sgp_: my guess also is that the actual tender was relatively prescriptive (gov contracts usually are). they provide what is called a Terms of Reference (ToR) that guide the bids they wish to receive. Companies then compete to show they understand the problem space, basically demonstrating the necessary expertise and resources to complete the work desired by the contracting agency (in this case the DHS).

My bet is that CWS, through his company (i forget the name), saw the ToR and may even have had a competing bid in. So he knew that a generalised method was already in progress to analyse Monero (admittedly built on top of methods we already know).

the ToR would have also (at least) given hint to the available data sets that the DHS had to put towards this sort of project - as these ToR's nearly always do that

Does anybody feel like contribute adding new voices to the Moneropedia? github.com/monero-project/monero-si…el%3A%22%F0%9F%93%96+moneropedia%22

No need to open a PR, you can just write the text in the issue and i'll take care of adding it

ErCiccione[m]: Perhaps worthwhile to post on reddit too to reach a bigger audience

I always call for contributors when i post the summary of the changes to getmonero on reddit. I don't know if it worth making a dedicated announcement for this, it's nothing new really. People should always look for stuff labelled "needs contributor" on the monero-site repo.

Wouldn't hurt either I suppose (if you have sufficient free time)

Yeah some attention to the website won't hurt. Doing something else right now, i'll put something up in the next days.

ErCiccione: I'll be diving into open issues starting next week, hopefully :)

That would be great, let me know if you need any info :)

I'm listening to this ciphertrace interview and the CEO keeps saying "I'm not the math guy"

It's unrelated to the discussion but I don't like when upper management calls their techies like that

:pPp

@dsc_ I think that's fair enough. If you asked my CEO about technical aspects of how most of our products work - they'd be lying if they told you. But, a shame he wasn't more prepared considering he knew he was coming on for an interview :D

Let this be a lesson for any CEOs in this channel right now. I'm looking at you Jeff Bezos!

bakewell: Yes I'm specifically talking about "the math guy"

He's running a technical company

You don't call your employees "math guys"

I might be a little pedantic though.

Dave Jevans does. Maybe "the math guys" refer to him as "the money man". :D

Fair enough :p

I presume none of his math guys are math girls. #WomenInTech

Oh, that's not why I brought it up.

I know, I was just adding to your point too.

Of why its not the best term to use.

That's just incompetence and bad faith. He probably hoped the interview would bring him some PR value, instead he made people realize he has no idea of what he is talking about.

Maybe they refer to him as "Pointy-haired boss"

Internally they can call eachother whatever they want

lol Inge-

dilbert's boss wants to synergise with blockchain technologies and sharting

misleading [✓] old [✓]

*according to press release and company claims

As always, without details or evidence, it's not possible to assess any claims definitively

Anything else is speculation

Informed speculation, perhaps... but still speculation

this Decrypt article is even worse than the others because they neither bothered to check the claims nor ask for opposing comment

The CoinTelegraph article didn't seem to check the claims either

Crypto journalism! Never disappoints!

Asking "what do you think about vague claims" isn't really verifying anything...

right, but at least they included the "other side" to a pathetic extent

do any of those websites get any traffic? cointelegraph probably does.

don't get me wrong they're both bad

people publish garbage all the time but if theres nobody there to read it 🤷‍♂️

sgp_: Decrypt also uses a more sensational (and erroneous) headline

kinghat[m]: Cointelegraph gets a lot of traffic, yes

dsc_: I've removed that thread by the way, don't need thousands of duplicates on the sub

yes that's fine

been previously posted/discussed

Hopefully responsible media identifies clearly that it's a press release from a company

and that readers can make conclusions based on that, but on little else

Forget it :P That's media for you.

Eh, one can hope...

Due to these erroneous headlines we're basically forced to write a rebuttal / response

I also do not wish to give it too much free credibility

What statement? twitter.com/monero/status/1301232701719089154?s=19

WUT

Whoops, not sure why caps lock was on

I meant, wut

dEBRUYNE had suggested a blog post, but I am uncertain of its usefulness

dEBRUYNE: why declare we are making a statement when many voiced skepticism about making one?

I can do a blog post, but I don't want to give free publicity and credibility to this if it isn't also helpful to readers/users

yeah, that was my point. Right now making a blog post gives credibility to a PR move

I was happy to do the interview with Dave since the point was to learn

but right now my view is "without any details, there is nothing new to discuss"

The onus IMO is entirely on them

The academic community has done their part for years to study this openly

Plus, I don't want it to sound like this is some kind of wild surprise to hear that a company is claiming this

Threat modeling assumes these methods could be used

Doesn't matter if someone claims they are doing it in practice... anyone can claim this

I'm not surprised, just irritated at the huge waste of time this has been

I'd much rather go back to building useful tools than trying to tell people what a press release is

the reality is they have a v1. That's the story. It'll probably get better as time and resources are pointed towards it. Believing otherwise is just a form of denial, imo

No one is saying that reasonable threat models should be dismissed

I'm saying that we already think about these things

Whether or not companies put out press releases is not relevant to this

Because anyone could claim these things, and it could be true, or it could be false

I refuse to subtly confirm what someone else may or may not have built

That's misleading and just gross

> I'd rather go back to building useful tools than trying to tell people what a press release is

^

My suggestion is to just take this as an heads up. We have these issues that need to be solved. People announce that they can track Monero all the time. Nobody provided any proof yet, so let's go on doing what we were doing without giving them too much free PR

agree 100%

Because i suspect that making noise was a big part of their goal here.

I absolutely think this is a great opportunity to revisit practical threat models

fuck em

let

ErCiccione[m]: they have a tool which will definitely provide a probability risk score for its user. That's what they have, and it will have the effect it's meant to have, unfortunately. The degree of its accuracy actually makes no difference practically, though of course it does ethically.

That being said, I do also think that the interview was useful in that it perhaps assured viewers that we weren't just sitting around twiddling our thumbs for years

's make a better tool and use those learnings to improve the protocol

Being able to ask specific questions about known methods showed we are aware of them

midipoet: that's what they _claim_ to have

midipoet: We have absolutely no clue about what they have.

AFAIK nobody has publicly seen the output of this tool

We saw a screencap on reddit with no details

we only have our assumptions knowing the vulnerabilities of Monero

I actually think it may mean Monero will get delisted at a slower rate than it was from certain exchanges/jurisdictions

I asked for information on this screencap, and was provided effectively no information

ErCiccione[m]: Wasn't me, I don't have access

Catching up to the discussion now so I can participate

As ArticMine says, it's theatre. They have provided an effective prop

Well sure. When you don't have to back up claims, life seems pretty great =p

midipoet: Should definitely use the tool to get more listings lol

But that's not how math and science are supposed to work

I would suggest not worrying about it, and just work on making Monero more resilient/private/efficient as we would have been doing anyway. Also, more transactions would help

sarang: when has cryptocurrency ever required proof of claim?

:(

It should :(

I'll note again that project materials do use terms like "anonymous" and "untraceable" that I think should not be used

So this project is not immune from this kind of marketing-ish stuff

I agree

hopefully when I come back you all will be done talking in circles about nothing haha

lol

I'm waiting on builds anyway

I think would be a good idea to make a simple clearing statement on twitter which clarify the situation to the people who are panicking because they think Monero is traceable now. That will have the same effect of a blog post if spread enough, but wouldn't be felt as official.

If anybody know who is managing the twitter account please let them know about it ^

a post on twitter could go far

Best would be to not mention CT, so to not give them visibility

Just something like "About the recent allegations about Monero blah blah"

I see that sgp_ had made a personal statement that has appeared on twitter

IIRC that was made before the interview, if that matters

ErCiccione[m]: what might such a new statement say?

I think it's important to neither scare anyone unnecessarily, nor reassure anyone unnecessarily

But TBH the threat model hasn't changed

and I stand by my early speculation that nothing this company is likely doing is anything particularly novel

But merely cramming heuristics and external data into a score

Should we learn more details with reasonable evidence, perhaps this view will change

Someone can steal any of that statement but I think a blog post is excessive. We just don't know enough info so ¯\_(ツ)_/¯

Sure

"the threat model does not change due to press releases"

Fwiw I've heard from other researchers outside of Monero who are skeptical of the claims as well, though the full details of that were shared in confidence

fair enough

I must remind myself (and perhaps others) that there are economic and business incentives at play here

Hopefully I can get someone on the record next week :)

I agree a blog post is excessive, but since some people would prefer to have one, i think a simple statement reassuring people made by Monero's twitter account would be useful. I'm trying to mediate between the two parties here, IMO a statement is not strictly necessary, but i understand why some would feel would be useful to make one

Reassure people how?

Oh, easiest to copy/paste from that Reddit post. I made a comment

It's important not to downplay possible threat models

Sending the statement from the Twitter account is fine imo

that have always existed

My point is the existing threat models haven't changed

sarang: Saying what we know: no proof of new threats, nothing new that what we already knew

So the ecosystem today is exactly where it was a week ago

*nothing new from what we already knew

I think it is fair to say that nothing from the press release or the interview leads me to believe that this company knows any math, graph theory, or fundamental heuristics that are not already known

If they do, this was not conveyed (and might not be, for business reasons)

had they shown something like this but with new findings then we'd ahve something to talk about: github.com/maltemoeser/moneropaper

Sure, which they obviously wouldn't do

If I ran a company and wanted to sell that, I wouldn't

Personally i'm convinced that CT mostly wanted to make noise to attract investors/clients. I have no simpathy for them

Sure. Private companies owe nothing to the project, and the project owes nothing to private companies.

If clients buy their tool, I sure hope they know what they're getting

and I am not convinced _at all_ that they would, based on the interview

Hopefully this was made clear in the interview by my questions

Private companies owe nothing to the project, and the project owes nothing to private companies. -> Absoulutely, especially survelliance companies

In practice this is not the case

Since the project's research is entirely open

and companies' research is not

so there will always be a fundamental asymmetry

Companies get the benefit of open research

but not the other way around

Or making "him" foggy? IRC's actions confuse me

I always consider them to be in the third person

hehe

Good wine?

My brother-in-law is a sommelier with good taste in wine, but I know nothing about it :(

Chianti riserva. Cannot complain

Me neither, sounds super good but it's a 6 euros bottle :P

still decent tho. As an italian i have to have a quality standard

Barolo?

Lol

:>

Barolo for celebrations, chianti to drown sorrows

Mix both!

you need the £4 a bottle "probably-not-legally-wine" from tesco

Someone told me that someone else told that person that someone else told that person that a Monero Barolo webshop is opening soon

dsc_: Blasphemy!

asymptotically: tried that. Don't know how i survived

pure speculation though

i must have terrible taste because i thought it was pretty good :P

The Monero barolo webshop is definitely for toasting the death of Monero!! We can do it all together this way.

well, not good. but not bad

i tried some tesco wine in england and i would have preferred mop water, but i mean, it's england. Food is as tasty as the weather there

Sorry asymptotically if you are british. England can be fascinating, but let's leave food and weather aside :P

Good fish and chips is good

As is an English fry up

And Sunday roast lamb

i'm going to go to the beach and eat my fish and chips while i get rained on and attacked by seagulls

and i'm going to enjoy it! >:(

hehe :D

Monero barolo wehn