This isn't deanonymization, it is modifying and infiltrating nodes to then listen what is happening from naive users connecting to them.
There was never an expectation of privacy when you connect to servers outside your control with non-encrypted data. That is the reason why the article itself mentions that this isn't working when running your own node, as most people do.
This is the same thing as complaining that Monero is no longer anonymous because Windows is capturing screenshots and keyboard presses when you open the desktop app.
Monero remains anonymous by default.
In practice they (allegedly) took anonymouse transaction and linked it to real world identity. Call it what you want.
The transaction wasn't really anonymouse in the first place, but I agree that the UI should warn users more when working in "light wallet" mode.
> running your own node, as most people do.
Huh, surprising -- it's very different from most people using most software. (Of course HN is not most people.)
I tried to fill myself in by asking Claude Opus neutrally "do most users of Monero run their own node?" and was told it couldn't find good data, it's community-promoted behavior, but there were multiple reasons for skepticism.
I have no idea, I'm just noting my surprise.
It's literally in their FAQ: https://www.getmonero.org/get-started/faq/
Anyone curious about how Monero is implemented would immediately understand why it's a bad idea to use remote nodes.
>What is the difference between a lightweight and a normal wallet?
>For a lightweight wallet, you give your view key to a node, who scans the blockchain and looks for incoming transactions to your account on your behalf. This node will know when you receive money, but it will not know how much you receive, who you received it from, or who you are sending money to. Depending on your wallet software, you may be able to use a node you control to avoid privacy leaks. For more privacy, use a normal wallet, which can be used with your own node.
Most people don't know nor use Monero at all.
Most monero users are on the desktop where the common practice is to download and run their own nodes and/or use monero from Android on apps like CakeWallet, where their node is used and assumed as trustworthy.
To give background info: most users are on desktops because monero mining happens using CPU and instead of GPU, so they install the wallet which comes with a miner included and installs the node as well. They basically make some little income every single day and accumulate that profit.
The other miners like GuPax also install a node on the local computer as well, so a large majority of users simply runs nodes locally because they don't want to send their hashes to remote nodes which might fool them.
Thanks for explaining. I'm still confused: CakeWallet (and similar) were a reason to doubt the original claim. Are these "popular" wallets rarely used, or are you considering the nodes that they trust as equivalent to your own node?
People using monero tend to be well informed, or at least better informed than average crypto users. What I see happening is that most users have at minimum three different wallets: One for mining on the desktop, one "cold" wallet for storing the bulk of their money and then one wallet on cakewallet with pocket money for the convenience of small and fast transactions (e.g. donations, small payments).
From that sense in regards to CakeWallet: Android isn't anywhere secure and there is a real danger that key credentials are stolen by rogue apps. In the end doesn't really matter much about whichever nodes are trusted by cakewallet because the monetary values hosted on those Android wallets don't tend to have much value much to begin with.
I've been a long time user and never saw reports of cake wallet being insecure or people losing their wallet money from there. In either case most people using monero tend to be extra cautious from the start.
I don't know what asking AI adds to the discussion.
Well reading comprehension tells us they were surprised that most monero folks run their own nodes and that they were unable to find supporting information.
Your comment however does actually add nothing.
No, reading comprehension tells us that Claude Opus output the "unable to find supporting information" claim, which abecedarius faithfully relayed to us. There's no evidence in the text that suggests abecedarius attempted to find supporting information.
It was a form of "huh, interesting. I tried to quickly find some more evidence for this but failed."
If Claude as search engine were able to link to some backing (maybe like "we estimate around n nodes regularly joining the network, which roughly matches the order of magnitude of estimated users" ) -- that'd be great! I'd have said I was surprised but look what I found.
Instead:
- it couldn't dig up anything supporting, except that Monero sites encourage users to run their own node;
- one point it raised against was confirmed by another reply to my comment ("apps like CakeWallet, where their node is used and assumed as trustworthy"). (Claude listed the same and a couple more wallets it called "popular" with similar trust dependence.)
I agree with GP that just relaying a chatbot is rude. That's why I didn't do that.
Okay and if they had said Google we wouldn't be doing this dance, people just hate AI and its obnoxious to see comments about it on HN all the time. On a crypto post no less.
We get it you guys don't like AI, next!
It is equally obnoxious to people who talk about AI for everything as if it is a savior, it's a tool use it or don't.