Nihilist puts out another very informative article, great work!

  • nihilist
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    1 month ago

    my pleasure ;) (if i missed anything, feel free to let me know btw)

    • roboto@feddit.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      Super helpful, although I’m wondering if running your own node could potentially expose you as well in case someone really wants to find you? Like are there any security risks? And what if others find your node and connect to it would they be able to see your IP?

      Just asking because I’m not very familiar with the technology and want to make sure I’m using monero as intended, that is anonymously.

      • nihilist
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        1 month ago

        if you run your own node, it means that the adversary needs to come and ask you directly to give you the details of who connected to the node. and if you keep Tor in between you and your own node, you’re maintaining anonymity aswell.

        if others find your (remote) node its not changing anything, you’re making it available for them to use monero

        but still they should run their own monero node to keep decentralizing further

        • roboto@feddit.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          Alright got it, but regarding TOR aren’t there also vulnerabilities with compromised exit nodes? I feel like once you go down the rabbit hole of trying to achieve true anonymity there’s always another layer of complications if you wanna do things right.

  • Findmysec@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 month ago

    Nihilist, since you’ve watched the video can you make another post on the “heuristics” the presenter was talking about? I think the community needs to know how exactly their automated tool discards decoys from the list of transactions to consider.

    • nihilist
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 month ago

      they discard the decoys when they’re given the transactions of interest, this lets them know that this transaction they saw on their node actually comes from that subphoenable entity (centralised exchange), from there they have the list of transactions that went through and they can rule out the dandelion decoys. but otherwise they can’t.

      I also mentionned that they are looking at the fee structure on their malicious nodes, hence my recommendation to use the default fees. not sure if they’re actually using the rest. (number of inputs and outputs ?)

  • Ammortel
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 month ago

    OK centralized exchanges and chainanalysis know that I own monero ?

    Then what ? How is it bad ? They still can’t figure out what I’m doing with it. The maximum they could ever tell is that I am spending some. They couldn’t tell in what amounts and to whom.

    My privacy isn’t affected in any way.

    • Findmysec@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      In a dystopian world, just owning XMR will soon become grounds for a criminal investigation leading to harassment.

    • nihilist
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 month ago

      small detail, centralised exchanges know how much monero went through them. for that particular account. If you KYC’d there, they know how much monero YOU bought or sold on their platform

      • jay_edwards
        link
        fedilink
        English
        arrow-up
        1
        ·
        29 days ago

        isn’t it better to use Decentralized exchanges or instant exchange services for Monero transactions in this case?

        • nihilist
          link
          fedilink
          arrow-up
          1
          ·
          24 days ago

          sorry for the late reply but yes, in a decentralised exchange you are revealing your info to an other peer, rather than to a centralised exchange (or subphoneable entity), that makes a huge difference

          • owe_addams
            link
            fedilink
            English
            arrow-up
            1
            ·
            23 days ago

            so, on Centralized exchange you reveal nothing or what? in my opinion, that’s use to better instant exchanges, then. There is like, you swap to a liquidity provider, no registration and KYC, and transactions might be not traceable

          • jay_edwards
            link
            fedilink
            English
            arrow-up
            1
            ·
            22 days ago

            ce what about centralized ones? I mean, you reveal a lot of info to the exchange team, which can be disclosed to any authorities. It’s better to use instant exchange services