one one hand this would be the highest privacy transaction submission method, because it shares no state with any continuously running P2P daemon that may be fingerprinted or tracked over time by spy nodes

on the other i'm not entirely sure, because if something connects to the Tor network just to drop off a transaction, that may raise some red flags and make it easier to perform some classes of timing correlations against 

 Related comment and pull request: https://github.com/bitcoin/bitcoin/pull/29415#issuecomment-1936003083 

 yes the thing is that this really depends on the threat scenario, which likely differs per person, and per country

my impression from the Tor people has always been "it's good to run the entire node over Tor because that creates noise to hide the signal", but it also has drawbacks, eg the contents of your peers list and other things are very personal to your node and it's easy to expose those inadvertently or indirectly 

 👀 

 Mmh, I can't recall anymore precisely and the code for it might be gone, but I think I at least used arti to submit tx to an electrum server. 

 1. I suspect Monero's mempool works differently from the Bitcoin Core implementation.
2. A lack of attacks does not mean the problem is solved. 

 1. Makes sense
2. Yeah but that's life. Sha256 is not provably secure. But because there are no known attacks we trust it 

 There's a massive gap between the confidence you can have in sha256 and that of the mempool of Bitcoin, let alone that of Monero (which has fewer incentives to be attacked, e.g. no second layer protocol that relies on it). 

 Monero has fewer incentives to attack it? Are you even serious? Hace you been sleeping under a rock for the last 5 years? 

 I'm smelling a strawman 

 
On bitcoin you could literally steal money with a good mempool attack, by closing a lightning channel with a previous state in your favor and censoring your peer to broadcast the real final state. There's good money to be made.

On Monero the only financial incentive is your government sponsored wage to de-anonymize users. It's motivating if got the job, but it's not like there's a sea of APT actors continuously looking on how to steal the cake, like North Korean Lazarus Group did on a bunch of ethereum L2 bridges (which I admit are much lower hanging fruits, but I'm sure one day they'll take a look into bitcoin L2s). 

 You can't spend unconfirmed transactions in Monero, so the mempool is much simpler. 

 Monero is also much simpler in many ways. Supporting L2's properly requires a surprising amount of work on mempool behavior, and of course, a script system that Monero just doesn't have. Of course, I think Bitcoin Core has overcomplicated certain aspects of mempool behavior. But even ignoring that disagreement it would _still_ be much more complex than Monero.

I have a Monero node on my laptop – running in Qubes of course. On top of it being slow, the database implementation fragments the hell out of the disk image file due to how it does so many writes to arbitrary locations. One of these days I might just give up on that node... 😂 

 LMDB is far better than Berkeley databases, I think youre just lying about your storage disk or using some primate HDDs lol 

 People in general run their own nodes.

Are you talking about syncing your wallet or downloading the blockchain and staying in sync with the P2P network? Those two are distinct things in Monero. 

 i meant syncing the block chain (for a local wallet)

how does the wallet-only sync work? is it some kind of SPV or electrum kind of mode, where it queries a node for transactions specific to it? 

 You scan through everything client-side, many monero wallets do this. There is no SPV and  headers are not checked either. 

 So by "everything" you mean any arbitrary spam sent to you by some random guy on the internet? And you're performing something like ecdh on it to see if you're being paid? 

 So these "lite" wallets connect to a remote node and, query the transaction data from them through a rpc interface and scan through it on their side. They trust the remote node to speak the truth when scanning to not feed it fake transaction data. So in the worst case you might calculate a faked balance and transaction history. 

 Well in the worst case you use 100% until your battery dies and find nothing?

Most bip158 light wallets don't do much checking either, their worst case is limited to downloading all blocks. Which in practice also means a dead battery an no transaction history. 

 * 100% CPU 

 Monero wallets are optimized to sync from the block height where the first incoming transaction happened. 

Even light mobile wallets like Cake will download block filters to avoid reliance on any Electrum-type of server. 

They also use a BIP39-style backup as default in all wallets including the full node/CPU mining one. 

Maybe you should give it a try, the amount of progress that they made is really impressive. 

 "really impressive"

Those are all things Bitcoin wallets do. Heck, Bitcoin pioneered block filters.

What's actually really impressive is implementing Lightning. 

 Speaking of implementing Lighting, Decred has built a much more reliable version of it which has nearly 0% failed payments. 

They also have base layer privacy. 

Haven’t heard anyone in Bitcoin speaking about it. 


https://www.youtube.com/live/jKDJ06Pgu9A?si=4XjrrWAgQYCCGfAs 

 🤖 Tracking strings detected and removed!

🔗 Clean URL(s):
https://www.youtube.com/live/jKDJ06Pgu9A

❌ Removed parts:
?si=4XjrrWAgQYCCGfAs 

 Bitcoin Silent Payment syncing is shit compared to Monero. Even after recent improvements. I attempted for the 3rd time to give it a chance. Extremely slow. 

 Silent Payment syncing on a full node, which you should have anyway, should add less than 1% overhead.

For light clients there isn't even a full spec yet on how to do that, so I'm not sure what mechanism you used. It should be comparable to bip158 sync.

In any case Silent Payments are just a way to avoid address reuse, they're not trying to achieve the same thing as Monero. 

 Sure, ideally, but realistically the vast majority of users are not going to ever run a node. There are millions of Bitcoiners, yet only ~50,000 node runners at best. And the privacy implications are not as detrimental to Monero users for using a public node as they are for Bitcoin since amounts and receivers are still not visible to malicious nodes. Monero syncing is relatively fast even when using a public remote node, so not sure why it's so much slower for Bitcoin SP.

Cake and Silentium are the only wallets that I know of right now that have Silent Payments

Silent Payments also allow you to post a public address and still prevent third parties from knowing what addresses payments/donations are going to. It's essentially the Bitcoin version of Monero Stealth Addresses. 

 > And the privacy implications are not as detrimental to Monero users for using a public node as they are for Bitcoin

Do you understand how BIP158 filters work? 

 Monero/Samourai/Red guys always just throw around podcast buzzwords they have no actual understanding of. No use argumenting, they will just throw more buzzwords. 

 The Joe-Roganization of technical discussion? :-) 

 Not sure about Joe Rogan, but the red guys are probably more offensive, as if you insult them directly when you introduce them to the concept of technical tradeoffs using their thing as example. 

 What "buzzwords" were said? 

 I don't know how Cake and Silentium work exactly. There is no standard yet for light clients, so claiming that non-standard experimental software is slow, is just not that relevant. Let's wait and see. 

 Isn't BIP158 for querying a node without exposing all your addresses? I don't think it hides sender/amount/receiver from the public node when you broadcast the transaction does it?

Correct me if I'm wrong 

 Transaction broadcast is a completely different issue than scanning. One shot Tor connections are a nice potential way to deal with that.

Dandelion would be nicer, but so far nobody has implemented it in a DoS resistant matter. Part of the problem there is that the Bitcoin Core mempool is already extremely complicated, though I'm still hopeful that will improve, e.g. with cluster mempool.
https://github.com/bitcoin/bitcoin/pull/29415 

 I mean it is still pretty relevant to the topic of using public nodes. Unless you're someone who plans on never broadcasting transactions.

But looks cool 

 im neither in marketing nor really a judgemental person, if you prefer monero then use monero 🤷‍♀️ 
i have zero interest in "my coin is better" arguments based on checkbox points, there's also no need to try to convince me of anything 

 But the sudden fall in the price of Monero(XMR) is alarming  

 The sudden fall is probably due to Kraken delisting it. 

 > why don’t you join my show

Because of your behavior. 

 And also because I don't have time to study, for you and for free, a dozen protocols to figure out what trade-offs their marketing team isn't talking about that make it unsuitable for Bitcoin.

That's not to say there's never something useful out there. Information does make it across, e.g. because developers talk to each other - less so through public debates.