Saki

A storefront, said Ortis, is a fake business or entity, either online or bricks-and-mortar, set up by police or intelligence agencies.

The plan, he said, was to have criminals use the storefront — an online end-to-end encryption service called Tutanota — to allow authorities to collect intelligence about them.

Tutanota (now Tuta) denies this: https://tuta.com/blog/tutanota-not-a-honeypot

the onchain activities of the attackers were monitored and […] action was taken to freeze the wallets held by the attackers by working with other cryptocurrency exchanges

a member of the cryptocurrency community questioned how Binance could freeze these funds despite the fact that cryptocurrencies are marketed as not being confiscable by third parties

Changpeng Zhao […] said that the whole thing is a matter of balance. […] CZ implied that a solution to events such as theft cannot be found in a system that cannot be completely frozen.

CZ stated that if users use privacy coins such as Monero (XMR), such freezes will not occur, but the stolen funds cannot be returned.

Cf.

• Almost entire balance (2675 XMR) of Community Crowdfunding System (CCS) Monero wallet has been stolen https://monero.town/post/983106
• Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach https://monero.town/post/1045387

PS. See also: Bitcoin can be traced, If you use XMR, then there isn’t much anyone can do https://monero.town/post/1069626

regulatory scrutiny is shifting towards privacy coins […] Understanding how they will be implemented in systems that are decentralized, where the developers and maintainers often maintain anonymity, is complex.

E.g. Bisq, Haveno

compliance with these regulations becomes a paradox for such projects since the crux of privacy coins lies in their ability to mask transaction details, which inherently contradicts the essence of regulations […] Therefore, achieving full regulatory compliance for privacy coins may sometimes seem impossible. […] in the UK, the Financial Conduct Authority (FCA) has been proactive in educating consumers about the risks associated with privacy coins but has not implemented bans or specific regulations concerning them.

in the United States, proposed legislation such as the STABLE Act could further extend the regulatory framework […] it’s plausible that the provisions of the STABLE Act […] could potentially mean that transactions involving privacy coins would need some form of identity verification

A prime example of a regulatory shift impacting privacy coins is the European Union’s Fifth Anti-Money Laundering Directive (5AMLD) […] these platforms are now obliged to implement customer due diligence measures, […] verifying user identities and monitoring transactions for any signs of activity.

Potentially:

• Alice (unhosted wallet) sends coins to Bob (CEX) -> Alice is also KYCed by the CEX
• Alice (CEX) sends coins to Bob (unhosted) -> Bob is KYCed too

Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach

https://lemmy.world/post/7993453 i.e. https://monero.town/post/1045387

While there are typical comments like crypto=scam “You have to be quite stupid to support crypto in 2023”, there are also replies like these (with which more people seem to agree, unexpectedly):

It’s designed to protect anyone using it - even attackers. That’s the price to pay for having privacy. The alternative is an Orwellian dystopia.

If you’re going to use Luna, FTX, and NFTs as arguments about something like Monero, […] you probably don’t really understand any of them.

It’s a bit odd that such a discussion is more active on a different Lemmy instance than here, but it’s interesting to hear honest opinions of various people about the incident, about Monero. Maybe your views are different from them, from mine. For example, one person states there that while they know exactly what Monaro is, they’re still skeptical.

Collateral wallet is 2-3 multi-signature wallet but it doesn't have to be Monero. Bitcoin multi-signature is much more tested and very ease to use using Electrum or similar.

Option two on this topic would be to use Monero multi-signature to keep Collateral.

Somewhat curious, though not like using xmr speculatively.

• 2023-11-02T15:57 CCS Wallet Incident · Issue #916 · monero-project/meta · GitHub
• 2023-11-04T00:39 [Moonstone Research] Postmortem of Monero CCS Hack: A Transaction Graph Analysis (Dated Nov 03)
• 2023-11-05T07:20 [One of the earliest media reports] Monerujo Wallet User Drains Monero’s CCS Wallet: Report - Coin Edition

Some of the media reports are negatively confusing, like saying the Monero network is defective. Date-Time in UTC.

Edit: Moonstone Research -> 2023-11-04T00:39 was based on the server response headers (last-modified). Apparently the blog post was created about 1 hour earlier (the link was posted on Github at 2023-11-03 23:50).

These changes radically expand the capability of EU governments to surveil their citizens by ensuring cryptographic keys under government control can be used to intercept encrypted web traffic

This enables the government of any EU member state to issue website certificates for interception and surveillance

https://www.internetsociety.org/resources/doc/2023/qualified-web-authentication-certificates-qwacs-in-eidas/

The browser ecosystem is global, not EU-bounded. Once a mechanism like QWACs is implemented in browsers, it is open to abuse

https://en.wikipedia.org/wiki/EIDAS

The proposal would force internet companies to place a backdoor in web browsers to let them perform a man-in-the-middle attack, deceiving users into thinking that they were communicating with a server they requested, when, in fact, they would be communicating directly with the EU government. […] If passed, the EU would be able to hack into any internet-enabled device, reading any sensitive or encrypted contents without the user's knowledge

See also: https://mullvad.net/en/blog/2023/11/2/eu-digital-identity-framework-eidas-another-kind-of-chat-control/

Nothing really new for us. Just one of the earliest media reports for the record.

Edit (2023-11-06): Apparently, one of the earliest reports about the incident by general (“outside”) media is, Monerujo Wallet User Drains Monero’s CCS Wallet: Report [blocking Tor: archive.org], at 2023-11-05T07:20+00:00.

It’s interesting to see how general people are looking at this, and relatedly how they are thinking about Monero, although generally what’s written there is nothing new nor helpful for us (often disturbingly inaccurate even). For this reason I posted a few random links to related articles. You can add more and comment on it, if there are anything interesting or especially stupid 😖

[Edit 2: Read the admin’s “reasoning” and comments here or see PS below. The clearnet site is up again. The onion versions = 100% up tme for me]

[Edit: As of writing this (2023-11-01) their clearnet server is down, while the onion version is working. Cock.li is exactly like this… Relatively rarely but randomly it’s down. Kind of irresponsible but it’s just like that. Interestingly, though, onion is up and clearnet is down. Usually opposite.]

Onion http://rurcblzhmdk22kttfkel2zduhyu3r6to7knyc7wiorzrx5gw4c3lftad.onion/

Cockbox on kycnot.me - https://kycnot.me/service/cockbox

(From their webpage)

Cock.li is your go-to solution for professional E-mail and XMPP addresses. Since 2013 cock.li has provided stable E-mail services to an ever-increasing number of users. Cock.li allows registration and usage using Tor and other privacy services (proxies, VPNs) and thanks to continued funding by its users is certain to stay free forever.

Cock.li (aka Cockmail) is a Tor-friendly, privacy-focused, soon-to-be-10-year-old free email provider (IMAP, POP, XMPP, Webmail). Although currently (since around 2021) a new registration is invite-only, the admin @vc now states on their website:

E-mail is a Human Right!

Oppressive governments are using dirty tricks to try and force e-mail providers to require phone numbers or other controlled integrations to register. We will never allow these crimes against our userbase. We will stand up for the right to register for e-mail without being surveilled, and demand this right to be recognized globally. Public registration re-opens on cock.li's 10th birthday, 20 November.

Probably people here know this service pretty well, but some important points:

• Their email addresses are sometimes blacklisted when you want to use them, because in the past the service was abused by spammers. So this provider may not be suitable for normal users/normal usage. Its “technical scores” may be low too, when checked e.g. via https://internet.nl/mail/ If you think this is sketchy and its name is weird, it is. It’s not for you, so please just ignore it.

• A cock.li account may be great to have if you want to sign up and use it anonymously always via onion (something you can’t do with Proton or Tutanota), perhaps with PGP. Maybe great to use on Tails OS too.

• Their service was not very stable in the past. In recent years, it’s been rather stable and very fast even via onion. Pop/Imap via Tor works perfectly. Cock.li onion may load 100 times faster than that of Proton.

• Custom domains are not supported! Consider Disroot or Tutanota if you need them and would like to pay with Monero.

• They are one of the earliest v3 onion providers. In contrast, Proton was so slow to migrate from v2 to v3 (even after v2 got obsolete). Cock.li is also one of the oldest mail providers that started accepting BTC and XMR donations. So probably they’re extremely well-funded (you know why).

• If you use Thunderbird, set up your account manually (its automatic setup probably doesn’t work right).

For more info, visit their webpage. Please DO NOT abuse this based cypherpunk service.

PS. Vincent Canfield (vc@shitposter.club) wrote on September 23, 2023:

Good morning, CISA is now calling cock.li a "Malicious E-mail Domain" and implies this is because it's not "publicly available". So, cock.li will once again open to the public on its 10th birthday, 20 November. #StopRansomware

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a

For those who don't remember, a previous CISA advisory which recommended "service providers strengthen their user validation and verification systems to prohibit misuse of their services" shortly predated cock.li going invite only.

https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-116a

I'm sure if cock.li added phone number verification these joint statements would go away. Everyone sees what's happening, you want to force all providers to link to identities so you can surveil people. Cock.li is never adding that bullshit.

privacy is often considered a tabu when talking about money, despite being a well-accepted fundamental human right for other topics. The growing development of high-surveillance financial tools often creates controversy and conflict of interest against privacy cryptocurrencies.

[We] asked ChatGPT to pick three privacy cryptocurrencies:

The AI responded with its top 3 picks being Monero (XMR), ZCash (ZEC), and Dash (DASH).

“Renowned for its unparalleled privacy features, Monero uses ring signatures, ring confidential transactions, and stealth addresses to anonymize all transaction details. By concealing the identities of the sender and receiver, as well as the transaction amount, Monero makes financial data tracking nearly impossible, ensuring complete discretion for the users.”

— ChatGPT-4

For example "3 (1 New)" is understandable: there are 3 comments, of which 1 is new. But I sometimes also see things like "6 (-3 New)", "5 (-1 New)", where the number of new comments is negative. Is this some kind of known bug, or is it by design actually meaning something? It's totally harmless, but weird...

While privacy coins promise enhanced anonymity and financial freedom, they also pose challenges […] they often face heightened regulatory scrutiny, with some governments banning or heavily regulating their use.

the very feature that makes them attractive – their privacy – can also be their Achilles’ heel. […] This dual-edged sword might deter potential new adopters and pose reputational risks for those involved in legitimate uses of privacy coins.

Cryptocurrency privacy is vital for ensuring personal liberty and maintaining fungibility, becoming even more crucial as surveillance and data collection grow. […] a balance of innovative privacy technologies and thoughtful regulation is essential

We all know this; not easy.