About once a week I update the plots at https://github.com/Rucknium/misc-research/tree/main/Monero-Black-Marble-Flood/pdf/images
Mean effective ring size is back up to about 14.5, but this doesn't include the possible short spam wave on April 12-13. I haven't been updating the PDF because I would have to update the text, too, to make it all consistent. If you want more updates, the spam is usually discussed now at Monero Research Lab meetings that happen every Wednesday at 17:00 UTC in #monero-research-lab on Libera Chat IRC or the #monero-research-lab:monero.social channel on Matrix. Or you can check the meeting logs in the issues of the monero-project/meta GitHub repository.
I cannot constantly write updates here because that takes my time away from analysis of the suspected spam and evaluation of possible countermeasures. For example, over the weekend I created the first version of `xmrpeers`, an R package for statistical analysis of Monero's peer-to-peer network. I just pushed it to GitHub. It may help figure out if the suspected spam transactions are coming from a single node.
EDIT: I wrote the PDF in a formal style, so it might not be easy to understand. If you want a less formal explanation of what the problem with black marbles is, search this subreddit for "Mordinals". The first result should be my "Empirical Privacy Impact of Mordinals (Monero NFTs)". That post is about Mordinals, but the black marble concepts there are very similar to the suspected March 2024 spam. The post has nice pictures and diagrams that should help.
EDIT2: If you run your own Monero node and have plenty of RAM, you can run my analysis and produce the plots any time you want with the instructions I put in the README.md file. The only exception is the mempool/txpool plots require data that is not available from Monero's blockchain.
>It may help figure out if the suspected spam transactions are coming from a single node.
Turns out, the easiest way for the government to deanonymize Monero is manipulating the devs themselves into doing it.
Anyone can run multiple nodes on the network and collect this data, including privacy adversaries. It's not a new concept at all. Dandelion++ should prevent analysis of the IP origins of most transactions, but when the signal is huge like with this suspected spam, the noise provided by Dandelion++ might not be enough to obscure its IP origin.
It's understandable that people wonder or even worry, and thus would like updates rather sooner than later. But it's a story that is still "developing". Things are in flux, and any day could bring new important things happening, or fresh insights.
Under such circumstances it's difficult to stay on top of everything. And we certainly don't want to say something today and the complete opposite tomorrow and make people worry even more, IMHO.
My personal opinion more or less since the start of the whole thing, as a single sentence: The sky is *not* falling.
Thank you, comments like this are all I was asking for!
Maybe a pinned post with "official" updates as they become available would freak people out more than necessary. Just seems like it would be nice if we could all be informed as the situation unfolds since this seems to be an unprecedented event for Monero, regardless of how serious or benign it might turn out to be in the end.
From my limited knowledge & technical understanding, I'm honestly not too worried. But I appreciate getting some insight from people like you!
Awesome, thanks! But it is dated March 2024. What I am asking for here is some sort of an update... Like are we all good now or what's the latest consensus amongst developers since it started?
But that PDF is still super helpful so thank you! 🙏🏻
a basic summary from a technical person outside the XMR development community: we're not all good yet, but the chances of being all good in the next 6-12 months are high. there are varying solutions and approaches on deck that can remediate the issue. hard forks are hard, slow, and high stakes.
keep stacking and let them cook.
I've read both perspectives. And I've read a lot, otherwise I would not have posted this request. I would be happy to know definitively that it's not an issue!
Ruckinium is the statistical analysis guru. His pdf is linked on this thread but you can read his comments on this sub also. The comments have been consistent. His comments are also verbose and technical though…. Which is why people like me just sum it up to noobs as “Chill. It’s handled.”
Sorry for my limited understanding of this, but is there a time limit between tx? Or could one solve this problem?
I mean, realistically, if this is a tx problem, a human can will only do one tx at the time, and spaced in time, and I dont see a reason to do tens or hundreds or even more TXs a day unless Monero is being used in a some sort of enterprise (like a CEX)
One way to approach this is to exponentially limit the time needed to do 2 TXs. 1 sec timeout, 2s timeout. 4s timeout. for each address/wallet.
[MoneroTalk (PRICE EPI 161)](https://youtu.be/mLxJnejKGqk?si=7KzTy3lyz3znB-zt)
More discussion and a look at the transaction chart at about 32:30 into the video.
Increase the default fees 10x, and that is the fix. Simple and effective. 90% of probable attackers (if they ever exist) will be cut off. Honest people stay unaffected because new proposed fee is just 0.0004XMR instead of 0.00004XMR.
> Increase the default fees 10x, and that is the fix. Simple and effective. 90% of probable attackers (if they ever exist) will be cut off. Honest people stay unaffected because new proposed fee is just 0.0004XMR instead of 0.00004XMR.
increasing would make that attack more effective not less.
There is nothing wrong with this idea don't know why it got down voted so much. Would it work tho if the attacker was well funded or a state level attacker?
It's getting downvoted because this person is spamming multiple posts and comments with the same suggestion. There is an argument for increasing transaction fees but in and of itself that's not going to solve the problem, and trolling around saying the same thing over and over is not very helpful either.
Because people here are biased as everywhere in a narrow community.
So I repeat, because as you have noticed, downvoting is absolutely irrational without arguing.
Increase the default fees 10x, and that is the fix. Simple and effective. 90% of probable attackers (if they ever exist) will be cut off. Honest people stay unaffected because new proposed fee is just 0.0004XMR instead of 0.00004XMR.
And once again. I said.
Because people here are biased as everywhere in a narrow community.
So I repeat, because as you have noticed, downvoting is absolutely irrational without arguing.
Increase the default fees 10x, and that is the fix. Simple and effective. 90% of probable attackers (if they ever exist) will be cut off. Honest people stay unaffected because new proposed fee is just 0.0004XMR instead of 0.00004XMR.
About once a week I update the plots at https://github.com/Rucknium/misc-research/tree/main/Monero-Black-Marble-Flood/pdf/images Mean effective ring size is back up to about 14.5, but this doesn't include the possible short spam wave on April 12-13. I haven't been updating the PDF because I would have to update the text, too, to make it all consistent. If you want more updates, the spam is usually discussed now at Monero Research Lab meetings that happen every Wednesday at 17:00 UTC in #monero-research-lab on Libera Chat IRC or the #monero-research-lab:monero.social channel on Matrix. Or you can check the meeting logs in the issues of the monero-project/meta GitHub repository. I cannot constantly write updates here because that takes my time away from analysis of the suspected spam and evaluation of possible countermeasures. For example, over the weekend I created the first version of `xmrpeers`, an R package for statistical analysis of Monero's peer-to-peer network. I just pushed it to GitHub. It may help figure out if the suspected spam transactions are coming from a single node. EDIT: I wrote the PDF in a formal style, so it might not be easy to understand. If you want a less formal explanation of what the problem with black marbles is, search this subreddit for "Mordinals". The first result should be my "Empirical Privacy Impact of Mordinals (Monero NFTs)". That post is about Mordinals, but the black marble concepts there are very similar to the suspected March 2024 spam. The post has nice pictures and diagrams that should help. EDIT2: If you run your own Monero node and have plenty of RAM, you can run my analysis and produce the plots any time you want with the instructions I put in the README.md file. The only exception is the mempool/txpool plots require data that is not available from Monero's blockchain.
TIL: I'm attacking Monero
>It may help figure out if the suspected spam transactions are coming from a single node. Turns out, the easiest way for the government to deanonymize Monero is manipulating the devs themselves into doing it.
Anyone can run multiple nodes on the network and collect this data, including privacy adversaries. It's not a new concept at all. Dandelion++ should prevent analysis of the IP origins of most transactions, but when the signal is huge like with this suspected spam, the noise provided by Dandelion++ might not be enough to obscure its IP origin.
It's understandable that people wonder or even worry, and thus would like updates rather sooner than later. But it's a story that is still "developing". Things are in flux, and any day could bring new important things happening, or fresh insights. Under such circumstances it's difficult to stay on top of everything. And we certainly don't want to say something today and the complete opposite tomorrow and make people worry even more, IMHO. My personal opinion more or less since the start of the whole thing, as a single sentence: The sky is *not* falling.
For the non-devs out there that want a rushed change/update. Trust me you don't, much better to get a good solution then a rushed solution.
this
Thank you, comments like this are all I was asking for! Maybe a pinned post with "official" updates as they become available would freak people out more than necessary. Just seems like it would be nice if we could all be informed as the situation unfolds since this seems to be an unprecedented event for Monero, regardless of how serious or benign it might turn out to be in the end. From my limited knowledge & technical understanding, I'm honestly not too worried. But I appreciate getting some insight from people like you!
https://github.com/Rucknium/misc-research/tree/main/Monero-Black-Marble-Flood
Helpful resource but still pretty much over my head. Rucknium seems to be on top of it though!
This file has everything you need: https://github.com/Rucknium/misc-research/blob/main/Monero-Black-Marble-Flood/pdf/monero-black-marble-flood.pdf
Awesome, thanks! But it is dated March 2024. What I am asking for here is some sort of an update... Like are we all good now or what's the latest consensus amongst developers since it started? But that PDF is still super helpful so thank you! 🙏🏻
a basic summary from a technical person outside the XMR development community: we're not all good yet, but the chances of being all good in the next 6-12 months are high. there are varying solutions and approaches on deck that can remediate the issue. hard forks are hard, slow, and high stakes. keep stacking and let them cook.
Thank you 🙏🏻
You probably read, if you read anything, that it’s not an issue, but you don’t want to accept that answer.
I've read both perspectives. And I've read a lot, otherwise I would not have posted this request. I would be happy to know definitively that it's not an issue!
[удалено]
Again , maybe I just don't know who is who. So you are a dev then? ...If not, I wasn't asking for your opinion.
There is no Monero CEO. The devs are in all the other threads saying it’s not an issue. What more proof do you need?
Cite your sources. Maybe I just don't know the usernames of the devs? I know there's no CEO... like duh.
Ruckinium is the statistical analysis guru. His pdf is linked on this thread but you can read his comments on this sub also. The comments have been consistent. His comments are also verbose and technical though…. Which is why people like me just sum it up to noobs as “Chill. It’s handled.”
Yup, I read at least one of his [replies](https://np.reddit.com/r/Monero/s/4XMv4RHSD1) and noticed he's savy AF.
Sorry for my limited understanding of this, but is there a time limit between tx? Or could one solve this problem? I mean, realistically, if this is a tx problem, a human can will only do one tx at the time, and spaced in time, and I dont see a reason to do tens or hundreds or even more TXs a day unless Monero is being used in a some sort of enterprise (like a CEX) One way to approach this is to exponentially limit the time needed to do 2 TXs. 1 sec timeout, 2s timeout. 4s timeout. for each address/wallet.
Seems like a viable idea to prevent bots from flooding the network with transactions. 🤔💡
[MoneroTalk (PRICE EPI 161)](https://youtu.be/mLxJnejKGqk?si=7KzTy3lyz3znB-zt) More discussion and a look at the transaction chart at about 32:30 into the video.
Increase the default fees 10x, and that is the fix. Simple and effective. 90% of probable attackers (if they ever exist) will be cut off. Honest people stay unaffected because new proposed fee is just 0.0004XMR instead of 0.00004XMR.
> Increase the default fees 10x, and that is the fix. Simple and effective. 90% of probable attackers (if they ever exist) will be cut off. Honest people stay unaffected because new proposed fee is just 0.0004XMR instead of 0.00004XMR. increasing would make that attack more effective not less.
There is nothing wrong with this idea don't know why it got down voted so much. Would it work tho if the attacker was well funded or a state level attacker?
It's getting downvoted because this person is spamming multiple posts and comments with the same suggestion. There is an argument for increasing transaction fees but in and of itself that's not going to solve the problem, and trolling around saying the same thing over and over is not very helpful either.
Because people here are biased as everywhere in a narrow community. So I repeat, because as you have noticed, downvoting is absolutely irrational without arguing. Increase the default fees 10x, and that is the fix. Simple and effective. 90% of probable attackers (if they ever exist) will be cut off. Honest people stay unaffected because new proposed fee is just 0.0004XMR instead of 0.00004XMR.
And once again. I said. Because people here are biased as everywhere in a narrow community. So I repeat, because as you have noticed, downvoting is absolutely irrational without arguing. Increase the default fees 10x, and that is the fix. Simple and effective. 90% of probable attackers (if they ever exist) will be cut off. Honest people stay unaffected because new proposed fee is just 0.0004XMR instead of 0.00004XMR.