For whatever reason best known to ledger, and hard to comprehend for users, ledger live app is transmitting information about.. Newsflash: So is almost every piece of software on your computer. Do you use Windows or iOS? Then your OS is transmitting all that data and more to Microsoft/Apple and a ton of third parties. Do you use Chrome or any browser based on Chromium (i.e. anything except Tor, Firefox, or one of its forks)? Then your browser is transmitting all that data and more to Google and a ton of third parties. You can also use Metamask + Ledger for ethereum. Here's a great example. Let's take a look at Metamask's privacy policy: Information we collect from you may include:
Identity information, such as your first name, last name, username or similar identifier, title, date of birth and gender;
Contact information, such as your postal address, email address and telephone number;
Profile information, such as your username and password, interests, preferences, feedback and survey responses;
Feedback and correspondence, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with Service, receive customer support or otherwise correspond with us;
Financial information, such as your credit card or other payment card details;
Transaction information, such details about purchases you make through the Service and billing details;
Usage information, such as information about how you use the Service and interact with us;
Marketing information, such as your preferences for receiving marketing communications and details about how you engage with them;
Financial information, such as bank account number and bank routing number; financial assets holdings; and
Technical information, such as your Ethereum wallet address, application programming interface (API)-key and network information regarding transactions. So Metamask collects literally everything. Not exactly a good recommendation. Since the seed extraction "feature", everyone should have abandoned their Ledger devices a long time ago. But when it comes to privacy, Ledger Live is only as bad as most other software out there. If you aren't using Linux + Firefox/Tor + your own node, then Ledger Live isn't any worse than the rest of your device. |
|
|
|
And it's trivial to connect your own node with Trezor Suite via Electrum server to gain even more privacy. And it's trivial to connect a Ledger device to Electrum or Sparrow via your own node and avoid Ledger Live entirely. But the default position for using both Ledger and Trezor devices is to depend on their respective servers, and therefore they can see all your addresses, balances, and transactions. Nothing in Trezor is going to track when you view a section of the screen, like it does with ledger live. From Trezor themselves: When enabled, purely functional data about how the app is used will be collected and analyzed to find defects and inefficiencies. With explicit consent, both web and desktop applications may collect anonymous data such as user interactions with app functions, errors, hardware specifications and app response times. This sounds very similar to what the linked user above is claiming about Ledger. And don't forget Trezor supported AOPP and are still supporting blockchain analysis via Wasabi, so they don't exactly have an amazing reputation when it comes to privacy. Ledger are obviously a joke now, but that doesn't mean Trezor are automatically much better. If you want actual privacy from your hardware wallet, then you need a permanently airgapped device and your own node. Anything else can be surveilled. |
|
|
|
Using multisig wallet as an extra layer of security is not necessary and may only make things more complicated. It depends entirely on your threat model. It's maybe not necessary for you, or indeed for many people, but for some people it is exactly what they need. If the basic security of Bitcoin is not enough to keep the funds safe, we would have heard a news of many investors who hold Bitcoin from around 2010 to 2015 that have been hacked. Of course, but that has nothing to do with multi-sig. Multi-sig removes a single point of failure and adds redundancy to your back ups. It does nothing to the underlying security of the secp256k1 curve, which is of course plenty secure. This is pure speculation. |
|
|
|
Your Ledger device and Ledger Live were not compromised. Apart from the fact all Ledger devices are already compromised by their seed extraction "feature".  There is a potential risk to the funds stored in the #Ledger if they interact with #dApps using this compromised library. There is a real risk to the funds stored in the #Ledger if they are connected to a computer, since we might extract your seed phrase. There. Fixed. Obviously this devices are totally on different levels. None of what you said changes the fact that if you sync your Trezor via Trezor's servers by using Trezor Suite, then of course they can harvest all your data. If you aren't using your own node, then you are using someone else's, and the owner of that node can see every address and transaction you are interested in. |
|
|
|
You can just write it in different papers like 4 and laminate them and keep them in different locations. Bad idea. You have zero redundancy in such a set up, and if you lose one back up you cannot recover the data stored on it. Thankfully your proposal is so insecure that the data could be trivially brute forced. All in all, a bad solution. If you are willing to have four back ups, then either use a seed phrase with passphrase with two back ups of each, or use a 3-of-4 multi-sig. With both you can lose a back up with no consequences, they are resistant to brute forcing, and you are far less likely to lock yourself out of your wallet. |
|
|
|
-snip- This really shouldn't be news to anyone who owns a Ledger device. The same is true for any hardware wallet which you use through that company's centralized servers. In order to show your balances, it must query your addresses somewhere. If it isn't using your own node, then it is using someone else's node, and that node runner (in this case Ledger) will know exactly what you are querying, and therefore will know all your addresses, balances, and transactions. The same is true for example Trezor and Trezor Suite. This is clearly spelled out in their Privacy Policy, which everyone has read, right? Right!?  Use of Ledger Live
Device session identifier, IP address*, clicks, actions (e.g. launching the application, use of transactional functionalities, pages viewed), properties (e.g. type, version, language and region recorded for your operating system), currency, time stamp, amount and status of transactions, transaction identifier, identifier used by our partners to identify you (when you use their services) If you want to avoid this then use a permanently airgapped hardware wallet, and use it with non-proprietary open source software such as Electrum or Sparrow pointed exclusively at your own node. |
|
|
|
I have shared both simple and complex methods. The simple one adds zero security and is trivial to brute force, while the complex one adds minimal security while greatly increasing the chance that you accidentally lock yourself out of your wallet. I have lost track of the number of posts on this forum of people who have come up with their own back up method or their own "encryption" scheme (what you have done is not encryption, by the way), and locked themselves out of their wallets. It is not safe and it does not add the security you think it does. If you are worried about your seed phrase back up being found, then you have two main options: Hide it somewhere safer, or move to a system which requires the compromise of multiple back ups - either seed phrase plus passphrase, or multi-sig. Both passphrases and multi-sig are far safer and far more secure than your proposal, as well as adding more redundancy against loss and being standardized across the entire ecosystem. Why you not encrypt it using an free application? Files saved in Notepad format won't be accessible to anyone unless they know the key or password for the file. There are many free encryption tools available, such as WinRAR (there is free version) or even OpenPGP. And you've reviewed the code of these programs to ensure they are 100% foolproof? WinRAR isn't even open source, so good luck with that. And you've made sure to write junk data over the sectors of your hard drive which held the unencrypted seed phrase before you encrypted it? I doubt it. Just write it down on paper like you are supposed to. |
|
|
|
$150 today is not the same like $150 few years ago, and most hardware wallets are starting around $100 price target and up. Yeah, but most hardware wallets have a screen. This isn't even a hardware wallet, just a blind signing device. I though Jack Dorsey was a ''bitcoiner''... but than I remember never to trust what anyone say in public, especially if he was involved in big social media business. Like a lot of projects in this space, silly little things like open source, self custody, not trusting third parties, privacy, etc., are all irrelevant when it comes to making as much profit as possible. |
|
|
|
yesterday i bumped the fee too 150 sata and today i bumped it to 200 sata and also accelerated it on several places blockchain.com says the transaction is invalid. and viabtc says transaction unconfirmed. should i bump it to 250 or 300 sata? Up to you. ViaBTC's free accelerator won't work for you since the parent is unconfirmed, as I said above, and the paid accelerator will cost more than just doing what you are doing. Other free accelerators are scams that don't accelerate anything at all, they simply rebroadcast your transaction. Blockchain.com says the transaction is invalid because their node has dropped your unconfirmed parent, but that doesn't matter since most other explorers still have it. The effective fee rate of your two transactions is now 39.4 sats/vbyte, which is currently around 10 MvB from the tip of the mempool. Unfortunately for you the mempool filled up a bit over the last 24 hours. You've already been waiting a month for this to confirm though, so if it were me I would just be patient for another day or two rather than spend more money to bump the fee even more, but it's up to you. |
|
|
|
If op don't mind he can use this service to see if that would work for him as well. It won't, because the parent transaction is unconfirmed. |
|
|
|
If there is a 51% network attack on Bitcoin and we can avoid it via some code modification, would you support it or not? If we need developers to dictate which chain is the "correct" chain, rather than the network, then bitcoin has failed. You can already have this kind of centralized "developers decide" approach with the vast majority of altcoins. It will be censorship if we implement the support of blockchain analysis companies in Bitcoin network. It's not censorship to kill ordinals. In your opinion. Are we going to ignore bitcoin whitepaper? Every development in bitcoin in the last 10 years isn't mentioned in the whitepaper. If we only went on the whitepaper, we wouldn't even be using addresses, only pubkeys. Is bitcoin for everyone who want to improve privacy and independence from financial institutes or is it only for rich people? And is bitcoin for everyone who wants to use it, or is it only for people who use it in the ways that we decide are acceptable? That's the point, when the software that 98.97% of the network run does not have the option to reject these transactions we can't know how many people "hate ordinals" and how many want it. Dashjr published some code months ago which anyone could simply paste in to their copy of Core in order to start filtering out ordinal transactions from their mempool. The most likely thing is that most people do not care either way, and will simply run whatever Core implements without a second thought. |
|
|
|
|
I can see that you've replaced the CPFP transaction with a new one paying 151 sats/vbyte in fees, taking the combined fee rate for your two transactions up to 30 sats/vbyte.
That's not going to confirm within the next few hours, but if you are lucky it might confirm within the next day or two. Transactions with that fee rate confirmed at around 00.00 - 02.00 UTC the last two days.
|
|
|
|
the transaction was rejected by network rules. mandatory-script-verify-flag-failed (Script failed an OP_EQUALVERIFY operation) This is the error received when you try to sign a transaction using the wrong private key. 010000000312e9cc0a757a6ae452639fceb2115a0a1e70c362ffaf7f0ebb295a8203c7ba0c69000 0001f14c6d832064a72269bacc9885a924f395cbf15154600081c66020000000000 This makes no sense. This is not a full transaction, and it is also trying to spend an output from this transaction: https://mempool.space/tx/0cbac703825a29bb0e7fafff62c3701e0a5a11b2ce9f6352e46a7a750acce912. What exactly did you do on Coinb.in? I would go with hosseinimr93's suggestion of just using Electrum. Use one of the servers he has listed (I can confirm they all work for me and show me your transactions), and then use RBF to bump the fee of the CPFP transaction. |
|
|
|
Meaning it wouldn't make Ordinals exploit invalid, it would only make it non-standard which means it still can NOT be censorship if the community is deciding to enforce these rules on the full node they run. So if we all hate ordinals so much, then why are more people not rejecting them from their nodes? I'm sure I've seen you mention before that you reject them from your node, but you are the only person I've seen doing this until Knots. And I can see a grand total of 13 nodes running the newest version of Knots. Is the conclusion that node runners simply do not care and will just run whatever Core tells them to run? And as we've seen with full RBF, we only need a minority of nodes to accept these transactions and they will broadcast through the network and reach miners largely unhindered. |
|
|
|
|
Have you checked the Sparrow logs to see if they say what is triggering the rescan?
|
|
|
|
At this point I should ask: when block subsidy will be near zero? Near zero in BTC or near zero in fiat? I guess this block subsidy amount protection is built into Bitcoin, it was meant to work like that by design. If by the time block subsidy is say 0.0001 but Bitcoin price is $100.000.000 will miners be able to survive? That's only $10,000 per block, even at the price of $100 million. At the moment miners are earning about $250,000-$300,000 per block. And what when the subsidy is actually zero? Fees alone will sustain the network, and banning swaths of transactions which pay high fees will not be sustainable. he didn't say he could afford it. he said he would pay it. i'm sure he doesn't want to pay a high fee but that's beside the point. he believes in bitcoin so he's willing to put his money where his mouth is and support the network. that's what he's saying. This. Ordinals are spam, and I personally would prefer if they didn't exist. The high fee situation we find ourselves in is less than ideal, and I personally would prefer if fees were lower. However, I will suffer ordinals and I will pay higher fees if this is the price to keep bitcoin as freedom money and stop a small group of people censoring transactions they do not agree with. Bitcoin as a concept is far more important than the personal inconvenience of higher fees. If the fees are becoming prohibitive for normal people to use bitcoin, then we need to work on scaling, not on censorship. |
|
|
|
BTW. Why did you strip off the mixer signature, precautionary measure or what? I dropped my signature ages ago, a long time before any announcements from theymos. Because reasons. |
|
|
|
|
In terms of hardware: You will be able to find instructions or a YouTube video online for your make and model of laptop showing how to safely disassemble it. Removing hardware is the only way to ensure your laptop is truly airgapped.
In terms of the BIOS: You can always flash the BIOS with a clean version at the same time you will be installing your new OS.
In terms of Tails: It works well, but there are a few things to keep in mind. There is no persistent storage unless you configure it, meaning that when you shutdown your computer everything (including your bitcoin wallet) will be wiped, and you will have to recover from your seed phrase back up next time you want to use your wallet. Also, the version of Electrum pre-bundled with Tails is 4.0.2. If you want to use any of the features released in newer versions since then, you'll need to download and verify the standalone appimage on a different computer and transfer it to your Tails computer (and then store it in the persistent storage so you don't have to do that every single time).
|
|
|
|
Would a rescan be expected behaviour? No, it isn't, unless it was adding new addresses to your post-mix wallet. If you go to the "Addresses" tab on your post-mix wallet, you should have a huge list of dozens of unused addresses which have already been scanned and are known to be empty. Try going to your post-mix account, go to the "Settings" tab, and the click "Advanced" down the bottom. Is your wallet birthday set in the past and do you have a reasonable gap limit set? For other wallets the gap limit will be 20; for post-mix it should be several hundred at least, if not more. |
|
|
|
|
Show Posts
