A (5:44)

And for those who are really maybe new to all this, I guess I should mention Monero is a privacy focused cryptocurrency pretty useful. It's the one that we're most interested in at this point in time. And you can track down some other resources for details about that. But that's what we're discussing, obviously, when we talk about Monero. So Seth, what are some things, let's say in the last year or so, some main developments in just the Monero scene more broadly that come to mind that people might be interested to know about?

B (6:13)

Yeah, yeah. I think the two of the biggest things, I mean the biggest one that anyone who's kind of keeping up with the marrow space will know about is full Chain membership proofs, which I think we talked about as well on the last episode that we did. But I'll just really briefly introduce that basically in Monero, the way that privacy works is you have, you have three kind of pillars of privacy. You have privacy for the sender, which is done via reading signatures, privacy for the recipient, which is done via stealth addresses, and privacy for the amount, which is done with confidential transactions or confidential amounts. And that the, the sender privacy, the ring signature privacy has long been the weakest aspect of Monero's privacy. Essentially what it is right now is you sign the transaction and you, you essentially are cryptographically saying, I am one of these 16 inputs, but I won't reveal which one of those I am. So to any outside observer, they see that one of these 16 inputs has to be the true input, but we don't know which, which is reasonably good privacy and especially useful against mass surveillance. But under some targeted surveillance, it can break down. So the Monero community has been working on a solution for that for a long time. That solution has become full chain membership proofs, which basically changes from hey, I'm one of 16 to hey, I'm one of any output that's ever existed in Monero, which right now is somewhere north of 100 million outputs. So obviously that drastically improves the sender privacy, specifically that Monero provides. And over this last year, the actual design of what full chain membership proofs will look like in, in Monero has been finalized. The vast majority of the dev work has happened. I know that one of the primary devs working on it, Justin Berman, announced a week or two ago that he's very close to having a, a public build that we can start to actually use and test and find issues that we can resolve before we would, we would hard fork in full chain membership proofs. But that's by far the biggest thing that's been happening in Monero. I mean, there's a lot of, a lot of other development that's always ongoing around the other pieces within Monero. But I think that's, that's been the biggest one, but another really important one and one that leans into the background. Same thing that I mentioned earlier is previously, if you wanted to do background sync in Monero, you essentially had to fully open the wallet, which means make the actual private keys themselves hot in memory. And you had to do it in a way that was possible. But obviously it's exposing your private keys, which is maybe okay on like a very secure mobile platform like grapheneOS or iOS but a very bad idea on like a Windows Machine or something like that, where no one can really guarantee the security of that device. You don't really want your private keys just sitting in RAM all the time for background sync. And you also, since you had to open the entire wallet, the way that Monero wallets work and the way that the cache works gets quite messy when you're doing it that way. And one of the really big improvements that happened over this last year is Justin Berman, who's also one of the main devs on Full Chain membership Proofs. He came up with a very clean, neat way to shift background sync to only using viewkeys, which viewkey is a. It's a standalone secret key that can't spend funds, but can see when funds are received. And there's some neat tricks you can do with vuekeys today where you can also know when funds are spent with very high certainty. And then when you actually open the wallet, eventually you can confirm that those were actually spends. But now we can do that background sync without the same issues as before, without making the private keys actually hot in memory. We're able to do that in a much more intelligent way. So that was a big driver for us. Circling back to background sync, skatewall, it did have background sync a couple years ago, but it just was way too messy with the way it actually worked in Monero back then. So this brought the core improvements that we really needed to nail it. And then our team has been the first to actually implement that background sync using Vukeys into cakewallet. So that is Android only, like I mentioned, only because iOS is. They're insane about how apps can request or schedule a background service at all. And so there's no way to guarantee that there will be any background execution at all if the user doesn't open the app. So we're still trying to find a good solution for that. But on Android that really does really does change the game and needs to become a default for all mobile Monero wallets. Like when you've actually used Monero for as long as I have. I mean, I've been using Monero actively since probably 2018. You kind of get used to just I open my wallet and I need to wait a few minutes for it to sync, or if I haven't opened in a very long time, maybe I need to wait 20 or 30 minutes for it to sync before I can actually spend. You kind of get used to that, but it's still horrible. But when you see like someone at a conference who tries to buy something in Monero and then realizes they haven't opened their wallet in six months and they just give up and they don't use Monero because it's that painful like that. That is not an uncommon occurrence. Like, I, I can say I have seen that multiple times at every Monero centric conference I've ever been to because it's just, it's, it's like the biggest user experience hurdle in Monero and this, this background sync approach makes that never happen. All of my wallets are in sync all the time. I think the longest I've waited for a wallet to sync after I opened it up was something like 10 seconds, and then my wallet's good to go. I can do whatever I want with it. It gives you a very similar experience to a Bitcoin wallet or something that's a little more straightforward because of the LA of privacy. But you're not sacrificing anything. You're not offloading your Vue key to a remote server, you're not trusting someone else to not reveal your payment info. You're doing it all locally, but you're doing it in the background. And it's, it's, it's pretty magical. It really does need to become the, the default in the Monero space. I'm excited to see other wallets jump in on it. Cakewall is the only place where it is right now. But I'm really, really hopeful that, that other wallets adopt this quickly because it really changes the game when it comes to using Benero as a regular tool.

A (12:09)

Very interesting. We'll follow up on some of these topics in a moment. Staying just big picture again, real quick, what has been your observation, Seth? Obviously, Monero is on the ascent in terms of being the most useful crypto because it has privacy by default. That means that it is under attack, obviously. And it's a, it's a naughty thing to be using according to the powers that be. They want privacy, but they don't want you to have it. So have you noticed any exchanges, organizations that have stop supporting Monero, have banned Monero, delisted Monero, anything like this in the last year that we should call people's attention to?

B (12:43)

Yeah, I, I'll have to pull up the list, which I should have somewhere in notes. But it's, it was quite the year, especially in 2024, for delistings of Monero. I think there was something like a dozen exchange delistings over the course of, of 2024, and a couple of those have happened in 2025 as well, to the point where pretty much no centralized exchange lists Monero. There are a few exceptions. One in the US is Kraken, who are. They're very. They're a weird juxtaposition because they're a centralized KYC exchange, but they're also like very cypherpunk in a lot of the approaches that they take to things. And they haven't been scared off by the kind of backdoor deals that regulators try to make with banks to prevent Monero's listing or to cause delistings. They haven't been scared off by that. So they still list it. But in the vast majority of the world, there are no centralized exchanges that list Monero. Now, because of this effort that it's hard to nail down exactly why it has been happening or what has been the cause of it. But when you look at something like Operation Chokepoint 2.0, which we've seen a lot of evidence for in the Bitcoin space over the last few months, we've finally been able to see exactly what was going on there. It seems like Monero was really kind of the test bed for that and was one of the early, early places where this essentially this pressure on banks to not do business at all with an entity that wanted to list Monero or provide Monero services. It seems like that was happening long before that was happening for Bitcoin or others. Because we've been, I mean, we've been undergoing delistings for as long as I can remember, or big exchanges that should have listed Monero never did. Exchanges like Gemini or Coinbase, especially Gemini, who claim to have this big privacy focus and have had zcash listed for years, they've refused to comment on or list Monero for that same amount of time. They've never had it. And a lot of that seems to have come down to essentially banks being told, if you deal with Monero at all, we're going to cut you off. And the exchanges have to have those banking connections because that's how they actually let people deposit and withdraw fiat to trade for cryptocurrencies. So if they lose those banking connections, they lose their business. And so most of them just say, I'd rather not lose my business, I'm going to drop Monero. And so that, that has continued and that really accelerated under the last administration in the us but it does seem to have slowed down a little bit this year. But I think honestly part of that is just because there's so few exchanges left the Only ones who really still deal with Monero generally are extremely, I don't know, it's again kind of weird to call like a centralized KYC exchange cipher bunk, but there's just some ones that have some principles at least and so they've continued to maintain Monero support like Kraken in the us, like DFX in Switzerland, who have been, been big Monero fans and have, have served Monero to users I think with no KYC under a certain limit. But some exchanges like that have persisted, but the vast majority have delisted or refused to list Monero for so long that there's not really many more places for it to disappear from.

A (15:41)

Let's talk about wallets for a moment. You're, you're with Cake Wallet. I recently recommended Cakewall to somebody I think they were looking for like they had a number of requirements, right? They wanted to be able to, you know, easily switch in and out of, of other coins and they wanted a mobile wallet. So I recommended them Cake Wallet. Now a Cake Wallet has a pretty substantial percent of the market and you know, even if you work at Cake, you would be hoping for more competition. And I just wanted to get your sense of the overall scene of wallets in Monero because we had, you know, some people using a wallet called Mysu which, which kind of went out of existence in the last year or two. I was searching for Feather Wallet recently and you know, their SEO had been altered to send people to a phishing website. I've had serious problems with the kind of main git monero.org gui wallets that no troubleshooting could solve recently. Monero Ruju is nice, it's Android only. I prefer, you know, PC Wallets Exodus I think, which is closed source anyway. I think they're not accepting Monero anymore. I could be wrong about that, but it just seems like there's not quite. We, we've, you know, we have Stack Duo. It just seems like there's not that robust of a, a Monero market wallet. Your thoughts on. Your thoughts on the landscape?

B (16:56)

Yeah, I mean I, I think you're absolutely right. There's, there's just a lot of difficulties that come from supporting Monero. Like I'm just going to be, going to be brutally honest. It is not the easiest coin to support and some of that comes down to the technical complexities of how Monero works and that the sync experience is much more difficult and a turn off for a lot of users. So a lot of wallet providers don't want to deal with the kind of user experience difference that you'll have with using a Monero wallet versus Bitcoin, Ethereum, et cetera. But I think also some of that comes down to the Monero ecosystem. Like the libraries available, the tooling available from the main Monero project are a bit lacking compared to other cryptocurrencies as well. Like when you look at something like Bitcoin, there are some really, really fantastic options for wallet SDKs to use. Things like Bitcoin Dev Kit, BDK that just do an amazing job at making it very easy for a wallet developer to start a Monero wallet to build on it and to have a really good base to build around. And things like that just don't really exist in the Monero ecosystem. Um, and so that, that adds a lot of complexity and makes it, I think, a turn off for most wallet developers in the space. Unless they, unless they have deep technical expertise and they have deep ideological reasons to support Monero, it's generally not going to happen. Like you, you briefly mentioned Exodus as one of the wallets that did support Monero. Technically they do right now, but they've announced that they're dropping Monero support. I think August 10th is the deadline for that. Um, and they, they were actually really kind. We worked with them to make sure that their users had a clear path of like how to migrate off. We wrote up the documentation that they shared with their users on what it looks like to migrate. We implemented some things in Cake Wallet to make it as easy as possible for people to migrate. But it was a good example of, as far as I know, there was no like regulatory or legal pressure or anything like that. Obviously a lot of Monero community people jump straight to conspiracy theory kind of stuff. And understandably because of how much pressure Monero has been under, as far as I know in this situation there was nothing like that. It was really just the complexity was just not worth it in their, in their mind, when they're viewing things from a business perspective, it didn't make sense for them to continue supporting Monero from a complexity standpoint. So that was, I think, a good example of kind of some of the issues that the Monero ecosystem faces when it comes to wallets. Thankfully there, there are really good options. I think the area that is in most need of help, like you mentioned, is desktop. Like when you're trying to use Monero on a desktop, you really only have two options, which is the official Monero desktop wallet, which is fine, but lacking. I mean it's, it can get the job done for basic stuff, but it just doesn't have the developer manpower behind it to make it a really fantastic experience. It's a good baseline, it's usable, many people will be fine with it. But really the, the by far the best experience on desktop is featherwallet, which they do. I don't, no idea how to say his name. Some of these nims are a little weird. It's like Tub Todd or Top Toad or. I'm not really sure how to say it, but he's done a fantastic job building out Feather Wallet over the years. And it's, it's my go to desktop wallet as well. Which I know is a little funny because Cake Wallet technically has a desktop wallet for Monero. Um, but I don't, I don't think where we're at right now for desktop is good enough. And that's one of our big goals for 2025 is by the end of the year releasing a totally revamped, refreshed wallet that actually is much more useful on desktop. So I think because like you highlighted, there's some people who really like to use desktop specifically and like I specifically like to have it available on my desktop just for yeah, simplicity of spending especially colder wallets. I don't want to keep those on my, my phone necessarily. So it's definitely a key thing there. But yeah, it's really just Feather and the official Monero GUI on desktop right now. But on, on mobile I think there's some similarly solid options. I think between Cake Wallet, Monero and Stack Wallet I think there's enough to cover the, the different approaches that people really want there and, and all work really well with Cake Wallet being cross platform and Stack Wallet being cross platform. But like you said, Monero show is Android only, so it's a little limiting for, for, for those users who are on iOS. But I think there, I feel like we're like pretty good on the Monero side. Um, I guess technically there's another wallet called Edge Wallet but they, the way they work is when you use Edge Wallet, not only do you have to have like an account with email and stuff, but you, you send you the view key for your wallet off to their servers for them to do the sync for you. Which to me is just kind of a non starter from a privacy perspective. So I don't, I don't recommend that type of approach. But yeah, between Cake Wallet, Manero and Stack Wallet I think there's, there's good enough tooling on the mobile side to get by for, for most people. And I think we're in a pretty good state there. Even though obviously I would always like more, more entrance into the space, especially who are doing something different, like taking a very different approach. Thinking about Monero in a different way would be really nice to have because I think things can get a little stagnant in the Monero ecosystem as well. Um, but yeah, I think that's, I think it's a reasonable look at the landscape there.

A (22:21)

Yeah, that was some good insight there. One more big picture question, then we'll get into some technical stuff. There's, there's a number of, let's call them privacy influencers out there that I don't hear talk about Monero, whether they're talking about something else, some other cryptocurrency like zcash or they're just not talking about any privacy cryptocurrency. Why do you think that some of the, like the big privacy people out there just do not even have Monero in their vocabulary? What do you think's going on there?

B (22:47)

Yeah, that's a good, a good question and one that I've, I've wrestled with over the years. I think there's really two main answers. I think there are some who shall not be named who are paid to talk about zcash because zcash has very deep pockets of money that they've siphoned out of the supply of zcash for a dev fund, dev tax, other, other reasons. A lot of the issuance in zcash has gone into central coffers that can be used to pay influencers, which Monero does not have. There, there is, there is no marketing budget in Monero. The only way things get done is that people willingly donate their Monero to a cause which can be things like marketing, but very rarely does it actually lead to that, that sort of a thing. Whereas zcash has been able to put a lot of money into getting these influencers talking about it and I think very wisely involved a lot of privacy influencers and privacy centric individuals in the early days of zcash and promise them some rewards. Snowden is a good example of this where there was a financial incentive for him to be a zcash focused influencer. Even if Monero has been a far more useful tool for the vast majority of the time that he's been talking about zcash. And I don't say that to like besmirch his character. I obviously am extremely thankful for what, what Snowden has done, but there's Things just get a little weird when there's money involved. And I think that's been. Part of the problem is that there have been perverse incentives for people to promote, mainly zcash over Monero. And then I think more broadly, there's also been a perverse incentive for people to just promote whatever their favorite bag of cryptocurrency is. Sometimes that's only Bitcoin, sometimes that's other things. A lot of the time has been spent on things that would financially benefit people who are going to talk about it. And Monero does not stand to financially benefit anyone necessarily for talking about it. Like, obviously, if you have Monero and you talk about Monero and the price goes up, you could benefit. But that's a very, very disconnected financial incentive. That's. That's not easy to guarantee as opposed to just, I'll give you this much zcash or I'll give you this much Bitcoin to talk about this, this product instead. So I think that's one of the core problems, but I don't think that's all of the problem. I think the other core piece, and this is something I've seen as, as a cybersecurity engineer back in the day, as somebody who's been in the privacy education and influencer space. There's generally a. An understandable hatred for cryptocurrency among many people in the privacy and security space because of how many scams and garbage there is in the cryptocurrency space. And so a lot of them, I think, have just written off the whole thing. So they just focus on other aspects of privacy. And maybe they talk about like just cash or something like that on the financial privacy side. But I think generally there's this feeling that promoting anything within the cryptocurrency space is just too dangerous because you don't. It's harder to tell what's a scam and what's not. And so I think a lot have just written off the entire space. And that's something that I've run into quite a bit of just, I. It just, it. There's so many scams, I'm not going to bother. I'm just going to focus on other stuff.

A (25:55)

And that's fair.

B (25:56)

Yeah, I think that's a very fair, very fair thing to do.

A (25:59)

Right. One thing I wanted to do in this episode especially is there's plenty. There's. God knows there's enough cheerleading in things like Monero. And we just wanted to. We. Obviously we're talking about it, we like it, but we do want to make sure that it is, you know, always improving its, its operational security and such. So we want to focus on some of the things that, that, you know, Monero needs to work on and some of the things that we as Monero users need to work on. Urban, do you want to jump in here with a question or two?

C (26:24)

So maybe the, I mean, you partially answered and it's very cool the update you mentioned about Cake Wallet Background Sync, because when we were preparing Gabriel and I, the episode we are discussing about one thing that sometimes I have noticed with the synchronization is, let's say, I don't know, you start 100 block behind and then you wait five minutes and now you're like 50 blocks behind. And then somehow the wallet crash or the UI or like something wrong happened and then you open the wallet again and it starts from the beginning and I guess with background sync, that's finished. So now you just open it and it's like sync or almost there. To me, it always felt a bit weird that it always has to restart before the last time it fully synced. And I never quite understood why you couldn't just like incrementally, you know, okay, you open it again and now you're 50 block behind and now you just need to wait instead of going back to, I don't know, a thousand or two thousand, how you were before.

B (27:28)

It can come down to a variety of things. I think the most common issue is that just the way that Monero's wallet cash works is a little janky. There are certainly people, like people in my team who can answer this in a lot more technical detail on why it's like this. But we run into a lot of unique edge cases with, with Monero wallets based on the way that the, the Core Wallet API, the, the. It's called Wallet two. It's a terrible name within the Monero space. And that's the Core Wallet API that, that pretty much all Monero wallets are using. And the way the actual caching works for the, the wallet data is just, it's a bit messy. It's like a single huge cache file. And you'd have to be very careful because if you mess it up, uh, you have a corrupted wallet, technically you should have the seed outside of the cache, but that's not always done either. And so there's a lot of, a lot of potential issues if you're constantly writing to it in potential corruption. So a lot of times the way that, that actually works is that you're, you are more careful, you, you save to the cache file less often to try to prevent something actually corrupting that cache file itself. And so you're not saving every 10 blocks or something, maybe you're saving every thousand, or you're saving in bigger chunks to, to limit the amount of times you're having to access that cache file. The other main reason why that could happen is we can't actually move on until you've completed writing that update to the cache. So like, if you have a phone that has very slow storage, like an older Android phone or something, we have to make sure that that write actually completes, isn't just said to have started, or the OS doesn't just say that something's happened, but that we actually complete that write and that it's actually been flushed to disk. Um, so if you, if maybe your wallet is in the process of saving that data but it crashes, you're going to have to start over from before that because it might not have actually been written to disk yet. Because most of the time when you're doing some, some right like that on Android especially, it's going to go into RAM and then it's going to get flushed to disk whenever the OS thinks it's the best time to do that. And that's not necessarily instant. So that can be the other issue. I mean, obviously there's some, some improvements there that a wallet can make to better handle how we save that data. Maybe saving that to a separate place and not the, the core cache file temporarily so that you, you always have whatever that last amount of blocks was. You can be more aggressive with the save. I'm sure there's some solutions to improve that, but I think those are the, the core reasons. But like you said, background sync should, should essentially solve that because you're not, you're not using the app while you're doing that. It's going to be a lot simpler. You can do it with only the view key. It does make it easier. It makes it so that you're less likely to be syncing a lot of blocks when you actually open your wallet. So that is a core improvement, but that doesn't necessarily fix the root of the problem there. So it's definitely something I think we can investigate more.

C (30:16)

This one is about full chain membership proof. So I've heard this, I've been aware of full chain membership proof for a while. It seems to me, looking from outside that it's kind of like a white elephant project. And what I mean by that it's not insulting the dev and I'm sure it's complicated to put, but it's like, oh, there is this weakness in ring signature. Yeah, let's just wait full chain membership proof and then it's all gonna be solved instead of. For me, I would be interested to focus on like right now with what we have. Should we maybe increase the block size? No, sorry, the ring size, not the block size. Should we maybe churn like I think Stuck Wallet is doing should cakewallet implement churning. And for me it's not that I get the huge benefit of full chain membership proof, but you know, I've also seen in Bitcoin where, you know, Lightning was supposed to solve all the problems and now, you know, we are 10 years later and you know, lightning has its own challenges and issues and I'm afraid that full chain membership proof is a bit like this. Like I'm a bit hopeful because you said, you know, now there is like soon to be be released like a beta for testing. But I just wanted to have your opinion. Didn't we discard maybe some other solutions? And it's not to say that we shouldn't do full chain membership proof, but in the meantime maybe we have different ways to solve some of the issues. I never saw many people talking about churning and if it works or just increasing the ring size, which to be fair, was done already a few times.

B (31:53)

Yeah, I think it's a great question because I definitely understand the hesitancy to like view something as a silver bullet, which is basically how we've been talking about full chain membership proofs. I think rightly, it's like to me it's very different from lightning because what Lightning was proposed to do was essentially fix all of Bitcoin's problems. It's going to fix scaling, it's going to fix fast payments, it's going to fix privacy, it's going to fix all of these things which when you try to fix a whole host of problems in one project, it inevitably will fail. Like the scope creep of lightning was immense and is only now starting to become a reality that people realize like, okay, it can't actually do the vast majority of these things. It can only do some very specific things, not all of them. It can't fix all the problems. Whereas Full Chain Membership proofs is fixing one very specific problem with one very specific piece of the privacy protocol. And it's very straightforward how it actually works. It really is the silver bullet when it comes to sender privacy. But I understand the Hesitancy to to delay any other changes until full chain membership proofs. But the thing that I'll say is it, it's not as easy as just like oh, ring sizes are a little too small right now. Especially with the stuff that the OSPAD or however you say the the acronym of the. The research project that found that the ring signatures effectiveness is drastically lower than we thought. Yes, it sounds like it would be a good idea to temporarily increase the ring size. So let's say do 32 or something until we get full CH membership proves. But what that actually means in practice to increase the ring size is to hard fork the entire network to require every, every entity in the ecosystem to upgrade to a new piece of software by a certain deadline or else they won't be able to use Monero at all until they do upgrade. It means coordinating with exchanges, it means coordinating with BTCPay. It means coordinating with every wallet in the space to make sure that not only does this hard fork not break something else that we weren't expecting, but that everyone updates in time so we don't have massive disruptions and inevitably with every hard work we've ever had. While I've been in an arrow there are issues with the ecosystem participants not updating in time, sometimes taking months to update things like ledger. I know Exodus in the past had some issues with taking a few months to update after a hard fork. And so it's, it's not as simple as just like here's a new piece of software, we should run this. It has bigger ring sizes, it requires that that consensus level hard fork which makes it far more complex than I think is feasible for something like that. Especially when it's not like a critically broken thing in Monero. Like if we found out obviously that there was like an inflation bug in Monero or something, then an immediate hard fork and working really aggressively with ecosystem partners to implement it would probably make sense from a cost benefit perspective. But a temporary increase when we know we have the solution coming I think would be far too painful for the ecosystem and have so many knock on detrimental effects to who wants to be in the ecosystem, who is an ecosystem and would would cause a lot of problems. So that's the main reason why like something like a ring size increase isn't really feasible as a temporary fix. But then the other piece is that there's also a lot of other problems that come with the ring size increase. Things like transaction sizes drastically increase, fees increase. The way that blockchain sync works gets worse the larger the Ring size is because instead of 16 random instant operations per second or random instant operations for each transaction or each input, technically now you're doing 32 or 128, which is the ring size that was proposed in the past. And it has a lot of other knock on effects. It's just a little bit more complex than increasing the ring size temporarily. And then churning is another kind of weird one where it seems like a good idea conceptually but no one has been able to figure out if it actually is a helpful tool. Basically all of the research that I've read around it says it might be helpful if you do it properly, but we don't know what it means. To do it properly is basically what all of the research has come out with. I know there was a little bit more that the Cipher Stack team came out with a piece of research recently, but there also weren't clear guidelines of like these are the explicit things you have to do to make churning effective and not detrimental for privacy because turning incorrectly can actually harm your privacy much more than it could could possibly improve it. Um, so it's another one of those things where like it sounds good in concept but actually being able to measure how to do it effectively is incredibly difficult both because of Monero's privacy. So we can't see like oh, these are the normal amounts of time that it takes somebody to transact again when they receive funds. We can't, we can't look at what an expected user's behavior is to figure out a way to do churning in a way that blends in with expected user behavior. We would just have to essentially guess and in doing so we could be greatly harming users privacy if we were doing something like automatic churning, that sort of thing. So it's another thing like it can be good but it's just so it's so hard to know what's actually effective that it's usually better not to worry about it. Now the one time where I have said like churning maybe is worth pursuing is if you're, you know that you're a targeted individual and you publicly are posting like a donation address or something so you know that there's an easy way for sub nation state or someone to be able to send you funds and try to use those to, to perform like an evalyseeve attack on you or something like that, then some sort of churning is good. But again I don't know what the exact recommendation is but in those cases something around that probably is a good idea. It's just very Hard to know what's, what's the right choice there. And it just for me comes back to. For most people, sane defaults are far better from a privacy perspective than going to more extreme paths in the search of like perfect privacy instead of good enough privacy. And a lot of times stuff like churning ends up being that kind of like searching for perfect privacy but actually harming yourself because you're greatly limiting the real set of potential users that you're blending in with because you're doing something so niche. The same way I view like a lot of the very niche Monero wallets that have had issues in the past with being able to be fingerprinted on chain with the way they do fees or other things. It just can be problematic as you move more and more niche and more and more away from known good defaults.

C (38:18)

In a way, it's similar with Tor. You know, whenever Gabriel and I, we advise clients on how to use torque, sometime people will explain they do like, or they have like weird threat model. I don't know, like they, they restart their computer every so often because this or that, I don't know. But like, sometimes people have like weird, like, you know, a bit like cargo cultish in a certain way in their head. And then I tell them, well, you know what, you're gonna be known as the guy who restart his computer every two hours. And that it's a pattern that can be, you know, fingerprinted. And, and I think there was in the case of the Monero dev fund when it was hacked and the fund were stolen. And then later I think recovered or no, I think someone sent them back somehow. But anyway, and they used, I think it was the function like pocket change or something because then it made a weird transaction with like 9 output, which is very unusual. And basically people could say, okay, they probably use this wallet in this version of this wallet because it did this. Now I see where you're coming from maybe to jump on this. Now it has been a few months since this infamous video about that. You probably have seen a chain surveillance company that was explaining how they traced Monero. And I wonder, maybe with Gabriel, we watched it and our assumption was that Monero is very good and that they really struggle to like, unless you're in edge case or like you're in a really targeted way, they really struggle to de anonymize or let's say, like understand the flow of money. But maybe now with, you know, hindsight and a few months later, if you would comment on that video.

B (40:07)

And yeah, I Mean, I think overall, the takeaway that I would have for people is that just like any other privacy tool, Monero on its own is imperfect. If anyone is telling you that their privacy pool, their privacy tool, is perfect, they either don't know what they're talking about or they're lying. And this was a good reminder to a lot of people who I think had misunderstood or had been misled to think that there was no fault within Monero or there wasn't, there was no potential attack to reduce some of the privacy promises that Monero can, or privacy guarantees that Monero can have for users. They'd been misled to believe that Monero was perfect, even if they hadn't explicitly been told that. And so I think this, like, one of the good things out of this is it got people to realize that like, Monero is not a perfect solution for all of your privacy needs. It's a piece of the toolkit and it's most effective when you're taking other steps towards personal privacy that make it so that even if something happens with Monero, even if there is some like actual de anonymization attack, you know, the worst case is they know this transaction happened, but they don't know who did it and they don't know what it was for. And then the actual impacts of something like that are greatly reduced, as opposed to if you're buying on KYC exchanges and you're spending at merchants who know your real name and your real address and you're doing these things that, that can be more harmful for privacy around Monero, thinking that Monero will just solve all of your problems when it doesn't actually work like that. So I think that was one good outcome from the videos, just like you said, though, of course, these things are always abused to spread fear, uncertainty and doubt to spread FUD about Monero. And so a lot of the, a lot of the news articles, a lot of the commentary on social media that came out after it was just blatantly false, really. The video to me was very encouraging because what it showed was that a chain surveillance company with billions and billions of dollars in funding their best attack was essentially abusing a DNS issue to get users to connect to a malicious node. And even then they didn't get certainty as to the true spend in a transaction. And even if they had a good guess as to what the true spend was, they still didn't know the amounts because those are perfectly hidden in Monero. And they still didn't know the off chain address that was being used as well. They didn't know the actual address you'd see in your wallet. They only knew that one time payment key on chain, and so there was very little they could actually do with that as well. So it was a good reminder that the holistic privacy of Monero is extremely effective and protects against even a lot of these very targeted cases. But it is weak to very specific things. And again, specifically this was a. The ring signature portion was the main problem here when the user was using a remote node that was malicious. The nice thing with this attack was honestly the remote node part was extraordinarily easy to fix because it was essentially exploiting a service that I'm in, a good Monero community member was running. The way that it worked was not a good idea. And so it was exploiting that service. That user just shut down the service. There's no exploit anymore. It's not possible to do the same thing without users pointing at a DNS service that then serves other nodes. It was always really a bad idea. But this was exploited by that chain surveillance company and that's solved. We have some other preventions that have been put in place to prevent the known IP addresses of this entity and a couple others that seem to have tried to replicate the same thing. All of them are blacklisted across Monero nodes now. So users who want to enable that block list are now blocking them. So there's, there's been some good like outcome out of it. But yeah, I mean the general finding for me was Monero is not perfect, but its holistic privacy is extraordinarily effective, even in scenarios like this. But it was a good reminder that we do need to replace ring signatures with full chain membership roofs. And a good reminder that while running your own node in Monero isn't perhaps as necessary as Bitcoin or other other cryptocurrencies where the, the lack of node level privacy is much more harmful. There are a lot of things you protect yourself from in Monero if you do run your own node. And this was one of those instances where anyone who ran their own node or used a known good node like the one that I, that I won publicly run publicly for the community. The nodes that cakewallet runs, using those will protect you against a lot of attacks, but always the best solution is you run your own node, preferably in an environment that you control, like your home. And that protects you against a lot of the potential things that a remote node can do to, to try to harm your privacy. But overall it really was encouraging because it, it showed that they had to resort to some pretty crazy things to just try to get a picture of what's happening in a Monero transaction. And yeah, was, was clear, clear on what next steps need to be within Monero, but it was a good wake up call to people who thought Monero was perfect because not. But it is extraordinarily effective when the holistic privacy it provides is taken into account.

C (45:04)

We had also last year a spam attack. It's unclear what it was. I think someone tried to attribute or they tried to attribute themselves to this. But long story short is to me, we don't really know what happened. I mean, yeah, there were spam transactions and to my understanding, because of the ring signature and even full chain membership proof, when you spend Monero, you cannot say that you spend an output because you set when you do a transaction, you could potentially use my output to build your own ring as one of the decoys. So it presents an interesting thing, which means that this will grow forever while in something like Bitcoin you could potentially prune it. And I know Monero has some pruning, but my question is, do we have more news about who made the spam attack? Do we know more about this? Because I think there were some research project and how well Monero would survive a pure spam attack designed only to like bloat the chain. And you know, when people say, oh, this cost this amount of money, you know, if you compare it to like a Reaper drone flying around and targeting someone, spamming some block is much cheaper than kinetic warfare or something. So I wonder what you could say about this. And also maybe some of the concern that I would say it's more in the bitcoin ecosystem that the chain is going to grow forever and you cannot really prune it. And basically in case of a spam attack, we're screwed.

B (46:43)

I mean the part you ended with is essentially true. Like a spam attack from a really focused adversary or one with deep pockets, like a nation state is a threat to essentially every blockchain. That's one of the core issues with how blockchain functions, is that you're needing to store some data forever about these transactions. Maybe you can prune some of it. Like in Bitcoin, you technically only need the UTXO set. You can prune some block data past a certain point, but someone still needs to keep all of that block data. Not everyone can prune or else no one can actually restore from Genesis. So there's, there is always A risk of this in any cryptocurrency, any blockchain based cryptocurrency where a spam attack can, can be extremely detrimental. You are right that it is more detrimental in Monero because not only is it harder to discover who is actually creating the spam because of the privacy guarantees within Monero, but like you mentioned, there is no unspent transaction output concept in Monero because all transaction outputs are not known, spent or unspent by the network. No one knows. They're all assumed to be unspent because they have to be. So you're right that it is more detrimental in Monero than in most other cryptocurrencies to have a spam attack happen. And so it is a, it's a concern. It's, it's. The biggest, I think, realistic issue with Monero is that denial of service attacks, either by mining empty blocks or by spamming blocks to make it very hard or impossible for the average user to get into a block or to sync a node, those are legitimate threats and specifically threats from a nation state. When you think of like the United States, who confiscates large amounts of Monero through civil asset forfeiture, through criminal proceedings, they aren't having to buy this, they're just stealing it from people so they can use this Monero to perform one of these attacks. Like it's, it's very possible that this could happen. And I don't have a, a rosy outlook of like this is the easy way to solve it. Because the only real way you solve a spam attack is that you have a fee model that increases fees enough that it makes it impractical in Monero. Fees are very low right now. And some ways that the fee model is built out I think could really be improved. But if you, it, it gets, it just gets really weird because if you arbitrarily increase the fees to try to prevent a spam attack, you also disincentivize people from using the network and maybe you make fees too high so people don't actually use it, the usefulness goes away, the tool as a whole dies. Or you don't increase fees and you keep them quite low because that incentivizes people to actually use the currency, which is pretty much the case in Monero. And that makes a spam attack easier. It's not free. There's still prevention mechanisms within Monero that, that rapidly ramp up fees for someone who's spamming the network, but it's a relatively trivial amount for a large attacker or A nation state. And those things are almost impossible to prevent. So it's a little hard to say. I mean, as for who the attacker was, I've heard some theories, I haven't seen anything concrete on exactly who it was. There are some reasons to suspect that they weren't extremely knowledgeable about Monero because there are some, some things that I won't detail in how they did their attack that were, were interesting, maybe suboptimal depending on their, their specific desires. But obviously they knew enough to know that that would be a harmful attack. And it really was quite, quite a serious thing. And it's something that could happen again. And I don't know that there's an easy solution because if you permission the network or you drastically increase fees, you drastically reduce the usefulness of the network to the, the average individual. And so it's a little bit hard to solve. Like in Bitcoin, the reason a spam attack would be difficult is that fees in Bitcoin would be very high because they have a, a static, arbitrarily low block size and the fiat value of each satoshi is quite high compared to each piconero in Monero. So there's some, some natural prevention due to the fiat value of Bitcoin and the limited block space, whereas Monero has dynamic block sizes that make this kind of attack potentially a little bit more harmful. But I think that there's definitely some work to do around the way that the FEE model works in Monero, the way that dynamic block sizes work to maybe provide some STR guardrails against these spam attacks to make them harder to pull off or take longer or cost more.

A (51:06)

Appreciate you, Seth. At the end there, we had some questions about how I think people should be thinking about Monero. Plenty of cheerleading, sure bring people on board, etc. But we do want to be thinking about some of the ways that things can be improved and some of the vulnerabilities. That's only wise with something that you like to have some, have some reasonable criticisms. So we'll have to get you back on again, Seth. We do appreciate you. So let me give you the final thoughts on where, where people can follow and find you.

B (51:33)

Yeah, absolutely. Thank you so much for having me. Well, we'll definitely have to do a, do another chat around this because there's, there's always more to talk about in the Monero ecosystem. But yeah, I mean best place to, to follow me is on X at Seth for privacy on my blog, seth for privacy.com and if you want to learn more about Cake Wallet, just go to cakewallet.com and you'll see all the socials and everything there if you do want to follow us. But those are the simplest places. I do also have my own podcast opt out. Just opt out pod.com but that's a pretty infrequent infrequent thing these days with how busy I am. So I'm thankful for others like like you who are willing to have me on and do the hard work of editing and marketing and all that and giving me a platform. So grateful for the time guys.

A (52:13)

Hey thanks for listening. Look, I could use your help real quick if you could share this, engage with me in some way, leave a review anywhere. This really helps me to break the technocratic shadow banning that is happening with my brand. And of course if you really want to escape the technocracy, go to escape the technocracy.com privacy tutorial series, books consulting and of course you can leave a donation. Thank you very much.