Super helpful, although I’m wondering if running your own node could potentially expose you as well in case someone really wants to find you? Like are there any security risks? And what if others find your node and connect to it would they be able to see your IP?

Just asking because I’m not very familiar with the technology and want to make sure I’m using monero as intended, that is anonymously.

[–] nihilist@monero.town 4 points 1 week ago* (last edited 1 week ago) (1 children)

if you run your own node, it means that the adversary needs to come and ask you directly to give you the details of who connected to the node. and if you keep Tor in between you and your own node, you're maintaining anonymity aswell.

if others find your (remote) node its not changing anything, you're making it available for them to use monero

but still they should run their own monero node to keep decentralizing further

[–] roboto@feddit.org 1 points 1 week ago

Alright got it, but regarding TOR aren’t there also vulnerabilities with compromised exit nodes? I feel like once you go down the rabbit hole of trying to achieve true anonymity there’s always another layer of complications if you wanna do things right.

[–] Findmysec@infosec.pub 1 points 1 week ago (1 children)

Nihilist, since you've watched the video can you make another post on the "heuristics" the presenter was talking about? I think the community needs to know how exactly their automated tool discards decoys from the list of transactions to consider.

[–] nihilist@monero.town 2 points 1 week ago* (last edited 1 week ago) (1 children)

they discard the decoys when they're given the transactions of interest, this lets them know that this transaction they saw on their node actually comes from that subphoenable entity (centralised exchange), from there they have the list of transactions that went through and they can rule out the dandelion decoys. but otherwise they can't.

I also mentionned that they are looking at the fee structure on their malicious nodes, hence my recommendation to use the default fees. not sure if they're actually using the rest. (number of inputs and outputs ?)

[–] Findmysec@infosec.pub 1 points 1 week ago

Thanks

[–] Ammortel@monero.town 1 points 1 week ago* (last edited 1 week ago) (2 children)

OK centralized exchanges and chainanalysis know that I own monero ?

Then what ? How is it bad ? They still can't figure out what I'm doing with it. The maximum they could ever tell is that I am spending some. They couldn't tell in what amounts and to whom.

My privacy isn't affected in any way.

[–] nihilist@monero.town 1 points 6 days ago* (last edited 6 days ago) (1 children)

small detail, centralised exchanges know how much monero went through them. for that particular account. If you KYC'd there, they know how much monero YOU bought or sold on their platform

[–] jay_edwards@monero.town 1 points 4 days ago

isn't it better to use Decentralized exchanges or instant exchange services for Monero transactions in this case?

[–] Findmysec@infosec.pub 2 points 1 week ago

In a dystopian world, just owning XMR will soon become grounds for a criminal investigation leading to harassment.