>“Some Hackers have figured out there is no quick and easy way for a company that receives one of these EDRs (emergency data request) to know whether it is legitimate,” he said. > >“The hackers will send a fake emergency data request along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately.”

How FinCEN May Be Violating Your Rights\ A call to action against FINCEN proposal 2023-0016A\ Written By Preston Pysh

>Eroding Anonymity Through Additional Verification: The mandate for “Additional Customer Identity Verification Measures for Transactions Involving Unhosted Wallets” is a direct affront to privacy and anonymity. This requirement transgresses on the First Amendment’s sanctuary for anonymous speech > >A Direct Assault on Anonymity-Enhanced Currencies: The “Prohibition on the Use of Anonymity-Enhanced Convertible Virtual Currencies (AECVC)” is nothing short of a legislative bulldozer through the edifice of privacy.

See also: Preston Pysh says proposed FinCEN crypto rules violate US Constitution

EDIT: Don’t take this too seriously; do not actually send a donation (unless you really want to, like admiring “Nice photoshopping!” “Thanks for the fun pic”). While it’s entertaining and thought-provoking, using their work this way is ethically questionable too. As @z0rg0n pointed out, one could even see this as a scam. Although it’s a fine work and freedom of expression is more important, this may more properly belong to “Memes”. *** EDIT2: This post and “cool if real” by @alphonse https://monero.town/post/1122495 were created almost at the same time. That was a coincidental post conflict; @alphonse’s post was actually earlier by about 1 hour! *** Is someone crowdfunding a Monero ad in India’s economic newspaper? > Interestingly, a Monero ad could be circulating in India’s traditional English newspaper: The Economic Times. The pseudonymous Stoic, author of “The Monero Standard,” shared a picture of the newspaper’s November 16th edition. In the picture, it is possible to see the paper’s opened front page with a large ad about XMR. > >> “Monero transactions respect your privacy. Can you say that about the INDIAN RUPEE or the U.S. DOLLAR?” > > Moreover, the image also includes a QR-Code for donations in “XMR only,” which suggests its owner is expecting to crowdfund what was spent for this supposed insertion.

! !

> the onchain activities of the attackers were monitored and […] action was taken to freeze the wallets held by the attackers by working with other cryptocurrency exchanges

> a member of the cryptocurrency community questioned how Binance could freeze these funds despite the fact that cryptocurrencies are marketed as not being confiscable by third parties

> Changpeng Zhao […] said that the whole thing is a matter of balance. […] CZ implied that a solution to events such as theft cannot be found in a system that cannot be completely frozen.

> CZ stated that if users use privacy coins such as Monero (XMR), such freezes will not occur, but the stolen funds cannot be returned.

Cf.

• Almost entire balance (2675 XMR) of Community Crowdfunding System (CCS) Monero wallet has been stolen https://monero.town/post/983106
• Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach https://monero.town/post/1045387

PS. See also: Bitcoin can be traced, If you use XMR, then there isn’t much anyone can do https://monero.town/post/1069626

> regulatory scrutiny is shifting towards privacy coins […] Understanding how they will be implemented in systems that are decentralized, where the developers and maintainers often maintain anonymity, is complex.

E.g. Bisq, Haveno

> compliance with these regulations becomes a paradox for such projects since the crux of privacy coins lies in their ability to mask transaction details, which inherently contradicts the essence of regulations […] Therefore, achieving full regulatory compliance for privacy coins may sometimes seem impossible. […] in the UK, the Financial Conduct Authority (FCA) has been proactive in educating consumers about the risks associated with privacy coins but has not implemented bans or specific regulations concerning them.

> in the United States, proposed legislation such as the STABLE Act could further extend the regulatory framework […] it’s plausible that the provisions of the STABLE Act […] could potentially mean that transactions involving privacy coins would need some form of identity verification

> A prime example of a regulatory shift impacting privacy coins is the European Union’s Fifth Anti-Money Laundering Directive (5AMLD) […] these platforms are now obliged to implement customer due diligence measures, […] verifying user identities and monitoring transactions for any signs of activity.

Potentially:

• Alice (unhosted wallet) sends coins to Bob (CEX) -> Alice is also KYCed by the CEX
• Alice (CEX) sends coins to Bob (unhosted) -> Bob is KYCed too

> Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach

https://lemmy.world/post/7993453 i.e. https://monero.town/post/1045387

While there are typical comments like crypto=scam “You have to be quite stupid to support crypto in 2023”, there are also replies like these (with which more people seem to agree, unexpectedly): >It’s designed to protect anyone using it - even attackers. >That’s the price to pay for having privacy. >The alternative is an Orwellian dystopia.

>If you’re going to use Luna, FTX, and NFTs as arguments about something like Monero, […] you probably don’t really understand any of them.

It’s a bit odd that such a discussion is more active on a different Lemmy instance than here, but it’s interesting to hear honest opinions of various people about the incident, about Monero. Maybe your views are different from them, from mine. For example, one person states there that while they know exactly what Monaro is, they’re still skeptical.

>Collateral wallet is 2-3 multi-signature wallet but it doesn't have to be Monero. Bitcoin multi-signature is much more tested and very ease to use using Electrum or similar.

>Option two on this topic would be to use Monero multi-signature to keep Collateral.

Somewhat curious, though not like using xmr speculatively.

• 2023-11-02T15:57 CCS Wallet Incident · Issue #916 · monero-project/meta · GitHub
• 2023-11-04T00:39 [Moonstone Research] Postmortem of Monero CCS Hack: A Transaction Graph Analysis (Dated Nov 03)
• 2023-11-05T07:20 [One of the earliest media reports] Monerujo Wallet User Drains Monero’s CCS Wallet: Report - Coin Edition

Some of the media reports are negatively confusing, like saying the Monero network is defective. Date-Time in UTC.

!

Edit: Moonstone Research -> 2023-11-04T00:39 was based on the server response headers (last-modified). Apparently the blog post was created about 1 hour earlier (the link was posted on Github at 2023-11-03 23:50).

Nothing really new for us. Just one of the earliest media reports for the record.

Edit (2023-11-06): Apparently, one of the earliest reports about the incident by general (“outside”) media is, Monerujo Wallet User Drains Monero’s CCS Wallet: Report [blocking Tor: archive.org], at 2023-11-05T07:20+00:00.

It’s interesting to see how general people are looking at this, and relatedly how they are thinking about Monero, although generally what’s written there is nothing new nor helpful for us (often disturbingly inaccurate even). For this reason I posted a few random links to related articles. You can add more and comment on it, if there are anything interesting or especially stupid 😖

> While privacy coins promise enhanced anonymity and financial freedom, they also pose challenges […] they often face heightened regulatory scrutiny, with some governments banning or heavily regulating their use.

> the very feature that makes them attractive – their privacy – can also be their Achilles’ heel. […] This dual-edged sword might deter potential new adopters and pose reputational risks for those involved in legitimate uses of privacy coins.

> Cryptocurrency privacy is vital for ensuring personal liberty and maintaining fungibility, becoming even more crucial as surveillance and data collection grow. […] a balance of innovative privacy technologies and thoughtful regulation is essential

We all know this; not easy.

Windows user who'd like to try Tor + wallet etc.: if this is your first time, it may take like 10-20 minutes, but everything is easy.

Although there may be a easier shortcut (see below), the regular way is like this:

1. Go to https://www.torproject.org/download/tor/ and get a "Tor Expert Bundle" (get one that says 64 if your CPU is 64-bit). To open this ".tar.gz" file, you may need a tool like 7-zip. (*1)
2. Open (decompress) it to get a .tar; open (untar) this .tar, and you'll see two folders ("data" and "tor") there. Copy these 2 folders (with everything inside them) to a new folder, created wherever you like.
3. Open the "tor" folder, and double click on tor.exe. If asked, allow it to run and allow it to make remote connections. A text-based window (console) appears with status messages (read them to see if it's working). That's it. You're now running your own copy of Tor.

Once this is ready, you can optionally Tor-ify any tool that supports proxy (Socks5) server. Go to the "Network" or "Proxy" settings of the tool (e.g. Monero Official GUI), and input the proxy server address "127.0.0.1" (without quotes), port number "9050", and if necessary, select the type of your proxy, "Socks5". Your login name and password (if asked) can be empty or anything random (*2).

(*1) Technically, you're supposed to verify a PGP sig here. For now, let's say if you download a file from (archive.)torproject.org, it should be safe.

(*2) Similarly, you can Tor-ify other tools, e.g. a chat tool, a BitTorrent client. A regular browser can be also Tor-ified but that's a bit tricky and usually unnecessary: for web browsing, using Tor Browser is a good idea.

Official GUI vs. Feather (about Tor)

• Official GUI: Tor is not used by default. You'll have to do manual settings and run your own copy of Tor, like above.
• Feather: Tor is used automatically. That's easy. However, according to the docs, Tor is NOT ALWAYS used by default, unless you select "Always over Tor" or you're on Tails, etc. Another potential problem of Feather is, if you automatically use Tor coming with Feather, you might be stuck with an old version of Tor. This is because Tor tends to be updated more often than Feather. A solution is…

The same page states: > Feather releases are bundled with a Tor binary. If the presence of a local Tor daemon on the default port (9050) is not detected, Feather will place the bundled Tor binary in the config folder and run it on port 19450.

This should mean, if Tor is already listening to 9050, then Feather will just use it. So, if you'd like to: Feather + Latest version of Tor = also easy (just like Official GUI + Tor).

Elsewhere I saw some kind of confusion like "Feather does everything via Tor, yet it's fast" "Since Feather does everything via Tor, don't use it on Tails, which is already on Tor" etc. etc. and felt that this should be clarified and the fact should be shared. This confusion about Tails is kind of understandable, though.

A possible shortcut: If you already have Tor Browser, and if you start it, Tor Browser's Tor is listening to 9150 (I think). Thus you should be able to do wallet etc. + Tor 9150 (instead of 9050), if you don't mind always opening Tor Browser. This might feel easier…

> In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN [sécuriser et réguler l'espace numérique] Bill would force browser providers to create the means to mandatorily block websites present on a government provided list.

--France’s browser-based website blocking proposal will set a disastrous precedent for the open internet

[Unfortunately one should no longer trust Mozilla itself as much as one did 10 years ago. If you do sign, you might want to use a fake name and a disposable email address.]

This bill is obviously disturbing. It could be that eventually they assume that .onion sites are all suspicious and block them, or something similar might happen, which would be bad news for privacy-oriented users including Monero users, for freedom of thought, and for freedom of speech itself. Note that the EU is going to ban anonymous domains too (in NIS2, Article 28).

For a regular end user, if something like this happens and if the block is domain-name-based, then one quick workaround would be using web.archive.org (or Wayback Classic), or ANONYM ÖFFNEN of metager.de (both work without JS). If this is France-specific, of course a French user could just get a clean browser from a free country too (perhaps LibreWolf or Tor Browser, or even Tails), provided that using a non-government-approved browser is not outlawed.

Mozilla, financially supported by Google, states that Google Safe Browsing is a better solution than SREN, but that too has essentially similar problems and privacy implications; especially Gmail's Enhanced Safe Browsing is yet another real-time tracking (although, those who are using Gmail have no privacy to begin with, anyway).

If it's DNS-level blocking, you can just use a better DNS rather than one provided by your local ISP, or perhaps just use Tor Browser. Even if it's browser-side, as long as it's open-source, technically you're free to modify source code and re-compile it yourself, but that may not be easy even for a programmer, since a browser is complicated, with a lot of dependencies; security- and cryptography-related minor details tend to be extremely subtle (just because it compiles doesn't mean it's safe to use), especially given that Firefox/Thunderbird themselves really love to phone home behind the user's back.

See also: Will Browsers Be Required By Law To Stop You From Visiting Infringing Sites?

> Having free and open-source tools and a decentralized way of fighting back and reclaiming some of that power is very important. Because if we don’t resist, we’re subject to what somebody else does to us

While Tor is useful in several situations, probably we shouldn't believe in it blindly. For clearnet, LibreWolf is a great option too, and I2P might be the future.

>The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption.

>Requiring government-approved software in peoples’ messaging services is an awful precedent. If the Online Safety Bill becomes British law, the damage it causes won’t stop at the borders of the U.K.

Random thoughts...

Even if platform-assisted end-to-end encryption (pseudo e2e) is censored, perhaps we could still use true user-to-user encryption. If "end" means the messenger software itself or a platform endpoint, then the following will be true e2e - "pre-end" to "post-end" encryption:

1. Alice and Bob exchange their public keys. While using a secure channel for this is ideal, a monitored channel (e.g. a normal message app) is okay too for the time being.
2. Alice prepares her plain text message locally: Alice.txt
3. She does gpg -sea -r Bob -o ascii.txt Alice.txt
4. Alice opens ascii.txt, pastes the ascii string in it to her messenger, sends it to Bob like normally.
5. So Bob gets this ascii-armored GPG message, and saves it as ascii.txt
6. gpg -d -o Alice.txt ascii.txt, and he has the original Alice.txt
7. He types his reply locally (not directly on the messenger): Bob.txt
8. gpg -sea -r Alice -o ascii.txt Bob.txt and sends back the new ascii string
9. Alice gets it, so she does gpg -d -o Bob.txt ascii.txt to read Bob.txt

In theory, scanning by government-approved software can't detect anything here: Alice and Bob are simply exchanging harmless ascii strings. Binary files like photos can be ascii-armored too.

Admittedly this will be inconvenient, as you'll have to call gpg manually by yourself. But this way you don't need to trust government-approved software at all, because encryption/decryption will be done by yourself, before and after the ascii string goes through the insecure (monitored) channel.

> Congress is trying to push through a swarm of harmful internet bills that would severely impact human rights, expand surveillance, and enable censorship on the internet. On July 20, we’re launching a week of action to get loud about our opposition to legislation like KOSA and EARN IT and demanding that Congress focus on passing badly needed comprehensive privacy legislation to actually protect us from the harms of big tech companies and data brokers, instead of pushing through misguided legislation before August congressional recess.

Can someone explain what this does using only two words?

>google extortion

>more ads

>surveillance capitalism

See also: Web Environment Integrity API Proposal | Hacker News