Doug 00:00 Is Monero traceable? Well, this will be a good resource for people to watch. You've seen the FUD and now we're going to go through it. Sponsor 00:07 Monero talk is sponsored by cake wallet, a trustless open source wallet that gives you the keys to your crypto invoice donate and trade your Monero with peace of mind piece of cake and by stealthy X an instant exchange where privacy is a top concern. Sponsor 00:23 Go to stealthy x .io to instantly exchange between Monero and 450 plus assets without having to create an account or register and with no limits, making stealthy x a simple way to purchase Monero with crypto anonymously. Sponsor 00:38 Monero talk is also made possible from contributions by viewers and listeners like you and supporting us is easier than ever. By typing in Monero talk crypto in your Monero calm or cake wallet send address field to send us a tip this week on Monero talk. Sponsor 00:54 Douglas Tuman interviews Arctic Bunt, a Monero core team member and well known Monero contributor specializing in scaling and a blockchain surveillance expert. They dive in into the traceability of Monero discussing recent events around leaked chain analysis videos. Sponsor 01:09 They explore how privacy features such as ring signatures, stealth addresses and confidential transactions safeguard Monero use from blockchain surveillance. The conversation also covers the implementation of dandelion technology, which further protects user privacy by obscuring IP addresses. Sponsor 01:26 Throughout, they emphasize the strengths of Monero's privacy model, while addressing common misconceptions about its traceability. Monero talk starts now. Doug 01:37 Alright, Francisco. What's up, man? ArticMine 01:39 Well, very busy. I'm getting ready for two talks. I'm giving a talk in the proof -of -work forum in Frankfurt at the end of this month on proof -of -work or sustainable proof -of -work, and then the second one being the pipeline, of course, of Montero -Dopia in Mexico City in November. Doug 01:59 Oh, I'm so so looking forward to that. Yeah, are you excited? ArticMine 02:03 Oh yes, yes, yes, yes, so this is my, and this is actually quite apropos because a lot of the topic associated that I rotate on monorotopia is of course going to be the impact of scaling on privacy and relationship between the two. ArticMine 02:17 So this is actually quite an applicable topic that we're doing today for that, which is really interesting. Doug 02:22 Yeah, 100. I mean, we're right on it. I'm just slightly shocked because I'm just tweeting this out. I want to make sure we really get the word out on this. Yeah, I'm very excited about today's show. I'm super excited about seeing you down in Mexico City at the conference and then just watching you interact with everybody, people getting to learn things. Doug 02:43 So much has come out of these conferences, Monero Topia and Monero Con. I mean, I know like one specific thing. I don't know how you met the team that was working on the Bitcoin fog case, right? ArticMine 02:58 Right, right, right, right. That came out of a neurotopia. That was really exciting. Well, that's a very interesting case because, of course, it's now in the appeal stage, or it's going to be going into the appeal stage. ArticMine 03:09 And there's a lot, but there's still all the things I can't talk about because it's all about doing the appeal. Doug 03:17 I'm trying to make the point, I'm just trying to shoot Aerotopia as an amazing thing, right? I love the fact that I came out of that. And so this should be another, you know, another big year, especially with Luke Parker on the brink of implementing full chain members to proof. Doug 03:35 So we'll be getting, you know, updates on that. And I'm sure there'll be developments that are taking place with regards to that in person. So very excited. You mentioned you're doing another conference where you're going to be talking about sustainable proof of work. ArticMine 03:49 Yes. I'm going to be talking at the proof of work forum in Frankfurt, Germany. It's at the end of the month of 27th to 29th of September. And what I'm going to be talking about there is how you can make a proof of work sustainable. ArticMine 04:06 And there are very simple things you can do, such as heating your house with mining Monero or break of that. Just using excess solar power to make, to mine, effectively making it sustainable. But what are the key elements about proof of work? ArticMine 04:22 And I'm just going to tease this because it's really interesting is that the assumption that people make in proof of work is that there is no value of cost associated with the heat produced by mining. ArticMine 04:33 And the second assumption they make is that there is no value of cost differential with heat and electricity, depending on whether it is, for example, at a residence just coming off a solar panel or at a utility and similarly with heat. ArticMine 04:48 The heat is worth a lot more money at the residence in the winter than it is at the utility power plant. The electricity is worth a lot more money once it's sold in the grid before it as opposed to what is distributed at the solar panel. ArticMine 05:01 So a lot of differentials in price, which are really interesting and have real renewable implications and actually favor the decentralization. So I'll leave it to that. Doug 05:13 Yeah, you got me thinking so many things, but by the way, Abdullah has been talking about wanting to work on miners as the next thing after the Noto. And he's a very talented designer, he's really a very skilled guy. Doug 05:31 And we've been talking about the concept of perhaps trying to design them in such a way where they can be used as heaters, as space heaters. ArticMine 05:40 Well, you want to optimize for space heating, and you want to optimize for two things. You want to optimize for space heating in the winter months. This is really important. And you want to optimize for excess solar power due to similar things. ArticMine 05:51 So those are the key elements in making renewable proof of work. And that's where we need to look at, can you sit your home with whatever might you need on your answers? Yes, you can. Conversely, can you actually have a market for renewable solar power where they have excesses? ArticMine 06:11 I'm in the process right now of installing a solar power in my home. In fact, I'm not waiting any day to get the permit for this. So I'm really close for doing this, so I'll be right in the footprint of this. ArticMine 06:23 And the answer is, can you sell it to somebody at a better price so you can sell it back to the utility? And then whenever I network, being an obvious candidate. Doug 06:32 Yeah, yeah, yeah, I'm thinking like other things you could potentially do right like like greenhouses right using it for warming green like what are what are you know, you start to think like what are the some of the most universal needs for a heat source that you can put to work obviously heating a home. ArticMine 06:50 heating a business after business hours. Heating greenhouse is a great example. Now, for larger industrial applications, it's probably more better for Bitcoin than for Monero, actually, because they tend to focus more on the big basics. ArticMine 07:03 You may have a boat mill that wants water at 60 degrees Celsius or 70 degrees Celsius, so you can help heat that up. You have excess heat. So, one of the key points is the value of the heat. And this is why this is really important to look at the question of proof of work in the general sense. ArticMine 07:20 What is the value of the heat? What is the cost associated with the heat? What is the value of the electricity at the point of generation? What is the value of the electricity at the point of sale? And again, what is the differences between wholesale and retail? ArticMine 07:35 You're buying from the utility and you're selling back the heat. All of these factors and really having potentials for proof of work. Doug 07:42 We're we're at almost 100 live viewers or listeners right now guys like and retweet This is going to be a tremendous show. We haven't even gotten into the most exciting topic of the day We're just side barring here. Doug 07:54 I could talk to arctic for for days and days. I think we've done it in the past So right now we're talking about uh proof of work because he's going to be giving a talk on that But we're going to get into the meat and potatoes of today's conversation Which is about the chain analysis video that leaked and we're actually going to go over it And then we're going to get arctic's full take on it. Doug 08:13 We'll we'll even bring up the video go through it So this this should be super exciting um ArticMine 08:20 So, before I leave, proof of work summit in Frankfurt. That's where I will be speaking. It's at the end of the month. You can search online and you can find the information on the talks. Doug 08:31 Fantastic. And then, like you said, he'll be at Monero topia in November. Speaker 4 08:35 in November, yes. Doug 08:36 Going to quickly show that guys grab grab your ticks today. Everything's coming along with Monero topia So let's let's go. Oh, let me let me mention one other thing So if you guys want to ask a question to Arctic at any time during this show, please use XMR shot chat Dot -com slash Monero talk. Doug 08:58 That's our Monero super chat System that we've built and I'm the number one user I'm currently the power user of it, but there's other starting starting to use this tool as well, which is very exciting we have people in the Liberty space that are noticing this tool as a way to Earn super chats peer -to -peer without any fees being taken. Doug 09:20 So go ahead today And if you want to ask any questions Arctic, please use that XMR chat dot -com slash Monero talk Super easy to use if you ever sent them an arrow transaction before in your life You should be able to figure out how to use it and we'll pull your super chat up here Arctic I guess I guess we'll jump into it. Doug 09:39 Oh, I did want to say so at the conference last year We did a talk on proof of work versus proof of stake I'm thinking maybe this year we need to do something again around that topic like another another panel before we move on could you give us kind of your Your quick down and dirty elevator pitch on your take of proof of work versus proof of stake Just so you have people if people haven't heard Just just kind of summarize where you ArticMine 10:07 back to my post in 2015 in Bitcoin talk and it was with respect to Ethereum. Proof of stake in my view does not work without an intervention of the state to regulate the stakers. And I'll tell you why. ArticMine 10:23 The biggest single problem that I have with proof of stake is very simple. It cannot tell apart a beneficial owner from a nominal owner. So, it doesn't know the difference from the stake that you have in an exchange versus the stake that is controlled by the beneficial owner. ArticMine 10:40 And this is where it can get really dicey because if you have a nominal owner, an exchange that controls a significant stake and they're short the coin, they actually have an incentive to stake it in such a way as to wreak havoc on the market, on the actual chain itself in order to short the chain. ArticMine 11:01 Now, I know people in Ethereum will say, yes, we can do all sorts of things to try to prevent that, but you have, you effectively are turning proof of stake on its head. And that in my view is the single speakers weakness of proof of stake, is the fact that you could not tell those two apart. ArticMine 11:16 Just imagine, mark or tell us if you're a number one box. Doug 11:20 Yes, yes. ArticMine 11:21 staking Bitcoin when he was about to go under. Just imagine FTX staking coins when they're about to go Doug 11:29 So that that's that's that's your your greatest criticism of ArticMine 11:33 As my biggest criticism of proof of stake, you cannot tell the nominee from the beneficiary about that. It's no way the network can tell them apart. And that, you have to regulate these nominees in order to make it honest, which in turn forces the whole issue to government regulation. ArticMine 11:49 And in fact, what ... Doug 11:50 I like how you're thinking man, and I'm glad we have people like you that are able to game theory this stuff out That makes sense. I don't I haven't really heard I know you guys did the panel last year, but I I certainly didn't walk away convinced by proof of stake Andre the creator of xano, you know Andre. Doug 12:09 Yes, I remember Implement Crypto note, right? Yes there again this year and he told me again He's like he's like I'm convinced that one day Monero will be proof of stake And he's like, you know, I'm gonna I've been talking like so I don't know right now right now I'm taking the Arctic side of that argument. Doug 12:29 What's that continue? We'll continue the discussion down at Monero topia Andrea. Yes there Hopefully we could get him to participate in that and we could get his response to that issue I think he responded last year on that too ArticMine 12:42 Well, I, because I remember raising the question, it was, it's my favorite example of proof of stake. But anyway, that's, uh. Doug 12:49 It's yeah, it's hard to argue otherwise against that Um, so all right, let's go ahead and we'll move it along because this is this is gonna be quite the show actually This guy john doe is saying careful. Doug 12:59 They might copyright strike this video. That's a good point, right? If we start showing it Uh clips of it, but it is it's clearly fair use right if we're just uh commenting on portions of the video But I guess if they want to egregiously Uh boot things from the internet burden is on us to prove that it's fair use something ArticMine 13:19 You're dealing with the U .S. based, if I understand correctly, First Amendment, fair use, argument. Yes, exactly. Which is got, that's essentially, I'm physically located in Canada right now, I don't know if it's a legit just situation, but that's. Doug 13:33 So so we'll take it we'll take a chance with it and actually well as we do these shows all our shows get added to library, so Yeah, a lot of people know that like I can't constantly people asking where else can I watch this that only use Google? Doug 13:46 Whatnot guys all our shows get posted on the library. So All right, so let's break into it. I'm gonna go ahead and Pull up the chain analysis video that was leaked We're at 157 live viewers guys like and retweet. Doug 14:03 This is this is gonna be a good show get involved You could ask Arctic questions We're gonna go ahead and pull up the video that calls the all the the hoopla, right? It's it's had I think a bit of a Streisand effect in in Monero We saw obviously the video dropped and then some you know media companies and in in crypto land Started, you know putting the foot out there with headlines that Monero is traceable, Doug 14:32 you know We've been through this many times, but it was like kind of we were reliving that And the Monero communities take was oh, this is great Did you listen to the video their talk the guy who's presenting it is literally talking from the standpoint of how impressed he is by? Doug 14:49 Monero versus all other cryptos for purposes of acting as digital cash even Monero even criticizes Monero I even I think has a slide that says why Monero is better than Bitcoin and where he describes how It's you know, it's private by default So the Monero community was out there like celebrating this and they're like the rest of general crypto Was like trying to hang us for and we're like no, this is a good thing, Doug 15:15 right? Well, what was your over? What was your initial? ArticMine 15:18 So, my initial take on the video is if you really try to understand blockchain surveillance in Bitcoin, which I have been working to understand, then you kind of understand what they're doing in Monero. ArticMine 15:30 And it's actually fairly difficult for Chanalis. My feeling on it is that they pick scenarios where it actually works and then let the viewer, the reader extrapolate. Now, what I think I should point out, I'm actually certified by CypherTrace or as an investigator. ArticMine 15:49 I actually took their training. So, I kind of want to see that from the other side, from a competitor, which is quite interesting. And there's a desperate reception from a lot of people in law enforcement. ArticMine 15:59 They want the desperate, even if it, so there's a lot of temptation to sell stuff that doesn't really work. But typically what you have is you take a situation where it actually works and you try to extrapolate it to a majority of situations where it does. ArticMine 16:14 That would be my answer to that question. And the thing that's true about Bitcoin, most of the tracing in Bitcoin actually doesn't work. There's a few cases where it works. Doug 16:23 Let me ask you a question now, just before I forget, it just pops into my head. Well, what do you think of the concept of building open source chain analysis tools? Right? I mean, they're getting built anyway. Doug 16:36 Would it make sense? I mean, obviously at the same time, you're building Monero to be as resistant as possible to chain analysis, but how would that work out if, you know, the community was also developing its own? Doug 16:49 People in the community are probably like, what are you, an idiot? But. ArticMine 16:53 No, no. I think it's a great idea because they were exposed. There's a lot of misrepresentation in this field, and one of the biggest problems with it is that the entire thing is generally self -probability. ArticMine 17:06 They go out of their way to hide a whole bunch of heuristics. Doug 17:10 Right, it would kill their business model too, because now it would be, you know, right. ArticMine 17:17 but because essentially, in a lot of cases, they're selling something which doesn't work. But there are a few cases when it does, and this is what's so fascinating about it, and maybe I get a chance to cover some of this, but my point is, yes, putting it all open source and having independent scientific peer review and analysis of this stuff will be a great benefit to everybody involved. Doug 17:39 Right. It could be a tool to like where people are realizing what what is and isn't, you know, what what data is out there about the way in which they're using Monero. ArticMine 17:50 Not just that, it's whether or not a lot of the allegations that are made have any foundation. Because one of the biggest problems with this is that you have these few cases where it works, and then you have a lot of cases where it's an incredible question, and there's no independent period. ArticMine 18:03 This is one of the things you run into the legal system that has barely been tested in the courts. You're going to need repeated cases with well -funded and well -resourced defense team. In order to put this thing to the test, what I can say about it is that there's a lot of stuff that's been sold here that just doesn't call, it hasn't had any kind of independent period. ArticMine 18:25 It hasn't had any kind of ... All you get is the marketing information from these companies, and they keep this stuff as secret as possible. This is why I run it around with a head coach, I'm trying to stop this video from going all the way. Doug 18:37 Exactly! Exactly! ArticMine 18:39 I mean, so the best thing that we could do is have independent scientific peer review, not just on whatever, but on every chain where they do this, and actually ask some of the tough questions, because there's some really, really issues with scaling the blockchain surveillance. Doug 18:58 We may have to make that part of the Hackathon theme at Monerotopia, building chain analysis tools, open source product, just for the apps. ArticMine 19:07 Absolutely. Absolutely. The whole thing I prefer to do a blockchain surveillance. I don't want to use that trade name because that is Analysis. Chain analysis is very similar to Chainalysis, which is a trademark. ArticMine 19:18 So I'm not sure I prefer to personally a blockchain surveillance because I kind of described what it is. It is an ancient surveillance. Doug 19:24 Is there any difference in the terminology of chain analysis versus because I have noticed you always say blockchain surveillance But you're doing that really for for copyright Company we're not promoting ArticMine 19:38 First of all, I don't want to infringe on their copyright, and they're not promotable anyway. Secondly, I think it describes what it is, because there's a difference between analysis, which implies it's deterministic, and surveillance, which is not. ArticMine 19:52 What you're doing is you're trying to surveil the blockchain. Doug 19:56 I just wanna analysis, chain analysis is giving them too much credit. ArticMine 20:00 Well, it implies that it's an objective process, and it's not an objective. There is a lot of subjective heuristics, I guess, in this system, in Netcoin. And this is the point that people miss about it. ArticMine 20:12 And then the Netcoin understand when it actually makes sense, when the statistics makes sense, when you have independence statistics that are random, or you can then apply proper scientific statistical methods to try to gain data out of it. ArticMine 20:26 So there's a few cases where it makes sense. And in the majority of these cases, it doesn't. They go into essentially allegations, as opposed to any kind of evidentiary information. Then the question is, can you do a sales number on law enforcement and on the courts? ArticMine 20:44 And to what degree? And is it going to survive appeal? And now we're going into the realm of a lot of the battles that are good, for example, the Bitcoin -focal case, but a whole bunch of other cases also that are coming around in Europe, with tornado cash, for example. Doug 20:58 Let me just bring this up, a Bosco tip, $9 .97. Wow, 10 bucks. Thank you so much, man. Very generous. Please talk about the apparent breaking of Monero's anonymity due to key images. Seems like a bigger issue than the deep blockchain analysis video. Doug 21:14 I don't know if you want to touch upon that now or you want to answer that later. Do you have an opinion? Do you have a good knowledge of that? ArticMine 21:22 I'm not specific, I mean they're breaking a key image, maybe go a bit more in detail as to what exactly they're saying and maybe give you some input on that. Doug 21:32 Yeah, if you could send us some follow -up thoughts on that, so you could attempt that. No, you don't have to send us money for the follow -ups. We got UTXO. Nice. UTXO tipped 25 cents. Does a commercial chain analysis rely heavily on KYC exchanges and similar nefarious entities selling their users' data to the chain analysis companies? Doug 21:56 How would an open source project get around that? I guess, yeah, I guess they would. Yeah, they would. ArticMine 22:03 A lot of it is a single allegations, a lot of it is data from, in fact, in all cases the data may actually be stolen. You start getting into issues such as whether or not, particularly in the European Union with the privacy laws in the European Union, GDPR, but also with the European Convention of Human Rights, where you actually put these into the GDPR, so you have a lot of issues and where they even have the right to store this. ArticMine 22:33 Just to give you an example, PlanBuei was kicked out of Canada by the privacy committee and they were basically covered building databases in people's faces and they could not use any data because of privacy laws. ArticMine 22:45 So you're getting also into a lot of issues there. There's a huge amount of hidden, it relies to a large degree on security by obscurity. Like you don't want to reveal what you're doing because you hope that the bad guys won't find doubt in only the good guys have access to the information, the good guys think governments. ArticMine 23:03 And then it gets really dicey in the courts because now all of a sudden the defense has a right to confront their accuser, which is an algorithm, and you can see why this is leading to. So there's a lot of that, but there's also some element of it which is fundamentally scientific which can be done in an open source model. ArticMine 23:19 In fact, in this particular example, they're actually subpoenaing the information from exchanges and not necessarily obtaining it from selling it from exchanges. That could actually be illegal in many parts of the world. ArticMine 23:30 It might not be in the United States, but if you start selling information commercially out of KYC, you're in Canada, you're going to get into trouble. What you're doing is just a legal subpoena process. Doug 23:43 Yes, yes, exactly, exactly. Which is, yeah, so obviously, to answer this question, obviously, we wouldn't be able to, an open source tool wouldn't be able to replicate the obtaining of the information itself, but you could build the tool that they use, and then, you know, it's up to the data. Doug 23:58 Yeah, that's just an issue of companies dealing with government subpoenas, exactly. ArticMine 24:06 But the data are also sort of luminous, and this is another huge issue. It was just the scalability of these. That's a huge issue with them. Doug 24:14 All right, let's get to that in a bit. I'm gonna write it down just so we don't forget. And that's the topic of your talk down in Monero -Topia, right? ArticMine 24:23 Yes, that's actually an approach of working on. Doug 24:27 I mean, I'm looking at the relationship between how scalability is actually tied. You know, scalability helps with privacy. ArticMine 24:34 Well, the long and short of it is that the bigger the blockchain, the more private it is. Doug 24:39 Right, right, right. ArticMine 24:40 But the question is how. But that's the long and short of it. Doug 24:45 We'll get into that, but let's start going through this because I want this to be a good resource for people who actually, you know, are trying to figure out, is Monero traceable? Well, you know, this will be a good resource for people to watch. Doug 24:59 You've seen the FUD and now we're going to go through it. Let me start to play the video here. Sponsor 25:05 Do you love coffee and Monero as much as we do? Consider making gratuitous .org your daily cup. Pay with Monero for premium fresh beans and if you like what you taste, send a digital cash tip directly to the farmers that made it possible. Sponsor 25:19 Proceeds help us grow this channel, gratuitous and Monero. Doug 25:23 Guys, like and share. We got a bunch of live viewers. Speaker 5 25:27 and have a special focus on Monero, very near -end. Our agenda for today, we're going to start with just the basics of Monero, what it is, how it works, and why people use it. Next, we will have a brief introduction to our internal Monero Black Explorer tool that we use for our Monero analysis. Speaker 5 25:39 Finally, we are going to look at a real dark market case that we investigated not too long ago. As you can see, it actually in practice what our tracing looks like when performing. Please feel free to throw questions in chat. Speaker 5 25:46 I have some colleagues here that will be happy to answer your questions or save them until later when we have our Q &A. Speaker 4 25:51 Which we could pretty much skip the skip this spot. I mean what is Speaker 5 25:59 this go fast from the ad I guess the head so so Speaker 4 26:05 But there's a few jams in the process also that we need to know. Speaker 5 26:10 about how to specify the first privacy coin. Monero is the default. For something like the cache, you can opt -in to the privacy features, all the many. Doug 26:14 I mean, what I love about is what his Monero section is. He's really talking up Monero. He's very pro -Monero. This guy is obviously a Monero user. Who knows? Maybe he contributes to Monero. Maybe he's a dev, right? Speaker 5 26:28 We don't need privacy practices in order for your transaction, but the blockchain just brings up layers and numbers. Doug 26:32 Oh yeah, I love this one. Why is XMR better than BTC? So, um... See how you're getting to that! You don't get it better. Speaker 5 26:41 But over time, it can clear that really it's just pseudonymous. Everything is linkable and traceable, and everything will be visible on blockchain. So for that reason, Monaro is a little bit better for people who want to preserve their privacy by plugging those things in. Speaker 5 26:49 What he doesn't say! I'd like to show this piece of active nodes in the Monaro network, because it shows Doug 26:56 What do you say, Francisco? What do you doesn't say about it? ArticMine 26:58 doesn't say is that the key advantage that Monero has over Bitcoin is scalability and telemission, which supports the entire privacy infrastructure. And that's the killer application of Monero. But this is the standard assumption that people make that Monero is all about privacy, and it's not about scaling, and it's not about solving Bitcoin. ArticMine 27:21 A scaling problem with the block size problem. Doug 27:24 He might very well agree with you on that, but you know, his audience, it was about talking about surprise. ArticMine 27:29 Exactly. But that's my point. That means the real strength of Monero is that it actually has addressed the whole block size issue in Bitcoin, which the Bitcoiners will never accept, no matter which way the big brokers move. ArticMine 27:40 But let's continue. Doug 27:42 But yeah, I mean, it's amazing that he has a slide on how Monero is better than Bitcoin because it's untraceable. And it's actually really impulsive. Some companies have taken steps. He talks about the notes, so basically how it is decentralized, it'd be difficult to shut down. Speaker 4 27:55 This was an interesting slide. ArticMine 27:59 In this slide, it does identify a very simple fact that the less user -friendly, more privacy, if you run it yourself, the minute you start going with these services -based solutions, particularly where third -party people are running your node, you're going to lose privacy. ArticMine 28:19 So that's a legitimate point that he makes in this slide. Speaker 5 28:22 Right. To use more utility. And they're shedding some of those extreme privacy practices by, for example, allowing a third party to view your IP address or potentially your private keys. How designed to provide keys? Speaker 5 28:31 Where free main privacy features that improve over Bitcoin style transactions. What's that? ArticMine 28:35 Arlick? No, no. Let's go through it. He helps me in the key, you see, in new keys in some keys. Doug 28:41 Yes. So in the wallet section, he's talking about the different wallets, and obviously, some of those wallets rely on giving up your view key, right? Right. Yeah, that's exactly the point, yeah. you Speaker 5 28:52 Yes. Yes. First, it is unlinkable, meaning that it's not possible to link two or more transaction outputs to the same identity. Speaker 4 28:59 talk for a moment here. We can't hear you. Okay. ArticMine 29:01 Okay, if you ran Bitcoin and you never reuse addresses, you would actually get the unlinkability that Monero has. Doug 29:09 If you if you ran Bitcoin. ArticMine 29:12 and nobody ever reused the Bitcoin address. You turn all the Bitcoin addresses into one -era stuff. Doug 29:18 Right, but that's not the case. ArticMine 29:20 But that's impractical, and Monero enforces it, and at the same time makes it convenient. But it's important to understand what stuff addresses do. It's essentially what they do. One thing I'd like to point out, when you look up Monero's privacy, and it's a critical thing to understand, the whole is greater than the sum of its path. ArticMine 29:39 So every time you think about Monero's privacy, keep this in mind, the whole is greater than the sum of its path. So let's continue. Doug 29:47 I love it. I love it. Yes, stealth addresses obfuscates the receiver in a very elegant way. ArticMine 29:54 What a style of addresses does is equivalent of everybody not reusing their Bitcoin app, to break that link, which is what Bitcoin tries to do. One of the common misconceptions is that people tend to conflate going from an address to a person. ArticMine 30:08 When you want to make something untraceable, you're tracing individuals, people who you can subpoena, people who you can put in jail or convict or sue or whatever, girls who are an address. I know the US government is trying to sanction addresses, but realistically, you know. Doug 30:23 They need to connect the person with the address. ArticMine 30:27 Correct. You need to correct the person with the alleged illicit activity so that you can then prove and code the allegations. But that's the key point to understanding disability. Speaker 5 30:38 to uniquely determine the origin of a transaction, and it is confidential, meaning that we can't even tell the amount being transferred in a transaction. Let's talk about some of the technical underpinnings that make that possible. Speaker 5 30:47 One of these hallmark features is something called ring confidential transactions, also known as ring CTs. So when you send a Monero transaction, instead of having it be totally obvious that the funds are coming from your identity, the Monero protocol automatically will draw in a bunch of other transaction outputs from previously on the Monero blockchain, and then will hide the real output being spent among all of those decoys. Speaker 4 31:07 But stop remembering it's not optional, but Doug 31:10 So yeah, he's talking about ring signatures ArticMine 31:12 They say it's coming from your identity. That's not correct in Bitcoin. This is why you got to be very careful when they conflate these things. It's coming from an address that you may be able to associate with an identity. Doug 31:25 Right, right, right, right, right, right. ArticMine 31:26 as opposed to, but you've got to watch these guys on this because they do show and jump these groups and what they're doing is that they're actually misled. So what they're saying in Bitcoin is they have an address and then you can link the address to an identity. ArticMine 31:39 Right. Well, it abstracts that, but it's not the case that the address is an identity. Doug 31:44 Right, and they're here they're assuming it is but that's ArticMine 31:47 Yeah, but it doesn't matter. They're making the wrong assumption in Bitcoin, and they're making even similar wrong assumptions in more. But let's continue. Speaker 5 31:55 I love that. Over time, it became clear that when people didn't opt into it, it made the whole net look weaker. And so now there's a mandatory minimum ring size. Started out a few years ago, it was at 11, meaning that in every transaction input, you would see one true output being spent hidden among 10 decoys. Speaker 5 32:09 Currently, there's a ring size of 16, so one real output and 15 decoys. And their thought of increasing that further potentially into the hundreds, which would make our job much more difficult because a big part of this is learning how to remove those decoys so that you can actually perform some inventory tracing. Speaker 5 32:21 The kind of thing on this slide is Pearson commitments, which is just a cryptographic technique that obscures transaction amounts while ensuring that they still balance out. So it's the Pearson commitments that allow people to spend their funds without revealing the network exactly how much they're spending. Speaker 5 32:31 Let's pause for just a second to think about how this is possible. How can public ledger work without revealing the source of the transaction's funds or the amount of funds? This gets to the double spend problem. Speaker 5 32:39 So like Bitcoin, Monero is built using an onspend transaction output model, meaning that every transaction's inputs consist of previous outputs from previously on the blockchain. However, that means all the most important things the network has to do is prevent people from spending the same coins twice. Speaker 5 32:50 You don't want someone to be able to spend their coins and then later down the line, spend those coins again when they should have learned someone else. So how can this happen on a blockchain where everything is obscured? Speaker 5 32:57 The solution is something called zero knowledge proofs, which is where you want to convince someone that you know some secret bit of information without revealing what that secret information actually is. Speaker 5 33:03 So here in Monero, a prover is initiator of transaction and they're trying to convince the verifier, the miner, that they control the private keys for some input in that set and that the amounts balance without actually revealing which input is the real one being spent or the amount. Speaker 5 33:13 This is a really complicated concept. I love trouble with this because I do not come from a math or logic background. So there are a couple of analogies that helped me understand a little bit better how you can prove something without giving any context about what you're proving. Speaker 5 33:21 But for the personality, let's demand that we have two juggling balls. One is red and one is green. We want to prove to our friend that the balls are different colors, but our friend is a red -green colorblind. Speaker 5 33:28 So how can we prove to him that these balls are different colors without him actually knowing the color? Sorry, I was just explaining zero, zero, zero knowledge. Do you want to prove that we have enough information that contextualizes it? Doug 33:37 Which is great by the way, right? Because you know, there's also that that idea that Monero doesn't have zero knowledge proofs, right? Like, you know that there's that kind of meme out there, right? ArticMine 33:47 The term, you know, knowledge proofs encompasses a lot of different types of proofs. And yes, it's an idea because they call about is that Monet is a lot of zero knowledge proofs in Monet. In fact, if you think of what a full chain membership proof is, there's nothing more than a ring signature. ArticMine 34:04 It's an expansion of the ring signature. So instead of say, it's a set of 16, i .e. potential signers, now you have a whole blockchain or the whole blockchain at a certain point in time as the potential signer. ArticMine 34:16 But the principle's the same. Doug 34:18 Yeah, yeah, yeah. I'm just saying I love that this like I said this video is just the best advertisement for Monero on his presentation He's saying it's better than Monero because it's traceable and people like yeah But you know, how do you know that you're not gonna double spend he's explaining how it's solved You know how it solves the double spend problem with using zero knowledge proofs, right? Doug 34:40 It's using Peterson committed like so it's doing amazing advertising for for Monero itself. Now. He's going into stealth for us Speaker 5 34:47 Stealth addresses are created automatically when you initiate a Monero transaction, and they serve to further obfuscate identities on the Monero blockchain. It's sort of like, if you're running a traditional investigation and looking at someone's phone records, if we see your appeared call coming from the same number, that's going to stick out to us and you might want to reiterate that. Speaker 5 34:58 However, if the person is calling it, say, from a different payphone every time, that's not going to look like it's a consistent identity over time if we're just seeing those phone records. And so, for Monero, that applies because every time you're creating a new stealth address when you're sending a Monero Doug 35:08 Fantastic explanation. Every time you use the Monero, you're calling from a new pay zone. ArticMine 35:12 You're using a new try, it's an example of a reset, you use reset every time you're using Monero, you're using a different Bitcoin app. Doug 35:18 Exactly. ArticMine 35:19 that you don't like. Speaker 5 35:19 the option not to do. Doug 35:30 And it's even better than that because there's no it's not only that you're using a different Bitcoin address, a different address, but yet the address itself through cell addresses is obfuscated, so there's nothing to even go look up on the blockchain. Doug 35:43 Oh, yes, there is. But you're looking at the stealth, you're looking up the stealth. ArticMine 35:47 stealth address. But if you did the scenario that I gave you, if you did that in Bitcoin, you'd have had the same situation. If everybody was only using addresses once, you still have an address. This is why you've broken the link. ArticMine 36:01 And this is the key point. So what you do, because when you go into the video, he treats effectively, what he does is he treats these one -time addresses as the addresses, which is correct. So it is the same. ArticMine 36:15 And he says, if you don't get stealth addresses alone, it's as if you are using Bitcoin, but nobody was reusing addresses. It's a great way to understand it. Now what you have is a, yeah, the difference is in Bitcoin, you have to send it each time to the Bitcoin address. ArticMine 36:32 So you have to change. It's very inconvenient. You can't just give an address to somebody to keep changing, sending. But also in Monero, both of sender and receiver, and all these addresses. And that's what he's tracing. ArticMine 36:44 That's what you trace. That's what they're trying to trace. They don't try to trace the address, trace the one -time use addresses in Monero. That's what they're trying to trace in that video. Let's continue. Doug 36:55 and we'll get to it. Interesting. Now he's talking about bulletproofs and... Speaker 5 36:58 day -of -the -line plus question but it was then implemented for Monero and what does is it hides IP address information from being sent along with the transaction so anyone can participate in blockchain anyone can set their own node and have it receive and transmit transactions Doug 37:09 Yeah, these things aren't related to each other. You're just talking about two examples of technologies that Monero has, bulletproofs, which was a big breakthrough in scaling, so being able to use range proofs in a more efficient way. Doug 37:23 And Dead the Line, which I think is more pertinent to this conversation because he's talking about how this was created in 2020, and it began to obfuscate this idea. Speaker 4 37:34 We'll be right back. Speaker 5 37:36 Another note sends you a transaction, it's possible for you to identify the IP address that that is coming from. Obviously, that is a big privacy gap. You now want somebody to be able to see your IP address when you're sending a transaction. Speaker 5 37:43 We had a dandelions around this, if it test -flits the transmission of a transaction into two different parts. You get this animating phase where the transaction is just shared from one node to the next without being shared more widely with the whole network. Speaker 5 37:52 At a certain randomly selected point, then, a node will choose to start spreading the transaction all around to the rest of the network. And so if you are receiving it at that later stage, you have no idea whether the IP address that you're receiving it from is the same IP address that it came from. Speaker 5 38:02 In fact, it's very likely that it is not that this person's IP address is essentially invisible to you. This was a really big challenge for us, because a lot of how we do our mineral tracing involves IP observations of things like services, so we could know that potentially if the transaction is brought to an end. Speaker 5 38:13 I remember what that said! The transaction was initiated by, for example, a service. The dandelion has made that up. What's that? ArticMine 38:18 Remember what I said, the whole is greater than the sum of its parts. The impact of Dandelion on Monero is actually more than on Bitco, but Dandelion is a technology that's been used in Bitco. The difference is, it's this business that you got. ArticMine 38:33 So they have to rely on the IP address more. But again, what we have here is this concept of the whole is greater than the sum of its parts. This is really important to understand. Let's skip to it. Doug 38:44 Right, when you're using all these technologies combined. ArticMine 38:48 But that's where it really starts to make sense. Speaker 5 38:51 We'll talk a little bit more about some of the ways that we can get around that, but the big thing to know is that the line was implemented in October of 2020, and so anything that occurred after that time, the IP observations that we collect are going to be much, much weaker and much lower confidence. Speaker 5 38:59 Before October of 2020, we felt pretty good about our IP observations, so it's really important to keep that in mind when we're seeing IP addresses in our tool. You have to always think about whether we are in the pre -endline era or the post -endline era. Doug 39:07 But thank you to VTNerd, by the way. I think it was a big part of Dandelion, right? Speaker 5 39:11 Yes. But to kind of drive home the points about the difference between Bitcoin and Narrow, let's just look at a public block explorer and see how they display things differently. This is a Bitcoin transaction on a block explorer, and as you can see, it is traceable. Speaker 5 39:19 We're able to see the public addresses that they're sent from, and the addresses that they are sent to. They are linkable, meaning that we can associate addresses with the vendors. Speaker 4 39:24 And wait a minute, wait a minute. ArticMine 39:27 it stops, stops, stops. Again, what are they associating? What's the spender? Is it the person or is it the address? You know the spending, that's the question. It's not, you are just getting through ring signatures, but again, that is blurring. ArticMine 39:44 This is a point that was very careful when you're listening to these guys. They're blurring. What's the spender referred to? Is that the individual you're trying to trace or is that the address? They're two different things, but let's continue. Speaker 5 39:55 That is not so when you look at a narrow transaction on a multiple block explorer. So here, the addresses that we're seeing are stealth addresses, and so we can't just toss that address into a search bar and see other transactions from that user. Speaker 5 40:03 There's no way connecting that address to the actual wallet it was sent from. ArticMine 40:06 stop. And again, what he's assuming is that in Bitcoin, the addresses are being reused. That's what he's assuming. It's being conflated with the rinsing nature to create a bit of confusion, but you got to make a distinction. Doug 40:21 No, I just want to hear the parody. Speaker 5 40:23 in that we can associate addresses with the spenders, and they are public, meaning that details like the amounts being spent are visible to anyone looking at the network. Yes, that is. So let me look at a Monero transaction on a public block explorer. Speaker 5 40:39 So here, the addresses that we're seeing are stealth addresses. And so we can't just toss that address into a search bar and see other transactions from that user. There's no way of connecting that address to the actual wallet it was sent from. ArticMine 40:52 If make isn't Bitcoin, that might be impossible to keep in mind. Speaker 5 40:55 Let's see that the actual inputs are hiding among all of those decoys. This transaction occurred when there was a ring size of 11, meaning that for each input there are 10 decoy inputs and one ArticMine 41:10 That's the difference between modern era Bitcoin, the fact that you have the rinsing. Doug 41:14 In this op, to obfuscate the sender, you don't know who the true signer of a transaction is. ArticMine 41:20 So now you've introduced the sender, you are not just asking the sender, but what's the sender? You're obfuscating the address it's coming from, and that's the distinction. In Bitcoin, you know what address it's coming from. ArticMine 41:31 You don't know the sender. In Monero, you're obfuscating the address that is coming, which is one of these disposable addresses. Doug 41:39 Right, which makes it untraceable. ArticMine 41:41 That's the part, well, not necessarily, because it's gonna prove later in the video that in some cases it can be traced. Well, let's continue. Doug 41:48 Right. Given the nature of rank signatures. Yes. Speaker 5 41:51 Yes, I'll see that there are no amounts disclosed ArticMine 41:55 That's a key point. That's another key point. What's that? That's a key, another key point because one of the things about not disclosing amounts is that it breaks a certain type of clustering that was an attack on Monero before 2017. Doug 42:08 Right, it's not just about hiding the amount of a transaction. ArticMine 42:12 preventing the clustering because the way ring signatures used to work before confidential transactions is if I got 3 .1 for Monero and I'm going to send it, I got to mix the three, the point one, the point also. ArticMine 42:26 But now the more digits I have, I have a cluster that I can use for correlation purposes. So this is that point. When you hide the amount, you also break the clustering in the actual transactions. Yeah. Doug 42:38 Yeah, it goes back to your line, right, that the hole is greater than the silver. Now it's fully clicked for me, right, because even when I would talk about Monero, right, I was talking about the three pillars, right, the stealth addresses with obfuscate the receiver, the ring signatures with obfuscate the sender, and confidential transactions with obfuscate the amounts. Doug 42:56 But each one of those things also plays a role in making it untraceable. Speaker 4 43:02 I didn't tell us the others! Doug 43:04 Right, the office eating the amounts isn't just hiding it, it actually helps make it untraceable. Health addresses as well also helps make it not only unlikable, but also helps make it untraceable. ArticMine 43:15 No. And what the key point is that office scanning the amount create a situation where you can quote mix completely different amounts of zero amount. So now you have empowered the ring signal just by office scanning the amount. ArticMine 43:28 That's the key point. So what's happening is the office scanning the amount empowers the ring signal. That's what I have to think about because you've broken the cluster. Doug 43:38 So you're gonna, both those things increase untraceability. Yes, yes. Ring signatures and hiding the amounts. ArticMine 43:45 But gotta be careful with definitions here. Speaker 5 43:47 Now that crumbs that allow us to start to identify be Doug 43:50 Now, what I think about is it just, this is very, we'll go through all that, cause this is basically a list of the data that they do know, right? Like this is all the things that they're able to gather from looking at Monero, right? ArticMine 44:05 FIFA Sonas, he's talking about FIFA Sonas. Doug 44:08 These names, size of transactions, those are all the different data points that are chaining out. ArticMine 44:14 Number of mixes is no longer relevant, because that was fixed, but at one point it was variable. Speaker 5 44:20 So I'm just going to highlight a few of the things that we see on this page. First, this payment ID up at the top is an optional field. You can include arbitrary transaction attachments there. That was obfuscated. Speaker 5 44:34 The fee is another thing that is really important to us. Like I mentioned previously, users can opt to send transactions with a higher fee structure in order to have their transaction prioritized by the network. Speaker 5 44:46 And so we tend to look at the fee structure as a way of identifying behaviors. Users often will use the same fee structures or perhaps they're always using the same wallet software that always uses a particular set of fee structures. Speaker 5 45:00 So on our internal tool, you'll see this described not in terms of the actual Monero, but in terms of the fee rate, whether it's one times the normal fee or five times the recommended fee or a thousand times the recommended fee. ArticMine 45:14 It was an excellent paper at the first Monero card on this subject of the feed more and other feed performance. Doug 45:20 So just just quickly explain that um, you know, what are the scenarios wherein fees paid becomes uh a way to mark somebody ArticMine 45:29 What happened, it used to happen, and now it's being torn down, is if you have like four recommended fees, and then if you use a different software, you add or you create a different fee, because it's very hard to enforce it, then you could create a persona around the fee. ArticMine 45:44 And it gets even trickier when we didn't have a tailored mission or whatever changing admission, because then the fees would change and it would rotate. Right now, you could actually, what you do is you limit the number of significant figures in the fees, and then you use the recommended fee structure. ArticMine 46:03 But you also have to have a certain amount of fees in there, flexibility, because you have a market, a fee market, in order to run the scaling and to run the operational chain. So you need to give different priorities. ArticMine 46:14 So I mean, what we try to do is to go to four different fee levels, and you're going to have to pick one of the four, but it's very hard to enforce, you can't really enforce it in consensus, and it's very hard to enforce it in rotary list. ArticMine 46:29 So this is where you get all these different fee person, and that's what they're talking about. Doug 46:34 So what is the current state of fees on Monero with regards to it being a tool that can be used to? ArticMine 46:41 If you use the official wallet and you use the recommended fee structures and you don't custom create the fees, then it works. A lot of other wallets are still, I think some of them are still using certain identifies and typically exchanges that customize their wallets would add different fee structures. ArticMine 46:59 And that's what they kind of tried to look for as a persona that would identify an exchange. So that's the issue that they're talking about. So there's a tool they can use in the sense that you could fingerprint the fee because it's a user non -standard fee. ArticMine 47:14 And from that, you can identify that who sent it. It was an exchange, for example. But the implication of rendering your privacy is very low because we're talking about KYC exchanges in most cases or exchanges as a peanut. Doug 47:26 Right, right. So it's like just allowing exchanges to stick out as users. So I guess that could help. Go ahead. ArticMine 47:33 but also certain wallets. They might be able to tell what type of wallet they use it because of the Dell 4 with standard feature. Doug 47:40 Right. And if somebody did some bizarre fee structure, which, you know, I don't know, maybe if they're right, if they're consolidating a bunch of inputs or something. ArticMine 47:51 That's about our issue entirely, but we'll cover that. Doug 47:54 that. Okay, we'll cover that. Let's let's let it keep Speaker 5 47:55 god you can also see here it shows us how many mixins there are for each of our inputs that's no longer relevant mixins which we Doug 48:03 Right, because you can't no longer set their ring size. Now the ring size is fixed. Speaker 5 48:10 be dealt with is that they drew in 10 decoy trend outputs from previously on the Monero blockchain in addition to our one real one. And then here we can see the unlock time. You can set your transaction to be essentially locked, meaning that the funds are not actually spendable until a certain number of blocks have passed. Speaker 5 48:29 There's a default minimum block passage time of 10 blocks, meaning that you will never see an output from within the last 10 blocks as an input in a new block. And here is another look at fees like I was talking Doug 48:40 Just real quick, the lock time, how does that become a tool for identifying? ArticMine 48:45 Again, if you, for example, had a particular lock type because you want to do a multisick or sub -kind or whatever, that won't be a fingerprint on the transaction. So if someone was always using a particular lock type, that could become a fingerprint. Doug 48:59 Oh, that's it. So, so like with XMR Bizarre where we're doing multisig, it could be like, uh, you could, you, that could be an instance where you're, ArticMine 49:08 Yeah, I mean, we're creating, yeah, if you're creating a particular lab time, that is an identifier feature. That's what they're saying. Yeah. Speaker 5 49:17 Love it. ArticMine 49:33 Yeah, that's that point. Speaker 5 49:34 that you should first start talking a little bit about our internal block mineral block explorer tool. There is a ton of information on the next couple pages. Yeah, this is why you really want to slow it down. Speaker 5 49:44 With some actual investigating ourselves. So this is what we see when we pull open a transaction in our explorer transaction hash is up at the top of the page. And I'm going to highlight some of the main things that we want to look at. Speaker 5 49:54 First, we have this transaction features box here, which we sometimes refer to as the transaction's fingerprints. These are some of those features that we can glean despite all of those privacy features. Speaker 5 50:04 And so what it's telling us here, this first number is the number of inputs the transaction has. The second number is a number of outputs the transaction has. And the third number is the fee structure that transaction uses. Speaker 5 50:12 There are also these extra data fields, you don't need to talk too much about them. But that is another way that we can come up with private fingerprints, people using ArticMine 50:19 For a second. For a second. But it's the last thing? Yeah. Yeah. They were talking about the fingerprints in there. If you look at the number of outputs, for example, limiting the number of possible outputs is some of the things that have been discussed in the community. ArticMine 50:32 For example, we now have a minimum of two outputs, which are kind of by spill shades in a very interesting way. And the other thing is the number of inputs, again, you look at the distribution of inputs and that's a fingerprint that you can control. ArticMine 50:47 Again, if you have a large consolidation transactions, which is what they have here, but that's a very interesting case that gives it away, but for a slightly different reason. And let's continue. Doug 50:58 I just want to make sure so So for just a standard person using Monero you're saying as they're using it if they're if they're like sending from from a wallet That has a bunch of inputs in it versus one that only has a few In like what what? ArticMine 51:13 That got yeah, this is where the court let's go ahead and I've discussed about been heuristic and that's a Speaker 5 51:19 Okay. The IP address that we first saw broadcasting this transaction. However, as you'll note, we can see that we are in December of 2021, which is well after Daniel Ein was implemented. So we need to keep in mind that there's a good chance that this IP address is not actually the one that first initiated that transaction. Speaker 5 51:35 Looking now at our inputs and outputs sections, you can see that some lines have already been grayed out for us. And that is our tool ruling out some decoys that uses a variety of statistics in the term. Doug 51:46 Yeah, how do they do that? ArticMine 51:47 team one. How did they do that? This is very interesting because it depends on what they're doing. When you hear the word heuristic, it's really a fancy name for guests. No, seriously, this is actually, and then they get the question as to how good it is and what's the accuracy of some of these heuristics. ArticMine 52:06 Some of them are good, some are bad, and some of them are pushed beyond the limits of reasonable. For example, you can kind of glean what they're doing. They may know outputs, and you can also glean what they're trying to do, which is very interesting, but again, it's a problem of heuristic argument. ArticMine 52:23 The other thing you'll hear in this, if you pay close attention, is the identical flight account and cluster. A cluster is basically an allegation of an account, which has errors in a lot of cases. And depending on how it's done, those errors can be minimum. ArticMine 52:40 So a cluster, whether you're talking about Monero or where you're Bitcoin transaction, is not the same as an Ethereum account. There are two different things. One has certainty, the other one does not. ArticMine 52:52 There could be an error associated, but he uses the one interchangeably here, if you play close attention. But let's continue. Doug 52:58 And it just can you paint an example where in their you know, they're they're basically poisoning input or I don't know How are they crossing off some of these inputs? Real world example real world ArticMine 53:13 In his chain here, he has an example where he goes in with, he has 70 Boneiro output, which were obtained from a subpoena, and you know, in disclosing the amounts and everything, of morph talk, which were from Bitcoin transaction. ArticMine 53:27 And that is what he's using as this cluster. That's a very decent cluster, which is one of the reasons why he gets some good statistics out of there. But that's the kind of thing that you do. And then one, for example, he would say, if he knows that these 70 outputs are from the same cluster, and he has a good confidence level on the cluster, then it starts to approach us identically in account. ArticMine 53:49 Then you ask more probability questions. If you have a multi -input transaction, and you know that there is four inputs, and four of those inputs are from your cluster, then you can guess, oh, these are likely, the other ones are most likely the fakes. ArticMine 54:07 That's kind of the heuristics they're using. And again, is that accurate? Well, yes and no. You've got to do the probability. What is the probability that if you got this cluster 70 outputs, somebody would do a four -input output and will pick four of those outputs in each input as part of their range? ArticMine 54:26 Well, it depends. For example, if all of the 70 outputs were in the same time frame, it's actually a significantly higher probability. But again, and again, this is why you get into the question of a very small chain. ArticMine 54:37 Well, this is going to be a lot higher than a very big chain. When I was talking about why you could simply call the chain to make it more accurate. So these are the types of attacks. So they're saying, okay, because we know these four are from our cluster, then we're going to assume that the other ones are the fakes. ArticMine 54:54 So that's why you see a whole bunch of them grayed out on some of them. When you see Doug 54:56 than as the yeah I think the best part about all this is that while it's very fun fun and interesting to learn and to realize and but we don't need to be concerned about this once full shame membership proofs is implemented we're no longer ArticMine 55:13 Well, a lot of discussed analyzing. Fortunately, membership proves to negate a lot of it, but not all of it. But what's interesting is he's got a case with 70 clustered inputs of Monero. Doug 55:29 Full chat membership proofs at least eliminates this analysis that they're doing with inputs and... ArticMine 55:35 Yes, it does. Yes, it does. Doug 55:36 I mean, that goes... ArticMine 55:38 Well, if you have enough inputs, think up to the other thing is, if you've got some of that parrot chain, which are very few, you might be able to still do it and ask. Doug 55:45 Mmm, okay. Okay. Okay. Interesting. All right. Let's Speaker 5 55:47 to keep you up. Some of those may have been previously spent with a higher confidence or other techniques used in order to rule out decoys. And so we can pretty much ignore those great ArticMine 55:55 We really spend it with a higher confidence. So again, what that implies, stop for a second. What that implies is they may be trying to build a database of previously sped more error up. That's in getting a very interesting problem, an interest case problem, which is kind of fascinating and so on. ArticMine 56:11 So they may be trying to build a database of sprint out. Doug 56:14 Mmm. Bastards. Yes. Mmm. Speaker 4 56:17 very Speaker 5 56:20 And that's something that will always draw our attention. What that means is that a user connected to one of our nodes in order to broadcast their transaction. ArticMine 56:28 Okay. This is where I bought a stock at this point. So at this point in time, what we know is that Chanel isn't me running a whole bunch of Monero nodes. Open up the RPC port so that you can connect a wallet to that node and spit through that node. ArticMine 56:43 And then they know the IP address of the wallet. Now you're not using their nodes, so now you've totally defeated Dandela. Doug 56:49 Yeah, just use your own node. Run your own node. ArticMine 56:51 So, who saw the, but again, when you look at what's happening here, it's there basically setting a whole bunch of years running a whole bunch of one -arrows. Some people thinking they're setting VPNs, but I think the node will detect all that stuff. ArticMine 57:04 But it's a simple, interesting scenario is that they can basically create enough nodes themselves and then open up, because not everybody opens up that port, that RPC port. In fact, it's not even recommended for most one -arrow nodes to do that. ArticMine 57:18 Well, the people that tend to do that is if you're running a wallet service or something. And a lot of people, because it's a security risk, and you don't know exactly how to do it correctly and blah, blah, blah, blah. ArticMine 57:28 So people will simply not open the RPC port. So the number of nodes that open RPC ports, then you can sort of grab a far, far between each analysis, probably have a significant number of them. At least if you don't know it belongs to a certain wallet provider or something like that. ArticMine 57:43 So that's an interesting issue. Right. Doug 57:45 It's not just about running your own node, you have to run your own node and open your ports. ArticMine 57:52 Well, if you're using it yourself, what you can do is you would not open the port or you create an authentication to get in there so that nobody else can connect to it. Typically, if you have a port open, it's supporting the network, but you're connecting from behind the firewall, then you're okay. ArticMine 58:11 If you want to go in and connect through a VPN or something to your own node from your mobile, then that secures it. If you want the best security, you want to basically be connected to a node that you control and you trust. ArticMine 58:24 Whether you do it through RPC or not, that's what you want to be doing. If you just pick up a random node, well, you're going to get Spydercore, and then they have a lot of information. Doug 58:32 I should play a Monero Nodo ad right now. ArticMine 58:36 So yeah, I mean, you want to run it. And this is the other thing. I mean, if you're running them on their own order, but then you want to configure it. And then you say, if I'm running it from my mobile, now I'm in the baby room and they want to do everything from a desktop. ArticMine 58:47 And most gents said, one of those are stuck in their phones. Uh, I nearly had a Jennifer walk around in front of me with his hand totally buried in his phone when I was driving. So I mean, that's part of the equation here. ArticMine 59:01 But so if you want to use a mobile, you better connect to either a node that you run yourself or that you trust, that's your answer there. But there are LPC nodes, which is basically shenanigans of running a bunch of nodes that effectively bypasses that deal. Doug 59:14 Get a note up, connect it to your cake while- Speaker 5 59:16 interconnects. So we are able to see their IP address when they connect. It can still, of course, be if you're a proxy or a PN or Tor, but there's still a much higher confidence that at least that IP address is where the transaction is coming from. Speaker 5 59:27 So we'll talk a little bit more about those RPC observations in a few minutes. A few other things I want to point out. This plus number is the block height at which this transaction is claiming to be spending one of the outputs from this transaction. Speaker 5 59:39 That's also really important to keep in mind is that we're not looking at like accounts or clusters in a way that we might think... ArticMine 59:45 We're not looking at a stop robot. See what he said? We're not looking at accounts or clusters. Accounts and clusters are very different things. This is a common error that China has made, the same thing in Bitcoin. ArticMine 59:57 A cluster is an allegation of an account, not an account. Doug 01:00:01 Right. It's a probabilistic allegation. ArticMine 01:00:03 It's a problem based on the allocation of an account. Some of them are good, and some of them are not so good. We have no independent verification, and there has been no independent scientific analysis and peer -reviewed scientific analysis accurate to the clustering years. ArticMine 01:00:19 What I can say about clustering, which is very interesting, is that if you make certain assumptions such as they're statistically independent, et cetera, then you can lower the error, so you can improve your signal to noise, in the ideal circumstance, as the square root of the number of inputs in the cluster. ArticMine 01:00:37 So if you get 70 inputs, you can lower your signal, you can improve your signal to noise by factoring the lower rate in the most ideal circumstances. So this is why when you look at clustering, and I'm just talking about one error here, I'm also talking about Bitcoin. ArticMine 01:00:51 When you see a large cluster of transactions that have a reasonable probability, confidence level, and you've got like 100 transactions or 200 transactions, that is the one situation where blockchain surveillance shot, because they can reduce the error statistically with the size of the cluster. ArticMine 01:01:09 If you have one transaction going to next transaction going to the next transaction, then they're guessing what? But once you have clustering, and you have sizable numbers, like you have 100 transactions or something, well, that's like a factor of 10 in your signal to noise, ideally, it may be a bit less, and you can overcome a range signature with cluster. Doug 01:01:28 Right, and it's a lot harder to cluster in Monero at all. ArticMine 01:01:32 and it's harder, but it's not impossible. So you can think of it if you have a very small percentage of Bitcoin transactions you can cluster effectively. Then a subset of that is what you can cluster in Monero. ArticMine 01:01:43 But what happens with blockchain surveillance companies, especially in this case of copy section analysis, is they take these edge cases where the stuff works and then they implicitly extrapolate to situations where it doesn't work. ArticMine 01:01:56 So you get the comment where you say cluster and account doesn't work the same thing. They're not the same thing. Speaker 4 01:02:02 Yeah, I love it. Speaker 5 01:02:04 And so it's just important to keep in mind that when you look, I mean, click into that next transaction that is claiming to spend one of these outputs, that is just another transaction and not actually a user or an account. ArticMine 01:02:13 That's right, you sign a car, these are different things also. Doug 01:02:16 Yeah, what's it there's a user and a town so you keep okay, so you? ArticMine 01:02:19 The user implies the person. A clone could still be anonymous. Doug 01:02:24 right because we probably don't you know an account you don't know you ArticMine 01:02:29 don't know, you can create a Bitcoin. It's very easy to create a Bitcoin address. Make it totally unlinkable to your wallet. Transfer funds in and out of it. Nobody knows who owns that address. Doug 01:02:40 Right. Right. It's just, it's anonymous, an account, an account. ArticMine 01:02:45 It's totally anonymous! It's only c- Doug 01:02:47 You'll be in honor of this. I know, so when they're saying user, they've already identified. ArticMine 01:02:52 when they're applying. But maybe they have identified, maybe they have not. So these words have been made. You've got to be very, very careful what they say when you listen to this stuff. And this is really important. ArticMine 01:03:02 I mean, a mirror or a critique, but your cluster is not an account. And you said it's not an account. Doug 01:03:07 I hope people are appreciating this. We have the premier expert on blockchain surveillance tools. ArticMine 01:03:16 I mean I've actually taken the training from Cybertries and at the same time I've been around Monero enough and we've been coaching so it's kind of a, yeah the kind of reasons they want to keep this stuff off, they want to keep picking this video out all the time. Doug 01:03:29 You know, it's funny because I was like bastards, but for all we know, the people that are building this are the same people that are contributing to Monero anonymously, right? On that level, it's just the technology, right? Doug 01:03:43 It's people that are just purely interested in the tech. Speaker 4 01:03:46 Exactly. Doug 01:03:47 Yeah, playing the game of can you trace me, can you not. ArticMine 01:03:50 Yeah, it's a very interesting and very fascinating line. Speaker 5 01:03:53 And then the millisecond number is how long it was between the first time that we witnessed a transaction being broadcast to the network and the second time that we saw that transaction being broadcast. Speaker 5 01:04:00 So it's one more piece of information that might or might not be relevant as we try to build a pattern of someone using Inero. So now let's actually jump over to our narrow tool and see what it looks like in practice. Speaker 5 01:04:08 This is the homepage of our tool, and it just shows the most recent blocks that have been mined and added to the narrow blockchain. You click on any one of these transactions just to see what it looks like, but of course there's not actually going to be that much information for us yet. Speaker 5 01:04:17 This block was just mined a little while ago, and so there are not many transactions that have claimed to spend the outputs, and we don't have all that many observations for it yet. Older transactions will, on the other hand, tend to have much more information. Speaker 5 01:04:27 And now let's introduce our sort of simulation. We were asked to investigate a darknet marketplace, and specifically the administrators who were believed to be operating potentially out of Columbia. So we received a list of transactions, and these represent instances in which the administrator of the darknet marketplace was swapping from Bitcoin to Monero using the swapping service morph token. Speaker 5 01:04:44 And so each of these transaction hashes represents morph token sending out the Monero associated with that transaction. So I'm just going to grab all of these transactions and throw them into our tool. Speaker 5 01:04:53 So I want to put them in this multiple box here, which allows us to search for either multiple IP addresses or multiple transaction hashes. And the tool has already identified that there are 70 transaction IPs here. ArticMine 01:05:02 Okay. Stop. I put that to you that this Monero analysis of blockchain surveillance is better than a lot of the Bitcoin stuff that you do. That number of transactions, already, and like I get, I mean, you have 70 into the transactions that they have reasonable assumption that they can link to this Bitcoin, essentially to this document market through an exchange. ArticMine 01:05:27 So they subpoenaed an exchange where they didn't have KYC information. But what they did know is that there was the same person using all these 70 transactions. So they can link it to an, whether they linked it to an email address or some kind of account access in the exchange itself. ArticMine 01:05:45 To the degree that they correlated that cluster. Doug 01:05:48 Oh wait, wait, just so I can understand, right, so they're using an instant exchange morph token, there's no KYC, and they were able to now... ArticMine 01:05:58 mind. Keep in mind what happens. If you have a KYC, in a lot of places, the KYC thresholds belong a sudden level. It's above a sudden level. So they could be below the KYC level. This is the first thing to understand. ArticMine 01:06:09 So they're still subpoenable. They're still going to cooperate with what a lot of enforcement may be acting perfectly equal in the jurisdiction where they're acting. So what they're doing is they have knowledge, so they have limited KYC. ArticMine 01:06:20 They have knowledge that these transactions belong to the same person. That's their problem that's subpoenaed. They've subpoenaed a bunch of transactions that they at least have a reasonable probability linked to the same person on the Bitcoin blockchain. ArticMine 01:06:35 But again, the key point is the number of transactions. If you only have two transactions, they will get nowhere. But with 70, they start to get some decent statistic. Doug 01:06:45 And just so I thought, where did they get the 70 transactions that they... ArticMine 01:06:50 Swaps from Bitcoin to Monero, through more spread. Doug 01:06:53 Why did they, why did they think those 70 were all. ArticMine 01:06:56 say, trace them back on Bitcoin through Bitcoin to this market, and they had enough correlation to see that. And again, that's debatable, but they have enough of a cluster on the Bitcoin side that that was converted to Monero. ArticMine 01:07:10 But they started with a 70 Bitcoin cluster that was converted to Monero. Doug 01:07:16 So yeah, another point to make because we're talking about how full chain membership proofs will obviously change things greatly for chain analysis companies, but just the adoption of Monero itself will vastly. ArticMine 01:07:29 That's a whole bunch of other things. Doug 01:07:32 Right. Because we're living in a world where Bitcoin isn't even being utilized. Right. And people are just, oh, ArticMine 01:07:38 Well, they can still have problems because you can still get into the issue of the passive case. So there was a very famous case of a drum cartel in Mexico, and he had like a billion dollars in US cash, and he couldn't move it. ArticMine 01:07:51 So you can end up with this cartel guy ending with a large amount of whatever they can't move it because they can't really place it. So that doesn't necessarily prevent when you have the large amounts of money. ArticMine 01:08:01 But in this case, what it appears to be doing is this operator of a dot network, at least what they're allergic, is breaking up the background in small amounts and converting it to one error. And that's usually when you do that to run it through mixtures, et cetera, you're opening the door to the clustering. Doug 01:08:16 I'm saying in a world where now dark markets are no longer using Bitcoin. They're all using Monero. ArticMine 01:08:23 They still have the same problem. They will still have the same problem. If you try to place large, small amounts of Monero, they can still run into the cash problem that I talked to you. So the issue that they get is that when you go and spend a large amount of Monero, if you have a KYC, they're going to ask questions. ArticMine 01:08:40 And that's where you catch the illicit activity. Doug 01:08:44 Oh, right, on the outside, on the per- Oh, that's- That's nothing to do with the chain itself, that just- ArticMine 01:08:49 the only other shade itself. But the key point is that this is what's driving this clustering thing because I'm trying to get the amounts so they don't attract attention on the outside. So they drop the Bitcoin amounts down to not attract attention. ArticMine 01:09:01 Then they convert them to one arrow, but now they've got this massive number of one arrow transactions that he can put into the tool and start with and they don't correlate. Or at least have a reasonable error rate for correlation. ArticMine 01:09:12 The number of transactions is critical. Instead of seven, he only had five. This whole single full. That's the key point to understand. Speaker 5 01:09:20 Let's continue. ArticMine 01:09:32 fingerprinting. Speaker 4 01:09:32 does the exchange of these behaviors when they are making their Speaker 5 01:09:35 You may have noticed also that there are a lot of different colors happening in our tool. And that's a good reason for that. There is so much data being presented here, and we're always having to see all of those decoys, so many different transactions and IP addresses, that we use color to help draw our eye to the important pieces. Speaker 5 01:09:46 So to start with, we have all of these transactions. And while we're doing our investigation, we definitely want to stick out to us if we see one of those transactions. And so I'm going to make it so that every time we see one of these transactions in the Explorer, it's going to be highlighted for us. Speaker 5 01:09:57 That's what these colored tabs in the upper right are. We use this orange tab and drop in all 70 of those transactions. And so now, whenever we see one of those transactions, it will be highlighted in orange for us, and we know that it is going to be important. Speaker 5 01:10:06 We do the same thing for IP addresses, and that is actually how we do some more attribution. Like I mentioned before, we attempt to collect IP addresses of services that participate in Monero Blockchain and identify those so that we can potentially find exit points for funds or subpoenaable entities. Speaker 5 01:10:17 So what I've done is I've taken all of the IP addresses that we have potentially identified and just pasted them into this box so that whenever I see one of those IP addresses, it will be highlighted in green. Speaker 5 01:10:24 And I know to go check out what that IP is and see whether that might be a potential destination for our funds. You can see actually that some of these are already highlighted green, and that means that we recognize that IP address. Speaker 5 01:10:31 We can actually grab one of these, and you can see that this 1651 seems to become repeatedly. They look at that and see what that is, and copy that. And then for a spreadsheet of known IP addresses and paste it in, we can see that that appears to be an IP address associated with morph token. Speaker 5 01:10:44 That makes perfect sense to us. We know those transactions, we believe that those transactions are being sent by morph token, and so that kind of confirms that since they came from the morph token IP address, and that was occurring in June of 2020. Speaker 5 01:10:53 So before, ArticMine 01:10:54 He's basically using IP addresses to verify what he's getting, that the sense actually came from more of a token example. So give me some correlation of the details. Speaker 5 01:11:04 Again, there's one way that we can confirm that we sort of know what is happening in each of these transactions. But now, we will want to try to trace them forward so that we can figure out where our potential administrator is either converting them or equating the funds. Speaker 5 01:11:14 So, similar to a Bitcoin investigation, one important thing that we look to are co -spends. When there's another transaction down the line that is spending... Stop! ArticMine 01:11:20 Go spend. That is the heart of blockchain surveillance. If there's a simple rule, you know what appeal shade is? Appeal shade is where it's a construct of the call. So you can do it in Bitcoin, you can also do it in Monero, you can do it in Bitcoin. ArticMine 01:11:35 It's one in, two in transaction. So you have two outs, one of them is to spend, one of them is to change, you keep doing that. And then you are alleging that you correctly picked our chase addresses and you're following the spits. ArticMine 01:11:48 That's the allegation of the appeal shade. Every time we go deeper in the appeal shade, you have a probability that you'll get it wrong and then you're all over the place. Now the cost spend or what's called the cost spend heuristic is the opposite of that. ArticMine 01:12:00 Now you got all these separate addresses coming into one and you can mitigate errors because you can average altruism. And so you can use statistics actually to show that you can actually minimize the single, sorry, maximize the single, so the amount of error that you have, yeah, as if it's a scientific, so you want to minimize your error, you're minimizing your error as you increase the number of transactions. ArticMine 01:12:26 So the saving grace that they got here is the number of transactions. And that's the key point to understandable. That was giving them some reasonable statistics. If they only had two transactions or three transactions, there would be 170 that they can correlate. ArticMine 01:12:39 But let's continue. Doug 01:12:40 Right. And the point that's being made there is a typical Monero user wouldn't even be in a scenario where they would have all these transactions coming, right? You know what I'm saying? ArticMine 01:12:52 Well, I mean, you could do a massive one while in consolidation or something, but this is essentially what they're doing here is they're breaking them up because they're breaking them up the amounts that they want to swap and morph token, because if they went in there with a whole bunch of them all at once, morph token would say, wait a minute, we want some KYC. ArticMine 01:13:07 So what's happening is they're breaking down enough so they don't trigger the KYC requirements of morph token. And this is what's getting them, that's what they're... That's what they're notifying. That, exactly. ArticMine 01:13:17 This is the part that they get into trouble because basically what they're saying is they want to stay up in all the threshold. They don't want to get triggered. All of a sudden, the morph token says, wait a minute, we want some KYC. Doug 01:13:30 Let me play, let me play. Speaker 5 01:13:32 be really important that tells us that whoever is making that subsequent transaction had access to all of the previous transactions that are being included. So what does that actually look like? Well, if we scroll to the right, we can see instances in which our tool has identified co -spends. Speaker 5 01:13:43 And that's what we're seeing over here. Each of these transactions is a transaction in which we can find multiple inputs that trace back to our transactions of interest. So let's open it and see what it looks like. Speaker 4 01:13:52 Okay, okay, stop. Speaker 5 01:13:53 I want to be. ArticMine 01:13:53 Can you see a number on the top of that slide how many, how many inputs they have in that example? I think it's four. How many inputs do they have? Doug 01:14:02 Um, you mean where it's the green, right? ArticMine 01:14:05 How many inputs of that transaction that they're showing there? Doug 01:14:09 See I'll put four I think yeah ArticMine 01:14:12 Yeah. Inputs, there's four inputs. Yeah. So what they're saying is, is that because the four inputs are in their list, what is the probability that you create a four input transaction and have four of your clustered input? ArticMine 01:14:27 And that's what they're using, I suspect very highly, to eliminate the ranks. Uh -huh. So they're making a guess, and you can think about this. If I have a group of 70 transactions, maybe space over time, what's the probability that I'm going to get in a four input transaction, one of each? ArticMine 01:14:45 Okay. Because all people ask the question, how do they create all those inputs? Uh -huh. Now, that doesn't tell them that they don't have Monero in them. It could be empty or not. But they're assuming, and I suspect is what they're doing, they're assuming is that, okay, four, what's the probability that you pick four out of 70, and that's in your four input. ArticMine 01:15:04 And that's what, and so that's how they've eliminated the inputs, because they know that there's one of each. So let's continue. You know, the other. Doug 01:15:11 Well, what is that quote unquote, like, what is that attack called in Manera? ArticMine 01:15:18 I don't know if there's a name for it, they talk about the E -A -B -E, which is E -A -B -E, which is basically this exchange, A -B -E exchange, and this is basically what's going on here. But again, clustering is critical for that to work, and I think it's in the Breaking Monero series, where they describe this type of attack. ArticMine 01:15:41 But again, the key point is that they got the clustering. That's the key point here. He clustered it. He clustered it. He clustered it. He clustered it. He clustered it. He clustered it. Speaker 5 01:15:46 of the transaction. You can see that this transaction features three to nine inputs, has two outputs, and was sent using the default fee structure. It's not a super unique fingerprint that's going to be super useful to us, but important to keep in mind. Speaker 5 01:15:55 The other thing is that we are in October of 2020, so we should assume that Dandelion has been implemented and the IP observations are going to be weak. However, we also have this very exciting RPC identifier. Speaker 5 01:16:04 And what that tells us is that a user connected to one of our nodes in order to broadcast the transaction, as we actually have a pretty high confidence that this 185 IP address was being used by the person who initiated this transaction. Speaker 5 01:16:13 You can see the country identifier though is calling this Germany. And so we don't know of any connections with our administrators in Germany. We're going to take a look at that IP address just to see if it might be relevant to us. Speaker 5 01:16:21 Thanks for being with me. So you can see this does appear to be a proxy or a VPN, so not especially good information for us, but that tells us that our target is probably using a VPN of some sort. Speaker 4 01:16:30 No, you can stop. Stop here again. ArticMine 01:16:32 You stop on this one again for a second. So for a second, I'll show you something. Now notice how on the left, on the right -hand side, on the upper, there's so few great versus the left -hand side. So on the upper, why is that? ArticMine 01:16:46 Now we're going from cluster to peel chain. The error, the ringsings are starting to bite. And the reason is because it doesn't have clustering on the peel chains. And that's the key distinction. If you look at this slide, left side, cluster, right side, peel shape. ArticMine 01:17:05 You don't have to read the details, just look at how much they managed to grey out. Speaker 4 01:17:08 Mmhmm, mmhmm. ArticMine 01:17:09 So there's a lot more error on that right side, but let's continue on this side, and he has problems, so we'll see what he's- Speaker 5 01:17:14 The means is that each of these inputs is using an output from one of our transactions of interest. That's why we're seeing them highlighted in orange. And conveniently, our tool has already ruled out all of the decoys for each of these transactions. Speaker 5 01:17:23 That's convenient, but it is often not the case. But here, again, this makes sense to us. We're seeing that our tool has already identified this as a morph token swap. And again, we know that these are all our users' transactions, or morph token outputs, I should say. Speaker 5 01:17:34 And so the fact that the target is able to spend all these together is an indicator of common control. Looking at the output side, we do have some green highlights here. And so those are potentially deposits to services. Speaker 5 01:17:42 Let's take a look at one of those and see what the service might be. I'll hop back over here. And it looks like this IP address is associated with the swapping service change now. So what we would do is we would take this transaction, and we would return it to law enforcement and say, this transaction might be our user depositing funds into change now. Speaker 5 01:17:55 And then law enforcement could potentially go to change now and try to get some KYC information to the extent that they have it. We see something from where, down in output one, we've got these green highlights, so we can see what those are. Speaker 5 01:18:03 Here, it looks like this is traced back to the exchange liquid. And so again, we want to provide this transaction hash until law enforcement of that is potential deposit to liquid. Similar to Bitcoin, we are expecting to see one of the outputs, one or more outputs that are considered as spend, so money being transferred to someone else, and another output that includes our targets change. Speaker 5 01:18:18 But here, I'm not seeing any strong indications that I know what is what. There are still too many decoys here. We do have one transaction that looks like has similar features, but not unique features, and I don't feel very confident about that. ArticMine 01:18:29 Stop. Stop at this point. It's really important. Remo already said at the beginning he's going to turn off a bunch of this output through law enforcement. Speaker 4 01:18:36 Mmhmm. ArticMine 01:18:37 but he's not confident about it? This is why you get into the false allegation territory. This is very dangerous. Because here is where he's alleging making all sorts of allegations, and he just said he's gonna provide some of the stuff to law enforcement, but he's not very confident. ArticMine 01:18:51 You want to go big whack and replay this section slowly. Doug 01:18:54 Mm -hmm interesting and then it gets misused. Okay. That's ArticMine 01:19:00 That's right. This is the danger. So let's... Speaker 5 01:19:01 through this again. There's still too many decoys here. We do have one transaction that looks like has similar features, but they're not super unique features and I don't feel very confident about that. Speaker 5 01:19:10 So all I would do with this transaction is grab the services associated with these green IP addresses and return them to law enforcement. ArticMine 01:19:18 Okay, so think about this. Innocent people are being accused. This is a big issue with watching surveillance, right here. And this is the reason why this is where the real threat lies. You stumble upon through an output on this, and then you can blame. Doug 01:19:33 You get swept up. ArticMine 01:19:35 Yes. So you're asking about the importance of full -shaped membership proofs. This slide is where you prove the critical importance of full -shaped membership. This is the slide that proves that because of the potential of innocent people being falsely accused. ArticMine 01:19:51 And that's where blockchain surveillance really gets into trouble, because here is where you have the accusations. They're turning a bunch of IP addresses to learn for some unwind grants. Doug 01:20:00 That's going to be under on probabilistic graphs. ArticMine 01:20:04 This is where you get this issue of probable crime and all this constellations. Speaker 5 01:20:08 Yeah, right, right. And to see if it looks any different. Here we can see something fairly similar. It looks like our tool has already ruled out all of the decoys for each of our inputs. We're back just with the morph token swaps that we know are associated with our target. Speaker 5 01:20:21 Over on the right side, once again, we're not seeing anything that to me is screaming, this is our spend and this is our change. We have that two input, two output, one times D structure fingerprint, but we can see that that occurs in lots of the transactions that are claiming to spend that output. Speaker 5 01:20:37 So, once again, here, I'm going to grab the service associated with this IP address. And we know here that that is actually associated with the Exodus wallet software. And so, although that's not going to need to be followed with law enforcement, because Exodus does not, as far as I know, collect information about users of its wallet software, it's going to help us understand a little bit more about our target, Speaker 5 01:20:51 and it is an indication that they are potentially using Exodus. However, we always have to keep in mind that that is just one of the possibilities of where this output was next spent. And so, we do not know any certainty that our target actually is using Exodus wallet software. Doug 01:21:01 What were they using to guess that it was Exodus? ArticMine 01:21:04 uh well you're going to go back to demo max because it used to be played back again yeah no i'm giving you the answer that's shit Speaker 5 01:21:12 That is just one of the possibilities of where this output was in extent, and so we do not know with any certainty that our target actually is using that. Oh, shit. We can follow up with other law enforcement, because Exodus did not, as far as I know, collect information about users of this wallet software, it still can help us understand a little bit more about our target, and maybe an indication that they are potentially using Exodus. Speaker 5 01:21:26 However, we always have to keep in mind, but one times D structure fingerprint, but we can see that that occurs Doug 01:21:32 Oh, the fee structure. ArticMine 01:21:34 Yeah, he's a v -structural expert. Speaker 5 01:21:36 So once I'm on here, I'm just going to grab the service associated with this IP address. And we know here that that is actually associated with the Exodus wallet software. And so, although that is not going to be a good Doug 01:21:49 Oh, he used the IP address to make the association with the Exodus wallet software, correct? ArticMine 01:21:55 No, I think in this case, he might have known the IP addresses for the Exodus wallet software. But again, is this a Dandelion transaction or is it an RPC one he's got there? Doug 01:22:05 Um, I think this is a dandelion. I don't know. I don't know Speaker 5 01:22:08 You can follow up with law enforcement because Exodus does not, as far as I know, collect information about users of its wallet software. It still can help us understand a little bit more about our target and maybe as an indication that they are potentially using Exodus. Speaker 5 01:22:21 However, we always have to keep in mind that that is just one of the possibilities of where this output was next to spent. And so we do not know with any certainty that our target actually is. So they're guessing, they're guessing. Speaker 5 01:22:31 Right, right. So let's take a look. As you can see, a lot of our transactions are falling into co -spends down here. However, there are some that don't appear at co -spends, like this line here, we're not seeing any co -spends. Speaker 5 01:22:42 And so let's take a look at that transaction and see if there's something different going on. So we are in one of our co -spends. So we know that our target is spending two of those morph token outputs, or excuse me, excuse me, a lot of our transactions interest. Speaker 5 01:22:52 And so we know that this itself is a morph token swap. And so we are expecting to see in our outputs, one is going to be the morph token change. So the morph token service can continue using the rest of their funds. Speaker 5 01:23:01 And that's likely going to be this output here, since our tool has already identified that as a morph token swap. And that gives us pretty high confidence that this output here is likely to be our user's change. Speaker 5 01:23:09 So because we believe that this is still our user, let's track these transactions. I'm moving forward one hop. And now we're assuming that this is our target controlling the funds and doing something with them. Speaker 5 01:23:17 As usual, we're expecting that one of these outputs is going to be the spend and one will be the change. And again, it looks like there's a pretty good indication that our change is going to be in output one again. Speaker 5 01:23:25 We can see actually that we have the same RPC IP address broadcasting both of these transactions. So although we are potentially in post -andy lion, this was October of 2020, we still know that this user connected one of our nodes in order to broadcast the transaction. Speaker 5 01:23:38 It is identified as a Slovakian IP address. And so again, I'm not feeling super confident about this. But I think that I will still take a look and see whether this is potentially a clean IP address. Speaker 5 01:23:46 And unfortunately, it is not. No problem, though, we can continue tracing forward since we know where our change is going. For that, though, we want to identify the possible destination of our spend. Speaker 5 01:23:55 The same thing was before, I throw that into our spreadsheet. And again, it looks like that first IP address is associated with Exodus wallets. And the second highlighted IP address is associated with the 9XMR mining pool. Speaker 5 01:24:05 Unfortunately, either one of those is probably going to give us much information if we were to try to track down the service. But it does give us some potential information about how our target uses their funds. Speaker 5 01:24:14 Let's go forward one more hop since we know that this is still going to be our target. And here, once again, we're seeing some pretty similar stuff. Our tools already ruled out a lot of those mix -ins. Speaker 5 01:24:22 But there's one thing that is standing out to me in a big way. And that is that in output zero, we've already ruled out all of the decoys. And so we know that this is the actual transaction spending output zero. Speaker 5 01:24:31 We can see that it is an RPC IP address. So again, we're confident that this is the IP address that initiated this transaction. And here, we're actually seeing that that IP address appears to be associated with Columbia. Speaker 5 01:24:41 Now, we believe that there may be a Columbia connection with our targets. So I'm going to do the same thing that before, we grab this IP address and just see whether it might be clean. Here's something exciting happened. Speaker 5 01:24:50 This actually is a clean IP address. This is not hidden behind a PN or Tor. And so that is really exciting for us to find. What we did then is we wanted to try to leverage that IP address with other data to see if we can find other information about our targets, potentially occurring off the Monero blockchain. Speaker 5 01:25:06 So what I did is I took this IP address and I just dropped it right into Reactor to see if there are any wild clusters associated with that IP address in Reactor. And sure enough, I found these two clusters that both had observations with that IP address. Speaker 5 01:25:18 And we could trace those forward directly to two centralized entities that we could potentially use to clean up for more information. This actually ended up being a fruitful lead. One of these entities produced records that appear to show the identity of one of our targets in Columbia. Speaker 5 01:25:30 And so that was a really exciting moment for us because we were able to start using just this list of morph token swaps occurring on the Monero blockchain, very little information and not many breadcrumbs to follow. Speaker 5 01:25:39 We were able to trace that forward on the Monero blockchain to an RPC IP observation, and then leverage other chain analysis tools in order to find more potential results that we can return to law enforce. Speaker 5 01:25:48 So that brings me to the end of my super quick, down and dirty introduction to how we perform Monero tracing. You should not feel at this point like you have all the tools to go and work on your own Monero investigations. Speaker 5 01:25:58 I hope you feel like you could start to, but there's just so much to keep in mind here. It just takes a lot of practice with a tool before you start to feel really comfortable with it. But with that said, I think now we should have. Doug 01:26:08 All right, all right, well... ArticMine 01:26:11 Okay, so that's the sort of recap of this. So the first thing is you got to look at the reliability of the excursion of outputs on those output slides. The other thing is they kind of easily stumbled upon somebody who happened to be in Colombia using throwing a mixing. ArticMine 01:26:25 So again, you have these sort of probabilities. So a lot of this, and this is where it gets really dicey, is based on those statistics. A lot of us are guessing, especially on the output side. If I was going to look at the slides, I'm looking at these output slides, I had some real questions there, particularly when they eliminated all the inputs. ArticMine 01:26:44 Maybe they had data, maybe they just went after this Colombian need because of the fact that it was in Colombia, they were looking for someone in Colombia, they used from somebody else in Colombia. These are the questions that you have to ask in these type of situations. ArticMine 01:26:59 So like I said, I think they had a lot of strength on the input side, particularly with equestrian. I have my doubts very much on the, sorry, on the input side because of the clustering, I had my doubts on the peel size side, on the output side, I made the big more dicey ground. Doug 01:27:15 All right, guys, now's the time to ask questions. I'm going to go quickly play a Monero topiad. We have seven hundred and forty five live listeners. Let's go ahead and play the stroke back and we'll get back to the action. Speaker 6 01:27:27 Are you interested in privacy, freedom, technology, and Monero? Come to the conference that has it all. Monerotopia 2024. Join us in our world -class of cypherpunk speakers to discuss all things freedom. Speaker 6 01:27:43 Engage in the Monero circular economy. Go shopping at the open -air Monero marketplace. Join a workshop. Enter a hackathon. Opt out of dystopia and into Monerotopia at Huertor Roma Verde, Mexico City, Mexico, November 14 -17. Speaker 6 01:28:02 For only one easy payment of $89 for general admission. Or get the VIP ticket for one easy payment of $249, payable in Monero. And enjoy discounted drinks at the bar and dinner with speakers. Get your tickets now while supplies last. Speaker 6 01:28:21 This deal won't last forever. Get your tickets now at merotopia .com. Enter promo code 1 -800 -MONEROTOPIA to get 10% off your order. Doug 01:28:34 Yeah, right. I love that ad. That was untraceable made that. So what's your overall take then in terms of the full chain membership proof saying, right? What does that eliminate in terms of? ArticMine 01:28:49 Well, that obviously eliminates all these ring signals, all these ring analysis. You do eliminate that. So obviously, you know, you lose that traceability element of it. You could still, I would suspect, do some kind of IP analysis with transactions is a lot more difficult because it definitely eliminates the build chains. ArticMine 01:29:11 So WorldShare membership, who's getting rid of a lot of this? There is a good reference on the Cypherstack article where there's some of the few things that WorldShare membership which doesn't solve. ArticMine 01:29:22 But I come back to my, if you give me that bottom line, I'll say that I would, as a minimum, want not just full membership proofs, I would want a transaction rate comparable to that of Ethereum, just to bury in the data. ArticMine 01:29:36 Because if you're- We're doing well. Doug 01:29:38 Let's get to that. So this is the scalability that's helped me. ArticMine 01:29:42 It's just the scalability. One of the things that I came across in a lot of my research on this is there was an article, there was a paper from the Financial Action Tax Force, and they asked a bunch of blockchain surveillance companies to provide information on the percentage of illicit activity addresses in both Bitcoin and Ethereum. ArticMine 01:30:01 They provided only data for Bitcoin. So what I think is really bugging me is why didn't they provide data for Ethereum? Theoretically, it's got way less privacy on Bitcoin, because unlike Bitcoin, Ethereum is an account -based blockchain as opposed to a transaction -based blockchain. ArticMine 01:30:16 So your clustering is already done. So what is the problem with Ethereum? Why did they have trouble doing it on Ethereum? In my strong suspicion, it has simply to do with transaction. Or to put it in a blunt way, they're getting some indications that these guys are drowning in the literal use to watch it. ArticMine 01:30:32 So Ethereum is, in many ways, a degree of privacy, just by sheer amount. And that's just why I'm saying that, yes, full -chain membership proves there's going to be a major breakthrough for Monero, comparable or better than the ring signature, the gold financial transactions. ArticMine 01:30:50 Again, I mean, you can get into techniques through avoiding clustering and shortening and so on to improve privacy in Monero, you'll probably defeat a lot. But the fact of the matter is that people aren't going to be doing that. ArticMine 01:31:02 This is exactly the kind of thing that happened here. They're not going to have, I know the members of the community say that the opposite was weak. That's a tough question to answer. But ultimately, you're also going to need that mass of transactions. ArticMine 01:31:16 You're going to need the volume, the hiding in the volume, element of it. Full -chain membership proves, solves a lot of problems. It doesn't solve every problem. The Cypher stack article, I think, identifies a few cases where it doesn't and where you're going to have to rely on volume. ArticMine 01:31:32 But it definitely does eliminate a lot of the exposure. The biggest take -out that I see from this is there's a very significant risk of the innocent person being falsely accused, which is one of my biggest concerns with blockchain surveillance. ArticMine 01:31:46 They're making a lot of assumptions, even on especially on those exits. How did they eliminate the output, the outputs in the USPIC one, Colombian IP addresses just happened to be conveniently there? ArticMine 01:32:00 Did this person suddenly stop using VPNs and use his own IP address? So there's a lot of questions there, but will someone just pick me if they happen to have a Colombian IP address? Are you left with a lot of questions? Doug 01:32:11 this is sorry no no go ahead get finished up ArticMine 01:32:15 So this is the kind of stuff that that ends up in false accusations, court cases, innocent people being arrested, discussed. Doug 01:32:22 So to summarize, I mean, full chain membership proofs in combination with more people running their own code and in combination with more people just using Monero, right? ArticMine 01:32:36 Yeah, exactly. Then we went. Then we went. I mean, but you know, I mean, I was put in the situation, I did my Daubert hearing, so the Pickler fuck it. And I was asked, is there a traceable? And I actually said it was. ArticMine 01:32:48 And this is before I was available. And I said, what would I have to do to change that testimony? What would have to happen? I said, well, one thing's going to be full chain membership. But is that enough? ArticMine 01:32:57 And I said, probably not. No, as a minimum, I think I'm looking at the post -action. I'm looking at saying, OK, you also need the body, you need the mass. Doug 01:33:08 And you like ran the numbers to come up with the statistics. Why that level of volume? ArticMine 01:33:14 Well, the reason I picked the Ethereum volume is because Ethereum did not, because the blockchain surveillance companies did not answer the FATF on Ethereum. So the one piece of evidence that I have is they requested the FATF for a bunch of blockchain surveillance companies. ArticMine 01:33:30 They asked for this information of Bitcoin and Ethereum, and they only got it on Bitcoin. So what held them up in Ethereum? And that's where I'm coming from, that figure. So given that Ethereum is well known, it has way less privacy than Bitcoin, because in this area we have an account -based model as opposed to a transaction -based model. ArticMine 01:33:48 Well, one of the big downsides to an account -based model is that you lose a lot of privacy that Bitcoin already has. So if they didn't provide the data for Ethereum, my question is, Doug 01:33:59 Why? Right, and you think it's because of volume. ArticMine 01:34:02 and I think it's because of volume. But that's my indication. So I haven't run mathematics. That's one of the things I'm doing that I'm working on. But the fact of the matter is I have to ask the question, why didn't they provide the information for Ethereum? Doug 01:34:17 We have 789 live viewers if you uh most most of them coming from x 765 Uh, but how many comments come in? We have some super chats that come in that this guy sent more info Um, he was the one that asked before about the using. Doug 01:34:36 Um, what was it using? Let's just what was his first one. Let's go back to it and so we could follow up Uh, bup bup bum. Yeah first he was asking please talk about the apparent breaking of Monero's anonymity due to key images Seems like a bigger issue than debunk chain analysis video Um, so yeah, I don't know if I don't know if you're if you have opinions on that but he's like i'm not super technical Which is why i'm hoping someone with the right skills can talk about these claims regarding key images I don't know. Doug 01:35:04 We have to do a separate show on that. Um, I I do you have any insights into riding with a ArticMine 01:35:11 I'm not really clear exactly what they're talking about here, what they say regarding key images. I mean, I don't think this video has been debunked, to be honest. I think there's some real issues there in that video. ArticMine 01:35:26 That's my point. But this key image question, I have to really sort of understand what the claim is, and then I can probably give you an answer. Doug 01:35:34 Okay, we could we could we could do a you know, I'm sure it will come up again another date Sorry, sorry, we can't answer that on the spot Bosco that I mean, we'll need we'll need to uh dedicate a ship perhaps a show ArticMine 01:35:48 Well, I know what it is that claim is, what is the attack, which I'm afraid of it, and so I have to, once I understand what the attack is, I may be able to give you some insight. Doug 01:35:57 Yeah, I think I think I know what he's talking. I can't I'm not gonna bring that up right right now though Bo is a Bay is asking Baytipped 50 cents. How do we get people to use Monero more? We need more employers in the Monero space Eximas ours helping with that, but we'll still need more. Doug 01:36:13 Yeah. I mean, that's that's a great You know the the holy grail, right? So how do we do it? We just we just do it right start sending you did it right now by sending a super chat using XMR chat calm All right, so just make it a make it a daily part of your life And I think I do think XMR bizarre is a great great Form for that purpose ArticMine 01:36:37 You know, there are improvements that we're doing in Monero. I mean, full -chain membership proofs, I think, will help. Doug 01:36:43 be saying more so about the how do we literally just get more people to start using it so we can. ArticMine 01:36:49 make it attractive. You're going to make it easy. So this is what I'm saying. Wallet activity, accessibility is another one, ease of use, things like the Monero Nodo, another thing is going to help. So all these things each help. ArticMine 01:37:00 Now, if you look at the statistics, we got a big growth rate until about 2021, and then it's been pretty flat for the last four to five years. And again, people, so that's the fact is, but we are seeing growth in the transaction, but it gets a bulk of the transaction activity right now. ArticMine 01:37:19 A lot of you are still people buying and trading your exchanges. Most of the activity. Yeah. So we need, and that's important because people need to on -ramp and off -ramp, but at the same time, we need to build this market. ArticMine 01:37:31 People are actually using it. And that's, you know, you make it accessible. There's just lots of little pieces that does that. Doug 01:37:38 Have you looked at what we're doing with that? ArticMine 01:37:40 are bizarre? No, I haven't actually. I'd be so focused on making sure the level one chain works. That's been my primary. Making sure what? The level one chain works. Doug 01:37:51 Okay. Yes, yes, yes. We need you focused on that. ArticMine 01:37:55 That's my primary interest in Monero, really. And it's this business of, okay, can we tweak the scaling better? I was looking at, oh, by the way, I was used to got a five gigabit symmetrical internet connection. Doug 01:38:10 What's that? You just got live. ArticMine 01:38:12 Yeah, I just got a five gigabit connection, internet connections, five gigabit symmetrical. Yeah, that's the transaction rates from one year. Doug 01:38:20 Ah, here is XMR Bazaar if you haven't seen it. Um, it's, we're, we're getting a lot of users. So we have even just the regular, the what's new, it's showing 7, we have like 762 listings so far. ArticMine 01:38:34 Well, that's pretty good. Doug 01:38:35 And new ones coming in every day. Yeah, I mean I think I ArticMine 01:38:39 It's one of the popular items, one of the popular items. Doug 01:38:42 Popular items, let's see, somebody's like selling, let's say, let's show, let's bring them up. Proxy shopper, somebody selling goldbacks. The algorithm is just bringing up the listings that have had the most, I think, comments on them. Doug 01:38:59 Yes, mm -hmm. And reviews. Somebody who's selling the service of helping other people with their XMR Bizarre Listings, somebody selling gift cards. That's a big one, man. Somebody who's selling cheese. Doug 01:39:12 I've been a customer of him. It's actually fantastic, fantastic cheese. ArticMine 01:39:17 See, card cards, that's the one that everybody's talking about. That's been a major success because that effectively, what it does is it allows you to buy things from a lot of mainstream nations. If you do it digitally, then what you do is you should be in the lineup and buy the thing on your phone and then turn around and by the time you get to the lineup, the thing is clean and you got the codes and then you can pay under cashier. Doug 01:39:38 We're definitely in the very early days, but I certainly have a big vision for XMR Bazaar, right? That's my dream come true, is if I can live off of Monero using XMR Bazaar. Somebody just posted the other day, a cleaning service in New York City where you could hire a cleaning service for Monero directly. Doug 01:39:58 There was a store in New York City in Queens in Astoria, a supermarket that got listed on XMR Bazaar as willing to accept Monero. And I went there and bought groceries with Monero in New York City. Yeah. Doug 01:40:14 I mean, this is, you know. ArticMine 01:40:17 That's the kind of stuff that's useful because you can actually go into a store and buy things in the morning. Doug 01:40:23 Exactly, FDTIP to dollar. Imagine everyone on Twitch realizing they don't need to pay a 40% fee to tip streamers. Yeah, I mean, that's what XMR, I don't know if you've seen like what we're using here, this tool, XMR chat, right? Doug 01:40:35 That's another amazing use case for Monero. People can send Superchats directly with zero fees taken other than the C of the transaction. ArticMine 01:40:49 Well, that's because you're bypassing, that's just because you're bypassing these middlemen. And that's the old, the age old argument for cryptocurrency, it's been for a long time. It's the idea that you can bypass the middlemen that charge all these tips on the system. Doug 01:41:06 Exactly, so I mean those are those are the real killer apps any any other just all you know things that you've thought about Potential killer apps for free for usage of an arrow ArticMine 01:41:16 We're going to go into the classic example of remittances, but I mean, the obvious example, I mean, if you look at the case of South Salvador and the government there, they finally figured out that people weren't using Bitcoin. ArticMine 01:41:27 Why aren't they using Bitcoin? Well, they aren't using Bitcoin because it's not competitive fee -wide. With Western Union and the world and the banking base, fiat transfers. So if you want to undercut Western Union at $10, you're not going to do it with Bitcoin at $30. ArticMine 01:41:42 You need something that's really cheap to transact with. And you look at the government of El Salvador running in there, they bought all this Bitcoin, and they now figured out, wait a minute, people aren't adopting it. ArticMine 01:41:54 Why aren't they adopting it? Because it's very difficult to unwrap, and of course they're all about it. Doug 01:41:58 It's not good for remittances. It's not good for yeah, it's it's well. I mean these are too high on chain obviously well Yeah, that's it ArticMine 01:42:06 essentially the problem. It says, well, you can use Lightning Network. Well, you've got an onboard and off -board Lightning Network. I mean, I still have some more error that I, so I'm sorry, some, I had a Bitcoin maxim in my name, but I bought some Lightning for often when I was in Montero Topi in Mexico City. ArticMine 01:42:24 And in fairness, I mean, the thing went up in value when it could probably move it on chain and make a profit on it. But, you know, I mean, but this is the problem with Bitcoin. It's just cost too much money to move the stuff around. Doug 01:42:37 We have a super chat from Cookie Monster. Here's his idea for Killer App. We need a social media app like Telegram that has Manero integrated, since that is what all the social media apps are moving towards, combining social apps with banking. Doug 01:42:51 Yeah, that's definitely kind of a whole new braille. ArticMine 01:42:54 And that depends if there's a social media app that wants to outsource that, and then a lot of them, they want to have everything virtual, vertical, sorry, which basically means that they're trying to get the profits from the banking, so they kind of centralize. Doug 01:43:11 Right, you need different business models for these things. ArticMine 01:43:14 you're not fundamentally different business model. And then you would have a system where you would actually have the ability to send money on the app. But again, you end up on the issue of the centralization of the app now. ArticMine 01:43:26 I mean, what happened recently with Telegram? The guy got arrested in France. It's a centralized situation. So that's the business model problem. Doug 01:43:37 Zapi Park. Hello. I live in Mexico City in case you all need volunteers. Yeah, for sure, man. Reach out, reach out. We'll give you a free ticket if you want to volunteer and maybe you could help us get the word out locally in Mexico City. Doug 01:43:50 We've kept tickets super cheap for locals. We put a nominal amount of $25 just because we want people to actually have a little skin in the game. We don't want, you know, people that really don't care to just show up to a free event. Doug 01:44:01 But we're basically willing to give the tickets out for free for locals if they want to come for the right reasons. They're actually interested in coming to learn about crypto. So reach out, email me, manarotopia at protonmail .com and we could coordinate you helping us out locally. Doug 01:44:18 Fantastic. Love to see that. Anybody else that wants to help out in those type of ways, please email as well. Alright, I think we did pretty well here, man. We're almost at two hours. It says 870 live viewers. Doug 01:44:32 I guess that's the way the way X, I think, just continually shows people as they come in. So not too shabby. You're seeing more comments? ArticMine 01:44:42 Yeah, there's some on the comments here in the comment field. Doug 01:44:49 Yeah, I think we got them all. I think I've been pulling them all up. ArticMine 01:44:51 Here's a whole bunch of the steam yard files. Doug 01:44:55 Yeah. Wait, where are you seeing comments? ArticMine 01:44:57 Well, he had the comment field on StreamYacht. Doug 01:45:02 Okay, yeah, yeah, yeah, that's what I'm looking at. ArticMine 01:45:04 Yeah, that's that's what I was saying. Doug 01:45:05 Yeah, that's where the XMR chats come in. They come into there. ArticMine 01:45:08 Okay, they come into the new room quickly. Yeah, yeah. Yeah, it's very interesting. Doug 01:45:12 Yeah, if anybody else has a question for Arctic, now's the time to ask it. Go ahead, go ahead, and we'll see if any other chats pop up. We're getting a thank you. Yeah, man, thank you, Francisco. Thank you for teaching us. Doug 01:45:29 One of the professors of Monero, Arctic Mime, one of the philosopher kings, so always greatly honored to have you on here and for you to spend your time with us and to teach us these things. ArticMine 01:45:44 and you all have to look into that key image question. Doug 01:45:47 Yeah, well, I have seen allegations of that. I never went down that rabbit hole. But we could do a separate thing on that. Obviously, I think if it was a significant thing, wouldn't Chain Analysis be using that as one of the tools? ArticMine 01:46:05 Well, see, this is the thing that a lot of people, what chain analysis has done is they've abstracted out the actual Monero address. And that's actually what I would expect them to do if you tried to trace Monero. ArticMine 01:46:17 What they did is they don't even, the Monero addresses don't even come into the equation. They're just working off these one -time stealth addresses, which as I mentioned right at the beginning of the talk are essentially effectively equivalent to a Bitcoin address that is not reused. ArticMine 01:46:35 And that's what they're using. And that's the logical thing to trace on because basically what you have is you've got an output. It then goes on the blockchain. It's identifiable. It can already be spent once. ArticMine 01:46:45 And then you try to figure out which ones are spent and which ones are not spent, which then you can build a database of the ones that are not spent, which presumably is one of the ways they're trying to eliminate a lot of the outputs in the ring signal. ArticMine 01:46:58 But that's the model they're using. They're basically relying on the one -time user addresses. They're not using the actual Monero address. It's linking directly to these key signatures, to these one -time addresses and treating that as if it were the address and then doing the surveillance of that part of the chain. ArticMine 01:47:18 Because that's what's on the chain. Doug 01:47:19 Yeah, let's round this out with, you know, we talked about obviously we have full chain membership proofs coming along, which is going to get rid of any analysis that can be done on ring signatures, because ring signatures won't exist anymore. Doug 01:47:32 We were talking about the need to just have more transactions that will help people hide in the crowd, everybody running their own note. But what could people, what is the basic instruction for users today, how every user, and in the most simple way, I'm not talking about high level, how average Joe should be using Monero in a way where it would basically prevent... ArticMine 01:48:00 If you want to prevent yourself from problems, the number one is you would run your own loop. If you want to be, you use the... Doug 01:48:07 Like we said, running your own node right there that gets rid of any ability. So that's a first step. ArticMine 01:48:12 And then if you want to go ahead and use your own, uh, use the wallets in your, uh, uh, like the official wallets are ever a laptop or a desktop. I mean, I'm not a fan of mobile wallets. Whatever you put in your wallet, in your mobile wallet, don't treat it as completely traceable. ArticMine 01:48:30 So have a checking wallet or a small wallet or small expenses, but understand that that wallet is going to be easily traceable. Doug 01:48:37 And why are you saying that? Without going, do you? Oh, first of all. ArticMine 01:48:40 But first of all, you've got to look at the devices. Let's start with what people put in their device. The biggest weakness that I've had this question over and over again. The biggest weakness of attacking someone using one error is actually your own device. ArticMine 01:48:52 Using an iPhone. Apple has access to all that information. You're using Android, and it's not rooted in Google, Samsung, they have access to all that. So you're not in a private environment. You're going to be in a private environment, you're on Google, Linux, and you're using one error software. ArticMine 01:49:05 So the first thing you do, right off the bat, is you're writing your own note, you don't want to use mobile. I don't sound like a baby boy, but that's the truth. Doug 01:49:15 How about graphing? How about using your graphing? ArticMine 01:49:18 Okay, if you go from graphene, and I mean, HYC, it's a great example, some of those who've that, and you're rooted, and you can take control over it, that's a different story. But I'm talking people that are using Doug 01:49:30 And when you say this, to what degree of likelihood do you think, do you think this is already being done, or you're saying with a pinpointed attack, that's where it becomes a problem? I mean, do you think there's surveillance issues? ArticMine 01:49:48 Well, I mean, for example, if you are going to surveil the things like there's all sorts of surveillance attacks against iPhones, this is very well known. There's a bunch of companies out of Israel that specialize in this. ArticMine 01:50:00 The security has been broken on them. Even the FBI versus Apple ended up that thing was cracked through an Israeli company. So that's an obvious example. Microsoft, pretty well, every major government of both sides of the fire and access to the source code. ArticMine 01:50:16 People don't know that. The Russians have access to the Microsoft source code. The Chinese have access to the Microsoft source code, so everybody else. So you're not just to worry about your own country's spy carrier or anybody's spy country. ArticMine 01:50:31 With GNU, Linux, and with open source software, it's a level playing field. Everybody has access to the source code so they can find the flaws. The minute you have DRM on the device, you have spyware on it. ArticMine 01:50:42 And even worse, and it depends on the country you're in, I mean, the low in Canada is different than the United States. In the United States in particular, you can get arrested for trying to secure your device because of the DRM. ArticMine 01:50:51 So you're up against all of this other stuff. So again, I mean, you want to use these things. Be understanding that you're providing the government with access. And if you're comfortable with that, great. ArticMine 01:51:00 If not, you know, just recognize that if you provide the information to Apple, you're providing it not just to the US government, you're providing it to the Chinese government, not to the Russian government. ArticMine 01:51:09 And if you provide information to Microsoft, you're doing the same thing because they want to do business with all these people. Doug 01:51:14 Chained analysis, tip 50 cents, great insights, thanks for the feedback. ArticMine 01:51:19 Well, cool. I mean, you know, I mean, this is the, but this is what I'm saying. I mean, like I said on the subject, I mean, I mean, assuming that the tip to 50 sets, I don't know if there'll be somebody else in there. ArticMine 01:51:33 But that's it. I mean, maybe somebody else in there, who knows? Well, instead of none of us, so there's actually. Doug 01:51:38 Oh, yeah, yeah, yeah, I'm sure it's it's just that a lot of you could name yourself whatever you want when you send the ArticMine 01:51:43 as is kind of what I'm saying. But what I'm getting at is you've got to build your privacy also on the Sony's foundation, right? I know it's convenient, yes, and all that kind of stuff, and it's great for small amounts. ArticMine 01:51:56 I have a small amount of Monero on a non -rooted Android phone, and that's fine. And I'm using Edge wall, because it's convenient to move in and out from other currencies. Fine, great. But understand that you're not having the level of privacy you may want to be than if you're running. ArticMine 01:52:15 And I mean, this is a great insight in this video. If you want privacy, use the official wallet, the so -called official wallet, and use it on good old Linux, not on Windows and not on iOS. That's the first thing you need. Doug 01:52:27 Yeah, I think I think if anything, I'd go to I mean, I have a graphene phone and it's quite user user friendly. ArticMine 01:52:34 If you want to go the graphene route, then that's great if you want to have a mobile. Doug 01:52:38 But you're really putting the warning out there for using Monero on a traditional smartphone. ArticMine 01:52:47 I got the same question, and when I went to, it was this CIS, the Confederation of Penn and States in Kievan in 2017, and I got the following question. How do you prevent the Ukrainian KGB from spying on Yomoneira? ArticMine 01:53:03 The first thing I told them is the same thing I'll tell you right now. Go look at your own device. How secure is your device? If you've got Windows, if you've got Apple, chances are they'll get into it if they want to. Doug 01:53:15 You won. Right. And like I said, that's pinpointed attacks. We're not talking about mass surveillance in that instance. ArticMine 01:53:22 Whoa, Canada, no, no, no, there's a fair amount of surveillance also built into these systems. I mean, for example, the default configuration is that the keys for what's called the Bitlock, they're stored actually on the cloud, particularly in the consumer versus the Bitlock. ArticMine 01:53:40 Well, that's the appealable. If you give me a key to some large corporation, they can subpoena it. I mean, I had a big argument on ourselves, why are you trusting Facebook when you don't trust the U .S. ArticMine 01:53:53 government. I mean, we'll have a problem with that. I trust the U .S. government way more than I trust Apple and Microsoft. Doug 01:54:02 Right. They'll sell your data in a second. ArticMine 01:54:05 Because basically, governments have to trust the US government, and they not only have to trust the US government, they also have to trust the Russian government. Because Microsoft gave the Russians the source code to Windows. ArticMine 01:54:15 This is a fact, and they gave it to the Chinese, and then you wonder why all these hacking attacks are coming from. So it's, you know, I mean, I've been successful in this business, I mean, I started with Bitcoin in 2011. ArticMine 01:54:28 And I've been successful in this business because I said nodal to all these big companies to be blunt. But then, yeah, if you're worried about privacy, you've got to start with your own places. That's what I tell you right now. Doug 01:54:37 And to be clear, that has nothing to do with the Monero problem, that would be any crypto you use if you're using it on the device. And the device is compromised. Or you're saying an Apple device and it's, you know. ArticMine 01:54:52 Well, a Windows device, your chances of it being stolen are very, very high because there's so much malware out there for Windows is not even funny. The chances of your Monero with your Bitcoin, whatever it is you put on it, if you use a Windows device, storage is very high. ArticMine 01:55:09 Apple is not a standard result. If you want security, you've got to use freely open source software. You've got to have control over your devices. You can't rely on the cloud for everything. Yes, you can secure mobile, or you could treat it as untrusted. ArticMine 01:55:24 Those are the two options that you have. I basically treat it as untrusted. Yeah, as my basic personal approach to mobile, but you're going to also secure with something like graphy noise and absolutely. Doug 01:55:34 All right, we're approaching 950 total live views, so we're at over two hours now. I think we ended here, Francisco. ArticMine 01:55:44 I guess I think Chris and Paul have a good idea. I want to get some specific types. I want to get some drink touch. Doug 01:55:48 Yeah, okay. Yeah, okay. I'm going out to get it. They're going out to get a drink. Is that what you said? ArticMine 01:55:53 I've got some food, I've got a case of cupcakes. Doug 01:55:55 Yeah, I got to get some food too, man. I'm hungry over here. Thank you so much. Thank you for this marathon episode and going through all this stuff thoroughly. I think this is fantastic and I can't wait to see you, man. Doug 01:56:07 I can't wait to see you and it's going to come fast. We're looking for it, absolutely. A couple of weeks. You bet. Alright, thank you so much, Francisco. Sponsor 01:56:14 Thank you for joining us on this week's episode. We release new episodes every week. You can find and subscribe to Odyssey, iTunes, Spotify, or wherever you listen to podcast. Go to ManeroTalk .Live to subscribe for a full list and watch endless. Sponsor 01:56:26 If you want to end with us, guests, or other pod, can follow us on Twitter. It helps you find the show and we are always happy. Thanks so much and we look forward to being back.