if the exchange can be submitted to comply to any regulation, it means that it is a centralised exchange, not a decentralised one.

also another disclaimer, haveno reto aren’t accepting new seed nodes right now so feel free to save this one for later

good news that it’s already available: https://haveno-reto Decentralised Exchange P2P fiat to monero directly. I wrote some tutorials on how to use it, if you need help on that

seems OK to me currently

sorry for the late reply but yes, in a decentralised exchange you are revealing your info to an other peer, rather than to a centralised exchange (or subphoneable entity), that makes a huge difference

Hi, you no longer need to go through any other crypto nor any centralised exchange to get your monero. just transact P2P, fiat to monero directly, on the Haveno reto decentralised exchange https://haveno-reto.com/ i wrote guides on how to use it. Centralised exchanges may force you to KYC yourself, so screw them.

there’s also xmrbazaar.com too in the earn XMR section

small detail, centralised exchanges know how much monero went through them. for that particular account. If you KYC’d there, they know how much monero YOU bought or sold on their platform

they discard the decoys when they’re given the transactions of interest, this lets them know that this transaction they saw on their node actually comes from that subphoenable entity (centralised exchange), from there they have the list of transactions that went through and they can rule out the dandelion decoys. but otherwise they can’t.

I also mentionned that they are looking at the fee structure on their malicious nodes, hence my recommendation to use the default fees. not sure if they’re actually using the rest. (number of inputs and outputs ?)

there are other options out there yeah, to decentralize further i’d recommend them spinning up their own gitea. but if they can maintain their anonymity while using github, in the end both roads lead to rome.

if you run your own node, it means that the adversary needs to come and ask you directly to give you the details of who connected to the node. and if you keep Tor in between you and your own node, you’re maintaining anonymity aswell.

if others find your (remote) node its not changing anything, you’re making it available for them to use monero

but still they should run their own monero node to keep decentralizing further

as long as the reto owners are maintaining their anonymity while accessing github, it’s all good. (at least keeping Tor in between themselves and the git platform) and of course not kycing themselves through their actions

my pleasure ;) (if i missed anything, feel free to let me know btw)

by the way, check out my blogpost on that topic https://blog.nowhere.moe/opsec/chainalysisattempts/index.html, with my opsec recommendations

very nice, keep up the good work guys

TLDW :

1. do not trust random nodes, go and host your own (locally or not) -> to prevent them from logging ip addresses and to deanonymize on the IP level (attacking dandelion from what i understand ?)
2. if you do end up using a remote node, connect to it through tor to maintain anonymity
3. Stay off centralised exchanges, never KYC.

Nah that’s easy too. you need to make sure the developers use PGP keys to confirm their identity. https://blog.nowhere.moe/opsec/pgp/index.html + https://blog.nowhere.moe/opsec/whonixqemuvms/index.html

but yeah the idea is to have a Disaster recovery plan, kind of idea, totally makes sense.

it’s not complicated, make sure that anonymity is maintained for all developers (like they do all their work from inside a whonix VM let’s say), and that you have copies of all the important monero mirrors somewhere (on a gitea instance accessible via .onion or something similar), in case if monero gets the tornadocash treatment.

that way they can’t go after the developers’ freedom of speech, and even if they take the repositories down from github, the show can go on elsewhere.

i’ll pitch in to advise people if opsec is brought up

haveno is in early stages anyway, but yea the more noob friendly it becomes, the better. Something is “”“hard”“” to install when you do not explain how to install it properly.

Currently there’s a way to install it on every OS, that’s good enough for now. Also keep in mind that there aren’t 20 dedicated developers working on haveno fulltime, you can’t have everything at once with a small team of developers

thing is, OPSEC is not about giving some random advice without explaining why in the first place. every technical complication must be justified, to be taken seriously

they’re going one step at a time towards their goal : cashless CBDC society. watch them shrink the legal cash payment amount more and more from there