You can do this with 3-of-3 multi-sig, not 2-of-3. In the former, you need their approval to spend and so do they. In the latter, they can gain access to your coins and don't need your approval to spend, something you've said you don't want.

You also can time lock money to yourself, to avoid messing with intermediaries, but that's once and for all; you can't reverse it, in contrast with multi-sig wherein you can convince your friends to get the money.

---

An even better solution is to look after your emotions.

Your database is likely corrupted. Try wiping out the block index with bitcoin-qt -reindex. This will re-make the database by going all over the blk.dat files, re-validate them and rebuilding the chainstate. It'll take a lot of time.

Have you checked your debug.log for further info?

But, they supposedly do benefit in some other way. That's why altcoins exist. They supposedly do something bitcoin can't do, and a mechanism to prevent double-spending is Proof-of-Burn.

That's a bad analogy, because you can't prove you've burnt it, and burning bitcoin makes sense only if you're able to prove it.

Note that sending coins to perfectly valid addresses, such as 1Counterparty, doesn't necessarily mean they're removed from circulation. There are more than 79 octillion private keys, on average, that can unlock these outputs.

For provably burning, use OP_RETURN.

1Counterparty currently has 2,130.96 BTC. That's 0.01% of the total circulation. It does have a little impact, and that's just from counter party.

Where is it used as a Proof of Burn? I only know 1Counterparty[1][2] that does it.

It does make sense. The value is destroyed from the Bitcoin network, but that's the condition for the other coin to create circulation. You can't have as much as you want, because you can't fake your bitcoin's burning, nor can you double-spend. It's a brand new coin that depends on bitcoin.

What doesn't make sense is to buy it. 

Transaction fees! 

---

[1] https://counterparty.io/get-started/
[2] https://mempool.space/address/1CounterpartyXXXXXXXXXXXXXXXUWLpVr

Yes! That was it.

You can't track her donations, because the address you will generate won't be shown to anyone else. Once an address is shown, it's never used again. You can of course attack her by generating billions of addresses, but that will only increase her children, and, therefore, make her monitoring more difficult. It's a similar problem to DDoS.

Then don't do business with people who treat bitcoin as non-fungible.

You don't have to generate a new address for each page load. Just have a "Donation here!" link; whoever wants to donate will click it. Definitely not billions, not even hundreds of thousands.

I've seen it once, and it was for donations specifically. Can't remember the github.io page. Doesn't BTCPay Server give you a new address each time? Why don't you use that?

Sure, but you're supposed to hide it, just as you hide your private keys. And if you don't trust your web hosting service, which is normal, you can make it contact with your home's server. Such as Pi <--> Web hosting' server <--> Sender

Either way, you need to run your own node and scan for every transaction.

No, I mean the idea with the master public key. No address reuse.

Let me show you.


The result is the same. Alice has received donations in several addresses, that have no connection.

She doesn't have to reply to anybody. Address generation can happen automatically.

Use a mixer then, end of story. No need to complicate it with miners and coinbase transactions.

Quoting part of the OP:
Isn't this already happening? Well, not exactly with one public address, but with one master public key. You can create nearly unlimited addresses which aren't linked and there's neither interaction from the sender.

I still don't understand how silent payments improve anonymity. Doesn't Alice still have lots of outputs in different addresses? Didn't she have the same problem before?

"Quite a bit"? The shitcoin did a -100%, he's lost every cent he put.

Just because your friend told them to buy a worthless, centralized, opaque, game theory failing shitcoin, it didn't mean they should; and even if they were convinced, your friend shouldn't give advice, not because he might hurt someone, but he may have no idea what the hell he's bought.

That.

What's the benefit of pegging your Lightning balance to USD? And how exactly is this supposed to work? Like, creating 1 L-USD for each 3,000 Lightning sats? Doesn't make any sense. Bitcoin is free money; a currency on its own. And so is USD. Whoever wants to switch, utilize trading.

Reminds me of something. What can have possibly happened to that old soul, nullius, I wonder.

The thing I like about bitcointalk is that it only has constructive criticism, from what I've seen two years now. If you don't understand all this bitcoin terminology, just make an account here, that's what I did; I nearly knew a thing before. Now I know that I know nothing. 

There are lots of helpful folks. Stackexchange is also useful, but that's a little much for techie stuff only.

Yes, but I guess what @oryhp says is that if you communicate without a secure connection you can't be sure there isn't someone spying on you without you knowing it. Sure, he can take the money, but what's more valuable? Depends on your threat model. 

You only need to derive millions of addresses from one master public key, and save those with a balance.

This wasn't my point. My point was that if an entity perpetually brainwashes everyone and tries to create a bad picture of bitcoin for their own benefit, you shouldn't bow your head and admit you're doing things wrong. For example, if few politicians state that bitcoin wastes too much energy and advise against its usage, don't try to change the code; the problem isn't into the code. We've spent hours on this debate, and we've debunked it.

Same goes for KYC. There's no study that reveals less criminal activity due to this undoubtedly extravagant requirements of personal info. Pretty much the opposite, it's extremely dangerous; it encourages identity theft, scams and helps scammers stay undetected. The reason the governments want it, and exchanges often intentionally add it, is control. It makes mass surveillance work more easily and effectively, it's moneymaking from the CEX's perspective, it's advantageous for chain analysis which brings even more money etc., all these entities cooperate for control.

So, when a CEX imposes KYC or some other arbitrary rule, such as "tainted coins", don't try to figure out a technical solution, such as improving privacy on a protocol level with cryptography. Just don't use the exchange.

If Alice and Bob communicate through a secure transfer protocol, such as with SSL certificates, then MITM attack becomes more difficult to execute. And they should, with or without silent payments. Otherwise, their internet provider and the server they use to communicate can de-anonymize them.

So why they don't just generate a brand new address in each refresh, for each visitor?

Yes, because it doesn't take space in the UTXO set. OP_RETURN outputs are simply ignored.

I ordered it from gobrrr.

Yep, but I thought the default would be a better option. Proved wrong. 

Which thing isn't random nor secure exactly? Pi's RNG? urandom?

But, I don't blame them for my possibly less unpredictable entropy. Of course and it's my responsibility to ensure the dice is fair. But, you don't get to force me go with your way, just because you think it's right. This attitude is translated to a little disrespect, one might say, towards actual cryptographers who've studied more than you've done, and have concluded to using a CSPRNG.

Let me choose a "Use Pi's RNG" option, and if you don't recommend it, show a warning.

Why do I have a feeling that this is the wrong path? I agree with all you've said, and bitcoin can, indeed, become more private overtime, but answering with "let's just write a better code" implies that what's causing this taint propaganda is the code.

I sort of agree with this:

Bitcoin solves no political problems, but only practical and technical. And we're seeing this everyday. I can move millions of dollars for a nickle (practical) or move money across the world anonymously (technical). But, there's no such mechanism that can give a solution to the abrupt rise of KYC. No, decentralized exchanges don't. They mitigate trust, same as with bitcoin, because things work more properly that way; because trust costs. But, both solutions are apolitical.

See monero. It's, supposedly, more private than bitcoin. What has happened? Most CEX's have blacklisted it, less and less merchants dare to accept it, people beyond the crypto space are constantly brainwashed etc. Is the problem in the code?

It's necessary. Without the camera you can't scan the PSBT from your computer's monitor.

Which wallet do you use? In Electrum, enter OP_RETURN and, right after, your hexadecimally represented message. For example, this message:


Check the transaction, made in testnet, on a block explorer: d1cc92eb8af8e21f11177886a95ccda37c5236eafa170a446c031da6f8834a1d

• blockchair.com
• mempool.space

Prologue
So, a month ago, I was trying to find out which hardware wallet should I buy. My conditions were simple; it had to be open-source and I had to make the purchase in the most private way possible. My only option was to buy BitBox 1, but it happens to be old, deprecated and their developers aren't known for being privacy seekers, which really underwhelmed me.

My only choice was to purchase a hardware wallet outside my country using a poste restante, which I didn't want to do for personal reasons. But, then dkbit98 suggested something I hadn't thought of; do the job with a Pi.

And so I did. I bought a RPi Zero, a camera, a little screen and a few other stuff, and built a SeedSigner; an air-gapped hardware wallet signing device, which takes security into the next level.  

Disclaimer: There's no affiliation with SeedSigner and this thread isn't sponsored. I just bought it and share my thoughts.

---

---

In summary:

Pros:

• Open source, github page: https://github.com/SeedSigner/seedsigner
• Air-gapped
• Relatively cheap ($50~$100)
• Separation between private key storage and signing
• Can be bought anonymously (without KYC, AOPP etc.)

Cons:

• Little hard setup
• Experimental software; the project is, well from what I can judge, in an early stage
• Works only with BlueWallet, Nunchuk, Sparrow, Specter Desktop
• It's forcing you to generate the entropy yourself

---

---

Alright, let's begin.

SeedSigner aims to give a solution to one problem; the cost and complexity of multi-sig usage. However, at the same time, it can be used for single-sig setups, lowering the cost of your "hot" storage as well. There's nothing saved inside the SD card, besides your settings which is optional, therefore there's less danger for funds' loss. When you shut down SeedSigner, it erases the seeds; they're meant to be kept temporarily in memory and you have to import the seed on each startup. And that's basically one of the features that makes SeedSigner differentiate.

This has the following advantage: You can have the device on plain sight (don't, but you get the idea). As far as I understand, this is implemented to reduce the risk of money loss. For cold storage, create the QR code and find a good hiding spot. For daily transactions, you can just insert it into your drawer etc., without minding much.


For quick imports, use QR scanning:

---

Unfortunately, you can't create a new seed with an internal RNG. SeedSigner somewhat forces you to generate the entropy yourself. Either with a picture or dice rolls.


I get the spirit of "trust none!", but that's just wrong. It should allow you to generate random entropy, even with a warning. Furthermore, it gives a false sense of security. If you don't test the dice is decently fair, then you shouldn't generate a wallet. Period. Quoting a forum legendary is needed here:

Hashing a picture can also be problematic, see thread: Turn photos into Bitcoin wallets. So, here's a feedback: Include /dev/urandom. Simple. Do it for those who want to avoid this fuss.

This is how they justify it:

One thing I also don't understand is how the rolls are 50/99 exactly. Doesn't each give 1.66 bits of entropy on average?  

---

These are the features:

One thing I've forgotten to say is that, besides open-source, the code is also easy to read. It's 100% written in Python, and there aren't many files to check. It doesn't take more than an hour. The src/seedsigner/models is what's all about.

---

How to use it

These are the steps to spend money:

• Create a seed.
• Export the master public key with a QR code.
• Import the master public key to a wallet software. (From the available, I prefer Sparrow*)
• Create a transaction.
• Export the PSBT in QR code from your computer's screen.
• Scan the QR code from SeedSigner.
• Sign the transaction from Seed Signer.
• Export the signed transaction in QR code.
• Scan the QR code from your computer.
• Broadcast the signed transaction

Ta-da! Transaction signed in the air!  

*Sparrow is a wallet I'd never used, as I put Electrum above others, but I'll have to admit it's good. Perhaps even better than Electrum. The reason you can't use Electrum (at least not easily) is because it doesn't support animated QR codes, which is the way SeedSigner exports xpub keys and signs transactions. That's because the screen isn't big enough.

---

---