this post was submitted on 18 Apr 2024
13 points (72.4% liked)

Monero

1673 readers
14 users here now

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

founded 1 year ago
MODERATORS
 

As we ramp up to celebrate Monero's 10th birthday, here's an opportunity to get acquainted with Monero ID's - easy and free!


TL;DR: Fill out the form at get.xmr.id/form.html to get your very own stagenet OpenAlias.


OpenAlias is great: You hand someone a simple domain name and their Monero client resolves it to a destination. No copy-paste, no QR-code scanning - just ready to send!

To make your life easier, XMR.ID provides this as a service.

Now with faster activation

Previously, setting up your "XMR ID" required significant manual intervention, that delayed the process more than necessary.

After a broad set of optimizations, new aliases are now typically ready-to-use within 15 minutes.

The new automations repect XMR.ID's design goal of avoiding web-based self-service, thus maintaining the previous level of security.

Wanna play?

Before enabling this new method in production, we will test in on STAGENET - a parallel Monero network that works just like the real deal, but with its funds considered worthless.

If you haven't used stagenet before, this may be a great opportunity for you to not only get acquainted with XMR ID's, but create a risk-free playground for your own experiments!

It takes about 5 minutes. At the end you will have an account that can receive funds at <yourname>.stagenet.xmr.id, filled with some zero-value Monero, ready to be sent around.

To try it, simply fill in the blanks at https://get.xmr.id/form.html (onion). No ninja-skills required - and you may contact me about any issues or inconveniences you encounter.

Hackers welcome

Put your white-hat abilities to the test, fool around a bit, probe and report any faults or security flaws if you want to help harden this part of the Monero ecosystem - or just do a speed-run and get your alias.

Your stagenet-alias

This test is set to run for a week, starting today, but your alias will remain active afterwards.


Contact

Let's chat in our Matrix room #xmr.id:monero.social or message me directly at @f:monero.social.

c/XMRID is our place in town. There's also an email address. You'll probably run into it as you go.

Talk soon, f

top 9 comments
sorted by: hot top controversial new old
[–] lltnskyc@monero.town 5 points 7 months ago* (last edited 7 months ago) (1 children)

You might be providing this service with the best intentions, but, what prevents you from one day changing all of the records to your own address? Or changing a record whenever it is requested from "a-company-that-is-known-to-do-big-monero-payouts.domain"?
Again I am not saying this is your intention, but Monero's purpose is decentralized digital cash and I personally would not use such service for anything except maybe a convenient donation address that you don't expect to get big payout to.

[–] fullmetalScience@monero.town 1 points 7 months ago* (last edited 7 months ago)

Manipulation of any record would immediately trigger a notification to all affected users, leaving me with nothing but a destroyed reputation.

The most granular use I can think of is telling someone in-person to load your XMR ID on their device and then confirming what you see.

Coupled with a client that stores the result in a local address book - and compares it with the current DNS responses every time - even senders can be sure that they are still working with valid information.

(An extension to the official Monero client supporting this is in the works.)

[–] dukethorion@lemmy.world 5 points 7 months ago (1 children)

I set my OpenAlias up on my own by following instructions online, and it cost me nothing. Why would one pay you, an unknown centralized entity, for something that can be done in 15 minutes for free?

[–] fullmetalScience@monero.town 1 points 7 months ago* (last edited 7 months ago)

The time required depends on where you start. Someone who knows how to register a domain but has yet to read up on OpenAlias will probably need about an hour or two (if we do not take into account the hassles associated with DNSSEC with many registrars).

Then the cost of a privately registered domain starts at around 15 dollars per year, whereas the same is roughly the one-time price of a permanent XMR ID with two domains secured against each other (meaning that both, DUKETHORION.xmr.id and DUKETHORION.xmrid.com will return the same Monero destination). Wallets can opt to verify this.

[–] tacosanonymous@lemm.ee 1 points 7 months ago (1 children)

No event will make monero greater we do?

[–] fullmetalScience@monero.town 0 points 7 months ago

It's from monero.graphics. It could use an extra dot, I agree :)

The theme resonated - especially in the context of OpenAliases - as I consider more personal and memorable Monero destinations an important factor in the context of building parallel economies, human to human, thus making Monero "greater" through use.

[–] Synnr@sopuli.xyz 1 points 7 months ago (1 children)

Question. Does this somehow generate a new subaddress for every request? I ask because address reuse is dangerous for the privacy of monero. While most people don't know this, I assume you do.

[–] fullmetalScience@monero.town 1 points 7 months ago (1 children)

Address reuse NOT being a problem in Monero is the reason this service can be provided in good faith.

Why is Monero address reuse not discouraged?

You can find further details in this Monero Stackexchange thread.

[–] Synnr@sopuli.xyz 1 points 7 months ago* (last edited 7 months ago)

FTA:

The key thing to note is that no observer can link two addresses together. However, it is possible for the sender to link payments together if the receiver re-uses addresses.

For example, if you withdraw from ExchangeA using AddressA, and then go on to issue another withdrawal from ExchangeA using AddressA, the exchange will easily be able to link these two withdrawals together by simply comparing the withdrawal addresses (even if you used different accounts). Furthermore, if ExchangeA is cooperating with ExchangeB, it would be possible for both exchanges to link address-reusing withdrawals together.

Additionally, even if the sender is not cooperating with other entities in order to link transactions together, it is still possible for the sender to unwittingly link transactions together if their software is poorly implemented and erroneously re-uses the same random data for multiple transactions. Basically, the receiver is relying on the sender to generate good random data in order to generate a one-time key. If the sender fails to use good random data, then the "one-time" key isn't "one-time", and transactions can possibly be linked.

So, for maximum protection against linkability, it's a good idea to generate a new addresses for transactions that you don't want linked.

Further reading: https://localmonero.co/knowledge/monero-subaddresses?language=en

I think this can easily be achieved by generating a new subaddress for every request. ( I don't know how OpenAlias works, maybe it already does this.)