Switch Bitcoin and Monero

[ghost]

See the #247 comment thread

@hyc:

Monero is still the only coin that is private by default - it's the one that should be recommended first.

[kewde]

If any coins deserves to be first, it's either Bitcoin (usability) or Zcash (technical superiority). I have been fascinated by ring signatures and RingCT (albeit for the wrong reasons, the small anonymity subset per transactions makes for interesting attacks) and I'll honestly admit: it's theoretically inferior to the anonymity provided by zk-SNARKs. I'm by no means saying RingCT is bad or doesn't work, but on an individual basis, a transaction by Monero is less anonymous than a Zcash transaction.

We already had a lengthy discussion about this in 207. I know we'll see a small flood of people supporting Monero making baseless claims, but the opinion of the biased masses don't automagically make it the truth.

[hyc]

Zcash is not private by default. It is this way for solid technical reasons - constructing a shielded txn takes several GB of RAM and multiple minutes of CPU time. Quit pushing for the "theoretically superior" solution when it's known not to actually work in the real world.

The fact is that 100% of Monero transactions are more private than 90% of Zcash transactions, because 90% of Zcash users don't use the privacy feature. Some of these take the default out of ignorance, some take it because they have no choice - e.g. busy crypto exchanges. Whatever the reason doesn't change the fact.

[ghost]

Monero (although the zcash proponents note that a ring signature is a "smaller" anonymity set, they usually don't mention that the stealth address factor actually means that each transaction is masked, whereas the ring signatures provide additional plausible deniability, furthermore, since keys appear in different ring signatures in different blocks in time, the anonymity set for when a given key is spent grows infinitely, and could eventually grow larger than the zcash anonymity set at any fixed instant in time) vs Zcash (anonymity set is the entire blockchain )

• Shen Noether

[DiMiTri101]

Monero first. Zcrash is shit.

[ghost]

@BitOfWisdon Your "link"s are not linked ;)

[c789]

Monero should be listed first. It is private by default. The other coins are not private by default.

Monero transactions are almost instantaneously constructed, vs. an impractical amount of time required to construct a private Zcash transaction.

Zcash's CEO has stated that their private transactions can be made too traceable. Peter Todd, a BTC developer and cryptographer who participated in the Zcash Trusted Setup, has called it a back door. Gregory Maxwell, another BTC developer and cryptographer, has said that Zcash is not unconditionally sound and that its Trusted Setup is a vulnerability.

Bitcoin is not anonymous. Mixers only make it more difficult to trace BTC transactions, and that degree of difficulty is getting easier as technology progresses. This is to be expected of a public, non-private blockchain.

[afighttilldeath]

I'm not qualified to comment about privacy in regard to Monero vs Zcash, however, as a currency, Zcash has an additional cause of concern that Monero and Bitcoin doesn't. Zcash required a trusted-setup while Monero or Bitcoin did not. If Zcash was compromised in the process, there is a potential that someone could create an infinite amount of Zcash. Whether or not user's privacy was compromised is less significant as Zcash ceases being a currency and looks more like monopoly money. While Privacytools is focused on privacy, I think it's fair to weight the potential that users lose substantial amounts of money into this equation. Bitcoin and Monero is truly decentralized while Zcash is not.

[knaccc]

Monero processed 3500 confidential transactions in the last 24hrs, Zcash did 631.

Sources: http://moneroblocks.info/stats/transaction-stats and https://explorer.zcha.in/statistics/usage

The fact alone that Monero is used 5.5x as much as Zcash for privacy critical transactions should give it priority.

Monero can be converted directly for fiat more widely at exchanges.

The cryptographic techniques behind Zcash are also newer and have been subjected to far less scrutiny than Monero's elliptic curve discrete logarithm primitives that have been proven secure over several decades.

[sneurlax]

To expound upon the point of Peter Todd's involvement in the Zcash 'trused setup' ceremony: that he took it so seriously (read up on all the measures he took to mitigate leaking of his portion of the setup process) should underscore the fact that Zcash's privacy as a whole is wholly compromisable.

If the trusted setup process were sound, he would not have had to go to such great lengths as he did in order to secure his portion of the setup.

Because it requires any trust whatsoever, the entire process is suspect. If we are to operate upon Occam's Razor alone, we must conclude the simpler option of either A) all participants used perfect operational and informational security and in concert with one another acted in good faith to erase all remnants of the trusted setup parameters and its output, or B) at least one participant either made a mistake or was a bad actor.

[ajs-xmr]

It would be great to hear arguments from Zcash proponents why they feel Zcash is technically superior.

[ghost]

@kewde @zookozcash

[afighttilldeath]

Zcash's reddit is a ghost town. Posted this three hours ago and all I got was a comment from a Monero fan on why Zcash would be considered more private than Monero.

https://www.reddit.com/r/zec/comments/6mlwnf/one_of_privacytoolsio_github_collaborators_opened/?ref=share&ref_source=link

[mineZcash]

As you can see by my username I am a Zcash proponent, but not an expert. I just saw this posted on Reddit and honestly have never heard of the site your issue is about until today.

I just wanted to point out that the concerns about Zcash regarding the trusted setup should be confined to possible arguments about unbounded inflation, but not compromises in privacy. This is due to the fact that if the trusted setup were somehow compromised the attacker would be theroretically be able to forge coins but the privacy of all Zcash users transactions would still remain intact. https://z.cash/blog/the-design-of-the-ceremony.html

I will say that both Zcash and Moneros approaches to privacy both have benefits and drawbacks so neither is perfect but I do feel that the greater anynomity set provided by Zcash's method is a better approach overall.

Also I think the fact that Zcash has chosen to make private transactions optional (for now, which will likely change in the future) which has resulted in the majority of the transactions on the chain to be transparent is more indicative of the lack of real-world use cases for all anonymous currencies (including Monero). Which has resulted in most of the daily transactions being conducted by day-traders on exchanges, mining pool payouts and individual miners.

Lastly, I would suggest that whomever is deciding on this particular issue should decide what the specific privacy metrics are before making a decision on which is "better". Is it the actual technical side of the coin? Or is it the politics surrounding the coin that matter most?

Thank you- Gibson

[BFCE]

Defaults don't matter. ZCash is more secure. People that can't choose "Private Address" when doing private transactions shouldn't be using cryptocurrency in the first place

[ghost]

@DiMiTri101 Don't include the original message when replying via e-mail.

[ghost]

@BFCE

ZCash is more secure.

Could you back that statement?

[DiMiTri101]

Yea sorry this site sucks

On Jul 11, 2017 12:59 PM, "Samuel Shifterovich" notifications@github.com wrote:

@DiMiTri101 https://github.com/dimitri101 Don't include the original message when replying via e-mail. It's ugly, but more importantly an adversary could mute this thread for you, since you included the unsubscribe link.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/privacytoolsIO/privacytools.io/issues/256#issuecomment-314507612, or mute the thread https://github.com/notifications/unsubscribe-auth/AantDiX_liGyQ7E6oszcEahFDOY4G9l5ks5sM6nYgaJpZM4ORruq .

[WalterMagnum]

Considering ZEC wallets have been frozen on at least 2 of the top exchanges due to rumors, I think that offering statistics on how many private transactions have been completed in the last 72 hours+ is a completely useless statistic. I wonder how many of the posters here are involved in these rumors. This is just unregulated FUD at its very best.

[hyc]

@WalterMagnum Since no exchange supports z-addresses I think the fact that ZEC exchange wallets have been frozen is irrelevant to the question of how many private transactions have been completed.

But it still highlights the fact that the raw usability of ZEC private transactions is still vastly inferior to the majority of cryptocoins, private or otherwise.

[WalterMagnum]

@DiMiTri101 Zcash is not meant for speed. It is meant for privacy. A simple google search will tell you this. That is some well crafted FUD though. Well done. Someone who has no clue what they are looking at will read your post and take it to heart.

[WalterMagnum]

@DiMiTri101 No one has given any reasons why Monero is superior in privacy to Zcash other than the fact that you must indicate whether you want your ZCash transaction to be transparent or private. This doesn't even seem like a drawback. All I see here is FUD and misinformation. Monero holders praying on the uneducated/misinformed.

[WalterMagnum]

@DiMiTri101 Personal attacks will not prove your point to anyone who is rational. You simply discredit yourself.

[WalterMagnum]

@DiMiTri101 Here is an explanation of ZEC SNARKS. https://z.cash/blog/snark-explain.html It isn't very hard to follow. It is mostly high school or undergrad level mathematics.

[WalterMagnum]

@DiMiTri101 Are you even reading their site? You are using "toxic waste" and counterfeiting so out of context. Here is a page explaining it quite simply. https://z.cash/blog/the-design-of-the-ceremony.html

[WalterMagnum]

Also, here is the Zcash github. Development is not closed source and is not private. https://github.com/zcash/zcash

[WalterMagnum]

@DiMiTri101 Yes, that is more copy/paste out of context. Please read that page. It is clear that you just used Ctrl + F, and copy/pasted the first line you came across that fit your purposes. I really hope folks are willing to actually read this stuff and not form their opinions on 1 line of text.

[WalterMagnum]

@DiMiTri101 So you would prefer them to lie to you? All cryptos have their pros and cons. There is no perfect currency. I am done being trolled.

[SamsungGalaxyPlayer]

To try and bring some substance back into this conversation, I will stick to the facts:

Yes, Zcash could THEORETICALLY hide the sender in a transaction better than Monero can. However, this isn't the only part of the story. Monero's transactions are:

1. Always private. Only 399 transactions in the past month are within z-addresses in ZCash. This is the only situation where a transaction could potentially have greater privacy. Monero has had 20507 transactions in the past month that hid both the sender and receiver.

2. Better supported. No exchange or unofficial wallet provider (eg: Jaxx, Coinomi) supports z-addresses. So if a user withdraws Zcash from Poloniex, the transaction is completely traceable. A Monero withdraw would hide the receiver and amount to an outside observer.

3. More practical. Monero transactions can be signed on pretty much anything, including a Raspberry Pi. Zcash needs a powerful computer and several minutes of computational time. Few users will use this feature from the large effort required, as evidenced by its low use. Furthermore, this intense requirement will prevent third parties from supporting z-addresses, though Monero could be supported with little system resources.

One important factor in privacy is implementation, and I believe that Monero's privacy features are implemented better.

[WalterMagnum]

@SamsungGalaxyPlayer If you are looking to make private transactions, why would you use an exchange? Wouldn't using an exchange defeat the purpose entirely? You would be relying on the exchange you use to protect your privacy as well as the crypto you are exchanging.

The most upvoted post here promoting Monero is made by @hyc who has his own Monero github forks. Check his repos.

[SamsungGalaxyPlayer]

@WalterMagnum even if you never use an exchange, any transaction that includes a t-address on any side sacrifices privacy. Since no merchant, wallet, or anything else supports z-addresses, it largely limits private use to a store of value in the official wallet. The second you spend it, you are no longer private.

With Monero, you can use your Monero without losing your privacy.

[WalterMagnum]

@SamsungGalaxyPlayer More shameless promotion by a Monero contributor. Well done.

The discussion in this issue is unbelievably biased.

[DiMiTri101]

Monero is private by default

[SamsungGalaxyPlayer]

@WalterMagnum if you have any evidence that says I am wrong, please bring it up. I do not think Monero is perfect, but I feel that, with the evidence, it should be shown ahead of Zcash for my given reasons.

[BitOfWisdon]

Yea Monero is private by default. Zcash is not. Just the facts. Take it or leave it.

[WalterMagnum]

I just checked. Nearly everyone posting positive things about Monero here is an active Monero developer. This includes @hyc @SamsungGalaxyPlayer @lethos3 @c789 @afighttilldeath @knaccc @sneurlax Check their github accounts for yourselves. Everything they say should be taken with a grain of salt.

[SamsungGalaxyPlayer]

@WalterMagnum I agree with you on this point. However, you (or anyone else) are still not answering any of the concerns about Zcash.

Monero was originally listed first, though it was demoted without any discussion or stated reason.

[BitOfWisdon]

Samsung galaxy is not a Dev

[WalterMagnum]

@BitOfWisdon Yes he is. Click on his name, then look at his repos.

[BitOfWisdon]

Not quite

[BitOfWisdon]

For the website? K

[WalterMagnum]

@BitOfWisdon You are right. Someone developing a website that relies on Monero's success has no stake in the success of Monero. (sarcasm) Come on...

[SamsungGalaxyPlayer]

@BitOfWisdon @WalterMagnum regardless of the circumstance, this is distracting from the overall merge request. Even if I don't do any significant development work, I still am involved in the Monero project on a completely unofficial level. Something that others should take as a potential conflict of interest.

Nevertheless, I feel I have expressed concrete, factual reasons in support of the change. Can we please all focus on these?

[DiMiTri101]

@SamsungGalaxyPlayer I tried that, it's too biased for him

[WalterMagnum]

@DiMiTri101 No you didn't. You claimed ZCash development was closed source and run by a corporation. When I linked the open source github repository you deleted your comments.

You then constructed statements that were copy/pastes of segments from the ZEC website completely incorrect and/or out of context. When I linked the official ZEC pages for you, you deleted your other comments as well.

[BitOfWisdon]

He doesn't take in any information. SGP just fucking explained everything Like a 5 year old.

[ghost]

@WalterMagnum So the only argument against Monero in this thread is that the arguments why Monero is good were stated by Monero supporters/developers?

[mineZcash]

Although this thread seems to have digressed into somewhat of a flame war, I aim to keep my perspective as neutral as possible even though I am admittedly a Zcash proponent. As I understand it the aim of the website Privacytools.io is to provide end-users information about which coin a user can reasonably expect to gain the highest level of privacy for their transaction.

With that in mind I consider the users perspective that many of the attributes referred to so far in this thread are not really relevant to providing the highest level of privacy for a transaction, namely:

Transaction Size/Transaction Time/Block Time/Block Size/Mining, etc.. = Not relevant to transaction Privacy

Trusted Setup/not liking Zcash Company = Not relevant to transaction Privacy

Third party support/Lite wallets = Relevant to ease of adoption but not relevant to actual transaction Privacy. (last I checked no lite wallets like Jaxx support Monero yet either)

So at the end of the day, if I’m a user trying to privatize my transaction my biggest concern would be: Which coin has the largest anonymity set that cannot be statistically linked back to me?

As proponents point out there have been more private transactions with Monero in the past day/week/month/year because users don’t have a choice to use transparent transactions like with Zcash. But what they neglect to mention is that the average number of Mixins used in those private transactions is disconcertingly low, 73% of the private mixins have only 2 (!) participants, less than 25% have 3-9 and less than 2% have ever used more than 9 participants. http://moneroblocks.info/stats/ring-size

Whereas Zcashs anonymity set (mixins?) is every fully shielded (and to a lesser extent partially shielded) transaction ever made, and that number increases every day.

So from a users perspective I would feel that Zcashs larger anonymity set would make my transaction much more difficult (if not impossible) to trace through blockchain analysis techniques, thereby making my transaction more private.

[knaccc]

After Monero's privacy mechanisms, Monero's greatest strength is its large, active and welcoming community.

Monero's Reddit has 14,970 subscribers, Zcash has 3,525

Sources: http://redditmetrics.com/r/Monero http://redditmetrics.com/r/zec

Monero has its own active StackExchange. Zcash attempted it and could not gather the momentum, so it was deleted https://forum.z.cash/t/the-zcash-stack-exchange-proposal-is-about-to-get-closed-please-contribute/1854

And as has been pointed out, there has been an outpouring of Monero community members to come to this thread to make the case for Monero. Where is the ZCash community?

Monero has hardware support coming from the Ledger Nano S, and there are funding proposals to implement it in Trezor. Zcash can't run on low power hardware wallets because the computation and memory requirements to construct a transaction are too extreme.

If people want to conduct Zcash transactions on the go, with anything resembling a manageable transaction construction time, they'd better be carrying a dual Xeon in their backpack.

[mineZcash]

@knaccc It's not surprising that the Monero community is larger considering Zcash has only been around for 8 months, I agree that a strong community is important but I don't see what that has to do with the soundness of the protocol, which is what I thought this issue was about.

Secondly as far as computation goes the team is already testing methods that reduce the memory required to 1.5GB from 3GB which would make private transactions possible for the average smartphone and plans for payment offloading mechanisms that will pave the way for extremely lite wallets: https://github.com/zcash/zcash/issues/2322 Not that that has anything to do with the issue at hand either.

But if it turns out this issue is just a popularity contest and not an honest comparison of the technological soundness of both approaches to privacy, I will bow out now and thank you all for your time.

[knaccc]

@mineZcash A strong community means that users will have no shortage of places to go and people to ask for help with making transactions. This is an important consideration.

When it comes to privacy, anonymity set size matters. Despite Monero's ring size not including every single Monero user's outputs, with a few intermediate transactions Monero's anonymity set size will encompass the majority of Monero users. Ring sizes multiply the anonymity set size a user enjoys with every intermediate transaction, meaning it gets very large very fast.

This means after receiving funds from someone that knows your identity, you can completely sever the link between the outputs they sent you and the outputs you use in payment.

This means Monero, today, because of its larger userbase, can deliver a greater anonymity set size than Zcash can.

If the cryptographic techniques used are sound then all that matters, for privacy, is anonymity set size. On this basis, at the time of writing, Monero wins hands down.

And as I've mentioned, Zcash's cryptographic techniques are not proven to the extent that Monero's are. You can't claim technical superiority if your cryptographic techniques are not adequately proven by extensive peer review.