Hacker News new | past | comments | ask | show | jobs | submit login
Why Monero (benkaiser.dev)
329 points by benkaiser 6 days ago | hide | past | favorite | 379 comments





Bitcoin is totally useless as a currency because it’s slow, has high transaction fees, and easy to trace. So it’s bad for both regular consumers and criminals alike.

Monero is a solid improvement because it has low fees (so far) and is very hard to trace. So it’s popular for criminals or intense privacy types. It’s still far too slow and hard to use to ever be accepted in your local grocery store. It’s also hard to buy with fiat because most exchanges are scared of it.

What’s really remarkable is how little any of this has changed since ~2016 which was two crypto boom cycles ago. Every single popular cryptocurrency still has the same massive flaws. They’re all either too traceable, too hard to use, too centralized, too slow, too expensive, or too energy intensive. Most of them are many of those things.

In 2010 I was a crypto believer. But the whole space has made so little forward progress in 10+ years. In fact there’s been a lot of backwards progress. Mostly all that’s happened is a lot of people have become obscenely rich from speculation, scams, or the intersection of those two things.

Those of us who hoped for a new way to pay for things in real life are still waiting.


The fees will remain low in terms of fiat value assuming that if the price goes up, activity goes up due to Monero's adaptive blocksize. See https://monero.stackexchange.com/questions/12729/when-monero...

Regarding the speed, many believe that instant / unconfirmed transactions are safe for day to day activities up to 10000USD. It's very difficult to double spend or inject numerous conflicting malicious transactions in hopes that the victim sees a legitimate transaction but a fraudulent transaction gets mined.

Regarding the ease of use, have you tried featherwallet.org or mymonero.com for mobile?


This view seems to imply the double spend problem wasn’t really a problem after all, which seems to invalidate the reason why a peer to peer proof of work/stake system is implemented from the start.

You are correct on the Bitcoin-is-easy-to-trace point but transactions in the Bitcoin Lightning Network are instant and very cheap.

Bitcoin is the only cryptocurrency with guaranteed-not-to-change monetary policy and supply cap. That's because Bitcoin as a whole is uniquely hard to change.

Monero is great but easy to change and so not a reliable store of value.

Bitcoin and Monero need each other badly.


In a few decades, when the block subsidy dwindles to insignificance, Bitcoin relies on a constant backlog of high fee paying transactions to provide security. If that cannot be maintained and Bitcoin becomes prone to 51% attacks, then one can imagine Bitcoin adding a tail emission.

A cryptocurrency with a fixed emission of 1 coin per second forever is more guaranteed never to change, as it is already as simple, non-arbitrary and fair as possible.


No, Bitcoin will never add tail emission, because 21m cap is the very definition of Bitcoin. If enough transaction fees won't come then Bitcoin would have failed.

Monero is changing (hard-forking) regularly, so your point is broken on arrival - and I am saying this as Monero proponent. I love Monero but it is easy to change.


Then question is who/what will be providing the large number of paid on chain transactions required to maintain mining operations if Lightning takes over the majority of transactions? Your answer is kind of having it both ways Lightning makes transactions instant for users but there’s still enough transactions and thus fees on chain to provide enough mining revenue to protect against 51% attacks.

> Bitcoin is the only cryptocurrency with guaranteed-not-to-change monetary policy and supply cap.

BCH didn't win, but it could have. It is not clear to me that BTC will never change monetary policy.


BTC is monetary policy.

People can hard-fork away with any monetary policy but that simply won't be Bitcoin.

Would Bitcoin remain dominant over altcoin with changed monetary policy - that is another matter - and indeed not 100% certain.


For lightning network to serve more or less realistic amount of people and businesses, it needs to either have inordinate amount of channels (one-to-one) or it will have routing and fees may go up then, several times up. Lightning network transactions may end up not as cheap as they are right now.

> Bitcoin is the only cryptocurrency with guaranteed-not-to-change monetary policy and supply cap. That's because Bitcoin as a whole is uniquely hard to change.

This is the kind of crap Bitcoin maximalists love to push, but there's nothing unique about Bitcoin.


Community is unique. You can't clone the community.

Said community changed the focus from digital cash to speculation first, and celebrate it as a success because "it makes it hard to change". And it's now celebrating centralized solutions as some sort of progress.

Some community.


you missed the governance, smart contracts bit.

>> Bitcoin is totally useless as a currency because it’s slow, has high transaction fees...

No longer true for slow and high transaction fees, after the lightning network. With the lightning network, it is FAST and much LESS transaction fees.

Oh, and the lightning network is no longer a pipe-dream. It is here and actively in use. If you sincerely want to try it, try using the Breez wallet https://breez.technology/


I'm not really happy promoting a cryptocurrency these days, given that most of them are get-rich-quick schemes, but Monero has been solid for the past 5-6 years that I've been using it. It's completely anonymous, sends quickly, has minimal fees, and it hasn't been as full of cultists as some of the other coins I've seen.

I use it to pay for some things and it's always a pleasant experience. I recommend it. The only downside is that, due to the anonymity, the clients aren't as convenient (because the server can't know your transactions, it's hard to have "light clients").

MyMonero works really well, though: https://mymonero.com/


It's hard to have a light Monero client, because it has to have some data indexed about all past transactions, whereas a Bitcoin client only needs to maintain the MUCH smaller UTXO set, i.e. the unspent transaction outputs. This is one of the ways in which Monero scales poorly.

Another problem is that Monero's PoW is expensive to verify where a good PoW should be instantly verifiable. In fact, it's considered so expensive that by default, the Monero client uses a checkpoint block without verifying all the PoW that led to the block.


There must be some subtlety I'm missing because you say it's hard to have a light client because there's no way to have a subset of transactions/checkpoint, but then say its PoW is so expensive that starting from a checkpoint is the default.

Keeping data from all tx indexed entails a large memory footprint during all client use. The checkpoint issue affects only the initial sync. Making that trustless by turning off the checkpointing makes turns a moderately slow sync into an extremely slow sync.

Monero's PoW being "expensive" is not an actual scaling concern, and checkpoints makes sense for all blockchains.

Other chains like bitcoin still verify that their checkpoint has the most cumulative work behind it, so you have additional assurance that the miners are also attesting to the checkpoint correctness. In Monero you have to trust the checkpoint to represent the most worked chain.

Monero's super expensive PoW also makes it very hard to interface with other smart blockchains that may want to verify the amount of work behind a Monero block, or to support useful techniques like flyclient [1].

[1] https://eprint.iacr.org/2019/226.pdf


Monero is one of the truly useful coins and perversely one of the worst performing coins price-wise. There is a horrible lesson in there somewhere about hype and endless promises and markets.

https://cryptorank.io/performance


This just proves that the crypto markets' idea of "utility" is not "being useful as digital currency", but "be useful as a get-rich-quick scheme". Other coins serve the latter much better than Monero, while Monero serves the first much better in comparison.

When evaluating the potential of coins (in terms of price gains), I nowadays pretty much only look at whether they can serve as enablers for whatever is the currently trending thing whose purpose is to extend the leverage factor of fiat money in crypto. At the moment this is "DeFi", especially crypto lending, and NFTs (although the NFT thing is already tapering off again). Because that's what crypto investors ACTUALLY want: vehicles that increase the leverage factor between fiat money invested in crypto and the total crypto market cap.


Ever since crypto became mainstream, nobody has cared about things like decentralization and 'the tech'. Binance realized this when they released their centralized alternative to ethereum and the gamblers switched over instantaneously for the lower fees.

Isn’t a stable price a good thing?

If I had a dollar that would triple it’s value in a week “just because” I would be suspicious.


Do you search out stocks that have a stable price?

The same qualities that make a stock or asset desirable (appreciation) make for a bad currency. The expectation of wild appreciation discourages transaction and encourages hoarding.

This is one of the the reasons why (low) target inflation rates exist. The (slight) devaluation of the currency encourages consumption or investment with the currency and discourages mattress stuffing.

You wouldn't buy goods with stocks.


Monero has infinite (but low rate) tail emission, meaning the unlike bitcoin the supply approaches infinity. Unless the basket of goods Monero can purchase also goes to infinity, Monero at some point will have inflation.

The potential (not actual) Monero supply will surpass the Bitcoin supply in 2044. Lost keys may exceed emission, which would imply deflation of actual supply.

In most economic models, inflation is not defined as being equivalent to the growth of the monetary base (although that does not stop many Bitcoin and other crypto proponents to claim it is).

In fact, a currency with a constant rate of issuance is actually highly deflationary in a growing economy.


Hence why I said "Unless the basket of goods Monero can purchase also goes to infinity." I understand the definition of inflation.

do you pay your groceries with stocks?

Are ‘cryptocoins’ currency or speculative assets. Both ideally need some diametrically opposed properties; stability vs increasing value at the very least.

I find Ripple and Stellar useful too. I'm not looking at their philosophy or ideology, but I've used both of them to transfer funds quickly. For that, I find them useful. In general, I'm in favor of cryptocurrencies that allow for quick transfers.

This is simply a user perspective. My "crypto perspective" isn't too happy about Ripple, but I can't deny that I enjoy using it for quick transfers.


I find the price thing an advantage, personally.

I've played around trading other currencies but Monero is the one I hold dear for the end times.

Plus it's fun to mine, you can do it on a CPU instead of needing a massive GPU swarm.


Is the algorithm poorly suited to GPUs or fpgas, or are we just not to that point yet? Proof of stake seems like a good thing.

Proof of stake isn’t a good thing actually. Especially in a private cryptocurrency. Monero will remain PoW for its censorship resistance. We can’t have stake oligopolies taking control.

I'm not sure I get your argument, staking takes significantly less powerful hardware so its very accessible.

Staking pools also have a "saturation point" to encourage decentralization. That way not all 80 Billion dollars worth of ADA goes to one staking pool.

Very hard to see how oligopolies can arise in this scenario when compared to mining operations that are unprofitable to most users (and of course bad for the environment).


I think he was arguing for the effectiveness of the proof of work consensus mechanism as opposed to Cardano's PoS's. As someone else described to me:

"..nodes just vote on a block to state whether or not they think it is valid. Once a block gets enough votes, then it is added to the chain."

Whereas a PoW will "just blaze". Is this correct?


How are mining oligopolies better than staking oligopolies?

It's harder for mining oligopolies to exclude new entrants.

How? The only way I can think of that staking oligopolies can exclude new entrants is if they somehow manage to remove the crypto from markets. Basically killing their stake.

It is far easier for me to buy some crypto and stake it than it is to buy mining hardware and mine.


Mining hardware just means commodity electronics; the guys with ASICs may be faster but they can't shut you out entirely, and the miners don't generally control the people who make hardware (even the specialised ASICs). Whereas the stakers inherently control the supply of the crypto in question (and they can can e.g. cut off people who sell large amounts to outsiders, in a way that they couldn't cut off hardware makers), and there are generally only a few points where you can exchange that crypto for something commoditised - usually exchanges that do strict identity verification, may only be available to people in certain countries, etc..

> and they can can e.g. cut off people who sell large amounts to outsiders, in a way that they couldn't cut off hardware makers

How would they do that?


In theory couldn’t they exclude any transactions made by an ‘exile’ from the chain? I’m not sure how much that differs from doing the same thing on a PoW coin. It is harder to start as a PoS miner but to have the kind of iron control over a coins distribution means you’d have to make it effectively worthless because only the current owners could be ‘trusted’ to be the receivers of transactions. So while it’s theoretically possible for a miners cabal to lock out a new entrant it seems pretty opposed to the value of their own holdings so it’s left to something like a country that wants to shut it down through throwing money at the problem then I guess?

> In theory couldn’t they exclude any transactions made by an ‘exile’ from the chain? I’m not sure how much that differs from doing the same thing on a PoW coin.

That is also my thinking, that there basically isn't any difference between staking and mining oligopolies.

> So while it’s theoretically possible for a miners cabal to lock out a new entrant it seems pretty opposed to the value of their own holdings so it’s left to something like a country that wants to shut it down through throwing money at the problem then I guess?

In theory, if the stakers are anonymous, this make PoS more resistant to nation state attacks since it would be easier for a nation state to find the mining equipment producers and direct all hardware production to themselves until they acquire 51% of hash rate than it is to find the stakers and take their keys.

Looking forward to lmm explaining how we are wrong.


There are records of every coin purchased that is staked. Unless you were able to get someone to anonymously sell you a stake worth, staking is very far from anonymous. In practice, most are going to be using staking providers or delegated proof of stake, and these are corporations that will absolutely be corrupted by states.

Mining is anonymous and portable.


> There are records of every coin purchased that is staked.

This would be true if the only way to get the coins is through exchanges with KYC. You can get coins in other ways so this point of yours is moot.

> In practice, most are going to be using staking providers or delegated proof of stake, and these are corporations that will absolutely be corrupted by states.

We are talking about staking oligopolies not about someone buying 10 dollars worth of coins which makes this point of yours moot.

> Mining is anonymous and portable.

You should read more carefully. I did not mention miners but producers of mining equipment. Also, a nation state can produce mining equipment themselves, they can't create new coins.

Edit: To add, big miners really aren't that portable or anonymous.


> You can get coins in other ways

What guarantees that this continues to be true? Yes coins that can't be sold are worthless, but coins that can only be sold with KYC aren't.

> We are talking about staking oligopolies not about someone buying 10 dollars worth of coins

The staking providers or delegatees are the (potential) oligopolies

> I did not mention miners but producers of mining equipment.

Those are also anonymous and, if not completely portable, fungible with general electronic manufacturing equipment that's widely possessed.

> Also, a nation state can produce mining equipment themselves, they can't create new coins.

Which supports my point - the capability to exclude a nation state also allows the staking cabals to exclude people they don't like. Given that a staking cabal by its very nature controls the chain, they can stop other people getting or making coins. But a mining cabal can't stop other people getting or making mining equipment.


> What guarantees that this continues to be true? Yes coins that can't be sold are worthless, but coins that can only be sold with KYC aren't.

This applies to PoW coins too. Miners can't be anonymous if they want to sell their coins. Why would anybody mine for nothing?

> The staking providers or delegatees are the (potential) oligopolies

Yes, and miners mine in pools. Why are you not considering pools as (potential) oligopolies? What is the difference?

> Those are also anonymous and, if not completely portable, fungible with general electronic manufacturing equipment that's widely possessed.

They need physical locations with people physically present with physical inputs and outputs. The idea that it is easier for miners and hardware manufacturers to be anonymous than a guy spinning some software on some server is... stupid. To think that it is easier for miners and hardware producers to change location than a guy moving private keys from one server to another is just... retarded.

> Which supports my point - the capability to exclude a nation state also allows the staking cabals to exclude people they don't like.

I've asked you already how would a staking cabal exclude people they don't like and for some reason you are not answering that question. I'm guessing you are avoiding it because your answer, as all you've written so far in this thread, also applies to mining cabals.

> Given that a staking cabal by its very nature controls the chain, they can stop other people getting or making coins. But a mining cabal can't stop other people getting or making mining equipment.

No they can't make them stop making mining equipment, why do you think that that is relevant? The mining cabal can produce their own hardware and prevent anybody using any different hardware from joining the network, could they not?

Can you please try to clearly answer the original question. What makes mining oligopolies better than staking oligopolies? If you are sticking with your answer that it is harder to create mining oligopolies then please explain how? And before you press reply could you please stop for a minute and thing how what you wrote is applicable to mining oligopolies and not to staking oligopolies or vice versa.


As I've said repeatedly, it's different because staking means that the same people control both the current coin supply and the means of creating new ones.

A mining cabal can't stop other people from mining, because you don't need anything (other than commodity hardware and an internet connection) to mine. But a staking cabal controls both staking and current coins (by the nature of how staking works), and new entrants need to have coins to stake, so such a cabal can stop other people from staking.


> As I've said repeatedly, it's different because staking means that the same people control both the current coin supply and the means of creating new ones.

This is the first time you are saying that, and you aren't explaining how that is relevant to PoS oligopolies. What was said by me and by rtkwe, on this matter, is that due to this characteristic of PoS coins the only way, we can think of (you've ignored both of our posts on this subject so I'm assuming that you agree?), a staking oligopoly can remain oligopoly is by controlling the majority of coins and not selling those coins which in effect means that a PoS oligopolies don't make any money from being oligopolies. In fact maintaining a staking oligopoly would destroy all the money that was invested in creating it.

In my opinion, and I would love to hear yours if you ever read and parse this, that discourages creation of oligopolies since there is no profit in them.

> A mining cabal can't stop other people from mining

They can't stop them from running their machines but they can stop them from producing any blocks that are accepted in to the chain making it unprofitable for anybody not part of the oligopoly to mine. Unlike with staking this doesn't prevent the mining oligopolies from making a profit since it requires no manipulation of the markets to retain their position as an oligopoly.


> a staking oligopoly can remain oligopoly is by controlling the majority of coins and not selling those coins which in effect means that a PoS oligopolies don't make any money from being oligopolies. In fact maintaining a staking oligopoly would destroy all the money that was invested in creating it.

Eh, maybe. I think there's a lot of middle ground between selling freely/anonymously to anyone and not selling at all.

> They can't stop them from running their machines but they can stop them from producing any blocks that are accepted in to the chain making it unprofitable for anybody not part of the oligopoly to mine.

I think/hope that would destroy whatever coin that was, and far more quickly, because there's no way to be subtle about that one - everyone can see blocks being broadcast and ignored. Whereas if every time an outsider tries to buy some coins, their name didn't quite match for KYC and they need to resubmit their documents, or someone else bought them first, or the exchange suddenly needs to freeze all transactions to investigate an issue, you can maintain the illusion of an active market for quite some time.


> I think/hope that would destroy whatever coin that was, and far more quickly, because there's no way to be subtle about that one - everyone can see blocks being broadcast and ignored.

This also applies to staking oligopolies. Either all the coins are owned by the oligopoly rendering them valueless or they need to ignore blocks from others. Again, it seems that staking oligopolies are "better" than mining ones.

> Whereas if every time an outsider tries to buy some coins, their name didn't quite match for KYC and they need to resubmit their documents, or someone else bought them first, or the exchange suddenly needs to freeze all transactions to investigate an issue, you can maintain the illusion of an active market for quite some time.

This assumes that the exchanges are the oligopoly and ignores that the coins that the vast majority of coins that exchanges stake are owned by someone else and can be pulled. And no, if you freeze all transactions for whatever reason you can't maintain the illusion of an active market for quite some time.


I don’t see it worth arguing with you. Your responses are not very friendly. Adding please doesn’t defuse the insults.

Note: I am not the other poster. We just agree that PoS is a sham.


Maybe I've not been very friendly but I've insulted no one person.

Also it isn't quite friendly to ignore what the person you are arguing with has written or pretending to be two different people in an argument.

Have a nice day.


They purposely design/change it so it's poorly suited to GPUs/FPGAs.

Designed to be CPU mined: https://github.com/tevador/RandomX

GPU and CPU miners are roughly equal in mining utility on the Monero chain. FPGAs and ASICS are disadvantaged by the memory bandwidth requirements of the RandomX algorithm

Since posting I poked around on Reddit and it seems many are mining other currencies to trade for monero (cross-mining?), and that mining monero directly may already be close to break even on electrical costs.

I really want to like Monero but I've had one of the worst crypto experience using the official desktop client.

The app crashes randomly, hangs, and worst of all, refuses to send transactions using a hardware wallet when running as a full node.

The hardware wallet is only able to sign transactions when connected to a remote node, which is much worse privacy wise.

Monero needs much more developers & funding to succeed.


If you're "running as a full node" then your full node is the remote node for a hardware wallet, isn't it?. I'm confused. I've only ever used the CLI which provides separate applications for wallet and node, and I connect the CLI wallet over RPC to my local (full) node. My understanding is the GUI works the same way while only presenting the one interface to the end user. But you should have a monerod running under the hood.

No the hardware wallet is only used to sign the transaction that's broadcasted by my local node. The failing case was with monerod in the background.

Maybe I should look into the CLI. Does it support Ledger?


The CLI does support Ledger but it uses the same monerod binary as the GUI.

Did you export your view key with Ledger? If you refuse it can cause hanging and crashes. With exported view key and the latest version there shouldn't be any of the issues you are describing.


CLI supports Ledger, just need to have it plugged it at the time

Haven't had any issues on MacOS using monero-wallet-gui.app and a Ledger Nano X.

I'm on Windows. That might be the reason.

Did you open an issue? There is no known bug like you are describing regarding hardware wallets and full nodes.

“users not reporting issues they have” is annoying. Maybe projects (crypto especially) should offer pizza money level rewards for reporting any valid bug

Try featherwallet.org

> I'm not really happy promoting a cryptocurrency these days, given that most of them are get-rich-quick schemes

I can't agree with that sentiment at all. Sure, there a those schemes, but most of the time they are easy to spot. If you have a look at the top 50 coins on CMC [0], you will find mostly solid projects that have large ecosystems with much brainpower locked in.

[0]: https://coinmarketcap.com/


Eh, I don't know of a single one where its fans aren't focused on the price. It's a shame.

The lack of cultists is the only reason why I'm even reading these articles.

Now if only they could stabilize the price so you can pay for things instead of gamble on it.


This is why Monero will never work. Anonymity is defeated because i have to buy it when i want to use it, and sell as soon as i receive it. I can't just hold it in my offline wallet because I'd be speculating on the price.

Unless you buy within seconds of your transaction, or sell within seconds of your reception, how would anyone know who you transacted with beyond it may have been with a customer in one of the other thousands of transactions on KYC exchanges that day?

Who are 'they' who will stabilize the price?

The developers.

My fear with strongly anonymous DeFi is indirectly harming the environment and supporting crime. Sadly doesn't look like Monero resolve these concerns.

Oh no, it works like cash!

People will do things with money that you're uncomfortable with. If it's criminal, then laws and enforcement and investigation will have to evolve. That doesn't mean "well, I guess we have to give up privacy now. "

Not your money, not your business. Privacy is important, and it's a binary proposition. It's either part of the currency or it's not. You can't have any gray area because people are fallible, malicious, and stupid. You design the system to disempower human foibles as much as you can. Monero does a good job of that.


Cash is much more difficult to take across borders... Monero is superior to cash for criminal activity in just about every way, the only downside is that it's a bit less liquid. This deflection about it being used in crime less than cash is weak to the point of bad faith.

The privacy argument has more to stand on though. Although I will say "not your money, not our business" is a pretty controversial take.


There should be absolutely nothing controversial with that. What I spend my money on that doesn't harm anyone is nobody's business but mine and whoever I'm paying. If it does harm someone, well, that's why we have laws and law enforcement. It's the harm - the crime - that gets punished or penalized. Just like someone who gets drunk and drives. The results can be heinous, so the action is appropriately and severely punished.

Anonymity, or fungibility, doesn't interfere with that. It simply requires that evidence of harm or crime not depend on an abstract exchange of information.


Criminals send illegal goods from Colombia to Europe through amateur submarines [1].

Doesn't require much thinking to guess what submarines come back filled with.

It's not that they can't move money illegally already.

We wouldn't advocate the usage of horses in modern cities because cars make it easier for criminals to escape law enforcement.

I also don't think it's reasonable to not support Monero just because you worry it might be used for criminal activity.

[1] https://insightcrime.org/news/analysis/colombia-narco-submar...


Monero (and others) does make ransom collection much more convenient/safe to do.

Isn't it its main use case, with probably purchasing drugs and arms?

I'm not saying that in theory people wouldn't want to privately purchase their baguette (sorry I'm French), it's just that in practice they generally don't care, unless they are doing something illegal.

I'm curious, for those of you who do, what do you actually purchase with monero that's legal? (And why?)


You want to tip people on Twitter with BTC and have your address exposed to everyone? You want people to be able to trace how much you have in that wallet? Why not let people see the transactions going through your checking account? You got nothing to hide, right?

It's a good point, but I was not thinking of using some other crypto currency instead, but just normal money (I don't have to make the amount on my account public to pay by credit card)

What if your wife hates your baguette habit and she reads your joint bank statements.

Well I would use my personal account for my baguette :)

Also I'm not sure she would like my purchasing of cryptocurrency much more ;)


10 years later, wife believes I have acquired a mistress. She files divorce, and my bank statements are entered into the court as part of the divorce proceedings. The baguette vendor I visit every night when i sneak out to buy a baguette happens to be located next to the alleged mistresse's address (wife believes I was banging her and eating baguettes, in reality the only temptress was the baguette's vendor's sweet sweet tales of doughy goodness), and now in a number of US states I now owe her increased alimony for a "fault" divorce.

I walk sadly down to the baguette shop, sobbing into my smartphone, where I beg using my tiny remains after the divorce proceeding to buy just one stale baguette. The shopkeep takes pity and pulls last weeks remains out of the trash bin.

As the salt of my tears mix with the mold of the stale baguette, I sit in torment "why didn't I pay in Monero!"

-------- Epilogue -------

3 months later, I join the legion etrangere, the last respite for a soul with no money, no skills, and no baguettes. I have no family to miss me, and any wages I get in the civilian life are garnished. I'm deployed to Mali, a land of no baguettes. 5 more days until I finally get my 200 Euro's pay -- I finally can order a baguette. I hear a loud sound. Several tribesman surround me with pointed sticks. My FAL jams, and I feel the warm fiery sensation of the sticks piercing my organs, as the life force drains out of me. One more baguette was all I wanted. If only I had bought my baguettes with a fungible untraceable currency.


The main lesson I hear here is "don't get married especially if you are in the US" ;)

In France we are lucky enough to have another kind of civil union which is much less intrusive with what you can do with your baguette ;) and also have no consequences when you end it.


I have paid for splitting a ride share, tipping open source projects, donating to development funds, etc. I use it because I hate the trend of surveillance capitalism you see with crap like Venmo and even credit cards.

> Privacy is important, and it's a binary proposition.

It never used to be a binary proposition, it used to be somewhat proportionate because (a) there was a cost to surveillance and (b) there was a cost to acting covertly - crime was inherently local and hard to scale.

So you wouldn't have the police surveilling everyone unless that was critical to the stability of the state (Stasi etc), and it was infeasible to track cash transactions so a certain amount of crime and evasion was tolerated. But it was limited because cash is inherently bulky. Even a few million dollars is hard to carry around.

Now the internet has falsified both of those. Both crime and surveillance can be scaled up and globalized. So it has become binarized, with one of two outcomes: anonymous transactions + frictionless crime, including evasion of tax and currency controls; OR omnipresent surveillance of everyone and every transaction.

Cryptocurrency is accelerating towards one of those two outcomes. I just don't think it'll be the first one.


Cash doesn't burn a bunch of electricity on a PoW scheme.

The dollar system is built on eternal growth and the oil economy, and its proof of work is endless wars. I'll take bitcoin and monero any day; they're much, much greener than what we currently have.

A wasteless means of payment and accounting is wishful thinking, from my point of view.

We don't really use cash anymore, but a digital representation of it. This comes with a lot of electricity consumption on datacenters, among other waste.

For example: financial institutions have to waste a lot of resources just to keep the system "safe", for you, the government, etc. Requires extensive cybersecurity, bureaucratic and legal spending.


The amount of electricity spent on creating and maintaining cash must be pretty big, right? Am I misunderstanding you?

How much of a carbon footprint does the global traditional cash and banking industry produce per usd relative to the equivalent footprint of a cryptocurrency?

It's not just electricity, it's concrete and steel for banks and parking lots, employees driving to and from work, armored cars transporting cash, etc. Traditional cash is many, many orders of magnitude dirtier than even the worst cryptocurrency.

If you could assess the cost in pollution and other harms, you'd also want to assess the value in jobs and infrastructure and other utility. I'd bet cryptocurrency ends up being a far better tool all around, especially if institutional protections can be emulated - some sort of fraud insurance and so on.

Anyway, it's silly to neg on crypto because it uses lots of power. Total red herring.

It's a good ambition to make crypto more efficient, but the fuss is all FUD memeing from the usual suspects.


I don't know how it could resolve the "supporting crime" concern, really. When something is anonymous/private, it's going to be used for things you don't like. It's then all about whether you think the tradeoff is worth it.

Personally, I think it is, but I understand how others can have different viewpoints. I think the logical conclusion if you take the opposite stance is that you're against anonymity and/or privacy, though.


> I think the logical conclusion if you take the opposite stance is that you're against anonymity and/or privacy, though.

People are all for anonymity until law enforcement can no longer catch criminals. There's a balance there your statement is lacking. It's kinda like saying if you support anonymity, you must be clearly pro-crime, which I don't think you are.

E.g. Banking regulations don't allow banks to publish details of customer's accounts. But KYC allows banks to report questionable activity to FINCEN, say. And that seems to strike a balance between regulation and anonymity.


> It's kinda like saying if you support anonymity, you must be clearly pro-crime, which I don't think you are.

I think it's that, if you are pro-catching-crime, you're against anonymity, because that's a prerequisite. If you're for anonymity, you don't have to be pro-crime, because crime isn't a prerequisite for anonymity.

> People are all for anonymity until law enforcement can no longer catch criminals.

That is certainly true. I just think that it's used against morally-good causes much more often than it's used against morally-bad, or at least that the benefit we get for the latter doesn't justify the former. One salient example is the security theater we have to go through in airports since 9/11, which have eroded the liberty of millions of people and have probably caught (or even deterred) zero people.


> if you are pro-catching-crime, you're against anonymity, because that's a prerequisite.

I'm not sure it is. It seems to me you can be pro-hoodie without being pro-murder. It also appears that being anti-murder doesn't require you to be anti-hoodie.

> One salient example is the security theater we have to go through in airports since 9/11, which have eroded the liberty of millions of people and have probably caught (or even deterred) zero people.

I won't say the TSA is good at their jobs. But I will say that anonymity ends at the door of an airplane. Now whether the former can do the latter is another question entirely.


> It seems to me you can be pro-hoodie without being pro-murder. It also appears that being anti-murder doesn't require you to be anti-hoodie.

I didn't say anything about being anti-murder, though. If you're pro-catching-murderers, you must be anti-hoodie, otherwise you catch fewer murderers.


> If you're pro-catching-murderers, you must be anti-hoodie, otherwise you catch fewer murderers.

Maybe, but also there's other options. One might be that more cops on the street would probably have a more powerful effect than banning hoodies say.

So I reject your black and white reasoning outright.


> But KYC allows banks to report questionable activity to FINCEN

Isnt that just for the little guy because there are always stories in the news that banks help cartels move money.


TBH I'm against strong anonymity when it comes to money. Seems like it can amplify harm more than other areas like speech or association.

True. The issue I have is that anonymity exists, it's just expensive, so only rich people have it. This makes the choice from "financial privacy or no financial privacy" to "financial privacy for the rich or for everyone".

Good point. And if it's truly a binary choice of only-the-rich or everyone then I'm more inclined to side with anonymity for everyone.

Disagree because you’re already getting screwed by the rich. Being anonymous doesn’t divorce from the “getting screwed” class, but it continues to aid the rich.

Financial anonymity is important — just because the panic of the day is “secret Nazis” doesn’t make this untrue. Consider a woman trying to escape domestic abuse, who has been financially trapped. If all transactions are untraceable, a $20 to “a grocery store” here and there can very well be her escape route. Same goes for oppressed individuals attempting to escape abusive families, neighborhoods, countries. Realistically the people you’re most worried about have used what they’ve always used to conduct their transactions anonymously: cash.

Just because the government knows about my bank account doesn't mean my wife/neighbor/rando does. No one is talking about radically public bank accounts; the surveillance is only for the government.

what happens when your government is corrupt and is after you? such blind trust in big daddy government

So what happens when your abusive boyfriend is a cop or a government worker?

which they are, of course, statistically more likely to be in this instance. https://www.amazon.com/Police-Wife-Epidemic-Domestic-Violenc...

I was opting for heavy subtext, I completely agree :)

Monero supports crime as much as cash supports crime. Doors and curtains also support crime, but somehow some basic privacy is fundamental human right. For now...

Also in some countries police still don't just scan all your bank transactions 24/7 and there is presumption of innocence in criminal law.


This is a common trope, but incorrect. Cash is really hard to do crime with. You can't actually get any meaningful quantity of it without having a SAR or CTR filed on you (or the person obtaining it). It's big and bulky, it's uniquely numbered and traceable. You can't deposit any meaningful quantity without having a SAR or CTR filed.

Converting it back into something digital, anonymously/untraceably requires laundering it where you end up losing 20-70% of the value.

Cash sucks for any meaningful crime.

Cash is designed to be traceable and to move millions of it would be truly a feat. On the other hand you can move billions of crypto for the fuck of it.

Crypto is good for crime.

> Also in some countries police still don't just scan all your bank transactions 24/7 and there is presumption of innocence in criminal law.

The US draws the right balance: your transactions are private until the court authorizes the police obtain them on the basis of probable cause. Now it may not be executed perfectly every time but that's advocating for reforming that system, not throwing it out.


You do have valid points, but again it's all about cost of doing business. Fortunatrly majority of criminals are just people making money and not just crazy who want to watch world burn. So if their ROI is 1000% and they're okay with the risks they still gonna run their shady businesses even if cost of doing business will double or triple.

War on drugs has proven that it's impossible to fight this kind of activity no matter how much resources you throw at it. And running scams / botnets / extortion on internet is way less risky criminal activity than selling drugs.

> The US draws the right balance

Unfortunately it doesn't work like this in most of the world and US isn't about to invite remaining 95% of world population to join the party.

It's not that I support criminals, but majority of crime on internet (not counting actually selling drugs) is either scams, botnets or extortion. IMHO they all can only be solved by combination of educating people better and improving systems security overall.

Instead western government promise to solve crime with surveillance, draconian AML policies and censorship. After all it worked so well in authoritarian countries all around the world. /s


You still need to convert crypto to clean money to actually spend it, which is equally as difficult to do as cash.

>You can't actually get any meaningful quantity of it without having a SAR or CTR filed on you (or the person obtaining it). It's big and bulky, it's uniquely numbered and traceable. You can't deposit any meaningful quantity without having a SAR or CTR filed.

I could pressure wash houses for $200 a house everyday and get 100k in less than 2 years. Or bartend, work as a waitress for a few years, whatever. There's plenty of ways people end up with large sums of cash without a SAR or CTR. Some individuals conceivably may pull 2-3k a month out of an ATM for a few years, why would that flag a SAR on you? See this guy, who [1] despite having a bank account had 87k seized by thieves in blue on the side of the road, who meticulously kept ATM statements for most all of it.

> your transactions are private until the court authorizes the police obtain them on the basis of probable cause

What is the court that signs an order, based on probable cause of a crime, for each cash transaction over 10,000? What is the court that orders, based on probable cause, a bank file a SAR when they are suspicious of your transactions. What is the court that signs an order, based on probable cause of a crime, that you declare foreign bank accounts with a combined value above $10k? Can you point me towards the warrants that have been issued for each of these transactions that show the probable cause?

What is the court order, on probable cause, that requires foreign banks to comply with FATCA for Americans abroad?

What is the court order, on probable cause, that requires money transmitters to collect KYC on customers regardless of there being any probable cause whatsoever of a crime?

The idea your transaction are private until ordered by a court is absolute hogwash.

[1] https://www.reviewjournal.com/crime/courts/nevada-troopers-t...


> What is the court that signs an order, based on probable cause of a crime, for each cash transaction over 10,000?

It's really not interesting re-hashing how the judicial system works.


You claimed " your transactions are private until the court authorizes the police obtain them on the basis of probable cause."

It's not really interesting re-hashing an outright lie from someone who knows better.


> Monero supports crime as much as cash supports crime.

Cash has serial numbers which means it needs to be laundered, since banks work with the FBI to trace where bills with serial numbers show up.


Money laundering just make it more expensive for criminals to get the profits. So does crypto due to ever moving exchange rates, comissions, etc.

Also just want to remind you that the world doesn't end on US soil and once you moved cash to a different country this kind of tracking becomes more and more complicated.


Cash is legitimately harder to launder than some cryptocurrency. It's not about the expense, it's the infrastructure you have to build. Front companies and shell companies to move the money around. The more cash you have to launder the more of these entities you'll need.

The more paper records you generate the more likely you're going to get raided by the FBI, Scotland Yard, etc.


> Money laundering just make it more expensive for criminals to get the profits.

Every anti-crime measure only makes crime more expensive, that's the whole mechanism by which they work.


How are you going to get huge quantities of cash across borders without anyone noticing? Even the Narcos know thats a bad plan, they used binders of gift cards.

Lol do you have any idea how porous the US-Mexico border is? Money can cross the same way 10s of thousands of kilos does, only traffic is even less scrutinized going south than it is going north.

I'm not a money laundering expert, but when you already using crypto with a huge chance to lose 10-30% on exchange rate flunctations I don't believe it's that hard to come up with an idea.

Let's say you'll make a fake startup funded by VCs from all around the world. There is plenty of people who will love to buy few million dollars with 30% discount.

This isn't about some petty crime though, but again it's much easier to move smaller amount of money anyway.


> I'm not a money laundering expert.

Then why are you regurgitating this uninformed vomit passing as currency expertise? You clearly don't understand how money laundering works with paper cash, and you think the only thing that matters is "cost".


Okay, now this is rude. We're on public forum here sharing our opinions. Mine are based on the fact that I do know how online criminals operate as well as how money laundering work in my country.

I really can't speak about US and how FBI works, but again most of online criminals are not operate in the US.


I think what's dangerous frankly is when crypto "experts" try to claim something is when it ain't -- in a public forum.

You just can't make a claim and then say later, "But I'm not an expert."


Whatever. Go forward with your witch hunt. I personally never use crypto myself, though do some contract development on Eth-powered projects.

As about money laundering your opinion is one of a person living in western country with working institutions and strong legal frameworks. Unfortunately this isn't the case in many places around the globe. There is tons of countries where everything is just a question of % you want to pay.


Saddam Hussein who controlled his own currency (and even had his face on it) wanted US Dollars. The wanting of US Dollars (and laundering them) isn't limited to those who live in a western country.

That's like being worried about using the Internet in 1995 because of indirectly supporting porn.

Remember, the Internet is only useful for porn and cat pictures, right?


Financial regulations mitigating crime predate the Internet.

"Remember" what? Nobody ever thought that. That is just the kind of thing bitcoiners keeps saying that has no basis in actual history.

Yes plenty of people thought that, well into 2000-2005. Maybe you hang out too much in tech circles?

This really, really did not happen.

Not taking a side just a flashback how far away 1995 is: https://www.youtube.com/watch?v=95-yZ-31j9A&ab_channel=TODAY

Ultimately, you just have to let go. Every possible action you take in your life could be taken advantage by criminals. Do you want to let that restrict you ability to lead your life? I don’t.

Indeed it is a trade-off. And leaks revealing the dirty tricks of the rich and powerful make me wonder how effective KYC and similar controls are in practice. Yet it's that very visibility that motives people to act.

So perhaps the ideal is a sliding scale. The more powerful you are then the less anonymity/privacy you should be allowed, at least in financial or political matters.


Careful what you wish for, it's a double-edged sword: do you really want anti-abortion activists abusing funders of Planned Parenthood...? Or anti-immigration extremists harassing funders of NGOs who help Afghan refugees...?

There's lots of things that an order of magnitude more folks do that harm the environment than DeFi/cryptocurrency/shitcoin gambling. I'd love to revisit the environmental impacts of cryptocurrency after we've moved to electric cars, decreased car usage, decreased HVAC waste, made our toilets/sinks/showers more efficient, made our factories run on hydrogen instead of coal, and clean up shipping emissions. Once we're even halfway down that list, then I think we're ready to tackle the environmental question of cryptocurrency.

That's one approach. Another is to tackle low hanging fruit.

What is lost if DeFi were more heavily regulated or outlawed? What is lost if shipping were more more heavily regulated / outlawed?

Ultimately we have to do many things, and solutions aren't mutually exclusive.


> What is lost if DeFi were more heavily regulated or outlawed? What is lost if shipping were more more heavily regulated / outlawed?

Getting people to agree on "low-hanging fruit" is very difficult. Even on here you'll see people that are fine with using energy on crypto. It'll be an even taller order convincing folks that shipping should be outlawed or tightly restricted, especially folks living in rural car-dominated areas of Anglo countries. Then you'll have to mount a new fight to convince people to heavily restrict the bath and restrict shower usage. Oh and keeping your lights on all night. Then start a campaign to restrict running the AC. There will undoubtedly be folks who'll try specifically to find holes in restrictions as well, such as buying a propane stove on areas where gas stoves are banned, then you'll need to amend all of these restrictions and burn ever more political capital.

Much simpler to tax energy based on emissions. If that means PoW crypto will never be profitable, then they can pound sand. That way you also won't have lobby groups grandfather weird exceptions on restrictions to preserve their precious market.


Just put a constant tax on carbon and let people choose between their shitcoins, vacation flights, and sirloin steaks.

Another one for your list: have a look at the energy use of electronics on standby.

Relative privation is still a fallacy, though, isn't it?

Financial privacy is a requirement for a free society.

> and it hasn't been as full of cultists as some of the other coins I've seen.

Didn't they have a Church of Monero a few years back? That was kind of... weird? It was probably started as a joke or something, I can't remember.



Very probably. That's why I said "not as full" :P

I'm not really happy promoting a cryptocurrency these days, given that most of them are get-rich-quick schemes,

They're get-rich-quick schemes plus money laundering/capital-flight mechanisms. And if you think capital flight is more ethical than a get-rich-quick scheme, I'd like to introduce you to X oligarch on Y continent committing Z poorly publicized genocide.

Edit: that said, the way that they facilitate dubious money transfer is pretty what makes them likely to stick around and so one can say with more certainty their value will be maintained. Hope that makes you feel better.


Oligarchs are well taken care of by the traditional offshore banking industry. They don't need to fall back on crypto like regular folks.

One piece of evidence for the above claim: https://www.icij.org/inside-icij/2021/03/u-s-sanctions-ukrai...

North Korea would beg to differ, having amassed billions in violation of International sanctions. [1]

[1] https://www.investopedia.com/news/what-north-koreas-role-bit...


That the wealthy have many other avenues for exfiltrating money doesn't change the situation that crypto is an extremely effective method for doing that. A lot of people need as many channels for the exporting of wealth as they can get.

Iran's rulers might or might be oligarchs but the use of bitcoin by the Iranian state[1] seems like good evidence that crypto isn't just for the little guy.

[1] https://www.reuters.com/technology/iran-uses-crypto-mining-l...


> and it hasn't been as full of cultists as some of the other coins I've seen.

LOL. Not my experience at all. Monero shills are the worst.


For those that may not be familiar, the relatively strong anonymity on Monero is via a cryptographic mechanism known as "ring signatures". Separate from cryptocurrency they are a useful cryptographic technique for many things: https://en.wikipedia.org/wiki/Ring_signature

that's for sender anonymity, and recipient anonymity is via one-time (stealth) addresses

I haven't read much on monero / this algorithm, so I'm not sure if it's particularly meaningful, but wikipeda references that being the case for most of 2017-2018 and then the algorithm was changed.

Changed to bulletproof https://eprint.iacr.org/2017/1066

The Wikipedia article is incorrect, Monero still uses ring signatures. Bulletproofs are used as efficient range proofs in RingCT to hide the amount in transactions.

https://www.getmonero.org/2017/12/07/Monero-Compatible-Bulle...


Honestly, comments like this are why I stick with hacker news.

Thank you! There's a lot of difficult-to-google info locked up in comments like this, and I truly appreciate the effort spent replying to randos like me :)


GNU Taler is (for Europeans at least) the most promising system, because it is controllable (at least on the merchant side).

The users themself are anonymous, just like when using cash!

That is a good system because it enables governments to still being able to tax businesses and control illegal activities. Such system will also gain more acceptance among the common folks.

https://taler.net/en/index.html


The most promising? What do you mean? BTC and XMR already work and don't have the downsides of Taler. Usability could be improved for those, yes.

Outside transparency is not a benefit. Most people I've talked to about crypto don't see the opacity as a detriment. They do not trust the government or tax policy. Most of these people are also generally happy to pay their taxes but can see reasons when they would want to hide their behavior.


This shows how little cryptocurrency users know about how governments collect taxes. The government doesn't go around checking people's bank accounts in order to get tax information. This would be terribly inefficient. What they do instead is pass laws that require employers to disclose how much they pay their employees and to collect taxes on their behalf, before the taxpayer even receives the money. Therefore private transactions and 'unconfiscatable' money does nothing to prevent governments from collecting taxes, at least as far as ordinary people are concerned.

That’s an edge case for payroll taxes/income tax of employees. All other forms of taxation can be avoided by the common man.

> All other forms of taxation can be avoided by the common man.

Lol, the common man isn’t really subjected to other forms of taxation.

Most people pay two kinds of taxes: income tax, and sales/use taxes (with property tax being a distant third).

The most common taxes are difficult to dodge.


that edge case is most of the tax the common man pays

Not at all an edge case, but there's no point discussing this. If you think you can avoid all other forms of taxation, I say go ahead and try it!

For salary or wage payments, kind of. If you received your normal wages in XMR then the government would have a hard time proving anything illegal is happening, even if both your employer and you are breaking the law.

You mean the government may have to rely on old fashioned police work, like undercover agents or informants witnessing the illegimate activity rather than passively spying on financial transactions? Say it ain't so!

If your employer wants to help you committing tax fraud, they would have to cook the books, which is a lot of work and entails a considerable amount of risk. Whether they pay you with a cryptocurrency or real money doesn't make any difference, as far as I can see.

No, they can just not withhold your tax obligation. Mandatory withholding is not even the norm -- KS and MO don't require it, it seems only Eastern seaboard states and maybe CA do.

People keep walking this back to massive fraud but more likely what anonymity will do is just allow businesses to escape onerous operating issues. E.g. having employees in some states is worse than having them in others because of those state's perceived requirements to operate an LLC in that state, and other related rules. It's not even clear if some of these requirements are enforceable federally.


Not withholding the tax is not enough. Both the employee and the employer have to lie to the government for this to work, and for an employer this means they need to falsify their financial records, because the tax agency can demand to see them. Also, anonymous transactions already exist, so cryptocurrency doesn't make this type of fraud easier or more likely.

Your employer doesn't need to lie, you need to not get audited. Even if both you and your employer lie they will have cash flow discrepancies.

As I mentioned, there are more defensible reasons for only having one party lie, like avoiding CA's (future?) claim that paying someone who lives in California implies you hired them in California and need to incorporate in California.


You are talking about income tax. There are other taxes, e.g. capital gains tax, that most crypto makes much more difficult for governments to collect.

All income that you receive from or is routed through an institution will be handled in the same way. This likely includes interest, dividends and capital gains as well. Then there's VAT which is also collected by businesses on behalf of the government.

Exactly. Crypto largely removes the need for institutions, and with anonymous wallets it would be very difficult to link a specific person to one.

Edit: I am again talking about capital gains. Yes, the money has to come from somewhere, but you can break the traceability easily by using non-kyc means of getting crypto. E.g. bitcoin ATMs.


A bitcoin ATM is an interface with an institution that is selling/dispensing dollars, so you're still dealing with an institution.

Yeah, but you don't need a bitcoin ATM. The grocery store could accept monero and there would be no need for fiat currency.

Sure, and if pigs could fly, there would be no need for helicopters.

Gnu Taler does not rely on a blockchain.

BTCs blockchain is rather power inefficient.


> BTCs blockchain is rather power inefficient.

Pfff, a single transaction is only 1700kw/h (or 820kg of carbon dioxide) with as little as 90g of electrical waste left behind on average. From an economical standpoint that could be much more ... if you are to sell energy or equipment of course. /s


> Outside transparency is not a benefit. Most people I've talked to about crypto don't see the opacity as a detriment. They do not trust the government or tax policy.

I think his point is: Bitcoin explicitly takes a libertarian position to taxation by making it hard to tax. While most crypto adopters may be libertarian, the majority of people are not and so the libertarian position will deter adoption.


Opponents to cryptocurrency are a very vocal "think of the children" minority as far as I can tell. In the US there seems to be broad interest mostly gated by technical difficulties.

As noted many times here, anonymous crypto is only as bad as cash.


The important point about Taler is that while the payer is completely anonymous, the payee is not.

This makes illegal uses of it much harder.


A payment system that's not driven by a unicorn , is "libre", cannot be used by criminals because business payments are visible while customers are anonymous, and helps combat tax avoidance?!

Nah, will never fly.


Will never fly because corporations will not adopt something that helps them pay more taxes.

Corporations don‘t evade taxes by hiding consumer payment transactions.

That’s certainly true. However, making up transactions is almost core to money laundering, and laundromats don’t like to pay taxes for obvious reasons.

So corporations won't adopt double-entry accounting then? ;) Corporations have ways to move money around legally. There is a regulatory gap... They do not need to hide money illegally.

With Monero you can still let the government see your transactions, by sharing a view key with them.

And you also have the possibility to avoid taxes if you want. So, it's a superior system because it allows both use cases ;)


GNU Taler is not a real cryptocurrency.

GNU Taler is trash as it has built in taxation. Something crypto tries to abolish as taxation is theft.

wow! much edgy, such badboy!

I take it you're happy paying taxes for shit that doesn't benefit you, like useless school systems?

Paying taxes also makes sure that when I turn the tap on, there's drinking water coming out of it.

I don't think that's a bad use case for tax money.


Like the water in Flint? I’d prefer a private commercial service for that. At least you wouldn’t have to live with contaminated tap water for 5 years because of incompetent government run monopolies.

Third world countries like the US might handle drinking water quality somewhat different, I acknowledge that.

So maybe roads are somewhat easier to grasp. They are paid for by taxes and while you could outsource that to private parties, having to pay a bribe each kilometer seems rather complicated to me.


Wow much edgy

Monero looks like the best crypto for crime, so probably the most valuable crypto in the long run.

Monero sounds great as a starting point since it can theoretically mimic an in-person cash exchange as far as anonymity is concerned. But to encourage adoption we need to be able to do more than that. Is it possible to design a "chargeback" mechanism on top of monero? What if I want the ability to allow an intermediary to arbitrate a dispute between me and the other party?

>What if I want the ability to allow an intermediary to arbitrate a dispute between me and the other party?

Use a 2-of-3 multisig for dispute resolution.


Finality is usually considered a feature of blockchains, not a bug. Chargebacks work on networks like Visa and Mastercard because we trust the network (visa) to step in arbitrate disagreements, but there's no central actor here.

There’s no reason that intermediaries couldn’t be used. But it wouldn’t be part of the actual core tech. There should be multiple options for such things as well. All competing for better service.

Waaaay down at the bottom you see something like this:

> Personal Speculation

> Disclosure: I own a small amount of Monero, Bitcoin and Nano.

How small? $1M might be small to a billionaire. To others $50k is a large amount.

Otherwise it seems like yet another blog post shilling crypto.


0.5XMR if you're interested, worth about $125 USD

Maybe put that at the top?

How will you find and maintain experts who are convinced of the greatness of some investments, but refuse to invest, because they want to remain impartial? I think your demands are unrealistic.

Also, you could just as well consider it a positive signal (putting money where their mouth is).

I guess even better would be posting a proof of ownership. Not sure if that would be possible with Monero, but it would be possible with Bitcoin.


Posting the view key for the wallet would prove ownership (and transaction history). This is how Monero allows audit ability and subpoena compliance without risking the security of funds.

When you develop a value exchange that is perfectly designed for facilitating human kidnappings and subverting international sanctions, you should not be surprised when other humans decide they value institutions over this level of personal privacy.

The narrative that this type of value exchange will protect people is as easily argued that it will put others at risk. We have institutions for a reason, and nobody living in a free country should desire such an absurdly dangerous means of value exchange.

At least when you exchange physical currency, it's actually physically difficult for a kidnapper or bank robber to handle the actually physical volume of $1M.


Well, paper money is also used for crime. In fact, illegal uses of paper currency are so common, U.S. authorities commonly seize cash from civilians deemed to be carrying too much of it!

In light of this - I think it's rational to remove paper currency from circulation and to move to a digital system where every transaction is tracked to a real person. This could be as simple as using existing banking structures, or maybe some sort of cryptographically-secure, immutable ledger of some sort, tying every transaction back to a real person. Almost like a centralized, managed "block chain".

/s


Paper money is much, much more difficult to use for crime than cryptocurrencies.

Actually it is WAY easier to use paper money for crime than cryptocurrencies.

Aha! How would you know?!

Kidding aside, I have zero clue what the actual adoption rate is for Monero in the seedy underworld of common criminality, so I can't really challenge anyone on this argument.

I can say if I were a criminal, I'd want to keep it as low tech as possible. Given how sophisticated computer forensics is, I don't think I'd be able to keep everything "clean", digitally speaking.


It depends on the kind of crime. Some crime is easier with cash.

For example, many professional bartenders commit tax fraud every day by not reporting cash tips. This is directly facilitated by paper currencies.


It is not "facilitated" by it, that is just because cash tips are given in paper currencies and not in Monero.

If tips were given in Monero, the tax fraud would be even easier.


Uh, why would it be easier?

Governments all over the world are trying to get rid of paper money.

EU (or Germany, sorry I forgot) just passed laws that production of all goods should be traceable from beginning to end.

They are working on it. Nobody shall be able to opt out of the system.


I'm glad you added the /s for the sake of the person you're replying to.

There is one problem: freedom is necessarily also freedom for people you don't like. There's no way to make living free for good guys, and limited for bad guys. Limiting things for bad guys, you also limit them for everyone — hopefully to a lesser extent. By putting a lock on your door so that a burglar won't enter, you also prevent your friends from entering.

There is a certain balance of downsides and upsides of limitations on freedom. If you move the "safety" knob all the way to maximum, you will get a high security prison with creature comforts. Indeed, being watched and tracked at all times, and limited in what you do and where you go, you can definitely be kept out of the harm's way. If you like the motion towards this, welcome to mainland China. (If you want an antidote, re-read the Brave New World.)

The price of liberty is eternal vigilance, that is, liberty is a somehow unsafe condition, else vigilance won't be needed. Some people prefer certain upsides of liberty more than certain upsides of safety. Such people founded the U.S., and it still shows here and there. (Not much, of course.)


You're arguing that you aren't free unless you're free to drive a fully armed and operational tank to work, and not be bothered by the authorities. You can value privacy and rule of law, by building in limits to both. Physical currencies do that.

Yes, I think an effectively anonymized digital value exchange is problematic. I prefer physical currency for anonymized transactions because it provides certain physical barriers that make a non-consensual exchange of goods and services difficult, while perfectly facilitating, though often de-anonymizing large exchanges of value.

Something that's perfectly sensible in a state that values both privacy and rule of law. We don't put cameras in your home, we do put cameras in airports and nuclear energy facilities.


Well expressed on cash applying barriers.

Human kidnappings and subverting international sanctions account for what? 0.0001% of all transactions?

So you're saying 99.9% of the population shouldn't benefit from this because there will be a tiny percentage misusing it?

I take it you're against privacy, encryption and gun ownership too then right?


I'm for expansive, but limited versions of these things.

I think your love letters should be private from the gov't, I don't think your income should be private from the gov't.

I think nearly everyone should be able to own a rifle, but I don't think any private citizen should be able to own a tank.

There are many aspects of life where I think the costs outweigh the benefits for citizen in society. Since there are trivial numbers of alternatives, I see a highly anonymized digital store of value as bad for the public welfare. The limit is typically where public access to the good is necessary to prevent tyranny, but universal access causing a tyranny of the minority is typically the where things should be illegal.

I think the conditions in which Monero would benefit society existed, the legality of Monero would be irrelevant.


how much damage is and has been done through the traditional institutions/methods/tracking/privacy-invasion you are advocating in totalitarian regimes today and throughout history?

Historical institutions are totalitarian monarchies. The modern democratic institutions are the exception, not the rule.

I'm not saying Monero shouldn't exist, I'm saying those of us in a free society should want it to be illegal in our free society. Again, it's legality in an unfree society is essentially irrelevant to it's practicality.


Making privacy illegal insures totalitarianism

I'll take tyranny of the minority over tyranny of the government any day.

How about saying a large chunk of the population don't want to benefit because there will be a tiny percentage misusing it against them. Lots of rights and freedoms are not wanted because we don't want our neighbors to have them too. We encode them as laws.

Not everybody lives in a free country, as a venezuelan I can tell you that tyranny can start with the control of money.

I don't disagree.

>Monero seems much better suited as a weapon against real totalitarian regimes. If it is illegal in both a free and unfree society, then it will only have a practical purpose in the unfree society, whereas the free society will have plentiful alternatives.

From another thread. I think the something like Monero can exist, but also be illegal, and that would facilitate making it's practical use only valuable in truly unfree societies.


These are good points, but they all go away if the crimes you're most worried about are the ones being committed by the people who run your institutions.

>Monero seems much better suited as a weapon against real totalitarian regimes. If it is illegal in both a free and unfree society, then it will only have a practical purpose in the unfree society, whereas the free society will have plentiful alternatives.

I can't tell if you are talking about monero or paper currency.

Monero is light years easier for law enforcement to find kidnappers (exchanges, honeypots, network access) than cold hard cash.

Was there a plague of kidnappers when the world used 'absurdly dangerous means of value exchange' like paper currency and gold?

edit: my reply was before you edited to discuss physical currency. $1M in $100 bills is 22lbs. Hardly a deterrent.


The difference with cash is that the criminal (or an accomplice) has to physically pick it up, drastically increasing the risk of getting identified and/or caught. Even if they send an unwitting person, there will be a witness and evidence.

Just because you live in a place where kidnapping isn't common, doesn't mean that it is not is common across the globe.

https://lb-aps-frontend.statista.com/statistics/275545/kidna...

The idea that an email asking for a blockchain currency is somehow more difficult than a dead drop of physical currency is absurd. While there are some merits, this type of value exchange is a dangerous vehicle for facilitating human exploitation. We need to start talking about that fact more, instead of the fever dreams that those of us in the free world somehow live in some faux-totalitarian state, simply because you can't legally purchase MDMA or cocaine.


you kind of proved my point. kidnappers already use cash, and changing that to different mechanism isn't going to increase or decrease the amount of crime. You haven't explained any reason why digital anonymous currency will increase crime or make it harder to catch them.

Evil people use neutral tools for evil purposes. They have been since the beginning of tools.

So stop trying to slow the advance of technology just because some evil people can use it too.


I'm not against blockchain technology. I'm against creating a systematically anonymous blockchain. Identity and reputation in value exchanges matter in society, both legally and philosophically.

Monero seems much better suited as a weapon against real totalitarian regimes. If it is illegal in both a free and unfree society, then it will only have a practical purpose in the unfree society, whereas the free society will have plentiful alternatives.


Physical cash requires some level of risk for the kidnapper to get it though, because they physically have to get it in their possession

If I have $10k in the bank and I want to turn it into cash, were do I get it without having the bills pass through a machine that scans their serial numbers?

And if you receive that $10k in cash, how do you deposit it without the same risk?


Those institutions that are supposed to protect us are systematically stealing from us without due process via civil forfeiture, and they're doing it on a scale that outweighs all burglaries nationwide.

You shouldn't be surprised when Americans value privacy over institutions. Our institutions are more criminal than our criminals.


>While there are some merits, this type of value exchange is a dangerous vehicle for facilitating human exploitation. We need to start talking about that fact more, instead of the fever dreams that those of us in the free world somehow live in some faux-totalitarian state, simply because you can't legally purchase MDMA or cocaine.

>stealing from us without due process via civil forfeiture

Yea, this is exactly the type of faux-totalitarian nonsense i was talking about in the other thread. If we live in a free society, we can change the types of laws we don't like, and in the case of civil forfeiture, we should, and are, but pretending like one bad law justifies something with these consequences is ridiculous.


Well that's the problem. We don't live in a free society. And there is virtually nothing we can do to change the laws, as the status quo invariably benefits the people in power.

So I'll tell you what. You can work on fixing those institutions if you want. I'll take the privacy while we wait.


I'd be curious to hear from Monero fans why one might select it over Zcash? Zcash seems to have stronger security guarantees when shielded transactions are used.

I think the reddit user someone else linked to pretty clearly explained the Monero side. Zcash has a bad reputation with darknet markets and the like that use Monero. Some of it deserved. ( I say this as someone who wrote original Zerocash protocol) https://www.reddit.com/r/Monero/comments/oui6zj/zcash_vs_mon...

Also, Zcash has optional privacy.

On the other hand, the decoy based privacy protocols Monero uses are not really private at all. https://slideslive.com/38911785/satoshi-has-no-clothes-failu...

Its cryptocurrency, everything is tribal.


> the decoy based privacy protocols Monero uses are not really private at all.

This is simply not true, otherwise you should present real evidence. It is not perfect, but nothing ever will be, and Monero continues to move forward and use the best technology available. Research continues, and they hope to move away from "decoy based protocols" altogether eventually, but the tradeoffs have so far been too great. Unlike bitcoin, it is able to do large changes, since there is a completely different development culture


>Unlike bitcoin, it is able to do large changes, since there is a completely different development culture

Can be read as: a 'relatively' small group of people control the protocol to such a level that arbitrary changes can be enacted with relative ease.

An example that comes to mind is Ethereum, which is essentially controlled by a single developer aided by a few others. When a bug in a contract would have cost many people a significant amount, the lead developer lead the charge (to the applause of almost all) in forking the chain.

I haven't looked at Monero in enough detail to confirm this, but your statement is not exactly a selling point. Having decentralization to the point that it becomes hard for developers to force through changes, should be a feature... not a bug.


You have a great point and for this reason Monero should be viewed differently. It is not bitcoin. However, the technology is just not at the point where you can have a protocol that is fixed in stone, and bitcoin is not something that I think is good for the world because it is a dangerous tool of mass surveillance which you can't fix without fundamental changes.

>Having decentralization to the point that it becomes hard for developers to force through changes

This is happening to Monero too over time, as the community grows. I expect it will continue to become more difficult to gain consensus over time. There is, at least, many developers and no 'leader' figure like Vitalik


I’m glad to hear that Monero is still on the right track.

Are there coins that learned from the bungled launch of zcash and did things right according to what was valued by the community? Like private by default, avoiding perceived trust issues by being more above board, making ASIC resistance a priority, adopting a public irreverence of compliance, not being associated with people who worked with untrusted organizations and so on?

There are some Zcash forks with iffy dev support and no market traction. The problem is the kind of cryptography you need to do something like Zcash is very very very hard to get right. Zcash actually got the tech right and handled the issues they hit well. They just didn't do a good job with reputation outside of tech.

No one else as done the same tech yet themselves. A few things have launched and allegedly plan to add a privacy layer (Mina, Celo). But actually building that kind of tech is a lot harder than reputation management or standard blockchains.

It's still an open playing field.


Bitcoin gold has a asic resistant pow, but all the same btc issues so far as I know, because it’s a btc fork.


ZCash is controlled by a privately-owned company in the U.S., who gave themselves founder's rewards.

It's also designed in a way to allow "poison pills" - i.e. those in control can force a single transaction on a block, thus giving a vector to deanonymize someone.

You may ask, "Who would do something like that?" and the answer would be the U.S. government who can compel privately owned organizations via secret court subpoenas. Monero is more private than ZCash, and has a record of not acting on self-interests.


With monero you can analyze residuals to deanonymize people.

The IRS has paid out millions of dollars in a failed effort to deanonymize Monero transactions without a lawful subpeona. Thus, a lawful subpeona is still required in order to unseal Monero transactions in the US, I.e., to compel the production of a view-only cryptographic key.

Which takes quite a bit of time and hasn't been proven possible yet. Very different from an on-demand poison pill.

How does this work?

The video was posted elsewhere I think. Basically, if you view enough of the residual ring inputs you can link them together. This is not quite practical yet but assuming wide adoption of XMR chain stores, etc, would be able to do this attack.

This reddit user seemed to have some valid reasons: https://www.reddit.com/r/Monero/comments/oui6zj/-/h734kyq

There was a bug, with which the Zcash developers could have used to generate infinite coins for themselves, and it so far cannot be proven that this did not occur. I do not know how so few people are aware of it. I do not mean the trusted setup, but this: https://forum.zcashcommunity.com/t/zcash-counterfeiting-vuln...

The developers were funded by suspicious government organisations including DARPA and Israeli Ministry of Science and Technology.

It is centralised, with an organisation receiving significant coins directly from the protocol.

Opt-in privacy defeats much of the point and creates traceability issues - privacy needs to be the default for people to use it, for their coins to not be treated suspiciously if they turn on the privacy feature, and it is a requirement to have a large anonymity set.

Among other reasons, there are many...


Zcash has to have privacy enabled by the user. It’s not automatically private. Monero is automatically private.

https://electriccoin.co/blog/ecc-timeline-updates-and-planni...

Halo Arc removes the trusted setup and also sets shielded transactions by default.

ECC also has announced that they intend to work on implementing shielded assests which seem compelling: https://electriccoin.co/blog/zsas-ecc-progress-and-next-step...

One glaring issue is that there seems to be lots of tension between the community and the Zcash foundation (wrt power control).


To expand on this a little bit, non-default privacy means that use of privacy features becomes de facto suspicious activity, thus rendering them useless.

Another issue with Zcash is that it had a trusted setup, which is not an issue Monero has.


> To expand on this a little bit, non-default privacy means that use of privacy features becomes de facto suspicious activity, thus rendering them useless.

That's not a true statement as far as I understand how Zcash works. Right now there are >742K ZEC in the shielded Sapling pool, so there are quite a few people using it and you can not tell their shielded transactions apart.

https://electriccoin.co/zcash-metrics/

> Another issue with Zcash is that it had a trusted setup, which is not an issue Monero has.

Yes, but they took a number of steps to make sure that the ceremony for creating the trusted setup discarded the keys used and there was no one listening in. (they were geographically distributed and destroyed the hardware)


One thing that has always rubbed me the wrong way about Zcash was after I listened to this RadioLab recording wherein the reporter's (Morgan) phone started to play the audio from the Google hangout during the trusted setup ceremony.

https://www.wnycstudios.org/podcasts/radiolab/articles/cerem...

Skip to around 36 minutes for that.


Yes, I understand. That's why I'm specifically asking about the advantage of Monero vs when shielded transactions are used on Zcash.

Technical peculiarities aside, if all zcash transactions were shielded each protocol would provide comparable adequate privacy.

The best answer I've seen, is that zero knowledge proofs as Zcash uses in isolation are superior to the ring signatures that Monero uses, but Zcash has one major flaw in that it allows its anonymity pool to be small.

What I mean by this is that transactions in Monero are always private, while users of Zcash can choose to send public transactions. What this does is it makes the group of users who send private transactions through Zcash much smaller and far, far more susceptible to being identified through metadata and process of elimination.

This is heavily simplified - and Monero community members would be happy to get into the weeds with you about it if you were to visit their realms on the web, I'm sure.



I prefer Zcash's privacy perspective, but one thing I've noticed about using both is the zcash cli wallet is pretty terrible (especially if you're using shielded addresses) and the monero cli wallet is among the most user friendly cli apps that I've ever used.

Little touches like that keep making me reconsider the project in a favorable light.


Zcash's privacy perspective seems to be highly flawed because of the way it was implemented though (optional opt-in privacy): https://news.bitcoin.com/not-so-private-99-of-zcash-and-dash... and https://electriccoin.co/blog/new-research-on-shielded-ecosys...

Having the network boundaries be explicitly nonprivate and giving users the ability control when/where/how they negotiate the private/nonprivate boundary seems like a reasonable design choice to me. It makes the network more interoperable with nonprivate networks.

If the whole network private, then the privacy faults can only happen at its boundaries--which are places that the protocol designers have less control over. The alternative is having to wonder about what kind of identifying metadata the exchanges are leaking--and they're an easier target for an adversary.

Also, I have to imagine that the everywhere-private nature of XMR is why I don't see it on my exchange's list, while I do see ZEC there.

But I wasn't talking about that. With zero-knowledge proofs protecting the shielded transactions, your anonymity pool is essentially the entire set of people that use shielded transactions. With the Monero approach, your anonymity pool is large, but it's still a subset of the whole network.



There are two extremely cool projects with talented engineers who are pushing the boundaries of what’s possible. Anybody telling you otherwise is trying to sell you something.

The underlying math (read cryptographic implementation choices) and people backing Zcash are extremely suspect. These days everything gets all lumped under one crypto banner but from a first principles standpoint I find things like bitcoin and monero extremely sound. On the same basis I find, very unpopular opinion, say ETH, is just trash. Zcash is even worse in that it seems largely in intentional scam.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: