Shrinking the "anonymity set" in Zcash
We released our paper which studies anonymity in Zcash! tl:dr; its possible to shrink the anonymity set considerably with simple heuristics based on identifiable patterns of usage, read more on our blog post https://t.co/A1SVJhdtZK and paper! https://t.co/t3kyZgz1bX pic.twitter.com/jY4q6vOnoX— Haaroony (@Haaroony) May 9, 2018
A group of researchers published a scientific study that shows how moving funds between Zcash's t-addresses and t-addresses may compromise the anonymity feature. Although this is not a new finding, the researchers discovered new heuristics that can further reduce the "anonymity set." (The size of the anonymity set is a yardstick for the level of anonymity of a transaction). The Zcash team has been open about this issue and recommended users who seek full privacy not to transact this way (see blog post below).
In related news, Signal, the encrypted messenger that's generally considered secure, is also not perfect. Security experts discovered that its MacOS desktop client retains disappearing messages indefinitely.
"Our main finding is that is possible in many cases to identify the activity of founders and miners using the shielded pool (who are required by the consensus rules to put all newly generated coins into it). The implication for anonymity is that this activity can be excluded from any attempt to track coins as they move through the pool, which acts to significantly shrink the effective anonymity set for regular users."
"It is valuable to understand how much privacy is lost when using shielded addresses as a pass-through mechanism, but using it in that way is not recommended. Instead, store your Zcash in a shielded address. When paying someone, send Zcash from your shielded address to their shielded address. If Zcash is transacted in this way, the results of this paper do not apply and transaction privacy is maintained."
#HEADSUP: #Security Issue in #Signal. If you are using the @signalapp desktop app for Mac, check your notifications bar; messages get copied there and they seem to persist — even if they are "disappearing" messages which have been deleted/expunged from the app. pic.twitter.com/CVVi7rfLoY— Alec Muffett (@AlecMuffett) May 8, 2018
"Former NSA hacker and security expert Patrick Wardle analyzed the issue and discovered that macOS client makes a copy (partial for long messages) of disappearing messages in a user-readable database of macOS’s Notification Center. This copy could be recovered anytime by researchers and hackers."
News & Commentary
"For instance, when users create a channel, they need a certain number of confirmations to make sure its been accepted, and as such, the user needs to keep monitoring the channel. And while he admits the watchtower concept will improve this, that feature will likely take some time to be built into a sleek UX."
Token communities act like religions. They support their projects through thick & thin. They are unpaid, passionate, borderline-crazy evangelists.— Spencer Noon 🕛 (@spencernoon) May 9, 2018
How unique & special this is when you think about it. Tokens are the best way to generate customer goodwill in the history of tech.
1/ Most people who say they want ASIC-resistance actually mean Bitmain-resistance— Marc Bevand (@zorinaq) May 10, 2018
2/ You cannot be Bitmain-resistant. They made $4B in 2017 and can design flexible GPU/FPGA miners and can build massive mines running on cheap electricity
3/ ASIC-resistance is (practically) futile
"At their core, most macro models are central banking models and macro managers are carry investors. They willingly tied themselves to success in predicting bank actions, and in so doing had a wonderful stretch of good returns and low correlations with stocks. Now that predicting bank action will increasingly require short carry positioning, and now that betting on uncoordinated action has gotten tougher, they’re feeling the spurs. This is your choice, too: buck the rider or feel the spurs."