This isn't deanonymization, it is modifying and infiltrating nodes to then listen what is happening from naive users connecting to them.
There was never an expectation of privacy when you connect to servers outside your control with non-encrypted data. That is the reason why the article itself mentions that this isn't working when running your own node, as most people do.
This is the same thing as complaining that Monero is no longer anonymous because Windows is capturing screenshots and keyboard presses when you open the desktop app.
Huh, surprising -- it's very different from most people using most software. (Of course HN is not most people.)
I tried to fill myself in by asking Claude Opus neutrally "do most users of Monero run their own node?" and was told it couldn't find good data, it's community-promoted behavior, but there were multiple reasons for skepticism.
Anyone curious about how Monero is implemented would immediately understand why it's a bad idea to use remote nodes.
>What is the difference between a lightweight and a normal wallet?
>For a lightweight wallet, you give your view key to a node, who scans the blockchain and looks for incoming transactions to your account on your behalf. This node will know when you receive money, but it will not know how much you receive, who you received it from, or who you are sending money to. Depending on your wallet software, you may be able to use a node you control to avoid privacy leaks. For more privacy, use a normal wallet, which can be used with your own node.
Most monero users are on the desktop where the common practice is to download and run their own nodes and/or use monero from Android on apps like CakeWallet, where their node is used and assumed as trustworthy.
To give background info: most users are on desktops because monero mining happens using CPU and instead of GPU, so they install the wallet which comes with a miner included and installs the node as well. They basically make some little income every single day and accumulate that profit.
The other miners like GuPax also install a node on the local computer as well, so a large majority of users simply runs nodes locally because they don't want to send their hashes to remote nodes which might fool them.
Thanks for explaining. I'm still confused: CakeWallet (and similar) were a reason to doubt the original claim. Are these "popular" wallets rarely used, or are you considering the nodes that they trust as equivalent to your own node?
People using monero tend to be well informed, or at least better informed than average crypto users. What I see happening is that most users have at minimum three different wallets: One for mining on the desktop, one "cold" wallet for storing the bulk of their money and then one wallet on cakewallet with pocket money for the convenience of small and fast transactions (e.g. donations, small payments).
From that sense in regards to CakeWallet: Android isn't anywhere secure and there is a real danger that key credentials are stolen by rogue apps. In the end doesn't really matter much about whichever nodes are trusted by cakewallet because the monetary values hosted on those Android wallets don't tend to have much value much to begin with.
I've been a long time user and never saw reports of cake wallet being insecure or people losing their wallet money from there. In either case most people using monero tend to be extra cautious from the start.
Well reading comprehension tells us they were surprised that most monero folks run their own nodes and that they were unable to find supporting information.
No, reading comprehension tells us that Claude Opus output the "unable to find supporting information" claim, which abecedarius faithfully relayed to us. There's no evidence in the text that suggests abecedarius attempted to find supporting information.
Okay and if they had said Google we wouldn't be doing this dance, people just hate AI and its obnoxious to see comments about it on HN all the time. On a crypto post no less.
We get it you guys don't like AI, next!
It is equally obnoxious to people who talk about AI for everything as if it is a savior, it's a tool use it or don't.
It was a form of "huh, interesting. I tried to quickly find some more evidence for this but failed."
If Claude as search engine were able to link to some backing (maybe like "we estimate around n nodes regularly joining the network, which roughly matches the order of magnitude of estimated users" ) -- that'd be great! I'd have said I was surprised but look what I found.
Instead:
- it couldn't dig up anything supporting, except that Monero sites encourage users to run their own node;
- one point it raised against was confirmed by another reply to my comment ("apps like CakeWallet, where their node is used and assumed as trustworthy"). (Claude listed the same and a couple more wallets it called "popular" with similar trust dependence.)
I agree with GP that just relaying a chatbot is rude. That's why I didn't do that.
It always seemed weird from Day 1 when I reviewed Monero vs Zcash to rely on anonymization that depends on other nodes and number of honest peers, instead of relying on technical anonymization that Zcash does, seems much more reliable and long-term workable, even though it was much harder and took them longer to arrive at good solutions.
If Zcash had privacy by default, they would have won against Monero for being the private cryptocurrency. As it stands, any private transaction on the Zcash chain stands out like a sore thumb and the use of de-anonymized transactions around it make it easy to figure out how much money was moved. It was a missed layer 8 opportunity on the part of Zcash.
This attack doesn't seem to work if you run a monero node, though.
You'd have a bit more credibility if your complaint was more up to date :) Zcash wallets have defaulted to shielded accounts and transactions for some time already.
> and I (and everyone else) wrote Zcash off in that time
Seemingly in the ecosystem you exists in yeah, but in the world at large Zcash seems to have at least 6x the volume. I guess "everyone else" didn't get your memo. Regardless, I don't really care personally which one is better or which one you specifically use, as long as what we say is being truthful :)
Are you referring to on-exchange volume of a coin that has pumped 10x in a few months? And it's only 6x the on-exchange volume of monero? It sounds like people still don't use it. If you look at the blockchain, you will see very few transactions per block (literally less than one per minute), so it seems the volume is almost entirely on the exchanges. It's probably people speculating on privacy for some reason, combined with some dumping of the pre-mine.
The majority of the on-chain use is also public transactions, so it seems the "privacy by default" setting doesn't really matter.
If you look at recent mined blocks, a majority of transactions are still public. So yes, even if the default is shielded wallets and private transactions for a specific wallet, most of the chain is not using them.
True, but as of this month 30% of zcash transactions are shielded, and 20-25% of addresses are private. That's a fairly large anonymity set. The percentage of shielded transactions is also increasing, at a rate that will make them a majority within a year if the trend continues.
Monero's main "competitor" seems to be Zcash which is run by a VC-backed company. The company gets 20% of all mined Zcash. The incentive is very strong to FUD Monero.
As of this comment, Monero is #26 on CoinGecko's list of crypto by marketcap with Zcash at #27. I'm guessing that's why there's a few of these posts on HN all of a sudden.
Sure, but I more meant people recycling year old news for clicks, and smart people falling for it. That's a very broad phenomenon and not tied to crypto.
Exactly. “Tracers in the Dark” (https://a.co/d/aos3Nka) does a good job of telling that story and a couple of others from the early days of blockchain analytics
It's absolutely wild that Tor and VPN's can be so easily backdoored by governments. The mitigations in this article make sense but how would I explain this to normies who support law enforcement? I guess they can just live in denial.
It’s fairly easy to decrease susceptibility to this attack. #1 run your own node #2 monitor the nodes you are connected to with “sync_info” #3 ban nodes that aren’t up to current block height, strange port connections, and connections from typical spy IP addresses. There could still be a spy node connected when you send your transaction but it won’t have a very high probability of originating from any particular place
This isn't deanonymization, it is modifying and infiltrating nodes to then listen what is happening from naive users connecting to them.
There was never an expectation of privacy when you connect to servers outside your control with non-encrypted data. That is the reason why the article itself mentions that this isn't working when running your own node, as most people do.
This is the same thing as complaining that Monero is no longer anonymous because Windows is capturing screenshots and keyboard presses when you open the desktop app.
Monero remains anonymous by default.
In practice they (allegedly) took anonymouse transaction and linked it to real world identity. Call it what you want.
The transaction wasn't really anonymouse in the first place, but I agree that the UI should warn users more when working in "light wallet" mode.
> running your own node, as most people do.
Huh, surprising -- it's very different from most people using most software. (Of course HN is not most people.)
I tried to fill myself in by asking Claude Opus neutrally "do most users of Monero run their own node?" and was told it couldn't find good data, it's community-promoted behavior, but there were multiple reasons for skepticism.
I have no idea, I'm just noting my surprise.
It's literally in their FAQ: https://www.getmonero.org/get-started/faq/
Anyone curious about how Monero is implemented would immediately understand why it's a bad idea to use remote nodes.
>What is the difference between a lightweight and a normal wallet?
>For a lightweight wallet, you give your view key to a node, who scans the blockchain and looks for incoming transactions to your account on your behalf. This node will know when you receive money, but it will not know how much you receive, who you received it from, or who you are sending money to. Depending on your wallet software, you may be able to use a node you control to avoid privacy leaks. For more privacy, use a normal wallet, which can be used with your own node.
Most people don't know nor use Monero at all.
Most monero users are on the desktop where the common practice is to download and run their own nodes and/or use monero from Android on apps like CakeWallet, where their node is used and assumed as trustworthy.
To give background info: most users are on desktops because monero mining happens using CPU and instead of GPU, so they install the wallet which comes with a miner included and installs the node as well. They basically make some little income every single day and accumulate that profit.
The other miners like GuPax also install a node on the local computer as well, so a large majority of users simply runs nodes locally because they don't want to send their hashes to remote nodes which might fool them.
Thanks for explaining. I'm still confused: CakeWallet (and similar) were a reason to doubt the original claim. Are these "popular" wallets rarely used, or are you considering the nodes that they trust as equivalent to your own node?
People using monero tend to be well informed, or at least better informed than average crypto users. What I see happening is that most users have at minimum three different wallets: One for mining on the desktop, one "cold" wallet for storing the bulk of their money and then one wallet on cakewallet with pocket money for the convenience of small and fast transactions (e.g. donations, small payments).
From that sense in regards to CakeWallet: Android isn't anywhere secure and there is a real danger that key credentials are stolen by rogue apps. In the end doesn't really matter much about whichever nodes are trusted by cakewallet because the monetary values hosted on those Android wallets don't tend to have much value much to begin with.
I've been a long time user and never saw reports of cake wallet being insecure or people losing their wallet money from there. In either case most people using monero tend to be extra cautious from the start.
I don't know what asking AI adds to the discussion.
Well reading comprehension tells us they were surprised that most monero folks run their own nodes and that they were unable to find supporting information.
Your comment however does actually add nothing.
No, reading comprehension tells us that Claude Opus output the "unable to find supporting information" claim, which abecedarius faithfully relayed to us. There's no evidence in the text that suggests abecedarius attempted to find supporting information.
Okay and if they had said Google we wouldn't be doing this dance, people just hate AI and its obnoxious to see comments about it on HN all the time. On a crypto post no less.
We get it you guys don't like AI, next!
It is equally obnoxious to people who talk about AI for everything as if it is a savior, it's a tool use it or don't.
It was a form of "huh, interesting. I tried to quickly find some more evidence for this but failed."
If Claude as search engine were able to link to some backing (maybe like "we estimate around n nodes regularly joining the network, which roughly matches the order of magnitude of estimated users" ) -- that'd be great! I'd have said I was surprised but look what I found.
Instead:
- it couldn't dig up anything supporting, except that Monero sites encourage users to run their own node;
- one point it raised against was confirmed by another reply to my comment ("apps like CakeWallet, where their node is used and assumed as trustworthy"). (Claude listed the same and a couple more wallets it called "popular" with similar trust dependence.)
I agree with GP that just relaying a chatbot is rude. That's why I didn't do that.
It always seemed weird from Day 1 when I reviewed Monero vs Zcash to rely on anonymization that depends on other nodes and number of honest peers, instead of relying on technical anonymization that Zcash does, seems much more reliable and long-term workable, even though it was much harder and took them longer to arrive at good solutions.
If Zcash had privacy by default, they would have won against Monero for being the private cryptocurrency. As it stands, any private transaction on the Zcash chain stands out like a sore thumb and the use of de-anonymized transactions around it make it easy to figure out how much money was moved. It was a missed layer 8 opportunity on the part of Zcash.
This attack doesn't seem to work if you run a monero node, though.
You'd have a bit more credibility if your complaint was more up to date :) Zcash wallets have defaulted to shielded accounts and transactions for some time already.
It took at least half a decade if not a full decade to get to the obvious place and I (and everyone else) wrote Zcash off in that time.
> and I (and everyone else) wrote Zcash off in that time
Seemingly in the ecosystem you exists in yeah, but in the world at large Zcash seems to have at least 6x the volume. I guess "everyone else" didn't get your memo. Regardless, I don't really care personally which one is better or which one you specifically use, as long as what we say is being truthful :)
Are you referring to on-exchange volume of a coin that has pumped 10x in a few months? And it's only 6x the on-exchange volume of monero? It sounds like people still don't use it. If you look at the blockchain, you will see very few transactions per block (literally less than one per minute), so it seems the volume is almost entirely on the exchanges. It's probably people speculating on privacy for some reason, combined with some dumping of the pre-mine.
The majority of the on-chain use is also public transactions, so it seems the "privacy by default" setting doesn't really matter.
I know (and many others do as well, it’s not that hidden) of the group that pumped Zcash. Very well executed pump
You said
> As it stands, any private transaction on the Zcash chain stands out like a sore thumb
Is that actually still the case or has the change to defaults made anonymity more common?
If you look at recent mined blocks, a majority of transactions are still public. So yes, even if the default is shielded wallets and private transactions for a specific wallet, most of the chain is not using them.
True, but as of this month 30% of zcash transactions are shielded, and 20-25% of addresses are private. That's a fairly large anonymity set. The percentage of shielded transactions is also increasing, at a rate that will make them a majority within a year if the trend continues.
https://www.coindesk.com/research/inside-zcash-encrypted-mon...
September 17, 2024
surprising how often this happens...
Monero's main "competitor" seems to be Zcash which is run by a VC-backed company. The company gets 20% of all mined Zcash. The incentive is very strong to FUD Monero.
As of this comment, Monero is #26 on CoinGecko's list of crypto by marketcap with Zcash at #27. I'm guessing that's why there's a few of these posts on HN all of a sudden.
Sure, but I more meant people recycling year old news for clicks, and smart people falling for it. That's a very broad phenomenon and not tied to crypto.
Chainanalysis is certainly not running the Tor attack as described here.
It’s technically possible, but not really practical. We’d have seen darknet markets as they currently exist eradicated a long ago.
So chainalysis is working for governments now? I guess it makes sense.
Now? Chainalysis has always worked for governments…
It was basically spawned out of the government needing help with investigating crypto - I think it was Mt. Gox…
Exactly. “Tracers in the Dark” (https://a.co/d/aos3Nka) does a good job of telling that story and a couple of others from the early days of blockchain analytics
It's absolutely wild that Tor and VPN's can be so easily backdoored by governments. The mitigations in this article make sense but how would I explain this to normies who support law enforcement? I guess they can just live in denial.
Featherwallet runs a Tor client and connects to Tor nodes after it is done syncing, you can't send a transaction before it is done syncing
It’s fairly easy to decrease susceptibility to this attack. #1 run your own node #2 monitor the nodes you are connected to with “sync_info” #3 ban nodes that aren’t up to current block height, strange port connections, and connections from typical spy IP addresses. There could still be a spy node connected when you send your transaction but it won’t have a very high probability of originating from any particular place