122 sats \ 5 replies \ @tenderscore 29 Jun 2022 \ on: Privacy on Monero vs Bitcoin with Seth for Privacy — What Bitcoin Did bitcoin
-Fungibility refers to math. Bitcoin is completely fungible, regardless of what rando definition you give "fungibility"
-I wouldn't touch bitcoin if its L1 wasn't completely transparent. You'd quickly run into the trust problem that gold faced (paper L2 whereby custody was required and that custody was unaccountable)--which is where don't trust, verify originates. Bitcoin solves this because only bitcoin travels on its L1, an L1 which is trustless and transparent
-Bitcoin's security mechanism hardens with time. When a circular economy arrives, billions globally are using the network, the data set expands exponentially, and layers are scaled in, its pseudonymity is more than sufficient. It's already hard enough to find the transactions of the public DeFi/CeFi companies blowing up around us even with blockchain forensics
-If we're all hiding in the dark broadcasting transactions, that means the decentralized money never separated money from state and failed in basically every regard. It's still just a discrete payment network
-If your L1 is not transparent, there's no reason for PoW
-What good is anonymity when ordering something online and providing a shipping address? If you think the protocol layer alone solves the problem of government fuckery, you're naive. My utility bill and car payment have my name, email, and address attached
-Anonymity can be easily weaponized against the system. It can also be exploited by shady governments and businesses--both of which should be required to share Xpubs. More accountability here, not less
-Bitcoin doesn't have a privacy problem. It's drag comes off-chain from erstwhile hegemons, and no amount of L1 forking will fix the meatspace. The money will fix the meatspace over time, as will knowledge, utilizing your rights, voting, etc
-Monero is fine and extreme privacy has utility (for now). It might always exist as a discrete payment network that eventually acquires its liquidity from BTC herself. It's unfit however, to be a world reserve currency
write
preview
520 sats \ 4 replies \ @sethforprivacy OP 29 Jun 2022
A lot to unpack here but I very much disagree with most of what you've said.
  • Fungibility doesn't refer to math, it refers to real-world implications of how something is valued. If some sats are worth less or less spendable because of history, Bitcoin is not fungibile. This has already been widely proven and is growing as an issue: https://sethforprivacy.com/posts/fungibility-graveyard/
  • Monero is verifiable and trustless in similar ways to Bitcoin, I'm not sure what you're getting at here. All nodes/miners validate transactions just the same, you don't need transparency, you just need good cryptography.
  • Banking on the "too much data" argument is one that goes directly against Moore's law (and other similar ones) that the ability to compute on this data and make sense of it will only get better, and Bitcoin's arbitrary hard-cap on blocksize means that the amount of data they have to crunch cannot be more than a set amount per time period. Privacy through obscurity is a poor approach and never works at scale, especially when all data is published to an immutable ledger they can crack at any point in the future.
  • No idea what you mean here, I don't want my transactions public no matter what, in a perfect world or a dystopian one.
  • ???? You still need PoW to have decentralized consensus and transaction validation, prevent double spends, etc. What do you mean here?
  • A very dumb comment that drives me insane -- Monero (or any other privacy-preserving tool) helps with some aspect of privacy, it obviously doesn't solve all problems you might face. It has to be paired with broader personal privacy, but even when I'm giving out my address I don't want to also give out my financial details. Monero fixes this.
  • If you can force a government to be accountable, you can do the same in Monero by forcing them to share view keys. This is not unique to Bitcoin and can be easily enforced in Monero if you have power over governments. Why rob every user of privacy for the transparency of a few that you can theoretically force to be transparent anyways?
  • No idea what you're saying, except the false statement that Bitcoin doesn't have a privacy problem. It has a deep-seated privacy problem that leads to arrests, oppression, censorship, and fungibility issues today and will only get worse as we enter a more adversarial environment around Bitcoin.
  • Idc about a reserve currency, and this hyperbitcoinization pipe-dream being sold to Bitcoiners by "influencers" is one that is far detached from reality and leads to so many of these clear and problematic issues being brushed away with "fix the money, fix the world" nonsense that assumes all our problems go away when Bitcoin gains magical world-wide adoption.
reply
10 sats \ 3 replies \ @0260378aef 29 Jun 2022
Monero is verifiable and trustless in similar ways to Bitcoin, I'm not sure what you're getting at here. All nodes/miners validate transactions just the same, you don't need transparency, you just need good cryptography.
It would be much easier to claim this if both of the well known, serious attempts at implementing cryptographic privacy over transfers in a cryptocurrency (Monero, Zcash), hadn't suffered from inflation-creating bugs, already (only years after both being created). In one case, this (potential) inflation was invisible, which can reasonably be argued to be the worst bug imaginable in a cryptocurrency (even worse than arbitrary spend/stealability .. it's arguable, but you can make that argument!).
If fungibility is binary and Bitcoin isn't fungible, then you are wasting your time with Monero, since it does not eliminate the transaction graph, it only obfuscates it, and does so with non-trivial tradeoffs. If a binary 1 for fungibility is what matters, you shouldn't look at anything with a lower privacy bar than Zcash in this case (and even that doesn't quite get there, though it's extremely close ... again with unacceptable tradeoffs imo).
In my opinion the accumulation of state over time, extra expense of space/computation, and by far the most important - the danger expressed in my first paragraph above, is why we never got any energy behind creating some form of blinding or obfuscation of amounts and tx graph in base layer bitcoin. Even the experts who proposed it admitted there is a tradeoff, in implementation risk, cryptographic risk, and scalability. That's why higher layers are going to be the more effective way, long term. I do not support Monero or Zcash or other similar projects, because an endless fracture of Bitcoin into other coins to fix limitations just leads to a failure of the cryptocurrency project overall.
With a little bit more cohesive effort we can get much better effects at higher layers.
reply
20 sats \ 2 replies \ @sethforprivacy OP 30 Jun 2022
I spent a good bit of time in the podcast walking through these tradeoffs, I am both aware and honest about them.
But the advantage of gaining strong privacy for every user of a tool far outweighs the minor risk of implementation bugs leading to inflation (a risk that Bitcoin also has, it's just always detectable there). You can read more of my thoughts on auditability here: https://sethforprivacy.com/posts/dispelling-monero-fud/#you-cant-audit-the-monero-supply
As for fungibility, what matters is fungibility in practice -- in practice Monero's holistic approach to privacy has provided perfect fungibility to date with no signs of that changing. People confuse ring signatures as the only aspect of privacy on Monero, which they are absolutely not (as, again, I walked through in-depth in the podcast episode). Yes, Zcash has a slight edge to potential privacy, but far worse real-world privacy due to allowing transparent transaction (and thus 95%+ of transactions being non-private).
reply
101 sats \ 0 replies \ @tenderscore 30 Jun 2022
A global reserve currency isn't a discrete payment network. It's money economies hedge with, money governments use, money businesses use, money everything is settled in. It's not just for the pleb buying lunch. A global reserve currency that is DECENTRALIZED won't work without a transparent L1. If transparency of the financial system's base layer (fiat/debt) existed today, governments would have the minority data. They'd be screwed and couldn't survive the free market dynamic that creates. Their manipulation that targets stable fiat pricing wouldn't work.
You're standing way too close to the protocol and code like most devs do.
For example, when I ask most devs by what mechanism their protocol creates an overabundance of goods and services outside the money, they don't know what that means, because they've never considered the fact that if money is separated from state, then there's no government left to incentivize energy production, to subsidize it, and enable an overabundance of it. You can't have an overabundance of goods and services outside the money without an overabundance of energy. And since energy and energy efficiency are how we can directly measure the prosperity of a nation...My point is, without this, deflation is an absolute nightmare. So, like the first question I ask any aspiring politician: what's your energy policy? If you haven't got one on a massive industrial scale, your money and payment network will never be anything more than a discrete payment network, which is fine. Chucky 🍕Cheese has one of these with their tokens. I can buy pizza with them. This isn't a world reserve currency though. Only bitcoin possesses this property, which is what attracted me to it.
Lastly, what's Monero's plan to scale the velocity of money to the velocity of information the internet achieved?
Privacy doesn't fix the money or world. We already have plenty of privacy with paper money.
reply
10 sats \ 0 replies \ @tenderscore 30 Jun 2022
By the way, found your podcast with Peter excellent and quite informative. Some good points, regardless of our disagreement here.
reply