Yup. You can see for yourself here: https://passwords.google.com/

Sign in, and see every password you have ever saved in Chrome displayed on a website and loaded from their servers. If you use Chrome, Google knows every site you visit, every page and image you look at, every keystroke you enter, every file you download/upload, all your passwords, your location, and more, and it's all linked to your email (which they read) and potentially your real identity. Chrome is spyware. Why anyone would voluntarily use it is beyond me. You are giving your entire life over to Google to do what they like with it.

This is one of the most ridiculous things I've ever read, and I've read blog posts by CSW.

Being offended is entirely subjective. Everyone in the world has a different set of things they are or are not offended by. Something that is completely mundane to me might be offensive to you, and vice versa. I'm offended by most altcoins.

So if I go on to that forum and say I am offended by altcoins, are they going to ban everyone talking about altcoins? Of course not, because the mods won't agree with me. But if I say I'm offended by someone using Nazi slogans, the mods will probably agree with me there and take action. Therefore, this rule gives the mods permission to delete any comment they like and ban any user they like under the guise of "causing offense to other users".

I wouldn't share the name of which exchange you are storing them on, but are you sure they are insured? I'm not sure I know of any exchange which has had to claim on insurance to refund customers. Anyone can simply write "Deposits are insured" when they aren't at all. Have you seen any paperwork or documentation stating that?

Furthermore, insurance only protects against a single method of failure - the exchanges themselves being hacked. It wouldn't protect against them exit scamming, shutting down, freezing your accounts, demanding ridiculous KYC, your account being hacked, you being phished, you having clipboard malware, and so on.

There's a reason that every good hardware wallet suggests that your mnemonic phrase should be written down on paper; that's the best way to store it. If you are concerned about somebody finding it, then use a long passphrase, write that down on paper, and store it separately (I would argue everyone should be using passphrases regardless). If you are still concerned about both these things being found, then you could use something like Shamir's Secret Sharing to split it in to parts, and then an attacker would need to find 3 (or 4, or 5) different pieces of paper to steal your funds. It you are still concerned, then encode it in some way when you write it down. Just be aware that every additional step you add, whilst making it harder for your coins to be stolen, also makes it harder for you to recover them, especially if you forget one of the steps or where one on your hiding places is.

Chrome has a well deserved reputation as eating your RAM like there's no tomorrow, but things can vary massively on different hardware set ups and different operating systems. If you want accurate results for you, then simply download both, open the same 20 tabs in each, then open task manager/activity monitor/system monitor and see which one is using more resources.

Having said that, there's a lot more to consider when deciding which is "the best" browser than which is the least resource hungry. As long as you are running a fairly modern machine, then you shouldn't really notice any difference in system performance between different browsers. What is far more important is that Firefox is by far and away the best browser (not considering Tor) in terms of privacy, security, anti-tracking, anti-fingerprinting, and so forth. Chrome is literally spyware and sends everything you do online back to Google for collection, analysis, and sale to third parties.

If you were running your own wallet such as Electrum, you would be able to use a feature called "Replace by fee" to bump the fee up. However, this is not possible with blockchain.com (as far as I am aware).

You absolutely will. Miners obviously pick the transactions with the highest fee first to maximize their own profits. You have paid 2.5 sats/byte. When you made the transaction, peak fees were 20 sats/byte. Now, a few hours later, they are 10 sats/byte. The mempool usually empties over the next few hours, around about midnight UTC. Just be patient. Go do something else for 3 or 4 hours to take your mind off it.

From a security perspective - yes, it's perfectly safe. There is nothing someone can do just by seeing your TXID and addresses. This information is publicly available for every transaction ever made.

From a privacy perspective - maybe not. If you are concerned about people linking wallet addresses or bitcoin amounts to your forum identity/username/activities, then don't share.

Open your blockchain.com wallet, click on "Bitcoin" from the sidebar on the left, then click on "Sent" from the menu at the top, and you will see your sent transactions. From there you should be able to find your transaction ID - it's a 64 character long string of numbers and letters from 0-9 and a-f.

If you don't want to share it, then search for it yourself on https://blockchair.com/ and check the amounts and addresses are correct. If you click on the "Click to see more" option on the right hand side of that page, you'll see a field that is called "Fee per kVB". The fee required at the moment for a fast confirmation is 0.00020000 BTC or higher. Anything lower than that and you will just have to be patient. The lower you are, the more patient you will need to be.

Why don't you share the unconfirmed transaction ID here first so we can take a look at it.

The mempool is currently pretty backed up, as you can see from this site: https://jochen-hoenicke.de/queue/#1,8h. You currently need fees of around 20 sats/byte to be within 1 MB from the tip and be confirmed in the next block. If you have selected a low fee of a few sats/byte, then it will like be several hours or more before the mempool empties enough to confirm your transaction.

If you have made the transaction and can see it on a block explorer, then contacting blockchain.com will be futile. There is nothing else they can do.

Free transaction accelerators are usually a waste of time. Just be patient. Provided you can see your transaction "unconfirmed" on a block explorer, and the addresses are correct, then your coins are quite safe.

All your advice is good up to this last point, which is the wrong advice to give. A password which is easy to remember is easy to guess and easy to brute force.

It's simple: Humans are bad at being random. This means we are bad at choosing passwords, passphrases, brain wallets, or anything similar. Don't even try. There's a reason that wallets generate a random seed for you and don't let you input your own (or at least, you have to use advanced configurations if you want to input your own, since it is very high risk). Use a proper password manager such as KeePass or Bitwarden to create truly random passwords and store them for you.

In addition to NeuroticFish's good suggestion above regarding Electrum, this would also be prevented by using a hardware wallet (and not just for bitcoin, but for all coins). Even if the malware changed your "send to" address just as you clicked "send", you would still have the opportunity to check the address on the hardware wallet's screen, and cancel the transaction if the address was different.

Sure, but it might not be the wallet they have. If this is 10 years in the future, who's to say that the Ledger Nano S is still being built or sold? Highly unlikely. And even if they can manage to get their hands on an old one, will it still be compatible? And if it is, the firmware on the device and the Ledger Live software will both almost certainly have changed significant, and render some of your instructions wrong. You've written a good set of instructions for how things stand at the moment, but one update from Ledger would be enough to render them incorrect or incomplete.

Now, if something was to change as I've described above, it might be enough to trip up a complete newbie or someone with low technical knowledge, but someone like me or you who understands what a mnemonic phrase is, what a passphrase is, and how they relate, would still be able to figure it out without too much difficulty. With that in mind, I think you should absolutely pass on your instructions, but it would be wise to also include either an explanation you've written, or a link to where they could find an explanation, as to some basic bitcoin terminology and wallet guides. That way, if your method is no longer valid, they will at least have a starting point to educate themselves as to how to recover your coins using a different method.

That's a fair point, and I would agree. Perhaps this could work similarly then - if we present theymos with data on just how bad the worst campaigns are, along with proof that the relevant managers have been alerted abut are doing nothing, he might step in as he did before.

If this were to be a thread as Welsh suggested, users would need to quote relevant spammy posts rather than just report users by names, as I'm still going to be reporting these posts to moderators for deletion as well as reporting the user to the manager. That would be a huge amount of work though, to manually quote and copy each post in to a thread, and would slow own my reporting speed massively. A second button as suggested in the OP would be a neater solution.

Agreed, but we both know there are many out there who don't.

That's what's supposed to happen now, as per hilarious' sticky thread in the Services board, but it isn't enforced. We also already have stats on the worst offending campaigns and those with the most posts being deleted thanks to yourself. A public database might help to name and shame the worst managers, but unless we start enforcing temp bans on users and managers and temp bans on entire campaigns (as theymos did with YoBit), then I don't think much will change.

I do like the idea, and think it could work well, but we would need some input from admins or global mods to say that they will act on the data collected, otherwise it seems like a waste of time to collect it.

I think it's a good idea, but I'm not convinced as to how effective/useful it would be.

The Cryptotalk campaign is something of an outlier given that they will recruit anybody, and yahoo gets no say in the recruitment and just has to clean up the mess. I agree your suggestion would be useful here. However, let us consider all other "standard" campaigns for a moment.

A minority of campaigns are run by good managers who pay attention to their participants, and these managers are going to pick up on spam anyway. The majority of campaigns are run by managers who don't give two hoots about who they are recruiting or the amount of nonsense trash their participants are spamming across the forum. We could spend days reporting these users and their posts to their relevant campaign manager, and absolutely nothing would come of it. These poor managers, just like the spammers they recruit, are often just in it for the money and will put in the bare minimum amount of effort. They aren't going to spend hours like yahoo does sifting through reports and post histories, banning the offenders, and then spend more time to recruit new users. If there is no consequence to doing so, then they will just ignore all the reports.

Unless this was also combined with real enforcement of the rules regarding warnings and bans given to both spammers and their managers, which unfortunately theymos doesn't seem keen to pursue, then I think the time spent reporting to managers would be time which could be better spent reporting to moderators.

The Electrum console is just a python interface. As far as I am aware, it will run any python code. This seems to be confirmed by the following GitHub page: https://github.com/spesmilo/electrum/issues/3678. So yes, it seems entirely possible that you could have compromised your system, unless you were running Electrum in a secure sandbox.

I have no idea what the file you downloaded was, and I have no desire to download it and find out. It could very well have contained code to compromise your system. That's why there is a big warning on the console telling you not to do the exact thing you did.

As Abdussamad says, the only way you can be 100% safe is to reformat.

Agreed. Using anything above depth 1 on a customized trust list is mad, unless you have a very small trust list. Going through Loyce's viewer for myself, there are 400+ names on my "Depth 2 trust list" and I don't even recognise about 90% of them, let alone be able to tell you if I think they have left good ratings or not (or indeed, any ratings at all). These are absolutely not users I want to be affecting how I view the whole forum. If there was someone whose ratings I thought were good, then I can just add them to my level 0.

To address OP's suggestion specifically: As much as I agree with having DT2s need 2 inclusions from DT1s, I don't agree with giving the same option for customized trust lists. We already have a big enough problem as it is getting users to set up their own customized list (I'm sure one of my Foxpup Friends above will give me a statistic on just how few users have a customized trust list ). We have a problem with many users, including some long-term, some well trusted, and even some default trust users, not understanding how trust lists work. We shouldn't be looking to complicated it any more, and presenting yet another hurdle to newbies setting their own list for the first time.

We can set DT2s needing 2 inclusions entirely "behind the scenes". The average user won't even know anything has changed. Giving another box on the trust page for "Trickle down factor" seems unnecessary, when you can just add any users you agree with to your own list.

Total merit (including airdropped) divided by 10, I think. I have 2911 merit (2811 earned, 100 airdropped), and can submit 291 captions. Too much of a coincidence to be anything else.

I accept that. But even if we overestimate and say they are processing 50 such transactions an hour every hour non stop, and we accept the fee of the transaction you have linked as average even though the vast majority of consolidation transactions have total fees far below that, we are still only talking about 0.6 BTC per day. 3 BTC or 2.4 BTC, either way, they are taking in a lot of money by overcharging on withdrawal fees.

Agreed again. But surely this is an argument for variable fees then? And there is no need to pay over 1,000 sats a byte, especially not for a consolidation transaction. Even during the absolute highest fee peak (December 22nd/23rd 2017, if I remember correctly), that fee would have been overkill. They have more than enough in their hot wallet that they could set a fee of 10% of that and wait a day or two.

So yeah, I agree that the initial figure is probably an overestimate, but regardless of how you cut it, Binance are making a nice profit from overcharging for withdrawals. And if I recall correctly, Binance actually have one of the lower bitcoin withdrawal fees. (Someone correct me if I'm wrong here - I don't use centralized exchanges).

What about the scenario where someone has a higher net DT1 inclusion than their net DT2 exclusions? Would we just ignore the DT2 exclusions in that case? Otherwise if we exclude them, then DT2 have overruled DT1.

Requiring two or more DT2 members does little to nothing to address the problem of sockpuppets. A DT1 user can make as many DT2 users as he likes. One malicious DT1 user could quite easily create/find multiple accounts to add to DT2 to achieve their desired result.

Requiring two or more DT1 members to become DT2 in the first place is a better solution, as it is far harder to game the DT1 selection process.

Multiple people will have submitted the same post but with different captions. I assume it is just cycling between all the options until a final captain is chosen/voted in. Which also answers my previous question regarding duplicate submissions.