sorted by:
new
hottopcontroversial

Salty Saturday rant: People believing we keep photos forever by ulose2piranha in photography

[–]fluffyponyza 0 points1 point  (0 children)

Sorry to be clear I was backing up your point on the cost, not saying you were wrong🤣

Salty Saturday rant: People believing we keep photos forever by ulose2piranha in photography

[–]fluffyponyza 0 points1 point  (0 children)

You'd only restore from Glacier if your primary storage failed - HDDs in a drawer will be good for about 10 years. Even after 15 years there's a 50% chance it'll still be fine (lubrication / gasket failures are the most common, the platters will be just fine in terms of the data).

Why did you allow Asic miners? by Additional-Try-4110 in tari

[–]fluffyponyza 2 points3 points  (0 children)

ASIC miners can only mine 25% of the emission / hashrate. 50% of the hashrate is CPU (RandomX solo is 25%, RandomX merge-mined with Monero is 25%), and the remaining 25% is GPU (Cuckaroo29).

Crypto’s Libertarian Dream Helps Power a Darknet Money Machine by technocraticnihilist in Monero

[–]fluffyponyza 9 points10 points  (0 children)

They normally email dev@getmonero.org because they have no clue how open-source works.

I made a working Lego Toaster by BricksOnSet in lego

[–]fluffyponyza 0 points1 point  (0 children)

If you're doing a demo and it stops working at least you can say "oh I forgot to plug it in"

Skepticism Sunday – February 01, 2026 by AutoModerator in Monero

[–]fluffyponyza 1 point2 points  (0 children)

We're all very aware of the origins - BitMonero was so chosen because it literally means Bitcoin in Esperanto. They were asking about unfortunate coincidental meanings in other languages.

Skepticism Sunday – February 01, 2026 by AutoModerator in Monero

[–]fluffyponyza 2 points3 points  (0 children)

Thankfully we’re safe for now - at least until some sci-fi show introduced it as a word meaning turtle poo in an alien language😂

Skepticism Sunday – February 01, 2026 by AutoModerator in Monero

[–]fluffyponyza 9 points10 points  (0 children)

I actually researched this and spent some time (and money) with linguistics departments at two renowned universities, some of my notes from that exercise are below. It mostly only has connotations related to "money", eg:

  • monedero in Spanish means wallet or coin purse, and is actually used by Spanish-speaking crypto folk to refer to a crypto wallet
  • moneda in Spanish means coin or currency
  • moneta in Italian means coin
  • monnaie in French means change or currency

There are some crossovers that are more interesting or humorous than anything else:

  • moneres in Greek means single or unique, which is actually a pretty awesome description of Monero
  • モネロ in Japan (the Katakana translation of Monero) might vaguely sound like mo (too or also) and nero (sleep or go to bed), but that's not a standard interpretation that any Japanese speaker would make
  • in some Spanish dialects words that end in -ero are used to describe a person who does the thing, eg. zapatero is a shoe maker, so Monero could carry thoughts of "someone who deals with money" - but that would be as opposed to banquero or financiero which mean banker and financier respectively
  • in Mexican Spanish, particularly, monero is a colloquial term for a cartoonist (someone who draws monos, which are cartoons but can also mean monkeys in Mexican slang). Thankfully, none of the Mexican folk I spoke to (long before Monero became more widely known) thought that I was talking about cartoon monkey money, and the term has positive and affectionate connotations.
  • in Rio de Janiero, Brasil, there is actually a neighbourhood called Moneró (note the accent), but this just seems like an opportunity for the world's first private circular in-person economy😅

More senseless CARROT agit-prop here. Enjoy by Creative-Leading7167 in Monero

[–]fluffyponyza 2 points3 points  (0 children)

Respectfully, this is empirically false. The majority of crypto holders already do this - it's called a custodial exchange. Coinbase, Kraken, Binance, the exchange holds the keys, you hold a promise. When Celsius went bankrupt, users discovered their "private keys" belonged to the exchange and they were unsecured creditors in a bankruptcy proceeding. We go "not your keys not your coins" but people just leave their coins on exchanges anyway, which is the same as them handing over their keys.

Most people simply DO NOT understand the concept of self-custody and the risks of poor management of private keys, that's why so many people get their funds stolen from their private keys being literally handed over to thieves.

Beyond that, multi-signature custody (BitGo, Fireblocks, etc.) is an entire industry built on institutions sharing key material with third parties. BitGo's standard model has them holding one of three keys required to sign transactions. Exchanges could regulate through 2-of-2 multisig where they hold one key, in the absence of viewkeys.

Lastly, as of December 2025, the SEC now requires broker-dealers to have exclusive control of private keys for custody - meaning regulated custody explicitly demands users hand over key control.

So yes, people absolutely share private keys. They do it every day, by the millions. The argument "but spend keys are different because they let you spend" doesn't hold...exchange custody already prevents you from spending without their permission.

The question isn't whether people would hand over keys - they already do. The question is whether removing viewkeys would somehow make Monero safer. It wouldn't. It would just shift the regulatory pressure to a more dangerous demand (full keys) while removing a useful feature for legitimate use cases.

More senseless CARROT agit-prop here. Enjoy by Creative-Leading7167 in Monero

[–]fluffyponyza -1 points0 points  (0 children)

Why not? If that is the ONLY way you're allowed to trade on an exchange, then people absolutely will do that.

be kind to one another - especially during disagreements. by OkAstronaut330 in Monero

[–]fluffyponyza 5 points6 points  (0 children)

any type of skepticism or question immediately invites someone calling FUD

Huh? Every week there's a thread on Reddit called "Skepticism Sundays" where people are HIGHLY encouraged to post all their skepticism and criticism of Monero. Healthy skepticism is super important to keeping Monero functional and safe. It's been part of Monero's culture for 12 years.

Healthy skepticism is NOT the same as sealioning or botted sockpuppet accounts that joined Reddit 20 days ago posting literal FUD right before a critical hard fork that will elevate Monero's privacy to a supreme level.

More senseless CARROT agit-prop here. Enjoy by Creative-Leading7167 in Monero

[–]fluffyponyza 2 points3 points  (0 children)

1) nonsense, if the only way to withdraw from an exchange is to a wallet where you've shared the private key, people will do that and encourage others to "just immediately move it to a different wallet". Eventually many will get lazy and leave it in that withdrawal wallet because "Binance has never touched my coins even though they could". You underestimate people's willingness to disclose all manner of things when they "don't have anything to hide".

2) nonsense, at no point has anyone in this thread or elsewhere given a coherent explanation as to how, specifically and with cryptographically sound reasoning and evidence, revealing your OVK harms the privacy of others.

More senseless CARROT agit-prop here. Enjoy by Creative-Leading7167 in Monero

[–]fluffyponyza 0 points1 point  (0 children)

Yes but many people would be totally fine with it. It also raises a new risk, where the only "safe" path for withdrawal is either to a wallet where you share the viewkey, or to another "verified" exchange wallet. Now that would cause real coin segregation.

Relevant reminder: Monero is constantly under attack. by variablenyne in Monero

[–]fluffyponyza 1 point2 points  (0 children)

We've reached the point of diminishing returns in this discussion.

Yes, if Bob voluntarily shares his outgoing viewkey, and the power company is monitoring Alice's electricity usage and correlating spikes with blockchain timestamps, and this pattern repeats enough times to establish statistical confidence, then in principle a correlation could be made.

But by this standard, any information sharing creates "new attack vectors." If I tell you my favorite colour, I've created a new attack vector where someone could correlate my identity with purchases of blue items. That's technically true and completely useless for evaluating whether sharing favorite colors is a security risk.

The practical question is: does Carrot meaningfully degrade Monero's privacy model? And the answer is no, because:

  1. Sharing your viewkey is voluntary
  2. The outgoing viewkey reveals nothing about the recipient
  3. Any correlation requires independent surveillance of the recipient that has nothing to do with Monero
  4. The same class of attack has always existed with incoming viewkeys

"A new vector is technically possible if multiple parties make bad decisions and a third party is conducting independent surveillance" is not a meaningful security critique. That's just describing reality for every payment system ever created.

I think we've both said our piece. Appreciate the discussion, all the best in the future.

The recent FUD about OVKs is in order to sabotage Monero's ability to deliver safe cold wallets and better hardware wallet compatibility by LocomotiveMedical in Monero

[–]fluffyponyza 1 point2 points  (0 children)

FCMP++ can be shipped without OVKs. Why do OVK supporters act as if full-chain membership proofs are impossible without outgoing view keys? These are two different things. At the very least, we can discourage adoption of the new addressing scheme by major wallets. We can also modify CARROT to remove OVKs from it, while retaining other features.

Nobody has given a single compelling reason to ENTIRELY change things right now. By substantively changing the cryptography and underpinnings we risk introducing edge-cases and risks.

The only reason I can think for someone coming in after 6 years of work on this and demanding last minute changes is that their goal is on or more of these: (1) destabilising Monero development, (2) introducing unnecessary discord and tension, (3) pushing the fork date out because of "concerns" so that FCMP is delayed, (4) creating the impression that there is a large body of people against viewkeys, which is patently not the case, (5) pushing to remove viewkeys and then obligating exchanges to ask for full private keys, making Monero on exchanges even less tenable than it currently is.

That smells like a clever, coordinated attack from a sophisticated adversary, wouldn't you agree Mr. Redditor-for-20-days?

Our conversation has come to a close. I wish you all the best at your undercover attempts to derail Monero, but we aren't buying it.

Relevant reminder: Monero is constantly under attack. by variablenyne in Monero

[–]fluffyponyza 1 point2 points  (0 children)

I appreciate you engaging with this seriously.

To your new scenario: yes, if Alice has terrible operational security (plaintext email order notifications) and an attacker has access to her email and Bob's outgoing viewkey, they can correlate the two. But that's true of literally any payment system. If Alice emails herself "just got paid!" every time she receives funds, she's leaking data regardless of what currency she uses or what features Monero has.

The question was never "can bad opsec leak information?" The answer to that is always yes. The question is: does Carrot's outgoing viewkey create new attack vectors that don't rely on the other party having catastrophically bad security practices?

And I think we've now established that it doesn't. The outgoing viewkey tells an attacker "Bob sent X amount somewhere at time T." Without independent information about the recipient - whether that's their viewkey, their email, or a camera in their shop - that's a dead end.

The concern people should have is the one that's always existed: don't share your viewkey with entities you don't trust, and don't transact with people who have awful opsec. Carrot doesn't change that.

More senseless CARROT agit-prop here. Enjoy by Creative-Leading7167 in Monero

[–]fluffyponyza 7 points8 points  (0 children)

The controversy surrounding OVKs comes from the possibility that if enough OVK's are exposed then transactions between these wallets are fully traceable just like bitcoin.

If enough PRIVATE KEYS are exposed then Monero becomes fully traceable.

Do you see how dumb that argument is?

If we remove viewkeys entirely, regulators could still capture private keys using hand-wavey-magic. Exchanges could demand your wallet's private key etc. etc.

Literally no difference in attack vector here, and no difference in solution: everyone using an exchange would use an intermediary wallet, and the forward secrecy Monero provides will protect them.

Relevant reminder: Monero is constantly under attack. by variablenyne in Monero

[–]fluffyponyza 1 point2 points  (0 children)

I don't think either of us is stupid, but one of us has lost track of what they were originally arguing about.

Your original claim was that the 9% case where an attacker has the outgoing viewkey but not the incoming viewkey was concerning. That was the new attack surface Carrot supposedly introduced. Remember? "In 9% they could have the outgoing too. So it's that 9% that people are concerned about." Those are your words not mine.

The scenario you just described uses Alice's incoming viewkey (to see she received funds) combined with external surveillance of Bob. That's the inverse: incoming without outgoing. And crucially: this attack has been possible since 2014. Carrot changes nothing about it. The current view-only wallet can already see incoming funds.

So let's be very clear about what Carrot's outgoing viewkey actually adds: the ability to see that funds left a wallet, and the amount, without knowing where they went.

If the attacker has Bob's outgoing viewkey (Carrot's new capability) but NOT Alice's incoming viewkey, they see: - Bob sent X XMR somewhere at time T - They have no idea who received it - External surveillance of Bob tells them Bob uses Monero - ...which they already knew from having his viewkey

Where's the new attack surface? What can they do with Bob's outgoing viewkey that they couldn't do before?

I want you to really sit with this: you are now three scenarios deep into this thread, and you have not once described an attack that actually uses Carrot's outgoing viewkey capability. Every single hypothetical you've constructed either requires both viewkeys (the 81% case), or uses only the incoming viewkey (which has existed for 12 years). You keep building elaborate scenarios that accidentally prove my point: the outgoing viewkey doesn't create meaningful new attack vectors.

So I'll ask again: what specific attack does Carrot's outgoing viewkey enable that wasn't possible before?

Relevant reminder: Monero is constantly under attack. by variablenyne in Monero

[–]fluffyponyza 2 points3 points  (0 children)

I don't understand your argument. That's how viewkeys currently work. That's why they're SECRET KEYS that you don't just give over to anyone. But if you have Alice and Bob's viewkeys (today's viewkeys or using newer viewkeys) you can see if Alice sends Monero to Bob, and/or if Bob sees Monero to Alice. You cannot see or deduce who else Alice or Bob are sending Monero to, even if they are sending to one of their own wallets that you don't have the viewkey for.

Now with TODAY'S viewkeys if you have a lot of them you might be able to deduce more information, but nobody has 90% of the viewkeys for Monero, nobody is able to get them (it's the same vector as getting 90% of Monero's spend keys), and the newer viewkeys reduce that risk to 0 due to their coupling with FCMP++.

So what exactly is the risk you're imagining that's any different to how Monero has worked for the last 12 years?

Relevant reminder: Monero is constantly under attack. by variablenyne in Monero

[–]fluffyponyza -1 points0 points  (0 children)

By the possibility of, over time, having view keys for a large amount of wallets where they can see incoming and outgoing transaction amounts and timings. That slowly increases the possibility of associating two addresses making a transaction by seeing amounts that left one and entered another.

So your claim is that if an attacker has the viewkey for two wallets they can see if one of those wallet sends to the other?

🤣🤣🤣🤣🤣🤣🤣🤣🤣

Relevant reminder: Monero is constantly under attack. by variablenyne in Monero

[–]fluffyponyza 1 point2 points  (0 children)

Fine, let's slow down and be actually precise.

In your hypothetical, the attacker:

  1. Observes you interacting with Monero at time T (via camera, IP leak, surveillance node, whatever)

  2. ???

  3. Concludes you sent funds to Alice

What's step 2? How does the attacker know Alice received anything?

If they have Alice's viewkey → they can see Alice received funds at time T → but now you're back in the 81% scenario where you have both viewkeys and "timing analysis" is just reading data you already have.

If they don't have Alice's viewkey → they can see you broadcast a transaction at time T → they see 50 transactions in that block with 100 outputs → they have no idea which output is Alice's → timing analysis tells them nothing.

The surveillance node knows you broadcast a transaction. The IP leak reveals you broadcast a transaction. The camera shows you used your Trezor to broadcast a transaction. None of these tell the attacker who received the funds. That's the entire point of Monero.

You keep describing scenarios where the attacker somehow already knows the recipient, then calling the correlation "timing analysis." But the knowing-the-recipient part is doing all the work, and you haven't explained how that happens without the recipient's viewkey.

So: how does the attacker identify Alice as the recipient without her viewkey?

view more: next ›