💾 Archived View for nicksphere.ch › 2021 › 12 › 13 › warning-to-monero-users captured on 2022-01-08 at 13:38:22. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
_ _ _
_ _ (_)__| |__ ____ __| |_ ___ _ _ ___
| ' \| / _| / /(_-< '_ \ ' \/ -_) '_/ -_)
|_||_|_\__|_\_\/__/ .__/_||_\___|_| \___|
|_|
I don't support the use of Monero or other proof of work cryptocurrencies since they're destroying the planet.[1] However, I know people are going to use Monero anyways. So it makes sense to give this warning.
There's a practical statistical attack on Monero related to its decoy selection algorithm.[2] Work to resolve the issue is in progress. It's not clear how severe this vulnerability is, but Monero's adversaries (DEA, FBI, IRS, NSA) may already be using it.
It might not be safe any more to rely on Monero for your freedom. If you still must use Monero, use non-KYC exchanges, different addresses for every transaction, and make sure your addresses never get linked to your real-world identity.
It's no secret that one of Monero's biggest use cases is darknet markets. Since I'm strongly against the war on drugs and I don't want to see DNM drug vendors go to prison, I have some suggestions.
Note: This is not legal advice. It's for informational purposes only. There's a high probability this information is wrong because I'm not a lawyer.
If you're a darknet market vendor who has performed several Monero transactions that can be linked back to you given this statistical attack, consider consulting a lawyer. With any luck, your local statute of limitations will expire before you can be prosecuted. Maybe your country/state will adopt saner drug laws in the meantime so you won't be punished as harshly.
If you're a "big fish", consider moving to a distant state or a different country. While you can still be extradited, there are literally thousands of fugitives guilty of crimes far worse than selling drugs on the darknet and states don't bother pursuing them because the formal extradition process just isn't worth it. States have a limited amount of money and have to be selective about who they spend it on.
Just a thought. If you do consider doing anything that drastic, do consult a lawyer first. It's not clear to me whether this statistical vulnerability is severe enough to generate strong evidence admissible in court or merely useful leads for law enforcement. So moving to avoid legal consequences may be an overreaction. It's hard to say at this point.
One last point I want to make is it's probably wise to use non-KYC exchanges even after the statistical attack is patched. None of us knows how soon Shor-capable quantum computers will be built. But when they are built, Monero's privacy may be under threat yet again.
So just be aware that Monero isn't perfect and it may not protect you forever. The Monero blockchain is public. So when the cryptography is broken or there's a bug in the client software[3], your transactions have nowhere to hide. Shor-capable quantum computing may not come to pass, but just be aware that breaks in security happen.
You can practice defense in depth by treating Monero as if it's as transparent as Bitcoin. Then when there is a break in Monero's privacy, you can rest easy knowing you thought ahead.
Link(s):
2: OSPEAD - Fortifying Monero Against Statistical Attack
Unless otherwise noted, the writing in this journal is licensed under CC BY-SA 4.0.
Copyright 2019-2021 Nicholas Johnson