Yeah. You can see their list of cards here: https://www.coinpayments.net/swych. So far it is US and UK only. For the US at least they have a decent list of cards available, but they are all the same ones that you can find on Bitrefill, eGifter, Coincards, etc.

However, to buy cards from them you need to have a KYC verified account. Given that all the cards (I think) they provide are purchasable from other providers without KYC, there is no real reason to use them unless you already have a KYC verified account on their platform for other reasons.

Since I don't have an account with them I can't see the prices they are charging, and therefore their markup.

Let's take a quick look at what they might do with your KYC documents.

People they will share your data with:
So any of their subsidiaries, and any third party companies they hire to provide a service to them or store and process your data on their behalf. So pretty much anyone they like.

If one of these third parties decide to sell your data (as was the case with Coinbase) or are hacked for your data (as was the case with Binance), Blockchain.com will take no responsibility.

Even if you think every member of staff at Blockchain.com can be completely trusted, what about all the staff at every unknown third party they currently use or will use in the future? Do you really want your KYC documents stored on the cloud by an unnamed and unaudited "cloud service provider"? It's impossible to count the number of times that cloud servers have been hacked or compromised.

In addition to better privacy as mentioned above, running your own node also means you don't have to trust a third party. You can validate all blocks yourself, and you can verify every transaction you send or receive yourself. Any non-node wallet must connect to someone else's node, and trust that they are honestly verifying transactions and sending you the correct information.

True, but this isn't unique to Bitcoin Core by any means. Most good lightweight/SPV desktop wallets allow coin control and send-to-many.

Don't get me wrong - I understand that. My point was rather that if given a choice between staying true to bitcoin but creating "enemies", or compromising on not allowing third parties to take control of our money in exchange for less opposition from governments, than I'm sticking with the first.

I know I am an outlier when it comes to the bell curve of "concerned about your privacy". I know most users are happy to complete KYC for the convenience of using a centralized exchange, whereas I am not. I know most users accept that these exchange make rules as to where their deposits can come from and where they can withdraw to, whereas I see such behavior as antithetical to bitcoin itself. My concern that is if we go too far down route number two and compromise what bitcoin is, it will be impossible to turn back and undo the changes. Bitcoin may end up popular, but it also ends up no better than fiat.

I'd much prefer bitcoin's popularity to come from more people realizing the benefits it brings, rather than compromising on those benefits for an "easy ride", so to speak.

Speak for yourself. After the government has successfully removed your privacy, the next thing is for them to exert control. This has already begun with some exchanges refusing to allow deposits/withdrawals to gambling sites, among others, for example. If I wanted a government to be able to monitor every transaction I make and decided whether or not I'm allowed to make them, then I could just use fiat.

Keeping your data private is difficult enough as it is. Reclaiming your privacy once you've given it up is nigh on impossible. The same is true of bitcoin. If we give up on all methods of maintaining or enhancing your privacy, if we allow governments to stick their noses where they don't belong, then that will become the norm, and reversing it at a later date will be impossible. No government is going to willingly give up knowledge or control.

Coinbase and suspiciously "crashing" whenever the price moves by more than $300. Name a more iconic duo.

Seriously though, we were just talking about this a few weeks ago when the price fell to $8,500: Coinbase down again during crash, is the exchange doing this on purpose? This is such a regular occurrence with Coinbase that it is turning in to a meme. I can't remember the last time there was a big price swing and I didn't see a post on here or Reddit about Coinbase going down.

There are two possibilities here. Possibility one is that they are doing this on purpose so they can insider trade, trade their own coins preferentially, rip off their customers, etc. Possibility two is that after 8 years of operating, with turnovers of billions of dollars and annual profits of hundreds of millions, they haven't bothered to invest in servers which can handle a mild surge in traffic. Both show complete and utter disregard for their customers

We've known for a long time that Coinbase are anti-bitcoin (supporting BCash, Segwit2X), are anti-technology (slow to implement SegWit, batching transactions only rolled out a few months ago), are anti-privacy (selling your data to third parties, partnering with developers who sell surveillance software to dictators), and are anti-user (constantly "crash", insider trading, dumping shitcoins on their userbase). Honestly, if you are still using them at this point, you've got to ask what it would actually take for you to move to a new exchange.

Definitely top 20%. 595,288 split among only 20 users would be 29,764 merit each.

No. The majority of posts on the forum are from bounty hunters. The Bounties (Altcoins) board has 7.5 million posts in it. That is more posts than in Bitcoin Discussion, Development & Technical Discussion, Mining, Bitcoin Technical Support, Project Development, Meta, Politics and Society, Beginners and Help, Off-topic, Serious Discussion, and all their child boards, combined. Announcements (Altcoins) is even worse with 8.6 million posts.

I think the issue with these data is that over a third of the total merit earners, in the region of ~13,000 users, have only received a single merit. This is going to skew things largely in favor of the top 20%.

There are different sizes of QR codes, different versions of QR codes, different ways to encode the data, different methods of error correction, different degrees of error correction, etc., meaning the same data can produce different QR codes.

In addition, it is possible to encode more information that just the address in a QR code. One code may also include a request for payment, an amount to be sent, or even additional information which will be read by your wallet (Example: Electrum contains a "description" field which can be encoded in the QR code).

As long as they both scan to the correct address, nothing to worry about.

This. Don't try to force a legacy wallet to generate SegWit addresses. Don't try to export your legacy private keys and create SegWit addresses from them. Don't end up with a completely non-standard SegWit derivation path, and a wallet which you can't recover just by entering your seed. If you want a SegWit wallet, then just create a SegWit wallet.

I agree with that, but even if the iteration count was 1, a passphrase is still an additional barrier that an attacker has to overcome. Maybe not in your example with a passphrase of 123 which will be broken pretty much instantly, but if I'm using a randomly generated passphrase, something along the lines of N(%8GcgtMyYs6]$U, then my coins won't be instantly stolen if my seed is compromised. Therefore, they are more secure.

Open it as an administrator.

That's literally exactly what you are doing here against suchmoon.

Ahh, I thought those additional "h"s were "k"s from the original photos. True enough, you can inscribe an additional letter or two as needed on the blank tiles or on the back of a different tile.

It just strikes me as very strange they provide a sheet of numbers considering there are no numbers anywhere in BIP39, especially when they don't provide enough letters. Why not an additional sheet of letters? It's also rather strange that they provide one sheet of upper case letters and two sheets of lower case letters like that.

Are these 4 panels all the letters you get? Are the tiles double sided with different letters on the reverse? If not, that's not enough.

I generated a seed on Ian Coleman, and the first seed I generated doesn't have enough of two letters


First four letters of each word:


Contains 10 "D"s, whereas you only have 9, and contains 5 "H"s, whereas you only have 4. Bit of a pain to get three quarters of the way entering your seed to find out you have run out of letters and have to generate a new seed and start again.

Although it looks nice and slick, unfortunately looks are irrelevant when it comes to a product like this. As LeGaulois says, what matters is how it stands up to damage, and if the letters stay secure and are still readable.

It is still an issue.

The standard derivation paths as defined by BIPs 44, 49, and 84 only use hardened keys for the first 3 levels of the derivation path - the purpose, the coin type, and the account. The change and the address index use non-hardened keys. As you say, knowing a child private key and the parent extended public key allow an attacker to derive all the child's sibling private keys.

In practice, this means that an attacker can't go any higher than the account they are in. Knowing the extended public key and a child private key from m/44'/0'/0' won't let them derive the keys from m/44'/0'/1' or m/84'/0'/0', for example. But knowing the extended public key and a child private key from m/44'/0'/0' will let them derive all the private keys from m/44'/0'/0'.

That's not really a good way to create a wallet for a couple of reasons.

Firstly, the obvious reason. No one should just be making up their own seed phrase. Humans are bad at being random and bad at generating entropy. Any phrase you come up with yourself will be significantly less secure than one generated for you, even one generated for you from a word list you supply.

Secondly, you could easily run in to problems down the line trying to restore this wallet from your seed. You are forcing Electrum to accept a seed phrase which is not a valid BIP39 phrase, and may even contain words which are not on the BIP39 wordlist. You will be unable to restore this seed phrase to anywhere other than Electrum, and as Electrum states they do not guarantee to continue supporting BIP39 phrases, you may end up unable to restore the seed phrase in to any current wallet. Will OP remember in 2, 5, 10 years that he has to download a long outdated version of Electrum (which may well refuse to connect to any servers), and he has to enter his non-BIP39 phrase as a BIP39 phrase?

If OP really wants to go against all advice and pick his own phrase, then he should at least make make it properly BIP39 or Electrum compatible.

Coinomi is closed source, so it is impossible to tell whether or not it is actually safe. There was an issue discovered last year where Coinomi was sending a users seed phrases unencrypted to Google servers to be spell-checked, which is obviously a massive security risk. Coinomi's statement said that no funds had been lost as a result of the issue, and it has since been patched, but this is the risk you take using a closed source wallet - nobody has any idea what is going on behind the scenes.

Does the fact that you consider yourself "lucky" to not have been hacked not tell you something? My wallets have never been hacked, but it has nothing to do with luck - it has to do with me storing my coins myself with proper security measures, and not trusting complete strangers to do it for me. Just because your coins haven't been hacked/stolen/scammed/frozen/seized/etc. yet, doesn't mean using web wallets is safe.

It is entirely possible to use a Ledger hardware wallet offline, either by disconnecting your internet connection before you connect the hardware device, or only using the device with an airgapped computer. Create a transaction via a watch only wallet, transfer to an offline environment, sign with your Ledger device, and then transfer the signed transaction back to an online environment to be broadcast.

I'm not sure I agree with that.

As you say, the passphrase offers no additional security to your seed phrase - it does not encrypt it, and if someone gains access your seed phrase, then they still have complete access to your seed phrase (which is obviously not the case if your seed phrase was encrypted). It does, however, offer additional security to your private keys.

If you don't use a passphrase and someone gains access to your seed phrase, they also gain access to your private keys and your coins.
If you do use a passphrase and someone gains access to your seed phrase, they don't gain access to your private keys and your coins, unless they also gain access to your passphrase. By definition, that's more secure.

Sort of. The passphrase doesn't change the entropy of your seed phrase. It will always be 128 or 256 bits, depending on whether it is 12 words or 24 words. The passphrase (if used) is used as part of the second parameter for PBKDF2 (your seed phrase being the first parameter) to generate your "root seed" number, which is then used to derive all your private keys, public keys, and addresses.

Yeah, I don't disagree with that at all. I think the "Reporter Badges" that theymos previously talked about are a good idea, because they will encourage more people to report.

I don't think it's a good idea to tie it to ranking up, however. If you did tie it to ranking up but without paying attention to the accuracy, then people who don't care about reporting could just report hundreds of posts without paying attention to whether the reports were right or wrong to reach the necessary target. If you did also set a "required accuracy", then as I said above it will discourage people from reporting anything but the most heinous of rule breaking because they don't want to make it more difficult for themselves to rank up. Both of these scenarios are a negative outcome for the system.

So while I agree with reporter badgers, I think it should be entirely separate from rank, and not bring any special benefits, except maybe removing the blasted 4 second cooldown between reports.

Yes, your keys will still work.

Simply create a new Electrum wallet, select "Import bitcoin addresses or private keys", and paste in your private keys, prefaced with the address type and a colon as we discussed higher up in this thread. It makes no difference if the keys were originally created on Electrum, bitaddress, or some other wallet or service - they will still import to Electrum just fine.

If you want to use Electrum as an airgapped wallet, then the best set up is to create a wallet on your airgapped machine, back up the seed phrase on to paper, export the extended public key, and then import the extended public key in to a new Electrum wallet on an internet enabled device. This will create a "watch only" wallet on the internet enabled device, which you can use to watch your addresses and to create transactions which you then transfer to your airgapped device to be signed, before transferring the signed transaction back to your live device to be broadcast.

Exactly. So how do I know I can trust their ratings? I can't, therefore it is sensible for me to exclude them so I do not see any ratings they may leave.

Wait, what? Did you forget that you are the one who opened this thread, called suchmoon a trust abuser, and demanded they account for it? At no point since these users were excluded over a year ago did anyone start a thread and demand that you account for their inclusion.