|
It would be very easy to implement on a Remote Access Trojan that monitors the desktop 24/7. These trojans have existed for decades, I would say since Windows 95 era, I remember some classics like the Sub7 one. For some reason these softwares make me very nostalgic of the early 2000 era. I think this one was of the first to take screenshots and monitor the desktop. So you could just make it recognize formats of seeds and take a screenshot of that so you don't have to go across hours of recordings. Yeah these softwares were pretty nasty but it is what it is, some people will always try to take advantage of others by any means. To avoid this please just use Linux.
|
|
|
|
|
Of course they will attempt to manipulate the price for their own interests, but they really have to do nothing to gain money, beside run the business properly, that is, to be a good custodian and to track the BTC price, then collect the fees. So they are going to make a ton of money from just being good actors.
That doesn't mean they will be good actors tho. I predict some sort of push for a Bitcoin USD Government Friendly hard fork in the future, pushed by Blackrock and co. If I were to buy an ETF, I would but the Fidelity one.
|
|
|
|
If you pay face to face, what is the difference between choosing Monero, Bitcoin or FIAT? Cameras will still get a picture of you. The vendor will also know your face.
If you pay online, you must use a shipping address. This detail will be the same, no matter if you use Monero, Bitcoin or FIAT.
About using coinjoins etc being the same, if you use a coinjoin or something like that, you are hiding your amount held on an address from the payer, that is good, you increased privacy on your funds. You can also hide potential addresses linked to the one you are paying with. This is normal and anyone would want this when paying. Now if you deposit this into an exacty, it is true that who knows if they will or not trigger some chainalysis thing. So yeah, not much one can do that I can think of. The difference frin fuat is the blockchain, it is permanent, public, and tied to that particular payment in that moment. Not so with fiat or Monero, even tho I would never use Monero, which has an even worse status than BTC, which leads to the next reply.
Do you check the serial numbers of your bank notes for known crimes in the past before accepting them? I've said it before and I'll say it again: attacking Bitcoin's fungibility is the only way to attack Bitcoin. They can't shut it down, they can't stop it, they can't ban it, but they can make people believe they shouldn't accept it because certain coins might be bad!
No, I don't check serial numbers. The difference here is, the systems at play with crypto are not the same as you giving some cash to a cashier or whatever. There is not some realtime global database on every payment. Also, cash in general, is used by regular people, grandmas etc. It doesn't have a bad rep (increasingly lately.. but in general, it is seen as normal). If you are a "Bitcoin person" you are standing out from the rest already. And governments hate crypto by default, banks do so too. This is why they block transactions all the time, even with KYC exchanges. So it's not the same thing at all. They will find any excuse to extract as much money as possible from you and scare you from using it. I am not looking forward to be used as an example of that. And as far as Monero, we can see what happened. It was kicked from most exchanges, you cannot cash out Monero to buy anything of relevance. |
|
|
|
I have one of those lists! It's this one! And that shows the problem: anyone can make up anything about any UTXO. Oh my god, this explains my following point perfectly! But I will post it anyway, because I have written it already. Like I said, if someone pays you in BTC that is on some of these lists, and you pay to someone, then this someone puts it on Coinbase (most likely, most mainstream exchange) to sell, and this person gets asked where this money came from, this person will point to you. So yes, this is a huge problem when it comes to fungibility.
No, this isn't a huge problem. Let me ask the obvious question. You say "this person will point to you". Who is this "you"? How will they know it's you? Let me draw the picture again: 1. takuma sato gets paid 1 BTC. 2. takuma sato sends this 1 BTC to me (apogio). 3. apogio goes to a KYC exchange and deposit this 1 BTC (don't ask why, I just make it more difficult to prove that the scenario is invalid). 4. the KYC asks apogio (the real person behind the persona apogio), where did they get it? 5. apogio says: "I received it from someone with this address bc1q....". 6. then, the authorities (the most strict ones that you can imagine) search on google the address. 7. they (somehow) find that it is linked to a persona called "takuma sato". 8. they search in the forum for other posts and they make sure that "takuma sato" owns this address. 9. then? Trust me, I am the one who will have a problem. I will be the one to answer the questions for having this Bitcoin. I will face the consequences for deciding to use a KYC exchange. That's all. Notice, that in this scenario, I didn't add any protection measures from your side, just to make it more clear. If between steps (1) and (2), takuma sato decided to do some coinjoins, or to just simply add one more address in the route, by sending to address B and then to apogio, then the authorities would have to search who this address B belongs to, before going back to "takuma sato's" address. It depends, if they are tainted linked to millions of dollars from selling drugs they may bother. You never know who sent you the coins. The problem is evident. They would try to contact theymos I guess, then check logs and so on. But im talking about buying in real life. You buy something in real life, and they will know who you are, even if you don't exchange personal details, you showed your face, there's cameras everywhere nowadays etc. If you don't see a problem of using BTC to pay someone and end up in some sort of investigation about drugs or whatever then I don't know what to tell you. BTC problem when interacting with KYC interfaces is obvious, wether you do it directly or you send the coins to someone and then they do it later on. And if you want to buy anything relevant (real state, diversify in assets etc) you are going to need to go through KYC). And if you want to buy in shops, pay for services etc, you carry yourself a person physically, when you pay you are there paying. This leaks information, and you don't know if your BTC are tainted or not. I don't see how this isn't a problem. It is basically a lottery everytime you deposit or pay someone with BTC where you hope your coins are not tainted. Chances are very low yes, but it's still there. Don't all mayor exchanges have Chainalysis or similar flagging software/service active? And if not, then it's just a matter of time they all do, probably legislation will force them to have them in place to stay in business. It's really up to their customers. As long as they keep using them and accept a "magical" unexplained thing called "taint", then indeed they all get away with it. BTC that is on some of these lists I have one of those lists! It's this one! And that shows the problem: anyone can make up anything about any UTXO. If authorities know or suspect an address was used to buy drugs, pay a hitman or something, and these coins end up in your hands and you deposit them or pay to someone IRL with them, which then goes into a KYC exchange, then you are now linked to this problem when you don't even know it. If they can reach you they will come asking. I am personally not looking forward to that. It is not magical if it has real consequences. |
|
|
|
What I would like to know is a way to test your utxo before you send it into a KYC exchange, to know if they are tainted or not. You should read [Blacklist] of unreliable, 'taint proclaiming' Bitcoin services / exchanges. "Taint" is a business model of chain analysis companies selling the notion of taint based on arbitrary conditions that can change at any moment. It's an attack on Bitcoin's fungibility and should be avoided. What happened to your money before you legally earned it is not your fault. To quote myself on the subject: I've seen several posts lately from people willing to treat Bitcoin as non-fungible because they believe some coins are "tainted". I'd say this is a severe threat to Bitcoin, and I wouldn't be surprised if governments use this because they can't stop Bitcoin in any other way. If people believe Bitcoin is "tainted", they won't accept it anymore. "We" should really inform people not to fall for this. Nobody would reject a dollar bill because it has previously been used in a crime, despite the fact that 85 to 90% contains traces of cocaine. Claiming Bitcoin isn't fungible is just plain stupid.
This site explains very well what it's all about: Coin validation proposed to offer as a service to trace coins and try to give you a rating about how the history of the coin from your point of view and to offer that as a service to businesses. I think this could be quite dangerous because it goes back to that 17th century court case where now you could receive a coin that is perfectly valid at the time that you receive it, but a few weeks later a crime is uncovered and now your coin is tainted. So if this coin validation service is advicing many of the merchants where you would want to spend your coin at, it's tainted and now the merchant would refuse to accept your coin. That's a strange experience for you; you're holding a coin that you might have to sell at a discount to get rid of it. The aggregate effect of this might create a run on the bitcoin price. So it reopens this long-set legal principle that currency or currency units are all equal. I can't stress enough how important this is! Don't all mayor exchanges have Chainalysis or similar flagging software/service active? And if not, then it's just a matter of time they all do, probably legislation will force them to have them in place to stay in business. So all the liquidity will be sitting on these exchanges. You also have no control over where the person you send the coins to will be depositing them. Like I said, if someone pays you in BTC that is on some of these lists, and you pay to someone, then this someone puts it on Coinbase (most likely, most mainstream exchange) to sell, and this person gets asked where this money came from, this person will point to you. So yes, this is a huge problem when it comes to fungibility. A dollar bill is just a dollar bill. You are most likely just going to be spending it in a shop, not putting it into an ATM. Yes, you may be holding counterfeit, or fake dollar bills, but there is no permanent ledger, the cashier probably will just take the bill. People don't often spend BTC because it goes up in value, they will sell it for a profit in an exchange most likely in the future. It doesn't matter what is and isn't stupid, if someone makes a law around this and you end up in trouble it wouldn't matter, the consequences are real. So yes we should be pushing for this not to happen, but this is different than pretending to not care and just go around sending coins to exchanges without taking the necessary steps to not trigger these systems. |
|
|
|
Receiving funds in the same address from a signature campaign is the most common option. However, even in the scenario that you mention, if you (as an entity) are well hidden behind the "takuma sato" persona, how will the person that you pay know who you are in real life? And, at the same time, why should they care?
Anyway, your point is important, so I get it. One user here (paid2 - I mention the name since he discussed it openly in another thread) does something clever, which is a good option to consider. I saw that BlackHatCoiner mentioned it above too. You can use a non-kyc exchange, like the one in my signature and exchange all the funds from your address into XMR. Then you can use the same exchange or any other that you want to exchange from XMR back to BTC (obviously using another BTC address). Don't forget to use Tor for this. You will make it impossible for the payee to imply that "takuma sato received X payments from a signature campaign and then used these funds to pay me".
Well just for reasonable privacy reasons. Suppose you pay someone with your signature earnings, you want to buy something from craiglist that is sold in exchange of btc, or pay for some service or something, and they google your address out of curiosity, now they find your apogio profile, and look up your political opinions, how knowledgeable you are on BTC, for how long you been involved and so follows. You get profiled. Anyone reasonable would not want that, so im just looking for ways to avoid this, without ending up in more trouble, like mixing the coins that end up tainted, paying with them and then being a target for that when the person that receives the coins says, "this dude I meet sent me these coins, go ask him". Chances are low but possible. Your XMR may be interested to look at but man XMR is crashing so hard you may want to do that quickly. What I would like to know is a way to test your utxo before you send it into a KYC exchange, to know if they are tainted or not. Since we have no way to know where the coins that you recieve are comming from, it would be useful to run the utxo through some sort of database, like similar to haveibeenpwned website but for addresses, and this way one would make deposits and transactions with a better peace of mind. |
|
|
|
Use a new address for EVERY payment of Bitcoins that you receive. I see a lot of people mentioning this here, but this is not always possible. The most obvious reason, anyone participating in a signature campaign is receiving repeated payments on the same address for the duration of the campaign. If you now use these funds to pay someone, this person could not only see the max amount of coins you have there currently or the maximum accounts you held there, but they could just google the address and find out your profile and ultimately source of funds. Use coin control. Spend an output that is very close in value to what you are sending. Yeah what I meant is, due price fluctuations and tx fees, some amount may be left there. Let's say you have 200 bucks left spend on your Android, and you want to buy something that costs 200, you basically have to add in an extra 100 because the price may dump by the time you arrive to the meeting to exchange the item or service for your BTC, plus fees. You always have to add this extra margin. If you have 200 and the price goes up a bit, and you have like 220, so you pay 200 + fee, perhaps there's like 10 bucks left or so, so you left 10 here and there, end up with a decent amount in different addresses, which if you wanted to consolidate into a single one, would mean that you compromise your privacy since you send a joined transaction with all of these. Either is fine. For small amounts that will only be in the wallet for a short period of time, and which wouldn't be hugely upsetting to lose, you might even find an account with a custodial service could be convenient. What do you mean? You mean a wallet blockchain.info or whatever? I would prefer to avoid these. Why?
What do you mean? for privacy, so when you pay someone they cannot look up your history. And when you spend your local currency, you never know where that has been before you received it either. You mean cash? cash doesn't have an online permanent public blockchain to check a track record of transactions. If you mean bank transfers, well same thing, there's no public records. And Bitcoin and crypto in general has just this bad stigma about it that regular transactions do not. If you don't want to use a mixer, don't use a mixer. If you want to use a mixer and believe that Bitcoin is fungible, use a mixer. If someone comes asking about the "source" of the bitcoins, tell them you used a mixer. If use of a mixer is illegal in your jurisdiction, you need to decide how you feel about non-compliance with that law. I want to have a reasonable privacy, and when it comes to authorities, you just want to avoid raising any flags because they hate crypto by default. In my jurisdiction, I find that the biggest inconvenience is the need to keep track of every satoshi acquired and spent so I can report every single transaction when calculating my capital gains for my taxes every year. Yeah this is insane. They just do this to frustrate people even at the thought of using it for payments. Exactly. FALSE positives. Meaning, it doesn't really matter if you use a mixer or not. If an exchange wants to cause their customer "trouble", they're going to do it regardless.
Like I said, you want to avoid false positives. You don't want to deposit coins that raise chainalysis flags when depositing into an exchange and go through some audit of all of your related coins. I mean why would anyone want that? This is why im saying, mixing the coins, or receiving coins from an stranger and putting them into a centralized exchange where you are doxed is a mistake, same goes for paying someone with coins you just mixed that knows who you are, that then puts these coins into an exchange. An extra intermediate step here is required. |
|
|
|
Isn't this a non-issue? You are responsible for the transaction, and nothing further than that. Flagged coins are stupid, and I personally couldn't care less about it. The transaction would concern both parties holding up their end of the deal and nothing further, unless you are supposed to be transacting in "untainted" coins. You shouldn't be responsible for whatever happens outside of the deal, and furthermore you are not in trouble for using a mixer because you can prove that you are not involved in any illicit activities.
It is an issue the moment the person sends the coins that they received from you into an exchange. When they get asked what is the source of these coins, they will just point to the previous transactions, and now you are the next target on the line for whoever is investigating that. So it doesn't matter what you don't care about, and yes, we are innocent until proven guilty, but why would you want to expose yourself to that risk?. You should just make sure that any coins you send are not tainted while maintaining your privacy. The question is, how to even go about that. |
|
|
|
|
It's not clear to me how to go about this.
Say I want to meet with someone that sells an item or service, how do I pay this person without revealing your funds?
I want to use a phone to pay, so I need to send my coins into an Android software of choice. From my research I think I could just use Electrum or mycellium. The question is, how to send the coins on Bitcoin Core into the portable software, in a way that when you pay from your phone you do not reveal your funds?
I want this thread to be specifically about privacy on your transactions. When you pay someone, they can just browse your address in an explorer and see how much that address holds, and potentially derive more addresses you own. This is insane. Imagine someone being able to do this with your bank account.
So what I would need to do is to mix the coins I want to spend, then send them into a portable Android software. This has 2 problems:
1) Even if 99% of people use mixers with good intentions to just have some reasonable privacy, you never know what was sent there. What if you pay someone after mixing these funds, this someone goes into an exchange, deposits the coins and the exchange is triggered due some flagged coins? This person will then point at you as the source of the funds and now you are in trouble. How do you avoid this? Btw this includes privacy wallets, not only mixing sites, I've seen people report about this.
2) In order to send the coins into the Android software, you have to transact from Bitcoin Core, into the mixer, then into the Android software address. This is a lot wasted in fees. There is no way to save some money in this process?
I think this makes Bitcoin so annoying to use for payments to be honest. Bitcoin is great to just buy and hold, but dealing with it to transact stuff is just so inconvenient. I would really like to know how to do this. It's just for small amounts, like 200 bucks or whatnot, I just don't want to get people in trouble from mixing funds, seeing how many false positives there are on exchanges and so on.
|
|
|
|
They are their own entity giving themselves the power to consider which fork will be "Bitcoin". They can use that to start a hash war in my opinion.
If they get away with that (after numerous lawsuits), they don't need to start a hash war. They can just sell the "not Bitcoin" they own, and if that happens to be the most valuable chain, it's pure profit for them. But that's actually the problem, isn't it. The Cabal probably WANTS to start a hash war in order to make their fork "officially" the "real fork". They won't only need the miners, they will need the support of Bitcoin services like Coinbase, some influential community members, and the support of at least one Bitcoin Core developer. - We should probably be suspicious if BlackRock starts donating money/giving grants for Bitcoin's development. Open source development of the biggest decentralized money network + donations/grants to the developers should probably not happen? Also notice that Coinbase is conveniently the custodian of everyone involved, except a very few ones that are self custodian. The rest is just a big single point of failure called Coinbase, basically, US government, since Brian Armstrong will do whatever the US government does in order to stay in business. You aren't going to get anywhere without their approval. This is not great for BTC in terms of decentralization. I guess other nation states will eventually jump in and the different agendas between parties will allow for some macro decentralization where they aren't all on the same page. This would split BTC into different coins for different states and the outcome is not predictable. Im hoping the community of individual holders will not align with any of these and dump on their chains when they receive their split. I believe not. He's merely a CEO who's forced to conform to the rules of the country where Coinbase is located. Wouldn't you as a CEO would like to make your business more compliant? That's absolutely understandable in my opinion. BUT what Brian Armstrong actually did was support Bitcoin XT, https://medium.com/the-coinbase-blog/scaling-bitcoin-the-great-block-size-debate-d2cba9021db0Which, tin-foil hats on, he probably thought he could manipulate Gavin Andersen because he will never have any opportunity to manipulate the Core Developers. He also expressed his disapproval of the Core Developers before, saying that they are the biggest systemic risk for Bitcoin, https://medium.com/the-coinbase-blog/what-happened-at-the-satoshi-roundtable-6c11a10d8cdf#.qaggpgms9He also gave his support for Bitcoin Classic, https://bitcoinwiki.org/wiki/bitcoin-classicBitcoin XT, Bitcoin Classic, Bitcoin Cash - before it became an altcoin - were actual attacks on the Bitcoin network, socially, philosophically and most importantly technically. They wanted to take control, fork Bitcoin, and leave the Core Developers behind. I believe that's their real agenda. I remember that, Gavin said Mike Hearn would be the benevolent of Bitcoin XT: https://coinjournal.net/news/gavin-andresen-mike-hearn-will-be-the-benevolent-dictator-of-bitcoinxt/I think Barry Silbert was always on board with some hardfork business at some point, which is now selling his coins to Blackrock basically with the Grayscale outflows going to Larry Fink. I think this will end up in another hardfork battle between ETFs, and Fidelity may be the only one to be trusted (if I were to trust one, which I don't). |
|
|
|
I still don't understand how 99% of people I see around talking about FED rates consider that lowering of rates automatically means something bullish. Do these people not realize that everytime rates have been lowered in the past 24 years, with 100% accuracy, it just announced and underlying problem that ended in recession and thus a big correction of the SP500? (which would mean, a BTC correction almost guaranteed, unless unlikely huge uncorrelated price action)
Basically, if FED cut rates, it's bearish, since if there was nothing wrong, they wouldn't lower them. And if they keep them high, also bearish, because those in debt have bigger problems paying them, which lead to bankruptcies and unemployment as well as problems in society due mortgages not being able to be paid etc. So I don't see how a sort of a crash is avoided, but of course, this is not financial advice and timing on things can always be off. Me personally im keeping some cash on the side.
But I think normally when rates are cut it is BECAUSE of economic problems. Now rates are going to be cut simply because the country is used to them being at or near zero and so the rates are currently way out of tune with the idea this century of where rates should be to allow endless borrowing in the economy. The rates starting to be cut later this year won't be to stop an economic decline, as the economy is doing just fine - the recession tons of people have been saying was imminent for the past two years never hit, and in fact the economy is looking stronger than expected right now. The rates will be cut simply to get it back in line with what people/borrowers/companies expect it to be. Though I think they will probably end up only cutting to like 2% instead of 0% this time because since the economy survived rates over 5% just fine there isn't a reason to go back to zero and having it at around 2% gives the Fed some options for cutting when the next inevitable economic decline does happen. Dropping from 5% to 2% I bet will happen over the course of like 2.5 to three years though. And the rate cuts are good for Bitcoin price. This market cycle the ETFs, the halving, and rate cuts are going to be major catalysts. Because investors generally feel there is less risk investing when rates are low and when rates are being cut. So Bitcoin is going to feel safer to TradFi investors when they see the Fed cutting rates every few months. This is the official FED narrative before every rate cut that I can remember. Look back in 2000 and 2007. What were they saying? https://www.nytimes.com/2007/02/15/business/worldbusiness/15iht-fed.4605930.htmlExactly. They always expect a soft landing. How would they expect anything else? If they confirm it, they would only accelerate the panic selling, thus they are always incentivized to not reveal the recession is coming. Im not some conspiracy lunatic, im just looking the data, and we already have some dodgy stuff going on, like number of working hours declining to 2009 levels while unemployment rises. How does that make sense? I think we are going to see at first small rate cuts, then accelerated cuts as we have seen before which will confirm a recession, but maybe im wrong and Powell pulls a soft landing. Good luck to all. |
|
|
|
I still don't understand how 99% of people I see around talking about FED rates consider that lowering of rates automatically means something bullish. Do these people not realize that everytime rates have been lowered in the past 24 years, with 100% accuracy, it just announced and underlying problem that ended in recession and thus a big correction of the SP500? (which would mean, a BTC correction almost guaranteed, unless unlikely huge uncorrelated price action)
Basically, if FED cut rates, it's bearish, since if there was nothing wrong, they wouldn't lower them. And if they keep them high, also bearish, because those in debt have bigger problems paying them, which lead to bankruptcies and unemployment as well as problems in society due mortgages not being able to be paid etc. So I don't see how a sort of a crash is avoided, but of course, this is not financial advice and timing on things can always be off. Me personally im keeping some cash on the side.
The entire economy has been propped up with stimulus for over a decade now. That’s pretty much all investors care about. Everyone knows the entire world is running on funny money. The only thing investors want to know is when we’ll see more stimulus. The sooner the better, so bad news is good news. When inflation hit in the 70s it hit in 2 waves and the second was worse than the first. We aren’t out of the inflation woods yet so not lowering is the right move even though it will cause pain. The market is betting that rates will be lowered this year. If rates are lowered without expecting a recession then you buy the soft landing narrative. I personally don't buy they will pull this. I think the economy is different since 2000's on a post-internet, post-QE mode economy things function different. Rates should always stay around current ones so people get some for their savings but too much debt will not allow this, rates will be lowered, and recession will hit just like in 00, 08 and 20, now with the fastest rise on rates ever, the effects on the economy will be too much to maintain and they will ease, thus confirming the fact. Second wave inflation is indeed a risk. So the FED is trapped between cutting too soon and generating a second wave, or taking too long and creating a recession. |
|
|
|
|
I still don't understand how 99% of people I see around talking about FED rates consider that lowering of rates automatically means something bullish. Do these people not realize that everytime rates have been lowered in the past 24 years, with 100% accuracy, it just announced and underlying problem that ended in recession and thus a big correction of the SP500? (which would mean, a BTC correction almost guaranteed, unless unlikely huge uncorrelated price action)
Basically, if FED cut rates, it's bearish, since if there was nothing wrong, they wouldn't lower them. And if they keep them high, also bearish, because those in debt have bigger problems paying them, which lead to bankruptcies and unemployment as well as problems in society due mortgages not being able to be paid etc. So I don't see how a sort of a crash is avoided, but of course, this is not financial advice and timing on things can always be off. Me personally im keeping some cash on the side.
|
|
|
|
They are their own entity giving themselves the power to consider which fork will be "Bitcoin". They can use that to start a hash war in my opinion.
If they get away with that (after numerous lawsuits), they don't need to start a hash war. They can just sell the "not Bitcoin" they own, and if that happens to be the most valuable chain, it's pure profit for them. But that's actually the problem, isn't it. The Cabal probably WANTS to start a hash war in order to make their fork "officially" the "real fork". They won't only need the miners, they will need the support of Bitcoin services like Coinbase, some influential community members, and the support of at least one Bitcoin Core developer. - We should probably be suspicious if BlackRock starts donating money/giving grants for Bitcoin's development. Open source development of the biggest decentralized money network + donations/grants to the developers should probably not happen? Also notice that Coinbase is conveniently the custodian of everyone involved, except a very few ones that are self custodian. The rest is just a big single point of failure called Coinbase, basically, US government, since Brian Armstrong will do whatever the US government does in order to stay in business. You aren't going to get anywhere without their approval. This is not great for BTC in terms of decentralization. I guess other nation states will eventually jump in and the different agendas between parties will allow for some macro decentralization where they aren't all on the same page. This would split BTC into different coins for different states and the outcome is not predictable. Im hoping the community of individual holders will not align with any of these and dump on their chains when they receive their split. |
|
|
|
Who is "the Sponsor" in this? Even if they act in good faith picking the correct chain, I'm missing details on what happens to the value in a possible Fork chain. When the BCH Fork happened, the value of the Forkcoin varied, but could have been sold for 10-20% of the Bitcoin value. If they keep that instead of sharing it with the ETF investors, it just adds to the list of reasons to keep your own keys. This is from Blackrock's filling. I assume all other ETFs have a similar take? It is a sort of a disclaimer. "We cannot guarantee that this is the most valuable fork if it splits". Of course you got to realize that all of these are under US jurisdiction, so the government could step in and say, "make this or that fork as the legally abiding one". And there you have it, now all exchanges and miners are forced to mine whatever UScoin fork. This is the problem with the ETFs. Back then we had separate entities as big holders, now all these ETFs will centralize a big stack on the same hands. The only hope would be that big whales dump on UScoin fork as everyone would get a split of each other coins on both blockchains post-split and cause a crash on USfork. But you would also need to get miners out of US jurisdiction reach. I know companies like MARA are expanding overseas but they would still be subject to US jurisdiction, and im not sure if UAE would be any better (they are doing some business there). |
|
|
|
To me it seems evident at this point that all the ETFs are is an attempt to control the network. They want to centralize the supply in the hands of a few actors (ETFs) which are ultimately all the same hand at play (the US government in this case) which then will proceed to attempt to fork the network for whatever agenda that is trying to be meet with that. It is literally on the documents:  So while this may be bullish for the price now, we'll see how this turns out eventually when shots start being fired. |
|
|
|
If anything, this showcases the power of a proper password, and Truecrypt can use a cascaded algorithm setup, which means a proper password is just a nightmare to crack. Even if SHA256 got cracked somehow, there would be more to do ahead. Also, Truecrypt was replaced by Veracrypt and is no longer considered safe, so that to me is interesting that people still use TC containers.
As far as the password for the wallet.dat, im assuming that this guy has a known wallet.dat password, otherwise, whoever cracked the wallet.dat, would just take the funds isn't it? or he is naive enough to think that they would crack it, then ask for permission to take the funds? im assuming that's not the case here.
Yes, I remember vaguely that Truecrypt offered such an option of cascaded hash algorithms, which means that you need to know this setup detail for a crack attack, too. It would slow down the process somewhat significantly, especially if you had to try different possibilities in this area, too. Sounds more and more like real pain in the ass. I wouldn't waste my time and energy with such few hints in this particular case. No one knows if the OP keeps his word and especially if the wallet.dat actually has at least the private key for the mentioned publich address. Too many IFs... ... wallet.dats for sale are very very likely 100% scams. You can wrap a pile of poop in fancy paper, it's still just poop.   I remember reading some sort of crypto mail list way back when and there were some people arguing that actually cascaded algorithm setup wasn't that great, and that one should stick to the classic SHA256 only scheme, but im not sure about that. If I used TC, I would first not use TC because it was compromised or so I heard, and that you should use VC (VeraCrypt) and then would research again on the cascaded thing. I also liked that this software allowed you to move the mouse around to create entropy, I wonder why Bitcoin wallet generation does not include this feature. |
|
|
|
if the enemy somehow bruteforced your seed of an HD-wallet he could derive all possible addresses generated throught this seed, vs an old non-HD which would only be able to derive a limited amount? (afaik non-HD wallets pre-generated a limited amount of addresses, but beyond that you required to backup your wallet, so he couldn't get any addresses that were generated after the first backup was required, isn't this again, in theory, extra security by not having a single point of failure?)
I'd like to clarify this a little, since the main question has already been answered. Either you have a HD (hierarchical deterministic) Wallet or you don't. If you do, there is one 'single point of failure' seed, from which you can create tons of child keys, and you'll only ever need to back it up once. If you don't have a HD wallet, you have a single private key with a single corresponding address. 'Deriving a limited amount' is not a thing. Some wallets may create a certain number of individual / unrelated private keys, 'throwing dice' for every key individually, so if you back those up, you can't 'derive' more keys later, of course, because there was absolutely no 'derivation' going on in the first place. In practice though, as has been explained sufficiently, there is no reason not to use a HD wallet. User error is just so much more likely than facing an attacker with the capabilities assumed in the original post. So in a non HD wallet each private key is separated from any single point of failure. Well this seems safer in theory then. If you use Bitcoin Core as a wallet, you are going to need the wallet.dat file anyway, you cannot do like Electrum and save some seed words, so if anything, not having an HD wallet forces you to do several backups often as well which is not bad. 1) That point would be unfounded. Given that an attacker would require unrealistic amount of resources to be able to bruteforce your seed, it makes no sense to prefer one over the other. If both of them are, in theory infeasible to be bruteforced, then it isnt a concern.
2) It doesn’t lower your security. User error or negligence wouldn’t concern the security of the seed. However, the security is again sufficient at 12 words and anything beyond provides insignificant amount of additional security.
Yeah but im talking from a theoretical standpoint. While it may impossible in practice, in theory it sounds better that one would have all keys separated from each other than tied to this seed thing from which all existing and future addresses will be derived from. 1) I known in practice this is probably pointless, but in theory, is a non-HD wallet safer than an HD-wallet given that if the enemy somehow bruteforced your seed of an HD-wallet he could derive all possible addresses generated throught this seed, vs an old non-HD which would only be able to derive a limited amount? (afaik non-HD wallets pre-generated a limited amount of addresses, but beyond that you required to backup your wallet, so he couldn't get any addresses that were generated after the first backup was required, isn't this again, in theory, extra security by not having a single point of failure?)
Not really. Keeping a bunch of miscellaneous private keys around is more cumbersome than storing a seed, and having just a small seed makes it harder to steal data since there's less of it. In order to back up an HD wallet, you don't have to copy all the private keys. You just need to save the seed phrase (or wallet file + password), derivation path, and receive and change gap limits, which are the number of generated addresses. 1) In HD wallets, is anything beyond 12 words pointless? In theory, more words more security, but in practice, doesn't this lower security? you may accidentally type a word the wrong way if you manually type or, or it just creates more lenght of bits in the material word to store
HD seeds are converted into bits and then passed through HMAC-SHA512 to create the master private key, so while 12 words give enough security now, the option to do 15, 18, 21, 24 words allows us to future-proof seed phrases from things like quantum computers. 12 words and 24 words seed phrase have the same bits of security. That makes 24 words not to have security than 12 words. 12 words seed phrase is highly secure enough.
This is not really true. The private keys may have the same bit-lengths, but the bit entropy from 24-word seed phrases is 2^12 larger than 12-word phrases (because 2^24 for 24 words / 2^12 for 12 words = 2^12 extra strength) which makes it harder to brute-force the master private key. But like I said above, if you use Bitcoin Core, you are need to carry your wallet.dat file anyway, so if anything, needing to do backups often is a healthy practice. I don't see the advantage of HD wallet beyond the "spawn my wallet anywhere with 12 words" thing, the rest seems like a security compromise in theory. |
|
|
|
|
2 simple questions I would like to make:
1) I known in practice this is probably pointless, but in theory, is a non-HD wallet safer than an HD-wallet given that if the enemy somehow bruteforced your seed of an HD-wallet he could derive all possible addresses generated throught this seed, vs an old non-HD which would only be able to derive a limited amount? (afaik non-HD wallets pre-generated a limited amount of addresses, but beyond that you required to backup your wallet, so he couldn't get any addresses that were generated after the first backup was required, isn't this again, in theory, extra security by not having a single point of failure?)
1) In HD wallets, is anything beyond 12 words pointless? In theory, more words more security, but in practice, doesn't this lower security? you may accidentally type a word the wrong way if you manually type or, or it just creates more lenght of bits in the material word to store
|
|
|
|
Address 1L8SqDEvaA3WnDinobai21ZbnyC79XuJGn has a current balance of 2.11752132 BTC and last outgoing transactions where UTXOs of this address were spent were in 2021-03-03: tx bdc3bc54a358301552c03eecb5c6994bc13066284f795211a2db6497f5692cd72021-01-09: tx d27a036c3d1acd27f7b57b3c3bc0e85cff1b03714e1b8b03274f161badac38c4So in the first months of 2021 the owner of UTXOs of this address apparently had access to this address' private key and the other involved inputs in above transactions. Yes, the file is mine. If it was not mine, how could I know the general wallet address? I'm not convinced because a Bitcoin Core wallet uses a lot of keys and public addresses, not just a single one. And naming a public address with a suitable balance isn't hard at all. Your passphrase hints for the Truecrypt container are rather insufficient. My question would be: why didn't you document such an important secret? As n0nce points out, having the hashes isn't quite enough. An attack to crack the Truecrypt container passphrase would also need details how Truecrypt processes the passphrase to get to hash digests. Well, likely hashcat or similar tools know how to deal with cracking Truecrypt containers. And then if someone manages to crack the Truecrypt passphrase: what about the contained wallet.dat file? Is this protected by a passphrase, too? Is the Bitcoin Core wallet.dat passphrase known? There are stories of people being thrown to jail permanently for failing to disclose a Truecrypt password. If anything, this showcases the power of a proper password, and Truecrypt can use a cascaded algorithm setup, which means a proper password is just a nightmare to crack. Even if SHA256 got cracked somehow, there would be more to do ahead. Also, Truecrypt was replaced by Veracrypt and is no longer considered safe, so that to me is interesting that people still use TC containers. As far as the password for the wallet.dat, im assuming that this guy has a known wallet.dat password, otherwise, whoever cracked the wallet.dat, would just take the funds isn't it? or he is naive enough to think that they would crack it, then ask for permission to take the funds? im assuming that's not the case here. |
|
|
|
|
Show Posts
