These are not conflicting statements.

Lawyers and Senators have both spoken out against the bill in question because the wording is too vague and could be argued to apply to nodes and miners. Until it is actually tested in court and a precedent is set, we don't know which way it will go. This is a very simple concept, and something which happens all the time. I suspect you are deliberately trying to obfuscate this to fit your agenda.

---

Locking this topic now as above. If anyone actually wants to discuss BOLT12 v LNURL, then I would suggest opening a thread in Dev & Tech where franky1 can't derail it with his endless nonsense.

Seems like that is indeed what Matt is advocating for: https://nitter.net/TheBlueMatt/status/1632510518949990401#m

Should we all be pushing for BOLT12 over LNURL as well if the privacy implications of LNURL are so severe?

We've been through this discussion with franky1 before. You can read my posts on the topic here and here. You can see how trivial it would be for the government to argue that a Lightning node (or a regular node, or a miner) falls under the definition of "any person who (for consideration) is responsible for regularly providing any service effectuating transfers of digital assets on behalf of another person."

I have no doubt franky1 will rant some more about how I am wrong, but the fact is that multiple CEOs of crypto businesses, multiple lawyers, and multiple representatives in both houses in the US agree with what I have said above and have spoken out against this bill for this exact reason.

---

I initially posted this thread in Dev & Tech, which as we all know franky1 is banned from for this exact reason. Unfortunately a mod moved it to Bitcoin Discussion, and franky1 has wasted no time in derailing it with his usual anti-Lightning rants. Since it is not self moderated, if it continues to be derailed with the same old provably false nonsense, I will simply lock it.

Well, maybe. Of all the crypto in existence, we only actually need bitcoin (and probably Monero), with >99% of altcoins being centralized, scams, or some combination of both. Because bitcoin is open source, decentralized, and run entirely peer to peer, it is impossible for a government or other entity to shut it down. Bisq is the same. It is open source, completely decentralized, and run entirely peer to peer. Just like bitcoin, you download and run the software on your local machine. There is no centralized website or server which can be targeted and shutdown. If we can rely only on bitcoin for our decentralized currency, then no reason we cannot rely only on Bisq as our decentralized exchange.

Having said that, there are still plenty of alternatives, it's just that none of the alternatives are quite as good as Bisq.

If you click on any individual exchange it gives you a breakdown of their characteristics, including whether or not they are open source.

That's not how it works.

It is the words themselves, not the bit string they represent, which is fed in to PBKDF2 in order to generate your seed number, master keys, and entire wallet. Translating the words will result in an entirely different wallet being generated, even if the words represent the same underlying entropy.

You can try this yourself in Ian Coleman. Open it up and generate a seed phrase in any language. Then click "Show entropy details". Then choose a different language. It will "translate" your seed phrase while keeping the same word index numbers, but the resulting keys and addresses will be completely different.

This won't achieve anything. If you try to send to an invalid address, the network will already reject your transaction. And if you are sending to a valid but malicious address, then simply checking the address exists won't save you.

Vanity generators can brute force 6 characters very easily. You should double check the entire address.

There exists malware which can alter the contents of a QR code. You should still double check everything manually.

Then either use your hardware wallet with Electrum and not with their native software, or buy a bitcoin only hardware wallet.

The terms P2P and middleman are mutually exclusive. You cannot trade peer to peer if there is a middleman. By definition, you are no longer trading peer to peer, but peer to middleman and vice versa.

Binance P2P is not peer to peer. It is a centralized exchangile lying to you to make profit.

Another centralized exchange which is not peer to peer. Centralized servers, centralized wallets, centralized KYC collection.

I don't think it is unclear at all. Peer to peer. Easy. If there is a middleman, then it isn't peer to peer. The issue here is people believe the lies of centralized exchanges, who only care about lining their own pockets at your expense.

The users. There is no need for someone else to secure the funds if the funds never leave the custody of the individuals involved in the trade.

So... Bisq?

It is highly recommend not to use a local wordlist since the majority of wallets only support the English wordlist.

This is another drawback of BIP39, in that you must know the wordlist used. Electrum seeds can be used with an unknown wordlist.

The weaknesses shown by Electrum were apparent before the creation of BIP39. The developers of BIP39 decided they were not severe enough to need addressed, but now we frequently see users unable to track down their wallets due to unknown derivation paths or script types.

And now that BIP39 is so ubiquitous, they cannot address them without introducing an entire new seed phrase system which would be incompatible with existing seed phrases.

Ahh yes, I misunderstood. I thought you were saying such apps didn't require camera access, rather than such apps are not open source.

But yes, I agree. Even if you decide you trust the Google apps which are bundled with Android (which is insane given their consistent history of invading your privacy and harvesting your data at every level), the amount of third party bloatware on most new phones is staggering. And as I said above, while the average user can uninstall some of it, much of it cannot be removed without root access.

It's one of the reasons why I dislike using phones for any serious money, and the fact that it is significantly harder, if not impossible, to truly airgap a phone. There is no doubt that OP's friend would achieve better security with an airgapped computer running a live OS, but if a phone is the only option, then it makes sense to cover the cameras.

No mention of Binance having access to Binance.US's bank accounts, and moving $400 million of Binance.US's money to another company owned by CZ. And no mention of the bank which operates this account (and many other centralized exchange bank accounts) - Silvergate - posting huge operational losses, its stock price tanking, and it warning regulators that it might not survive the next few months.

Nope, nothing to see here. Everything is clearly just fine!

If you are making this assumption, then OP's scheme adds absolutely nothing of benefit. And if you assume the opposite, that the original seed phrase was not generated securely, then as I explained above OP's scheme is grossly insufficient to make any difference and again brings no benefit.

Either way, his suggestion should not be used. If he has generated a seed phrase securely then great, use it. If he has doubts as to whether his seed phrase was generated securely, then tinkering around the edges like this is dangerous and he should instead discard it entirely and find a new method of generating a secure seed phrase from scratch, such as by flipping a coin.

If you think your government will start criminalizing people for running Lightning nodes, what makes you think they won't start criminalizing people for running regular nodes or for mining?

If I am a routing Lightning node, then all I am doing is updating the balances of my channels with my immediate connections. If you think that is going to be made illegal, then why would verifying and broadcasting "blacklisted" transactions or mining said transactions in to a block not also be made illegal?

Is your usual anti-lightning bias just clouding your thought process? Or are you just back to your usual nonsense of everyone being a good little citizen and doing exactly what your government tells you at all times, because as we all know, governments have never acted against the interests of the individual.

I assume the alternative would be BOLT12, which does not require hosting your own server and includes blinded paths and onion messaging over Lightning, which I understand means that payments can be anonymous and therefore impossible to block based on IP or country of origin.

But yes, I agree a far better way to go about things would be to encourage the use of BOLT12 rather than share details on how LNURL users can censor other users.

The bottom line is that we just don't know yet. The definition of a money services business (at least in the US) is so deliberately vague that it could absolutely apply to Lightning nodes if the government or other law makers want it to, just as it could apply to regular nodes or miners if the government want it to. None of this has been tested in court, so until either it is tested in court or some new clarifying legislation is passed, we don't know which way things will go.

What an absolutely nonsense article. "Decentralization isn't for everyone"? Well why are you using bitcoin at all when you can just use centralized fiat? And then it says that Bisq is risky because people lose money through DeFi, like Bisq has anything at all to do with the scam that is DeFi.

Both the number of users who have lost money and the total amount of money lost due to centralized exchanges scamming, disappearing, going bankrupt, etc. absolutely eclipses what has been lost via true DEXs.

The escrow is a 2-of-2 multi-sig between buyer and seller. There is no third party involved and Bisq never have control over your coins.

As with every statement from Binance or CZ, this is pure marketing aimed at increasing their own profits and nothing else. It is also a lie, but Binance are well known to outright lie and scam their users in order to make more profits, so no real surprises there.

Binance P2P is not peer to peer. It is peer to Binance and Binance to peer. Binance is a (un)trusted middle man, who has complete control over your trade, can spy on everything you do, takes custody of your coins, and can censor your transactions. You have zero security, zero privacy, and zero sovereignty. Literally the only thing that is different to regular Binance is the way in which your buy or sell order is matched up. If some regulator decides that they want Binance to shut down their P2P platform, they will do it in a heartbeat, and good luck getting back any coins you have on the platform at the time.

If you actually want to trade peer to peer and stop middlemen from arbitrarily preventing your trades or seizing your coins, then use an actually peer to peer exchange like Bisq or AgoraDesk. Binance P2P is a scam.

Yes. Those warnings are telling you that although the signatures for the file are valid for the keys you have imported, you haven't signed the keys using your own key to tell your computer that you trust these keys are accurate and actually belong to the relevant users (ThomasV, Emzy, SomberNight).

This step is not necessary and you can safely ignore these warnings and install Electrum from the file you have. Alternatively, if you wish to sign the keys, you can do so using the following command:

Once you have signed them, repeat the verification process and those additional warnings will have disappeared.

If you want to verify the other two signatures as well, then you can download Emzy.asc and sombernight_releasekey.asc from here: https://github.com/spesmilo/electrum/tree/master/pubkeys
Import them as per Abdussamad's instructions above, and then verify the file again.

I can also confirm that the three public keys in your verification match the three public keys I have.

Once you scan the QR code with your airgapped Android Electrum, it loads the transaction on your screen so you can see the addresses, amounts, fee, and so on, so you can easily double check what you have scanned before you sign it. Similarly, you can do the same thing when you scan the QR code of your now signed transaction to be able to double check what you are about to broadcast. You could even just scan the QR code of the signed transaction and decode it immediately, manually double check the decoded transaction, and then broadcast it via your own node or somewhere like https://mempool.space/tx/push.

It depends how you are defining a brain wallet. If I use a proper source of entropy such as Electrum pulling on /dev/urandom to generate a seed phrase, and then memorize that seed phrase, then technically that is a brain wallet which is completely secure against brute forcing (although still very fragile and at very high risk of loss, as is anything memorized). If you define brain wallet in the classical sense of I picked a string and then hashed it to generate a private key, then that will almost never be secure since the human brain cannot be random and will not pick a string with sufficient entropy.

I was under the impression that Chaincase never got out of beta and has now been shut down entirely: https://chaincase.app/words/sunset-ios-testflight-beta-export-guide

And that's without even touching on Wasabi's mixing of toxic change with coinjoined outputs, defeating the entire purpose in the first place.

Either.

You would probably be wrong here. Most phones come with a ton of bloatware, not just from Google, but from the phone manufacturer and bunch of their third party buddies who pay to get their bloatware on to your device. Some of this bloatware can be uninstalled, but much cannot without rooting your phone, which most people don't do. Open your phone settings and go to the permissions section and see just how many apps want access to your camera. I think you'd be surprised. Next time you have your hands on a brand new phone, do the same thing. I would expect at least a dozen pieces of software wanting access to your camera, and those are only the ones the OS is showing you, never mind all the hidden system apps and software.

Easily done with Electrum on Android - import an unsigned transaction via QR code, sign it, then display a QR code for export.