At least with the first-time login bug (I know what you are referring to), the user will be notified and is given clear instructions on how to resolve the issue. Having to wait 6 minutes after logging in is not obvious to anyone new to the forum, even if they read the sticky threads in meta.

I am not familiar with the SMF codebase, but I imagine it would not be terribly difficult to not count someone logging in as an action that a user needs to wait an amount of time in order to post.

Buying gift cards via bitrefill (or any other site) is not the same as using bitcoin directly at the merchant. Buying a gift card via a third party means you have to trust the merchant, the third party (and any third parties the entity you are buying from is using to procure the gift cards).

---

I don't see Amazon accepting bitcoin in the near future. They are not a change maker. Amazon does not innovate, they do things at scale that allow them to undercut their competitors. Amazon will not start accepting bitcoin until its competitors start accepting bitoin, and this becomes a competitive disadvantage.

I think there is a pretty strong argument to say that logging in (nor reporting posts) should count towards the 360 second (or however many seconds the account is subject to having to wait) limit. It may make sense for some accounts to have a higher wait time for reporting posts.

I can’t think of any reason why someone should have to wait 6 minutes to post after logging in. I don’t think it is unreasonable to believe that someone may read many posts while not logged in, find something interesting, log in, and try to post.

The forum does not require a license to create a thread.

If you create a thread that infringes on someone’s trademark, and the trademark holder complains, the thread will be removed.

It is never allowed to post malicious links without a warning, so regardless of if an “official” representative of a project is creating a thread, a thread with a malicious link should be removed.

The substance of a post is not limited to the text of the post; it includes the work that went into writing the text (potentially beyond typing the post).

For example, if you ask a question that requires a substantial amount of research, or computation, after conducting the required research, or performing the required calculations, I write a post with a one-word answer, my post would be substantial as a lot of work went into the post.

Similarly, the bounty hunters need to make social media posts on other platforms, and will post links to those posts as part of their bounty "reports". So there is some work that goes into the post that is not actually writing the post.

The forum does not need money, but that does not mean that the forum will not generate revenue. Theymos has certainly left a lot of money on the table by not allowing for targeted forum ads, nor "paid stickies" (the two are very similar), but I don't think it is accurate to say that theymos does not care about ad revenue. There is at least a minimal effort put into generating ad revenue for the forum.

As I mentioned in my previous post, and as you mentioned, the bounty reports posts really do not affect anyone negatively. There is an entire sub dedicated to what amounts to a place for bots to read other bots' posts, and in which there is no other conversations. So there isn't anyone trying to read conversations in the bounty sub.

They add page views, which affect forum ad revenue.

I don't know about the people in the OP, but I think there are a decent number of accounts that can be described similarly as those in the OP that are just in a bot. The bot will make various social media posts, and will post reports about what they posted on the forum. On the other end, those "reviewing" bounty reports are almost certainly bots.

So we have bots making posts, and bots "reading" posts, all the while, the number of page views is being padded.

The cost of a million bounty posts is likely not more than a few cents per month. Cloud SSD storage costs about $0.17/GB/month, or $0.34 for high availability. I don't see a million bounty posts taking up a GB of storage.

I think there are probably an outsized number of bounty hunter accounts that have purchased a copper membership. Copper memberships are priced in bitcoin, however, the price is periodically adjusted to be approximately $30. A single bounty hunter buying a copper membership is going to pay for multiple months worth of storage-related costs associated with all bounty posts.

---

I don't have a problem with bounty hunters. They generally stay in their section, so I never have to read their posts. So they don't burden me in any way.

Under what circumstances is a transaction published? From what I can tell, a transaction will never get published because someone receiving a transaction will need to spend their coin before the previous person can have their transaction published.

Another issue is that the person who spent a given UTXO has veto power over how the next person spends their coin. If Bob sends coin to Alice, Bob will need to sign information about Alice's subsequent transaction, so if Alice tries to send coin to Bob's ex-wife, Bob can decline to sign Alice's spending transaction.

I also don't think it would be possible to create coins under this setup. With PoW, a UTXO is created when a block is found, and the block header is a derraritive of the coinbase transaction. However if a spending transaction needs to include information about the subsequent transaction, it would not be possible to include the coinbase transaction because it will later change.

I read the data as the number of reports that were made by forum members during the period. From Nov 26 through Dec 26, there were 112 reports that were made by forum members that were unhandled as of December 26.

The difference month over month is approximately the number of unhandled reports, per the OP that has been made since the beginning of 2020.

It is mathematically expected for solo miners to occasionally find blocks. Like someone winning the Powerball, even if it is expected that someone will eventually win, people still like to talk about the Powerball winner.

---

While I am sure the person using the ~$11k miner is happy they were able to get a ~$262k payout, it is -EV for a miner to mine if the expected number of blocks they will find every frequency that the difficulty increases is less than 1.

For example, if a miner expects to find 0.2 blocks every two weeks, and for the difficulty to increase by 10% every two weeks, if they mine via a pool, they will get approximately 0.2 blocks worth of revenue for the current two week period, and if they are solo mining, they will expect to not receive any revenue during that two week period. Since the difficulty is increasing, the solo miner would not expect to find a block until after the difficulty changes 7 times. After that, they would not expect to find another block for over a year.

In order to produce an ASIC, the manufacturer needs to first invest (a lot of) money in R&D so they know how to create the miner. They also need to use specialized chips that are not trivial to procure.

It is unclear what exactly they are going to make "open-source". If they are going to make the firmware and software that runs the miners open-source, this will do effectively nothing for anyone, as without the R&D investment in designing the hardware, the firmware and software is worthless.

if they are open-sourcing their hardware design, they would be effectively giving away their R&D investment.

No, probably not. It is not trivial to mass-produce ASICs. If Jack were to produce some ASICs that he sells for less than the market rate, they will quickly sell, and will be resold for the going market rate.

As a general rule, if you are using a smartphone, you will need to sacrifice privacy in exchange for the lower cost of using your wallet. This is especially true if you do not have a laptop available.

To answer your question, if you are using an android, and don't have access to a laptop (to run a full node), I would suggest using electrum. The electrum server you connect to will know your transaction history and will know about your addresses.

From what I can tell, those who were using the software distributed on their platform were not paying Crossrider (now Kape). It is unclear if they had paying customers (startups often offer their services for free as a ways to get a userbase), however it appears their customers were the developers who would host their software on their platform. I haven't seen any evidence they were offering any kind of warranty on software being distributed on their platform.


I am saying it is not possible to use the data to invade your privacy. You are saying it is unnecessary. Most, if not all of this data is also collected by theymos on this forum. Most of this information is sent to the website you are visiting by default.


Apart from the speed issue related to using Bisq, and the issue that centralized exchanges ultimately are necessary to provide a price reference for professional traders on Bisq, I think there is a very real risk that you will have your money stolen. The incentive structure on Bisq means that you will probably not have anyone scamming for $1, but for larger amounts, the risk is real. Bisq allows for many reversible payment methods that can be potentially reversed long after the fact. Bisq also mentions that sellers accepting higher risk payment methods may ask for things such as "proof" of identity, and giving your information to these types of people is especially risky, far more risky than giving your information to Binance or Coinbase, IMO

I think it really depends on the specifics of the person's situation. It is probably best for someone with any meaningful amount of assets to employ an estate lawyer to draft a plan to have assets moved upon your death. An estate lawyer can advise you based on your specific circumstances how quickly and how much of your assets can be transferred. This is probably one reason why the OP's proposal would not work well, as what may work in some jurisdictions may not work in all.

In general, the location the person died determines the jurisdiction of any probate court, or any rules regarding limitations on the transfer of assets.

Yes, sadly, it appears Mozilla has stopped accepting crypto donations.

If you ask me, the article you cited (and the one I left in my quote of your post), is more of a defense of Kape, than an indictment.

For example, the article says:
So they were distributing software the same way that the Apple app store distributes iPhone apps, except without the same standards checks that apple puts through software that is distributed on its app store. After the software distribution venture was shut down, they changed out their management.

One of their owners may have ties to Isreali spy agencies, but this is not proof of anything. Kape also is effectively buying reviews, which is very shady, and while not explicit evidence they are spying on their users, it may be implicit evidence they should not be trusted.

I would say that Kape distributed malware the same way that theymos promotes the idea that CSW is satoshi -- by hosting a platform in which 3rd parties can post content, even if some people do not like the content.

I am not aware of any evidence that Kape actually created any malware, or that there was malware in any of their software -- the malware was in software distributed on their platform. After the original Napster was shutdown in 2001, there were a various number of torrent-like platforms that allowed people to download what amounted to pirated music (and movies?). Sometimes, people would share malware disguised as a popular song or video -- in these cases, the torrent platform was not distributing the malware. There are various messages in various transactions and in block headers in the bitcoin blockchain, these messages are not being distributed by "bitcoin", nor are they being distributed by the devs who create bitcoin core.
If you are paying via the legacy banking system, you really cannot not give your name and address to the merchant (or prevent it from being easily available to the merchant). If you are paying via crypto, it would be trivial to provide fake details.

If you are using an app on your phone, any potential input can potentially cause problems. Unless you expect someone to cross-reference satellite images of people spinning while looking at their phones to their gyro-sensor data, providing this data is not going to result in any loss of privacy.

It is not possible to reliably convert fiat to coin or coin to fiat via a DEX. You will ultimately need a centralized exchange with a payment provider, or accept an elevated risk of being scammed (by someone who is not the exchange).

The problem with the OP's solution, and with a multisig setup, is that you (effectively) must tell your (future) heirs that they are receiving an inheritance ahead of time, and that you cannot revoke the inheritance or change the amount without it being obvious to your heirs.

In some cases, a person may tell their heirs about their inheritance, but I think most of the time, the specifics are kept private.

This really depends on state law, and the specifics of the person's estate. For example, you may be able to designate an account as payable on death that will allow the bank to automatically transfer ownership of the account to your designated beneficiary upon your death, without the beneficiary having to wait for probate.

You will want to be sure that your assets outside of your POD accounts are sufficient to cover your debts and any tax liability, otherwise your creditors (or the tax collector) may come after those who received the POD accounts, which can be unpleasant.

No. The public key is derived from the private key by multiplying a point on the secp256k1 curve by your private key.

The "curve" on the secp256k1 curve is not a curve that you would see in a circle. If you were to see its points plotted on a graph, it would look more like random points to most people.

It is not possible to divide by a point on the secp256k1 curve, and as such, you cannot calculate the mod 2 of the private key.

Some services will email you a PGP encrypted 2FA code to your email. So an adversary would need to access both your email and have access to your (unencrypted) PGP key. Generally speaking, this will be just as good as using google authenticator, if you keep both keys similarly safe.

They can probably also make a copy of your private keys if you give them physical access to them.

Keep in mind that something like an RFID badge can be trivially deactivated. If an RFID badge gives a person access to an especially sensitive location, you can track access times to try to detect if it appears that a badge was duplicated, or is being used by more than one person. Also, some RDIF badges will only let you "out" of a door if you have "entered" a set of doors last, and will only let you "in" a door if you have last "entered" a door without exiting the door.

Bots modify their user-agent headers to evade detection of being a bot. Someone who wants to maximize their privacy and/or try to minimize their browser fingerprint can change their user agent data.

The data you cited they collect is likely for diagnostic purposes to address any problems with their service. None of the data they collect can be traced back to the end-user individually.
Yes, I was asked to sign into a BitPay account in order to see/pay the invoice. I am not sure why there is a difference in user experience. It is possible it has something to do with the fact that restaurants tend to deal with a lot of cash, and businesses that deal with a lot of cash tend to be a higher risk of money laundering.

I would point out that BitPay has said, as recently as last month that customers making payments under $3,000 do not need to provide KYC verification, and only need to verify their email address.

If this data is collected, it is only stored for a couple of weeks:
This data is also supplied by the user, and it is trivial for the user to provide arbitrary data.