses payments/donations are going to. It's essentially the Bitcoin version of Monero Stealth Addresses.
> And the privacy implications are not as detrimental to Monero users for using a public node as they are for Bitcoin Do you understand how BIP158 filters work?
Monero/Samourai/Red guys always just throw around podcast buzzwords they have no actual understanding of. No use argumenting, they will just throw more buzzwords.
The Joe-Roganization of technical discussion? :-)
What "buzzwords" were said?
Isn't BIP158 for querying a node without exposing all your addresses? I don't think it hides sender/amount/receiver from the public node when you broadcast the transaction does it? Correct me if I'm wrong
Transaction broadcast is a completely different issue than scanning. One shot Tor connections are a nice potential way to deal with that. Dandelion would be nicer, but so far nobody has implemented it in a DoS resistant matter. Part of the problem there is that the Bitcoin Core mempool is already extremely complicated, though I'm still hopeful that will improve, e.g. with cluster mempool. https://github.com/bitcoin/bitcoin/pull/29415
I mean it is still pretty relevant to the topic of using public nodes. Unless you're someone who plans on never broadcasting transactions. But looks cool
Notably, Monero has much simpler transactions and mempool policies than Bitcoin. So implementing Dandelion correctly is quite a bit easier.
But the sudden fall in the price of Monero(XMR) is alarming
Thanks for the explanation, Sjors! I was wondering: why don’t you join my show to explain why Bitcoin doesn’t have better privacy to provide fungibility to the monetary asset? Or better yet, explain why nothing out there (including Zcash’s Halo2 and MWEB) is good enough for Bitcoin. So that nobody ever assumes negligence or malevolence when it comes to protocol development, granted that the reasons are purely technical.
> why don’t you join my show Because of your behavior.
And also because I don't have time to study, for you and for free, a dozen protocols to figure out what trade-offs their marketing team isn't talking about that make it unsuitable for Bitcoin. That's not to say there's never something useful out there. Information does make it across, e.g. because developers talk to each other - less so through public debates.
Shitcoiners gonna shit
More journalist in this case. Vlad isn't good enough to make a living as a journalist without stirring up drama.
You don't care about privacy because you are a FED plant, Bitcoin had a inflation bug without any privacy implementation, you are not a coward you are a puppet of Israeli intelligence. You must be expelled from this community and not touch bitcoin code implementation never again. https://decrypt.co/39750/184-billion-bitcoin-anonymous-creator https://www.coindesk.com/markets/2018/09/21/the-latest-bitcoin-bug-was-so-bad-developers-kept-its-full-details-a-secret/
The difference between inflation exploits on privacy coins like Monero and Zcash, and inflation exploits on Bitcoin, is on Bitcoin because amounts are transparent it's practically guaranteed that the inflation will be discovered very quickly. With Monero and Zcash, if an inflation exploit is being used, your only sign might be the price falling. And that's certainly not a reliable indicator. nostr:nevent1qqszqwelxeyn8ckunqjr36tgjvnky50hrpvvh66smx7mrmcppvzynjspzpmhxue69uhkummnw3ezumt0d5hsygp5v5df8yknf0uaqe8rnu7pp0h0wj679rn3psrnyschk6ruf27haqpsgqqqqqqs095zdj
Wait... Bitcoin's price is falling right now... we have an inflation bug on Bitcoin?!?! 👀💀 /s
Simply because all supposed to be cryptographers or supposed to have notion in economics or computer science want to run a parallel Cash system to live up to Bitcoin or even surpass it: ‘I better understand the ideology behind Bitcoin.. Then, I could run a better electronic cash, more fluid & helpful than Satoshi!’ ... Bitcoin isn’t a private currency or derived from a private protocol!
I heard monero has a cryptographic way of determining total supply so that argument may not be valid
Yes there are ways to audit monero supply looking for a price fall is not one of them lol. Anyway exploits should be detected before they are used not the other way around like the ones that happened on Bitcoin on 2018 or the ones that happened on Monero before. https://image.nostr.build/e43e33ae2c6ee2a9add3e6f37fbd68fb53dea6ee9379feacacba076b7b812b43.jpg
This is cool. Where did you get this information about summing up with bulletproofs? Thanks.
This is so wrong. You can easy check the circulation from Monero but I think you don't understand it.
Clueless Bitcoin maxi at his best. I really winder why this guy is still accepted in the Bitcoin community. nostr:nevent1qqsyuq8cguks0np9h6w433aet4lv6ysz2rhv752f639pnvlkkl8x04spz4mhxue69uhkummnw3ezummcw3ezuer9wchsygxv4fvwxlyeepdute65q298rz75vjz7t57txdzkj8k2hq782h2gespsgqqqqqqsgsmc4y
math disagrees https://www.moneroinflation.com/
This is such bs
I think there's something wrong with the fork on some wallets.
Oy vey.
Expelled from the "community"? Lol.
I'm being nice when I say expelled btw. https://image.nostr.build/020cee50e6a224d07097aa49c456054d08e311200c235495ea7ceaca20703fe5.jpg
Remember the day we had 184 Billion Bitcoin?
An exploit that was discovered and fixed extremely quickly, precisely because the chain is transparent.
Indeed, by Satoshi but the exploit happened anyway.
The longer such an exploit goes unnoticed, the harder it is to undo. Think of all the ways the new money poisons innocent people's activities. All that undone, so many losers and for what? Because we didn't realise.
There was another inflation bug on 2018, there's no need to wait for it to be exploited to fix it same for monero. https://www.coindesk.com/markets/2018/09/21/the-latest-bitcoin-bug-was-so-bad-developers-kept-its-full-details-a-secret/ https://image.nostr.build/e14d83198e10859b2c4ccbfdacb843b72dd37d2c0ac6e10704e3bbad3a4bfca2.jpg
nostr:nevent1qqsps2k3e7npvg6rc7hzu63rlgk8zl2w3mg5gcv0xafz268r63vugscpzpmhxue69uhkummnw3ezumt0d5hsygp5v5df8yknf0uaqe8rnu7pp0h0wj679rn3psrnyschk6ruf27haqpsgqqqqqqsnaa0y8
Bitcoin was never meant to be private but anonymous. I don't know enough about monero to judge this system but when it comes to fiat, isn't not using banks handing cash under the table private enough?
Read chapter 10 of the Bitcoin whitepaper and Satoshi’s comments on ZK proofs from this Bitcoin Talk thread: https://bitcointalk.org/index.php?topic=770.msg9074#msg9074
Anonymous not Private Verified not Trusted I see your point through Satoshi's comments on ZK proofs, but the White Papers under Privacy section Chapter 10 reads, "by keeping public keys anonymous. The public can see that someone is sending an amount to someone else, but without information linking the transaction to anyone." Satoshi consciously made bitcoin an anonymous verified system rather than a private banking modeled trusted system. This is the opening of Chapter 10 in the White Papers, "The traditional banking model achieves a level of privacy by limiting access to information to the parties involved and the trusted third party. The necessity to announce all transactions publicly precludes this method..."
Nope. The technology was just not there yet. This isn't something you create out of the blue. It takes iterations, experiments and a truly private coin was hard to develop. You're talking like its some bible with words written on a gospel. This was little more than 16 years ago, you are still on time to understand the facts rather than biblical dogmas.
If you are so big into privacy, why don't you keep your comments private? Is it dogmatic to quote the bitcoin white papers? It is Satoshi's blueprint to his creation, how is that dogmatic? I think I lost what little intelligence I had reading your post. 🤢🤢🤮
Please stop promoting israeli currencies. They aren't even pretending that well to be private.
Please stop opening your mouth with nonsense and promoting Hamas shitcoins. Again, please stay private forever!
Privacy was one of the core goals of cypherpunks that predated and led up to the creation of Bitcoin As for advantages of using Monero over cash... -Can't use cash to transact instantly with anyone on the planet. -Can't carry arbitrarily large amounts. -More vulnerable to confiscation and theft. -More difficult to verify authenticity on-the-fly. -Issuance is centralized, unpredictable, and doesn't require PoW. -Not as easily divisible (Need to carry specific denominations and change) -Can't trustlessly exchange for crypto (no atomic swaps) -Can't have multiple people with simultaneous ownership and control over the same cash (multisig) note12acrktner7qftvhwnrnsgket3cgywk8dkrkmyfaq6rrlts2vfh5s33l9gh
i like a varied toolbox!
Me too
Ok Fed.
