"January 20th, 2020 - I placed my preorder for the Tesla Cybertruck at https://www.tesla.com/cybertruck.  It required a $100 refundable deposit that was made using USD via a debit card.  The Cybertruck that was ordered is the DUAL MOTOR AWD model (more info on the Cybertruck here).  The price was $49,900 and I opted for the FULL SELF DRIVING PACKAGE which added another $7,000 to the price of the Tesla."


I know a tree shake when I see one.
hang onto that $100 preorder!

This way you will get it pre inflation price if you don't cancel,
(its really easy to say its still 49,999 when there isn't any to sell)
I'm pretty sure when production begins the price will rise.
(they didn't adjust it during this recent inflation)
Cancelling would lose things they later decided to turn into SaaS models such as full self-driving.
hodl that shit and if you decide to pick it up in Austin swing by Waco and lemme check it out
Pictures here will suffice too!

This is a good question.

I really can't argue with that either.
But you cant.
especially considering your holding something of mine
Arnt you also forum defacto forum escrow and treasurer, things like holding other people's coins are what your known for. why yell at me trying to help?
Practice what you preach.

Long story short yes but this is notated here in tos https://1splitkey.com/#tos

"Even if we get hacked all the hackers will have is Public Key,SPLiTKEY provided partialpriv and your email address."         
"If this case scenario happens, we are not responsible for random collisions via 3rd party bruteforcing, or email phishing attempts." - I have a typo on site here.

there is also a hall of fame, this could be modified to creator's advantage. a chain of command so to speak.
there's a lot of endpoints with the data (for example finished work is on rig, server and via output email)
BUT! we also have a browser hash system that's not fully implemented yet that this can be done and at least eliminates the need for email.
Currently my product isnt designed for a circulating system. its designed for one person and one person only. the endpoint user.

We can purge what we have but as long as the source code remains closed its irrelevant as stated in the tos
Even with all this data out in the open, if you do your due diligence, you should be fine unless your social engineered.
Keep in mind my service wasn't exactly designed with creators in mind, these where going to be offline batch jobs in the initial proposal.
"We are offering a maker vouch of batch splitkey wallets up to 7 digits(or less) & 100 wallets(or less)
this vouch is contingent an endorsement of our service and an agreement of difficulty/prefix.
We highly recommend maker submit 1 pub-key per wallet in this vouch offer."
a casual user has no reason for concern, but I understand the viewpoints a creator would have.
however, our tos states what our service really is a handler for vanitysearch and a modified bitaddress.org
anyone can do this without using my service. As stated though with input we can make it happen.

this won't prevent bad acting by any means.
but it will prevent full rug sweeps at a much better success rate.
if some creators utilize this on top of their already stellar reputation it shouldnt matter even if they got 20 of their original coins back in hand.
the originator having something they issued and seeing the key isn't a bad thing if they've destroyed the keys all along.
But should be viewed from the same current viewpoint as they possibly have the keys anyways.
*edit maybe a chain of command and if it ends up back in creators hands its flagged as possibly exposed.
keep in mind, my product isnt designed for a circulating system. its designed for one person and one person only. the endpoint user.
air gapping custom jobs solves data concerns on distributed coin models.

 Well they reacted alright!!!

https://www.msn.com/en-us/news/other/google-employees-scramble-for-answers-after-layoffs-hit-long-tenured-and-recently-promoted-employees/ar-AA16B6pQ

It seems they even laid off some of the AI department as well.
I dont see how Microsoft could implement GPT without leaking tons of data through gpt.
but a gpt powered cortana sounds neat integrated in travel/scheduling and marketing and whatnot.
knowing what I know about MLLM I wouldn't trust it enough to throw it this far though.
looks like its probably time to sell alphabet.

right, but even if your creators a bad actor, keeps everything and seeks out the mints theyve done
they couldn't pull the rug on everything. just whatever they've physically intercepted.
for example your vanity coin from willi, you trusted him with this process.
now add in a factor thats more in your hands (split key generation) and you have more doubt?
lets assume he did splitkey on the vanity coin.
he might could take your funds if you sent your coin to him with your partial on a coa style ticket.
question a why would willi want it back? it was custom made to you when you ordered it.
personally, I think your coin would be fine with willi,  
as it stands right now. willi could wipe you out with or without the partials.
this process(splitkey generation) requires more trust in yourself than others.
it does add a layer of security but isn't foolproof. It's a hell of a lot better than what I see going on now.
I'm sure any creator that knows how to make keys wouldn't struggle with this concept.

vanitypool used this concept for vanity wallet bounties. its tried and true.




 

One coin at a time beats 100's, or thousands at a time like what happens now.

It gives people a fighting chance to detect it rather than hundreds of people getting their life savings stolen at once.

your forgetting 1 thing with split key generation. they are still your keys if you hold both pieces of the puzzle.

no one's custodial but the downstream owner.

therefore, colluding with a creator in this event would never yield a 100% rug sweep.

That would require destroying the hologram?
 
Or the designer keeping the partials.   

----

vs


I hope they nuked these keys.

It's not the ultimate solution but it's enough to make the effort redundant in the long run.

It's yall's call. get compromised 100's of wallets at a time, or detect foul play 1 coin at a time from "potential" bad designers.

Right now designers are sweeping entire series,
people can go for the same level of trust they have now, but with one coin at a time, if the designers honest we have nothing to worry about.

the other partial priv can go on a buyer made certificate , everyone can see it. the only one that could merge it is the creator if they kept the other partial.
but like i said everyone already uses this good faith system in letting the designer keep all the keys (hoping they nuked/airgapped ect)
at least this way it reduces breach percentage from current standing. (%100) breach possibility down to a % / MINT returned to designer odds.  so this way if they made lets say 100 coins and they ended up with 5 back in hand there's only a 5% breach possibility. 0% if they truthfully got rid of original keys.
right now everyone's banking on a pretty big 100% possibility blindly

Most of these coins come with a certificate of authentication.
instead of releasing random coins they can make preorders,
buyer provides pub key and keeps partial priv.
maker creates
 the maker issue a template that the buyer prints half key on,
 if they resell it make sure its with it.
do a handwritten chain of ownership on the back(if wanted). if the holo is damaged its spent.
the only thing is a piece of paper to keep track of that everyone will, and does.
if the maker keeps all keys and get the single coin in hand again, they "could" sweep. a single coin.

but never an entire batch.

It's better than right now. they can all sweep. period.

Multisig is too risky. disagreement.

Split key generation would be user induced error.

There's a reason I've invested so much time in the splitkey ecosphere.    It's BTCrilliant  

I believe it was designed for this very scenario.  

Other projects like VanityPool used the same concepts and have never had an event.

From JLVS Github page
https://github.com/JeanLucPons/VanitySearch#generate-a-vanity-address-for-a-third-party-using-split-key

Generate a vanity address for a third party using split-key
It is possible to generate a vanity address for a third party in a safe manner using split-key.
For instance, Alice wants a nice prefix but does not have CPU power. Bob has the requested CPU power but cannot know the private key of Alice, Alice has to use a split-key.
*Added Or a Customer wants to buy a physical but doesn't want the issuing company knowing the key!

Step 1
Alice generates a key pair on her computer then send the generated public key and the wanted prefix to Bob. It can be done by email, nothing is secret. Nevertheless, Alice has to keep safely the private key and not expose it.

Note: The key pair is a standard SecpK1 key pair and can be generated with a third party software.

Step 2
Bob runs VanitySearch using the Alice's public key and the wanted prefix.

It generates a keyinfo.txt file containing the partial private key.

Bob sends back this file to Alice. It can also be done by email. The partial private key does not allow anyone to guess the final Alice's private key.

Step 3
Alice can then reconstructs the final private key using her private key (the one generated in step 1) and the keyinfo.txt from Bob.

How it works
Basically the -sp (start public key) adds the specified starting public key (let's call it Q) to the starting keys of each threads. That means that when you search (using -sp), you do not search for addr(k.G) but for addr(kpart.G+Q) where k is the private key in the first case and kpart the "partial private key" in the second case. G is the SecpK1 generator point.
Then the requester can reconstruct the final private key by doing kpart+ksecret (mod n) where kpart is the partial private key found by the searcher and ksecret is the private key of Q (Q=ksecret.G). This is the purpose of the -rp option.
The searcher has found a match for addr(kpart.G+ksecret.G) without knowing ksecret so the requester has the wanted address addr(kpart.G+Q) and the corresponding private key kpart+ksecret (mod n). The searcher is not able to guess this final private key because he doesn't know ksecret (he knows only Q).

Note: This explanation is simplified, it does not take care of symmetry and endomorphism optimizations but the idea is the same.




You guys can reinvent the wheel or overcomplicate things all you want but this is the cheap effective solution. no complicated signature chains , no more trust in the other person or makers.
just make a system based on split key generation. Anything else you can conjure up will be cost prohibitive or overthinking authoritative measures.


It's been done before on physicals. Not exactly as described but the groundworks all here
40mm x 3mm 30g Bitcoin Coin (loadable and customizable coin)

There's different variations on the s19 wattage

when your looking for one use a calculator like this https://www.coinwarz.com/mining/bitcoin/calculator to determine stuff.

Keep in mind whatever numbers you audit on purchase probably won't be the same as when the unit arrives.

Be careful when purchasing anywhere not just here.

Use escrow if you buy here. Validate said escrow among your peers.

Do your due diligence and research your potential seller so you dont get scammed. For example, if an eBay seller has a deal that's too good to be true, it probably is.

Want to save a lot of time? Just Buy BTC.

This seems like commemorative moment.
Would be neat to see a bunch of stuff minted/burned or whatever on this block.

Hey guys in regards to recent events with coldkey sweeping funded wallets,
 I proposed this app's (VanitySearch) split key feature for makers. (and of course https://1splitkey.com service that's built off of it. because that's why I made it to simplify it.)
This notion seems to be rejected when I propose it, and these guys are proposing less than ideal solutions, ignoring this likely due to it being "Me" that proposed it.
This kind of makes me feel some type of way about the community in general.
https://bitcointalk.org/index.php?topic=5387113.msg61631653


However I see this as a potential opportunity to shutdown my free service and release the sourcecode and walk away from the project.
In all likelihood this is the only way 1splitkey will be utilized.
I have restraints about the implications of repurposing splitkeys backend. which contains tesla agents and things of that nature for client control and server communications.
They are used in a manner that's obvious the same way client side gpu miners are set up.

Should I take one for the team and release the SC for the good of the physical's community?

If I do this, I'll be shutting 1SK down as it will even be harder to fight bad actors.
 
I'll let you guys decide. I dont want to see all the sweat equity from this just get brushed off, it's a beautiful system that's currently just toiling in obscurity.

This is the in-your-face solution. When I posted this the topic died.
It's not about "My" service it's about the process.
There's no exploiting this.
Anything outside of this is just prolonging the inevitable.
Here's how it works to the uninitiated.

https://github.com/JeanLucPons/VanitySearch#generate-a-vanity-address-for-a-third-party-using-split-key



With this process a maker could compromise 1 coin at a time, not the entire batch. this would be a rare situation as well.

Anyone notice in the last few weeks if google works a lot better like the glory days?
I have a feeling that OpenAI partnering with Microsoft sealed all these guys fate with the whole AdWords things.
I remember ~10 years ago google actually worked as long ask your keywording was good.
they slowly changed that to a surf for the answer motto and ruined a great product.
I'm sure everyone at alphabets scrambling right now to fight fire with fire.
GPT also showed how bogus search engines have really gotten.

Davinci-003 has been posting here for a while. Ive tagged a few.
I didn't know what they were at the time, but I definitely knew they were bots.
Now I have enough experience with the api's and stuff I can spot some of it and know its origins.
One thing I've learned about GPT is its worded timelines are pretty easy to spot,
It seems to be the only logic GPT has is parsing up a timeline of events.
common example's.
At first, first of all, initially, additionally, in conclusion, finally.
If it's not primed or prompted it almost always utilizes this verbiage to arrange sentence, paragraph and article structure as a timeline.

2023 is going to be a hard year for some, I fear this is a sign of things to come.
Crime rates are rising are rising around me too and showing the signs.
Do we make a group decision on how makers/creators should proceed with keys?
 Can we?

@LoyceV I re-read your post.

creator could have all data provided by the customer. pubkey

creator then generates wallet, now they have wallet address and the half the 1/2 privkey under holo.

but that one key half that the client keeps is your chain of logistics. A COA if you will.

If you want to auth, you have to destroy it the coin's holo. 

There would be no point in keeping a key as it would be a stalemate like multi-sig escrow situations.

The "paper" key half and the intact coin with the wallet visible and the other half the key under the holo from OEM.

The only way bad acting can occur is if OEM/issuer got coin in hands again with a COA original purchaser issued and resold it.

(They have seen the "COA" now and have the other half of the key or possibility of having them stashed away)

Then an intercept scenario could occur so a situation such as this should just be treated as a zero day of the right off the rip,

 just like it should be now and isnt. So with that being said, this creates a new layer of security at least from OEM issuer fraud in bulk scenarios.


This isn't a new or foreign concept at all, it's called the "Idea Attribution Effect" or "Sender-Receiver Effect".

40mm x 3mm 30g Bitcoin Coin (loadable and customizable coin)
Truth is @Willi9974 is the only one that's done anything like it.

 When I saw Willi doing this, I immediately reached out to him to offer our services as we were already doing them since 2019.

The only reason we can see people not wanting to use a service like this is simply to maintain control/responsibility of the coins,
or they dont know about our service or splitkey generation in general.  
Dont even use our platform, hell use your own/vs direct.
I still think split-key generation is the only way creators should proceed.
It's been proposed, there really isn't a argument about its security. Its up to you guys to be proactive about it.

Not your keys, Not your coin.

Any further debate about the service itself at least read the website first. And contribute to the ann post about the service.

 “If you don’t believe it or don’t get it, I don’t have the time to try to convince you, sorry.” ~ (Satoshi Nakamoto).

A chain of logistics utilizing only the BTC ecosphere has been something I've been thinking on for a long time.
I've thought signature binding a funding wallet to a serialized item on a PoB wallet would be a neat one for chain of logistics but provides nothing in regards to downstream protection.
-
-

This splitkey proposal doesn't stop second hand bad actors, just 1st party and creation.*
The only person you can play with this system is yourself*
My proposal is for creators/vendors to implement this trustless system. At least protecting firsthand buyers from OEM Fraud.
People are skeptical about a service that genuinely cares and takes action in the most proactive way possible aside from diy.
I'd say you guys should question why your vendors are not offering this always has been available solution for a while now.
Here the backbone of our service. the rest is just handlers.
https://github.com/JeanLucPons/VanitySearch#generate-a-vanity-address-for-a-third-party-using-split-key
Our capacity lies within this programs own. We just made using it easier.