[porcine-flight]

The key assumption which underlies tracking UTXOs is that the people sending UTXOs to each other have some sort of real-world relationship and they are both using the same blockchain.

But this is not necessarily true. Two strangers could meet anonymously in an online chat and agree to trade e.g. Bitcoin for Ethereum using a cross-chain atomic swap. In this case the transactions occur on two separate chains, and any available metadata is likely very hard or perhaps impossible for a third party to discover.

[dgrin91]

Cross-chain swaps are an extremely rare, very power user move. If you discount them you're still left with the vast majority of transactions on the chain. I would guess over 99.9999% Most people who want a cross-chain trade just use an exchange like Coinbase.

But even if we decide to include cross-chain swaps, its not untraceable at all. You still need to verify hashes match up, its just an extra hop to have an oracle look on the other chain.

[vmception]

I'm not sure how rare they are.

And it really depends on the surveillance vector.

For example, I'm not worried about the government having records, via a subpoena, but I don't want customers, merchants, random blockchain sleuths and pencil pushers having any usable information.

As such, I often trade with OTC desks. OTC desks have reportedly had more volume than deposit/withdrawal-based exchanges for years. This is not a "lit" market, it is the opposite.

When I trade with an OTC desk, they give me a new address, and they send me the other crypto I asked for at an agreed upon price. OTC desk addresses are not giant labelled hot/cold exchange wallets that everyone watches on a block explorer. So when you are following a transaction on chain, lets say it was bitcoin you felt was stolen because thats a circumstance where people watch the transactions, you and others would assume that the transfers to new addresses are all the thief attempting to hide their tracks, and then everyone waits until some of that bitcoin is transferred to a known exchange wallet to then notify the exchange, hoping to freeze the assets as well as identify a KYC'd user. What nobody knows is that the actual bitcoin changed ownership amongst distinct humans 10 addresses ago. The "thief" being followed already received a completely different cryptocurrency from the OTC desk, ages ago and there is no way of knowing that. If the person actually committed a crime, then in this model the OTC desk has records if anyone identifies the OTC desk instead of simply inconveniencing or framing the person that received tainted bitcoin to their KYC'd account.

I wouldn't be surprised if the wrong people are getting inconvenienced or even charged with their tainted cryptocurrencies more often. Don't use surveillance coins.

I often transfer digital assets to Monero for any reason, and then when I want fiat I sell the Monero to an OTC desk.

Or if the amounts are too small (OTC desk minimums are often $100,000), I convert the Monero to another large cryptocurrency and cash that out on an exchange.

[sgp_]

I work in compliance for an OTC desk that supports Bitcoin, Ethereum, Monero, others: https://dvchain.co

We conduct AML on everyone who is onboarded, but we're of the opinion that trades should not be public information.

[phire]

The metadata for cross-chain swaps are stored right on the blockchains for everyone to see.

The same time-locked hashes which make atomic swaps safe, permanently tag both sides of a completed atomic swap transaction with a unique hash making it easy to link them together.

Atomic swaps are not designed to prevent tracking of funds.

[nickthemagicman]

As a noob to this stuff, what if BTC was sent through a Monero chain? Isn't Monero purported to be super anonymous?

[sgp_]

Monero has a significantly higher "base level" privacy than other cryptocurrencies, and it's great for many use-cases. However, it still has limitations. You should check out the Breaking Monero series: https://www.monerooutreach.org/breaking-monero/

[hnthrower]

Yes this would be better as far as on-chain privacy goes. Although something to consider is liquidity issues.

[qes]

> Although something to consider is liquidity issues.

Right... if you have tens to hundreds of millions of U.S. dollar's worth.

[porcine-flight]

Monero uses special techniques to obfuscate activity on its chain, increasing the cost of chainanalysis significantly. However, for an attacker that is well funded (e.g. NSA) it's likely a very small challenge to overcome.

Besides brute-force tracking of the chain, a clever way to track cryptocurrency users (including Monero users) is to add backdoored cryptocurrency wallets/apps into app stores and capture the data at the point it is created, just as Facebook/Whatsapp capture keystroke input in realtime. This is probably even cheaper than breaking Monero's obfuscation techniques, and also works well against better privacy technologies such as Zcash.

[DarthGhandi]

> However, for an attacker that is well funded (e.g. NSA) it's likely a very small challenge to overcome.

Yeah that's a solid "citation needed", you are talking about breaking serious cryptographic assumptions there.

[vmception]

> and also works well against better privacy technologies such as Zcash.

It's not even worth responding to this person.

I'm not sure there is an educational moment with people like this.

For the record, to anyone passing by, I and many others view things in the opposite way. Zcash is less private, it operates in two states with the default state being just like bitcoin, with a separate state having opt-in privacy. Many/most Zcash users think they are using the opt-in state by default which is unfortunate. The Zcash opt-in state is not as anonymous as Monero and is easier to deanonymize and harder to use best practices to thwart. Zcash is developed and run by a US based company which can be much more easily coerced than a distributed team like Monero has doing open source work that collectively funds development when necessary. Zcash organization has budget for advertisement. It is suspicious that Zcash followers present an alternate reality so opposite to this that it is gaslighting, and does exactly what people are worried a centralized VC backed US based company would do.

[RandomBacon]

A Zcash user recently made a challenge for anyone to tell where his coins came from that went from taddress->zaddress->zaddress->taddress. The winner only had to look at past transactions and find the same coin amount to find the original t-address.

That is why privacy-by-default is very important, and why right now Monero should be considered more private.