When using Nault with a wallet that has several accounts open, one is able to change the representative of all of the addresses at the same time.
I think that the way this is processed is that multiple blocks “Change” blocks will be submitted to set the same representative one right after the other.
Is it fair to say that, after taking this action, those accounts are correlated? Meaning that an interested person would be able to determine a correlation with a good degree of certainty by inspecting the ledger.
Or are there some strategies in place to obfuscate this?
In general delegating to the same account would provide some degree of correlation since you are all in the group of “supports this rep”. You can look up reps and see what accounts have delegated to them which would probably be the first thing to do if you were trying to track an entity.
Personally I try to set the reps individually and to different reps because of this issue you are bringing up.
Heading more towards theory of what’s possible but may not be widely practiced yet… I would contemplate the fact that correlation would mainly be for a specific set of transactions in a specific time period, since with zero fees, it’s actually possible to constantly shift addresses and so the receive tree… I think the combinations would get unwieldy pretty quickly for sleuthing any one who is determined to hide themselves. Simplest way rn would be to send it to exchange and then withdraw a different amount to a different account. However, if you have an uncommon balance, and let’s say you split it into only two withdraws, someone keen might be able to guess your next accounts to be correlated as well. But I think the more times this process is repeated among multiple accounts and transactions the harder it gets to say anything meaningful. Spreading out your balances among accounts, reps, and time, I think it would be pretty difficult for anyone to key into the nano you are holding onto.
Privacy is pretty low on my concerns atm, because of the zero fees and quick transactions. Losing track of keys is my number one worry to securing the nano I have. And then I guess using related services, for example if nano.garden logs ips, accounts, stores them indefinitely, and is or willing to provide that information to someone who wants to track you, that would be another privacy rabbit hole. But basically from my view, I would say you have to expect someone really really wants to track you before worrying much about privacy. And the general question to ask to maximize privacy would be, how do I further blend into the crowd?
This response kind of ballooned 😅 I’ve thought a decent amount about this in the past.
In general delegating to the same account would provide some degree of correlation since you are all in the group of “supports this rep”. You can look up reps and see what accounts have delegated to them which would probably be the first thing to do if you were trying to track an entity.
That’s true, and especially so if the rep is not a very popular. But what I am talking about is more specifically about what happens if you change All of your accounts in the wallet, using this menu:
I think that this would send all of the change blocks one next to the other, so it would be a cluster of associated blocks from which it is easy to determine a relationship.
Simplest way rn would be to send it to exchange and then withdraw a different amount to a different account
It is also possible to leverage the privacy properties of Monero and non-KYC crypto exchanges to have very private XNO. If you buy XMR with fiat through an exchange, withdraw that, and then buy XNO with XMR in a no-KYC crypto exchange you will have untraceable XNO.
for example if nano.garden logs ips, accounts, stores them indefinitely,
The Lemmy code itself does not keep any IP logs. But it would be possible to determine a user’s IP by checking the authentication token that was provided by an IP to create a post or comment. The logs that would allow me to do that are the logs saved by the reverse proxy (Nginx) which routes the requests made to the server. It is useful to keep those logs for a short period of time in case of a DDoS or some other malicious actors trying to mess with the server. But there is rarely a very good reason to keep them for longer than a few hours, so I delete them often.
Still, it would be possible for my server provider to keep logs themselves, or even their internet service provider, so when it comes to online privacy I think that it is better NOT to trust, and instead take pro-active steps to protect one’s privacy. Like using a VPN or TOR, and trying to use separate isolated accounts as much as possible.