the difference goes to the miners exactly for the fact wo don't want any change address! (you could have also send 20.8 instead so you wont sponsor the miners)
Ok that's the key element I was missing, that basically there are no change addresses (although if 0.1 is the minimum that means every anonymous payment you make will incur an additional cost of as much as $0.51 at present, presumably this lower bound will decrease in future).
BlockaFett: now's the time you do a little happy dance and write lots of bold text about how one of my conclusions was incorrect. You can even call it "BS" and say that I "don't understand anything" if it'll help you with your self-esteem problems:)
yes its right there could be a fee of up to 0.00999999 DRK/DASH ~ 51 cents right now.
But i don't see that as a problem, if price goes up, its no problem to adjust the lowest denomination to 0.01 or 0.001 ...
And if you do not want to "support" the network with that 51 cent miners fee, you could also adjust the amount you send, to a "denominational" amount, so you'll give it as tip to whoever you pay. (Ofc you can't do this if the reciever handles the transaction automatically and he needs the amount to be exactly what he stated)
So to put that in laymens terms: darksend is fine for usage in darkmarkets after all and fluffpony agrees?
I wouldn't conclude that
But i would say, yes for me thats enough anonymity, in the end everything is "exploitable" its just a question of "costs", like fluffypony said - yes you need more power then in the whole universe so for now thats not possible, but you cant know whats there in the future, and you can't know if the attacker got lucky and just needs 1 min, because he was lucky. (I hope i don't misqoute fluffypony here, but i interpret this that way.)
Cryptographic negligibility has a very specific meaning. Something like a one-way hash function can still be attacked (ie. the original value corresponding to the hashed value can be determined), but it would typically take more power than in the universe to brute-force it. We normally state negligibility on the basis of a computationally bounded adversary, that is to say an adversary who has access to a reasonable amount of processing power regardless of the cost or speciality of the equipment required.
So you can calculate the security of your darksend by yourself with a few assumption you have to take (because you cant know) like
darksend with 50 rounds, masternode network has 2000 masternodes, and i assume for me in worst case 1500 of these are bad actors.
So i got something like:
(1500/2000)^50 = 0.000005 => its a chance of 1 : 1750000 that a bad actor (with 1500 of 2000 MN) statistically can observe my mixing.
For me thats enough secure to say its anonym. But for some it may be not enough, because they cant know if there and how many bad actors are in the net. so if all 2000 out of 2000 are bad actors, you can be sure it won't be anonym anymore. (I think thats the point im reading about MNs are not trustless, because you can't know if they save the darksend or not - but thats not my view of it)