Spot on meme courtesy of @KAPNKRUNCH2010 on Twatter
Monero privacy is under attack and it's not from where you would think. People are storing silly pictures and other data directly on the XMR blockchain which directly hurts the privacy of every Monero user. There is currently a debate in XMR circles about how it affects privacy. The people who want to profit from Mordinals will of course tell you it doesn't hurt privacy or there are "easy" ways to change Monero to make it not hurt privacy. Do not believe these people, they are grifters at best, attackers at worst.
This is not financial advice, this is privacy advice. I have never committed code directly to Monero but I have studied it extensively, in addition to working on many other privacy coins for many years and documenting severe problems in Zcash Protocol. I hope this memo helps Monero people who are on the fence and aren't sure who to believe in their own community. Consider this to be advice from "across the aisle" from someone that is not directly involved in Monero or Mordinals but wants the best privacy tech to prevail in this age of surveillance.
First we give some backstory, of where Mordinals comes from and lessons other chains have learned.
Mordinals is a copy-cat of the Ordinals project, which allows you to store arbitrary data directly on the Bitcoin blockchain. Since Ordinals works on a surveillance coin (BTC), it really can't reduce the privacy of users, since Bitcoin doesn't have any privacy to begin with. Ordinals has created a huge uproar in the Bitcoin world, some love it, some hate it, but it became clear that there was no good way to fight it. If Bitcoin Core did decided to try to remove Ordinals, the cure would be worse than the disease. Trying to remove Ordinals would waste even more blockspace than it currently uses. So Ordinals live on.
Many people are LARPing as privacy experts on Twatter and YouTube and podcasts which are heavy on grifting and low on technical content. I will not name names, but you know who they are. It's simple, if someone is not a privacy coin developer or blockchain analyst, flush their opinion down the toilet. Unless someone writes the code to protect your privacy or is someone who is paid to attack your privacy, they are just a grifter, trying to influence you for their own gain. You can often identify these people because they will tell you to trust another LARPer (such as a podcaster trying to make money via ads or reflinks) on their low-quality Twitter feed, instead of a technical person that actually knows what is going on.
I commend XMR devs for quickly merging a mitigation against this privacy attack in the commit Add a size limit for tx_extra in tx pool. This is a good first step and I predict that if XMR devs truly care about privacy (and I think they do) they will make this a consensus rule in their next mandatory update. By doing this, they will protect the privacy of all Monero users by forcing the Mordinal project to change how it stores data on XMR, if they choose to keep doing it.
So now for some actual details of exactly why Mordinals reduces the privacy of Monero users, since these exact facts are being hotly debated by privacy LARPers. Mordinals reduces the privacy of a Ring Signature, because if a Mordinal is used as a decoy, it is very obvious to a blockchain analyst that it is a Mordinal and not a real transfer of value between two XMR users. This is because the tx_extra field has no privacy, anybody can see how many bytes of it are being used, unlike the memo field that Hush and DragonX use. tx_extra is also not encrypted, unlike the memo field, so it's pretty obvious what is going on. Mordinals is a crack in the armor of Monero for blockchain analysts to exploit. It is indistguishable from a purposeful attack on Monero privacy.
Now Mordinals admits the above privacy reduction is happening and their recommendation is to change the internals of Monero (how decoy selection works) to not choose Mordinals as decoys. Firstly, do you trust an "NFT bro" to understand the implications of changing the C++ internals of the largest marketcap privacy coin in existence? If so, you might as well get brain surgery from your local hair salon and close this tab now. Secondly, this suggestion will hurt privacy even more! If XMR decoy selection is changed to not select Mordinals, then the set of all possible decoys is made smaller! This reduces privacy. Ordinals use on BTC has exploded, and recently entire Bitcoin blocks have been filled with nothing but Ordinals. If something like that happens with Mordinals (which they are hoping for) then the set of transaction outputs (UTXOs) that can be selected from will be drastically reduced. This will severely reduce the privacy set (anonymity set) of Monero. This is how people using Mordinals not only hurt their own privacy but the privacy of every Monero user in the future.
To conclude: monkey jpegs belong on surveillance coins like ETH and BTC, not Monero.
-- Duke