Privacy question on this use case?

Fairly new to Incognito but been researching a lot. Also not a coder and overly technical, but I have a question about any potential vulnerabilities on the following use case both now with V1 and soon with V2.

Scenario

1. Bob onramps fiat $ on a CEX (Coinbase, etc) buying USDC.
2. Sends USDC to a normal wallet first (just to keep CEX from seeing it’s going to Incognito)
3. Sends USDC from wallet to Incognito wallet.
4. Sends USDC from Incognito wallet to another external wallet or nonKYC CEX/DEX.

In that case, is there any non-private transaction history of the USDC that left the Incognito wallet OR any identifiable data that shows the wallet it left was the wallet the coins went into from the CEX in step 1?

Essentially, if assets go into Incognito and out externally… are they currently traceable to the same wallet or no?

Thank you in advance.

Depends – so yes and no.

1. Bob sends $472.81 USDC on Step 3, then withdraws that same balance 2 hours later on Step 4.

   • Analysis could easily link the two transactions due to the “unique” balance and short period between the two transactions.

2. Bob sends a “common” deposit of $300.00 USDC on Step 3, then withdraws that same balance 2 hours later on Step 4.

   • “Common” deposit here is highly subjective and depends on the prevelance of a given transactional amount at that time.
   • By using a “common” amount, Bob increases chances that someone else may withdraw the same amount during that 2 hour window.
   • If there are no other $300 USDC withdrawals, then analysis could reasonably connect both transactions.

3. Bob waits a longer period of two weeks between Step 3 and 4.

   • More time between deposit and withdrawal is better. This increases the likelihood of other transactions in the same amount.

4. Bob deposits $300 on Step 3 but withdraws his USDC in multiple transactions of different amounts than Step 3 – e.g. $150, $90 and $60 – the next day.

   • Bob sends each transaction to a previously unused address he controls.
   • Analysis will be much harder to link the transactions. However if these transactions are the only transactions in that 24 hour period and/or are closely spaced together, analysis could again link the transactions through their combined value.

5. Bob deposits $300 USDC on Step 3, then withdraws $150 on Step 4 after one day, $90 four days later and the final $60 one month later.

   • Analysis would be difficult to connect those three withdrawals (again, each to an unused address he controls) with the initial deposit.

6. Bob deposits $472.81 USDC on Step 3, trades for XMR and withdraws $472.81 XMR on Step 4 one day later.

   • Bob has complicated analysis by converting to a different asset. However since the amounts are unique & identical and close together, it is still potentially possible to connect the transactions by value.

7. Bob deposits $300 USDC on Step 3, trades for XMR and withdraws $300 XMR on Step 4 one day later.

   • As before, using a “common” transaction amount he increases chances another withdrawal transaction of the same amount occurs during the same period.

8. Bob deposits USDC on Step 3, trades for XMR and waits a week before withdrawing on Step 4.

   • As before, increasing the time between deposit and withdrawal, coupled with the asset conversion, dramatically improves Bob’s privacy and makes analysis difficult.

9. Bob deposits $300 USDC on Step 3, trades for XMR, and withdraws on Step 4 in three separate transactions of different amounts.

   • The deposit and withdrawal amounts are different and on different blockchains. However Bob is still relying on other transactions in his withdrawal asset to occur around/between his withdrawals. Any analysis to connect the transactions would be difficult.

10. Bob deposits $300 USDC on step 3, trades for $150 XMR, $90 LTC and $60 BNB. He withdraws the XMR after one day, the LTC after four days and the BNB after a month.

    • It is utterly difficult to link these transactions. Bob has used different deposit and withdrawal assets for every public transaction as well as waiting then staggering the days of withdrawal. Unless he is (foolishly) reusing addresses or addresses that are somehow connected to him via KYC (in the past or the future), it would prove difficult to show that the XMR, LTC and BNB transactions are linked to each other and to the original USDC transaction.

Brilliant response, thank you very much for this!

So it sounds like only a semi-sophisticated analysis using probability of timing and amount of withdrawals like this would track it.

Simple analysis though using addresses etc should not.

Seriously thank you for the thoroughness

Hey @Mike_Wagner…awesome response there bro…talk about being thorough…big kudos to you on the response thanks bro…

The main message is, Incognito is not a mixer, it was not developed for that purpose, but with creative transactions can be used like a mixer.

The idea is to create an environment WITHIN which people can perform transactions anonymously. The ideal world would be, everyone on this planet uses Incognito to transfer funds and trade. No one would have to worry about high fees and such.

That is for the future though, still some building to do.

I am sorry, I really don’t want to crash the party, but it is not honest by incognito to boast about their purported privacy features on Youtube etc. and only set the record straight here in the fineprint, in a forum’s sub-thread of a sub-threat that virtually nobody ever reads, that it’s not really private. You are giving people a false sense of security and that’s even worse than no privacy at all. Your saying that real privacy is not a goal for incognito is like saying “real privacy is too hard for us to achieve, so we deliver only semi-privacy without saying so and make the users look like idiots when they thought otherwise and finally find out when it’s too late”. Where is your ambition, incognito? Where are the project milestones to finally live up to your communicated company vision? There is simply no point in privacy only within the incognito ecosystem because eventually people will need to cash out one day to make use of their cryptos and then they will be exposed to exactly those snoopers which you claim you protect us from. If you are honest you admit, communicate and fix it.

Hi @Jaques,

We’re sorry for the bad experiences you encountered with Incognito.

We do not quite get what you mean by the false sense of security. Recently, we have introduced Privacy V2 with a lot of improvements. This helps enhance the privacy of a transaction in a greater way.

We are always trying to make Incognito robust. However, there are times when your privacy does not only depend on our efforts. As explained in many other posts, shielding/un-shielding processes are non-private by default. If you shielded an X amount of token A, and then immediately un-shielded a similar amount, then there’s a high chance that your transactions would be linked, no matter how hard we tried to enhance the protocol. @Mike_Wagner and @Jamie also gave a very clear explanation of this.

We’re not sure if you misunderstood anything, but what we claimed was the privacy within the Incognito ecosystem (as @Jamie mentioned above), not the privacy for other public blockchains like Bitcoin or Ethereum, because the nature of these blockchains does not allow us to do so.

Again, we are sorry for your bad experiences but we were very clear about what we offered, especially with the privacy aspect.

If it’s true that the mission of Incognito Network is to make privacy easy, then I think @Jaques makes a valid point above.

This project could be misleading folks that are not privacy savvy by giving them a false sense of security.

@Mike_Wagner has laid out some excellent ways that we can use Incognito to protect our privacy by manually adding transaction complexity. But for the average novice user, I do not seem them jumping through all those hoops. There is the risk that might just assume Incognito is safe and private by default.

So, this got me , could this be an opportunity for the Core Dev team to build in to the Incognito app some automation that adds in transaction complexity?

What if there was a process where by complexity (in other words, added privacy) could be “opted-in” by the user.

Users that want more privacy would pay a small additional fee in PRV for having complexity added. This would recoup development costs as more people use the feature it would also provide an easier way for novice privacy users.

Let me explain how this might work, bare with me this is a longish post…

The complexity of the transaction would only be added during the withdrawal of funds out of the Incognito Network as that is when amounts and destination addresses are recorded on the public blockchains (visible by ChainAnalysis software etc)

I envisage adding simple 5 step slider bar on the Withdrawal screen.

On the far left would be
“Low privacy, low complexity, fast transfer”
and on the far right,
“Highest privacy, high complexity, 3 weeks for final deposit”.

EXAMPLE:
Let’s say an Incognito user wishes to withdraw $500 worth of BTC to USDC wallet.

And the user wants Maximum privacy, so they slide the slider to the very far right.

Based on where slider lands, the level of complexity is determined and additional questions appear in the app (these are just my ideas for types of questions to add complexity)

1. Select which coin you want to use for intermediary mixer transaction (default: XMR)

2. Confirm the split amounts (default: 3 payouts 50%, 30% & 20% of total withdrawal amount) this aims to split up transaction into smaller differentiated amounts, however the amounts could be overrided with common denominations E.g. $300 + $150 + $50

3. Enter the 3 destination USDC wallet addresses. As Mike pointed out, it’s best to have different “never used” (virgin) addresses.

Once the above Metadata is entered, a chain of transaction events are created (like a smart contract) that carries out :-
A) mixing from source wallet (BTC) to XMR
B) splits the amount of XMR in to 3 different USDC parcels
C) Sends USDC to the 3 destination addresses on 3 different randomly selected dates within the 3 week period.

Important thing to note. Due to price fluctuations, the incognito app will need to lockup source BTC funds with some additional BTC to allows for price slippage in the price between BTC-XMR-USDC.

Also by locking up the BTC this will prevent the user from over spending BTC.

Once the 3 week period has passed the remaining balance is sent back to the BTC wallet once all transactions are completed successfully.

So, in a nutshell, the level of privacy would be determined by the user and the complexity of the transaction would be created by the Incognito App.

Sorry, I’m not a developer so I’m not sure if this is possible.

What’s are other’s thoughts on this idea? Feel free to add your thoughts and criticisms.

P.S. Thanks @Jared for bringing this post to my attention via a different thread comment that you answered.

I would like an explanation for this scenario:

1. Bob deposits $472.81 USDC on Step 3, trades for XMR and withdraws $472.81 XMR on Step 4 one day later.

• Bob has complicated analysis by converting to a different asset. However since the amounts are unique & identical and close together, it is still potentially possible to connect the transactions by value.

How could transactions be connected by values? the unshield does not show the values ​​in monero. and according to Privacy V.2 in “Incognito” the amounts in pDex are also hidden. Could you tell me how this scenario can happen?

This was written before Privacy v2.