😵 some people just don’t care

It’s their job though, not their personal life, so they might care less

I imagine you keep your password manager unlocked, or as not requiring 2FA on trusted devices then? Re entering 2FA each session is annoying

You still have the treat of viruses or similar. If someone gets access on your device while the password manager is unlocked (ex: some trojan on your computer), you’re completely cooked. If anything it makes it worse than not having 2FA at all.

If you can access your password manager without using 2FA on your phone and have the built in phone biometrics to open it like phone pin, finger or face, someone stealing your phone can do some damage. (Well, the same stands for a regular 2FA app, but meh, I just don’t see an improvement)

I have never understood the goal of passkeys. Skipping 2FA seems like a security issue and storing passkeys in my password manager is like storing 2FA keys on it: the whole point is that I should check on 2 devices, and my phone is probably the most secure of them all.

The protocol doesn’t try to use each output 16 times actually, that could be pretty nice I guess. I was just saying that statistically, you should get an average of 16 times because, well, the ring size is 16. The actual may vary quite a bit, and your output might potentially never be featured as a decoy, or featured 100+ times. It isn’t likely though. I just used 16 because it is simpler this way.

I never watched the breaking Monero series, I should take the time to do it

And yea, really excited for FCMP++ as well :) - most chain analysis stuff will go bye bye

For real

OP is literally churning, just to a different wallet if his.

If transactions aren’t completely swept and they keep a non-zero change output, it makes things worse

Churning is fine if you have coin control and keep note of your outputs

Different wallets are fine if you manage to keep track of everything and properly sweep outputs. Avoid spending multiple churned outputs together if you can to prevent linking them together, but apart from that, it’s good.

I was really happy this topic was discussed. Decoys being chosen by the remote node is a real threat. IPs are discussed but any individual willing to hide their identity will either go through tor or a VPN that claims no logs are stored

If you use your XMR on something with your mail on it, with any personal info linked or with a CEX, you’re cooked

You’re right and wrong. Churning will reduce the traces linking back to you, but you’re still exposed at 1 churn per output, when including 10 outputs. You would even be exposed when spending 2 outputs from the same source

As you know, each ring currently has 16 transactions, including you. This means, on average (more or less because of other factors, but still), each output will be featured in 16 transactions. We can therefore assume that 1 in 16 of those transactions is real (in reality the distribution is not that perfect, but as an average, it is important to know the consequences).

You now have a 1 in 16 chance of being traced. Statistically, the transaction you made has 6,25% chance of being made by you. That’s pretty high for a single poisoned output, right?

Now imagine you spend 2 poisoned outputs… the distribution algorithm is not evenly distributed: older outputs are less likely to be picked than newer. This means you get a situation where the older your 2nd poisoned output is, the more you’ll stand out. The math is not that easy the make, but just knowing that each output will only be included 16 times on average, and that there are a lot of transactions so a lot of outputs, it becomes really unlikely that 2 of the poisoned outputs that are linked to the same individual end up in the same transaction if it was not made by the individual of question itself.

With 3+ poisoned outputs you basically confirm that it was the same person. Might not hold up in court, but they’ll definitely know

10+ poisoned outputs? Definitely you.

Churning each output only multiplies the number of possibilities by 32 (16 for one output, 32 in reality because 2 outputs are generated). This will certainly throw off the basic chain analysis methods, but if you’re a person of interest, all the linked outputs will be analyzed. All outputs that are created by including poisoned inputs might be considered, effectively multiplying the number of possibilities by 32 as said earlier. If I tried to spy on someone with this, I would probably set a higher suspicion level on the first transaction level, then less on the second… assuming chain analysis software does that as well, churning would actually divide the chances of being caught by more than 32 but lets assume they don’t do that as it’ll be easier. You now have 1 chance on 16^2=256 so 0,39% chance of having done a transaction with a churned output in between for a single poisoned output. Still pretty high if you want my opinion. If you do that multiple times, you’ll stand out for sure. Including multiple outputs will also expose you a lot. Spending 10 churned poisoned outputs will definitely expose you.

I should just make a blockchain analysis program and test transactions with it 😂

My recommendation: if you’re going to spend multiple poisoned outputs at once: churn them together into 1 output (it’s called sweeping afaik), then churn this individual output. The initial churn merge will make the transaction stand out, but since you only have one output to churn, you reduce the traces.

Please correct me if I’m wrong, I have put a lot of time thinking about all of this but I might have forgot to include some specific things. I already noticed that all transactions include 2 outputs (at least), so the possibilities are multiplied by 32, not 16 as was my initial assumption

Woops I omitted this crucial information from the title, fixed. Sorry for that.

Yes and no

Not that much against government but for everything else, it’s pretty good indeed

You nailed it, it’s all about the threat model

Bro went out of his way to be annoying

Let people buy the shit they want

I’ve already paid a lot of legal things and donated a lot with crypto. It’s pretty much the only way to pay online without giving away your personal info

At KFC they’re in a red plastic box of the same format. Can’t buy them cuz of reusable packaging laws in France, but that’s what I thought first when I saw this emoji

Yup it’s pretty good, although I would’ve liked it better if they provided a good way to export the data to another app

It’s just that the decoy selection algorithm picks decoys in a specific way. Its patterns can be exploited, but don’t stress about it. Churning will make up for it, it’s not that big of a deal. Just avoid spending outputs exactly after 10 blocks as it’s waaaaay more common for real spends than decoys (we can see that the Monero blockchain has way more spends on <20 blocks old outputs than the decoy algorithm proposes), especially when churning. Wait at least a few hours to a few days between churns

I didn’t really understand anything x)

Either are fine, as long as you have churned enough. Typically, the more time between transactions, the better it is. Withdrawing once per month will probably be absolutely fine.

The recurring usage patterns of XMR are either spend outputs quickly, or wait a long time. Spending old outputs will stand out a lot, but spending newly created outputs (like 15 blocks old) will also stand out quite a bit.

More time also means more chance of your outputs being included in transactions of other people, so more decoys at the time of spend.

I’m not exactly sure of what you meant.

I’ll try to answer the best I can, can you reformulate pls?

— The text below is not directly related to the post —

And yea sorry it’s pretty much always me that goes on the statistical things and traceability because that really interests me, but as you can see most people will tell you that it’s not really needed, and realistically, for 99% of people, no efforts will be made to monitor their transactions. It’s still nice to know that and churn if you’re extra paranoid like me, or you have a threat model that justifies you go this route.

XMR is a lot less traceable that regular crypto, and no one will follow a random person’s transactions for no reason. But on the other hand, churned XMR is a lot less traceable than XMR used directly. It’s all about how far you need to go and you’re willing to go.

Do note that churning might harm the amount of decoys overall, as you’re creating 2 outputs, 1 of which is a 0XMR output that you’ll never use, so you’ll never generate a transaction with it, and as such, won’t blend it with 15 other transactions. It’s not significant, but if everyone churns, that might lower the average amount of transactions your output appears in. We’re still very far from that happening though. And no, statistically, generating a 0XMR output will not help other people find the real output with value (or know that you churned) because it’ll only on average reduce by 1 the amount of transactions your output will appear in. The current average should be close to 16, so that’s not reliable enough to track you.

And again I spoke too much and talked about another subject that you didn’t ask for x)

Depends on your threat model. If you’re not being monitored, then repeatedly churning might be too overkill

You’ll never be able to properly block it

You can just go to Reddit instead. Same thing.

You’ll have to explain me how 15 decoys are enough to make you untraceable, there is still roughly a 1 in 16 chance that a transaction your output is the real spend in a transaction where it is included.

Imagine you are A, and B and C are two different third parties

If B -> A -> C, then all good

But if B -> A -> B, then there is a 1 in 16 chance (in the best scenario for you) that in B’s eyes, you were the real spend. Add to that the fact that most people don’t churn and B doesn’t have many customers, and it becomes a lot more likely that you were the real spend (I’d bet my money on it).

CEX or not, you’re still traceable

Seems good!

About the Monero software, try using Feather Wallet. It gives you more infos about your outputs (you can select each one individually), handles everything better, and usually syncs faster (with remote nodes). I advise using Tor nodes (Tor support built-in) or using a VPN

Use a trusted remote node, as they’re currently pretty much able to track which outputs are used as decoys, as your client asks for them

Locally syncing by downloading the blockchain is still the best way as you will leak less things, but is super slow. Pick your poison (or run your own remote node!)