Meta-issues

In what has become a familiar pattern for anyone following our news feed, Monero community got red-faced angry at a mere proposition of me writing this guide, and are likely to do so now. You should be aware that if you provide intelligent criticism of Monero in any way (you don’t even need to be a Ryo supporter, /u/hapticpilot springs to mind) you will be accused by a sock-puppet of being my sock-puppet. The most glorious case was the now-deleted sock-puppet stipulating that actually I run the whole 5 man team of Ryo myself [ 1 ]. I won’t lie to you — being the boogeyman of reason is very satisfying.

Problems

As you might have heard, Ryo (and every other crypto-currency) is a p2p network. An essential feature of such a network is a list of potential peers to connect to. This obviously presents privacy problems:

1 — Every other Ryo daemon will be aware of your IP address.

2 — Your IP address will be tied to the transaction id (but not wallet address)

2A — Everyone on the network will potentially be able to do point 2.

2B — Your ISP will be potentially able to do point 2.

3 — In Monero, your IP address will be tied to your exchange account number (the long 64-character hex id), unless it uses integrated addresses. We fixed that in Ryo already by encrypting it, it will be live on the mainnet with the next fork.

3A — Everyone on the network will potentially be able to do point 3.

3B — Your ISP will be potentially able to do point 3.

4 — Your ISP will be aware that you are using Ryo

Beware of a dangerous white elephant in Monero (openalias)

You might have never heard of this feature as, thankfully, it is only used by some core team members, however Monero supports DNSSEC resolution of addresses. In practice this means if you mistype the address by putting a “.” character anywhere, you will broadcast your intent to send to that address to the whole Internet [ 2 ] since it will try to resolve the mist-typed address and query the root DNS servers. Obviously if you use that feature, that will happen too, but I don’t think anyone does that.

This can additionally be escalated into IP reveal exploit. My donation wallet is:

4581HhZkQHgZrZjKeCfCJxZff9E3xCgHGF25zABZz7oR71TnbbgiS7sK9jveE6Dx6uMs2LwszDuvQJgRZQotdpHt1fTdDhk

If I register a domain as:

4581HhZkQHgZrZjKeCfCJxZff9E3xCgHGF25zABZz7oR71TnbbgiS7sK9jveE6Dx6uMs2LwszDuvQJgRZQotdpHt1fTdD.hk

User’s DNS server (for majority of home users that will be the router) will query my DNS server for wallet information. Gocha.

For the above reasons we ripped out this “feature” in Ryo long ago.

Solutions

As with everything in security, the major question is — how much convenience are you prepared to sacrifice to achieve the security level that you want? I will list solutions from the least to most private:

Use “remote daemon only” option in our GUI

Addresses issues: 1, 2A, 3A

Pros:

Very simple

Cons:

You need to trust the remote node not to pass on 2A and 3A information

Remote nodes are almost always overloaded

That one is really simple. Just select the option, but be prepared for some slow running-code.

Use VPN + “local daemon only”

Addresses issues: 1, 2A, 2B, 3A, 3B

Pros:

Most private GUI method

Cons:

You shifted the trust from your ISP (that’s usually required by law to spy on you), to a VPN provider (that might spy on you)

Daemon uses a lot of bandwidth so it might be expensive

We are still in the department of easy solutions, and this one is pretty good as long as you trust your VPN provider. Simply follow your VPN’s setup guide and make sure your VPN has no DNS leaks.

Use Whonix for a totally private — “I never used Ryo guv’nor” setup

Addressed issues 1, 2A, 2B, 3A, 3B, 4

Pros:

Unless the VM container is found unencrypted, it is impossible to prove you even used Ryo in the first place.

Free

Cons:

You will need to learn how to use Linux command line

Tor is not very fast

This one is much more difficult, but also much more private.

1) Download Whonix CLI VM images — https://www.whonix.org/wiki/VirtualBox/CLI

2) Follow the setup guide for VirtualBox for your OS

3) (optional) Click File/Preferences in VirtualBox and change the default location to an encrypted volume — it needs to be large enough to easily fit the blockchain

4) Double click the images to import them.

5) Run Gateway VM, log in as root, run through the Tor setup

6) Once you get to the CLI, run

apt update && apt upgrade

7) Right click Workstation VM, Settings/System, increase the memory to 8192 MB

8) Run Workstation VM, log in as root

9) Run

apt update && apt upgrade

10) Run

apt install build-essential cmake pkg-config libboost-all-dev libssl-dev libzmq3-dev libsodium-dev libunbound-dev git screen

11) Log out Workstation root

12) Log in Workstation user

13) Run

git clone https://github.com/ryo-currency/ryo-currency.git

13) Run

cd ryo-currency && make -j4

14) When the binaries are compiled, run

mv build/release/bin/* .. && cd ..

15) You now have Ryo binaries in your user’s home directory

16) To run ryod use

screen -dmS ryo ./ryod — p2p-bind-ip 127.0.0.1 — no-igd –hide-my-port

17) First time it will take 4–6 hours to download the blockchain, to watch ryod use “screen -r” to exit press “ctrl+a then d”

18) When ryod is synced — create wallet or restore from seed using “./ryo-wallet-cli” with the right options

Closing statement

Due to the p2p nature of crypto-currencies, removing all traces that you are using the network takes some effort. One of our main goals at Ryo is to improve security for average users by giving them both knowledge and tools to navigate any issues.