Or just buy a Copper Membership. See here for details: Newbies can now pay a small fee to enable images

But am I correct in saying I cannot decrypt my encrypted keys without your software which you refuse to release? If so, then you are arguing semantics. The whole point of a back up is that it is accessible by me when I need it to be.

You can't do that if your hardware wallet is lost and you can't access your keys because they haven't released their back up software.

With BIP39 I can very securely restore without having to buy a new hardware wallet by using an air gapped machine and using that to sign transactions generated on a live watch only wallet.

Therein lies my issue. Why should you get to decide if I can extract my private keys?.

That is not even close to being anonymous. It will be completely obvious to anyone at YoBit exactly what you did, and they will be able to easily track your coins moving forward. Even people outside of YoBit would be able to be fairly confident that the coins were linked by looking at the size of the deposits/withdrawals. You should also assume that all exchanges are willingly sharing data with governments around the world because, well, most are. I'd actually say that your suggestion is less anonymous than doing nothing - you are giving YoBit data about your account names, email addresses, IP addresses, and deposit/withdrawal address which they otherwise would not have.

Exchanges don't even need to "fall in the hands of authorities". They are quite willing to hand over your data whilst still operating. Just ask any of the thousands of Coinbase users now getting hounded by the IRS for tax money.

We are not talking about your hardware wallet here, but about your recovery software. You have said that if you go out of business, nobody can access their keys without your recovery software. At this point, nobody except you can even say if this software exists or not. How do we know it will decrypt and display the keys safely, and not accidentally store them in plain text in a file somewhere on our system, for example? How do we know it won't email all of our keys off to your email address? After all, by this point you will already have gone out of business, so what do you have to lose? All we can go on is your word. Hence, trust.

I can sense we will never see eye to eye on this, so we are going to have to agree to disagree, but you will never convince me to trust my private key back up to the promise of some future software being released by an internet stranger.

Plausible deniability. ISPs are more than aware that users are using proxies, VPNs and Tor to bypass all the restrictions they put in place and view blocked material or torrent illegal content. But that can't be easily proven from IP logs, so they can't be taken to court over it. All they need to do is the bare minimum which the courts mandate (such as block piratebay.com whilst ignoring the .net, .org, .it, .biz, etc., sites), whilst also maintain the maximum amount of freedom so they keep customers.

It's only getting more common. All Western governments are increasingly censoring more and more material, and spying more and more on their citizens via Google, Facebook, etc. The latest story I say was that the US government are demanding Facebook install a backdoor to WhatsApp to allow them to access everybody's messages unencrypted. Governments want control.

I would also encourage a user to have more than one hardware wallet, particularly from different companies in case there is a critical bug or vulnerability in one which makes it unsafe to use. There is little point, however, in having hardware wallets which are completely incompatible with each other. BC Vault can't be used as a back up for another hardware wallet, and other hardware wallets can't be used to back up a BC Vault. I don't see the benefit at all of having two BC Vaults over one Ledger and one Trezor, for example.

I have no issues with encrypted back ups, but the whole point of a back up is that you can access it when you need to in an emergency. Currently, the only way to access your BC Vault back up is to by another device and wait several days for delivery, which is far less optimal than near instant access of BIP39 back ups, as HCP has pointed out.

We also have no idea if their recovery software works, is safe, is secure, or even exists, because they refuse to release it. As I said above, one of the founding principles of bitcoin is to be trustless. This wallet, currently, requires a lot more trust than any other major hardware wallet.

If they released their recovery software so it could be reviewed, audited, and tested, and it worked as advertised, then it would be a different story. You could now extract your private keys and import them in to another wallet as required, and would no longer be trusting a third party's promise to let you have access to your private keys.

You can see their registration details here: https://crypto-bridge.org/imprint/
As you say, registered in Denmark to a company called "Liquid Blocks". Interestingly, the link they provide (https://liquid-blocks.com/) currently returns an error.

Anyone know what the Danish/EU laws regarding changes to Terms and Conditions are? I'd be very surprised if they were "The company can unilaterally change them without prior notice or consent and you just have to suck it up".

Sure, but the first inclination the exchange had that KYC for all customers was coming was not a letter which said "Implement KYC today or we will shut you down". There will have been communication prior to this, and any reputable exchange would have taken this opportunity to inform their customers of upcoming changes, especially since their own legalese says they are obligated to do so.

Didn't think I'd find myself saying this, but CH is spot on here.

---

He's wearing a Cryptotalk signature. All you can expect is a generic reply which totally misses the point and doesn't read any of the conversation that came before.

So I've had a good read of their Terms and Conditions and their Privacy Policy, and I've found a few interesting snippets. All emphasis is my own.

https://crypto-bridge.org/terms-and-conditions/
https://archive.fo/qFpM6

https://crypto-bridge.org/privacy-policy/
https://archive.fo/sKJOu

No particular importance for this quote, just funny/shady that they should say it when it's obviously not true.. Same as claiming to be "decentralized" when they are obviously not.

This whole quote doesn't apply, since you haven't violated their terms, but the part about receiving a refund of Bridge IOUs is interesting. Can anyone who uses this exchange shed some light on what Bridge IOUs are? Is this essentially a refund or everything they are holding on your behalf, or something else entirely?

Interesting that their Terms and Conditions have not yet been updated to reflect the new KYC rules for users outside the US.

You have four weeks to object, by their own Terms and Conditions.

As above, still out of date regarding KYC and users outside the US.

These changes quite clearly affect your "contractual relationship", and no consent was sought.

Looking at this, it seems pretty clear that they are in breach of their own legal requirements.

They might. I'm not familiar with the sign up process for Crypto-Bridge, but many exchanges that do not require KYC (not that there are many left), still require a name, email address, country, and sometimes an address. If you have signed up as Robert Paulson with robert.paulson@gmail.com with a US address, and then complete KYC with documents belonging to Monty Python at a UK address, it's going to raise some red flags. Very likely your account will at least be suspended pending further investigation.

Absolutely. This is money laundering 101, to withdraw under someone else's name. There could very well be criminal consequences.

I, and I'm sure everyone else, appreciates the work you are doing. I realize it's not going to be an instant fix and new spammers are joining all the time. But because of their ridiculous policy of accepting everyone* (which again I realize you have no control over) and then relying on you to ban the spammers, I can't help but feel you will never win. There is a near endless stream of spammer accounts who will want to sign up at some point. If they keep going like this, I would hope theymos would step in as he did before.

*The cynical side of me says they are doing this on purpose. People set their signature, you quickly ban them, they don't realise they are banned, and then YoBit benefit from free signature advertising.

Wow. Those numbers are even worse than I thought they would be. YoBit campaigns 1 and 2 coming in at 162 and 176 respectively, with the next closest campaign being Minter at only 28. As I mentioned earlier in this thread, I've been very aware of all the Minter spam over the last couple of weeks, but to think YoBit is 500% worse is astounding. Cryptotalk at a 176 is even more impressive when you think it has only been active for a few days, since not every spam post is deleted in good time. Seeing these numbers, despite Yahoo obviously trying his hardest to clean up this flood of trash posts, I can't help but feel (and hope) YoBit is heading for another ban.

They are effectively saying "hand over either your coins or your KYC documents against your will". They had the choice to give customers a warning and a grace period, and they chose not to do that so they could deprive some users of their coins and keep these coins for themselves. Even if customers did complete the KYC, they are still being forced to hand over something against their will. Call it theft by extortion, if you will, but either way they are taking something from the customer against their will.

I'd only do this if you would be happy to forfeit the coins. If the exchange discover this is what you are doing, the account will be locked immediately.

There is probably very little legal recourse here, but they might be willing to let you withdraw your funds in exchange for not giving them a bad rep on social media.

And there we go.

This is exactly what exchanges which implement KYC with no warning are counting on. Privacy conscious users abandoning their coin(s). I'm not saying that's the wrong thing to do; I would do the same thing in your shoes with an amount I could afford to lose, rather than hand over everything needed to steal my identity to some internet stranger to then pass on to another stranger working for some third party.

There is no good reason to not give at least a week or two grace period. Not doing so is simply theft from users who don't want to send their documents. Even if I were inclined to complete KYC on an exchange, I sure as hell wouldn't be doing it on an exchange with such blatant disregard for their users. I hope others take notice of this before signing up to this exchange.

Are you sure? See posts 26 and 30 in the screenshot below - both show up for me in recent, both in the same thread (Here: https://bitcointalk.org/index.php?topic=5174107.msg52617047#msg52617047).

---

Edit: Confirmed I can see this post and suchmoon's test post below both on recent at the same time, albeit on different pages.

Do not pick a mixer from either of those linked sites, or pick either of the mixers showing up in that screenshot! You have a high chance of being scammed if you do.

Almost every mixer listed on those two "review" articles is a known scam. The only one I am aware of which doesn't have an active scam accusation against it is BitMix.biz. It is likely that the person or ring writing those articles own all those scam sites, and write these fake review articles to give themselves false legitimacy. This is exactly the same case as with this other "review" article posted higher up in this thread: https://bitcointalk.org/index.php?topic=5176363.msg52187601#msg52187601

Have a look at the following two threads, and you will find every one of those scam mixers listed in them:
2019 List Bitcoin Mixers Bitcoin Tumblers Websites
List of Bitcoin Mixer or tumbler SCAM/CLONE websites

Just like you wouldn't type in to Google "BTC wallet" and download the first link that pops up (at least, I really hope no would), no one should be typing "BTC mixer" in to Google and using the first result. Take a look at the threads above to find one with good reviews, or just use ChipMixer, since it is the most widely trusted mixer available.

I think the point being made was that while ChipMixer enrolls the best posters because DarkStar_ is diligent in his selection process, it attracts the best posters because of the pay rates. If DarkStar_ was to run another campaign which was paying 0.002 BTC per week (for example), I doubt there would be many non-selected previous ChipMixer applicants applying for this campaign solely because it is DarkStar_ who manages it.

I think this is an important point. I wouldn't want to join the YoBit campaign because of their shady history, but I also wouldn't want to join it because it it associates with me with spammers. It's only been active for a few days, and I am already starting to subconsciously gloss over/skip entirely any posts I see with their signature, because every one I read is either meaningless trash or just a rehash of a post that has already been made earlier in the thread. I haven't seen a single original thought with the Cryptotalk signature underneath it. I wouldn't want to apply that signature to my own account, regardless of pay, as I know people would start ignoring my posts too.

No, it couldn't.

The difficultly only adjusts once every two weeks. We would expect the next difficulty adjustment to be in about 10 days. If a significant proportion of the hashrate suddenly disappeared for whatever reason, then we would be mining against a higher difficulty than we should be for the next 10 days, and therefore would expect the average block time to increase significantly. The 2 hours following the delayed block contained 14 blocks, so actually above average, and the last 2 hours contained 13 blocks, so also above average. In short, there has been no significant change in the hashrate over the last 24 hours.

I'm making no comment on whether that video was real, and whether a mining farm did actually burn down, but the network has been largely unaffected by it if it did happen. The 2 hour block time was random variance, nothing more.

Sure, but that doesn't mean they have to implement the KYC at the same time they announce it.

No court order says "Implement KYC TODAY or you will be shut down". They could quite easily give a grace period of a couple of weeks. They could suspend accounts from deposits, buys, sells, trades, etc., until they have completed KYC, but still allow them to withdraw whatever they have already deposited. They could freeze their entire exchange for 2 weeks whilst still allowing withdrawals, and then implement the KYC requirements. They also must have known this was coming. Their first contact from the government definitely wasn't "KYC or shutdown". There would have been correspondence leading up to this, and they would have anticipated this was going to happen. To give their customers absolutely zero warning and just say "your information or your coins" is pretty much theft.

As always, don't store your coins on an exchange.

True, but people also don't usually leave their device unsupervised in the hands of another person. I'm struggling to think of any time that that regularly happens outside of leaving your phone at a repair shop. And if you are handing your phone over to a stranger for a number of hours, then restarting it after you get it back is the very least of what you should be doing. The one time I put a phone in to have the screen repaired, I backed up all my data to my desktop, pulled the SD card and SIM, wiped the internal storage, factory reset it, and then filled the internal storage with junk data to overwrite everything that was on there. Once I got it back, I factory reset it again.

I appreciate I am a far more security conscious/careful/paranoid person than the general population, but restarting your phone should really be the bare minimum.