https://www.fatf-gafi.org/publications/fatfrecommendations/documents/virtual-assets-red-flag-indicators.html submitted by
Red Flag Indicators Related to Anonymity
- This set of indicators draws from the inherent characteristics and vulnerabilities associated with the underlying technology of VAs. The various technological features below increase anonymity and add hurdles to the detection of criminal activity by LEAs. These factors make VAs attractive to criminals looking to disguise or store their funds. Nevertheless, the mere presence of these features in an activity does not automatically suggest an illicit transaction. For example, the use of a hardware or paper wallet may be legitimate as a way to secure VAs against thefts. Again, the presence of these indicators should be considered in the context of other characteristics about the customer and relationship, or a logical business explanation.
Transactions by a customer involving more than one type of VA, despite additional transaction fees, and especially those VAs that provide higher anonymity, such as anonymity-enhanced cryptocurrency (AEC) or privacy coins.
Moving a VA that operates on a public, transparent blockchain, such as Bitcoin, to a centralised exchange and then immediately trading it for an AEC or privacy coin.
Customers that operate as an unregistered/unlicensed VASP on peer-to-peer (P2P) exchange websites, particularly when there are concerns that the customers handle huge amount of VA transfers on its customer’s behalf, and charge higher fees to its customer than transmission services offered by other exchanges. Use of bank accounts to facilitate these P2P transactions.
Abnormal transactional activity (level and volume) of VAs cashed out at exchanges from P2P platform-associated wallets with no logical business explanation.
VAs transferred to or from wallets that show previous patterns of activity associated with the use of VASPs that operate mixing or tumbling services or P2P platforms.
Transactions making use of mixing and tumbling services, suggesting an intent to obscure the flow of illicit funds between known wallet addresses and darknet marketplaces.
Funds deposited or withdrawn from a VA address or wallet with direct and indirect exposure links to known suspicious sources, including darknet marketplaces, mixing/tumbling services, questionable gambling sites, illegal activities (e.g. ransomware) and/or theft reports.
The use of decentralised/unhosted, hardware or paper wallets to transport VAs across borders.
Users entering the VASP platform having registered their Internet domain names through proxies or using domain name registrars (DNS) that suppress or redact the owners of the domain names.
Users entering the VASP platform using an IP address associated with a darknet or other similar software that allows anonymous communication, including encrypted emails and VPNs. Transactions between partners using various anonymous encrypted communication means (e.g. forums, chats, mobile applications, online games, etc.) instead of a VASP.
A large number of seemingly unrelated VA wallets controlled from the same IP-address (or MAC-address), which may involve the use of shell wallets registered to different users to conceal their relation to each other.
Use of VAs whose design is not adequately documented, or that are linked to possible fraud or other tools aimed at implementing fraudulent schemes, such as Ponzi schemes.
Receiving funds from or sending funds to VASPs whose CDD or know-your- customer (KYC) processes are demonstrably weak or non-existent.
Using VA ATMs/kiosks – o despite the higher transaction fees and including those commonly used by mules or scam victims; or o in high-risk locations where increased criminal activities occur. A single use of an ATM/kiosk is not enough in and of itself to constitute a red flag, but would if it was coupled with the machine being in a high-risk area, or was used for repeated small transactions (or other additional factors).
First, a bit of introduction before we get into the living drama that is Brian Krebs.
Brian Krebs has been a journalist for decades, starting in the late 90s. He got his start at The Washington Post
, but what he's most famous for are his exposes on criminal businesses and individuals who perpetuate cyber crime worldwide. In 2001, he got his interest in cybercrime piqued when a computer worm locked him out of his own computer. In 2005, he shifted from working as a staff writer at The Washington Post's
tech newswire to writing for their security blog, "Security Wire". During his tenure there, he started by focusing on the victims of cybercrime, but later also started to focus on the perpetrators of it as well. His reporting helped lead to the shutdown of McColo, a hosting provider who provided service to some of the world's biggest spammers and hackers. Reports analyzing the shutdown of McColo estimated that global spam volume dropped by between 40 and 70 percent. Further analysis revealed it also played host to child pornography sites, and the Russian Business Network, a major Russian cybercrime ring.
In 2009, Krebs left to start his own site, KrebsOnSecurity
. Since then, he's been credited with being the first to report on major events such as Stuxnet and when Target was breached, resulting in the leakage of 40 million cards. He also regularly investigates and reveals criminals' identities on his site. The latter has made him the bane of the world of cybercrime, as well as basically a meme, where criminals will include references like Made by Brian Krebs in their code, or name their shops full of stolen credit cards after him
One of his first posts on his new site was a selection of his best work
. While not particularly dramatic, they serve as an excellent example of dogged investigative work, and his series reveal the trail of takedowns his work has documented, or even contributed to.
And now, a selection of drama involving Krebs. Note, all posts are sarcastically-tinged retellings of the source material which I will link throughout. I also didn't use the real names in my retellings, but they are in the source material. This took way too long to write, and it still does massively condense the events described in the series. Krebs has been involved with feuds with other figures, but I'd argue these tales are the "main" bits of drama that are most suited for here.
Fly on the Wall
By 2013, Krebs was no stranger to cybercriminals taking the fight to the real world. He was swatted previously
to the point where the police actually know to give him a ring and see if there'd actually
been a murder, or if it was just those wacky hackers at it again. In addition, his identity was basically common knowledge to cybercriminals, who would open lines of credit in his name, or find ways to send him money using stolen credit cards.
However, one particular campaign against him caught his eye
. A hacker known as "Fly" aka "Flycracker" aka "MUXACC1" posted on a Russian-language fraud forum he administered about a "Krebs fund". His plan was simple. Raise Bitcoin to buy Heroin off of a darknet marketplace, address it to Krebs, and alert his local police via a spoofed phone call. Now, because Krebs is an investigative journalist, he develops undercover presences on cybercrime forums, and it just so happened he'd built up a presence on this one already.
Guys, it became known recently that Brian Krebs is a heroin addict and he desperately needs the smack, so we have started the "Helping Brian Fund", and shortly we will create a bitcoin wallet called "Drugs for Krebs" which we will use to buy him the purest heroin on the Silk Road. My friends, his withdrawal is very bad, let’s join forces to help the guy! We will save Brian from the acute heroin withdrawal and the world will get slightly better!
Fly had first caught Krebs' attention by taunting him on Twitter, sending him Tweets including insults and abuse, and totally-legit looking links. Probably either laced with malware, or designed to get Krebs' IP. He also took to posting personal details such as Krebs' credit report, directions to his house, and pictures of his front door on LiveJournal, of all places.
So, after spotting the scheme, he alerted his local police that he'd probably have someone sending him some China White. Sure enough, the ne'er-do-wells managed to raise 2 BTC, which at the time was a cool $200 or so. They created an account on the premiere darknet site at the time, The Silk Road
under the foolproof name "briankrebs7". They found one seller who had consistently high reviews, but the deal fell through for unknown reasons. My personal theory is the seller decided to Google where it was going, and realized sending a gram of dope into the waiting arms of local law enforcement probably wasn't the best use of his time. Still, the forum members persevered, and found another seller who was running a buy 10 get 2 free promotion. $165 of Bitcoin later, the drugs were on their way to a new home. The seller apparently informed Fly that the shipment should arrive by Tuesday, a fact which he gleefully shared with the forum.
While our intrepid hero had no doubt that the forum members were determined to help him grab the tail of the dragon, he's not one to assume without confirmation, and enlisted the help of a graduate student at UCSD who was researching Bitcoin and anonymity on The Silk Road
, and confirmed the address shared by Fly was used to deposit 2 BTC into an account known to be used for money management on the site.
By Monday, an envelope from Chicago had arrived, containing a copy of Chicago confidential. Taped inside were tiny baggies filled with the purported heroin. Either dedicated to satisfied customers, or mathematically challenged, the seller had included thirteen baggies instead of the twelve advertised. A police officer arrived to take a report and whisked the baggies away.
Now, Fly was upset that Krebs wasn't in handcuffs for drug possession, and decided to follow up his stunt by sending Krebs a floral arrangement shaped like a cross, and an accompanying threatening message addressed to his wife, the dire tone slightly undercut by the fact that it was signed "Velvet Crabs"
. Krebs' curiosity was already piqued from the shenanigans with the heroin, but with the arrival of the flowers decided to dive deeper
into the сука behind things.
He began digging into databases from carding sites that had been hacked, but got his first major breakthrough to his identity from a Russian computer forensics firm. Fly had maintained an account on a now-defunct hacking forum, whose database was breached under "Flycracker". It turns out, the email Flycracker had used was also
hacked at some point, and a source told Krebs that the email was full of reports from a keylogger Fly had installed on his wife's computer. Now, because presumably his wife wasn't part of, or perhaps even privy to her husband's illicit dealings, her email account happened to be her full legal name, which Krebs was able to trace to her husband. Now, around this time, the site Fly maintained disappeared from the web, and administrators on another major fraud forum started purging his account. This is a step they typically take when they suspect a member has been apprehended by authorities. Nobody knew for sure, but they didn't want to take any chances.
More research by Krebs revealed that the criminals' intuition had been correct, and Fly was arrested in Italy, carrying documents under an assumed name. He was sitting in an Italian jail, awaiting potential extradition to the United States, as well as potentially facing charges in Italy. This was relayed to Krebs by a law enforcement official who simply said "The Fly has been swatted". (Presumably while slowly removing a pair of aviator sunglasses)
While Fly may have been put away, the story between Krebs and Fly wasn't quite over. He did end up being extradited to the US for prosecution
, but while imprisoned in Italy, Fly actually started sending Krebs letters. Understandably distrustful after the whole "heroin" thing, his contacts in federal law enforcement tested the letter, and found it to be clean. Inside, there was a heartfelt and personal letter, apologizing for fucking with Krebs in so many ways. He also forgave Krebs for posting his identity online, leading him to muse that perhaps Fly was working through a twelve-step program. In December, he received another letter, this time a simple postcard with a cheerful message wishing him a Merry Christmas and a Happy New Year. Krebs concluded his post thusly:
Cybercrooks have done some pretty crazy stuff to me in response to my reporting about them. But I don’t normally get this kind of closure. I look forward to meeting with Fly in person one day soon now that he will be just a short train ride away. And he may be here for some time: If convicted on all charges, Fly faces up to 30 years in U.S. federal prison.
Fly ultimately was extradited. He plead guilty
and was sentenced to 41 months in jail
vDOS and Mirai Break The Internet
Criminals are none too happy when they find their businesses and identities on the front page of KrebsOnSecurity
. It usually means law enforcement isn't far behind. One such business was known as vDOS.
A DDOS-for-hire (also known as a "booter" or a "stresser") site that found itself hacked, with all their customer records still in their databases leaked. Analysis of the records found that in a four-month time span, the service had been responsible for about 8.81 years worth of attack time, meaning on average at any given second, there were 26 simultaneous attacks running. Interestingly, the hack of vDOS came about from another DDOS-for-hire site, who as it turns out was simply reselling services provided by vDOS. They were far from the only one. vDOS appeared to provide firepower to a large number of different resellers.
In addition to the attack logs, support messages were also among the data stolen. This contained some complaints from various clients who complained they were unable to launch attacks against Israeli IPs. This is a common tactic by hackers to try and avoid unwanted attention from authorities in their country of residence. This was confirmed when two men from Israel
were arrested for their involvement in owning and running vDOS. However, this was just the beginning for this bit of drama.
The two men arrested went by the handles "applej4ck" and "Raziel". They had recently published a paper on DDOS attack methods in an online Israeli security magazine. Interestingly, on the same day the men were arrested, questioned, and released on bail, vDOS went offline. Not because it had been taken down by Israeli authorities, not because they had shut it down themselves, but because a DDOS protection firm, BackConnect Security, had hijacked the IP addresses belonging to the company. To spare a lot of technical detail, it's called a BGP hijack, and it basically works by a company saying "Yeah, those are our addresses." It's kind of amazing how much of the internet is basically just secured by the digital equivalent of pinky swears. You can read some more technical detail on Wikipedia
. Anyway, we'll get back to BackConnect.
Following the publication of the story uncovering the inner workings of vDOS, KrebsOnSecurity
was hit with a record breaking DDOS attack
, that peaked at 620/Gbps, nearly double the most powerful DDOS attack previously on record. To put that in perspective, that's enough bandwidth to download 5 simultaneous copies of Interstellar
in 4K resolution every single second, and still have room to spare. The attack was so devastating, Akamai, one of the largest providers of DDOS protection in the world had to drop Krebs as a pro bono client. Luckily, Google was willing to step in and place his site under the protection of Google's Project Shield, a free service designed to protect the news sites and journalists from being knocked offline by DDOS attacks.
This attack was apparently in retaliation for the vDOS story, since some of the data sent in the attack included the string "freeapplej4ck". The attack was executed by a botnet of Internet of Things (or IoT) devices. These are those "smart" devices like camera systems, routers, DVRs. Basically things that connect to the cloud. An astounding amount of those are secured with default passwords that can be easily looked up from various sites or even the manufacturers' websites. This was the start of a discovery of a massive botnet that had been growing for years.
Now time for a couple quick side stories:
Dyn, a company who provides DNS to many major companies including Twitter, Reddit, and others came under attack
, leaving many sites (including Twitter and Reddit) faltering in the wake of it. Potentially due to one of their engineers' collaboration with Krebs on another story. It turned out that the same botnet that attacked Krebs' site was at least part of the attack on Dyn
And back to BackConnect, that DDOS protection firm that hijacked the IP addresses from vDOS. Well it turns out BGP Hijacks are old hat
for the company. They had done it at least 17 times before. Including at least once (purportedly with permission) for the address 18.104.22.168. Aka, "leet". It turns out one of the co-founders of BackConnect actually posted screenshots of him visiting sites that tell you your public IP address in a DDOS mitigation industry chat, showing it as 22.214.171.124. They also used a BGP Hijack against a hosting company and tried to frame a rival DDOS mitigation provider.
Finally, another provider, Datawagon was interestingly implicated in hosting DDOS-for-hire sites while offering DDOS protection
. In a Skype conversation where the founder of Datawagon wanted to talk about that time he registered dominos.pizza and got sued for it, he brings up scanning the internet for vulnerable routers completely unprompted. Following the publication of the story about BackConnect, in which he was included in, he was incensed about his portrayal, and argued with Krebs over Skype before Krebs ultimately ended up blocking him. He was subsequently flooded with fake contact requests from bogus or hacked Skype accounts. Shortly thereafter, the record-breaking DDOS attack rained down upon his site.
Back to the main tale!
So, it turns out the botnet of IoT devices was puppeteered by a malware called Mirai. How did it get its name? Well, that's the name its creator gave it, after an anime called Mirai Nikki
. How did this name come to light? The creator posted the source code online
. (The name part, not the origin. The origin didn't come 'til later.) The post purported that they'd picked it up from somewhere in their travels as a DDOS industry professional. It turns out this is a semi-common tactic when miscreants fear that law enforcement might come looking for them, and having the only copy of the source code of a malware in existence is a pretty strong indicator that you have something to do with it. So, releasing the source to the world gives a veneer of plausible deniability should that eventuality come to pass. So who was this mysterious benefactor of malware source? They went by the name "Anna-senpai".
As research on the Mirai botnet grew, and more malware authors incorporated parts of Mirai's source code into their own attacks, attention on the botnet increased, and on the people behind it. The attention was presumably the reason why Hackforums, the forum where the source code was posted, later disallowed ostensible "Server Stress Tester" services from being sold on it
. By December, "Operation Tarpit"
had wrought 34 arrests and over a hundred "knock and talk" interviews
questioning people about their involvement.
By January, things started to come crashing down. Krebs published an extensive exposé on Anna-senpai
detailing all the evidence linking them to the creation of Mirai. The post was so big, he included a damn glossary. What sparked the largest botnet the internet had ever seen? Minecraft. Minecraft servers are big business. A popular one can earn tens of thousands of dollars per month from people buying powers, building space, or other things. It's also a fiercely competitive business, with hundreds of servers vying for players. It turns out that things may have started, as with another set of companies, two rival DDOS mitigation providers competing for customers. ProTraf was a provider of such mitigation technology, and a company whose owner later worked for ProTraf had on at least one occasion hijacked addresses belonging to another company, ProxyPipe. ProxyPipe had also been hit with DDOS attacks they suspected to be launched by ProTraf.
While looking into the President of ProTraf, Krebs realized he'd seen the relatively uncommon combination of programming languages and skills posted by the President somewhere else. They were shared by Anna-senpai on Hackforums. As Krebs dug deeper and deeper into Anna-senpai's online presence, he uncovered other usernames, including one he traced to some Minecraft forums where a photoshopped picture of a still from Pulp Fiction
contained the faces of BackConnect, which was a rival to ProTraf's DDOS mitigation business, and another face. A hacker by the name of Vyp0r, who another employee of ProTraf claimed betrayed his trust and blackmailed him into posting the source of another piece of malware called Bashlite. There was also a third character photoshopped into the image. An anime character named "Yamada" from a movie called B Gata H Hei
Interestingly, under the same username, Krebs found a "MyAnimeList" profile which, out of 9 titles it had marked as watched, were B Gata H Hei
, as well as Mirai Nikki
, the show from which Mirai derived its name. It continues on with other evidence, including DDOS attacks against Rutgers University, but in short, there was little doubt in the identity of "Anna-senpai", but the person behind the identity did contact Krebs to comment. He denied any involvement in Mirai or DDOS attacks.
"I don’t think there are enough facts to definitively point the finger at me," [Anna-senpai] said. "Besides this article, I was pretty much a nobody. No history of doing this kind of stuff, nothing that points to any kind of sociopathic behavior. Which is what the author is, a sociopath."
He did, however, correct Krebs on the name of B Gata H Kei
Needless to say, the Mirai botnet crew was caught, but managed to avoid jailtime
thanks to their cooperation with the government. That's not to say they went unpunished. Anna-senpai was sentenced to 6 months confinement, 2500 hours of community service, and they may have to pay up to $8.6 million in restitution
for their attacks on Rutgers university.
I don't have the time or energy to write another effortpost, and as is I'm over 20,000 characters, so here's a few other tidbits of Krebs' clashes with miscreants.
Dev meeting? Would say so, yes The people are still exhausted from the payment ID meeting :) Guess we could ping some people vtnerd, moneromooo, hyc, gingeropolous, TheCharlatan, sarang, suraeNoether, jtgrassie Anyone up for a meeting? Yep I'm here Here o/ Perhaps we should just start and people will eventually hop in? oof sorry guys, I'm working on the new FFS and I forgot all about this. Got a couple of new volunteers. This literally might be able to launch tomorrow. I know that. It's called "flow" :) I could run if you're out of time? go for it dEBRUYNE you guys are going to like this new FFS. We're like 99% done. Hi rehrar: someone else do the milestone thing already? All right, jtgrassie, perhaps you'd to start w/ briefly describing your most recent PR? https://github.com/monero-project/monero/pull/5091 oneiric, xiphon did everything like....everything As far as I can see, it allows the user to push his transaction over I2P, thereby masking the origin IP of the sendeuser great And it hooks into vtnerd's PR right? Sure. It basically just builds on vtnerds Tor stuff. sorry dEBRUYNE Really not much added. I have it running and tested. From the perspective of the user, what needs to be configured exactly? Nice Assuming the PR is included in the release binaries I'm using knacccs i2p-zero duirng testing but will of course work with any i2p setup sorry dEBRUYNE <= Np Looks a little like dams breaking, now that we have some dark clouds over Kovri and people take matters into their own hands ... User needs to run i2p, expose a socks service and and inbound tunnel. Basically same as Tor Okay, so should be reasonable as long as we write proper documentation for it (e.g. an elaborate guide) rbrunner, yes, knaccc credit for jumping on i2p-zero really dEBRUYNE: documentation monero side is kindof done. i2p side is very much implementation specific. I suppose we could write some guides for the most popular implementations? e.g. i2p-zero aims to be zero conf, but i2pd or Kovri would be differnet. I see, great vtnerd___: Do you want to add anything? could amend the current kovri guide for monero use from --exclusive-peer to the new proxy support Now I have i2p-zero running and tested with the #5091, I plan to jump back over to helping knaccc on getting that polished. I added support for socks proxy in the basic wallets ^ excellent Yes vtnerd___ I havent tested it yet but looks sweet. So connections to `monerod` over Toi2p are possible within wallet cli and wallet rpc Awesome This also implies auth+encryption even if ssl is not in use (when using an onion or i2p address) All right moneromooo: are you here? If so, could you perhaps share what you've been working on? I am. I revived the SSL PR, more stuff on multi sender txes, an implementation of ArticMine's new block size algorithm. I presume a multi sender tx works similar to multisig insofar as the senders have to exchange data before the transaction can be performed right? Yes. There are 2 SSL PRs. What's the diff? Theoretically this would also allow the sender to provide an output right? Which would be kind of similar to Bitcoin's P2EP The second one adds some things like selecting a cert by fingerprint. Yes. (for the first sentence) All right, awesome For anyone reading, this breaks the assumption of the inputs belonging to a single sender, which makes analysis more difficult Nice side-effect. Much work coming for the various wallets to support that rbrunner: Anything you'd like to share in the meeting btw? Yes, just a little info I have started to seriously investigate what it would mean to integrate Monero into OpenBazaar I have already talked with 2 of their devs, was very interesting In maybe 2 or 3 weeks I intend to write a report Too early to tell much more :) Soon^tm I guess :) Yep Currently wrestling with Go debugging whole new world moneromooo: Has pony recently shared any insights regarding the upcoming 0.14 release btw? No. All right I would love to see the tor & i2p PR's merged sooner rather than later so we can get more testing done. ^ +1 Isn't that famous early code freeze already on the horizon? fluffypony, luigi1111 ^ I suppose I could provide a little update regarding the GUI btw As always, lots of bug fixes and improvements :-P selsta has recently added a feature to support multi accounts dsc_ has revamped the wizard and will now start working on implementing the different modes and a white theme dsc_ is working fulltime on the GUI already? yes :) dsc_ is bae In light of the recent payment ID discussion, we've also, by default, disabled the option to add a payment ID unless the user explicitely activates the option on the settings page rehrar ^ nice I spoke about this yesterday at the coffee chat, this is not a good decision. How does it handle integrated addresses? The same way? rehrar ? For the next many months, we are still stuck with PAyment IDs in the ecosystem. Making it harder for people to access them will make Monero suck so hard to use for the average person for many months. i agree with rehrar Remove the option of Payment IDs when we remove Payment IDs rehrar: The new GUI release won't be live until probably mid march though Which is a few weeks in advance of the scheduled protocol upgrade Payment ID removal comes in October right, but Payment IDs are not removed in March Did we not have loose consensus on removing the old, unencrypted payment IDs in march? they are removed in October We had discussed a deprecation in March and a ban in October ok, then if we are going to do that, we have to commit to it and contact the exchanges like Binance that use them and get rid of them in the next few months (of unencrypted) Binance is huge, and if they still use them, then people will be very upset that they can't deposit or use Payment IDs easily I'm just speaking from a UX perspective. I thought it was unencrypted in April and possibly encrypted in October Yes I do agree Timeline and notes: https://github.com/monero-project/meta/issues/299 impossible to remove them for march, many exchanges still use them We can defer it to the 0.15 release if needed Well, that wasn't the impression for them log that I just read today This was all discussed in the earlier meeting linked above We have to force the ecosystem off of Payment IDs before we remove them from the UI, is all I'm saying Remove != make difficult to use ... or make them more difficult there, right? ping sgp_ sarang, I understand, and I agreed with you during that meeting. But then I started thinking of it as a UX person, which I am. And that huge massive problem leapt out at me i think making them difficult to generate is a good idea but making them difficult to consume and use is a bad idea well, maybe not a good idea, but a better idea ^ If we defer the decision to depriciate long payment IDs to october, won't we have the same issue then? The UI can gave an expandable payment ID field like MyMonero and we can still call it deprecated It is foolhardy to remove an option that the ecosystem uses. So I suggest we keep the Payment ID in the UI until October when they are completely banned. no dEBRYUNE, because they will be banned via consensus sgp_ imo it may be a misdirection of dev resources to add that since things are proceeding in the short term rather than long term but this is a relatively minor point Nothing matters til exchanges change All right The issue is that consensus will still have them in April, and exchanges won't upgrade because they are still allowed. Thus they must still be in the UI. endogenic these changes are already merged in the GUI to hide it like you do ok But when they are banned, exchanges are forced to upgrade or stop using Monero, so we can remove them safely because they won't be in use rehrar: that's a strong assumption sarang that they will upgrade? yes if they don't, then they can't use Monero If exchanges require pid, users need a way to set a pid. Making it hard for the user in the interim is just going to be a nightmare. we have decided to take our "stand" in October A way that is not too hard, then To be clear, we still intend to deprecate long encrypted payment IDs in April right? But no enforcement until October the term "deprecated" doesn't mean much if it's still allowed, and used in popular places yes, as far as I understand it jtgrassie, exactly True I suppose dEBRUYNE: we need to be more specific when talking about deprecation the person who suffers is the user There are two proposals for GUI deprecation: 1. Hide it in the send screen with a simple option to expand (currently merged iirc) 2. Hide it completely in the send screen unless users enable the field in advanced settings (PR'd but not merged yet iirc) What are the arguments for 2? Both are poor options, but 1 is better than 2 by a long shot Well the people who need to be made to "suffer" are the exchanges. And I don't see a way to make exchanges "suffer" other than by having their suffering customers complain to them constantly that they need to update. ^ CLI has something similar where users need to set a manual payment ID transfer mode. Not sure if it's merged yet the way to make the exchanges suffer is when we ban PIDs. They either upgrade or don't use Monero. exact;y Agree with rerahr here have exchanges been provided with clear, practical, sufficient technical upgrade plans for supporting what they're doing with PIDs but with subaddrs? Both are poor options, but 1 is better than 2 by a long shot <= I wouldn't call 1. a poor option. Have you actually checked how it looks? Because it states "Payment ID" and a user has to click on the + to expand the field endogenic: yes the email when out. Blog post coming soon, but contains the same info as the email also the exhcnages' users are often using wallets that don't support subaddresses ok great as well, it should be noted that the timeline for exchanges to upgrade is September, not October when the fork is. Which wallets are that? Rehrar: I don't see option 1. causing any issues/confusion i guess it doesnt matter too much if withdrawing as a personal user the main address should suffice Because September is when the new versions will be coming out without PIDs in the UI If there's opposition to 2, 1 is fine. We can still call it deprecated which is the optics we need anyway exchange users are often just using other exchanges lol. No wallets involved. dsc_ dEBRUYNE, ok, I trust you guys here then rbrunner: i was thinking mymonero last i heard Ok pigeons: rbrunner yes receiving on subaddresses won't be supported yet sending to them has been possible though and yes as learnandlurkin says often they withdraw to other systems like exhcnages that also dont yet support subaddresses I really can't come up with any good argument for 2. right now endogenic: seems not much of an issue then. Exchanges will typically support withdrawals to both subaddresses and plain addresses (especially if we are going to force them to use subaddresses) For deposits, MyMonero works properly if the user sends to a subaddress Actually the second solution was already merged: https://github.com/monero-project/monero-gui/pull/1866 Maybe not enough eyes watching :) The important thing is to have done something to justify having a big "DEPRECATED IN APRIL" stamp on PIDs to spook exchanges in the interim This was for solution 1: https://github.com/monero-project/monero-gui/pull/1855 The Monero Community Workgroup will start making noise everywhere we can to exchanges, and everywhere else that will listen. Try to get on those garbage news sites also. So everyone knows that deprecated in April, and banned in September Hey, for solution 1, write "Payment ID (optional, deprecated)" or similar there rbrunner: noted rehrar: probably wait until the blog post, but it should only be a few days Maybe a Reddit sticky post would be useful? With the blog post If people are over freaking out about the hashrate or terabyte blockchain :) sigh Any questions for the MRL side? Is someone checking ArticMine's block size changes for weird behaviour in some cases etc ?