11:02:26 <midipoet> rehrar: this might be fun for a community call https://theonline.town/
11:03:17 <midipoet> have no idea the privacy risk/concerns - just saw the idea and thought it neat
15:17:55 <Inge-> fort3hlulz: wow. that was a far more positive aantonop than in Doug's interview.
15:18:41 <Inge-> I remember he said something about some issues with the wallet and was laggimg a bit in knowledge of where monero currently is technologically
15:19:50 <sgp_> Inge-: the progress of coming around seems slow but it's definitely happening
15:28:00 <Inge-> he also correctly understands the perfectly binding / perfectly blinding tradeoff
15:28:37 <sarang> You are referring to the idea of "supply auditing"?
15:36:35 <Inge-> Yes
15:43:39 <sarang> Well, for some people, only a fully transparent supply count meets their needs
15:43:50 <sarang> And as long as they understand the tradeoffs that implies, ok
15:46:00 <Inge-> in XMR case you need to either understand the math enough or trust the mathematicians - as well as the implementation to not introduce inflation bugs
15:48:07 <sarang> I thought the blog post did a reasonable job trying to highlight the subtleties
15:48:44 <sarang> Even something like Zcash, with its transparent migrations, has major tradeoffs and the same issues within pools
15:49:39 <sarang> If "audit the supply" means "count available supply in the clear" then neither Monero nor Zcash nor related assets will meet your needs
15:59:36 <hyc> realistically you only need to prove that inputs = outputs is always true, or is ever false
16:15:14 <sarang> Well any asset dealing with commitment-based pools runs the risk that an implementation error or cryptographic break could cause issues
16:15:26 <sarang> We mitigate the former via audits and review, and the latter is frankly very unlikely
16:15:54 <sarang> Note that transparent migrations do _not_ solve this problem, but only offload it in ways that I'm not comfortable with
16:25:09 <fort3hlulz> Yeah I'm happy with the response for sure
16:25:28 <fort3hlulz> I'm surprised he even responded, but good to see he seems to have a better grasp of the nuance than I suspected
16:25:55 <fort3hlulz> Think this interim step of people seeing Monero as a mixer is an annoying but necessary building block for Monero adoption
16:26:11 <fort3hlulz> Once they use Monero for actual transactions the logical next step is to just stay in Monero
16:26:23 <fort3hlulz> Perfect example is r/darknetmarkets
16:26:56 <fort3hlulz> More and more people recommending to just stay in Monero and use XMR.to when necessary
16:27:01 <hyc> what response are y'all talking about, I must've missed the beginning of this conv
16:27:05 <sarang> I don't think viewing Monero as a mixer is helpful
16:27:10 <sarang> Mixers are opt-in
16:27:14 <sarang> This is _not_ what Monero does
16:27:26 <fort3hlulz> Long term no
16:27:32 <fort3hlulz> But that is whats happening
16:27:40 <fort3hlulz> And I think we can latch onto that to help users end up staying within Monero
16:27:48 <hyc> well, it's definitely common advice now for people to say "but BTC, go thru XMR before spending"
16:27:52 <fort3hlulz> There are many metadata and KYC risks with users using Monero as a mixer alone
16:27:53 <hyc> s/but/buy
16:27:53 <monerobux> hyc meant to say: well, it's definitely common advice now for people to say "buy BTC, go thru XMR before spending"
16:28:13 <fort3hlulz> I'm not advocating for people to use it as a mixer, quite the opposite
16:28:28 <fort3hlulz> But rather latching onto the narrative to push people to just stay in XMR and use services like xmr.to when necessary
16:28:52 <fort3hlulz> hyc: Yup this seems to be an evolutionary shift in Monero's adoption
16:28:56 <sarang> Transferring between Monero and other assets likely incurs additional risk
16:29:00 <fort3hlulz> For sure
16:29:21 <sarang> But I do _not_ like the general idea of viewing Monero as a mixer
16:29:29 <fort3hlulz> As the failings in privacy in Bitcoin become more apparent to actual users, they are shifting through Monero
16:29:30 <sarang> It's a very different operation
16:29:33 <fort3hlulz> sarang: Me neither
16:29:43 <fort3hlulz> It's a bad way to use Monero (or any other privacy tech)
16:29:50 <sarang> Not even that
16:29:56 <fort3hlulz> It also stands out if you only buy Monero when you "need privacy"
16:30:01 <sarang> I mean that if you mix in something like Bitcoin, _every_ user in the mix is participating for sure
16:30:05 <sarang> In Monero, decoys do not participate
16:30:28 <sarang> Monero ideally implies plausible deniability for any particular transaction viewed on chain
16:30:34 <sarang> Bitcoin mixing does not
16:30:40 <sarang> In a mixer, you definitely participated
16:30:57 <sarang> What effect this has in the real world has yet to be determined AFAIK
16:31:06 <hyc> replace "mixer" with "magic obfuscator"
16:31:17 <hyc> they don't care about the finer technical points
16:31:23 <fort3hlulz> That's why I used "go-between" in my tweet :P
16:31:33 <fort3hlulz> I dont like the term mixer either, and avoided it intentionally
16:31:33 <lza_menace> can someone send a link? i just turned on my relay
16:31:47 <fort3hlulz> https://twitter.com/sethisimmons/status/1277599484088893442?s=21
16:31:50 <lza_menace> ty
16:31:54 <sarang> Well, the technical points do come into play because of terminology
16:31:56 <fort3hlulz> That's what he responded to and has the video in my sub-tweet
16:32:03 <sarang> I've seen "ring signature" used to mean "limited anonymity set"
16:32:12 <sarang> This is only partially correct, but sometimes misunderstood
16:32:29 <sarang> e.g. Zcoin's Lelantus/Sigma use limited anonymity sets that are not strictly ring signatures
16:32:37 <hyc> indeed, that comes up a lot too
16:32:45 <sarang> Assuming "ring signature" == "limited anonymity set" is not totally correct
16:32:57 <sarang> it's a slight but important misuse of technical terminolog
16:33:01 <sarang> *terminology
16:33:09 <sarang> same with "zero knowledge proof", which is almost univerally misunderstood
16:33:27 <fort3hlulz> Yeah sooooo much misuse of terminology
16:33:33 <sarang> I prefer "signer-ambiguous transaction protocol"
16:33:38 <fort3hlulz> Due to a lack of understanding of nuance
16:33:39 <hyc> but they still have a point, otherwise why keep worrying about enlarging the ringsize
16:33:41 <sarang> which is a very uncool-sounding phrase
16:33:48 <fort3hlulz> sarang: Just flows off the tongue 😂
16:33:48 <sarang> "ring size" is also a bad term
16:34:03 <fort3hlulz> So this is something I'm curious on
16:34:06 <sarang> ?
16:34:19 <fort3hlulz> How can I best describe the privacy improvements of a mixin increase from 11-100+
16:34:24 <fort3hlulz> It's not anonymity set
16:34:30 <fort3hlulz> Ring size doesn't mean anything to most people
16:34:34 <sarang> OK so
16:34:40 <fort3hlulz> I'm not sure how to best communicate that
16:34:51 <sarang> "linkable ring signature" is a technical term for a construction meeting a variety of possible definitions
16:34:54 <hyc> I always campaigned for "decoys/ number of decoys" but nobody else went with it
16:35:04 <sarang> If you're not a cryptographer, you almost certainly don't care what those definitions are
16:35:27 <sarang> "zero knowledge proof" is a technical term for a _huge_ range of constructions that have _nothing_ inherently to do with anonymity sets
16:35:44 <sarang> Again, if you're not a cryptographer, you almost certainly don't care what those definitions are
16:35:55 <sarang> You can use linkable signatures to build signer-ambiguous transaction protocols
16:36:00 <sarang> You can use ZKPs to build them too
16:36:16 <sarang> If you assume "zkp" == "full anonymity set" then you are not correct
16:36:30 <sarang> That equality _can_ be true for certain protocols, but it's not true in general
16:36:46 <sarang> This muddling of terms has become very common in general use
16:37:18 <hyc> and that will continue... hell, our own users can't even spell Monero half the time
16:37:19 <sarang> Zcoin uses ZKPs for limited anonymity sets
16:37:21 <sarang> So does Triptych
16:37:23 <sarang> So does Arcturus
16:37:26 <sarang> So does Omniring
16:37:29 <sarang> So does RCT3
16:37:40 <sarang> Zcash uses ZKPs for full anonymity sets (within specified pools)
16:37:46 <fluffypony> so does Wafflecoin
16:37:52 <fluffypony> kidding, I just made that up
16:37:58 <sarang> You can use Triptych to build a linkable ring signature, which its preprint does
16:38:03 <hyc> proof-of-syrup
16:38:10 <fluffypony> nom
16:38:36 <sarang> So yeah, "ring size" is a typical term (I use it all the time, often not strictly correctly) that doesn't always apply to ring signatures =p
16:38:59 <sarang> If Monero moves to Triptych/Arcuturus/Omniring/whatever, it will also use ZKPs, but for limited anonymity sets
16:39:02 <sarang> just like Zcoin now does
16:39:24 <sarang> "ZKP == full anonymity" is great for marketing, but is incorrect
16:39:34 * sarang is done ranting now
16:40:18 <lza_menace> I can only relate to what you've said because it's similar in the industry I work in - the market is constantly spewing buzzwords that have become all interchangeable
16:40:37 <fort3hlulz> So I should keep using the term "ring size" to describe the increases in anonymity brought about by a move from 11>100+ with Arcturus etc?
16:40:49 <fluffypony> we should start a marketing campaign to correct the incorrect use of the term "ZKP"
16:40:57 <fluffypony> and then after that we can go after "crypto means cryptography:
16:41:08 <fort3hlulz> I'm just not sure what that conveys to a less technical user in reality, and am struggling to find a better way
16:41:21 <fort3hlulz> fluffypony: I like it :D Hunt down the false narratives one by one
16:41:26 <fluffypony> :-P
16:42:05 <fort3hlulz> lza_menace: This is every industry, sadly, they benefit by confusing users with lingo and buzzwords that sounds better/worth more money
16:42:16 <fort3hlulz> The less users understand the nuance the more likely they are to buy in blindly
16:42:35 <fort3hlulz> i.e. "5G" being the next big thing, even though the vast majority of users will see practically no benefits
16:42:43 <fort3hlulz> Because 5G can mean many different things
16:43:02 <fort3hlulz> The meaning is robbed from it (intentionally IMO) to make it sound good but hard to discern true meaning/nuance
16:43:06 <fort3hlulz> But I digress
16:43:16 * fort3hlulz is done ranting now
16:46:27 <sarang> fort3hlulz: I think "per-transaction anonymity set size" is the most correct reference
16:46:44 <sarang> fluffypony: I would _love_ to see people understand that "zkp" != "full anonymity set"
16:46:56 <sarang> it's fantastic marketing, and _can_ be true (ideally, in theory, etc.)
16:47:10 <sarang> but those two quoted phrases don't inherently have _anything_ to do with each other
16:47:33 <fort3hlulz> sarang: Yeah I've leaned towards anonymity set with some sort of nuance in the description, as that seems to be the best overall answer to bring clarity
16:47:37 <sarang> Monero also uses ZKPs in its transaction protocol
16:47:53 <sarang> and other constructions that are witness-indistinguishable but not ZKPs
16:48:06 <sarang> and the difference doesn't mean a freaking thing if you're not super into definitions :)
16:48:43 <sarang> fort3hlulz: "anonymity set" is better because people don't/shouldn't care if that's achieved via a signature, or a ZKP, or whatever
16:48:51 <sarang> in practice it's irrelevant
16:49:02 <sarang> and only comes into play for security models/proofs and certain types of scaling
16:49:25 <sarang> Every time I see something like "Project X uses zero-knowledge proofs" I die a little inside :/
16:51:26 <fort3hlulz> Haha absolutely
16:51:56 <hyc> our project uses algebra
16:52:00 <sarang> lol
16:52:25 <sarang> "special honest verifier zero knowledge" implies existence of a proof simulator
16:52:56 <sarang> If you do not care what a proof simulator is, you likely also do not care what SHVZK is, and that's totally ok
16:53:00 <sarang> :)
16:53:28 <fort3hlulz> You lost me 😅
16:53:36 <sarang> and that's ok!
16:54:08 <sarang> The gist is that ring signatures and ZKPs are used as building blocks for transaction protocols
16:54:15 <sarang> and those protocols may have implications for anonymity sets
16:54:29 <sarang> But to make big extrapolations back to the building blocks isn't a good idea
16:55:00 <fort3hlulz> Got it
16:55:19 <sarang> "Our bank vault is impenetrable because it uses steel" is a similar phrasing
16:55:31 <sarang> Maybe it is, maybe it isn't... depends how you used the steel to build the vault
16:55:40 <sarang> If you forgot to build a door, it isn't =p
16:55:56 <sarang> Building blocks != final product
16:56:20 <fort3hlulz> Thanks for the deep dive + rant sarang 🙂
16:56:25 <sarang> :/
16:56:25 <fort3hlulz> Gotta step away for a bit
16:56:43 <fort3hlulz> Rants are good haha
16:56:56 <fort3hlulz> It was a joke :D
16:56:59 <sarang> It just gets frustrating to read the same inaccurate things over and over again
16:57:09 <fort3hlulz> I bet as someone who actually knows the difference
16:57:14 <sarang> and it's very subtle to explain
16:57:22 <fort3hlulz> I have a slight understanding but I haven't dedicated years to learn/teach/build on it
16:57:32 <fort3hlulz> I'm sure its way more frustrating to you,and its already frustrating to me :P
16:57:36 <sarang> I don't blame anyone for not getting the differences; they're super technical and boring
16:57:44 <sarang> but to make claims about those differences is just reckless IMO
16:58:05 <sarang> sometimes it's for reporting; other times it's for marketing; etc.
17:07:58 <niocbrrrrrr> so I hear that we are changing our terminology to decoys  https://dks.scene7.com/is/image/GolfGalaxy/15A1XUXPFLLBDYMLLHWF?qlt=70&wid=1100&fmt=webp
17:08:13 <niocbrrrrrr> something everyone can understand
17:08:19 <sarang> sigh
17:08:51 <sarang> It may also be worth noting that a huge focus on the size of the per-transaction anonymity is not the only/optimal metric for privacy
17:09:20 <sarang> e.g. early research into Zcash showed that a _huge_ number of shielded operations were trivially traceable despite a very large anonymity set
17:09:33 <sarang> pre-CT Monero transactions are generally traceable despite variable anonymity sets
17:09:46 <sarang> Threat models involving network observation may change this risk
17:09:49 <sarang> etc.
17:09:55 <sarang> Privacy != anon set
17:10:34 <sarang> A broader, more holistic view toward privacy, coupled with strong education about threat models, is almost certainly a better approach for most users
17:12:23 <niocbrrrrrr> how to communicate this succinctly
17:12:57 <sarang> Tough call
17:13:05 <niocbrrrrrr> maybe an ecosystem involving ducks :)
17:13:22 <hyc> ball and 3 cups
17:14:10 <hyc> there's only so much education you can do. cars are quite complex systems. everyone gets a few weeks worth of driver training, and off they go.
17:14:28 <niocbrrrrrr> yep
17:15:51 <sarang> If only drivers were trained like pilots...
17:16:02 <sarang> where you're tested in real time on all sorts of emergencies
17:16:43 <sarang> I remember during my in-flight final examination, when the examiner "failed" my GPS system and said there was an emergency, and we needed to land :)
17:16:50 <sarang> and then later "failed" the engine!
17:51:31 <rehrar> midipoet: found an open source version
17:51:35 <rehrar> https://workadventu.re/
17:57:21 <Inge-> In my simple and naive world, a ZKP just means you can prove something about a thing without giving away other information about that thing
17:57:46 <Inge-> hyc: waddayamean we can't even spell romero half the time?
18:01:10 <sarang> Inge-: informally
18:01:14 <rehrar> https://play.workadventu.re/_/tfo-nsg-tcf/npeguin.github.io/skapa-map/map.json
18:01:30 <sarang> but in marketing, that's taken to mean "you can prove sender, recipient, amount without showing anything about them"
18:01:42 <rehrar> sarang: try this silly little thing with me.
18:01:48 <rehrar> FOSS
18:01:53 <sarang> ?
18:02:15 <niocbrrrrrr> .romerito
18:02:15 <monerobux> To buy or not to buy: that is the question
18:02:40 <rehrar> it's a way to do video conferencing, but with a game? basically if you are close to someone you hear them well, but you can leave and not hear conversations like irl
18:02:47 <rehrar> midipoet just showed it to me
18:02:52 <niocbrrrrrr> Inge-: today's spelling is monerrrrrro
18:04:29 <rehrar> basically just a proximity-based dynamic video chat
18:07:10 <rehrar> lol, everyone ran away
18:18:53 <midipoet> rehrar: your version looks neat as well!
18:19:03 <rehrar> join midipoet
18:19:16 <midipoet> I can, but for five mins
18:19:20 <midipoet> Have to have a shower
18:20:09 <rehrar> https://play.workadventu.re/_/tfo-nsg-tcf/npeguin.github.io/skapa-map/map.json
18:20:12 <niocbrrrrrr> rehrar: I sent you a song with chickens the other day
18:20:53 <midipoet> How annoying.
18:21:13 <rehrar> oh yeah! I remember.
18:21:16 <rehrar> was pretty funny
18:21:21 <rehrar> didn't have time to respond in the moment, sorry
18:21:47 <niocbrrrrrr> np
18:40:18 <Inge-> oh is it virtual meeting thinggy?
21:09:26 <sgp_> thoughts on changing the name of "unmixable outputs" to "stale outputs"?
21:13:03 <selsta> CLI also uses sweep_unmixable
21:20:46 <xmrscott[m]> I prefer unmixable as stale really doesn't allude to unmixable-ness
21:23:12 <niocbrrrrrr> the reason stale is ng is because they are unmixable?
21:29:42 <sgp_> niocbrrrrrr basically yes, however I'm thinking of more user-friendly names. We also don't really want to associate Monero with interactive mixing processes
22:04:48 <needmoney90> Unconsolidated?
22:05:14 <needmoney90> Uncombined?
22:35:19 <lza_menace> anyone know if operator of cyphermarket.com is on irc/reddit?
22:37:40 <jwinterm> lza_menace, I thought it was rehrar
22:37:49 <lza_menace> oh, cool
22:38:00 <lza_menace> I was thinking so because I thought he did the monopoly board
22:38:32 <lza_menace> or at least I had seen him mention/link it somewhere
22:45:06 <rehrar> Whatchoo need lza_menace ?
22:45:22 <rehrar> Want a monopoly? I'll give you the best price.
22:45:24 <lza_menace> nothing, just was vetting the store before sending any funds
22:45:33 <lza_menace> your shop looks awesome
22:48:00 <rehrar> Thanks. We're the best in the business.
22:48:26 <rehrar> We're also the only one in the "selling merch for FOSS projects" business.
23:59:34 <hyc> that's why you're the best