As has been explained to Kruw dozens of times, the change output from Tx0s are sent to a separate account and deliberately segregated from your other UTXOs. There is no way to accidentally include them in a transaction. Any user consolidating their change output as has been done in the transaction he has linked to above is doing so deliberately. I understand that Kruw gets angry when people spend their bitcoin in ways that he personally doesn't approve of, but there is no bug here, just Kruw either being deliberately misleading or simply not understanding what is happening.

Forgive me if I'm missing something, but what does this actually achieve?

When the phone is off, all data is encrypted. Great. When you turn it on, it remains encrypted until you unlock it for the first time. But you need to unlock it for the first time before you can actually use it as a phone. It will not receive calls, notifications, etc., until you have done so, at which point it isn't encrypted anymore. It is only protected by your lock screen, of which I have serious doubts about the security.

So if you reboot your phone every few hours or every day but are going to unlock it immediately after reboot so you can actually use it as a phone again, then what difference does that make to just having it turned on all the time?

This is why my suggestion was to have a dedicated folder on your phone which is separately encrypted and contains your bitcoin wallets, which you would only unlock when interacting with those wallets. Then at least you can still use the rest of the phone as a phone without having your bitcoin wallets unencrypted all the time. I do this on computers as well - I use full disk encryption on all my devices, but still have further separately encrypted files and folders which I will only decrypt when in use.

I would note that there is nothing "trustworthy" about Electrum servers. They are simply servers, and there is no mechanism to assign ratings to servers as either "trustworthy" or "malicious". Electrum gets around this problem by connecting to multiple different servers rather than just one, but you could very easily connect to a malicious server which either tries to feed you incorrect data or (more likely) surveil your transactions.

Most private keys are not randomly generated, but rather deterministically generated from your random entropy. This is why the same seed phrase can reproduce the same private keys in different wallets.

Correct. But practically, it will never happen. The number of possible addresses is simply too large to ever find a collision.

The vast majority of wallets in use today are hierarchical deterministic wallet. This simply means that all the private keys in the wallet are generated in a deterministic (procedural) way, following a set hierarchy (pattern). In simple English, the wallet takes your seed phrase and generates a tree of private keys using a set process, meaning that you can use your seed phrase to recover your entire wallet and all your private keys and addresses.

This differs from original bitcoin wallets in which each private key was randomly generated from scratch, and you therefore had to back up each private key individually.

Doing a straight swap to monero and back again achieves very little, and the service you used will be able to see exactly what you've done. If you want to go down this route, then you should swap bitcoin to monero using one service, split the monero up and move it around a couple of times, and then swap different amounts of monero back to bitcoin using different services. If you plan on doing this all via Bisq, then it would be best to use different trading partners for each trade.

Your other option for privacy would be to use a good coinjoin implementation such as JoinMarket or Whirlpool.

And with everything to do with privacy, you should be running your own node. If you are relying on light wallets synced to third party servers, then your privacy is constantly at risk regardless of what obfuscations you make on-chain.

I'd admire your persistence, but you might as well be trying to convince a BSV cult member that CSW is not Satoshi. No amount of evidence or logic, however obvious it is to the rest of us, will convince Kruw otherwise.

His point regarding SBF's coins is a fallacy of presumption. No one is specifically "allowing" SBF's coins, because no one (expect Wasabi, of course) is spying on inputs and paying blockchain analysis for information on those inputs. He cannot understand that because his default position is "spy on every input", and cannot understand people like us who think privacy should be universal and not granted by some faceless third party. It is clear his analogy is bullshit in reality since neither of the two main coinjoin implementations - JoinMarket or Whirlpool - implement any kind of censorship like Wasabi does, and neither of them have any problems whatsoever with Kruw's made up "vigilantes" policing the system for reasons unknown. All UTXOs are treated equally, which is exactly how bitcoin was designed and how it functioned before malicious entities like blockchain analysis and Wasabi came along and started treating some coins as "tainted" based on made up heuristics which we've recently seen in court have absolutely zero evidence base behind them.

We've been going round in circles with him for months. He is shown evidence, he ignores it, he claims no evidence was ever presented, and then he copies and pastes the same pages and pages of nonsense which have been thoroughly debunked already. He argues about semantics, appeals to authority, argues over tone, all while ignoring all questions he can't answer and evidence he doesn't like. Like everything to do with Wasabi, it's a complete clown show.

This would be an option I suppose, although it would be more clunky for users to apply for permission before making a post, rather than the current system in the mailing list of making a post and then it being sent out after approved by the mods.

This would not work. Spam control needs to be proactive rather than reactive, or else you end up filling everyone's email inbox with hundreds of daily spam posts before they are trashed.

Yes, but this forum is pretty well known for allowing egregious amounts of spam and shitposting and never actually banning the perpetrators. A properly moderated forum could work just fine.

This forum used to host high level discussion from Satoshi and a number of other devs when it was first created, but given the amount of unmoderated spam and shitposts on this forum now, it would be a poor choice.

I'm sure the moderators of the mailing list delete dozens of posts for every one which is actually circulated to the list.

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-November/022134.html

The Linux Foundation are ending their support of mailing lists. They have agreed to continue to host the historical content, but the bitcoin dev mailing list will need to migrate to a new platform.

Options raised so far include another mailing list host, Google Groups, groups.io, Nostr, Matrix, a forum, GitHub discussions, or even do nothing and just let the mailing list end.

Either way, apparently a decision will have to be reached very soon - before the end of this year.

Your statement here isn't quite correct. Firstly, hashing is not the same as encryption, and SHA256 does not encrypt data. Encryption is reversible with the correct key, allowing you to decrypt to the original message; hashing is a one way function, often with a much smaller output than input (meaning data has been lost and therefore cannot be reversed).

Further, SHA256 isn't particularly susceptible to quantum computers. As far as bitcoin goes, the most quantum susceptible part is the elliptic curve multiplication which turns a private key in to a public key.

But yes. If elliptic curve multiplication can be broken, then much of the encryption used across the internet and around the world will be similarly broken.

But how good is it? If the phone is off then maybe, but if the phone is on and simply locked? There have been various methods to bypass the lock screen, such as this one: https://www.androidpolice.com/one-minute-hack-allowed-lock-screen-bypass-on-android-current-pixels-are-safe/. And once the lock screen is bypassed, everything can be accessed.

I'd rather have an entirely separate encrypted container which I know cannot be accessed without my decryption key.

An added bonus of using a laptop rather than a phone is you can install and run Bisq on it. Before arranging your face to face trade you can place any bitcoin you are selling in Bisq's multi-sig escrow, and then release them from escrow after the buyer hands you the cash. If someone steals your laptop, they can't steal the bitcoin out of the escrow.

There is discussion happening in various places, for example this thread from last year on the Bitcoin Dev Mailing List: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-April/020209.html

That's a very nebulous statement. "Current encryption" is a massive category, some of which can already be broken even with conventional computing, some of which will be secure for decades to come. I do not think bitcoin will be vulnerable to quantum computers for many more years yet.

I don't think the danger per se is overstated - at some point I do expect ECDLP will be broken by quantum computing. I think the timeline is very overstated, and as above, don't think this is going to happen for years yet. Forking to a quantum resistant algorithm now, when the actual threat is probably still decades away, would be a mistake. Whichever algorithm we picked today would at best be very outdated, slow, and inefficient by the time it was necessary, and at worst be insecure.

Probably deleted since OP is a recurrent concern troll - https://nitter.cz/PavelTheCoder/status/1647970679805947910#m

These are both non issues.

1 - Both Samourai and Sparrow tell you the size of your change output prior to signing and broadcasting Tx0. If you don't want to create a change output of this size, then you go and edit your transaction. This is the expected behavior of any good wallet.

2 - Tx0 clearly pays the coordinator, and this output is easily identified. The privacy of Whirlpool coinjoins does not depend on this fee payment being secret. It does not matter if you and I both pay to the same coordinator address - there is zero loss of privacy.

A slight correction - we do see transactions under 1 sat/vbyte quite regularly, even now when the fees are what they are. Miners are free to include any valid transactions in their blocks, and paying zero fee does not invalidate a transaction - it simply means it will not be relayed by the vast majority of nodes. Miners can include zero fee transactions if they are incentivized to do so via other means, such as someone paying privately or when the transaction belongs to the miner themselves.

For example, there are a whole bunch of transactions from this address paying zero fee and creating a bunch of OP_RETURN outputs, which I assume is some sort of ordinal spam: https://mempool.space/address/1JRhv7zRN9xCyTntYT5nuupg7JMsE7YocL.

Or this transaction, which is F2Pool paying out mining rewards to individual miners: https://mempool.space/tx/12d7d9678f98f319fa4c6b4295c5364a1b9c937901e6d83bded4533e523a319a

There is a very simple solution to this problem: Stop using services like Wasabi which utilize and fund blockchain analysis, and turn to one of the many much better alternatives which are not anti-privacy and pro-censorship.

If not connecting to your node, then I would also use Orbot as ETFbitcoin has suggested.

Install the wallet app inside some kind of encrypted folder or partition on your phone. If a thief manages to steal your phone, even if they bypass your lock screen they won't even be able to see you have wallet app installed without breaking the encryption first.

No, it isn't, and keeping your public keys private only provides a false sense of security.

There are dozens of reasons your public key is already exposed. Wallet software generally does not treat public keys as sensitive information and keep them secured like it does with private keys. If you've ever signed a transaction, your public key is exposed. If you've ever signed a message, your public key is exposed. If you've ever used any wallet except Bitcoin Core, then your extended public key (and therefore all your public keys, even those of addresses you haven't used yet) is exposed. If you use taproot, or descriptors, or share xpubs, or create multi-sigs, or a bunch of other things, then your public keys are exposed.

Even if you generate and store your personal public keys on an airgapped device and 100% private, your coins won't be worth anything if a quantum computer can steal the 10 million or more bitcoin with exposed public keys. Public keys are meant to be public. The security of bitcoin against quantum computers will come from forking to a quantum resistant algorithm.

Except the dozens of times I've explained this to you over the last six months:


But you know, keep proving my point that you are not here to learn or discuss in any capacity, and are only here to copy and paste endlessly debunked and utterly moronic soundbites at the behest of your puppet masters.

It is still open for comment for another 77 days. There are currently 109 publicly posted comments which you can view here: https://www.regulations.gov/document/FINCEN-2023-0016-0001/comment. They are unanimously in opposition to this proposed piece of legislation, although I fully expect the government to completely ignore all these comments and opposition. They've never let the interests of the people stand in the way of their tyranny before.

You have various options to do this privately.

You can run a hot wallet, which is pointed at your node running back home, such as Electrum. Transfer the coins you want to trade from Bitcoin Core to your mobile Electrum wallet before you go, and then make the transaction from Electrum to your trading partner while you are out. Everything goes via your own node.

For extra security, you can do the above with a watch only wallet and a separate airgapped wallet. Run a watch only wallet on your phone pointed at your own node running back home. Also take with you either a hardware wallet containing the funds you want to trade, or a second phone in airplane mode with your coins stored on it. You could do this with Electrum on two phones, or with a hardware wallet such as Passport and their accompanying Envoy app.

As BitMaxz has said, you can sign the transaction in advance if you know the address and amount, and take the signed transaction with you on your phone. Either broadcast via your own node, or via Tor using mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion