Saki

can’t read; access-controlled/non-libre

we’ve demonstrated that GitHub is fine as a platform for collaboration, knowing that we will detect any malicious activity on GitHub’s part really quickly as git acts almost as a blockchain

I don’t worry about source code integrity, but purely privacy-wise, it’s far from being ideal that users must access GitHub, monitored and recorded everything by Micro$oft.

The CCS Wallet Incident is sad but not surprising. Something that could happen as a human may make a mistake. “Normal” Monero users still love to use Reddit, Twitter, Windows 10, or Github, which is much more puzzling.

True. And no one even knows (yet) what was the problem to begin with.

My thought exactly, when I first read it. Still, just in case, I’d avoid using remote nodes related to Cake Wallet. It might be “honey pot flavored” cake, haha, although I’d like to believe that’s not true. Come to think of it, the monero.com domain must have been really expensive.

Nothing is sure. It might be skilled attacker(s), it might be simply bad opsec, or it might be an inside job. Several people think and say that we need to minimize trust via mltisig (in retrospect, this seems so obvious but that’s just hindsight).

That is correct. Tor Browser on Tails comes with uBlock Origin. It might be that DDG (or some other financial supporters) are not happy if the Tor Project ships TB with uBlock. There are many things to be blocked by uB even on DDG, Brave, MetaGer, etc. (although obviously they are much less invasive than you-know-what search engines). Purely privacy-wise they're annoying of course. But understandably they do need to monetize something to provide search engines, and I think some of them are financially supporting the Tor Project too, or they're helping each other, so... I don't know. Just a guess.

Isn't it like Mozilla has to be nice to Google? Ultimately, doesn't this mean that end users are not making enough donations? People say privacy and freedom are important, but normal people really don't like to pay for these important things, like assuming libre is like free beer!

The fact that multisig was not widely used yet, was indirectly related to the unfortunate CCS Wallet Incident, which happened a few months ago, as well.

@ErC (ErCiccione), a contributor, commented elsewhere a few days ago:

This is a bit of a dog biting its tail. Multisig was shipped and has been live for a long time. Nobody really used it, so it ended up being unstable and full of problems, but that came out only relatively recently (couple of years ago) when services started to build on it.

People are now saying, “If multsig had been used…” “should have” “could have” (Hindsight is 20/20 😢). Anyway, fluffypony replied, “when it reached a level of maturity (this year? late last year?) it should have been prioritized.”

We can expect that multisig will be now more prioritized and to be carefully tested and tuned, soon to be available more generally, if not right now. So perhaps the answer to your question is, “No, but maybe soon…”?

I don’t know anything technical (not an investor), but the XMR/USD high around Nov 1 looks like around 175.

Yeah, personally 160+ feels rather good, even 150–160 is not so bad. Nevertheless 175-ish -> 165-ish can be a significant move, though it well may be just a random move too.

Not “worrying“ at all like investor people (who buy and re-sell without actually using it), but somewhat curious about the effects of not-so-accurate (irresponsible) media reports, or more generally: do people now trust Monero less because of this incident (which seems to be, ultimately, just a human error of one person and bad luck)?

That is a valid PR question to ask (so to speak), while talking about price movement is admittedly inelegant 😅 Asking an unpopular question without hesitating, that’s part of freedom I believe in!

Moonstone Research Study Etches Doubts on Monero’s Privacy; Crypto Community Reacts

Moonstone’s investigation demonstrates, under certain circumstances, XMR transactions can sometimes be partially traced despite their privacy features. […] “Wow… not as private as everyone thinks,” one person remarked.

Simmons shared his perspective about Moonstone’s study as well and stressed that the specific tracing scenario doesn’t apply to the typical Monero user. […] He explained that the ability to trace resulted from unusual circumstances: private keys were shared with a chain surveillance company.

Security breach unveiled: Monero’s CCS wallet drained of $460,000

the incident has raised questions about the security of Monero’s blockchain and the effectiveness of its privacy features

Imho this is primarily related to security—and not Monero’s security features in general, but how an individual user handles things. (If for example a user publicly shows their private key on their website, any strong cryptography can’t magically protect them.)

Obviously security and privacy are different: because Monero is private, the attacker was able to “safely“ do this.

The exploit of CCS wallet has prompted concerns about the security of the Monero network. Privacy is a central tenet of companies design, but this incident has raised questions about whether the privacy features can be exploited.

Obviously it’s not about the security of the Monero network. Something local. Plus, because of being privacy first, Monero is in a way more “convenient” for attackers.

• Monero (XMR) Wallet Hacked: Is Coin No Longer Safe? [u today]

• Monerujo Wallet User Drains Monero’s CCS Wallet: Report [coinedition com]

• Monero (XMR) Crowdfunding Wallet Reportedly Drained by Hackers [en bitcoinsistemi com]