• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

CloakSend 2.0 / PoSA - fake or legit?

Solely decoy. (Coded by XC dev)
XC? Hmm, and my guess was Molecule [MOL] dev - as one of Cloaks' test nodes is the seed node of Molecule...

upload_2014-8-10_20-41-13.png
 
hmm dev de(cloak)ed ? :p
Wow, it seems my analysis with reverse DNS lookups of coin seednodes is making circles...

--> https://bitcointa.lk/threads/ann-re...13-1-hour-approx.323691/page-695#post-7849600

<B> tested the IPs one by one until getting a hit on one of them

For those who are interested i wanted to answer this question:

I originally wanted to analyse the video proof of PoSA two weeks ago (see OP) and started off with their testnet explorer at http://testnet.cloakchain.info/chain/TestNet
I noticed that there is a "Nodes" link at the top which revealed the following entries at the time being.

dAx5j51.png


As i had no copy of their PoSA beta client, i wanted to connect the publicly available Cloak-wallet against this IP, but noticed that i didn't even know their testnet port. Thats why i ran a portscan against this IP

NDWrh9x.png


So ports 29663 and 29664 turned out to be p2p and rpc port of Cloak testnet. I then wanted to test if the RPC port is responding to telnet, and during that i noticed that the IP resolved to blocks.moleculecoin.com

upload_2014-8-10_20-41-13-png.335


I then looked up the original moleculecoin thread, and found that molecule is using ports p2p 11879 and rpc 18747 - of which the p2p port is reported open in the portscan on the above machine too.

So that's how i linked a machine named blocks.moleculecoin.com to a Cloak testnet client running on the same machine.

C69Fd62.png



EDIT: Original post on --> https://bitcointalk.org/index.php?topic=733909.0


oPL28wL.png&t=543&c=OLA2Yb_RMVYJ5Q
 
Last edited by a moderator:
What's the big deal about reusing an ip. I found an ip in the DRK node list that matches WEcoin node list. I personally find this even worse.

And why did I bother checking this because some dude started FUDing the cloak thread about this.


If this continues I'll spread it with screenshots. This is the ip: 54.248.227.151

flare: I appreciate your conclusion which are facts not accusations
 
I'm most curious to hear how "Block Escrow" doesn't completely defeat any notion of anonymity the coin forwarding had in the first place.

Interested to hear any opinions, analysis, etc.
 
  • Like
Reactions: jpr
It turns out PoSA is not trustles at the moment - basically what we already discussed here: PoSA nodes have to stay online, otherwise your tx gets stuck.

"A few days ago our auditor returned to us with some hard truths. We failed our audit on PoSA v1 and Block Escrow.
PoSA v1 is a fully anonymous system according to our audit, but it is not trustless. It requires the active participation of nodes involved in the transaction. If that participation ceases due to malicious activity or
even something benign like prolonged failed connectivity, the funds will be stuck in transit of the offline node until connectivity is regained and the node cooperates. The funds can’t be stolen, just stuck until the node cooperates. This is trust, like masternodes, and we don’t want it in our system."

--> http://cloaktalk.org/t/private-audit-cloakcoin-posa/243
 
I'm most curious to hear how "Block Escrow" doesn't completely defeat any notion of anonymity the coin forwarding had in the first place.

Interested to hear any opinions, analysis, etc.
They did their own analysis:

"Block Escrow was proposed to be the solution to this problem, but it failed the same audit for different reasons. Block Escrow is trustless by relying on the consensus of the CloakCoin network to process transactions, but this is not anonymous since it leaves a discernable transaction trail within the public ledger."

--> http://www.cloaktalk.org/t/private-audit-cloakcoin-posa/243
 
Back
Top