My understanding is that the law firm that made it, is waiting on a publication to get confirmation on what date it will be published, and that it will not be made publicly available until after that date. Please correct me if wrong.

yes that's where it's at

they're waiting on publication dates

if it takes too long to publish then they'll release it separately

Good Morning Guys!! Some news whith FUD?

I'd go with the U (uncertainty), since there are precisely zero details and zero evidence on their methods or success

And without external information, it is not possible to match transactions/outputs with addresses, mathematically

official press release ciphertrace.com/ciphertrace-announc…s-first-monero-tracing-capabilities

The proof of the pudding is in the eating

> There is much work still to be done, but CipherTrace is proud to announce the world’s first Monero tracing capability

really vague, probably basic tracing with exchange data

They could have some heuristics e.g. Knaccc/EABE related stuff?

Do you consider that if they have developed a tool to exploit a vulnerability and trace Monero, ¿it would be disclosed?

IMO really unlikely that they are using some novel method.

I would personally be very surprised if they were using novel methods in their new tools

I would also be exceptionally surprised if such methods were _broadly_ applicable to _modern_ transactions

and I am always suspect of technical claims without evidence by companies who profit from belief in those claims

if it's knaccc/EABE then we can expect more exchange listings, not delistings. Because exchanges are needed for this to work, right?

Almost certainly

<sech1 "if it's knaccc/EABE then we can "> Good point

lol

😅

The alternative might be that try to build statistical models without external data, which probably leads to absurd results that one hopes aren't blindly accepted by exchanges et al.

provably absurd results sounds like fun

For example, "your deposit transaction contains a decoy identified in previous bad activity, so we label it high risk"

Absurd results would be absurd, but if entities accept those results, it screws people over

<sarang "For example, "your deposit trans"> Understand, something like depositing BTC after CJ . Is a risk

Maybe they flag all monero transactions as high risk :D

Lovera[m]: it's not the same thing though

With CoinJoins, you can guarantee that everyone in that transaction actively participated

This is not the case with the Monero protocol

Anyway, this CipherTrace thing is a press release

I think it is very suspect to conclude from it that (a) they have developed any novel methods; (b) that their tools are broadly applicable to modern transactions; (c) that they can accomplish anything of value without fairly significant external information like exchange KYC and records; and (d) that they can perform anything like address linking without such data

If anything, this reinforces earlier work on the risks imposed by exchange interaction

that was done in this and other communities

its exciting to be able to honestly say that we likely already know about any methods used here

Thankful for all those who have done the work to get us to this point

yeah they need exchange information to know something useful. but isn't that the case with tracing bitcoin txs too?

Anyway, I think the best conclusion is that this is press-release journalism until any other evidence or details are presented

Anything beyond this is speculation, and if done in media with claims of correctness, is wildly irresponsible

We have years of preprints, papers, data, and discussion on _actual_ methods and tools available to everyone, including CipherTrace

maybe all they need is for criminals to think monero is traceable, and then problem solved :)

Well, they want to sell their tools

end of story

sarang: do you think you could write a small text up as a response?

The gist would basically be what seth has tweeted recently

That without evidence or details, there is nothing to discuss or debate

We build the protocol under the assumption that people already use the tools and methods we devise

ok, didn’t see his tweets

and the Monero and academic communities have spent years researching and discussing circumstances (far deeper than just at the level CipherTrace would be able to examine) and conditions under which effective privacy is reduced

<sarang "Well, they want to sell their to"> This is true...

However, just because these circumstances and conditions exist does NOT mean they generalize broadly

You can use any tool unsafely, whether intentionally or not

But just because some people hit their thumbs with hammers does not mean you should report that all hammer use is unsafe and dangerous in practice

Please give feedback if something could be more well written/worded

However, if you ran an anti-hammer company, I'm sure your press release would claim this :)

<sethsimmons "Please give feedback if somethin"> Thanks Seth for Tweet, im going to RT and traslate into Spanish... i think is a good response

Awesome, thanks :)

sethsimmons: your reference to #monero-research-lab on twitter could require a hint that it is on Freenode IRC ...

True Ill add that

"If only there were people to contact with technical questions about claims relating to cryptography... unfortunately, no such people exist..."

I'm super surprised they didn't ask anyone with a technical background about this

Maybe I should not be surprised :(

I mean, seriously, concluding super broad technical things from a press release just makes me angry

"Monero puts out press release saying CipherTrace is full of it"

It feels kind of disingenuous to release a tool without releasing any of the specifics

^ what now, press?

dEBRUYNE: not really; they're a company

Sure, but still

What if in the background it is merely a coin toss

I am exaggerating a bit

What's irresponsible is making ecosystem-wide technical claims from a freaking press release

Sure, present the press release if you want, but _in_context_ and presented as such

it's a commercial ad disguised as journalism

yes

that's shoddy journalism

yep

But is very common in this space since reporters don't seem to have any technical background

which, again, is fine... as long as you get it right

But really, someone should release their own press release saying CipherTrace is full of it unless they give details =p

(kidding, kidding...)

Anyway, I'm done giving this nonsense any more of my time

aww, we were just getting started

Time to return to actual open privacy research

what else are we going to discuss?

OK. fair enough

If anyone has technical/research questions, or wants to check the accuracy of claims, mention me or ask in #monero-research-lab

I am more than happy to devote time to accuracy

What about precision?

lol

And feel free to direct interested entities to the Breaking Monero series, where we discuss different specific scenarios where effective privacy _is_ reduced, and try to put them into actual context to show how they are or are not broadly applicable

Lol this guy just followed me: twitter.com/R5parrow?s=21

"VP of Attribution at CipherTrace"

Maybe they'll actually reach out now

Maybe that's their tool

secret Twitter follow bot

lol

GOTCHA

ALL YOUR MONERO TRANSACTIONS ARE BELONG TO US

Ask him what your risk score is

XD

sarang: Would you mind leaving a brief comment here? old.reddit.com/r/Monero/comments/ij…laims_it_developed_a_monero_tracing

I commented linking to the tweets...

Same :P

yea removed the link again because you linked already :D

commented dEBRUYNE

Thanks

From the CEO: twitter.com/davejevans/status/1300466928440324096

I would be very impressed if the CEO had the expertise to appreciate all of the methods that might be involved

"Thanks fluffy. We will give some more details on an interview, but you can appreciate that we cannot disclose all of the methods or the future plans at this time. We reviewed all the Breaking Monero pods as well as all of the published academic research. It's helpful."

Interesting

Wonder who’s doing the interview

So again sounds like they will refuse to prove any capabilities on mainchain

sgp_ did they ever get back to you about a potential interview?

yes they are free the rest of the day really. I need to confirm they will describe the tracing more before agreeing to schedule one

also define "tracing"...

I can think of several things you could define in a press release as "tracing" and be technically correct

interesting tweet

No, because it's almost certainly statistical

Idk what that means tbh

Very vague again

This part is worrisome, because it will be easy to claim "accuracy" to their customers/clients

Whereas for stuff like BTC you can say things with certainty: this transaction signed with this key

If the interview ends up being "we can build statistics on transactions" the response is "yeah, and?"

when triptych

We've known this for years

Triptych doesn't stop the ability of companies to take complex statistics and claim things to people who pay you

You're looking at the tweet too narrowly. He also shared our response

A tool can spit out whatever it wants

We developed a graph+explorer for all the pre-2017 tx based on the Monero Leaks dataset (or whatever it was called). Checkmate Monero.

<sgp_ "You're looking at the tweet too "> True

right, but triptych will make their statistics more uncertain, which can be good and bad

sgp_: you'll excuse my cynicism here... they're trying to sell a product with a vague press release

If they're legitimately being open about this, great; I look forward to it

But I am setting my expectations based on how they've approached it so far

Proprietary Statistics and Ranking Algorithms (tm) would not be helpful, for example, either to the research community or to their customers

who should not be expected to be experts in this

If the customers are to rely on CipherTrace to be these experts, they need to demonstrate it IMO

👏

Anyway, I look forward to my cynicism being proven wrong

Anyone want to post the txid of a random test transaction for CipherTrace to be presented?

I doubt that they will prove anything.

No, but it's a good move to ask them to

too late to give them the tracing challenge, but that would be a good demo

They can PR all they want about tools, but getting the output of those tools speaks far louder

Why too late?

Does the tool turn into a pumpkin at midnight?

well, too late for an interview today probably

I will donate $100 to the charity of their choice to compensate them for their time

but I can check

Also, it's not a "tracing challenge", but a way to encourage details on what exactly they claim to provide with their tool

Otherwise everyone is chasing their own tails not talking about any details on anything, which is a waste of everyone's time

emailed them again

here are some details

was removed

will repost

"decoy removal" can mean anything

He also claimed that MimbleWimble has worse privacy than Monero: reddit.com/r/CryptoCurrency/comment…onerotracing_tool_to_aid_us/g3hg9eq

which is not exactly news

he also posted a tracing example, but it requires mod approval

dEBRUYNE: ^^

Lol he used half of the comment to insult, nice

also not sure if this is a legit account

I can verify

dEBRUYNE needmoney90: reddit.com/r/Monero/comments/ik0t3h…/ciphertrace_monero_tracing_example

waiting approval?

new account gets blocked by automod

Decoy removal? This is too vague description.

OK so

This has _nothing_ to do with linking to addresses

not even close

Lol

that requires external information, known spends to listed addresses, or breaking mathematics in a fascinating way

We have published tools on "decoy removal", and methods and math on this, for years

If they packaged it into a fancy tool, cool

That research is all open, and we don't get to decide how math is used

I stand by my earlier assertions on what this probably is

and by my fear that this will be presented to customers/clients as some kind of yes/no risk tool, when really it's a fuzzy-wuzzy statistical cloud

Kudos to Dave for providing _any_ details, for sure

No fault there

I mean, if Dave wants a list of all outputs that can be _definitively_ traced, with no stats involved, I can literally email this list to him

I can confirm the UI looks like CipherTrace's other tools

Or give him a Python tool to do it himself

So what, this identifies ring members by source?

this screenshot seems real and realistic

Sure, any explorer can do this

Is there more that I'm not getting here?

though obviously this doesn't show much lol

No, it does not

To be fair, I assume their customers dont' _want_ much detail

so it’s a visual block explorer? like fluffy said? lol

They want "risk"

I'm trying to figure out where they are making attributions between outputs and addresses/users

So customers shouldn't be expected to want deep information...

If this is just labeling outputs, that's like... a database

and a block explorer

and a frontend

Is there more here?

Or I am just going insane?

Or both?

looks like a visual block explorer?

if it's easy to use it's a cool tool, but hardly shows/proves much

Lol at all mixins being tagged “mixer” in the legend

Says nothing about how they are deducing true spend from the decoys

That could be a completely false trace for all we know

But maybe someone else can make more sense of it

I'm not 100% sure that's how it works, would be odd if the others were ATM

Can't they just create a risk score for each key image?

they're not "deducing" true spend, they can only estimate probabilities

Sure

But that's essentially risk assessment

Just less accurate

Why are all sends marked as “ATM”?

I am not sure if that's actually what they are marked as

I asked on Reddit for him to explain/walk-through

Because Monero is digital cash, and since ATM's deal with cash

sethsimmons: yeah I wondered that as well. Maybe they have all the ATM info (hence all outputs from ATMs)

That is actually a pretty good example of a potential privacy leak

sgp_: there is a colour key...

You don't think that's accurate?

I guess I would be surprised if it was an ATM example

Seems like they're implying they can trace from DNM to ATM in this graph

And I think they are just coding unknown outputs as "mixer"

so it might be EABE attack using data (known outputs) from ATMs

Even "known" are marked as mixer lol

sech1: that's my guess, yes

I think we're reading it wrong -- I don't think the arrows are covered by the legend

How many ATM software/hardwares are there?

Only the dots/highlighting

Not many right?

The initial sets of inputs have one black (DNM) and one white (unknown) input flagged

Then there is a highlighted green output (ATM)?

The LEAs could also have fake ads on DNMs

That would give them additional data

Not sure how else they could say these originated from DNM

Confiscated accounts? Arrests?

I think this is just an example of the interface.

Well if they own this accounts keys its not really tracing :P

"sgp_" (matrix.to/#/@freenode_sgp_:matrix.org): Legend is supposed to be applied to arrows or addresses/circles?

sethsimmons: no, but it's another set of known "risky" outputs

xmrscott[m]: exactly I don't know

I would say all

Makes no sense to use the same colour otherwise

I think orange arrows are inputs, green are outputs

I don't think the arrows have a legen/apply to the given legend

What I don't understand is the way each transaction is depicted -- is the pentagon a key image, and the square a transaction? It's all so confusing

i'm saying it's a visual block explorer and an api-ready framework for all exchanges/etc to connect to, enforced by LEAs

That wouldn't be of any use for the specified purpose of tracing Monero, though

Since it wouldn't even help in any way to imply a known spend etc.

So if its just a visual block explorer its not interesting

But if it is just that it makes sense why they call it v1 and say they are going to build on it

morning :(

needmoney90: good night

hyc: whenever I see your name mentioned on the internet i just forward it to you :-P lobste.rs/s/m9vkg4/database_i_wish_i_had#c_askorb

sgp_ You sent the tracing challenge to ciphertrace right?

Have they gotten back to you with any response?

They have a fancy tool that does it, so it should be a cinch

Oh that would be a great test :D

Forgot sgp_ sent them that before we knew about all of this lol

needmoney90: yes I sent it their way

That's where they got the idea ;-)

Two weeks later, product released!!

XD

stranger things have happened

Lets have them on Monero Space for a chat and have them walk us through how they beat the challenge ;)

There's a gimme in there, an EAE, they should at least get that one

literally only one path in the whole set, its a process of elimination thing

What's the attack when you run a load of nodes?

you're able to tell who sent the initial tx, at least before i2p/dandelion

so you record id/tx pairs

Or sorry when you create a load of transactions so you know the majority/substantial portion of outputs..

and can use that to correlate txes

oh, thats a different one

Yeah, sorry. Got confused

Though both are nasty

That's the one we need to look out for

Dont we run dandelion++ default now?

I thought that fixed it

sgp_ Can I get some confirmation dave is dave?

If you can do it sidechannel

Then I can tag him

Just want some independent sidechannel verification, its kind of a foregone conclusion who he is

pinged on Twitter

Sooooo is this trying to use decoy presence in rings to "estimate" the likelihood of being connected to illicit activity?

If so, that's an insane misrepresentation of how non-interactive signatures work

Without any details, I'll assume this is the case :D

If all this tool is doing is counting ring members and tagging them in some database, that's... a really bad way to do this

I really hope they're trying to be more clever than that

Otherwise, they're paying someone way too much

there must be two poisioned outputs that they noticed were later spent in the same transaction, so they're doing pretty straightforward stuff here

dear CyberTrack, I sent a morono tx last night while drunk and don't remember who I sent it to. Can you please help me?

knaccc: is that really a realistic way to look at this?

Oh, are they assuming the poison comes from the same transaction too?

If not, this is a simple example of bad sweep

i assume on two separate occasions, they paid the merchant

then later waited for a cashout

Dont those first two txes have *two highlighted txes* in the same ring?

Sure, that's well known

You cant spend two txes in the same ring

yeah it's really well known

Yuuu

Yuuup

they're not doing anything clever at all, but it does work

OK, this is nothing even remotely new

This is just saying you should _at least_ safely churn before merging

bam

I literally am working on an output merging analysis tool now

to examine distributions of this

lol

oh nice

OK

they only got $120k from DHS sarang

This is super enlightening

maybe we should apply for DHS contracts

We jokingly considered it needmoney90

heh

wen SarangTrace

they actually got $1.3M from dept of interior

I was invited to participate in the CipherTrace interview later today

I'll ask about this specifically

and ask if they'd like my toolkit

profits will go to mooonero development

sarang what does your toolkit do

if we're already doing the development why not get paid for it?

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

"Monero being paid by government to break its own software!"

knaccc: looks at distributions of merged outputs

if/when we use epochs, this goes away

Er, goes away if done in a temporally close way

Otherwise, if you aren't accepting controlled payments, this analysis is useless

Also: do individual sweeps before spending

bam, this problem is now solved(ish)

sarang oh i see, so for a tx with 2 inputs, it's looking to see how easy it is to guess the real outputs being spent by noticing they were recevied in a comparatively much closer timespan than other outputs

So it’s just a merge of poisoned outputs?

yeah epochs definitely a great idea

sethsimmons: appears so

Lol

knaccc: also depends if the outputs are known to be controlled to the same entity

That explains a lot

e.g. poisoned outputs at multiple spends

nice

knaccc: one version of merging looks purely at source txns, which is my focus

Source txns being separate but known (like in broad ransomware) is mitigated by avoiding multiple sweeps

This isn't even remotely a concern if you aren't pulling evil shit like this

what is the evil sh*t you're referring to?

you mean ransomware?

If you accept multiple flagged outputs in different transactions and later merge them

So summary: two known poisoned outputs are later merged, allowing the poisoner to use a shared ownership heuristic to tie them to the same entity?

The original merge research assumed you were looking at outputs generated in the same txn, but this isn't that common

well if you're selling bibles in china, you can't avoid receiving poisioned outputs. all you can do is later not spend them together

But if you assume the source txns are in some list somewhere (like in a broad ransomware attack), the idea is similar

knaccc: right

Best way to avoid this myself is sweeping individual outputs from potentially tracked sources (like KYC exchanges) before merging at some point later (if needed)?

Yes

This doesn't eliminate all risk, but mitigates it

Thanks

This has been looooong known

Could this be done by default at the wallet level?

NOTE: this is speculation

<sarang "This has been looooong known"> Yeah for sure this is old as time

We don't know if this is actually what the Fancy Tool does

But it sure sounds like it

the question is: how can monero be designed such that monero users don't need to know all these special rules in order to have untraceability

knaccc: this is the correct question :)

If it is, a simple “right click incoming TX>churn” in GUI would fix in theory

Well, to a point, yes

Since it adds those outputs to a "recent pool" likely to be chosen in many txns

well you'd need to churn more than once, especially if there were more than two poisioned outputs

<knaccc "the question is: how can monero "> YES!

ALSO: this Fancy Tool is statistical only

a LOT more than once

knaccc: sure

Maybe “flag for churning” and let the wallet churn based on some profile over time

it moves the analysis down the graph

But it does sound like CT is doing very little broad graph analysis

I'm a bit disappointed :(

haha

I had kinda hoped for more interesting stuff

This is... not interesting

Lol

Useful? Sometimes

haha you're getting annoyed at someone breaking your crypto and it's only a wrench

I mean I suspect they're embarrassed about their tool's capabilities, or they'd be yelling about them

I'll bring it up in the interview

best I can do needmoney90 i.imgur.com/CQDficY.png

I'm not saying it's nothing

Should be good 😎

or a bike lock with a ball-point pen. amateur!

hahaha

Interview with sgp_ or who?

It does highlight ways the wallet can continue to protect against certain silly things

yes

Nice

Dave is talking to Sarang and me later today

I wonder if they did something else with their year of work

Yeah some easier coin control is a bare minimum needed for this, but automated behind the scenes is best

I'll probably post the interview tonight unless it goes poorly and they don't answer any questions

Sweet

I guess most china bible seller are not familiar with coin control at all

But yeah, this is a great opportunity to review how wallets handle outputs in this way

<sarang "But yeah, this is a great opport"> Absolutely

A tool like this could be enough to get them in some of those reeducation camps or worse. Not that the tool is ground breaking or anything, but a good reminder that all theoretical attack vectors will, with enough time, be explored.

Absolutely

I've said for a _long_ time that what was untested was the extent to which plausible deniability and statistical heuristics actually matter in the real world

This is a fascinating example of it happening

Unfortunately, they won't say the actual thresholds

but FWIW nothing about their example provides definitive evidence of transaction structure

it's just a merge analysis

This was published years ago

There are warnings (e.g. spending multiple old outputs) that only get displayed in monero-wallet-cli currently, they should be added to GUI.

absolutely

go for it :D

I'll try to use this interview to say "sooooooo this is a merge analysis, then"

needmoney90 actually this would be a really cool traceability challenge. you could give me two different wallet addresses, and i'd send an output to each of them. then you avoid combining them directly by spending them both in the same transaction. instead, you try an churn each of them independently, and only eventually spend the results of those churns later

and i see if i can tell you the tx where you finally combined them :)

i wonder how many false positives i'd see

Yeah, this is part of the analysis I'm doing now

oh nice

i'm kinda nervous at what you might discover.

My conclusion: if you aren't concerned about multiple flagged outputs, and you aren't performing these merges, this technique likely does not apply to you

sarang <3

<3

Fascinating that a tool is actually doing this

I'm still academically disappointed they aren't doing something more interesting =p

sarang what you just said sounds eequivalent to: "if you aren't concerned about an exchange being hacked (which would effectively 'flag' certain outputs as being sent to a particular person), and if you never cash out more than one received outputs at a KYC exchange, then this threat does not apply to you

but that's basically unmasking vast numbers of trading relationships between exchange users in the event of a hack

The flagging part is true

The intermediate steps, less so

But I get what you're saying; you've brought it up before

i'm glad you're doing this merge analysis, it sounds incredibly interesting

I have mixed feelings about the "exchange got hacked" argument, since at some level it devolves to "I gave this entity loads of personal information, and now it lost them"

If CipherTrace wishes to fund public research, more power to them :)

the research does not seem very public

only their conclusions :D

we should just ask an exchange to give us an anonymized dump of their data for research purposes

No, but if they want to support me and the research is all public, go for it!

knaccc: shapeshift's api is public

they don't say when two txs were by the same person though, which is the critical thing

unless they are reporting IP addresses or something i didn't notice

they are not

sarang btw have you been making any mainnet txs and churning them etc for your research purposes?

it'd be cool to establish a library of 'tracing challenges'

including nm90's latest tracing challenge

I have not

I've been doing stats to get typical distributions

ah ok

Mine should be a cakewalk compared to real world data

Literally all occurred within two days

Barely any time to analyze at all, tons you can rule out

I find it surprising they'd do this kind of merge analysis and not the trivial value-based Zcash-type pool interaction stuff, which seems way easier

Unless... they are...

<_<

>_>

Ciphertrace has had access to the challenge since it came out, we shared it with them

Yeah, but Zcash isn't as heavily used/recognized, so it wouldn't sell as well

s/it/the news

chainalasys has a tool for zcash already though

But AFAIK it doesn't even bother doing pool transitions

and historically those are _huge_ for linking shielding operations; unfortunately no one has bothered to do an updated analysis of this

(I tried, but the tooling is _awful_ for this)

Ciphertrace *could* have spammed transactions...

We'll be asking this in the interview

FWIW another entity (like a government partner) could do the spamming and present the info to CT

and then CT is technically not spamming, and can deny this

So any response could be weasel words

so the recent transaction volume growth was spamming?

recent = 6 months or so

I don't know what caused it

I intended to ask this question of them generally

as part of their tooling

I wouldn't be surprised if its recent increase in DNM adoption

As there are clear and tangible signs of that

But definitely curious what they say

"we deduced the output because we owned the other 8/9/10" would be spicy

I'm sure they don't do the spamming

But I wager they won't answer about their investigative partners doing controlled transactions

we'll see

We should assume this happens anyway

Crypto activity generally picked up, also DNM adoption increased.

Also felt like more support threads with basic questions but that’s not really accurate metric.

Is it worthwhile at all to create some sort of dashboard to monitor 'community'-type activity vs tx volume to make sure there's no funny business?

doubtr

There's an easy way to test it tho :D

first spike in txs around a year ago was the introduction of the game minko :)

If you want to test whether an active attacker is spamming a % of txes, create a sustained burst of txes for a few days and see if it gets matched

I considered doing something like that for a puzzle, but it was too costly to get a large % for a few weeks, even with our tx costs

2 XMR/day at most

if you just fill empty space in blocks to make them 300 KB

well, costly to sustain it for a few weeks :D

I'm aware of other indicators that at least some portion of the transaction increase are legitimate

How so?

Can you share?

not really my info to share

i love that monero's total monthly tx volume only cost $600 in tx fees

i wonder if that's in the realm of what governments can afford to spend to spam the blockchain :)

Well, it's tough to have the protocol determine what's a "legit" transaction...

and any ongoing spam attack needs to be... ongoing

Which is of course not infeasible

but does require ongoing sustained effort

yeah, can they afford to spend $600 a month on an ongoing basis

knaccc pbs.twimg.com/media/Efu9dd7UMAALfKW?format=jpg&name=large

lol that's not what I mean

I agree with selsta's sentiment. From the burst of recent activity in the monero channels + reddit i would say an increase of tx seems organic, especially if we consider the recent price rise. Just a feelijng tho, i have nothing to back that claim

Implying *our* fees our low?

It's about fraction of control

needmoney90 HAHAHAHA

who did that?!

I made that one lol

you drew that? that's incredible!

nonono

so good

I modified it

still awesome

the original creator was 3palec

I swapped out the medal and barolo label

ha it looks seamless

barolo label is sooo off

but you didnt hear it from me

I got lazy :p

didnt bother to mask it against the bottle edge

so a corner sticks out and the bottle is visible in other parts

it looked totally seamless to me

hehe

it got some upvotes :D

(also the person who originally charted those numbers forgot litecoin)

(so we were actually 4th)

but shh

its funny that our fees are that much higher than other networks when we're sitting at this point in market cap

We’re one of the few L1s that sees actual usage

Most base layers are dead

Someone pointed out (reddit?) that Monero tends to be delightfully boring

I like that

I have a screwdriver set that I use for fixing things, and it's delightfully boring too

IMO good tools should do their job and be predictably dull

lets move the decimal 1 place and claim its an airdrop to all monero holders

-____-

"we 10x'ed the coins!!!!!"

wen

we would pamp

so hard

isn’t Apple / Tesla pumping hard due to stock split?

soo big companies do the same :D

cmon guys lets push this

private airdrops

when my private airdrop

sgp_, knaccc, sarang: Would it be worthwhile to write a brief 'A response to' blog now that an example has been posted?

!tip sgp_ 10

idk, not yet?

The previous blogs have come in handy when the subject ultimately arises

sure, maybe a MO post is enough though for this?

I'm not really sure tbh

Probably best to wait until after the interview

we should have an interview up in ~2 hours anyway

yeah worth seeing what they have to say

yeah

cant wait!

imagine if it was live lol

Spicy :D

that would be more risky though

I wish it was live

Open questions

(I don't actually wish it was live)

Has that reddit post been verified?

haha literally open chat to the public

But I kinda do just for the risk factor

As being from Dave's account?

If so, worth noting this

no it has not been verified yet

I can ask before the interview however

Please do

I want to know if it can/should be referenced as accurate

He could tweet a link etc.

obviously yeah

Right, to be publicly verifiable

like I said we can easily confirm before asking questions

as opposed to just emailing you

yes

but ideally publicly verifiable is best

If he emails you, you could lie about it etc.

sarang: The mods can flair given private info

and often do

yeha I see nothing wrong with private verification

once flaired, you can assume the subreddit mods reputation is at stake there

Sure, he can do whatever he wants

But it's easiest if he tweets it

Then he's also taking public ownership of it

which IMO is beneficial

Until then, I don't think a blag post about that plot is a good idea, since it could be trivially faked

We've been duped before

to be fair, we spoke with them regarding the whole writeup to begin with

beforehand

and they asked a bunch of BS questions

?

Did they discuss the post?

Will the interview be publicly published btw?

On the Monero Space channel AFAIK

He said right after

Yes

We are conducting the interview as we speak

share juicy details

Author deleted that thread

Can we still make it visible somehow?

we can't afaik

who originally made it?

Why is it gone? D:

we could crosspost to the comments thread

as a new post

thats about the best possible

You mean the example thread?

Let's do that I guess

lolol

i guess they watched Breaking Monero

"CipherTrace paints it as a positive for XMR by adding legitimacy to the privacy coin" that is world-class spin

<xmrhaelan> Hate to be the tinfoil guy, but am I the only one who finds the timing of this disinformation campaign a little suspect? This is within a week of the news of DNMs becoming mostly XMR

which DNMs are those?

The lead DNM exit scammed, which was mainly Bitcoin

They got gov contracts, worked on this for over one year. Obviously they have to claim that "they can now trace monero".

Almost all of the rest are XMR exclusively or Primarily XMR

i think sgp_ needs to create a series called Fixing Monero

:)

<xmrhaelan> It’s almost like this came out of someone’s playbook...

<xmrhaelan> I’ll take the tinfoil off now. Back to regularly scheduled programming....

I see bears and crabs in the sky

lol @ article

I only read headline

MO

At least later they admit it’s not like Bitcoin and more of a probabilistic game.

why waste time

thx for saving me time selsta <3

they take a corporate press release and present it as a fact in the title

how else will people click and read the link?

think of the missed ad revenue !!

CipherTrace claims to be privacy advocates in that article too

CTO of CipherTrace is presented as pro-cryptography, see bio

on their official website

yeah sure

writes a smear job and endorses it

<xmrmatterbridge "<xmrhaelan> Hate to be the tinfo"> Nah, I commented my hunch is maybe TLA psyops given timing

Without talking to the people who actually did the research they used

Btw, for reddit mods, consider removing any direct mention to phishig sites from the subreddit, see also reddit.com/r/Monero/comments/ijv0c3…account_address_and_receive_address

Because it might increase their SEO

When I say direct, I mean a 1:1 URL

I thought they were on the list

we do have an autoremove list

that one wasnt on it for some reason

right

<dsc_ "CTO of CipherTrace is presented "> Same w/ CEO on Twitter. Cypherpunk and smart contract advocate since 1999 (TM). Ok buddy.

Done

tysir

It's now on the list

shouldn't happen again

I strip the privacy

TO build it back up

you see?

*while working with govs 100%

ANd taking helicopter money

Their day job: CipherTrace. Their night job: being mooo

And selling KYC info to the gov

LOL

Meh I don't really care if people work for chain analytics or the gov. but I do care if news website publish sensational headlines :P

I suppose it's a good sign that any such news is immediately "big news" - it reconfirms that Monero's privacy is strong

That's fair. Regardless of gov one is going to contribute to ensure Monero is fungible. However w/ terrible tech news outlets that just regurgitate sales pitches you have to waste extra energy informing the public that snake oil is in fact, snake oil

article needs more clicks, otherwise how they will pay their bills

lol the threads on /r/cc about it are downvoted hard

also dsc_ for SEO reasons, the text in the sidebar that says changelly and freewallet are distrusted? The a in both of them is a non-standard character.

If you copy/paste those into google you wont get any hits :)

I made that change a few months back lol

nice one

oh, there are google hits now

I don't know if it helps but it cant hurt at least :D

but only for people caching our page :D

Interview has ended!

👀

how was it

:o

Not all of my questions have been answered, but I was pleasantly surprised that the CEO shared what he did

So kudos to Dave for this

I still have my issues with the way they presented this, no doubt

And I still do not think there is anything fundamentally new here, but the idea of building in likelihoods of signing and non-signing in transactions

which has long been the subject of research in one way or another

Their press release met their business objectives before it met its accuracy. Doesn't mean that's right but that's their perspective

For press releases the way it's conveyed is usually purposefully broad

Yes, and I specifically called it out as being ambiguous, perhaps to the point of misleading

sgp_: should I produce a list of technical questions that Dave wasn't able to answer?

FWIW I don't fault him for not knowing all the details, but I do hope we can ask people who _do_ know the details

sure make a list

no harm in having a list

What's infurating is the idea of taking all sorts of external information and trying to pull all risk into some kind of single "percentage", as if there is a definitive standard for doing this

The idea that this is non-interactive further makes this very wishy-washy

I tried to convey the frustration of this difference in the interview

But to be clear: Dave confirmed that having tainted outputs in a ring does in fact lead to "higher risk"

Presumably as part of this "final percentage" score

So you can inadvertently get implicated in case the decoy selection algorithm picks a poisoned output?

The way the news was presented leads to erroneous claims like this -> twitter.com/TheCryptoLark/status/1300534387226763264

Essentially a great way to spread FUD

Dave claims that their algorithms try to avoid these false positives

I pushed back on how this was possible since the math is closed and unavailable

How do you avoid false positive

He basically said "yep tough problem"

Yeah, we all know it's a hard problem

I _highly_ recommend watching this interview once posted

Let Dave speak for himself

Anyway, we have few details about what exactly they're using for heuristics, and they might not say

But he referred us to others on their team, to whom I intend to present these questions

I understand if they want to vet the questions and responses; they're a private company

sgp_: wen

we have few details about what exactly they're using for heuristics <= Can you share those?

I expect they're in the upcoming video

eta 2 hours or so

dEBRUYNE: it's all in the video

I don't want to put words in his mouth

But he basically said they use a lot of sources

Notably, they perform their own transactions

He confirmed this twice

(I wanted to be sure)

Again, kudos to him for even doing this interview

It's editing and it's almost uploaded now. I should be paid for this SLA :p

s/editing/edited

nice!

So I guess they are creating a stream of poisoned outputs they can subsequently utilize

That may be a part of it; it's unclear precisely what heuristics are used

I asked about merge analysis in the r/Monero example, and did not get clarity

Dave then responded on reddit and said it wasn't a simple merge analysis, but this is not clear to me from our interview specifically

except in generalizations

If they used some other analysis / data than that statement is basically valid

Doesn't mean it wasn't predominantly merge analysis

Well, he said "as you know ..." which isn't totally accurate

> However, statistical reasoning is crucial to the solution, which means unless we are 90% confident, we do not present it to the investigator.

He say generally that they would use multiple data sources, but I do not have any specific information about the example in the post

arbitrary 90% lol

s/say generally/said generally/

selsta: Where is that from?

selsta: he did say the 90% threshold was arbitrary

> And we do provide off-chain data such as IPs.

It's also unclear what goes into such a single number

dEBRUYNE: reddit

I asked about this

Can we make an accept cookies pop-up for GetMonero that when you click yes posts this comic? usercontent.irccloud-cdn.com/file/C…WxM-2r8ZFGojvTJa-ZClMN_kEhZ8O00.jpg