[ANNOUNCEMENT] XMRMatters Mainnet Launching June 14th — Architecture & Protocol Changelog

@xmrmatters i appreciate you taking the time to reply, despite the gentle bullying

but a similar concern was already raised over there in post #10:
https://monero.forum/thread/monerousd-stablecoin-fcmp-privacy

and that attack vector is already being explored by adversaries

which the model of a centralized localmonero alternative, in the hands of an adversary can indeed be an attack vector for monero / monero ecosystem here as well, that's the concerns that was being raised here

Great point. However. No admins, only me. Exactly that one and similar reasons.

right, so you're the admin
even post #7 over there, for some basic videogame thing is considering "malicious admin" as the threat model:
https://monero.forum/thread/monero-tower-defence-game

I honestly think you’ll appreciate what XMRMatters is doing, to be fair. I think you'll especially like the achievements and trading stats sections, which are integrated with the feedback statistics and monitor for repetitive or suspiciously identical transactions so that bad actors can be penalized.

i mean, that's the thing, you can have the thing to look as pretty as it can, that's fine for something like moneromarketcap.com but for something like your service that actually handles money ... then that's different
and yea, ill just shill trustless decentralized services there, over trust-based centralized services, like the one right here is trust-based, that's just how it is...

and i am unsure if you actually answered the concern raised regarding creating multiple accounts, how is the reputation system working over there?
just saying... trust-based is literally the reason bitcoin was made in the first place, to get away from it through trustless tech
we in 2026... Y_Y
like actually 2026 u know? and we still out here with centralized services spawning while literally for that 1 usecase, the decentralized alternative already exists... just dont make sense u know...

Look, I get it. Centralized admin equals a threat vector. This is basic Monero threat modeling 101, and I’m not arguing against it. You're completely right that trustless tech like Haveno is the gold standard.

But let’s talk about reality instead of just repeating "trustless" like a mantra. Here is how it actually works, because I’m tired of repeating myself on this:

1. The Admin Threat Model
   Because I am the single admin, I engineered the architecture to assume the server is always a target. I stripped out historical IP logging completely. The server-side log sanitizer actively redacts view/spend keys, credentials, and addresses before they ever touch a disk. If I am compromised, hacked, or subpoenaed tomorrow, the adversary inherits an empty shell. I can't leak what I don't collect.

2. The Reputation & Sybil System
   You asked how I prevent multiple accounts and fake reputation without logging IPs.

Session Isolation: The platform uses transient, non-repeatable client-side cryptographic tokens via cookies to block multi-instance logging and automated account spam. No device metrics or IPs are stored backend.

Pattern Filtering: The feedback engine doesn't just count numbers. It monitors transaction velocity and flags low-variance, suspiciously identical trades between the same clusters of accounts to stop wash-trading.

Skin in the Game: You can't just click "generate reputation." It requires actual transactional execution and locked escrow balances. Farming fake stats is economically expensive and structurally useless.

3. Why This Matters in 2026
   Yes, it’s 2026. I want everyone on Haveno too. But the reality outside of our technical bubble is that non-technical users get completely overwhelmed by downloading desktop clients, syncing local daemons, and managing network states. When they find decentralized tech too hard, they don't magically become cypherpunks—they give up and default right back to heavily monitored, KYC centralized exchanges.

XMRMatters is a web and onion bridge to stop that leak. It’s a clean entry point to catch the people who would otherwise give up, execute a private trade, and get educated enough to eventually use trustless tech. It’s not a competitor to Haveno; it’s a net to pull people off centralized rails. The more avenues we have to trade XMR, the more resilient the network is. Simple as that.

The Admin Threat Model
Because I am the single admin, I engineered the architecture to assume the server is always a target. I stripped out historical IP logging completely. The server-side log sanitizer actively redacts view/spend keys, credentials, and addresses before they ever touch a disk. If I am compromised, hacked, or subpoenaed tomorrow, the adversary inherits an empty shell. I can't leak what I don't collect.

i mean yea, that's just basic no tracking type thing
you still handling extremely sensitive informations like home addresses (cash by mail) and things like that

cypherpunks—

"cypherpunks em dash", this shit got me, i mean, i know u explained just using the llm to format things better but like, "cypherpunks-em'dash-tm" at this point 😹

I think you'll especially like the achievements

which u literally pinged @cipherchan on that one, which...:
https://cipherchan.minimal.blog/docs-lore-cipherfall-v1-en-readme-md

Lore Principles

• No achievements system.

because LLM literally try to push the whole achievements even when literally specificed "no achievements" 😹
so like, is it opensource?
couldnt find a repository for it
so just gonna assume the whole backend is made by LLM as well, there's been redflags of llm use already so, cant really be trusting the backend either imo

lots of hijacking attempts been done around here

But let’s talk about reality instead of just repeating "trustless" like a mantra.

if was in fact an instant swap service, you wouldnt have received that same feedback, trust
cause the alternative doesnt exist there

for that 1 usecase, it does exist and we should move away from services done that way

You caught me on the em-dash.
Like I literally just said in my last comment, I write my thoughts out raw and use an LLM strictly to polish my grammar and vocabulary because English isn't my first language.
Dunking on a formatting tool is fair game, but assuming the entire backend is AI-generated because of a typo or a style choice is a massive leap.

As for the "achievements" line you got me there too.
That’s completely on me for letting the LLM swap out "reputation tiers based on escrow stats" for that specific word, especially given Cipherchan’s actual principles.
I missed that in the edit, so fair play for calling it out.

To address your actual structural concerns:

1. The AI Backend & Open-Source Accusation
   No, the codebase is not open-source, and absolutely none of it is written by an AI. I have spent the last two years writing this entire infrastructure from scratch, line by line. I do not use third-party platforms, AI code assistants, or public Git repositories because I refuse to expose my source code to anyone. You can call it security through obscurity if you want, but it’s what lets me sleep at night. I know exactly how the code is hard-coded, and I know there are no hidden backdoors or copied legacy vulnerabilities.

2. Handling Sensitive Data (Cash by Mail, Addresses)
   You raised a valid point about sensitive information like home addresses. The zero-retention architecture applies here too. Trade chat data and sensitive inputs are handled through end-to-end encrypted parameters and are completely purged from the active database the exact moment a trade is closed or finalized. The server does not maintain a historical archive of your personal data or addresses. What is dead is dead.

3. The Reality of the Use Case
   We can debate the philosophy of trustless tech all day. Ideologically, you are right—Haveno is the gold standard. But practically, look at what happens when non-technical people try to use heavy desktop clients, sync local daemons, and manage local network states. They get overwhelmed, they give up, and they crawl right back to heavily monitored, KYC-driven centralized exchanges.

XMRMatters exists to stop that leak. It isn't a competitor to trustless alternatives; it’s a web and onion bridge designed to catch the people who would otherwise default to centralized corporate rails.
It gives them a clean entry point to trade privately, move their funds to cold storage, and get educated enough to eventually graduate to tools like Haveno.

I’m not asking for blind trust. I’m asking you to spin up a virtual machine, look at the stagenet, sniff the traffic payloads, and see how the platform actually behaves instead of writing it off based on an AI formatting error

I know exactly how the code is hard-coded, and I know there are no hidden backdoors or copied legacy vulnerabilities.

I’m not asking for blind trust.

i mean, kinda does ask for blind trust there, but yea, it all goes back to the whole trust-based design vs trustless design thing, which, yea, we'll just go in circle all day on that lol
we both made our points, we disagree on that, that's fine

look at the stagenet, sniff the traffic payloads, and see how the platform

not gonna lie, i wouldnt even know how anyways, my concerns were not regarding the security on that end
and while i get the whole security by obfuscation by not sharing the source code, especially nowadays when vulnerabilties are found in everything, then the argument of security by obfuscation does hold some weight

bitcoin itself was opensource tho, so my opinion on that is that, if you handling the cryptocoin thing, opensource is just the base here
but not like it would change much anyways, since as explained by monerobull on the reddit comment (linked in first reply in page 1 on this thread), then you could still just serve a different code anyways

so is literally "trust me bruh, is not backdoored" design
so yea, we literally could go circle all day on that, on the exact same points of trust-based tech vs trustless tech

so imma just leave it at that for now, thanks on spending the time to explain your perspective

the only thing I actually do is write out exactly what I want to say, then use a prompt to enhance the grammar and vocabulary. That's pretty much it.

This is not how you build trust.

I only say this because other users here seem to be inteacting with you instead of writing you off, which is what I wouldve done, but seriously, how do you expect people to give you the time of day, let alone try your project out, when you can't be bothered to even present to us your own thoughts without going through a LLM ? I very much prefer to talk to people directly and not through some machine filter to "enhance the grammar and vocabulary". This is some Dead Internet shit.

jus drop the prompt atp twin ✌️🥀