Is Dandelion used when you make transactions? I know Dandelion as a technology and red about it in the past a few times on the forum, but I think it is not actually used now a days when you make a transaction. If I remember correctly because it does not work well with Tor or at least does not further improve privacy. Do you know if grin-wallet and Grin++ are using Dandelion at the moment, is it default or an opt-in?
I think I you are referring to the transactions not being merged yet, see @vegycslol explenation. Below:
Anyhow, that does not provide that much obfuscation at the moment since there are too few transactions in most blocks. Therefore it is important we start using Grin more, e.g. further develop the ecosystem to stimulate daily usage as well as implement something like a daily aggregator to break the transaction graph in the near future.
The most important privacy aspect though is that transaction amounts are not known, and that is the nice thing, this is inherent to Grin transactions. So the most important privacy aspect of Grin is already there.
Rust’s implementation uses it, i doubt c++ one doesn’t. When you “broadcast” the tx and you’re a stem node then you’re sending it to only one node, if you’re a fluff node then you’re the one merging and broadcasting dandelion transactions
@vegycslol A ok. So if I understand it correctly, the communication for building the transaction is happening over tor to avoid linking anslatepack address to an IP/user, then the broadcasting itself does not use tor but Dandelion. Correct me if I misunderstood you.
Thanks, this was something I never had a clear picture of, also because I think it is actually not that well documented.
not really, in btc you have amounts which vastly simplify guessing of which output belongs to the sender and which to the receiver. What exactly scares you about someone knowing the transaction graph? Like what are you afraid someone can find out?
Clearly amounts were not necessary to deanonymize 96% of the transactions with a $60/week VPS. You could make all outputs to be the same amount if you so wish. That doesn’t make Bitcoin safe to use.
The era of machine learning has begun, and this is only the beginning. If transaction information is available, patterns will be discovered. Attempting to outsmart the software through obfuscation is a cat-and-mouse game that humans definitely cannot win (unless the “obfuscation” in question is mathematically proven to work). The information simply must not exist, such as with zk-SNARKs.
I am afraid of Adam Sutler finding out that I purchased a record of Tchaikovsky’s 1812 Overture from my local music store.
Cut-through is for scalability, dandelion is for hiding the source node. Those 2 things work great. What he did was just set up many nodes and try to find plain transactions before dandelion merged them (or were merged in a block). It’s easy to see you can do that, but all you gain is that you’re basically always the first node in the dandelion phase (everyone sends transactions to you). If person A creates a transactions with person B where B gets output O1 and then B pays to me with this O1 output then sure, then person A can know who made this transaction. Now sure, this person A can be an exchange and they may gain a lot of info from different users, but i don’t think that would bother 99.9% of the people. Would i call that deanonymizing the transactions? No, that’s just catching transactions while they’re not yet merged. I still don’t know why people care about that since transaction content and amount can not be visible. Besides we are publicly buying things everyday in stores and we don’t mind This can also be seen in the blockchain space (eg. look at btc). My guess is also that super private coins might never be useful for regular people and that’s because governments won’t allow it and even if the criminals would them the regular people wouldn’t be able to buy anything with them and it would be too much of a hassle to deal with that
Clearly what the guy did was not deanonymizizing transactions, he was merely identifying their inputs and outputs, having no idea what amount was transacated or what address was sending or receiving,
let alone any clue about who were transacting or for what reason.
At the moment Zcash people believe Monero’s privacy is not enough → Zcash & Monero people both believe Grin’s privacy is not enough → Anyone involved in the privacy coin space believes Grin’s privacy is not enough. From devs with low-level technical knowledge to your average joe moon boy( our image is tainted).
It doesn’t really matter what you(or I) think, you’re never going to convince anyone in the privacy coin space that Grin’s current privacy is enough. Even if it is good enough for 99.9% of people (which it isn’t*) 99.9% of people don’t regularly use cryptocurrency yet. At the moment we’re appealing to the niche 0.1% of people who do. Until some of these people think Grin’s privacy is enough, the other 99.9% are probably never going to hear about it Grin, since it has no compelling use case.
*If I’m buying food from my local chain supermarket every day (and I have a tendency to buy high sugar/ junk food), and I make payments every day using my Grin wallet, there’s going to be no immediate linkage, however, if the supermarket looks through the entire graph, they’re going to see intersections and payments with common origins. It turns at these payments have the same common origins as the regular payments I’m making to my medical insurance provider, unfortunately, the supermarket is selling all their data to my medical insurance provider, who have now linked the junk food payments back to me and have subsequently decided to slightly increase my monthly premiums due to excessive sugar consumption. Which is fair enough since a high sugar diet increases your risk to all sorts of health issues.
Money laundering laws are essentially concerned with the traceability of money flows to prevent money laundering and terrorist financing. Certain market participants, especially banks, are subject to certain obligations in this context. To give a concrete example based on German law, which implements the EU money laundering directives and is therefore likely to be essentially transferable to all European countries in one form or another:
The obligated party (e.g. a crypto exchange) must sufficiently identify the contracting party and document such proof (-> this then makes it possible to trace the flow of funds, i.e.: exchange A has transferred something to user B’s Grin wallet).
The obligated party must keep records about business relationships and transactions, in particular transaction receipts, as far as they may be necessary for the investigation of transactions.
Regarding outgoing payments, I do not expect any problems: The exchange pays to an account specified by user B, it will be possible to attribute this to him. The amount paid out will be documentable (via the wallet?), at least the exchange will be able to document it in their books.
However, all crypto exchanges that allow deposits will have a general problem. Here they will receive a deposit not from a registered bank account, but an anonymous wallet, they will not know who owns it. This means that there is no traceability of who a payment originated from. Whether this can be traced in the blockchain via surveillance measures is of interest to law enforcement authorities at best. The exchanges do not use such systems to determine the identity of the sender after all. There is a much more effective way to do this: The sender would have to identify himself as such and provide proof of identity before a deposit is accepted.
Against this background, it is not surprising that the German government is planning to introduce a law requiring crypto wallet providers (!!!) to also identify the names of users of self-hosted wallets. What sounds like insanity in this area is explained against the background presented. (Kryptogeld-Dienstleister sollen Namen erfassen | heise online)
In summary, I think that it should not really matter for the fulfillment of money laundering obligations whether recipients and amounts themselves are visible in the “blockchain”. The blockchain is merely a transmission network. Here, the blockchain developer has the same right to protect the blockchain from external analysis as, say, VISA has to protect its payment networks (there, too, not just anyone can look in to see who paid how much to whom). As long as the participants can proof which amount they paid to whom, i don’t see how the cryptocurrency could be a violation against Money Laundering Regulations. Only the obligated participants are obliged to give proof, not everyday Joe.
Die Bundesregierung has God complex! They’re insane.
I think most people don’t care about privacy, hoping that they care about it is an already lost fight for me. Governments are all-in with CBDC projects, like the EU; it will be interesting to see how a digital euro will comply with the GDPR stuff. Nobody knows what it will be happening in the future, what I believe is that some people will be surprised when politicians starts deciding what people should eat, wear, where to live, and what people must do with their money. Only then some people, and probably few of them, will care about privacy, and Grin, Monero, MWEB, Beam, Zcash, etc. will see their compelling use cases. We are all betting, our money is on our implementation of the Mimblewimble protocol, we’ll see who wins, probably we all wins or maybe we all lose.
I think the idea of no amounts and no addresses is a good start; coinswap, along with one-time use addresses and manual confirmation helps. To have the peer-to-peer communication over Tor could be interesting to say the least. All this plus payment channels, improved payment proofs, atomic swaps, etc. does not sounds bad, in fact, sounds pretty good and better when we remember that we can have all this in the palms of our hands.
Privacy comes with scalability. if you have million of users,it is hard to analyze as you can track 4 person with fiat money is easier than spying millions.
Until Grin is adopted and used by millions of people,it cant be private.
Just my personal opinion.
Grin is not a privacy coin (because that is not its main objective), Grin is trying to be sound money/sound cash. And yes, sound money/cash includes the need for some privacy.
Therefore, from a marketing perspective, I do not think Grin should be marketed as a privacy coin, but as sound money/cash.
I think we discussed this quit a few times, but the merits of Grin are not that it is so private, but that grin is sound money with a fair(er) distribution with a nice balance of properties such as being simple and having decent privacy with no cost in the form of complexity (well except being interactive) or scaling.
Feel free to have a different opinion though. Grin is to every user what he/she thinks it is. There is no such thing as an official mission statement. The closest statement that comes near being a mission statement is:
“Electronic transactions for all. Without censorship or restrictions. Designed for the decades to come, not just for tomorrow. To be used by anyone, anywhere.”
And even that statement is just a summary or compilation of what many user think Grin should be and is in no way restrictive.
Regarding appealing to users, I think Grin has the potential (if not already doing so) to appeal to the largest group of users, and that is those who like Bitcoin and Bitoin Cash, so that is a lot of potential users .
Privacy is the ability to keep things to yourself, to be anonymous is to hide your identity and I think Grin is trying to do both by implementing Confidential Transactions, Dandelion, Cut-through and Slatepacks. CoinSwap will also help.
Also I read somewhere that Grin is a privacy-preserving digital currency
I really like that statement, it is spot on! Not privacy at all cost, but privacy preserving with basically no cost. Nor should it be the focus since every currency should be somewhat privacy preserving.
Most definitely Grin will work towards implement more privacy preserving techniques, but at the same time, I think people in the project care about accountability, e.g. payments proof to allow financial auditing and dispute settlements where needed. A sound and balanced approach for digital money/cash.
thanks for the interesting read @ oryhp. One sentence by Pieter Wuille sticks out in particular regarding privacy:
“Nothing is “sufficient” for privacy. It’s a goal to work towards, but it is so multi-faceted that no single piece of technology can “solve” privacy.”
I’d love to see Grin improving in the privacy area, however, i consider what we already have good enough for the intended use-case. At least its far better than Bitcoins Model in this regard.
The only difference between what you are describing and Bitcoin without address reuse is that there are no amounts. Surely we can agree that Bitcoin does not preserve anonymity even without address reuse.
The transaction history exposes outputs with a common past, patterns can be discovered, and you can be deanonymized post-hoc when you do a transaction in your own name (e.g. government seeing which UTXOs you pay with at the supermarket or the doctor’s office and having them linked to a previous honeypot transaction).
Your only option would be to go full Epstein and never return from the underground. Then you would not be deanonymizable as you technically would not exist. In that case, Bitcoin would be sufficient to preserve anonymity.
If Dandelion is bypassed (which AFAICT it can always be as long as the attacker is resourceful enough to fire up enough nodes), I don’t see how the privacy of Grin and Bitcoin are different in practice. Arguing that Grin is more private because amounts are hidden sounds somewhat like arguing like encrypt(encrypt(secret)) is stronger than encrypt(secret). Once the encryption algorithm is broken, both are equally useless.
That’s not a good example since btc has no amount encryption while grin has. So a better example is arguing that encrypt(secret) is stronger than secret which is true. In my view hiding amounts is the most important privacy part, it makes transaction graph analyzation way less powerful. In the worst case (exchanges share data etc) they know “you’ve sent these outputs to this person” while in btc it’s “you’ve sent X btc from this output and Y from this to this person and we know to who the new outputs belong to”. That’s a huge difference in practice imo