Super Testnet on Nostr: >it's called a "one-time" stealth address [because it] only ever appears on the ...
>it's called a "one-time" stealth address [because it] only ever appears on the blockchain once
"One-time" stealth addresses almost always appear on the blockchain multiple times. For example, this stealth address:
7d1526b3376ecc11530dc68650111013b125fa32b1d3c639bd7a694d8c6275f7
appears in two transactions. He receives money in this transaction: https://localmonero.co/blocks/search/936c2d0659e21d81f26388f9a21a2965085ab0e7dd3b4b97194967b05ca5fdff
And he appears as a possible sender in the fourth input of this transaction: https://localmonero.co/blocks/search/5470b681c6c443556722150f496f07b2b5d36c47b30c65cb132b9d0cbb5dff76
See this screenshot:
> Receiver privacy is zero knowledge
It is not zero knowledge. The receiver's "stealth address" is unencrypted and it is not in fact "one time." Despite some people calling it that, you cannot spend from it unless you put it on the blockchain a second time as a possible spender in a future transaction. So analysts can and do watch for that to happen and then use heuristics to estimate the probability of it being the "real" spender in that future transaction.
>"Using monero in a "plug and play" manner gets people arrested. For example, Chainalysis was able to successfully trace a monero payment to the right user in part because they had access to so many user IP addresses"
I'm saying in relation to Lightning it has better "plug-and-play" privacy than the average Lightning user who is using a custodian like Wallet of Satoshi
I'd like to deal with your contention that most lightning users use custodians here. You cite the following evidence:
> There is Zapalytics. Custodial wallets for Lightning zaps and addresses are near ~80%
That doesn't imply that users use custodial wallets for anything other than zaps. I use a custodian for zaps and then withdraw them to my self custody wallet whenever they grow to be worth about $20. I suspect thus usage pattern is very common.
> You can check out all major LN liquidity providers mempool space (mostly custodial wallets, CEXs, LSPs)
Of the top 10, half are self custodial (Acinq, C=, and 3 LNBigs) and half are exchanges (OKx, Binance, 2 Bitfinexes, and Kraken). And this doesn't tell you anything about the distribution of that money. Lots of people open a channel to Binance from their own node, because you earn money by doing so. The channel opener retains self custody of all of that money, but the amount of money listed as being in a "Binance channel" will increase. Just because it's in a channel with Binance or another exchange does not mean the exchange has that money. It just means that's a place where lots of money flows into and out of.
> Compare total downloads from custodial LN wallets, LSP wallets like Phoenix, and wallets that require or allow you to run your own LN node
Okay, I did, and here are the results: https://gist.github.com/supertestnet/5bceb60d9c691da744a55dad3f60e65e
As you can see, self custodial lightning wallets are more popular than custodial ones
> What is unique about this to Monero [i.e. having to run your own node over tor for good privacy]? Same thing applies to a Bitcoin and Lightning nodes
I agree, I'm just saying that if you have to do that for good privacy anyway, then do the thing that gets you better privacy. Run a lightning node, not a monero node.
> The only difference is if a Monero user is using someone elses remote node that node has way less information about transactions than a Bitcoin node or LSP/LN custodian
A lightning user who connects to a remote node reveals less information to that node about the sender and the recipient than a monero user who connects to someone else's remote node. This is because in LN the sender and the recipient are actually encrypted so that the remote node cannot see them; in monero, they are unencrypted, though at least the sender is obscured as being one in a group of 16. The recipient is barely obscured; most transactions only list 2 outputs.
Regarding amounts, the remote node in a monero transaction gets to see the total amount you paid in fees, and can use that to get an exact lower bound on the amount money in the inputs and an estimated lower bound on the amount of money in the outputs. In lightning, the remote node does not get to see the total amount you paid in fees, and, given the prevalence of multipath payments, they also don't know how much money you sent, though they can get a lower bound on it. This lower bound is less useful than the one monero gives you because it's harder to estimate how much of the payment flowed through your node.
>"And besides that, some custodians (like ecash mints) offer better privacy than monero"
Being custodial already disqualifies it from the same category as Monero which offers non-custodial privacy
Some users care more about their transaction being private than about having self custody of the money. I wonder if ecash mints are more popular than monero wallets. I'll have to think of a way to assess this statistically.
> Mints can see token denominations (amounts) so the anonymity set is fractured in buckets within each mint (1,2,4,8,16,32, etc). This means less common denominations such as larger amounts offer less privacy
Good point, I didn't think of that. Makes me want to get more statistics.
> Considering the attitude of the community and that Monero is banned from almost all major exchanges I would say custodial Monero users are far fewer
Exchanges like Kucoin and Huobi Global continue to list monero and do millions of dollars in volume in XMR trading pairs. As for the community, everyone in the monero community that I've talked to sings the praises of DNMs even though almost all of them take custody of user funds. (The largest one did an exit scam last year: https://x.com/DarkDotFail/status/1765104459913330820)
So I suspect custodial Monero users are a large percentage of the total -- especially since there aren't very *many* monero users.
"One-time" stealth addresses almost always appear on the blockchain multiple times. For example, this stealth address:
7d1526b3376ecc11530dc68650111013b125fa32b1d3c639bd7a694d8c6275f7
appears in two transactions. He receives money in this transaction: https://localmonero.co/blocks/search/936c2d0659e21d81f26388f9a21a2965085ab0e7dd3b4b97194967b05ca5fdff
And he appears as a possible sender in the fourth input of this transaction: https://localmonero.co/blocks/search/5470b681c6c443556722150f496f07b2b5d36c47b30c65cb132b9d0cbb5dff76
See this screenshot:
> Receiver privacy is zero knowledge
It is not zero knowledge. The receiver's "stealth address" is unencrypted and it is not in fact "one time." Despite some people calling it that, you cannot spend from it unless you put it on the blockchain a second time as a possible spender in a future transaction. So analysts can and do watch for that to happen and then use heuristics to estimate the probability of it being the "real" spender in that future transaction.
>"Using monero in a "plug and play" manner gets people arrested. For example, Chainalysis was able to successfully trace a monero payment to the right user in part because they had access to so many user IP addresses"
I'm saying in relation to Lightning it has better "plug-and-play" privacy than the average Lightning user who is using a custodian like Wallet of Satoshi
I'd like to deal with your contention that most lightning users use custodians here. You cite the following evidence:
> There is Zapalytics. Custodial wallets for Lightning zaps and addresses are near ~80%
That doesn't imply that users use custodial wallets for anything other than zaps. I use a custodian for zaps and then withdraw them to my self custody wallet whenever they grow to be worth about $20. I suspect thus usage pattern is very common.
> You can check out all major LN liquidity providers mempool space (mostly custodial wallets, CEXs, LSPs)
Of the top 10, half are self custodial (Acinq, C=, and 3 LNBigs) and half are exchanges (OKx, Binance, 2 Bitfinexes, and Kraken). And this doesn't tell you anything about the distribution of that money. Lots of people open a channel to Binance from their own node, because you earn money by doing so. The channel opener retains self custody of all of that money, but the amount of money listed as being in a "Binance channel" will increase. Just because it's in a channel with Binance or another exchange does not mean the exchange has that money. It just means that's a place where lots of money flows into and out of.
> Compare total downloads from custodial LN wallets, LSP wallets like Phoenix, and wallets that require or allow you to run your own LN node
Okay, I did, and here are the results: https://gist.github.com/supertestnet/5bceb60d9c691da744a55dad3f60e65e
As you can see, self custodial lightning wallets are more popular than custodial ones
> What is unique about this to Monero [i.e. having to run your own node over tor for good privacy]? Same thing applies to a Bitcoin and Lightning nodes
I agree, I'm just saying that if you have to do that for good privacy anyway, then do the thing that gets you better privacy. Run a lightning node, not a monero node.
> The only difference is if a Monero user is using someone elses remote node that node has way less information about transactions than a Bitcoin node or LSP/LN custodian
A lightning user who connects to a remote node reveals less information to that node about the sender and the recipient than a monero user who connects to someone else's remote node. This is because in LN the sender and the recipient are actually encrypted so that the remote node cannot see them; in monero, they are unencrypted, though at least the sender is obscured as being one in a group of 16. The recipient is barely obscured; most transactions only list 2 outputs.
Regarding amounts, the remote node in a monero transaction gets to see the total amount you paid in fees, and can use that to get an exact lower bound on the amount money in the inputs and an estimated lower bound on the amount of money in the outputs. In lightning, the remote node does not get to see the total amount you paid in fees, and, given the prevalence of multipath payments, they also don't know how much money you sent, though they can get a lower bound on it. This lower bound is less useful than the one monero gives you because it's harder to estimate how much of the payment flowed through your node.
>"And besides that, some custodians (like ecash mints) offer better privacy than monero"
Being custodial already disqualifies it from the same category as Monero which offers non-custodial privacy
Some users care more about their transaction being private than about having self custody of the money. I wonder if ecash mints are more popular than monero wallets. I'll have to think of a way to assess this statistically.
> Mints can see token denominations (amounts) so the anonymity set is fractured in buckets within each mint (1,2,4,8,16,32, etc). This means less common denominations such as larger amounts offer less privacy
Good point, I didn't think of that. Makes me want to get more statistics.
> Considering the attitude of the community and that Monero is banned from almost all major exchanges I would say custodial Monero users are far fewer
Exchanges like Kucoin and Huobi Global continue to list monero and do millions of dollars in volume in XMR trading pairs. As for the community, everyone in the monero community that I've talked to sings the praises of DNMs even though almost all of them take custody of user funds. (The largest one did an exit scam last year: https://x.com/DarkDotFail/status/1765104459913330820)
So I suspect custodial Monero users are a large percentage of the total -- especially since there aren't very *many* monero users.