13
Skepticism Sunday #3 — August 4, 2024
(monero.town)
This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.
Wallets
Android (Cake Wallet) / (Monero.com)
iOS (Cake Wallet) / (Monero.com)
Instance tags for discoverability:
Monero, XMR, crypto, cryptocurrency
If you have a node - you can just use RPC to get all the info you need (or self-host a blockhain explorer connected to your own node if calling RPC manually is too complicated), no need to use public block explorers.
Imagine you have received an output (a transfer) from a CEX. Immediately (well, after 10 blocks) other people start using your output as a decoy in their transactions. After some time, you actually use this output in a transaction. From what the CEX knows (we assume they are bad guys who try to spy on you) there are hundreds (or more) of transactions where you potentially could have spent your XMR, they don't know which one is the real spend though. Now you go and use the transaction hash to see its status on a blockchain explorer that is hosted by CEX. Assuming they can correlate your identity (e.g. by IP/cookies/fingerprint/etc.), they now know that you specifically checked a transaction that possibly spends the output they sent you. They cannot prove that you spent it, but it would be a reasonable assumption (why else would you check that specific transaction?). Now, on it's own it doesn't give them much info (although your privacy already has been partially compromised), as the destination address is hidden as well as the amount. But if the receiving side of your transaction also cooperates with your CEX, and they tell CEX that the amount they received is the same (minus fees) as you withdrawn from the CEX (or even worse, they somehow also correlated this transaction with your identity) they now can be even more sure that it is your transaction (even though they still can't prove it).
So, Monero is doing its best to protect you, and you still have plausible deniability, but in those very specific circumstances bad actors can be reasonably sure where your money went.
FCMPs will fix that :)
Oh absolutely there's no way I'm using CEXes for this. Thanks for the explanation