Every time you start Bitcoin Core, it performs a verification check on its own local database of all the blocks it has already downloaded. You can see this at the bottom of the GUI window every time you start it up, when it says "Verifying blocks...". If it finds a block which is invalid (because you have edited it in some way), it will discard that block and download the original valid block from other nodes in order to rebuild the local database.

Why would an exchange publish details of a loan which shows they are insolvent? They will keep it under wraps, and it will go unnoticed. Just as emergency loans to Celsius, to Voyager, to BlockFi, etc., all went unnoticed in the run up to their collapse. If it was actually this easy to verify the solvency of a centralized platform, then we wouldn't have multiple platforms going bankrupt and taking millions of users' deposits with them.

All of them.

Exchanges have been caught committing a huge number of far more illegal activities, from selling user data to insider trading to helping themselves to users' funds for their own purposes. A little bit of fudging the numbers isn't going to phase them.

USDT is insolvent and is not backed up 1-to-1 as they claim. This has been proven in court on more than one occasion. And yet it continues to be widely used. It makes no sense.

If you deposit, lose, and then double spend your deposit, then the casino/sportsbook in question has only lost potential profits (your deposit), and hasn't actually lost anything from their reserves. So they can simply ban your account, email address, IP address, bitcoin address, and any other details they might hold on you, such as if you've completed KYC. Or if they really want to keep you as a customer despite your theft, they could simply disable zero confirmation deposits for you.

I wonder how many such places will continue to offer zero confirmation deposits after full RBF becomes widespread. Very few, I suspect, since it them become trivial for anyone to double spend a losing deposit.

And how do you know the proof of reserves is accurate? What's stopping an exchange taking out a loan the day before an audit and paying it back the day after? Or borrowing funds from one of their affiliated companies or entities? Or even just the CEO topping up the exchange wallets with their own funds prior to the audit. This exact thing has happened before with Bitfinex handing hundreds of millions of dollars of crypto to Tether on the very morning of their independent audits. And yet USDT continues to have a market cap of $65 billion, despite being a fractional reserve scam. Proof of reserves proves nothing.

But without proof of liabilities, proof of reserves is meaningless. So an exchange proves they have 100,000 BTC in their wallets. What if they have 200,000 BTC in liabilities? What if they have huge outstanding loan repayments or debts they hide from the auditors? How do you even know you can trust the auditors?

It's all trust upon trust upon trust. There is no independent verification.

It isn't. Since the very first block was mined, even if your node uses opt in RBF/first seen, you still accept full RBF whenever a new block is mined. If a block is mined which contains a transaction which double spends an opted out transaction in your mempool, either you accept full RBF or you fork yourself on to a new network. If there are two blocks found at the same height, and they both contain conflicting transactions, either you accept whichever one is built upon regardless of whether the conflicting transaction was opted in/higher fee/first seen/etc., or again you fork yourself on to a new network. Full RBF is very much the default state, and every node already accepts it. You can do whatever you like to your own mempool, but first seen was never the natural state.

And again, this is only providing an easy toggle option (which is defaulted to off) for a feature which any code could have been using for 10+ years already (and some already do).

There are two points I would make about third party audits. First of all, they simply move the trust requirement. Instead of trusting the entity itself, you are now trusting the auditor. They still don't allow anything to be independently verified by the user themselves. And secondly, even if you do trust the auditor, they only show a snapshot at the time of the audit. Anything could have changed between then and now.

Not at all. In addition to the points I made above in regards to VPN providers, when it comes to exchanges, there are even more unknowns. The proof of reserves which many exchanges are starting to publish is easily tampered with or altered to make it appear more favorable to the exchange, and proof of reserves without proof of liabilities is absolutely meaningless.

There is no way for a user to ever verify completely the security, privacy, or solvency, of a third party they are using. The only way to do this is to keep your coins in your wallet.

That's a big assumption to make, and one which is not true. FTX was the second biggest exchange in the world. Everyone assumed they would have decent security, and instead they had an unsecured group email account. Everyone assumed Coinbase had good security, and instead their data was being sold by a third party. Everyone assumed that Binance, that Bitfinex, that KuCoin all had good security, and all have been hacked and had coins stolen.

The fact is that we have absolutely no idea what security exchanges do or do not have. You are trusting complete strangers, who have shown time and time again that they are grossly incompetent. Handing over coins or data to any exchange is a huge risk.

Then I think you should continue down the path of moving to a better system. Casa is closed source, holds one of your keys for you, and (correct me if I'm wrong) but you have to pay them $120 a year for the privilege of them holding one of your keys for you. None of these are good thigns.

Maybe at the moment, sure. But the fact that you have self identified this means you are already well on the way to being able to address your lack of expertise. An entirely self hosted solution will always be preferable to one which depends on third parties.

Well then you've already lost most of the benefits that a multi-sig solution brings.

Lost track of how many times I've repeated this:

First of all, Google hosts scams. So many scams. On their search engine, on their app store, on their ad platforms, everywhere. As long as the scammers pay them, Google do not give a single fuck about hosting scams and regular people losing their money. Google is a truly terrible choice for literally anything. Stop using them.

You'll also notice that the scam links are promoted as ads. Use uBlock Origin. It is the only ad blocker you will ever need, and will filter out all these scam ads. (Note: uBlock is a different piece of software to uBlock Origin, and one you should avoid. It's uBlock Origin that you want.)

And stop clicking on random links and stop typing in your seed phrase. This is basic crypto security 101.

Here are two links which show each individual step, which should help you understand what is going on. You can enter your own strings and go back and forth along the steps.

Converting private key from hex to WIF and vice versa: https://gobittest.appspot.com/PrivateKey
Turning a hex private key in to an uncompressed public key and then an address: https://gobittest.appspot.com/Address

You have until the transaction is confirmed to attempt to double spend it back to yourself (i.e. cancel it). It all depends on the fee you pay and the current state of the mempool.

Take a look at what the mempool looks like here: https://jochen-hoenicke.de/queue/#BTC%20(default%20mempool),8h,weight

If your transaction pays 1 sat/vbyte in fees, and there are many megabytes of transactions which pay higher fee rates sitting in the mempool, then your transaction could take hours or days to confirm, giving you plenty of time to cancel it if you choose.
On the other hand, if the mempool is empty and your transaction pays a high fee putting it near the tip, your transaction could confirm within seconds of you broadcasting it, meaning you have no chance to cancel it at all.

Another option is to use RoboSats to swap on chain bitcoin for Lightning bitcoin, or vice versa.

Alternatively, if you are running your own node anyway, then you can interact with your hardware wallet via either Electrum or Sparrow which is pointed at your own node or Electrum server to maintain privacy.

Any wallet which allows you to import raw private keys would suffice. Although I agree Electrum is the best and safest wallet for this task, my go-to secondary piece of light wallet software is Sparrow wallet, which would also be able to import from a paper wallet no problem.

If you are going to use Electrum, note that you'll need to prefix your private key with p2wpkh: if your paper wallet has generated a segwit (bc1q) address.

Exactly. Just like most people would skip over writing down their seed phrase twice like you suggest. They can't skip a hard coded checksum, however.

And if checksums didn't exist, and someone comes saying their seed phrase isn't working, you have no idea if it is a problem with the seed phrase itself or if it is a problem with something they are doing with the seed phrase (passphrase, derivation path, etc.) By having a checksum, you can immediately narrow down the problem.

Extremely useful. You don't want your wallet software accepting an incorrect address and allowing you to sign transactions to that incorrect address. And by showing you have an error, you know you've made a mistake in your process somewhere or have some malware and can re-examine your process before losing your coins to an incorrect address.

Hasn't the price of everything? Lol.

Fair enough. A good argument for a hardware wallet instead then. You could always wait another 9 years until your next new computer and then use your old old one as an airgapped wallet.

Some nodes are already starting to run it, but even if the majority don't, I suspect at some point in the future (perhaps even by v25.0, which is scheduled for May 2023) it will get switched to default true rather than default false, at which point it will rapidly spread throughout the network. Then it won't be a case of your wallet requiring to opt in to RBF - every transaction will be automatically opted in. The only stumbling block to using RBF at that point will be whether or not your wallet is good enough to support making such a transaction, but if it isn't you can always import your seed phrase in to a better wallet and do it from there, even if you had never even heard of RBF when you made the original transaction.

What huge fee? The mempool is empty. You can make a transaction with a fee of 1 sat/vbyte, which works out around 4-5 cents for your average transaction.

It sounds to me like you are talking about the fee a centralized exchange or other centralized platform is charging you to process a withdrawal. Note that such a fee has absolutely no relation to the actual bitcoin network fee, and 99% of any such fee is going straight in to the pocket of the exchange in question.

If you hold your bitcoin in your own wallet (and choose a half decent wallet which allows you to customize the fee), then transactions are very cheap.

Spoken like a true politician. How long until he runs for office?

Precisely this. This is his fault, he knows it is his fault, everyone else knows it is his fault, but he's hoping that he can still convince people that somehow he isn't to blame.

Absolutely. There is a reason that the US government and its various departments is one of the largest customers of data brokers. Even with their mass surveillance programs there is some data they can't access without it being obvious they are breaking the law, and no judge is going to grant a warrant for such illegal data collection, so instead they can just go to one of the thousands of data broker companies and buy that data for not very much at all.

We already know that centralized exchanges widely sell your data to various blockchain analysis companies as well as data brokers, and they freely share your data with governments around the world. (And of course all these entities circulate your data between themselves even more). Given that, I would not be at all surprised if it came out that some centralized exchanges were working even more closely with governments, or indeed if a government flat out owned a centralized exchange for the purposes of harvesting data and enforcing regulations.

But if you are buying a new one because your old one is getting very slow as you said above, then surely your old one then becomes the perfect candidate for an airgapped wallet? You don't need it anymore once everything is transferred to your new one, and the fact that the hardware is outdated is irrelevant for running something as simple as an airgapped Electrum wallet. You can format it and load any lightweight Linux distro to keep hardware demands to an absolutely minimum, and then the only piece of software you need to install on top of that is Electrum itself. Plus if it's an old device you aren't going to use anyway, then there are no issues with you opening it up and removing the WiFi module.