There is a leak video from Chainalysis, they basically deploy rogue nodes or reverse proxies able to capture IP address along with the monero tx. Before reading the article, I suggest to watch that leak before.
I thought the entire point of cryptocurrency is you operate in an adversarial environment where you can trust no one. In that light calling nodes that log IPs addresses rogue seems foolish (it’s not like they’re trying to undermine the protocol, in which case rogue might be the right word); they are exactly what you should expect.
Yes, in the Chainalysis video they say clearly that Dandelion++ is very effective so they have no confidence in IP addresses collected in those cases. You need to be foolish enough to directly connect to a malicious node while using your home IP, which obviously will leak the IP. I think a lot of people are just confused by the video because they go through examples that seem very 'constructed' and unrealistic. I mean, this is all very well known information to monero users and I can't believe anyone would be doing important transactions without using their own node and/or I2P/Tor etc
There are multiple attacks in that video. IP is one, but a much bigger one is knowing the real output (or maybe real output plus one other output) among 16 ring signature members. They do not explain how they achieved it but one could guess that maybe by just doing a lot of tx themselves - 15 decoys is just way too small and flooding blockchain with transactions all but ensures that someone picking random ring members will pick a lot of your outputs (and thus have little privacy from you). It is also for sure too small for targeted active attacks (e.g., it is not safe to have repeat interactions with the same entity), see https://www.youtube.com/watch?v=9s3EbSKDA3o You really want more than 16 ring members, preferably all outputs ever created like in Zcash. FCMP work promises to bring similar privacy to Monero but is years on the roadmap.
Your own node is connected to other nodes to get latest blocks and publish transactions to the network. These peers are selected randomly among the pool of available nodes. If the attacker has enough nodes, there is a good probability that your node's peers are partly controlled by the attacker. When you publish a new transaction and broadcast it to your peers, the attacker can detect that it is indeed a new transaction (since it is the first time it's seen by the attacker nodes) and that the IP address of your node is the IP address of the transaction sender.
It's not going to work 100% of the time (except if _all_ your node's peers are controlled by the attacker) but with a few transactions it's eventually going to lead the attacker to your IP address.
It's the same kind of attacks that are used to deanonymize people on TOR.
If you want to protect yourself from that, you need to add a few layers of trusted no-logs VPN in front of your node, so that the attacker is lead to a dead end.
oefrha|1 year ago
ementally|1 year ago
redrove|1 year ago
zigararu|1 year ago
madars|1 year ago
popol12|1 year ago
Your own node is connected to other nodes to get latest blocks and publish transactions to the network. These peers are selected randomly among the pool of available nodes. If the attacker has enough nodes, there is a good probability that your node's peers are partly controlled by the attacker. When you publish a new transaction and broadcast it to your peers, the attacker can detect that it is indeed a new transaction (since it is the first time it's seen by the attacker nodes) and that the IP address of your node is the IP address of the transaction sender. It's not going to work 100% of the time (except if _all_ your node's peers are controlled by the attacker) but with a few transactions it's eventually going to lead the attacker to your IP address.
It's the same kind of attacks that are used to deanonymize people on TOR.
If you want to protect yourself from that, you need to add a few layers of trusted no-logs VPN in front of your node, so that the attacker is lead to a dead end.
omgtehlion|1 year ago
earnesti|1 year ago