this post was submitted on 04 Aug 2024
7 points (100.0% liked)

Monero

1662 readers
16 users here now

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

founded 1 year ago
MODERATORS
 

Stay on topic:

  • This thread is only for comments discussing the uncertainties, shortcomings, and concerns some may have about Monero.
  • NOT the positive aspects of it.
  • Discussion can relate to the technology itself or its economics.
  • Talk about community and price is not wanted, but some discussion about it maybe allowed if it relates well.
  • Be as respectful and nice as possible. This discussion has potential to be more emotionally charged as it may bring up issues that are extremely upsetting: many people are not only financially but emotionally invested in the ideas and tools around Monero.

How it works:

  • Post your concerns about Monero in reply to this thread.
  • If you can address these concerns, or add further details to them – reply to that comment. This will make it easily sort-able.
  • Upvote the comments that are the most valid criticisms of it that have few or no real honest solutions/answers to them.
  • The comment that mentions the biggest problems of Monero should have the most karma.

Previous:


The first principle is that you must not fool yourself — and you are the easiest person to fool.

top 5 comments
sorted by: hot top controversial new old
[–] Wave@monero.town 5 points 3 months ago (1 children)

Block-explorer tools and websites

Do not use this. If you try to find something there, you are only giving away that you have done something there by trying to find something.

Imagine who is looking for a specific transaction? Even in other block explorers! Who is searching for a transaction or the details of a transaction at this point in time? Of course, most likely only someone who actually has something to do with it.

Operate your own fullnode and, if possible, refrain completely from researching transactions on third-party websites.

[–] Findmysec@infosec.pub 1 points 3 months ago (1 children)

If I have a node, can I use block explorers to check my transactions anonymously?

BTW, how would this work? Doesn't XMR automatically obfuscate this?

[–] bobr@lemmy.libertarianfellowship.org 0 points 3 months ago* (last edited 3 months ago) (1 children)

If I have a node, can I use block explorers to check my transactions anonymously?

If you have a node - you can just use RPC to get all the info you need (or self-host a blockhain explorer connected to your own node if calling RPC manually is too complicated), no need to use public block explorers.

BTW, how would this work? Doesn't XMR automatically obfuscate this?

Imagine you have received an output (a transfer) from a CEX. Immediately (well, after 10 blocks) other people start using your output as a decoy in their transactions. After some time, you actually use this output in a transaction. From what the CEX knows (we assume they are bad guys who try to spy on you) there are hundreds (or more) of transactions where you potentially could have spent your XMR, they don't know which one is the real spend though. Now you go and use the transaction hash to see its status on a blockchain explorer that is hosted by CEX. Assuming they can correlate your identity (e.g. by IP/cookies/fingerprint/etc.), they now know that you specifically checked a transaction that possibly spends the output they sent you. They cannot prove that you spent it, but it would be a reasonable assumption (why else would you check that specific transaction?). Now, on it's own it doesn't give them much info (although your privacy already has been partially compromised), as the destination address is hidden as well as the amount. But if the receiving side of your transaction also cooperates with your CEX, and they tell CEX that the amount they received is the same (minus fees) as you withdrawn from the CEX (or even worse, they somehow also correlated this transaction with your identity) they now can be even more sure that it is your transaction (even though they still can't prove it).

So, Monero is doing its best to protect you, and you still have plausible deniability, but in those very specific circumstances bad actors can be reasonably sure where your money went.

FCMPs will fix that :)

[–] Findmysec@infosec.pub 1 points 3 months ago

Oh absolutely there's no way I'm using CEXes for this. Thanks for the explanation

[–] nihilist@lemmy.datura.network 1 points 3 months ago* (last edited 3 months ago)

there needs to be a wallet that comes with plausible deniability baked into it:

some sort of "hidden mode" that hides every transaction recieved, and the total amount currently in his possession even when bob the farmer gets forced by an adversary to type his password and show the real amount of monero he recieved so far.

something like Password A opens the wallet in hidden mode, and Password B opens the wallet in normal mode, showing everything. (inspired by how veracrypt provides plausible deniability). And from there the adversary can't confirm anything other than the transaction he sent to your wallet, as everything else remains hidden.

imo, you cant do much currently if you have an adversary that knows that you recieved a specific amount of monero to a specific address, and he literally forces you to open your monero wallet, to be able to know what's the true amount of monero currently in your possession, to steal it from you.

(can't just show him an other empty wallet as the adversary will look for the recieving addresses, to see if it's the same or not.)