Private-by-default is semi-dishonest. Many tx on Monero are owned by a few entities that are friendly with LE or may get hacked. Thus all those exchange tx or payment gateway tx that are on the blockchain are in practice transparent to the right people or with time. With Monero they give you a false sense of security with ZCash they are open that those tx are not going to help you.
[ShapeShift does 7-15% at least of Monero tx. Add in BitFinex Binance CoinPayments and some others and where we at?]
On 2: Monero is almost the same. ShapeShift does 7-15% of all tx at least. How many transactions are actually private after you consider hacks or LE warrants? Those TX are what you depend on to get false spends.
On 3: How many people must agree in order to change something in Monero such as HF parameters like ringsize? There is not a single company but it looks [to an outsider like me] as a similar position.
I chose Monero too for similar reasons inc ZCash people openly saying they support backdoors for LE [but promising ZCash would never have them]. And taking 20% of block reward and not doing anything useful with it [for millions I expect really polished clients and some quick upgrades].
But the low ringsize is weak [hence going from 3 to 5 to now 7]. All ring members are not equal to n^k is very naive. Fee, ringsize, payment ID, in/out count are all metadata that distinguish on-blockchain. Let alone off-blockchain such as keys being hacked/warranted.
Given this and Monero's lack of disclaimer or warning at all about how to use it safely... a paranoid person might suspect ill-motives. [Consider: MyMonero, the Monero 'lead' Web Wallet, goes out of its way to suggest users use a few higher ringsizes to get better privacy, when we know this makes their TX stand out. This is something that presumably he could change with 1 or 2 lines of code but has not.]
>On 2: ...How many transactions are actually private after you consider hacks or LE warrants?
That's actually a difficult question. I won't try to estimate here. But IIRC something like 95% of ZCash tx are non-private by user opt in, and the remaining 5% are also vulnerable to things like warrants at the exchange and timing attacks. So the bar is set really low for Monero to have the best anonymity set of all privacy tokens.
>On 3: How many people must agree in order to change something in Monero such as HF parameters like ringsize? There is not a single company but it looks [to an outsider like me] as a similar position.
I think Monero is in a similar-but-better position. True the core team can be compromised and true the core team is more powerful than others. But I view this as a necessary centralization to get the ball rolling. I want the Monero core team to eventually be more hands off. Spagini's "I'm not a CEO" statement inspires confidence.
>But the low ringsize is weak [hence going from 3 to 5 to now 7].
can't wait for bulletproofs!
>All ring members are not equal to n^k is very naive.
I was intentionally very cautious with my words here. What I actually said was "Over the course of k steps the possible transaction history might be in any of n^k states". I did not say that all n^k states are equally likely. The actual amount of entropy in the Monero blockchain is much harder to explain/estimate so I used n^k as an upper bound.
>and the remaining 5% are also vulnerable to things like warrants at the exchange and timing attacks
I was under the impression that no exchanges handle shielded transactions. What do you mean by timing? I would assume you go t-z-t and leave it quite a while as shielded.
>can't wait for bulletproofs!
Bulletproofs do not help verification time which is why we have low ring size. Going from 5 to 21 ringsize only increases size 8%. 15 is even less, a reasonable compromise on size. There is an unspecified perf target that must be met on verification.
Because the decoy selection is not part of protocol not everyone is doing it. Some exchanges have increased ringsize but kept old selection system. Not to mention that exchanges make up a large bulk of Monero TX and hence are one warrant/hack away from killing a bunch of decoys anyways.
Monero would gain credibility if it took a conservative approach to ringsize then used research to lower the ringsize. Instead we get no justification for ringsize saying there is no research that shows an increase needed. This is the opposite way of how security is approached. Indeed: The only MRL statement I know of on churn is that it does not work.
I appreciate the work you do and MRL overall. But without practical examination of real-world threats it feels a bit empty. And Monero team refusal to provide any sort of disclaimer at all really undermines the sincerity.
Trusted setup only compromises the supply integrity not privacy. I am not a fan of Zooko or the Green comments on backdoors and LE but do not misrepresent trusted setup.
Conveniently, it's impossible to audit whether more coins are being minted right now to add to the developer tax already imposed on block rewards.
Don't think I misrepresented trusted setup--only warning others about the reputation of Zcash. Anonymity for some can be a critical issue, so I don't think everyone can afford to wait for "proof of backdoor" before making their decision.
By the way, the backdoor comments are taken out of context in a very inaccurate way.
For Zooko's, literally the next tweet explains that he means for transfers in and out of fiat.
"And by the way, I think we can successfully make Zcash too traceable for criminals like WannaCry, but still completely private & fungible. …
… At least for as long as criminals want to cash out to fiat (years? decades?). …
"[0]
Since conversions to fiat are done via exchanges, which are regulated, it's pretty simple. This applies to Monero,Dash, etc.
Matt's, which he has pointed out before[0], was a point that it was possible, which is true for any system. If you follow the general debate on adding backdoors to encryption, you'll know he and almost all cryptographers are completely against them.
Its fine not to be a fan of them or think people should never admit even the conceptual possibility of limitations on privacy but neither quote was endorsing backdoors.
>Since conversions to fiat are done via exchanges, which are regulated, it's pretty simple.
There are plenty of decentralized exchanges (Bisq supports Monero) and OTC trading websites such as LocalMonero. It would make no sense for a criminal to cash out using a centralized exchange that likely requires KYC?
>This was a well-known design choice where the user could balance between transaction size and privacy--people who preferred faster/cheaper transactions chose to sacrifice untraceability. Nowadays, the default option enforces higher untraceability.
This has always been wrong and it is wrong on the face. Your privacy does NOT depend on your ring-size. That is only for backward-tracing. For forwards tracing [more common: you have bad money and want to turn it anonymous so it is good] you rely on other people on the network false-spending your money.
Between the low ringsize [3, now 5, soon 7] and the fact that a good double-digit % of network is owned by LE-accessible entities [ShapeShift does at least 7-15% of tx].
Even with these papers Monero refuses to provide any sort of disclaimer that transactions may be traceable despite readily admitting you must do churn over time to gain privacy. Monero deserves a lot of criticism even if ZCash is worse in some ways.
Monero has some real issues! These papers are OK but I am not sure if they focus on current practical issues:
Main issue: Ringsize is small. Used to be 3 [why??] got bumped to 5 because 3 is obviously useless. Now getting bumped to 7. The team is taking a very aggressive approach here. Aggressive approaches with security tend not to work. They should be conservative and set the ringsize high then back off later once they have done the research to support a small ringsize.
Users cannot just increase their ringsize. Doing so makes their transactions stick out: different metadata. If you always use, example, ringsize 21: then your tx look different on-blockchain. Despite this, BOTH wallets in common use have features that encourage users to make this mistake. It is like sabotage. The official GUI provides a slider that goes to 26 and says more privacy [you see a good number of of ringsize 26 tx]. The 'official' Web Wallet run by the Monero lead offers a 4-setting: 5 [default], 11 21 & 41. You see a good number of 11 21 41 ringsize tx because of this.
It has been known for a long time that picking and forcing one ringsize is a good idea yet both wallets insist on encouraging the user to mess up. Not good. No warnings in the wallet, either. We need higher ringsize because the privacy of your transaction going forward depends on other users picking your output as a decoy in their own rings.
Now the small ringsize is made worse by the fact that a single entity, ShapeShift.io, runs 7-15% at least of the network by tx volume! That means with one hack or warrant an attacker will be able to eliminate many fake decoys from other tx rings! How much will a few other exchanges or payment processors make up of the network? 50%? More? Despite this the ringsize stays very small.
The response to all this is 'churn'. This is sending coins to yourself [looks same as sending to other people] so that you obfuscate the connection over time. But despite that this is a core feature of Monero they have provided zero research zero guide on how to do so. They spend money and time researching fancy new maths and this is great. Yet the core functionality to answer the question: How anonymous am I, how mixed in am I, this remains unanswered.
Despite this they refuse to provide any sort of disclaimer. Contrast to Tor Project which makes a big deal of telling users they can hurt themselves and Tor is not some magic. In comparison Monero just claims untraceable & private with no caveat whatsoever. This is irresponsible & reckless, damaging to users and not justified. Only when users start thinking and asking questions are they told oh of course you need to churn but no one knows what this is.
That is the core issue. Other issues:
1. Unencrypted transactions. Your ISP or NSA may easily monitor which tx you broadcast. This let them link your IP to a tx as well as link your tx across time. Even though HTTP is used thus adding TLS [unauthenticated but at least preventing passive snooping] would be an obvious step. On the other hand... traffic analysis might break this anyway. Tor is needed to really protect but see below.
2. Wallet leaks information. When connecting, it requests block info from the last block it has. This allows tracking that user over time. The obvious solution of having the wallet always request fixed number of blocks back in history is not implemented. This is simple engineering fixing, not fancy math.
3. The height leak is very damaging for users attempting to churn. In that case they connect, sync, broadcast, disconnect, repeat. Every time they connect they are indicating approximately where they left off. This means when they broadcast again ... one only need to look at the tx to see if there is a ring member near where the wallet connected. If so, you have linked TX.
4. The wallet will ask to confirm transactions sometimes... AFTER it has send the ring to the remote node! If you cancel tx then try again, you have sent 2 rings to the remote node but in each ring the real input is the same. Congrats, tx linked or ownership of output now shown.
5. Wallet and network does not support Tor. Despite using HTTP they do not have proxy support. On Linux they suggest hooking syscall to force proxy [torsocks]. On Windows they scorn users and tell them to use Linux. At the Monero network level only IP addresses are accepted meaning we cannot have Tor-to-Tor.
6. Tor is downplayed because they are writing-from-scratch a new I2P implementation in C++ named Kovri. Instead of using Tor today they provide no sort of IP hiding while everyone must wait for a new I2P impl. This is bad engineering and means few people can properly submit tx over Tor.
7. All TX are not the same. There is no solution to joining bad outputs. When you make a multi-in transaction you provide strong linkage if an attacker knows or suspects multiple outputs are yours. Example: you accept donations or are a darknet dealer. Attacker sends many small outputs to you. Attacker will know when you make a move because they will see a multi-input transaction containing one of their known outputs in each ring. This is useful for LE: send small money then know when money is moved. From that point trace forward and see if descendants of that TX end up at known exchange. Now you have a short list of suspects.
8. A lot of metadata per TX. Each TX can have a payment ID [old style], payment ID [new style] or none. Each tx has a fee, and fee is one of 4 levels [0.25x, 1x, and 2 large x]. But the default is 1x. This encourages smart or big users to change from default to 0.25x to save money. But now their tx look different from common users. Exchanges in particular may do this.
9. Probably other things I am not thinking off of the top of my head.
In short I think that Monero practical privacy for users that have something to hide [darknet] and may find themselves against a LEA might find themselves in a bad position. Compounding this is Monero's total refusal to warn users and provide self-sabotaging options. A Tor-style warning is absolutely required given the state of things. More paranoid people might think the lack of warning and some of these issues are intentional.
Edit: I still support Monero and think it is the best project. Despite ZCash looking better on paper the team makes me nervous and I avoid it. [Their wallet software is even worse despite them having many millions to fix it] ... I just want Monero stronger as it will help our users overall and that is good for my business.
> Main issue: Ringsize is small. Used to be 3 [why??] got bumped to 5 because 3 is obviously useless. Now getting bumped to 7. The team is taking a very aggressive approach here. Aggressive approaches with security tend not to work. They should be conservative and set the ringsize high then back off later once they have done the research to support a small ringsize.
This is a balancing act. Will the anonymity set actually lower if transaction fees double?
> Despite this they refuse to provide any sort of disclaimer. Contrast to Tor Project which makes a big deal of telling users they can hurt themselves and Tor is not some magic. In comparison Monero just claims untraceable & private with no caveat whatsoever. This is irresponsible & reckless, damaging to users and not justified. Only when users start thinking and asking questions are they told oh of course you need to churn but no one knows what this is.
> The response to all this is 'churn'. This is sending coins to yourself [looks same as sending to other people] so that you obfuscate the connection over time. But despite that this is a core feature of Monero they have provided zero research zero guide on how to do so. They spend money and time researching fancy new maths and this is great. Yet the core functionality to answer the question: How anonymous am I, how mixed in am I, this remains unanswered.
> Despite this they refuse to provide any sort of disclaimer. Contrast to Tor Project which makes a big deal of telling users they can hurt themselves and Tor is not some magic. In comparison Monero just claims untraceable & private with no caveat whatsoever. This is irresponsible & reckless, damaging to users and not justified. Only when users start thinking and asking questions are they told oh of course you need to churn but no one knows what this is.
I think thus is a fair concern, but no one has "refuse[d] to provide any sort of disclaimer." I think it's totally fair to write one up. Add it to a certain portion of the website.
For churning, research has been ongoing. Specifically for EAE scenarios.
> 1. Unencrypted transactions. Your ISP or NSA may easily monitor which tx you broadcast. This let them link your IP to a tx as well as link your tx across time. Even though HTTP is used thus adding TLS [unauthenticated but at least preventing passive snooping] would be an obvious step. On the other hand... traffic analysis might break this anyway. Tor is needed to really protect but see below.
Kovri will include encrypted connections. Monero community members have never claimed to provide IP protection in the current state. If you are currently worried, use a public hotspot somewhere.
> 2. Wallet leaks information. When connecting, it requests block info from the last block it has. This allows tracking that user over time. The obvious solution of having the wallet always request fixed number of blocks back in history is not implemented. This is simple engineering fixing, not fancy math.
This is an issue with remote nodes only. This can be mitigated at a cost of efficiency, and even if mitigated, it can still be relatively traceable if enough connections are made. If you are concerned about this risk, use your own node. There will always be privacy loss when using someone else's copy of the blockchain.
> 3. The height leak is very damaging for users attempting to churn. In that case they connect, sync, broadcast, disconnect, repeat. Every time they connect they are indicating approximately where they left off. This means when they broadcast again ... one only need to look at the tx to see if there is a ring member near where the wallet connected. If so, you have linked TX.
I argue that churning is absolutely outside the scope of users who are using remote nodes. It's extremely unlikely an advanced user who cares about their privacy will make a fundamental mistake in trusting someone else's node. This is outside the scope of protections. Just run your own node if your threat model even considers churning.
> 4. The wallet will ask to confirm transactions sometimes... AFTER it has send the ring to the remote node! If you cancel tx then try again, you have sent 2 rings to the remote node but in each ring the real input is the same. Congrats, tx linked or ownership of output now shown.
This was disclosed in HackerOne and has been patched.
> 5. Wallet and network does not support Tor. Despite using HTTP they do not have proxy support. On Linux they suggest hooking syscall to force proxy [torsocks]. On Windows they scorn users and tell them to use Linux. At the Monero network level only IP addresses are accepted meaning we cannot have Tor-to-Tor.
Little effort has gone into this since the support is being designed for I2P.
> 6. Tor is downplayed because they are writing-from-scratch a new I2P implementation in C++ named Kovri. Instead of using Tor today they provide no sort of IP hiding while everyone must wait for a new I2P impl. This is bad engineering and means few people can properly submit tx over Tor.
There are other considerations when submitting transactions over Tor. I'm not an expert here, but fluffypony has been critical of this approach in the past.
> 7. All TX are not the same. There is no solution to joining bad outputs. When you make a multi-in transaction you provide strong linkage if an attacker knows or suspects multiple outputs are yours. Example: you accept donations or are a darknet dealer. Attacker sends many small outputs to you. Attacker will know when you make a move because they will see a multi-input transaction containing one of their known outputs in each ring. This is useful for LE: send small money then know when money is moved. From that point trace forward and see if descendants of that TX end up at known exchange. Now you have a short list of suspects.
Each output is used in several transactions. While it does not completely mitigate the risk you describe, it means there is at least some plausible deniability in practice. If you are in a situation with a significant number of outputs, you definitely should not simply send a transaction with these to an exchange or similar.
> 8. A lot of metadata per TX. Each TX can have a payment ID [old style], payment ID [new style] or none. Each tx has a fee, and fee is one of 4 levels [0.25x, 1x, and 2 large x]. But the default is 1x. This encourages smart or big users to change from default to 0.25x to save money. But now their tx look different from common users. Exchanges in particular may do this.
There will always be some metadata, but based on how the system works, there will always need to have the fee. The multiplier is set to be more automatic in the latest version. The payment ID metadata has been improved to be encrypted, and to encourage use for all transactions with integrated addresses. Metadata for these two items is the least of our concerns since there is still a pretty large entropy set for normal situations, but of course there could be improvements.
> 9. Probably other things I am not thinking off of the top of my head.
Me too :) Key image reuse attacks seemed to come out of nowhere, and we needed to respond to them.
> In short I think that Monero practical privacy for users that have something to hide [darknet] and may find themselves against a LEA might find themselves in a bad position. Compounding this is Monero's total refusal to warn users and provide self-sabotaging options. A Tor-style warning is absolutely required given the state of things. More paranoid people might think the lack of warning and some of these issues are intentional.
I disagree with your tone here. Here I am, a community member, agreeing with many of your criticisms. The idea of a better warning guide has been discussed for quite some time, and I believe it has been relatively strongly received. If you were to start a project on Taiga to get this started I'm sure many people would respect you.
The best summary I can say is this: Monero is a tool that can provide significant privacy under a variety of use-cases. If your use-case is hiding your wallet balance and transactions from merchants, ad agencies, and most attackers, you can use Monero with little to no significant consideration for your privacy. If you are worried about colluding KYC exchanges, governments, and motivated attempts to target you specifically by powerful attackers, then the use-case for Monero needs to be better-defined. Monero will preserve privacy under some situations better than others. Given that it is relatively hard to understand, Monero will need to use a mix of education and default/mandatory functionality to encourage the correct behavior.
Thanks for being informed about some of the limitations! I highly appreciate having these conversations, and I look forward to working with you to improve Monero.
We cannot launch our project too soon [details in profile]. We will do what we can to prevent trafficking: asking for ID and verifying they have an escorting presence is a good start. Analytics to look at payment flow and see if one entity is controlling multiple escorts is another.
Asking for ID and verifying they have an escorting presence, but what if they don't meet your bar? What will you do if you suspect someone is a victim of sex trafficking? Your business model is "extra judiciary" so ... what does that mean for the sex trafficking victims you will invariably come in contact with? How are you specifically planning to change an industry that exploits people?
If they do not meet our bar then they will not be able to join for now. Over time we will increase our methods to verify escorts.
If we feel someone is not operating under their own agency we will disable their account.
Will this fix everything? No. But it is an improvement over existing systems. And we are open to suggestions. If there is broad user/community consensus on how we should handle some scenarios then we can implement those ideas. The critical part of being extrajurisdictional is that we are not compelled to take a specific approach therefore allowing us ethics over legality.
PinkDate is an extrajurisdictional company that will dramatically improve the escorting [sex work] industry. We depend on privacy and anonymity tech, including Monero [XMR]. Monero has lofty goals and powerful privacy claims that fall short in actual operation.
As an example: All network communications are unencrypted which allows a passive adversary to easily de-anonymize many transactions. Instead: Monero should be encrypted and easily integrate with Tor to hide user activity.
Contract 1: We desire an engineer to contribute to the Monero open source project. This includes adding encryption between nodes, reducing wallet metadata leakage, and integrating Tor into both the client [easy] and the node software [more challenging].
Contract 2: We need someone to write a simulator and improve blockchain explorer tools to determine how well Monero's privacy claims truly hold up. To-date there is no public research on fundamental aspect of Monero. We want to be able to have answers to the questions of how private a user becomes when using Monero. How often must a user send money to themselves [churn] to effectively hide among X users? We want to make proposals to change the Monero network parameters to improve privacy and have the evidence to make the case.
All work will be published openly and you can take the credit with a note that PinkDate is the sponsor. You should be comfortable engaging with community and defending design decisions and research.
Note: PinkDate is an extrajurisdictional company and pays contractors in cryptocurrencies as a transfer mechanism. We price contracts in USD.
If you like the idea of working on an underground project: We often have contracts or positions available in legal, security, [counter]intelligence, devops and general software engineering. Drop me a line: brad@pinkdate.is
From what I remember, those rely on some older aspects of Monero no longer present. But more importantly, they do not provide positive guidance on exactly how much mixing [churn] with what ring-sizes are needed to achieve a certain anonymity set size. Monero project itself has no statements on these key issues [except for a sentence in one of their updates stating that churning is not sufficient].
The research you linked does illustrate some problems. And Monero's reaction, to not include any disclaimers, to continue saying it is private and untraceable... misleads users.
While Monero is the most popular privacy coin, there are others, based on Zerocoin and Zerocash protocols, which are supposed to be easier to deal with, because they are based on Bitcoin core.
That is almost certainly how many people will view it, and is the reason why we are set-up as an extrajurisdictional company: it will make enforcement very difficult.
> I'm pretty sure a lot of this is illegal in many of the countries you plan to operate in.
Which may also may make soliciting people to work on it (or hosting such solicitations) illegal in many jurisdictions, potentially including the one HN operates in.
Our ICO is really an IPO. We are selling shares in our company (unregulated security). We have a real business model, good fundamentals. And before the full ICO, we will have a working service.
Cryptocurrency allows us to avoid capital and other controls to fund a venture which would be impossible to fund otherwise.
But most ICOs are blatant scams trying to justify their useless tokens, Kodak included.
So you’re adding financial crimes to the set of things you’re doing to found your company? Selling securities is a HUGE deal with tons of complex and subtle laws governing it. This isn’t because “governments are stupid” it’s because fraud in the sale of securities is so easy and such a problem. In the US it’s actually the state attorneys general and state regulators who are the most focused on this sort of thing, though the federal government also gets involved. Your jurisdiction maybe be different but this stuff carries across borders. Please, do yourself an incredibly important favor. Run, do not walk, to the nearest large law firm and tell them you’re interested in their services. Then listen to them. It will be expensive but cheaper than being prosecuted for securities fraud, which will happen because it’s a much easier way for the government to shut your company down than going through the front door. Oh, and when the word fraud is tacked onto a corporate indictment, as a good rule of thumb it means the corporate veil is peirced and they can go after your personal assets as well, not just the company’s assets. What you’re doing is a really bad idea unless you have a top law firm behind you telling you it’s ok (and even then you need to be following their instructions to the letter).
P.s. if you get the securities regulatory stuff wrong, even if the governments don’t go after you your investors have almost perfect leverage to force you out of business at any time they wish, turning that 5% investor into a 51% controlling interest, simply because you screwed up your securities offering.
We have consulted with lawyers. None of them are going to give the go-ahead on this project.
Quote from one of them: There is no such things as extrajurisdictional, unless you're on the moon. My reply: If our opsec is good, we may as well be. Tor's latency even makes it feel like being in space.
If our opsec fails and I am unmasked, I will be unhappy at being caught. Successors will recover the system from backup keys and continue on. Small comfort.
You will look back on the decision to do this with regret. I understand you can’t see that now. I’m genuinely sorry for you.
P.s. if you did talk to lawyers about this, your “opsec” is probably already blown or partially blown. Attorney-Client privileges only click in if you’re their client, which you aren’t. They will remember you and connect the dots if and when the time comes for anyone to care who you are.
It certainly is a possibility. I am acutely aware of it every day. It is incredibly high stress. That is why our core team desires to hire people to run the business day-to-day, so we minimize our exposure online and hence reduce possibilities of making opsec mistakes.
Communicating with a lawyer anonymously is not much more difficult than communicating with someone on HN anonymously.
Yes I sure hope that before you sell shares of your company you have some product. Why is this even impressive?
Do I get to vote? Do I get dividends? I'm personally a big fan of securities regulation. Are you going to have open financials and reporting? Why is this better?
I am pointing out that not all ICOs are pure-product-free-plays.
Voting, we are uncertain how that would work but very much open to it. Dividends, yes, that is the entire point of us selling equity. This is considerably better than what you get from some publicly traded companies these days!
Open financials: We will have a certificate-transparency-style audit-log of our revenue and we will release limited financials and can discuss concerns if the revenue numbers and profits are too far apart.
This is better because before anonymity tech and cryptocurrencies...It was very difficult to invest in or even run a global escorting platform. This is due to the laws in many countries that we can now work-around. And investors can participate while maintaining their complete privacy. This is difficult with traditional government-regulated equities.
This. At my company, we want a way to show investors our actual revenue numbers in an auditable manner, trustless. This is because we are extrajurisdictional and have high opsec concerns and cannot simply hire an accounting firm to give us an OK.
Hence we shall issue signed receipts to all clients and providers then setup a system to pay out a large bounty if someone can produce a signed receipt not in our weekly-published-log. We'll automate the bounty, but perhaps a third party will also offer a validator. We will not even need Postgres for it, just nginx and a filesystem.
But that is not interesting enough by itself, and mentioning digital signatures just confuses people more. So we call it a Single-Issuer-Blockchain: Now people instantly get the idea.
[ShapeShift does 7-15% at least of Monero tx. Add in BitFinex Binance CoinPayments and some others and where we at?]