Switch Bitcoin and Monero #256
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#256
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
See the #247 comment thread
@hyc:
If any coins deserves to be first, it's either Bitcoin (usability) or Zcash (technical superiority). I have been fascinated by ring signatures and RingCT (albeit for the wrong reasons, the small anonymity subset per transactions makes for interesting attacks) and I'll honestly admit: it's theoretically inferior to the anonymity provided by zk-SNARKs. I'm by no means saying RingCT is bad or doesn't work, but on an individual basis, a transaction by Monero is less anonymous than a Zcash transaction.
We already had a lengthy discussion about this in 207. I know we'll see a small flood of people supporting Monero making baseless claims, but the opinion of the biased masses don't automagically make it the truth.
Zcash is not private by default. It is this way for solid technical reasons - constructing a shielded txn takes several GB of RAM and multiple minutes of CPU time. Quit pushing for the "theoretically superior" solution when it's known not to actually work in the real world.
The fact is that 100% of Monero transactions are more private than 90% of Zcash transactions, because 90% of Zcash users don't use the privacy feature. Some of these take the default out of ignorance, some take it because they have no choice - e.g. busy crypto exchanges. Whatever the reason doesn't change the fact.
Monero first. Zcrash is shit.
@BitOfWisdon Your "link"s are not linked ;)
Monero should be listed first. It is private by default. The other coins are not private by default.
Monero transactions are almost instantaneously constructed, vs. an impractical amount of time required to construct a private Zcash transaction.
Zcash's CEO has stated that their private transactions can be made too traceable. Peter Todd, a BTC developer and cryptographer who participated in the Zcash Trusted Setup, has called it a back door. Gregory Maxwell, another BTC developer and cryptographer, has said that Zcash is not unconditionally sound and that its Trusted Setup is a vulnerability.
Bitcoin is not anonymous. Mixers only make it more difficult to trace BTC transactions, and that degree of difficulty is getting easier as technology progresses. This is to be expected of a public, non-private blockchain.
I'm not qualified to comment about privacy in regard to Monero vs Zcash, however, as a currency, Zcash has an additional cause of concern that Monero and Bitcoin doesn't. Zcash required a trusted-setup while Monero or Bitcoin did not. If Zcash was compromised in the process, there is a potential that someone could create an infinite amount of Zcash. Whether or not user's privacy was compromised is less significant as Zcash ceases being a currency and looks more like monopoly money. While Privacytools is focused on privacy, I think it's fair to weight the potential that users lose substantial amounts of money into this equation. Bitcoin and Monero is truly decentralized while Zcash is not.
Monero processed 3500 confidential transactions in the last 24hrs, Zcash did 631.
Sources: http://moneroblocks.info/stats/transaction-stats and https://explorer.zcha.in/statistics/usage
The fact alone that Monero is used 5.5x as much as Zcash for privacy critical transactions should give it priority.
Monero can be converted directly for fiat more widely at exchanges.
The cryptographic techniques behind Zcash are also newer and have been subjected to far less scrutiny than Monero's elliptic curve discrete logarithm primitives that have been proven secure over several decades.
To expound upon the point of Peter Todd's involvement in the Zcash 'trused setup' ceremony: that he took it so seriously (read up on all the measures he took to mitigate leaking of his portion of the setup process) should underscore the fact that Zcash's privacy as a whole is wholly compromisable.
If the trusted setup process were sound, he would not have had to go to such great lengths as he did in order to secure his portion of the setup.
Because it requires any trust whatsoever, the entire process is suspect. If we are to operate upon Occam's Razor alone, we must conclude the simpler option of either A) all participants used perfect operational and informational security and in concert with one another acted in good faith to erase all remnants of the trusted setup parameters and its output, or B) at least one participant either made a mistake or was a bad actor.
It would be great to hear arguments from Zcash proponents why they feel Zcash is technically superior.
@kewde @zookozcash
Zcash's reddit is a ghost town. Posted this three hours ago and all I got was a comment from a Monero fan on why Zcash would be considered more private than Monero.
https://www.reddit.com/r/zec/comments/6mlwnf/one_of_privacytoolsio_github_collaborators_opened/?ref=share&ref_source=link
As you can see by my username I am a Zcash proponent, but not an expert. I just saw this posted on Reddit and honestly have never heard of the site your issue is about until today.
I just wanted to point out that the concerns about Zcash regarding the trusted setup should be confined to possible arguments about unbounded inflation, but not compromises in privacy. This is due to the fact that if the trusted setup were somehow compromised the attacker would be theroretically be able to forge coins but the privacy of all Zcash users transactions would still remain intact. https://z.cash/blog/the-design-of-the-ceremony.html
I will say that both Zcash and Moneros approaches to privacy both have benefits and drawbacks so neither is perfect but I do feel that the greater anynomity set provided by Zcash's method is a better approach overall.
Also I think the fact that Zcash has chosen to make private transactions optional (for now, which will likely change in the future) which has resulted in the majority of the transactions on the chain to be transparent is more indicative of the lack of real-world use cases for all anonymous currencies (including Monero). Which has resulted in most of the daily transactions being conducted by day-traders on exchanges, mining pool payouts and individual miners.
Lastly, I would suggest that whomever is deciding on this particular issue should decide what the specific privacy metrics are before making a decision on which is "better". Is it the actual technical side of the coin? Or is it the politics surrounding the coin that matter most?
Thank you- Gibson
Defaults don't matter. ZCash is more secure. People that can't choose "Private Address" when doing private transactions shouldn't be using cryptocurrency in the first place
@DiMiTri101 Don't include the original message when replying via e-mail.
@BFCE
Could you back that statement?
Yea sorry this site sucks
On Jul 11, 2017 12:59 PM, "Samuel Shifterovich" notifications@github.com
wrote:
Considering ZEC wallets have been frozen on at least 2 of the top exchanges due to rumors, I think that offering statistics on how many private transactions have been completed in the last 72 hours+ is a completely useless statistic. I wonder how many of the posters here are involved in these rumors. This is just unregulated FUD at its very best.
@WalterMagnum Since no exchange supports z-addresses I think the fact that ZEC exchange wallets have been frozen is irrelevant to the question of how many private transactions have been completed.
But it still highlights the fact that the raw usability of ZEC private transactions is still vastly inferior to the majority of cryptocoins, private or otherwise.
@DiMiTri101 Zcash is not meant for speed. It is meant for privacy. A simple google search will tell you this. That is some well crafted FUD though. Well done. Someone who has no clue what they are looking at will read your post and take it to heart.
@DiMiTri101 No one has given any reasons why Monero is superior in privacy to Zcash other than the fact that you must indicate whether you want your ZCash transaction to be transparent or private. This doesn't even seem like a drawback. All I see here is FUD and misinformation. Monero holders praying on the uneducated/misinformed.
@DiMiTri101 Personal attacks will not prove your point to anyone who is rational. You simply discredit yourself.
@DiMiTri101 Here is an explanation of ZEC SNARKS. https://z.cash/blog/snark-explain.html It isn't very hard to follow. It is mostly high school or undergrad level mathematics.
@DiMiTri101 Are you even reading their site? You are using "toxic waste" and counterfeiting so out of context. Here is a page explaining it quite simply. https://z.cash/blog/the-design-of-the-ceremony.html
Also, here is the Zcash github. Development is not closed source and is not private. https://github.com/zcash/zcash
@DiMiTri101 Yes, that is more copy/paste out of context. Please read that page. It is clear that you just used Ctrl + F, and copy/pasted the first line you came across that fit your purposes. I really hope folks are willing to actually read this stuff and not form their opinions on 1 line of text.
@DiMiTri101 So you would prefer them to lie to you? All cryptos have their pros and cons. There is no perfect currency. I am done being trolled.
To try and bring some substance back into this conversation, I will stick to the facts:
Yes, Zcash could THEORETICALLY hide the sender in a transaction better than Monero can. However, this isn't the only part of the story. Monero's transactions are:
Always private. Only 399 transactions in the past month are within z-addresses in ZCash. This is the only situation where a transaction could potentially have greater privacy. Monero has had 20507 transactions in the past month that hid both the sender and receiver.
Better supported. No exchange or unofficial wallet provider (eg: Jaxx, Coinomi) supports z-addresses. So if a user withdraws Zcash from Poloniex, the transaction is completely traceable. A Monero withdraw would hide the receiver and amount to an outside observer.
More practical. Monero transactions can be signed on pretty much anything, including a Raspberry Pi. Zcash needs a powerful computer and several minutes of computational time. Few users will use this feature from the large effort required, as evidenced by its low use. Furthermore, this intense requirement will prevent third parties from supporting z-addresses, though Monero could be supported with little system resources.
One important factor in privacy is implementation, and I believe that Monero's privacy features are implemented better.
@SamsungGalaxyPlayer If you are looking to make private transactions, why would you use an exchange? Wouldn't using an exchange defeat the purpose entirely? You would be relying on the exchange you use to protect your privacy as well as the crypto you are exchanging.
The most upvoted post here promoting Monero is made by @hyc who has his own Monero github forks. Check his repos.
@WalterMagnum even if you never use an exchange, any transaction that includes a t-address on any side sacrifices privacy. Since no merchant, wallet, or anything else supports z-addresses, it largely limits private use to a store of value in the official wallet. The second you spend it, you are no longer private.
With Monero, you can use your Monero without losing your privacy.
@SamsungGalaxyPlayer More shameless promotion by a Monero contributor. Well done.
The discussion in this issue is unbelievably biased.
Monero is private by default
@WalterMagnum if you have any evidence that says I am wrong, please bring it up. I do not think Monero is perfect, but I feel that, with the evidence, it should be shown ahead of Zcash for my given reasons.
Yea Monero is private by default. Zcash is not. Just the facts. Take it or leave it.
I just checked. Nearly everyone posting positive things about Monero here is an active Monero developer. This includes @hyc @SamsungGalaxyPlayer @lethos3 @c789 @afighttilldeath @knaccc @sneurlax
Check their github accounts for yourselves. Everything they say should be taken with a grain of salt.
@WalterMagnum I agree with you on this point. However, you (or anyone else) are still not answering any of the concerns about Zcash.
Monero was originally listed first, though it was demoted without any discussion or stated reason.
Samsung galaxy is not a Dev
@BitOfWisdon
Yes he is. Click on his name, then look at his repos.
Not quite
For the website? K
@BitOfWisdon You are right. Someone developing a website that relies on Monero's success has no stake in the success of Monero. (sarcasm) Come on...
@BitOfWisdon @WalterMagnum regardless of the circumstance, this is distracting from the overall merge request. Even if I don't do any significant development work, I still am involved in the Monero project on a completely unofficial level. Something that others should take as a potential conflict of interest.
Nevertheless, I feel I have expressed concrete, factual reasons in support of the change. Can we please all focus on these?
@SamsungGalaxyPlayer I tried that, it's too biased for him
@DiMiTri101 No you didn't. You claimed ZCash development was closed source and run by a corporation. When I linked the open source github repository you deleted your comments.
You then constructed statements that were copy/pastes of segments from the ZEC website completely incorrect and/or out of context. When I linked the official ZEC pages for you, you deleted your other comments as well.
He doesn't take in any information. SGP just fucking explained everything Like a 5 year old.
@WalterMagnum So the only argument against Monero in this thread is that the arguments why Monero is good were stated by Monero supporters/developers?
Although this thread seems to have digressed into somewhat of a flame war, I aim to keep my perspective as neutral as possible even though I am admittedly a Zcash proponent. As I understand it the aim of the website Privacytools.io is to provide end-users information about which coin a user can reasonably expect to gain the highest level of privacy for their transaction.
With that in mind I consider the users perspective that many of the attributes referred to so far in this thread are not really relevant to providing the highest level of privacy for a transaction, namely:
Transaction Size/Transaction Time/Block Time/Block Size/Mining, etc.. = Not relevant to transaction Privacy
Trusted Setup/not liking Zcash Company = Not relevant to transaction Privacy
Third party support/Lite wallets = Relevant to ease of adoption but not relevant to actual transaction Privacy. (last I checked no lite wallets like Jaxx support Monero yet either)
So at the end of the day, if I’m a user trying to privatize my transaction my biggest concern would be: Which coin has the largest anonymity set that cannot be statistically linked back to me?
As proponents point out there have been more private transactions with Monero in the past day/week/month/year because users don’t have a choice to use transparent transactions like with Zcash. But what they neglect to mention is that the average number of Mixins used in those private transactions is disconcertingly low, 73% of the private mixins have only 2 (!) participants, less than 25% have 3-9 and less than 2% have ever used more than 9 participants. http://moneroblocks.info/stats/ring-size
Whereas Zcashs anonymity set (mixins?) is every fully shielded (and to a lesser extent partially shielded) transaction ever made, and that number increases every day.
So from a users perspective I would feel that Zcashs larger anonymity set would make my transaction much more difficult (if not impossible) to trace through blockchain analysis techniques, thereby making my transaction more private.
After Monero's privacy mechanisms, Monero's greatest strength is its large, active and welcoming community.
Monero's Reddit has 14,970 subscribers, Zcash has 3,525
Sources: http://redditmetrics.com/r/Monero http://redditmetrics.com/r/zec
Monero has its own active StackExchange. Zcash attempted it and could not gather the momentum, so it was deleted https://forum.z.cash/t/the-zcash-stack-exchange-proposal-is-about-to-get-closed-please-contribute/1854
And as has been pointed out, there has been an outpouring of Monero community members to come to this thread to make the case for Monero. Where is the ZCash community?
Monero has hardware support coming from the Ledger Nano S, and there are funding proposals to implement it in Trezor. Zcash can't run on low power hardware wallets because the computation and memory requirements to construct a transaction are too extreme.
If people want to conduct Zcash transactions on the go, with anything resembling a manageable transaction construction time, they'd better be carrying a dual Xeon in their backpack.
@knaccc It's not surprising that the Monero community is larger considering Zcash has only been around for 8 months, I agree that a strong community is important but I don't see what that has to do with the soundness of the protocol, which is what I thought this issue was about.
Secondly as far as computation goes the team is already testing methods that reduce the memory required to 1.5GB from 3GB which would make private transactions possible for the average smartphone and plans for payment offloading mechanisms that will pave the way for extremely lite wallets: https://github.com/zcash/zcash/issues/2322
Not that that has anything to do with the issue at hand either.
But if it turns out this issue is just a popularity contest and not an honest comparison of the technological soundness of both approaches to privacy, I will bow out now and thank you all for your time.
@mineZcash A strong community means that users will have no shortage of places to go and people to ask for help with making transactions. This is an important consideration.
When it comes to privacy, anonymity set size matters. Despite Monero's ring size not including every single Monero user's outputs, with a few intermediate transactions Monero's anonymity set size will encompass the majority of Monero users. Ring sizes multiply the anonymity set size a user enjoys with every intermediate transaction, meaning it gets very large very fast.
This means after receiving funds from someone that knows your identity, you can completely sever the link between the outputs they sent you and the outputs you use in payment.
This means Monero, today, because of its larger userbase, can deliver a greater anonymity set size than Zcash can.
If the cryptographic techniques used are sound then all that matters, for privacy, is anonymity set size. On this basis, at the time of writing, Monero wins hands down.
And as I've mentioned, Zcash's cryptographic techniques are not proven to the extent that Monero's are. You can't claim technical superiority if your cryptographic techniques are not adequately proven by extensive peer review.
Okay, I will in fact respond on the privacy of Monero vs Zcash.
@mineZcash
Your point that a user who is focused on privacy doesn't care about the trusted-setup is simply not true. People do care whether or not their currency effectively becomes worthless. Who in their right mind wants to spend $200 on one Zcash coin and have let's say three-millionth of the total marketcap and suddenly realize that they now have one-billion of the total marketcap because the trusted-setup (or future trusted-setups) is compromised? Your buying power just went down the drain. I don't care if noone knows I bought (insert object), I just spent 100x what something should have cost.
Your point that the usability and ultimately convenience absolutely matters in regard to privacy. I guarantee most people will not heavily research their private cryptocurrency of choice. They will hear how Monero, Zcash, Dash, or whatever has x, y, and z and we blindly buy and use it. Like Tor, you can surf the web privately if you know how to do it, but most people don't and reveal themselves inadvertently. That's why a Tor Browser is so important to have. It's the same way with Monero. Monero is private by default to ensure even noobs are protected. More over, everything that supports Monero supports privacy because again, Monero does not do transparent transactions. Exchanges can choice to only support transparent transactions because Zcash gives them that option. This gives opportunity to an inexperienced user to think it's private when it's not. Zcash requires research to send privately, Monero is ready right out of the box.
Simply because a protocol is newer does not equate to the underlying cryptography being less sound.
I suppose we will have agree to disagree that requiring users to make several other transactions to make up for the lack of privacy in single transaction is a positive attribute towards true privacy.
Here is technical paper discussing how Monero transactions can be traced using chain-reaction analysis.: http://monerolink.com/monerolink.pdf The paper also discusses how mixins are sampled from a distribution, so real inputs can be identified. Although Monero transactions post February 2017 are private by default, they can be traced by linking them to prior transactions. Zcash z-transactions can be mathematically proven to be completely private. https://z.cash/technology/zksnarks.html
When it comes to privacy, Zcash is the obvious choice. Most of the arguments made for Monero here are not regarding privacy of z-transactions and are made by Monero developers.
@WalterMagnum That article was written by Andrew Miller, who was named in the paper as a consultant to the Zerocoin Electric Coin Company and a board member of the ZCash Foundation.
It's based on older versions of Monero prior to upgrades in Monero's privacy mechanisms. For example, Monero used to allow reduced privacy transactions with no ring signatures. And this paper points out that they are traceable! Well, duh!
@WalterMagnum, thanks for all the complements but I know jack crap about coding. My version of coding is pushing in my pin code.
Oh yeah, here's a response:
https://getmonero.org/2017/04/19/an-unofficial-response-to-an-empirical-analysis-of-linkability.html
p.s. there's two papers not just one. Check out the paper from Singapore university: https://www.google.com/url?sa=t&source=web&rct=j&url=https://eprint.iacr.org/2017/338.pdf&ved=0ahUKEwjxhJiKzILVAhVs0oMKHTNlA5IQFggmMAE&usg=AFQjCNHOwgga5bYYF1oyGJ05p9J-yfqNqg
@knaccc Attempting to insult people who disagree with you only discredits you further. I'm not sure if you actually read this paper or not (probably not since you replied 9 minutes later), but even transactions made AFTER the Monero privacy upgrades can be traced by linking them to transactions made prior to the upgrades. I don't have to say "Well, duh!" Logic speaks louder than insults.
@WalterMagnum, that paper is like three months old. Hell, even I read it.
@WalterMagnum I was not insulting you, I was expressing disbelief at the content of the paper.
@afighttilldeath All 3 of those heuristics in the paper you mention have been addressed.
Heuristic I: Leveraging Zero Mix-ins - this is addressed by raising the ring size and taking advantage of the fact that discontinued zero mix-in transactions are being crowded out on the blockchain by newer transactions.
Heuristic II: Leveraging Output Merging - this is addressed through the use of intermediate transactions.
Heuristic III: Temporal Analysis - this is also addressed by the same mechanism that solves Heuristic II.
I think there is a clever play on semantics by the Zcash proponents, zero-knowledge is the ideal attribute of any system, no one is discussing that. RingCT is also a form of zero-knowledge but Zcash has the downside of not using zero-knowledge by default and lacking stealth addresses aka one-time address (the coin has a ''rich list'').
I will make one last comment here regarding the concerns about Zcash raised by some of the commenters.
I believe whoever is deciding on the issue of which technology is more private can see that both sides agree that zero-knowlege is the better solution. However I disagree with the implication that Ring CT "is a form of zero-knowlege". Ring CT is a mixin service plain and simple and doesn't provide near the level of anynomity that zero-knowlege does. Furthermore I feel the statement by Monero users that every transaction is "private" by default to be greatly misleading to the average user. A more accurate description would be that "Monero mixes most of your transactions with one other party" when using it by default, which I think most would agree is weak privacy. And as far as the argument that "you can just make more transactions" to make up the difference, again does not measure up to true Zero-knowlege, an average user would incorrectly assume that since the Monero community states that my transaction is already "private" "by default" they won't realize how weak the "default" privacy actually is and won't take the extra steps required to make it stronger.
Secondly the statement that Zcash "is not Zero-knowlege by default" is also wholly inaccurate. As soon as a Block is mined, before the funds from that block can be spent the coins must be sent to a Z-address. It is set that way by default. If the person who found that block then chooses to send it to a transparent address that is a choice they have made.
Thirdly, regarding community, simply because Zcash has not been around as long as Monero and doesn't have the same number of subscribers on Reddit does not imply that a new user cannot get the help they need. Most Zcash users converse on the official Zcash forums and on the Zcash community chat with other users and directly with the Zcash developers on a regular basis. The Chat has an additional 2k regular users and the forums have around 9-10k participants. So if a user has a question, they can easily find and answer, even if they want to contact me directly.
Since this thread is regarding the PrivacyTools.io site (not a Zcash vs Monero benefits/drawbacks/politics, etc.. thread on Reddit) I still believe the importance of the users ability to achieve the highest level of anynomity is the most important factor a user should consider when choosing which Privacy Tool to use. And Zcash with it's true Zero-knowlege proving system is far better at providing that user with a higher level of anynomity than the Monero mixer service provides.
Thank you for the discourse and feedback, I wish the Privacy tools.io team and the Monero fans the best of luck in the future. - Gibson
Edit: to add link to actual Ring CT mixin use numbers: http://moneroblocks.info/stats/ring-size
Zcash doesn't hide the value
Zcash has a rich list
@mineZcash Wrong, on multiple counts.
"Ring Signatures" are a form of zero-knowledge proof. https://www.cs.umd.edu/~jkatz/papers/ring_sigs.pdf More specifically, they belong to the class of Non-Interactive Zero Knowledge proof systems.
RingCT is not a mixing service. RingCT is an adaptation of Greg Maxwell's Confidential Transactions to Monero, which hides transaction amounts (and yes, this is zero-knowledge too). https://elementsproject.org/elements/confidential-transactions/investigation.html
http://www.ledgerjournal.org/ojs/index.php/ledger/article/view/34
Also false. The current network-enforced minimum ringsize is 3, and generally only exchanges and mining pools are still sending payments with the minimum. The official clients' default is 5, and the majority of user-initiated transactions are using this default.
As for Zcash - no matter how you play with the words, the fact is that less than 5% of Zcash transactions are fully shielded. If privacy is a priority to Zcash users then why aren't more transactions private? The most obvious answer is that the technology is still unusable. The only official client is on Linux, there's no official Windows or Mac support, let alone smartphone support. In contrast, Monero runs on Windows, Mac, Linux, BSD, Android, Solaris, iOS - pretty much every computing system in use today. And the privacy features are always there, by default, on every one of those platforms. It's not something that users need to think about activating, and it's not something that they have to wait multiple minutes with 100% CPU utilization to complete.
The Zcash developers have made promises "the next release will reduce the resource requirements" - that's great. But here and now, the majority of users' primary devices aren't capable of creating private transactions. None of the crypto exchanges that carry Zcash support shielded addresses or generating private transactions. That's not going to change any time soon, which means most users can't acquire Zcash anonymously.
@mineZcash, Confidential Transactions is zero-knowledge plus I'm yet to see a rigorous review of Zcash and how much metadata it leaks. Also Monero isn't really a mixing protocol, because there is a probabilistic effect in play, saying Monero is a mixing protocol is another clever way to downplay the technology, along with ignoring Stealth Addresses and not mentioning CT as zero-knowledge.
There is a clear trade-off between using Monero or Zcash. Monero is a usable and default fungible cryptocurrency based on solid cryptography without “trusted setup” by a company. The whole Monero blockchain becomes more and more obfuscated over time when people are transacting, which mitigates the “imperfect” anonymity. Meanwhile, the anonymity of Monero is also being improved on a technical level by the Monero Research Lab with kovri.
Another thing to note is that you need more than 8GB of RAM to do an anonymous ZCash transaction, what’s even more concerning, the large majority of transactions will probably just be transparent bitcoin-like transactions. Another concern is timing analysis, if the ZCash mixer isn’t used much, you can try to connect coins entering the mixer with coins exiting the mixer. Certainly for larger transactions this is a real possibility.
The fact that transparent transactions are still possible with Zcash, also makes your OpSec dependant on others, even if you try to anonymize your coins as much as possible, you can still be deanonymized if the people you transact with aren’t using the same standards. It’s even possible you’ll be forced to use transparent transactions if you want to use some kind of (regulated) service. This will result in the same issues as described on a transparent blockchain. Identities will be attached to addresses and this can eventually lead to blacklisting or even miner censorship. The fact that mixing isn’t enforced on ZCash is bad for fungibility and anonymity.
Hey folks, there is a lot of misinformation above. Zcash doesn't take 8 GB of RAM (https://speed.z.cash), fully-shielded Zcash transactions cannot be linked by analysis of timing or amounts (https://z.cash/blog/transaction-linkability.html), etc.
If anybody has questions that are not answered in here or in the Zcash FAQ (https://z.cash/support/faq.html) please join the Forum (https://forum.z.cash) and Chat (https://chat.zcashcommunity.com/home).
We're a friendly community and all are welcome, including Monero fans! In fact there's even a channel on the Zcash chat devoted to praising the virtues of other systems, learning from them, and offering constructive feedback to them. It's called "#other-coins".
Out here on the githubs of other projects like privacytoolsIO, let's all try to be helpful and accurate. We're all in this together trying to give every human usable privacy and safety before it is too late. Nobody is helped by repeating myths or exaggerations.
I have to say that I really appreciate the civility and the accuracy displayed by the Zcash fans in this thread. Way to go, team! ☺️❤ⓩ
Not a current technical spec, but I believe it's relevant. So now that you're here, I'd like to ask you something @zookozcash.
You said
How do you intend to do that?
I'm not implying there's a backdoor, but we've had an extensive discussion about this so I'd like to hear from you on this topic.
I don't know the tech specs of neither Monero nor Zcash, but I can say that I wouldn't use a cryptocurrency designed with this in mind.
Thanks
I have two questions.
How would the Zcash Electric Coin Company, a Delaware corporation, respond to secret subpoenas under the USA Patriot Act?
How would government requests for backdoors be dealt with?
It also doesn't take 32GB, it needs over 3GB to send shielded txs. Remove the dev tax and relaunch without a trusted setup to try win a community @zookozcash
I can't think of any expert who would support Zcash over Monero. Not only is Monero nearly perfect in literally every manner privacy wise (hides from, hides to, hides amounts, hides addresses, hides xmr use via i2p, hides balances, hides it all always for every transaction making all analysis useless e.g. even monerolink looking at oldest possible data before ringCT has 0 useful data due to obfuscation working and forced stealth addresses hence it's not real time, entirely promotion hit piece by zcash team addressed years prior in https://lab.getmonero.org/ and again
1634b0d801/_posts/2017-04-19-an-unofficial-response-to-an-empirical-analysis-of-linkability.md).zcash only hides little information (doesn't hide real addresses, hides only shielded balances, only hides shielded-to-shielded tx amounts, only hides amounts for shielded senders to shielded recipients) and relies on trusted-setup (centralization 1, huge security concern) or centralized fee tax payment (centralization 2, security concern) and isn't private by default and doesn't use single use stealth addresses like xmr (time analysis weakness, privacy concern especially since exchanges only support unshielded tx). zcash technologically is inferior in security to even bitcoin due to obvious centralization and in privacy to monero due to people simply observing ins and outs of addresses.
I'm glad to see monero was added back to the recommendations while I was looking over it today. I don't understand how this was even debated when only thing zcash is known for is being a scam for even a single one of the three issues mentioned above, forget all 3.
Like everyone else Monero is looking for trustless privacy enhancements continuously as can be seen from recently funded project https://forum.getmonero.org/9/work-in-progress/87652/hire-phd-mathematician-to-look-into-post-quantum-crypto-zk-protocols-blockchain-bloat as trusting people not to print infinite money for the rest of time is absurd in crypto.
Hi all. I wanted to see if the conversation could be more productive by focusing on a different part of the stack than "Monero or Zcash", by instead proposing that we first clarify the criteria for displaying cryptocurrencies on this site, and the criteria for ordering them.
For instance, I've heard a variety of arguments about:
So maybe a good first step is deciding if any of these factors should not be considered which could make the decision easier. Then for the remaining factors, prioritizing them could help.
If you spend a few seconds imagining different priorities for these criteria, it's fairly easy to imagine any of the three existing entries being the top pick. If we're not clear on our criteria, I expect the conversation will be endless circles. (Also, a lesson here for whoever changed the order without posting a rationale or criteria in the first place.)
It might not be able to agree on those two steps, but at least at that point one person could say "Well, I believe X is a better choice, but that's because I believe scale of use is a higher priority than a strict measure of privacy that ignores scale of use, whereas you seem to believe strict measures of privacy are more important than number of users.
(*) I suspect having a good measure of privacy that objectively assesses multiple systems will be difficult to find (and I consider this a ripe research topic). Still, it's good to get the conversation started here. However, even if there were a rigorous measure, there would probably be multiple rigorous measures giving different results, so there'd be a measurement selection problem.
afaik Monero is used more than Zcash
Monero is faster, transactions are private by default, etc
again, afaik Monero is used more than Zcash
Monero's privacy by default
speaks for itself
@zookozcash doesn't believe in free market (you can't believe both in free market and compatibility with law enforcement) which is one of the fundamental principles of cryptocurrencies
speaks for itself
@Shifterovich https://fee.org/articles/free-markets-are-regulated/
@bitcartel Thank you, I greatly enjoyed that article.
@Shifterovich Can you be specific/link to an article about what @zookozcash said that indicated he does not believe in a free market?
@knaccc mentioned here https://steemit.com/shadowbrokers/@wh1sks/theshadowbrokers-may-have-received-up-to-1500-monero-usd66-000-from-their-june-monthly-dump-service Note the ban on their Slack channel, and the quote "It would be nice if there were somebody who had the ability to ban bad actors from using the network"
I think @nathan-at-least raised a good point that everyone else seems to have ignored here.
the "level of privacy" - or much better: an objective measure of privacy (*)
This is a good point.
An objective measure of privacy that works for different systems would definitely resolve a lot of the conflict we're seeing. I currently (very optimistically) use the amount of "mixins" per transaction to measure the privacy of the system in question, without taking into account potential non-cryptographic/sidechannel attacks. The bigger the set of mixins - the better the privacy.
usefulness as a currency
In the past I've had a discussion about this topic when we were deciding on the Android ROMs that we feature on the website. While Lineage is total crap/shit in terms of security and privacy, the majority of people decided that it should be listed because of usefulness. Our website features a lot of tools and sites that accept Bitcoin, it's one of the reasons why I think Bitcoin should be number one. It's the most used cryptocurrency.
ease of use
I'm not particularly concerned about this, anyone can follow a clear cut tutorial. There can be multiple wallets for the same cryptocurrency, with different levels of "ease of use".
scale of use / number of users
This is one where I'm more indecisive at the moment. Here's the dilemma in a simple thought excercise: You have one tool that is theoretically better but lacks users (to enlarge the anonymity set), you have another tool that is theoretically inferior but is practically better due to the amount of users.
Currently, I'm leaning towards promoting the theoretically better solution - the reason being is that users are variable and if everyone realizes that there theoretically better alternatives exist and then take collective action to migrate to those, then eventually everyone is better off.
default behavior
Some see this as important, as it automatically enlarges the anonymity set which is a fair point, but I don't think it is very critical. Generally speaking; forcing people to use privacy isn't the solution to the general unawareness of "why privacy matters".
failure modes (Zcash's parameter setup being one of the more infamous examples)
The problem that exists with Zcash is that the coin supply can't be monitored. But the same is true for Monero - a bug in the code could have the potential to create an infinite amount of money.
organizational risk / decentralization / political robustness (ex: what happens to Zcash if ZECC, the "Zcash Company" goes out of business / receives a court order / is infiltrated by intelligence agencies)
I'm not particularly worried about this one as long as the code is open source.
I see a lot of short comments that don't really add up to much substance: at best I won't reply to those and at worst I will delete them. I've seen quality replies from both Monero and Zcash supporters, I'd like to thank those people for taking their time.
@kewde looks more to me like you've ignored all of the points that have already been addressed.
level of privacy - as pointed out a few times, the anonymity set for any XMR transaction increases over time. Looking at a single transaction's anonymity set in isolation is being disingenuous, since transactions don't actually exist in isolation - they exist within a large and continually growing chain. And since the growth is multiplicative, for any particular XMR transaction it can very quickly grow to sizes far larger than the entire Zcash network.
usefulness as a currency - it would be foolish to make this a priority on a so-called "Privacy Tools" site. It may very well have been the most used cryptocurrency, but ask the AlphaBay admins whether that fact was a positive asset for privacy. The priority on this site should be privacy, and Bitcoin lacks it, so it should not be listed first, if at all. Your argument that "everyone needs bitcoin to get into crypto" is also false, there are plenty of fiat-XMR onramps out there already and more coming all the time. At this point there are so many law enforcement agencies and for-profit corporations deanonymizing the Bitcoin network that you'd have to be a moron to even consider it for privacy-sensitive uses.
ease of use - this is not quite the same as usability, which is more important. Bitcoin and Monero have wide platform coverage, Zcash does not. Monero transactions can be created painlessly on a lowly Raspberry Pi - the hardware requirements for Monero privacy are trivial. No matter how many wallets are written for Zcash, they will all be too much of a resource hog to be usable on commonly available hardware.
scale of use - again, with a multiplicative anonymity set, Monero is obviously the superior choice.
default behavior - the only reason Zcash has both transparent and shielded tokens is because their shielded transactions are too resource-hungry for everyone to use them. It's not just a matter of "click private" - most users can't even generate the private transactions.
failure modes - in actual fact, the Monero coin supply can be audited, while Zcash can't be. Yes, you're right, any code can have bugs. Monero had a bug and it was detectable (and definitively proven that no one had exploited it.) https://getmonero.org/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.html
organizational risk/decentralization/political robustness - One of the key tenets of a cryptocurrency is to be decentralized and trustless. This is why Bitcoin was created. This is why Monero was created. Zcash is obviously highly centralized and requires trust in a for-profit 3rd party; for that reason alone it should be disqualified from any discussion of cryptocurrencies.
@knaccc https://twitter.com/zooko/status/863202798883577856. Compatibility with law enforcement implies incompatibility with free market.
@bitcartel The article compares government regulation to economic laws ("market rules"; spontaneous order) based on a definition of the word "regulate". What are you trying to say?
#269
@kewde, thanks for noticing that the people who are replying with specifics about the criteria I proposed instead discussing which criteria matter or how to compare different systems for the same criterion are doing precisely what I suggested we put aside until we agree on criteria.
Here is another criterion I haven't seen explicitly stated and I hope we can all agree on: The evaluation should target the technology and networks as they exist right now, not any future roadmaps.
This also means, if we ever were able to make our criteria more objective, that the page should be edited as those details change to change the order or presence of tools.
For me, the measures of privacy and the scale of use (more use generally means better privacy) are two fundamental criteria.
Since @hyc brings up some kind of privacy measure, I want to respond to that:
This doesn't make much sense to me, yet, because I don't understand the measure of privacy, nor do I understand how it can apply to both systems. What is "the anonymity set of a transaction"?
A transaction spends inputs and later its outputs get spent in both systems, so if we are able to make more specific measures such as "if you examine a transaction and consider the set of possible inputs for that transaction, this is an anonymity set for that transaction." A different but useful measure would be "if you examine any transaction, and consider the set of all transactions may have spent its outputs", that could be another and distinct anonymity set.
I don't understand the part about "transactions don't exist in isolation". As a user of cryptocurrencies I can definitely tell you I don't care much about the privacy of some transactions, but others I very much care about those specific transactions. But setting that aside, this phrase sounds like @hyc wants to use some privacy measure that takes into account multiple transactions. Is there one that we can apply to both systems for apples to apples comparison?
I don't quite understand this. @hyc, are you saying that an XMR transaction output, T, is a candidate mixin input for any future transaction, so as more transactions are added which mix in T, the anonymity set of T grows?
@nathan-at-least
Actually it was @kewde that raised the topic of anonymity set size.
Yes. Any number of future transactions can use any particular output T as input in its own ring signatures, so over time it becomes exponentially harder to guess which was the real input and output. In Zcash, as kewde correctly pointed out, the anonymity set size for a shielded transaction Z is just the current size of the blockchain - it only grows linearly with the number of shielded outputs, and once a transaction is confirmed, its anonymity set is forever frozen at that particular size. I.e., it doesn't grow with future usage.
@nathan-at-least
As far as criteria go, I think those are definitely on everyone's list at the moment.
Usefulness is another criteria that I consider to be relevant to the decision process. I know a lot of people who just use Monero, Zcash and ShapeShift as a way to get "cleaner" bitcoins..
I think defining the criteria is a good step forward in the decision process. The real question is, how many criteria should we enforce? Do all of them have the same weight in the decision process?
I believe that is what he/they mean. They say that the potential destinations of output T can grow larger than a particular Zcash transaction, technically possible but it will never happen in reality. The reasons are simple: a) the distribution of the mixin favours recent outputs to be included, b) the set of potential mixins grows with transactions as time goes on.
A more fruitful they've presented is "churning", a devise by @knaccc, where transactions are chained together in the following way:
Where the anonymity set for a given output (generated by TX4) is equal to i^t with i the amount of mixins and t the amount of transactions. I believe I read some numbers that 5 tx's with each 20 mixins might be enough to recreate the anonymity set of an output of Zcash.
Churning is currently not implemented however, and does to some extent remain an unpractical due to timing analysis.
The fact that most people don't churn means that chains of transactions with a single owner are rare.
Therefore I think looking at a single transaction's anonymity set in isolation is not disingenuous from every vantage point, especially from big exchanges or mining pools.
Again, this shows how an objective measure of privacy is harder to achieve than some might think, myself included.
I currently operate under the assumption that manual churning isn't a very common practice, it also goes against the "privacy by default".
there is a clear conflict of interest in the unilateral merging of this proposal by @kewde, I suggest it to be revoked.
edit: more info https://www.reddit.com/r/Monero/comments/6mi2ta/one_of_privacytoolsio_github_collaborators_opened/dk3887s/
I'm aware of a potential conflict of interests as @kewde works for ShadowCash (now Particl). I'm not sure about a conflict of interests regarding Zcash.
There seems to be some confusion about what an "anonymity set" is. It's not the number of places your coins could have gone, but the number of places your coins could have come from. The anonymity set of a transaction is fixed for all eternity. Nothing can retroactively change the possible origins of your coins.
The claim that Monero's anonymity sets are "multiplicative" is brought up repeatedly in this Github issue. As an example:
@hyc says:
This is incorrect.
Zcash's shielded transactions "spend from" the set of every previous shielded output ever made. This set is fixed when the transaction is created. Monero's transactions "spend from" a small set of previous outputs. This set is also fixed when the transaction is created. It doesn't matter that future Monero transactions "could have spent" from those same inputs, and even if it did matter, the same thing happens in Zcash, because all of our future transactions also spend from all previous transactions.
Monero's anonymity sets being small is a serious threat to user privacy. Imagine sending an adversary two payments with Monero. The two payments are likely to be close in the transaction graph, especially if you need change from the first payment. Even if the coins are somewhat distant in the transaction graph, the adversary will be able to associate the transactions together with high probability. This is just part of an entire category of statistical attacks Monero users are susceptible to.
Zcash's shielded transactions have much larger anonymity sets despite not being as popular as transparent transactions, and so they can fundamentally resist transaction graph analysis. Hopefully someday we'll have "mandatory privacy" as well, but Monero needs it a lot more than we do.
@ebfull when talking about the "anonymity set," it is important to note that Monero uses a multilayered approach to privacy. Ring Signatures, RingCT (which is currently used in 99%+ of all new transactions), Stealth Addresses, and soon Kovri all play an important role in anonymizing transactions and should be considered as a whole when assessing the overall level of privacy. Even if a particular output can be guessed by an adversary to be the "real" output used in a transaction, this is not enough information to definitively state that "Alice sent x amount to Bob in this particular transaction" given the other features of Monero that hides the transaction amounts and the recipient's public address from the blockchain.
Moreover, there is an issue of what standard of proof should be met. From a legal prospective, generally, in criminal cases, the standard is "beyond a reasonable doubt" and in civil cases, "more likely than not." With 2 to 4 mixin, there is a probability of between 41% to 23%; if this is the only information an adversary is able to deduce, it is not enough proof to establish guilt or liability for a given transaction. Users would have plausible deniability.
@kewde your position is that "Monero is less anonymous than a Zcash transaction" because of the "small anonymity subset" per transaction, how do you respond to the two counter points above that undermines that assertion?
@alvinjoelsantos says:
The transaction graph analysis attacks that I mentioned in my previous comment work even if the transaction contents are completely opaque. Value and recipient privacy cannot increase the anonymity set.
Further, Zcash has all of those privacy guarantees as well.
@ebfull I didn't claim the lack of value and recipient privacy increases the anonymity set, I am asserting that guessing the correct output is a fact of little consequence when this is the only information that can be deduced. Transaction graph analysis can help an adversary guess the "real" output of a transaction, but this information alone is insufficient to deanonymize users and guessing the correct output holds no evidential value in a court of law.
This isn't true. From the perspective of a recipient trying to find out where the coins they received came from, being able to statistically link transactions together is of enormous consequence. There are plenty of situtations where there is more context available to your adversary, and your adversary only needs to analyze a limited set of possibilities.
My theory is that you're thinking about anonymity with only half the picture. In order to be anonymous, you need:
I think you brought up value privacy and stealth addresses and said "guess the "real" output of a transaction" because you're thinking about (2), whereas I'm thinking about (1). (2) is relatively easy to solve, and both of our systems accomplish it. (I think Zcash does so more thoroughly, but let's ignore that for the sake of conversation.)
It is (1) where Monero is deficient. Ring signatures inherently cannot scale to large anonymity set sizes, and so if your adversary is the recipient of some funds, the transaction graph is a treasure-trove of information that allows them to partition the anonymity set especially given additional context.
Again, in this situation it is hardly relevant that there is value or recipient privacy: those things only reduce the number of ways the anonymity set can be further partitioned. It is bad enough that just a couple payments can statistically eliminate every other participant of your anonymity set. It is even worse when you start to imagine things like adversarially controlled mixins, or when your adversary is both your sender and recipient.
We cannot artificially limit the perspective of anonymity in a privacy-preserving system. We have to imagine every possible adversary.
For argument sake, let's assume that in situation (1) the recipient is able to guess correctly that an output in a transaction is the real one in a ring signature . For an example, in this transaction,
ba5f53cbaefb95709299512c4cfcce2300373538ebaf4e2d3cb217ddcd32a57fis the real output. What information can be gained from this knowledge? Would the recipient be able to determine the sender's public address? Know the sender's wallet balance? Associate outputs and inputs that belong to the sender's wallet? If so, please provide peer reviewed empirical evidence that support the link between deduced outputs and the disclosure of a wallet's transactions and balance.Now, you point out that there could be "more context available" to the adversary (e.g. other information besides knowing the real output) Then the argument shifts and it has to do more with maintaining proper OPSEC to prevent leakage of other information than outputs itself deanonymizing users.
@alvinjoelsantos
You're raising a good point, it is true what you are saying, I doubt any democratic court on this planet can convict someone on the basis of a statistical correlation, something I think we can be very happy about. However the adversary has narrowed down his set of suspects, and there will most likely be more evidence to prove his guilt. A transaction, in itself, is almost never illegal. The adversary can be anyone, they aren't specifically governments either. The juridical process doesn't apply for a lunatic with a shotgun..
Also true, but the person that sent you the money knows with 100% certainty that that specific output is linked to a stealth address, and in the case of an exchange, they often know the exact identity of the person.
As ebfull has suggested, there are real case scenarios of potential "adversarially controlled mixins" - exchanges for example control a relatively large portion of outputs to pick from as mixins. Let's assume that exchanges control X% of transaction outputs. The average transaction has two mixins, causing the following probabilities to emerge:
1% of tx outs -> complete deanonymization for 0.01% of all transactions.
10% of tx outs -> for 1%.
25% -> 6.25% of all transactions.
(I believe this works with any mixin distribution, correct me if I'm wrong)
Zcash gets a lot of "crap" because a lot of services prefer using t-addresses, but it's also a benefit, the centralized exchanges for example aren't creating toxic waste in the anonymity set.
I'm not saying RingCT is horrible or bad, it does it's job in most scenarios quite nicely - I'm saying that Zcash (in terms of privacy) is basically Monero but with a much larger anonymity set per transaction. Giving it the ability to resist against edge case scenarios (such as centralized entities poisoning the anonymity set to pick mixins from) more than RingCT.
@Shifterovich
It's often the people who work "in the branch" that have the most expertise in a field. Also note, that I specifically asked them to replace ShadowCash with Monero on reddit. I was a bit at unease with RingCT because I hadn't had a very extensive look at it yet. The underlying ring signature construction (the part that provides anonymity in plain terms) of RingCT isn't that different from their previous iteration version, which was a very positive sign. I have no ties to Zcash other than being on their IRC channel and helping people for free on the Bitcoin StackExchange, (both of which I also do with/for Monero). I've contributed more hours looking into the Monero whitepaper and their code (the code is doing different things than described in the whitepaper by the way) than on Zcash. I am an enthusiast of zero knowledge proofs and I'm 100% convinced that they will shape the future of applied cryptography.
Let's revisit my previous example:
Your adversary can know with high probability that two or more payments originated from the same entity. That's... well, deanonymization. One example that Richard Stallman likes to use is paying a publisher when you view articles on their website, in lieu of advertising. You just can't do this in a truly anonymous way with Monero.
I don't agree with this. Depending on what you're transacting or how you're transacting, you unavoidably leak information to your adversary, like when you make multiple payments to them. There are no OPSEC cop-outs here. Due to Monero's small anonymity sets, that adversary is very capable of deanonymizing you in Monero, but would otherwise not be able to with Zcash's shielded transactions. This is even despite the fact our shielded transactions are relatively less popular.
#269
@kewde
Since stealth addresses are one-time-use, knowing that a specific output is linked to one stealth address tells you nothing about any other transaction. This is totally irrelevant. On the other hand, a person sending you money obviously knows your public wallet address, and probably knows a lot more about you because otherwise they'd have no reason to be sending you money in the first place.
The average exchange- and pool-generated transactions have two decoys, but the average user-generated transaction has four, because users don't use custom client software and don't tend to change client defaults.
Our terminology doesn't match up here I believe: stealth addresses can be reused, the one-time addresses are derived from the stealth address? It doesn't matter really, when you go to spend the output that they sent you, they know the real identity behind it. I only make this argument because I want to point out that privacy is a matter of perspective: exchanges can link outputs to real identities and that's why small anonymity sets per transaction aren't great in those scenarios.
lol wut, that's nice information to have actually, it allows you to estimate how many transactions belong to centralized entities (exchanges and pools). I thought there was no way to distinguish between what transactions are initiated by exchanges vs initiated by users. http://moneroblocks.info/stats/ring-size
About 70% of all transactions are sent from exchanges/pools (1 - 2 decoys) whom can aggregate large portions of identity and output data.
These high numbers are worrying, I didn't take into account the coinbase tx's but if the government changes their KYC/AML rules for cryptocurrencies to accomodate deanonymization programs then they can link 70% of outputs to real identities. They would know ALL the real identities of the potential spenders for 17% of all transactions :| (= 0.7^5). Note that as the anonymity set grows to larger portions, this number becomes near zero.
We can use the number of transactions initiated by exchanges to roughly estimate how many outputs they own. The "adversarially controlled mixins" scenario could be an interesting area of research, given that you can estimate the amount of outputs owned by the adversary (exchanges)..
.
Wow, we're still debating whether Monero is a better choice than zCash? The level of incompetence here is staggering if not worrying.
They couldn't even agree that Bitcoin shouldn't be listed first since it offers no privacy. Sad.
Alphabay investigation show clearly what is the best private coin
https://assets.documentcloud.org/documents/3898109/AlphaBay-Cazes-Forfeiture-Complaint.pdf
http://i.imgur.com/SietBhv.png
I
https://steemit.com/cryptocurrency/@anonymint/is-monero-s-or-all-anonymity-broken
An interesting article about miner centralization and how they can poison the anonymity set.
Interesting, but incorrect. https://www.reddit.com/r/Monero/comments/6r2xsm/is_moneros_anonymity_broken/dl2hn3e/?context=3
Since you seem to have made another appearance here @kewde I'll repost my appeal/question from three weeks ago in #269 which has gone unanswered by both you and @privacytoolsIO as why #270 was not discussed despite claims of 'exploring every option':
I was out for a couple days, but hopefully I can appeal to the people (largely @kewde given they committed and made the issue) who think that the best resolution is to simply remove the CC section and let users fall for scams. I'm going to operate off two points/assumptions:
Zcash will most likely get used less (and be more susceptible to timing attacks, have less liquidity making it less usable, etc) if there's no CC section as users will turn to the prism-break website where Zcash isn't featured (but Monero is) or they'll simply use a search engine of choice and potentially determine some other coin (e.g. Dash or whatever the integrated Tor + Bitcoin fork of the day ends up being) is 'good enough'. Therefore removing the CC section would run counter to whoever has the values I've presumed above.
Having made a simple appeal, I'm then also curious as to why there was no constructive criticism/commentary for #270 by @kewde or @privacytoolsIO given:
Instead what happened was no constructive conversation or commentary of #270 before the merge. I get that for Zcash proponents being listed third is not ideal (I myself am really not a big fan of Bitcoin being first/listed at all given increasing deanonymity/analysis trends), but it is much better than Zcash not being listed at all as I highlighted above. It being listed third can be mitigated in part in addition to the description text highlighting technical merits by having header sub-text or something similar saying 'Sorted alpha desc' just to make it explicitly clear that Zcash isn't listed last (and Bitcoin first) because of technical merits.
In attempting to avoid conflict regarding the listing order there will now be conflict about why CC isn't listed period (and no guarantee the conversations won't continue as is evident) and there is a chance people will either start deferring to the prism-break website or else use inferior privacy oriented coins which to the best of my knowledge, no one here wants.
This should get resolved. With the amount of bad "privacy" coins, we should be recommending good cryptocurrencies.
I think Monero - Zcash - Bitcoin is the best way to sort them. Bitcoin provides no privacy, and Monero/Zcash sorted alphabetically (and by popularity). If we can't have Monero first, putting Monero and Zcash in one box, explaining that it's arguable which currency provides better privacy works too. If we can't have that either, Zcash - Monero - Bitcoin is better than not recommending anything.
I'd close the Monero/Zcash debate with "it's very arguable". They're two main privacy coins, both better than any of the other coins people can be easily misled into using.
Whatever the order, recommending the right cryptocurrencies is more important than recommending email clients. We should focus on this issue.
@kewde @beardog108
So, looks like I'm late to this party ... and yet, 5 months and a full-blown cryptocurrency explosion later, you (we?) still haven't actually posted any cryptocurrency recommendations?
My dos centavos ... Monero - Zcash - Dash, with Bitcoin stuck into an "honorable mention" slot below, purely due to its status, but with a clear warning that it is not actually private.
Monero and Zcash should definitely get the first two slots ... argue about which one deserves the #1 slot after the update is posted to the site -- they're both worthy.
My main concern with the long-running debate above, is that Bitcoin is still in the top 3. Dash and at least a half-dozen other currencies are more deserving.
Also ... the site managers/owners should be prepared to accept donations in all 3 of the top-recommended currencies ... eat your dogfood.
@Shifterovich Could you add some labels to this issue? I don't have time to start reading and making research for putting them at the moment.
Do we actually recommend any cryptocurrencies at the moment? I don't think this issue applies to the current version of the site. If we want to consider re-including a crypto page please create a new issue with discussions/recommendations!