Core team members of the bitcoin privacy service XMR.to have revealed via the Monero reddit page that the service will no longer be available for users based in the US. Coming into effect on Sunday, March 31, the XMR.to team's brief three-line statement did not expand on the decision to cut ties with its US users, simply stating that the service is "working with [its] legal team to understand the best way forward."
The service itself allows users to capitalize on the privacy-focused qualities of Monero while still using bitcoin when trying to carry out a transaction. Essentially, users request to make a bitcoin payment for a specific amount. XMR.to then takes the bitcoin payment request and asks for a specific amount of Monero in order for the service to complete the payment. Once XMR.to receives the Monero, the service acts as a middleman, completing the bitcoin payment on behalf of the user.
With the service's website stating that it has been "[k]eeping none of your data since 2015," it will be interesting to note how exactly XMR.to will attempt to enforce its recent decision. According to the service's FAQ page, XMR.to is similar to Monero in more than just name, as the site states that "no-one (including [XMR.to]) can link you to the payment you send us."
Now, IP addresses still exist, meaning users aren't totally anonymous when using XMR.to, and the service does say that it logs those addresses "partially because it helps for support and maintenance, and partially because it's a royal pain to ensure that they are purged from all server logs everywhere." However, this doesn't mean that the service is against users attempting to hide their location. The service's site suggests users employ Tor – an open-source software that conceals a user's location – and provides the XMR.to .onion address, the domain Tor users need to access the service, which works to add more layers of privacy by making the user's information and the service's information more difficult to trace.
While XMR.to wants its users to live a low-key cyber lifestyle, its namesake cryptocurrency has done anything but as of late. In early March, an unhappy Ledger hardware wallet user claimed on reddit to have lost 1,680 Monero (around $80,000 at the time of the claim) as a result of a bug. Just a day later, cybersecurity company Imperva found that 400 vulnerable Docker servers were being used to maliciously mine Monero.
But it hasn't all been bad news. Last week, a Japanese court acquitted a man accused of hijacking the computing power of visitors to his website and using the power to mine Monero.