The xpub or zpub is simply an encoding of the public key and chain code at that level. The only thing that will make it change is a different derivation path. Indeed, an xpub or a zpub (or any other type of master public key) at the same level encodes the exact same data other than the prefix and checksum.

For example, take the following seed phrase:

At m/0, the xpub is as follows:

If we decode that from Base58 to hex (and add in a few spaces for clarity), we get the following:

This is broken down as 4 byte version code, 1 byte key depth, 4 byte parent fingerprint, 4 byte child index number, 32 byte chain code, 33 byte public key, 8 byte checksum.

Now, let's take the zpub at the same derivation path:

Looks totally different, right? But let's decode that just as we did above:

The only thing that we change is the prefix version code, which is what changes the first four characters from "xpub" to "zpub". Because this has changed, the checksum changes too. And so the encoded key looks totally different, when in reality it is almost identical.

Truly decentralized services are easy to identify. Instead of using the service via a centralized website like any centralized exchange, you run the service locally and connect directly to other users. Bitcoin, Bisq, and JoinMarket are some great examples.

For seeing if something is centralized, the bottom line is this - is there a single point of failure? If the website or server went offline, could I still use the service? Is the code maintained by a single person or company, and if they changed the code to something malicious, could I do anything about it? Can some person, company, or entity, prevent me from using the service?

I would ask what fake decentralized projects you have been dealing with already? Some DeFi scam or yield scam? Why? What's wrong with just buying bitcoin and ignoring these scamming shitcoins and their scamming platforms?

Not exist in the first place!

They obviously aren't going to say no to governments because governments are their biggest customer. They exist precisely for governments, so they can present made up findings filled with inaccuracies as the "evidence" the government wants to prosecute individuals they've decided they want to prosecute, regardless of any actual guilt or wrongdoing.

What should really happen is that blockchain analysis companies go bust and disappear. If we all stopped using centralized exchanges and used bitcoin properly peer to peer as it was designed, that removes a big chunk of their cash flow. And now we need to fight back in courts and prove as we've seen above that their entire analyses are so flawed that no one should take them seriously for any purpose, certainly not for a criminal trial.

The point we want to achieve is for everyone to realize blockchain analysis is provably nonsense.

You can still use coin control even if all the UTXOs are on the same address. Just because they are on the same address does not mean you need to spend them all at once, and you can easily pick and choose any individual UTXO to spend alone or any subset of UTXOs to spend together.

You mean apart from literally everything CSW has ever said? Lol.

Does it matter, though? Many of the big exchanges sell data too. Coinbase for example admitted they were selling sensitive user information to third parties without the users' knowledge or consent. Did it affect them in the slightest? Binance were hacked for thousands of users' worth of KYC data. Did it affect them in the slightest? These exchanges can do anything they like with your data and people simply don't care.

Because it's cheap, and as above, they don't need to waste their money on proper security because they know their users will suck it up when their data is inevitably leaked.

Add in that 90% of the population voluntarily share enough information about their lives across multiple social media platforms to make social engineering now trivially easy.

Absolutely. As I said above, I don't think there is a simple right and wrong answer here.

And no offense to tbct_mt2, but I think they have misunderstood the question. Yes, it is generally better if you can avoid consolidating UTXOs, but this is not the case when dealing with Stonewall transactions as you are here, where the whole point is to either coinjoin with another user or create a transaction which looks like you've coinjoined with another user.

It makes no difference to the fee. It's better not to reuse addresses from a privacy perspective, but if you are going to consolidate all those outputs together anyway then it makes no difference from a privacy perspective either.

As I mentioned above, the best thing you could do would be to receive larger amounts less frequently. If, for example, you are DCAing on an exchange, instead of buying and withdrawing $25 a week, buy and withdraw $100 a month.

Great question! The bottom line is always going to be to wait as long as you can to get as many free remixes as possible.

Let's say you coinjoin six outputs of 0.05 BTC, and then after a single mix you create a stonewall transaction which spends all six of your new outputs together. That's pretty bad for your privacy, and potentially allows all your outputs to be linked. This is going to be the same for any coinjoin implementation.

Let's say you coinjoin six outputs of 0.05 BTC, but then let each one get 5 free remixes before you stonewall them. That's significantly better and much harder to track.

I don't think you can pinpoint a number of mixes and say "After this number it is safe, before this number it is not." It's just not that simple. The anonymity set you get from each individual remix will differ. Some will have 5 inputs/outputs. Others can have up to 8 inputs/outputs. Each other output in one of your mixes might be spent immediately after that remix, which decreases your forward looking anonymity set. Conversely, each other output in one of your mixes might go through another 50 free remixes, which vastly increases your forward looking anonymity set. Similar situation for a backward looking anonymity set - if all the other inputs in one of your mixes are very fresh, then your backward looking set is small. If the other inputs in one of your mixes have already remixed 50 times, then your backward looking set is much greater. Not only will the anonymity set change, but you need to consider your individual threat model as well. Are you wanting to hide your coins from your nosy neighbor next door? Or are you wanting to hide your coins from a nation state attacker? And how many outputs are your stonewalling together? Two might be OK after a couple of remixes; fifty UTXOs much less so.

You might be interested in looking at this: https://code.samourai.io/whirlpool/whirlpool_stats

As an example of my own practice:
As I mentioned above, just leave them in for as long as possible. Good luck to anyone trying to link those particular outputs together.

I've been saying this for years OP:

This space is full of buzzwords. ICO, NFTs, DeFi, decentralized, the list goes on. There are countless exchanges out there which call themselves DEXs, call themselves decentralized, call themselves peer to peer, when they are nothing of the sort. The same holds true for shitcoins. Lots of people don't bother to check if the claims are true, and even more people don't even understand the difference, falsely believing that things like Binance P2P are either peer to peer or decentralized, when they are neither of those things. Centralized exchanges use these buzzwords for cheap marketing because there is nothing stopping them and they know people will be attracted by those buzzwords, even though they are outright lies.

Key images in Monero are something quite different to raw private keys. They are a one time use alternative public key which is used for verifying there are no double spends within the ring signature.

Feather does give you the option to restore a full wallet from your private spend key at the set up wizard. However, I would be surprised in Coinomi gives Loyce the option to export his private spend key. I suspect he would have to go through the https://coinomi.github.io/tools/bip39/ site I linked above, at which point it will be easier just to use the Monero seed phrase it generates rather than the private spend key.

If you are buying Monero on a regulated, centralized exchange, you are doing it wrong. I also couldn't care less about "hype". The majority of Monero users are in it for the tech and the privacy, not to try and chase meaningless hype like is the case with Ethereum.

If we make the assumption that addresses don't change hands, then all you can say is that maybe some part of those to UTXOs were owned by the same person a long time ago. I say maybe, because as soon as a transaction has more than one output, you cannot say "which" bitcoin ended up at which output, and indeed, such a concept does not exist at the protocol level.

The relevance of this is almost zero. Does it matter if you and I both own coins that 10 years ago were both owned by Mt Gox? Is that at all relevant to anything? Everyone will have handled cash at some point which was involved in a crime. What's that old statistic about 75% of bank notes having traces of cocaine on them?

Maybe. Blockchain analysis companies have their own black box of algorithms and equations which they use to create links between addresses and outputs, but as we were just discussing on another thread, it is anything but scientific and often wildly inaccurate: https://bitcointalk.org/index.php?topic=5464886.0

Here's a recent coinjoin transaction I just pulled: https://mempool.space/tx/54e5e265cad4a26bc64dd8ca439f0c62055d7e0a2ff3156f10166aeb17d631f8
Do we say that every output contains 12.5% of the coins of each input? Or do we say that each output contains 100% of the coins of one specific input, but we can only guess which input is linked to each output?

Both statements are wrong. At a protocol level there is no such distinction. So any guesses we make will be exactly that - guesses.

I think the first question is "What are you trying to achieve?" We can clearly say that UTXO X is a great-great-great-great-.....-grandparent of UTXO Y, just by following the ancestry and ignoring the amounts. What are you trying to achieve by classifying this based on amounts? Some compliance mechanism? An inference of common ownership? Your desired outcome will change the approach you want to take.

That's another possible use of multi-sig, though. If you truly have nowhere secure offsite where you can store a copy of a single sig seed phrase, then multi-sig allows you to compromise a little on that. I could set up a 3-of-5 multi-sig and store one back up with 5 friends, for example. Perhaps I don't trust any one of these friends enough to give them a single sig seed phrase, but I collectively trust them enough to know that 3 of them won't all try to betray me.

As pooya87 has said above, it's all about pros and cons, risks and benefits. Is the increased risk of theft offset by the decreased risk of accidental loss? Is the increased redundancy offset by the increased chance of discovery? It's up to the user to decide, but blanket statements like "Don't use multi-sig" are not helpful.

Having said that, in terms of your master seed proposal, I think it is less than ideal. Multi-sig is not just safer because it decentralizes your back ups; it is also safer because it decentralizes your seed creation process. If I have a device which is generating weak seed phrase (see the Libbitcoin Explorer vulnerability as an example), and I create a single sig wallet using it, my coins are lost. If I use it to create one seed phrase of a multi-sig set up with the other 2 (or 4, or whatever) seed phrases coming from a different device which is generating strong seed phrases, then I am protected from loss despite my weak seed phrase. If however I generate a master seed using that weak RNG, and then derive all my seed phrases for my multi-sig from this one weak seed, then again my coins are at risk of theft.

If you are going to generate a multi-sig from one source of entropy and store all your seed phrases as one single back up, then you've not really achieved anything at all. A single sig cold wallet would be a better choice.

Only with BIP39 seed phrases. With Electrum seed phrases, segwit multi-sig wallets always use the derivation path m/1', and there is no option in the GUI to change this. Therefore if you try to use the same seed phrase twice, you will get an error as Charles-Tim has said. If you use a BIP39 seed phrase, on the other hand, you can change the derivation path from the default m/48'/0'/0'/2' (for segwit) to anything you like, allowing you to use the same seed phrase with different derivation paths. (It would of course be possible to use the same Electrum seed phrase if you manually derived at different paths and exported the relevant Zprvs and Zpubs, but all you'll really achieve here is to increase the risk that you accidentally lock yourself out of your coins by doing something weird.)

The other option not mentioned yet would be to use the same seed phrase with different passphrases. You can use this option with either Electrum or BIP39 seed phrases on Electrum. I don't see any real advantages to this over using separate seed phrases, though.

That's not necessary. For any m-of-n multi-sig, the minimum number of back ups you need is equal to n. Each back up will contain one seed phrase, and a specific arrangement of n minus m master public keys such that any m back ups is sufficient to completely restore your wallet.

What this means is that for a 2-of-3, you need three back ups in the formulation that Charles-Tim has shared above, each containing one seed phrase and one master public key. There is no need to have three different back ups just for the public keys, and there is no need to back up raw private keys at all.

You could of course duplicate all your back ups if you wanted and end up with six back ups for a 2-of-3, but you would have to weigh the increased redundancy against the increased risk of discovery.

Of course. The whole point of a multi-sig is to remove any single points of failure. As soon as you bring the threshold number of keys together on the same device or in the same location, then you have a single point of failure.

As BitMaxz says, turning off your internet for a few seconds just while you sign the transaction and then immediately reconnecting achieves nothing. The whole point of a good hardware wallet is to protect against any attacks from the internet. If you don't want your Nano X connected to any device with an internet connection, then you will need a second computer which is permanently airgapped.

After downloading, verifying, and installing Electrum on both devices, you would connect your Nano X to your airgapped device and link it with Electrum to create or restore or your wallet. You would then take the master public key from that wallet across to your online computer and create a watch only wallet in Electrum. You would use the watch only wallet to create a transaction, move it to the airgapped computer, plug in your Nano X to sign it on the airgapped computer, and then move the now signed transaction back to the online computer for broadcasting.

Alternatively, you could buy a hardare wallet which is already permanently airgapped, such as a Passport.

Absolutely unbelievable some of the revelations made in this document. (https://storage.courtlistener.com/recap/gov.uscourts.dcd.232431/gov.uscourts.dcd.232431.159.1.pdf)

First look at Bisbee's report. Bear in mind that this a report from the head of investigations at Chainalysis:

This is a catalogue of incredibly basic errors. These are the kinds of questions which would be asked by newbies on this forum and would be followed by 10 replies within the hour correcting them. This is from the head of investigations, and there is no chance her report was not proof read by a handful of other people in Chainalysis too. How utterly embarrassing for Chainalysis. They have absolutely no idea about the very basics of the thing the claim to be able to track.

And then look at some of the other assumptions that they have made:

VPNs/Tor, how they hell to they work?

How very fair and unbiased. Decide their conclusion, then manipulate the data to fit it.

If your pattern of use is completely average and similar to everyone else's pattern of use, the only explanation is that you are doing it deliberately to obfuscate things, and not, you know, that you are just an average user. What a wild assumption.

An incredible collection of incompetence and ignorance. What a tragedy that so much of this space revolves around the complete hogwash that these scam merchants peddle to governments and centralized exchanges.

Hard? Maybe. Impossible? Absolutely not.

How can you be sure you'll never click an unknown link? You can't. How can you be sure your anti-virus will pick up every possible piece of malware? You can't. Whereas I can be 100% certain I will never click an unknown link on my airgapped computer, because it has no hardware in it which is capable of connecting to the internet.

This is like saying you have driven for 5 years without wearing a seatbelt, so you are confident you don't need a seatbelt. Just because you have been safe so far doesn't mean you will be safe forever more.

Hot wallets have their place. I use a hot wallet frequently. But I only use it for amounts I can afford to lose. My rule of thumb is "How much cash would you carry around in your physical wallet?" $100? Fine. Then $100 worth of bitcoin can be in a hot wallet. $10,000? No chance. So that amount of bitcoin should be on something more secure, be that a hardware wallet or an airgapped wallet.

It's certainly better than a hot wallet, provided you disconnect your internet connection prior to booting to Tails and keep Tails offline the entire time you are using it. But it is not as good as a proper hardware wallet or dedicated airgapped computer.

It's been clear for some time now that Kruw is either incapable or unwilling to address the vast myriad of valid points made against Wasabi in this thread, and instead can only result to copious amounts of hand-waving and whataboutism. Furthermore, it's also clear that Kruw either does not understand how Whirlpool and JoinMarket work, or he does understand but deliberate lies about them to spread his narrative.

Either way, although I'll continue to point out to other users in this thread all the reasons they should avoid Wasabi, there is no point continuing to argue with Kruw.

In general, weekends are cheaper than weekdays, and the cheapest period is usually between around 00:00 and 06:00 UTC.

However, this is very much a generality, and will not hold true 100% of the time. Particularly at the moment, fees are higher than usual for a couple of reasons. We still have plenty of ordinal spam clogging up the lower fee rates, there has been a couple of recent big swings in the price which always results in lots of transactions as people move coins to and from exchanges, but most importantly we are around 60 blocks behind where we should be for this difficulty period. If you knocked 60 MvB off the mempool we would be down in to the 5 sats/vbyte range.

As I said above, it could take months for the mempool to settle back down again. If you don't need to spend these outputs, then there's no rush.