This isn't deanonymization, it is modifying and infiltrating nodes to then listen what is happening from naive users connecting to them.
There was never an expectation of privacy when you connect to servers outside your control with non-encrypted data. That is the reason why the article itself mentions that this isn't working when running your own node, as most people do.
This is the same thing as complaining that Monero is no longer anonymous because Windows is capturing screenshots and keyboard presses when you open the desktop app.
Huh, surprising -- it's very different from most people using most software. (Of course HN is not most people.)
I tried to fill myself in by asking Claude Opus neutrally "do most users of Monero run their own node?" and was told it couldn't find good data, it's community-promoted behavior, but there were multiple reasons for skepticism.
Anyone curious about how Monero is implemented would immediately understand why it's a bad idea to use remote nodes.
>What is the difference between a lightweight and a normal wallet?
>For a lightweight wallet, you give your view key to a node, who scans the blockchain and looks for incoming transactions to your account on your behalf. This node will know when you receive money, but it will not know how much you receive, who you received it from, or who you are sending money to. Depending on your wallet software, you may be able to use a node you control to avoid privacy leaks. For more privacy, use a normal wallet, which can be used with your own node.
Most monero users are on the desktop where the common practice is to download and run their own nodes and/or use monero from Android on apps like CakeWallet, where their node is used and assumed as trustworthy.
To give background info: most users are on desktops because monero mining happens using CPU and instead of GPU, so they install the wallet which comes with a miner included and installs the node as well. They basically make some little income every single day and accumulate that profit.
The other miners like GuPax also install a node on the local computer as well, so a large majority of users simply runs nodes locally because they don't want to send their hashes to remote nodes which might fool them.
It always seemed weird from Day 1 when I reviewed Monero vs Zcash to rely on anonymization that depends on other nodes and number of honest peers, instead of relying on technical anonymization that Zcash does, seems much more reliable and long-term workable, even though it was much harder and took them longer to arrive at good solutions.
If Zcash had privacy by default, they would have won against Monero for being the private cryptocurrency. As it stands, any private transaction on the Zcash chain stands out like a sore thumb and the use of de-anonymized transactions around it make it easy to figure out how much money was moved. It was a missed layer 8 opportunity on the part of Zcash.
This attack doesn't seem to work if you run a monero node, though.
You'd have a bit more credibility if your complaint was more up to date :) Zcash wallets have defaulted to shielded accounts and transactions for some time already.
Monero's main "competitor" seems to be Zcash which is run by a VC-backed company. The company gets 20% of all mined Zcash. The incentive is very strong to FUD Monero.
As of this comment, Monero is #26 on CoinGecko's list of crypto by marketcap with Zcash at #27. I'm guessing that's why there's a few of these posts on HN all of a sudden.
It's absolutely wild that Tor and VPN's can be so easily backdoored by governments. The mitigations in this article make sense but how would I explain this to normies who support law enforcement? I guess they can just live in denial.
Exactly. “Tracers in the Dark” (https://a.co/d/aos3Nka) does a good job of telling that story and a couple of others from the early days of blockchain analytics
It’s fairly easy to decrease susceptibility to this attack. #1 run your own node #2 monitor the nodes you are connected to with “sync_info” #3 ban nodes that aren’t up to current block height, strange port connections, and connections from typical spy IP addresses. There could still be a spy node connected when you send your transaction but it won’t have a very high probability of originating from any particular place
Readit News
There was never an expectation of privacy when you connect to servers outside your control with non-encrypted data. That is the reason why the article itself mentions that this isn't working when running your own node, as most people do.
This is the same thing as complaining that Monero is no longer anonymous because Windows is capturing screenshots and keyboard presses when you open the desktop app.
Monero remains anonymous by default.
Huh, surprising -- it's very different from most people using most software. (Of course HN is not most people.)
I tried to fill myself in by asking Claude Opus neutrally "do most users of Monero run their own node?" and was told it couldn't find good data, it's community-promoted behavior, but there were multiple reasons for skepticism.
I have no idea, I'm just noting my surprise.
Anyone curious about how Monero is implemented would immediately understand why it's a bad idea to use remote nodes.
>What is the difference between a lightweight and a normal wallet?
>For a lightweight wallet, you give your view key to a node, who scans the blockchain and looks for incoming transactions to your account on your behalf. This node will know when you receive money, but it will not know how much you receive, who you received it from, or who you are sending money to. Depending on your wallet software, you may be able to use a node you control to avoid privacy leaks. For more privacy, use a normal wallet, which can be used with your own node.
Most monero users are on the desktop where the common practice is to download and run their own nodes and/or use monero from Android on apps like CakeWallet, where their node is used and assumed as trustworthy.
To give background info: most users are on desktops because monero mining happens using CPU and instead of GPU, so they install the wallet which comes with a miner included and installs the node as well. They basically make some little income every single day and accumulate that profit.
The other miners like GuPax also install a node on the local computer as well, so a large majority of users simply runs nodes locally because they don't want to send their hashes to remote nodes which might fool them.
This attack doesn't seem to work if you run a monero node, though.
As of this comment, Monero is #26 on CoinGecko's list of crypto by marketcap with Zcash at #27. I'm guessing that's why there's a few of these posts on HN all of a sudden.
It’s technically possible, but not really practical. We’d have seen darknet markets as they currently exist eradicated a long ago.
It was basically spawned out of the government needing help with investigating crypto - I think it was Mt. Gox…