Marketing, mostly. Objectively it is terrible. Poor security, multiple hacks, zero privacy, works with blockchain analysis, outrageous fees, has actively scammed some users, the list is endless.

Amazon is objectively terrible, but continue to be one of the biggest companies in the world. Companies like Apple and Nestle have been busted multiple times for literal slave labor, and yet continue to be some of the biggest companies in the world. This is not unique to crypto by any means.

You can see a table of recommend penalties here: https://bisq.wiki/Table_of_penalties

Nothing is set in stone, though. If you mutually agree to cancel a trade and both agree with the mediator that neither party will be punished, then you can both get back 100% of your deposit.

This document provides a good summary of ongoing US sanctions against other nations (in particular, from the bottom of page 3): https://www.nortonrosefulbright.com/-/media/files/nrf/nrfweb/knowledge-pdfs/220606-overview-of-us-sanctions-laws-and-regulations.pdf
For full details you can use this site: https://home.treasury.gov/policy-issues/financial-sanctions/sanctions-programs-and-country-information

Although if you click through all the links in the sidebar of the above link and take a look at the SDN and non-SDN lists, you can rapidly see just how impossible it would be for a Lightning node operator to comply with it all.

If bitcoin is going to be forced in to submitting to the rules and control of whatever government happens to be the most powerful at the time, then is it really any better than fiat? If the US government decided all bitcoin must only be held in wallets under their control with full KYC (i.e. a bank), do all US citizens just roll over and say "Well OK then, I don't want to risk a fine."?

Absolutely. Which is part of what makes bitcoin so powerful. We absolutely cannot lose that.

No, he is making a statement against LNURL. As I pointed out above, he isn't actually pro-censorship.

If you keep that much in a hot wallet, then its up to you to figure out how you want to leave it to your heirs. Simply telling your spouse about the location of your seed phrase back up would be my preference, but I also don't keep that much money in a hot wallet. I treat a hot wallet as I treat physical cash in my physical wallet, and I certainly don't wander around with thousands of dollars of cash in my pocket.

I have a variety of hardware wallets used for a variety of different reasons. Some single-sig, some multi-sig, some decoys, some are empty, etc.

I'm not arguing that you should be showing off your bitcoin to entice someone to marry you, but rather you probably shouldn't be basing your entire marriage on lies and secrecy from your spouse.

No, but it could record his hand written seed phrase. No reason to take the risk when the solution is so trivial.

No, you can't. Ideally the phone is either destroyed or remains permanently airgapped from now on (although I am of the belief that without physically opening the phone and removing the necessary hardware a phone is never truly airgapped). However, that does not appear to be an option here, just as the additional steps proposed by Welsh (such as writing over the SD card with junk data from /dev/urandom or accessing the recovery partition) are also not an option here, since there is no computer involved.

As I said above, if OP's friend has a single phone and nothing else, then "this is probably the best he can realistically achieve".

It's fairly clear he dislikes LNURL and wants people to use other solutions instead, but advocating censorship on LNURL is not the right way to go about expressing that.

If one government can force all its citizen to start censoring other bitcoin users with threats of fines or prison time, then any government can do the same.

Fair point. It's not a new problem for the average user who gives up their privacy, security, and sovereignty to sign up to a centralized exchange, but it's quite a different thing for a Core dev to publicly tweet instructions on how users can start censoring each other.

It's not possible to double spend someone else's transaction, but it is possible for miners to simply refuse to include any transactions they deem "blacklisted". There have been a couple of short lived attempts of mining pools doing this in the past, but unless such mining pools achieve 51% of the hashrate, they are powerless to stop other mining pools from picking up and mining these transactions which they are choosing to censor. And any individual miner with any shred of decency will not continue to mine for any pools which supports censorship.

I agree with you, but most people don't. Most people have no interest in understanding that fiat banking is a giant scam - all they want is to type in their PIN and make the transaction. Most people have no interest in understanding the basics about car maintenance - they are quite happy to fork out a hundred bucks for a simple issue they could fix themselves at home in 15 minutes. Most people have no interest in understanding how to read the mempool or how to use RBF - they just want to make their transaction and be done with it.

I do of course think it is worthwhile learning about change addresses, RBF, proper wallet management, proper fee selection, and so on. But that is not the discussion at hand. The discussion at hand is how to make bitcoin as simple as possible. And just as I can use a credit card without understanding the fees involved, the clearing process, the settlement process, and so on, someone can make a bitcoin transaction without understanding the fees involved, RBF, change addresses, and so on.

It's not the best method by any means, but it is certainly as simple as it can get. Paste an address, type in an amount, pay.

So what next? All node operators should start blacklisting IP addresses from these countries to stop receiving transactions from them? In fact, don't run a node at all in case you accidentally process some illegal transaction? Since when did we start censoring ourselves and our fellow bitcoin users in order to appease the whims of national governments?

This is not the way. And to anyone affected by this, you can of course use Tor to bypass such stupidity.

Edit: Just to be clear, Matt isn't actually pro-censorship. He is making a statement against LNURL, but in a very poor way in my opinion. Even if you think LNURL is awful, using a position of influence to post instructions on how to censor people is a poor way to go about it, especially when so many people now assume this is his real position.

Which makes no difference to the miner. It doesn't matter if I set my time stamp to 1 hour ago, right now, or 1 hour in the future. I cannot know what difference doing that will make to how much work I need to do to solve the block, and the average amount of work needed will be exactly the same. In fact, miners frequently do increment the timestamp allowing them to then reset the nonce and extraNonce fields.

Only if the timestamp fell outside of the allowed window, which is between the median timestamp of the last 11 blocks (plus one second) in the past, to 2 hours in the future based on the adjusted network time. This gives an average window of 3 hours in which the timestamp can fall.

If you don't trust the seed being generated by your hardware wallet, then changing one (or two, if you include the checksum) words is utterly meaningless. At best, you are introducing 18.5 new bits of entropy (11 bits for the word you change, 3 bits for the checksum word, 4.5 bits for picking one of the 23 non-checksum words to change at random). 18.5 bits of entropy is trivial to brute force. If someone knew your seed phrase, which is the assumption we are working on since you do not trust it, they could break your system in a few seconds.

If you don't trust electronic seed generation, then the best alternative will be to use a physical source of entropy. A single coin is the best option here, since dice introduce a larger bias which is harder to control. Flip a coin 256 times and write down "1" for heads and "0" for tails, or vice versa. If you want to be extra safe, then use a von Neumann debiasing approach to remove any bias from your coin (although you will now end up flipping the coin on average 1024 times instead). Once you have 256 bits of entropy, use an open source tool such as this one to turn it in to a seed phrase: https://bitcointalk.org/index.php?topic=5373505

Although the question remains that if you do not trust your hardware, where and how are you going to import this seed phrase in order to generate a wallet?

Yes.

You sound confused about how blocks are constructed.

When you broadcast a transaction to a node, the node verifies it, adds it to its mempool of unconfirmed transactions, and broadcasts it to other nodes. The other nodes repeat this process, until your transaction has spread throughout the network and most/all nodes have it in their individual mempools. A miner who is trying to mine the next block will pull a selection of transactions from the mempool of their node(s). They will organize these transactions in to a block, which is called a candidate block. Then they will attempt to mine this candidate block by constantly incrementing the nonce and extraNonce fields and checking whether the resulting hash meets the target or not.

So, before mining a block, a miner has already constructed the block they are trying to mine, which includes all the transaction inside it. If they are successful in finding a solution, they cannot change any of the transactions inside the block, or else that will invalidate their solution and they will be back at square one. It's not a case of mining a block and then "instantly broadcasting" transactions to that block, as you suggest, but rather constructing the block in advance, and then attempting to mine it.

And so it is easy to see how they can include their own transaction in a block. When pulling a selection of transactions from the mempool to build their candidate block, they can easily just add in one or more of their own transactions. Once they've built the candidate block, they'll attempt to mine it, and if successful, it will include their own transactions.

Yes, many: https://kycnot.me/

They promote their centralized shitcoins, while making bitcoin harder for people to own and use by charging frankly outrageous withdrawal fees and pocketing 99% of said fees as pure profit.

Again, there are plenty of better alternatives which don't deliberately fudge the numbers to make themselves number one.

There will be a short term blip only. Bitcoin would be stronger long term for not having such a centralized entity having so much control over the wider space.

You don't need to explain most of those things. A person does not need to know what a change address is - a good wallet will take care of this for them. They should have some awareness of the fee, but again, a good wallet will pick an appropriate fee. They definitely don't need to know what RBF is, and many people still don't. Sure, it is good to learn about all these things, but if you are looking to keep things as simple as possible then they are not absolutely necessary in order to make a transaction. Paste in an address, double check it, choose how much you want to send, confirm. That's all that is absolutely necessary in order to make a transaction.

There are a couple of merchants I use who offer a discount of a few percent (the highest goes up to 10%) for paying with bitcoin, presumably exactly because they can avoid the credit card company taking a cut of every transaction.

Generally speaking, I use a self-hosted password manager for most of my online passwords. For passwords to encrypted drives I use paper back ups, much as I do with seed phrases. Since I use full disk encryption on everything, for my daily access drives I also have the passwords in memory since I enter them several times a day more-or-less every day, but I still have paper back ups.

It is indeed. LUKS is already integrated in to every major Linux distro, and is what I use for whole disk encryption.

I do agree with Welsh, though. My bitcoin wallet back ups are largely non-digital.

That's a good suggestion, but I would also caution anyone on the receiving end of such a proposal. If someone approaches you on social media and says "Hey, sign up for this site and we can trade there", be very careful that you are not being scammed. Not only with an entirely fake exchange, but also with a fake site mimicking a real exchange. If you are in any doubt, ask on this forum first.

Which doesn't really make sense, though. If you want to trade peer to peer, then you can pick a platform like Binance, which requires KYC, requires giving up custody of your coins to Binance's central wallet, has zero privacy, has zero security, can leak your data at any time, and can freeze your account and seize your coins at any time. Or you can pick a platform like Bisq, which requires no KYC, has maximum privacy, has no risk of data being leaked, your coins remain under your control, and they cannot freeze or seize anything. I cannot see a single reason you would choose Binance (or any other centralized not-really-peer-to-peer-at-all platform).

It is always a balance between security, risk, and convenience.

If you set up a system which only requires access to (a), then you can duplicate (a) across multiple sites and mediums, meaning it will be very resistant to accidental loss. However, it will be poorly resistant to theft, since an attacker only has to recover one of your several back ups in order to access your wallet.

Conversely, a system which requires access to (a) AND (b) AND (c) is very resistant to theft, but poorly resistant to loss. You can make it more resistant to loss by having two or even three copies of each part, but then that becomes more and more inconvenient to find different secure places to store 6 or even 9 separate pieces of your back up.

A few general comments about your various proposals: First, your memory is never safe and never reliable, for the reasons in my post Plaguedeath has quoted above. You should never rely on memorizing your seed phrase. Secondly, any system where all your back ups are stored in the same location as your wallets themselves (such as having both your hardware device and your paper back ups all stored in your house) is very poorly resistant to loss, since a single accident, natural event, fire, etc., can destroy both. You need offsite back up.

While true, this does absolutely nothing to protect all the users who have already used that company or entity - it simply stops future users from falling victim to the same scan.

It is quite interesting that just a couple of weeks after I made that post, a highly trusted and respected user on this forum - yogg - did exactly what I said here and stole the coins from a whole bunch of collectibles he had made and secretly kept the private keys for.

It's not just an issue of seeing the current price, but then you need to make another bitcoin transaction. If there is internet, then we don't need to use physical bitcoin at all. If there isn't internet, then the merchant will need to have a physical bitcoin with the exact denomination already pre-loaded, and then the whole issue of trust comes back in to play yet again.

Except zkSNACKs are paying one or more blockchain analysis companies to investigate each input as much as possible and link that input to as much third party data as possible to then tell them whether or not they should censor it.

Your argument can't honestly be "Well, yes we are censoring you, and yes we are working with blockchain analysis to spy on you, but we aren't spying on you too much!"

By paying blockchain analysis firms zkSNACKs, and by extension Wasabi, are directly supporting the notion that some coins are tainted and that bitcoin is non-fungible. This is a direct attack on bitcoin itself.

Sounds like whoever created the site you are using is trying to scam people by spitting out pre-generated addresses regardless of what string you enter to be hashed.

As pooya87 says, it's a bug on blockchair. You can enter any checksum and it will still find the corresponding BCH address with the correct checksum listed as "Legacy address format", while showing an empty (and invalid) bitcoin address.

If this is true, then someone else has followed these exact steps before to generate that address and send coins to it. The only other option is that you have stumbled across the world's first RIPEMD160 or SHA256 collision, which is exceedingly unlikely.

No, it isn't. Even in a normally generated address, knowledge of SHA256(pubkey) or RIPEMD160(SHA256(pubkey)) (or indeed, just the raw pubkey itself) is not enough to derive the private key.

You cannot find the private key. There is no link between the private key of the actual address and the address you ended up with by performing RIPEMD160(SHA256(address)).

Further, it is incredibly unlikely that by performing RIPEMD160(SHA256(anything)) that you end up with an address which is already funded, unless you are deliberately reusing a string (which should be a public key) someone else has already used. I suspect there is something else going on here.