Does the trezor company delete personal/shipping info after some time? I'm afraid of what happened with Ledger

fluffydonkey[m], nothing is ever deleted. It all goes to the govcorp datacenter

I'm okay with gov't knowing I bought a Trezor, I don't want 1337 h4X0rs knowing I have one

I mean, I'm not okay wuith them knowing, but I don't care in this case

did all the ledgers get seized or what

Their customer data got hacked from their website. Now all those people get phished constantly

<fluffydonkey[m] "Their customer data got hacked f"> fairly easy to avoid

getting your website hacked? You'd think so

<fluffydonkey[m] "getting your website hacked? You"> avoiding a phish

When Tari finally comes out, will you dump your Monero to buy it? Will others?

moneromooo: It still says it requires JavaScript to work, even when client-side scripting is turned on, by the way.

apotheon: quite a feat, that. I'd normally say it's a cache thing, but a CGI ought not be cached...

I dunno, clear your cache ?

If it still does, be more precise about what is saying so, how in what wording.

Why are you here? For the tech? Then you should be off at Zcash instead of trying to con newbies into a coin that doesn't work. For the money? If you put your money in BTC or ETH you would have been better off. For the magical crypto friends? Monero leadership laughs from losers like that. Find yourself more healthy realationships that don't laugh at you when they steal your money.

Did you do that in Perl moneromooo ?

No.

Too old school?

No.

I'm just a C person.

IC

<3 C

sweetwater eh

Are subaddresses "scalable"?

Can I create hundreds of them without causing issues?

xrv0[m], only if by hundreds you mean hundreds of thousands

I want to assign each user a subaddress

Does it increase scanning time?

no

it takes some time to initially create them but should not noticeably increase scan time

Something something 200 address look-ahead something something

I wish that I had enough knowledge to explain better.

Subaddresses are deterministically generated (the bit that takes a bit of time) and stored in a lookup table.

Scanning looks up that table to see if an output from a tx is to your wallet (ie, to one of the subaddresses in your wallet, or your main address).

So looking up a result in a lookup table of size 1 (a wallet witohut any subaddresses) or in a lookup table of size 100000 is pretty much the same speed. Cache miss effects are dwarfed by the crypto ops.

What Mochi101 refers to is that if your wallet generated 1000 subaddresses, that'll be the contents of its lookup table: anything not in that table will be ignored by your wallet.

So if a customer sends you monero to a subaddress not in the lookup table, you will miss it.

That normally does not happen, but could happen if:

- your wallet generates subaddresses

- your wallet/OS/computer crashes, causing the new subaddresses to not be saved to the wallet cache (or you restore the wallet cache from a backup and do not recreate those subadddresses)

If you end up in this case, the fix is to rescan after adding those missing subaddresses (they're deterministic so you'll be regenerating the same ones, so no actual loss).

If you expect you'll be generating a lot of those subaddresses, you can set the lookahead to be a lot higher than the default, to mitigate that possibility.

But you'll take some speed hit at generation time, and some extra RAM usage for the lookup table.

IIRC something like 80 bytes per extra address. So... 80 MB for a million extra subaddresses.

Those get saved so also an extra 80 MB to save to disk. Not much.

Thanks moneromooo

moneromooo: browser is Vimb

moneromooo: apotheon.net/img/scripton.png

moneromooo: apotheon.net/img/scriptoff.png

moneromooo: I started a new instance of the browser, turned on scripting, and took a screenshot.

apotheon, try it in a new private window

Sometimes browser cache busting is impossible...

it's the old URL

moo posted a new one

selsta is a sroller :)

scroller

oh no... just an observant reader

I didn't even look that far down

selsta: Oh, I missed the new address being shared. Oops.

It's still a bit weird that with scripting turned on it complains about it (but still gives me a result).

. . . but I guess it's not very relevant if it's not the up-to-date script.

The previous one was removed, so it's definitely caching.

weird

I even tried a cache refresh on a new instance.

I . . . hate what the big browser makers have done to us.

Oh wait

I like that "raw" option.

Yeah, I'm a dunce, it was not removed from the html directory, sorry :)

no biggie

This was a fun adventure.

I'm glad I could help you figure out it hadn't been removed.

ty :)

welcome

<moneromooo "If you expect you'll be generati"> Thanks for the thorough explanation. I'll make sure to increase the lookahead

Storage shouldn't be an issue

i have an interesting topic that's bothering me for few days

are there any guarantee

that increase in monero number of transactions are created by xmrflood?

and should we do it

on purpose

to make attacker

% of daily transactions lower

are not created by xmrflood*

the more outputs there are

and more decoys there are

transactions fees are pretty low, making this attack viable right now

it also causes the blockchain to be bigger. forever.

tx fees for whole daily volume are around 1500 usd if I did good math

i know people who would pay more to get their monero transactions more private

would that be a solution? spamming the blockchain or play passive?

maybe chainalysis is already using this method against us?

if one input, create two outputs for 1 tx fee

that's 1 + 2 * 2 ^ n outputs for 2 ^ n fees

should I shut up?

ok so today we are at 2 ^ 15 daily transactions

means 2 ^ 14 fees

it's not a cost issue. if the idea is good, we can easily raise funding to spam the hell out of the blockchain. The problem is that we don't really want a multi-terabyte blockchain, especially not in these early days before there is mass adoption.

i understand, but I am affraid someone is doing it already?

and it's not the monero lover

right. I've thought about this quite a bit as well. I assume there is a good chance that someone is doing that to try to unmask which outputs are decoys. But, if more than one entity is doing it, it greatly reduces the results they get.

does it also means that monero mixers in low volume ( not to flood the blockchain )

actually might be usefull

I think the monero research lab has probably looked into this and might have better statistics than my guesses.

?

what is a monero mixer?

that would be when you send monero 3-4-5-6 times

ah, churning.

or I send you monero and you send me another monero

exchanges seems like big weak point in probabilist terms

if you are just once or two times

sending

monero -> another address -> exchange

in terms of blockchain size growth, it's one thing for users to churn their transactions a few times. It's another to build a program that intentionally creates spam.

it's mostly game of probability, nothing is cetain in monero transactions

but if we can assume

attacker make 50% of transactions everyday

if we make just 25% on top

his probabilites would suck much harder

I am not concerned

probably doesn't matter now anyway .................

the thing it's crazy cheap to make such attack

and that we should

send monero as many times

as possible

to make outputs pool larger

why would you want to make it as large as possible when that isn't necessary?

how it's not necessary?

whole decoy idea is based on outputs bro

is it necessary to make it as large as possible when smaller would do the same thing?

if it is even needed

if you considering all ouputs are honest, then makes no difference

if you have 100 or 18 million

but if you have 50% rogue outputs

if

i am saying it's dirty cheap to make it happen

don't see why wouldn't then

it is cheap only in one aspect

it's an open discussion, i am listening

monero saves my ass everyday

just want to make sure cat in this game is not running in front of us

All you are 'fighting' for is e-penis of a guy you never met, that doesn't even have common decency to pay you for your time.

Do you think they care about Monero, or privacy or anything other than money?

The e-penis is mine!

i wish something bad happen to everyone who spread this fud

haha

2 ^ 15 transactions

even following 20 minutes wait time

can be made within 5 hours

(2 ^ 3 ) ^ 5

is there someone I can talk to from research lab?

to try to make this happen w/e breaking something

there is a monero-research-lab channel on IRC and matrix

the thing to motivate us all

once there is big amount of fud around something

means it's doing great job

and always motivate me

to keep doing even better, no stop, full on

I'd definitely love to do a lot of business with Monero if I had good ways to do so.

As is, I'll just have to keep an eye out for the occasional opportunity that may come up.

i don't think it would do much good to only spam for 5 hours and then stop. You'd need it to go on continuously. Although the dollar cost may be low today, it would bring the long term scaleability problem closer to the present time. It would increase the storage costs for every node operator in the future. And, I think you'll find that the attack you're trying to fight against is a very hard attack to pull off because the

attacker needs to make up the majority of the transactions. i.e. if there is more than one attacker, it won't work for either of them.

but the MRL folks will know more than me about it

Yeah, a spam-attack as a means of securing the blockchain seems like a bad solution, at first glance.

I'm also skeptical that anyone with the resources to pull it off would already be trying to launch an attack like that in earnest.

No doubt, from our perspective it's bad for network health / blockhain size

Actually I would have enough funds to lunch such attack

for year long timeframe

the best thing would be

if we could create consensus

to everyone create 100 transactions daily

or try cat and mouse approach

we create extra 10-20% daily transactions

for one day

if the network transactions also follows

why though?

with extra 10-20%

means somone is trying to follow up

First, show us that an attack like this is possible and damaging. Then we can think about how to fight back against it.

yes this was covered in MRL a while ago and the BL was no need for us to spam the blockchain

ok, i will start preparation in couple of next days

mmxxx: that stallman vid is cute

pretty clear he knows shit all about crypto $

but also makes some good points about xmr not solving the wealth divide problem

which i think is a fair note

<lord_fomo[m] "pretty clear he knows shit all a"> he doesn't hide his ignorance

agreed

but it's still a bullet

oh and,

- stallman clearly doesn't have a general definition for "freedom"

which, is fair since it's a pretty hard thing to define

i see a lot of host blocked in my monerod

are those poison nodes?

they are all from similar ip range

you can run with --enable-dns-blocklist so that all of these malicious nodes are blocked

but monerod will run fine without it

how are they detected as malicious?

and thanks for help

i see from time to time

SYNC OK

but is it all time synced?

There is a central dns for known malicious nodes

is it possible to fetch the whole list somehow?

MoneroLover: gui.xmr.pm/files/block.txt

thanks bud, I see on github blocklist.moneropulse.*, but couldn't query it myself

and yeah it's those nodes

how are they detected? different methods

too lazy to explain :D some of them would fake their block height

e.g. always mirror your own

MoneroLover: Some of my notes on a flooding attack, should be interesting: paste.debian.net/1192024

just went trought your blog and thanks

np 🙂

oh it's on floodxmr, sorry was talking about poison attack

and yeah

Some overlap, but yeah

the thing is attack is pretty cheap

Not to be effective, and will be massively more difficult after Triptych ring size increase.

But it's certainly an attack vector at-present.

I couldn't sleep last few night doing math over it

and yes, mostly agree with everything

the dangerous is that if it's running now

without increase fee cost

in long-term

i've made a prototype

of halving transactions

that will implement in next days

1 XMR -> - 1 TX fee -> divide by two and spend

niggers

and do that recursive

MoneroLover: we don't want to spam our chain

there has been increased adoption on the darknet and also increased crypto hype

Yeah, fighting spam with spam is not a solution, I don't think.

Just hurts everyone present and future,

I see the trends

and came here to consult before any action

i don't think the current tx numbers indicate a large flood tx attack

though I also think fees are a bit too low

the fees are blessedly low

maybe I am paranoid

but i've put lost of trust and investments into monero

want to strong and to see trouble

from a miles in front

#whomindstrongmonero

lots for trust*

sry

fees will most likely be going up 4x in the next major release

I'm ded: twitter.com/thestalwart/status/1377663935399276546?s=21

nioc: Why?

sethsimmons: Is that the Brussels party?

oh, wait, I was looking at the wrong link

sethsimmons: never mind, yours is about BTC, I guess

Yeah, was confused lol

<apotheon "nioc: Why?"> monero-project/research-lab #70

I assume is what he's referring to

Ah, that makes sense.

sethsimmons: This is what I saw in my browser, having forgotten to open the link you shared: images0.persgroep.net/rcs/giN1yrqzz…81db0de025c8abd1cca1279&quality=0.9

There was an April Fools Day precipitated party in Brussels, and police used pepper spray, water cannons, and fucking cavalry charges to break it up.

wth...

The police assault on the crowd was ostensibly to enforce lockdowns, just a couple days (or thereabouts) after an announcement that the people in government who've been mandating lockdowns have a thirty-day deadline to prove their lockdown measures for the last year were legal at all in the first place.

Belgium's voting public likes to redefine "police violence" to mean "violence against the police", and it's common there for people to get angry at news outlets that report on unreasonable violence perpetrated by police because it supposedly undermines confidence in the police.

I don't recommend visiting Belgium.

"dangerous place to visit, somewhat safer to live there if you're a bucolic, white, landowning, bigoted police-statist"

. . . and no, that's not the opinion of a communist. Belgium is just that screwed up.

So . . . that thing about Monero seems well-reasoned. I hope it works out.

sethsimmons: thx, was making lunch

Any thoughts on using Godex.io?

seems recently

if service is using onion service

it's not under some pressure from regulators

related to monero exchanges

Anyone know where Godex.io is based? Clearly not continental US.

Also, does it in fact use Onion?

They do not run an onion address

They are pretty good the only issue is fee can be high

I need to figure out how to set up Tor to refer to a monerod node, apparently. I guess I can't just configure a wallet with monero-wallet-cli with all the necessary stuff to find that node.

Damn.

These are the cases where things get annoying for me.

I can find great documentation for connecting my wallet to Tor, but the connection from Tor to the node needs to be set up in Tor, apparently, and Tor documentation isn't written by people who give a shit about Monero, so . . . there's a big hole in my documentation needs, I guess.

I agree. I have been looking for "consumer-level" options. For Monero to be a store of value and ultimately an _actual currency,_ one has to be able to use it for something, which in turn requires being able to interact with it without being a developer. I feel the technical curve is what has hampered the market value.

If you want to use tor for web browsing just use torbrowser. If you want to use tor for other types of traffic run WHONIX in a VM

Do some reading on whonix its the easiest way and not that complicated

<apotheon "I need to figure out how to set "> Both my guides tell you how to run a Monero node with RPC over Tor:

I dunno about picoq[m], but I want to run a Tor daemon on an OpenBSD system, and connect to a remote monerod with monero-wallet-cli via Tor.

First uses Docker, second uses systemd

I'll eventually want to do something similar with i2pd, too.

I will be using neither Docker nor systemd.

Oh, you want torsocks for CLI wallet to remote daemon?

The only systemd that runs on OpenBSD is a joke program that randomly deletes shit.

Then modify accordingly.

Or just ignore it :)

I'd like to be able to do it without torsocks per se, but I might have to if I don't find something that clarifies what I need without torsocks.

sethsimmons: Where are your guides? Maybe I can glean something useful from them.

<picoq[m] "I agree. I have been looking for"> What isn't consumer-level about the GUI, Monerujo, or Cake Wallet?

<apotheon "sethsimmons: Where are your guid"> Linked just above.

sethsimmons: GUI wallet is fine; it's the anonymity overlay

sethsimmons: I guess you're sending messages from Matrix, and maybe the Matrix gateway is eating parts of your messages. I don't see the links.

<apotheon "I'd like to be able to do it wit"> Not sure how you will manage to connect to Tor without Tor or torsocks...

<apotheon "sethsimmons: I guess you're send"> sethsimmons.me/guides/run-a-monero-node

thanks

<picoq[m] "sethsimmons: GUI wallet is fine;"> It's very simple to expose RPC over Tor, see both guides above

Oh, I've seen this website somewhere before.

Feather Wallet uses Tor nodes quite easily as well.

featherwallet.org

#feather on OFTC

sethsimmons: Yes, but I am at the more rudimentary level of trying to help more people understand the value of XMR and how to transact with it using full privacy / OpSec. The people I am concerned about don't know what Tor is, or a node.

Am I mistaken in assuming that using Tor to connect to a node that isn't a Tor hidden service should be pretty straightforward?

If it is ultimately impossible without technical setup, then so be it. Just trying not to lose optimism.

<picoq[m] "sethsimmons: Yes, but I am at th"> Then they probably shouldn't worry about Tor usage for Monero -- it's not necessary for almost all threat models.

<apotheon "Am I mistaken in assuming that u"> Yes, you just rely on exit nodes then.

That's what I figured.

I just don't want to discover that there's something wonky about assumptions with Monero protocols that makes that difficult, somehow.

<picoq[m] "sethsimmons: Yes, but I am at th"> Tor is absolutely not necessary, especially with the strong default privacy guarantees of Monero both on-chain and via Dandelion++ for TX propagation.

<apotheon "I just don't want to discover th"> Nope.

Maybe I'll use torsocks for this first effort, actually, just to get it working. I'm mostly looking for a proof-of-concept for myself, regarding multiple wallet instances using different wallet software.

Tor support should exist and get easier, but is not necessary for most people and doesn't always help.

. . . for the same logical wallet.

You don't have any concern regarding probabilistic Monero tracing methods being sold to U.S. government (e.g., CipherTrace)?

I can understand if someone wants to get people set up with Monero wallets that aren't visibly Monero-related from the perspective of the ISP.

I intentionally left the Tor configuration optional in both guides as it's not useful to most people at this point, but I'll continue iterating to make it easier for those that need it for their personal threat model.

<picoq[m] "You don't have any concern regar"> No, and clearnet node usage isn't a big factor there anyways

Nothing interesting was sold to the gov as far as we can tell, and by their own CEOs admission

Just a nice GUI explorer and some guessing software based on existing research.

While most people's conscious threat models don't involve hiding the fact they're using Monero at all, I think maybe more people should consider that for the long term.

That is (to my knowledge) entirely dependent on on-chain data, not network data.

<apotheon "While most people's conscious th"> For sure.

That being the case, a clearnet connection to a remote monerod could be less than ideal.

Of course, if it's difficult to do well, that could also be less than ideal, so those of us willing to bang our heads against the problem should go to some effort to make it easier through documentation and scripting, if nothing else.

Can anyone recommend a tor based monero mining pool?

Simply running your own node is more than sufficient for most advanced threat models.

As such, I kinda hope to maintain the motivation, and find the time, to figure this all out and document the shit out of it.

But those with more needs or not wanting to leak any Monero interactions can and should use Tor

<anon_udxf6fdz[m] "Can anyone recommend a tor based"> None native that I know of, but can mine over Tor with XMRig

(in a portable way, without assumptions about things like docker and/or systemd, for instance)

(though, of course, using Docker and systemd use cases is also important)

There isn't really a more portable way than Docker FWIW

That's the whole reason I chose it, it's platform-agnostic (in almost all cases)

Tell that to systems where existing Docker images manifestly do not run.

Nothing is perfectly portable lol

thus, my point

If you invent that let me know, though.

If you can do it with a Tor daemon and software only from the Monero project, you can make it more portable.

One noob question I hear is: does using a non-logging VPN add anything to use of Monero?

That's why I'm leaning toward that approach.

My guess is "only a little, and only if it's as non-logging as you think".

You're still using Someone Else's Computer as a key part of your privacy efforts, so there's always the trust issue.

I'm certainly not a developer; just an advocate. (That's not ideal for good advocacy, I know.)

Onion and garlic routing remove a fair bit of the need to trust someone.

I hope to eventually get my setup to the point where I'm using i2pd, but I suspect I can get partway to the understanding I need to make it work with i2pd by using Tor first, considering there's more documentation out there for Tor end user configuration than for I2P gateways.

With the things going on in the world and particularly the U.S., my other drive is to find ways to allow people to exchange XMR but then swap to stablecoin or what-have-you if they have no other way to put food on the table.

. . . but I'm not likely to get a chance to play around with the Tor effort again until Monday at this point.

picoq[m]: Depending on where you are in the world, maybe sideshift.ai is a way to swap cryptocurrencies. Unfortunately, I think sideshift blocks the US, and I also think it uses cloudflare, which I find . . . troublesome.

Someone mentioned something else to me recently as a good way to do some swaps between XMR and others, but I forgot what it was already. I need to find that again.

picoq[m]: Is a Tor Hidden Service exchange acceptable? You could try the xmr.is hidden service. I think this is it: qomjz74sbhbxvxk44bkwigzqihyeiconbvt2h5xqgwklmurfahtltjid.onion

picoq[m]: Check everything against this list: reddit.com/r/monero/wiki/avoid

I don't think xmr.is is on the known-bad list.

Good suggestions. I appreciate that.

picoq[m]: I hope they work out for you.

picoq[m]: In the IRC channel, there's a reference to that avoid-list in the channel topic.

I have to keep reminding myself that people in Matrix may not see it.

The header on this room says don't use any exchange except HitBTC

But that is on the "avoid" list (reddit.com/r/monero/wiki/avoid#wiki_exchanges)

interesting

<picoq[m] "The header on this room says don"> Read it again 😋

Did I misread it. Dang.

Or was it modified?

You misread it haha

Its long been on the avoid list

Like, very ling

* Like, very long

.usd

no monerobux in here