Re: [ANN][DASH] Dash (dash.org) | First Self-Funding Self-Governing Crypto Currency
...You are right...
I know.
It's just hard for the Dash guys around here to accept there is simple security flaw. It just took few posts to expose it.
The main defense is 'we wouldn't host our services with just anyone that could harm us.' You already have. LOL. 'You created a system of 4,000 nodes that route through a handful of service providers that you need to trust.'
So what are we going to do about this issue? This is how things get stronger. Find an issue > then fix it.
edit
Is there a chart of how many nodes are hosted on different VPSs? Chaeplin used to produce a chart.
http://178.254.23.111/~pub/Dash/Dash_Info.html
The "cheap VPS" attack is limited in several important ways.
a) People are lazy. We can't even get more than about 20-30% of masternode owners to vote, let alone spend several hours moving masternodes to a different VPS. Additionally, when you change VPS providers you go to the back of the payment queue, which saps part of your financial incentive right there.
b) Referring back to the document that was linked earlier (https://www.dash.org/wp-content/uploads/2015/04/Dash-WhitepaperV1.pdf), someone who controlled (or snooped on) 50% of all masternodes would have a 25% chance of deanonymizing a 2 round PrivateSend transaction, a 6.25% chance of deanonymizing a 4 round PrivateSend transaction, and a 0.39% chance of deanonymizing an 8 round PrivateSend transaction.
tl;dr If you were able to overcome people's general laziness and get 50% of the network to switch to your too-good-to-be-true-cheap VPS, you'd have a 0.39% chance of deanonymizing an 8 round PrivateSend.