A set of translated and written books.
Let’s say Maria wants to purchase a car from George. In this chapter, we’ll consider three different ways she can do this: via traditional banks, transparent cryptocurrencies (e.g. Bitcoin), and Monero.
If Maria sends the money to George through the traditional banking system, she and George must trust three intermediate parties (their respective banks, and a payment system that acts as an intermediary between the two banks) to symbolically move the funds for them.
There is no actual movement of physical bills or assets; each bank simply edits its respective database to show that the funds have been transferred. When Maria submits the transaction to her bank (whether by wire transfer, her bank’s website, or an application), the payment system (meaning the intermediary) asks Maria’s bank to subtract $2,500 from her account on its ledger. The system also contacts George’s bank, and requests that it add $2,500 to his balance.
The key component of the transaction is the mutual trust of the banks. Though current banking systems are governed by strict laws and solid standards well-recognized within the financial sector, this system still entails some risk, and has drawbacks as well.
Maria, George and the banks must all act on faith, assuming that transactions are legitimate and ledgers correct. This trust in third-party intermediaries poses a risk, as a nefarious actor (or the banks themselves) could “create” money by fraudulently editing the ledger balances or the transaction database.
Furthermore, Maria does not actually have possession of the $3,900; instead, she has a formal written promise from her bank, which she trusts is redeemable at will. She has no way to audit her bank to verify whether they actually have the $3,900 set aside for her. In fact, they may not, because most banks legally operate on fractional reserves. This means the bank is legally required to possess only a fraction of the total amount promised to account owners.
Depending on how the funds are sent, it could take anywhere from minutes to days before the $2,500 shows up in George’s bank account. Because George is not privy to the banks’ ledgers or communications, the entire process is opaque, and cannot be monitored.
Those who have not personally experienced economic disruption take it for granted that banks will continue to function, and that their IOU’s will be honored. Surprisingly few individuals consider the troubling implications of entrusting their life’s savings to opaque corporations. Often, they put all their financial eggs in one institutional basket.
Many other issues and dark patterns of the modern payment system deserve mention. One of these is negligence by the bank operator while (for example) shifting assets from one account to another. This can happen for any number of reasons, including overwork, failure to follow established procedures, and poor working conditions.
And while it’s possible to develop a digital system that automatically checks for errors (or crimes) by financial personnel, this is an imperfect solution at best, because defining what such a system should look for turns out to be more than a little challenging.
As well, the system’s own processes would inevitably slow the speed of the transactions it monitors. As recent news reports have amply demonstrated, bank operators can do pretty much anything they want, even with such systems in place. The problem is fundamental: digital assets can be edited.
And, as mentioned, banks essentially operate using funds that do not exist. If all customers tried to withdraw their money at the same time, the banks would implode because they don’t have the actual money on-hand. Then there are things like malice and corruption: a hacker or bank employee draining your assets.
Quite aside from all that, banking hours have always been an issue, especially on weekends and holidays (which vary by country). Transactions sent during bank holidays face delays or failures, and customers are unable to walk a bank and withdraw funds if their card has been lost or stolen. Online banking still works for deposits, but—even there—often imposes daily limits. ATM withdrawals also impose daily limits.
Moreover, it’s always possible the bank will flag any given transaction as suspicious, or block legitimate transactions because the customer’s name is similar to someone else’s. Such flags are raised by algorithms that score transactions based on a seemingly infinite trove of personal data and metadata relating to purchases, phone calls, locations, vehicles, relationships, even coincidental colocations with suspicious persons. These algorithms essentially act as judge, jury and executioner on all transactions and every party thereto.
We have also to think about the creation of money, and who controls that process. At the moment, most major economies revolve around central banks managed by private entities (like the Federal Reserve in the United States), or large corporations controlled by governments (like the ECB or Europe Central Bank). In each case, those who oversee the process determine the number of bank notes to be created, and the initial distribution of those notes.
There is no transparency in the modern monetary system. No authority – corporate or governmental – knows how many American dollars or Euros are in circulation at any given moment. In those cases where central banks release annual “transparency reports,” the data cannot be audited by private citizens.
On top of all this, the private citizen faces another worrisome issue: counterfeiting. How can anyone be sure the bank notes they’re holding are “real” and not fake? Physical bank notes do have elements designed to mitigate this danger, but high-resolution scanners and printers can overcome some of these. Other such elements are not common knowledge, and so people fail to look for them. An ideal payment system would identify and remove fake bank notes from circulation.
An ideal monetary would make it impossible to create money simply by “printing” or digitally creating more. Unfortunately, today’s official monetary systems consider the ability to create money out of thin air a feature rather than a bug. Which is why we have a counterfeiting problem in the first place.
Current financial systems also present an attractive target for state actors. Because of globalization and the increasing interdependence of national economies, indiscretions, speculation or secret agreements among governments can create dire crises for other states. And economies can be attacked in times of war, declared or otherwise.
Summing up, there was a for an economic system that could guarantee the fundamental aspect of trustworthiness, using a verification system that anyone could audit at will. But how to guarantee this? A distributed and decentralized system was proposed—and quickly ran into the “Byzantine generals” problem. Imagine a Byzantine general in the field, who needed to communicate with others to coordinate an attack. Everyone in the circle of communication knows that any given message may be fake (delivered by an enemy), and that reliance on a false message could prove disastrous. But how can anyone know whether the message they receive is the real thing?
Today, we face this same problem of consensus in the economic arena. How can we know that any given transaction is legitimate?
Thankfully, the emerging blockchain technology is capable of mitigating the above risks by creating a distributed ledger that all parties can use, view, and verify. Agreement on the veracity of shared information across a decentralized network is called consensus. This is the basis of all cryptocurrencies.
The terminology can be confusing at first, especially when newcomers are introduced to multiple jargony concepts. It may help to think of “blockchain" as a technology that allows networks to establish “decentralized consensus” agreements. By enabling strangers to safely share a ledger, it becomes possible to build “cryptocurrencies” that function like digital cash. And just as there are multiple fiat currencies like Euros, dollars, yen, etc., so various teams have built different cryptocurrencies like Monero, Ethereum, Bitcoin an so on.
Many people believe that gold is a good alternative to centralized fiat currencies. It was after all the most recognized and successful form of money for thousands of years. One of gold’s most important aspects is its unique atomic composition, which is both rare and incredibly stable. But gold relies on physical scarcity to retain value, and is also heavy to carry around. Because of this, it lacks many of the “ideal currency” characteristics set forth by philosophers and economists throughout history.
Aside from being heavy and difficult to transport, gold requires physical security, like security guards and storage facilities. Gold is not easily divisible, and exchanging assets for gold is an old, slow, and inconvenient process. Modern payments must be fast and simple, and executable in the digital realm.
Just as it’s possible to become internet-savvy without first studying DNS servers and the IPv6 protocol–anyone can learn about Monero and its blockchain without understanding the mathematics or cryptography that make it work. Accordingly, this chapter focuses on key concepts and vocabulary, without digging into the technical details (which you can find in chapters [XX] and [XX], if that’s your thing).
The term blockchain refers to a particular method of securing records in a database shared by all network users. The blockchain is groundbreaking because it’s a “trustless system;” individuals retain full autonomy over their funds, there is no central authority, and each participant can easily verify and audit the system. Thus, there’s no need to trust a black box created by a government or central bank.
Anyone in the world is welcome to act as a network maintainer, and each participant keeps the others honest by verifying the blockchain. When users broadcast information to be placed on the blockchain, network maintainers group these transactions into blocks, and use cryptographic tools to finalize the records and permanently link them to the blockchain.
This process might take seconds or minutes, because it needs to verifythat each transaction is correct. Likewise, each time a new block is mined, nodes rush to analyze the transactions it contains, and also that the block itself is legitimate. If deemed correct by the majority of nodes, the transaction (or block) will be executed.
Once data is sealed on the blockchain, it cannot be deleted, moved, or altered in any way. The record is permanent, and each participant on the network has a matching copy of the blockchain for its own verification. Most cryptocurrency blockchains employ a clever mining model that encourages network participation to keep all records honest and synchronized. Because there is no single server or central database that can be maliciously attacked or manipulated—or that can simply fail—blockchains are incredibly robust.
These decentralized systems are also trustless, because each participant in the network maintains and verifies their own copy of the blockchain, instead of relying on a third party (again, like a bank) to do it for them. Given that blockchains provide a global system for tamperproof recordkeeping, they are extremely well-suited for storing financial data. The first modern distributed blockchain debuted with Bitcoin in 2008.
On October 31st 2008, an anonymous individual or group known as Satoshi Nakamoto published a whitepaper describing “Bitcoin: A Peer-to-Peer Electronic Cash System.” This world-changing document laid out the framework for the open-source decentralized Bitcoin cryptocurrency and the revolutionary blockchain technology that made it possible.
The objective of the paper was to illustrate how the Bitcoin system could allow digital money transfers without the need for third-party intermediaries. Instead, Bitcoin would rely on a network of users to verify the accuracy of transactions recorded on the blockchain.
Any cryptocurrency consists of three different elements working together:
The protocol: a set of rules that each participant must follow in order to take part in the network. The protocols define the requirements of valid transactions;
The blockchain: an ever-lengthening chain recorded transactions, each link or “block” of which contains a smaller group of recorded transactions that is digitally joined to neighboring blocks, and;
A decentralized network of participants who update, store, and read the transaction ledger without the help of any third-party intermediary.
Figure 1.1 (in the first section, above) explained how money sent through the traditional banking system requires multiple transactions, separate ledgers, and trusted banks and intermediaries. The banks authorize the transaction after verifying that the sum of money being moved from Maria’s to George’s account is compatible with the availability of their current funds. But as we’ve seen, blockchain technology makes banks unnecessary for transaction processing.
Figure 1.5 (below) shows how Maria can send money to George by transferring 10.5 Bitcoin from her address (1BuUygisXY) to an address controlled by George (1eK5FSywkp). This example references Bitcoin (BTC) for convenience, but almost all cryptocurrencies employ the same kind of public ledger.
Cryptocurrencies have two groups of participants: miners (also called extractors) who create coins and blockchains, and users who seek to exchange money. When transactions are completed, miners update the ledger—which is then sent to all users, who then store their own updated copies.
Cryptocurrency rules (collectively called the protocol) align the incentives of all participants, because everyone benefits from a reliable payment technology that doesn’t require blind trust in a system rife with fraud, vulnerable to hackers, and perpetually on the verge of collapse.
In addition to its transfer and verification functions, the protocol determines the supply of Bitcoin itself. That is, the protocol controls the creation of new Bitcoins by miners. There will never be more than 21 million Bitcoins in the world, because that is the maximum number the protocol will allow. This prevents the value of Bitcoin from being destroyed by inflation and other government and central bank pastimes. Thus, all Bitcoin users have a vested interest in the protocol.
There is a cost to the standards for adding new blocks to the ledger. In most cases, this cost comes from the fact that each block requires a “proof-of-work” or PoW, which is a mathematical proof that a certain amount of computational work has been performed. Doing this work requires expensive equipment and power usage (more information on this in chapter X “Mining process”).
Because the proof-of-work process can be compared to the process of “digging up” rare numbers through laborious calculations, it is often referred to as “mining.” In return for their work, miners receive transaction commissions from users and, if and when specified by the protocol, newly minted coins.
All miners and all users check each ledger update, which prompts miners to include only valid transactions in their blocks. Such transactions must be initiated by the legitimate fund owners, and cannot be double-spend attempts. If a ledger update includes an invalid transaction, it is rejected by the network, and the miner receives no reward for the work done on that update. The protocol specifies the terms of consensus regarding the legitimacy of ledger updates.
Imagine for a moment that two different nodes announce two different blocks. If there were no pre-established rules—no protocol—any node could decide which block should be added, and the first node to do so would determine the final block order. Protocols, on the other hand, demand that a great many nodes verify every block before it is officially added to the blockchain.
Typically, potential problems are avoided by creating incentives for individual miners to follow the computational majority of all other miners when announcing new blocks. This coordination is necessary, for example, to resolve cases where communication delays might cause different miners to add conflicting updates that include different sets of transactions.
The blockchain is an incredible technology, the potential of which has barely been tapped. The blockchain is now where the Internet was in the 90s: evolving so fast that it’s hard to map out the full potential.
Soon after the first implementation of blockchain with Bitcoin, many IT people and classical economists theorized that a network in which each node (computer) keeps a copy of the whole—and potentially shares its copy with every other node—would be impossible. They also thought cryptocurrencies would be too unstable to exchange for government currencies. They were wrong—as were those so-called experts who pronounced the blockchain “a useless and bloated technology.”
Now things have gone the other way, and some people see blockchain as a one-size-fits-all solution for every conceivable data management problem. “Blockchain” has become a buzzword used by people who have no idea what the word actually means, or what a blockchain really does.
There are too many projects out there making absurd promises (“We’ll make you rich!”) with their initial coin offerings (ICOs)—a sort of advance funding round to launch a new cryptocurrency into the market. Predictably, many of these overhyped projects fail—leading the uninformed to associate the terms “blockchain” and “scam.”
To better understand blockchain and cryptocurrencies (and avoid scams), we need to know a bit about databases. A database is basically a library of data, organized in a way that (ideally) makes data entry, modification and retrieval easy. It might help to think of virtual shelves supporting the data in cyberspace.
Present-day databases are organized by size, structure, and technology used. There are two types of databases: centralized and distributed. Centralized databases organize data into tables, and are essentially centralized—that is, stored and maintained at a single point on the network. If the central point fails for any reason, your data is put at risk. Distributed databases are decentralized, and spread their data across multiple network nodes. Blockchain technology is well suited to decentralized environments, and those where centralized authorities are either not present or not wanted.
Selling other “types” of blockchains (meaning anything other than a blockchain for cryptocurrencies) would be like selling dry water. Interestingly, the same banks decried by Bitcoin adherents are now chasing the holy grail of the “permissioned blockchain.” They fear cryptocurrencies because they can’t be controlled—but the banks also want to acquire Bitcoin’s underlying technology for themselves.
Permissioned blockchains are similar to standard blockchains, but exist within a permission-based network with a centralized authority that makes decisions and determines which nodes can write to or read from the database. The owner or operator can overwrite, modify or delete any entry at will. Because “permissioned blockchains” are centralized by design, they are not true blockchains. In fact, you might say they’re a scam—capitalizing on the blockchain name without providing real blockchain-level security. They are essentially the same old system, repackaged with a catchy new name.
There are unscrupulous consultants and consulting companies out there, selling “permissioned blockchains” to banks and other interested parties, but these are blockchains in name only, and rely on technology that’s been around since the 1990s.
To determine whether any given project is employing real blockchain tech, ask yourself these 5 questions:
If your answers are “nanoseconds, only me, almost no one other than my employees, admin privileges, yes,” then you are talking about a very common centralized database (MySQL, MongoDB, etc.) technology that has nothing to do with a true blockchain.
In many ways, the finance industry is tied to legacy architectures, many of which are the result of layered upgrades that were implemented over decades and are now difficult to replace without crashing the system. Issues like efficiency, cost of platform migration, security and a lack of reliable alternatives also factor in. But the end user—the consumer—has few if any of these concerns.
Blockchain’s benefits include:
Speed and simplicity: Maria’s money is transferred to George in one step, updating a single ledger. While bank and wire transfers can take days or weeks to clear because of the verification process, cryptocurrency ledgers typically update in seconds to minutes. Blockchain carries digital information via the global internet, which is the fastest way to communicate.
No third-party risks: Maria and George rely on their own cryptographically-secured, self-maintained wallets—instead of placing their money and trust in the hands of third parties.
Pseudo-anonymity: Unlike banks, cryptocurrency ledgers never associate real names with accounts. In fact, personal information is never necessary for generating a cryptocurrency wallet. George will access his funds pseudonymously, using his key for the address (1eK5FSywkp)—to which Maria transferred the money from her account (1BuUygisXY).
Bitcoin and the other cryptocurrencies that followed triggered a financial revolution that’s still unfolding. These new decentralized “crypto” networks make it possible for anyone to store and transfer funds globally, at their own discretion. Prior to cryptocurrencies, it was difficult to store large amounts of wealth without trusting your savings to banks or credit unions. Likewise, transferring money to others required reliance on third-party payment processors for checks, wire transfers or credit/debit cards.
Thanks to cryptocurrencies, people can exercise their basic financial rights without reliance on and approval from external institutions. Any device (computer, phone, tablet) can be used to initialize a new, fully functioning cryptocurrency wallet that can receive, store, and send funds. There is no identification, fee, or authorization required, because the system identifies users by addresses that look like random strings of numbers and letters instead of personally identifiable details like names, phone numbers and street addresses.
Most cryptocurrencies are pseudo-anonymous, with their users are identified by unintelligible strings of letters and numbers rather than personal identifiers. When you receive a cryptocurrency payment, you do not learn the sender’s name; instead, you receive the funds from an address such as: 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa.
While this preserves privacy in some ways, it also exposes some sensitive information. Recall that every participant in a decentralized blockchain system can access a complete copy of the entire blockchain record. In the context of cryptocurrencies, this ledger is used to ascertain the account balance for any given address.
Hence, there is a permanent record of every account balance and transaction. In fact, several helpful websites (block explorers) allow you to search the blockchain for any address or transaction.
Suppose you run a shop, and one of your customers pays for a loaf of bread from the Bitcoin address 3P3QsMVK89JBNqZQv5zMAKG8FK3kJM4rjt. You can instantly check on the blockchain and see that his account has received more than 5,000 Bitcoins! Knowing that your customer handled $250,000,000 recently, you might be inclined to charge more in the future—or to rob the client tonight. This privacy issue presents a personal security risk—if your real identity is somehow linked to your crypto account.
In addition to knowing your customers’ balances, you can also see every transaction they’ve ever made: the amount, the timestamp, and the crypto address of every party involved. Analysis of transaction history and activity can be used to profile your spending patterns, income, savings and associates.
A significant amount of your sensitive personal information can be exposed if your pseudo-anonymous blockchain identity is linked to your real-life identity (during an online purchase or while registering for a cryptocurrency exchange, for example). Often the owner of an account can be revealed with a little bit of research. For instance, if you search for the two Bitcoin addresses listed above, you’ll find they belong to Satoshi Nakamoto and the Pineapple Fund charity, respectively.
Several companies exist solely to track and deanonymize transparent blockchains. For example, Elliptic offers an interactive explorer that shows the flow of funds between Satoshi, payment processors, exchanges, forums, marketplaces, gambling services, charities, known individuals, and other services.
Figure 1.6 shows a screenshot detailing significant Bitcoin transactions in the early 2010s, including connections between mining pools, Mt. Gox, and one of the most famous illegal e-commerce sites, the Silk Road marketplace.
Companies like Elliptic are often integrated with businesses like exchanges. That way, they can connect transactions to people via the American KYC (“Know Your Customer”) policy that requires banks, exchanges and the like to identify registered users for the government. Scorechain is another blockchain analysis company, which uses heuristic programs to assign trustability scores to individual transactions. There are now more than 10 companies constantly monitoring the flow of transparent cryptocurrencies.
Take a moment to consider the valuable sensitive information that you generate every day: credit card transactions, search phrases, products and services viewed and purchased, social media interactions and so on. All of this information is routinely recorded and monetized by banks, payment processors, giant tech/data companies and governments.
Information may include tax and employment records, physical attributes, financial circumstances, benefits from social, housing and employment-training programs, health and insurance information, addresses, identities of family and friends, sexual orientation and political affiliation, property ownership, education, and on and on and on. Basically the same kind of information your bank and cell phone service provider has access to.
This mass collection of data results in a centralization of your personal and private information, which is collected in vast treasure troves that make attractive targets for hackers and black market resale. It is quite probable that your personal details (such as name, address, email, phone number, etc.) are already in the public domain without your knowledge, perhaps connected with your demographic and/or marketing dossier—courtesy of the combined efforts of your government, bank, cell carrier, insurer, favored merchants etc. But that doesn’t mean you want malicious actors knowing about your crypto holdings.
It only takes one data leak to expose your information to others. Personal data is routinely collected through social media, e-commerce, marketing surveys, download forms, GPS and many other routes.
Consider the recent Equifax, Target, Home Depot, Uber, and Panera data breaches. In many cases, both personal and financial information were compromised, placing millions of individuals and their cards at risk. In addition to these data breaches (mentioned in the first edition of this book), Ledger, Facebook and many other companies have now been breached as well. Despite the fact that information security is making great strides, the amount of data exposed “accidentally” or during breaches—both of which are usually caused by negligence on the data-holder’s part—continues to rise.
Data breaches are not the only concern. Big data and tech companies carefully record your online activities so they can profile your preferences and “serve you better” (which mostly means sell your information to advertisers). But this data can also be leveraged for more questionable purposes, like manipulating your feelings or your voting behavior—as with the Cambridge Analytica case.
Anything that a company tracks about you may end up stolen, resold or otherwise unethically used. You should exercise great caution regarding your digital footprint, since information cannot be “unleaked” after your personal details have been exposed.
“Privacy” has become little more than a marketing buzzword. Even in the EU, laws regulating the management of personal information (GDPR or LPGD) are not enough to prevent unethical and illegal data collection.
Right now, privacy is conspicuously absent from mainstream economic and commercial systems. Traditional payment processors, banks and transparent cryptocurrencies leave very clear trails that are used to study, surveil, and profit from you. Once collected, the data is beyond your control.
The only guaranteed way to exercise your right to financial privacy is to avoid revealing personal information in the first place. To be completely safe, we need secure interactions that cannot be linked to your identity, your other transactions, or any other data that relates to you. For reasons explained below, the best tool to accomplish this is Monero.
MONERO (pronounced /mōnĕrō/, plural moneroj) is a leading cryptocurrency with a focus on private and censorship-resistant transactions. The openly verifiable nature of most cryptocurrencies (Bitcoin and Ethereum, for example) allows anyone in the world to track your money. Furthermore, if you have a lot of crypto, links between your financial records and your personal identity may jeopardize your safety.
To avoid these dangers, Monero uses powerful cryptographic techniques to create a network that allows parties to interact without revealing the sender, the recipient, or the amount of any given transaction. Like other cryptocurrencies, Monero has a decentralized ledger that all participants can download and verify for themselves.
But with Monero, a series of mathematical calculations is used to conceal all sensitive details and so prevent blockchain tracking. Monero’s privacy features allow the network to assess the validity of every transaction and determine whether the sender has a sufficient account balance to initiate the transaction—without actually knowing the parties’ identities, the transaction amount or account balances. No one inside (or outside) the network can view anyone else’s information.
One of Monero’s defining features is its philosophy of enforced privacy by default. Users are specifically prevented from initializing transactions that are accidentally or intentionally insecure; the network will not accept revealing transactions. Monero users reap all the benefits of a decentralized trustless financial system, without risking the security and privacy downsides of a transparent blockchain.
There’s no need for anything like the 73-page “How to make Bitcoin private” manual, because privacy is baked into the system. With other, transparent-blockchain cryptos, even experts find it difficult to maintain privacy because it’s not enforced at the protocol level. Monero makes things easy.
Figure 1.7 shows how Maria pays George for a car, using Monero. The process is functionally the same as the cryptocurrency transaction shown in figure 1.5, but with the sensitive information cryptographically obscured. Data like account balances and transaction amounts are marked with “***” in the diagram, because no outside observer can see or decrypt these values. (The mechanics behind Monero’s unique privacy features are discussed in chapters 3 and 5, the latter a technical discussion.)
Monero was designed with the following principles in mind:
Network decentralization: The Monero network and ledger are globally distributed. There is no single server or database that can be maliciously hacked, controlled, or censored. If a government were to shut down every Monero node in its country, or attempt to limit who can send or receive Monero, the effort would fail because the rest of the world would still maintain the network and continue processing transactions.
Financial security: The Monero network is self-secured by incorruptible cryptographic mechanisms, so there is no need to trust a third party to hold your funds or make your transactions for you. Every Monero user can verify the ledger’s validity—so you don’t even need to trust the node operators. (You can learn more about Monero’s secure cryptographic techniques in chapter 5.)
Financial privacy by default: Unlike most blockchain systems, which achieve strong security at the expense of privacy, Monero affords complete privacy without weakening security. Transaction amounts, sender identity and recipient identity are all obfuscated on the blockchain, so your Monero storage and spending activities are untrackable (unless you share personal information about yourself).
Fungibility: The term fungibility refers to assets whose units are considered indistinguishable and interchangeable. For example, imagine that you let your neighbor borrow a kilogram of flour for a cake. When they give you back anther kilogram next week, it will be just that—another kilogram of the same brand. It’s all the same, because you can’t tell the difference between them. Now, if your neighbor borrows your car, you probably want the same one back. Because cars are not fungible; they’re not indistinguishable from each other.
Monero’s fungibility is a feature of its sophisticated privacy features, because the obfuscated transaction record obscures the “history” of all Monero. If you let your friend borrow one Monero, they can return any other Monero; because each is indistinguishable from any other, it makes no difference—and, unlike fiat currencies, there are no serial numbers. This particular quality may seem like a minor nuance; however, fungibility is critical for any currency in practical use (examples below).
This section will cover some of the risks and difficulties encountered when using insecure cryptocurrencies. For simplicity’s sake, these examples refer to “Bitcoin” as the prototypical transparent-blockchain currency. But these same drawbacks are present in essentially all other cryptocurrencies (aside from Monero).
Price manipulation: Let’s say Sofia is the only mechanic in a small town. One of her customers pays for an oil change with Bitcoin. Sofia later looks up his address on the ledger and sees that his wallet holds enough Bitcoin to buy a new Lamborghini. The next time he needs a repair, she doubles her prices. If the customer had used Monero instead, Sofia would be unable to view his balance or use that information to manipulate prices.
Financial surveillance: Oleg’s parents send him some Bitcoin to pay for textbooks, then snoop on his Bitcoin address and activity. A few months later, Oleg sends some leftover Bitcoin to the public donation address for an organization his parents wouldn’t approve of. He doesn’t realize that his parents are monitoring his Bitcoin activity—until he receives a furious email berating him for the donation. If Oleg had used Monero, his family would never know about the donation.
Supply chain privacy: Kyung-seok owns a small catering business for local events, and takes payment in Bitcoin. A larger competitor uses blockchain tracing to identify Kyung-seok’s best clients, then uses the list to contact them with a better deal. Had Kyung-seok taken payment in Monero instead, his transaction history could not have been exploited to poach his customers.
Discrimination: Ramona finds her dream apartment in a great neighborhood, conveniently close to her new job. Every month, she pays her rent promptly and in Bitcoin. But the landlord—who despises gambling—notices that home of her payments track back to a legal online casino, and declines to renew the lease. If Ramona had paid the rent with Monero instead, she’d still have an apartment.
Transaction security/privacy: Sven sells a guitar to a stranger, and gives the buyer a Bitcoin address from his long-term savings wallet. The buyer checks the blockchain, sees the large sum of money that Sven has saved up, and later robs him at gunpoint. If Sven had given a Monero address, this wouldn’t have happened.
Tainted coins: Larry sells some of his artwork online, accepting Bitcoin for payment. When he later tries to pay his college tuition, he’s shocked to receive an “Invalid Payment” notice from the school. It turns out that one of his paintings was purchased with Bitcoin stolen during an exchange hack. Because the school rejects payments from a blacklist of “tainted” Bitcoins, they refuse to mark the bill as paid. Larry is in an extremely difficult position: the Bitcoin that he saved has already been transferred out of his account, but his tuition remains unpaid. The entire situation could have been avoided if Larry had been paid with Monero, which—because of its fungibility—cannot be tracked or blacklisted.
Stable alternative to local currencies: The (corrupted) government of Eurasia has promulgated the last economics law that includes a sky-high inflation. Even if government sources have assured there will be no impact, Charles is looking for an alternative to the local currency. An alternative one may be Monero, untouched from contrived moves related to economy.
Political troubles: Arthur donates few dollars’ worth of Bitcoin to Wikileaks, a “discussed” organization that discloses secret information on war crimes and other illegal government activities. Immediately after the payment, the iSpyChain company decreases his social credit, after which Arthur’s insurance rates go up because of “suspicious transactions.” With Monero, Arthur’s participation in the transaction would not have been discovered.
Clearly, Monero is the safest and most secure crypto from a privacy standpoint. But even so, it’s important to keep in mind that all cryptocurrencies are relatively new technologies, and there may be no such thing as “perfect privacy.” If keeping a particular payment secret is a matter of life and death, it may be risky to use any cryptocurrency for that transaction.
Monero is an open-source project, actively developed by cryptography and distributed systems experts all over the world. Many of these developers freely donate their time to The Monero Project. Others are funded by the Monero community, allowing them to focus solely on this project.
The decentralized nature of Monero’s development team has several benefits when compared with a centralized corporation or other organization. The Monero Project is a living entity greater than any of its parts or contributors; because both the network and the development team are spread across the globe, it cannot be shut down by any single country.
The term open-source means that the source code (software blueprint) is made publicly available for anyone to inspect. The alternative is closed-source software, where developers deliver a final compiled product (binaries such as .exe files) that cannot be opened and studied. Closed-source software is a black box whose actual instructions cannot be examined. By using this kind of software, you’re trusting the developer and the distributor.
The problem with this (aside from malicious development or government-mandated backdoors) is that even a well-intentioned developer may make a mistake that hackers later discover and exploit. When it comes to cryptocurrencies, use only open-source software that has been audited by independent parties who have verified that there is no malicious code, accidental mistake, or flawed implementation.
The cryptocurrency community has embraced open-source software from the very start: Bitcoin was released as a public white paper and open-source, community-built code, which stood in stark contrast to the opaque and proprietary decision structure endemic to fiat (government-backed and unsecured) currencies. The open-source philosophy itself predates even Bitcoin, going back some 25 years; more than 5,000 coders have contributed to the open-source Linux kernel, which is now widely considered the most secure operating system on earth.
The Monero Project is entirely open-source. The developers use GitHub for version control, which allows anyone to easily review every single line of proposed code to be added, removed, or modified. Over 240 developers have contributed to, reviewed and tested the Monero code, which drastically lowers the likelihood that any errors have been overlooked. (Developers can find more information about interacting with Monero’s codebase in chapters XX and XX.)
Development team transparency is very important for community trust, especially with cryptocurrencies. Monero development discussions occur in open IRC channels, and the Monero Project website hosts a public archive of meeting logs.
A more detailed history of blockchain technologies and their roots can be found in Chapters XX and YY. Note that many of the details on the strange birth of Cryptonote (and the people behind it) remain unknown.
It took few months for Bitcoin creator Satoshi Nakamoto to realize that the Bitcoin blockchain did not take user privacy into account. Many threads on the early “BitcoinTalk” forum revolved around privacy concerns with Bitcoin and any other transparent cryptocurrencies that might appear in the future. The early adopters of cryptocurrencies had to wait many for blockchain privacy measures to be implemented.
In 2013, Nicolas van Saberhagen published the “CryptoNote” white paper, a technical protocol that defined the aspects of privacy technologies for cryptocurrencies. Van Saberhagen identified problems and limits with the then-current implementation of Bitcoin. There was of course the rather large issue of transaction traceability. But van Saberhagen also believed that block dimensions should be unlimited, and that there should be no fixed coin emission.
It was all theoretical at first, but a few months after the white paper was published, van Saberhagen’s protocol became the foundation for several crypto coins. The first of these was Bytecoin. Like Bitcoin’s Satoshi Nakamoto, the creator of Bytecoin remained anonymous, and promoted the coin on a Bitcointalk thread. The markets were excited about Bytecoin’s apparent potential to surpass Bitcoin’s privacy features and number-of-transactions processed.
Some aspects of Bytecoin appeared dubious under close scrutiny. Bitcointalk member thankful_for_today investigated the distribution curve, and noted that approximately 82% of the coins had already been emitted, so the circulating coin supply was potentially dangerously centralized.
It turned out that 151 billion of the 184 billion planned Bytecoins were already in the hands of unknown individuals. That was a huge centralization issue. The project also became known for some “unexplained” technical quirks (illogically slow functions, obfuscated code without comments) that made the coin neither ready for use nor compatible with an open-source model.
There were also several unclear details regarding the Cryptonote protocol’s creation. Despite the many announcements made by the development team, many aspects of “Cryptonote’s “origin story” were blatantly fabricated after the fact.
Ultimately, Bytecoin’s greedy premine (the process by which founders take coins for themselves before anyone else can mine them) undercut Bytecoin’s credibility and practicality. Fortunately, thankful_for_today recognized the value in CryptoNote’s features, and incorporated them into a new crypto project centered around a strong, community-driven development team. The Monero cryptocurrency—spearheaded by thankful_for_today—launched in April of 2014. The coin was originally named “BitMonero,” and was then shortened to “Monero,” the Esperanto word for “coin.”
In 2014, the first block of Monero (dubbed the “genesis block”) was finally created, and the first community members—including tacotime, eizh, NoodleDoodle, smooth, and fluffypony—focused on the code, rewriting and improving the miner-derived Bytecoin implementation. Monero’s currency abbreviation started out as “MRO”, but that turned out to be the ISO code for Mauritania’s national currency, so the abbreviation was changed to “XMR.”
Maintaining the coin’s privacy has always been a priority for the Monero team. They made further improvements over the years, introducing the Ring Confidential Transaction (see Chapters XX and YY)—a technology that better conceals transaction amounts—and improving Monero’s “historical” technologies like Ring Signature and Stealth Addresses (see Chapter 3).
Numerous wallet apps were created, spanning many devices. These include mobile apps like Monerujo (August, 2017) and CakeWallet (January, 2018); more information on these in Chapter 2. Desktop programs include the official GUI (released in 2016), and Feather (2020).
To avoid centralization, Monero’s developers sought a way to prevent the use of dedicated mining devices (which tend to centralize mining activities in the hands of those who can afford them). They first tried to change the proof-of-work algorithms (CryptoNightv0, CryptoNightv1, and CryptonightR), then changed course and developed an entirely new algorithm called RandomX—which drastically changed the game for miners. RandomX is the current PoW algorithm, and is based on the concept of “random work zones” (more on this in chapter XX)—which greatly hinder the usefulness (and therefore development) of dedicated mining hardware.
As more users joined the network, the development team sought ways to lower user fees, eventually creating Bulletproofs—a more efficient transaction protocol that cut transaction fees by 80%. Network-based blockchain analysis has been blocked by employing Dandelion++ (see chapters 3 and XX for technical details).
Monero Research Lab, developers and users continue to explore further improvements and new ways to ensure financial privacy on the Monero blockchain. Recent developments include Trypich and atomic swaps—the latter making it possible to directly exchange Monero for transparent cryptocurrencies and vice versa, with no third party involvement.
Monero was carefully engineered for general use, while also incorporating things like fungibility and transaction privacy. As discussed in the section “Real-life Monero case studies” (above), significant practical issues arise with financial systems that fail to protect user privacy.
The very features necessary to keep Monero safe for day-to-day users are unfortunately also appealing to those wishing to conceal illicit activity. Monero is not specifically designed to facilitate illegal activity—a bane which has plagued every currency since the first money was put into use, thousands of years ago. But the scale of illegal transactions conducted using cryptocurrencies is dwarfed by the staggeringly vast amount of criminal activity that occurs every day with fiat currencies like Euros, Rupees, Yen and dollars.
And it’s become evident that some of the biggest banks on the planet have no issue laundering billions of dollars for terrorists and drug cartels—making the idea that cryptos somehow cater to criminals ridiculous. The next time you see such an accusation, take a look at who’s making it, and consider the source—which is likely a government, central bank or financial institution whose very existence is in large part dependent upon inflatable fiat currencies that essentially steal value from everyone.
Monero mining is designed to be compatible with computers, phones, tablets and most web browsers. This allows anyone to enter the mining ecosystem without the need for costly, dedicated mining equipment. Hackers have taken advantage of this accessibility to create exploitative programs and websites that secretly hijack resources to mine Monero for the attacker. The Monero community has responded with the Malware Response Workgroup (see chapter XX), which provides education, tools and live support to combat malicious software.
The creators of Mastering Monero are excited about the currency’s widespread use for personal and business applications. We hope readers will use Monero ethically and often. You can discover online stores that accept Monero through Project Coral Reef, and there are several websites that make it easy to mine philanthropically—supporting nonprofits like UNICEF Australia, BailBloc, and Change.org.
TODO Comment
SerHack says:
I’m considering to move this subsection to the end of the book.