We will need a little bit more context, but likely no. The fee in the second scenario will be less, because the change (if any) will create one output instead of three. If you don't create any change, and simply spend each UTXO to create another UTXO, then it is still cheaper. A transaction spending a segwitv0 input and creating a segwitv0 output is 110 vb. Multiply it by 3, you get 330 vb. On the other hand, if you spend three segwitv0 inputs to create one segwitv0 output, the transaction size will be 246 vb.

First things first, you should setup a lightning node. Privacy should not be taken for granted when relying to a custodial wallet. Then, you can open multiple channels with the funds you want to mix. At that point, you'd have only sending capacity, so you can go on swap services like eXch or fixedfloat and exchange it all for Monero.

Damn, I have a dirty mind.

I don't have a Ledger, but according to this, it allows you to make use of coin control. That means, you can pick which of the unspent outputs to spend.

Say, for instance, that you have Unspent Transaction Outputs (or UTXO for short) #1, #2..., #9, #10, each loaded with 100 BTC. To spend 250 BTC, you'll have to pick three, your choice which (e.g., #1, #2, #3), and use them as inputs for a transaction. In that transaction, you'll spend 300 BTC, to create two outputs, one worth of 250 BTC (the recipient's) and another worth of 50 BTC (your change).

Yes.

The money will stay in bc1...2sm, and you can normally spend them. Ledger generates a new address each time for privacy reasons. Address reuse is completely valid, funds will be normally displayed; it is just not recommended as practice.

You just have multiple addresses, in one account.

As of today, there are two well-known algorithms for this process. Baby-step, giant-step, and Pollard’s rho.

In both BSGS and Pollard's rho, you need to perform operations on the elliptic curve, which requires to know the actual points involved. You can't run these algorithms based on the hash of the public key. And since both have time complexity O(sqrt(N)), you have an orders of magnitude advantage on working out private keys of known pubic keys.

You can actually perform a reversal from public key to private by reversing the modular multiplications which produced the public key; it's just very computationally expensive, and considered infeasible for very long numbers like 256 bits. In mentioned puzzles, the puzzle makers have deliberately generated insecure keys, to encourage finders from attempting to break them. It's a smart way to know the progress in breaking the elliptic curve's security.

They're probably referring to these: https://bitcointalk.org/index.php?topic=5218972.0.

---

Here's a good article for everyone interested in the details to read: https://andrea.corbellini.name/2015/06/08/elliptic-curve-cryptography-breaking-security-and-a-comparison-with-rsa.

In addition to that, which one could reasonably assume they had had pressure from their government, they are very pro-taint in general. In this post, you can discover brilliant findings from the Max Hillebrand's podcast (a Wasabi dev), in which it is demonstrated that not only don't zkSNACKs treat each coin equally, but they're thinking of introducing the option for each client to approve and disapprove with whom they will do coinjoin.

Another good finding in the next post, in which Max admits blockchain analysis produces false positives and could treat an innocent individual as criminal, but they nonetheless fund it, and are quite happy with criminals being blacklisted as well. If you search on Kruw's posts in this board, you can find quite a lot of assertions of him being satisfied with tainted coin owners being deprived the right for privacy.

But, no. "Privacy for everyone in the digital age", above all!  

That sums it up perfectly. Taint is simply inaccurate, because, to begin with, you can't tell with certainty whether a bitcoin changes hands.

That's correct. Notice how astronomically small the minimum long double is. If you increment it by epsilon (the smallest possible increment in floating point numbers), it goes from e-4932 to e-19. That's lack of accuracy; tradeoff when working with 64 bits and real numbers.  

Another fun fact. The maximum long double number is 1.1897314954e+4932, as rightly said. This means that long doubles are 2^128 in total, in a range of [~0, ~10^4932]. The more you increase the wanted number, the more inaccurate it becomes.

I'd take it to the next level and suggest to stop talking about Bitcoin with your friends in general. It draws unnecessary attention. Malicious people don't need to know the exact amount of bitcoin you have, as long as you're into it (well, unless you have quite a lot!). If you know that they know you own bitcoin, you should regard yourself a target, just as with owning any other financial asset, like gold, jewellery, stocks.

That doesn't work if they don't have a decent amount of money in their bank, I can assure you!  

Do you mean the view key or the transaction key? If the former, it is true regardless the transaction. If the latter, it is not used to reveal amount, simply to prove payment. 

You will be able to know the transactions you made with your clients, and they will know as well, including your addresses. What you can't know is where they spend their XMR.

By "main", I presume you mean "primary account". That's the accepted term. XMR sent on a sub-address of an account are part of the account.

All XMR on your sub-addresses are part of your account, and can be spent altogether normally. I don't understand your concern.

Check out eXch: https://exch.cx/. That's more of a swap service, though.

You can reuse addresses normally, it's just not recommended for your privacy.

It's just like in Bitcoin. Money sent on an address, stays on that address unless specified otherwise.

Because centralized exchanges have to follow regulations, and usually, regulations are hostile to privacy coins.

I just have to tell you that you need to change wallet software. Exodus is closed-source. Besides that you should expect minimum privacy, it is likely that it's less secure as well. Consider open-source alternatives, like Monero GUI: https://getmonero.org.

Usually, people who engage in recovery of randomly found wallet.dat files, search for other victims to sell them to. If you bought such a file, and you've lost hope of recovery, then maybe you can convince a gullible newbie to buy it.

They are not "known". You simply trust the word of the sellers. There is no way to verify the balance of the ever-recovered wallet, because the private keys and/or addresses are encrypted (if any).

I mean, even if the court said he was Satoshi, it'd seem more plausible as a scenario that the juries were bribed, or that Craig found a loophole in the law. It is beyond my understanding how can one throw away all the forgeries and evidence of him being completely untrustworthy, and stick to insignificant details-- which ultimately can apply to every individual.

Seems to me like you really want him to be declared as Satoshi, no matter how you argue the opposite. If you didn't, you'd have focused on the evidence and forgeries that have ridiculed him years now. If your stance was neutral, you'd have looked on both that evidence and his "evidence", and reach the conclusion we've all had. You must be personally interested in him winning the case to support him as his unofficial lawyer.

You warn him that if he deposits your bitcoin in a centralized exchange, he might have his coins censored. I personally haven't experienced a situation where the merchant asked me for the source, or "pointed me" as the source, even though almost all of my bitcoin were mixed. When the merchant uses Coinbase or BitPay, I simply refuse to pay him on-chain.

You could swap BTC for XMR, and then back to BTC in separate addresses. Perhaps that's less expensive.

Just checked your other post in a discussion about buying wallet.dat files. These are scams.

So, to clarify: You haven't locked yourself out of your bitcoin. You don't even know if the files you possess have any bitcoin if unlocked. You have simply put faith in some random stranger in the Internet who told you these files have bitcoin if you find the password. I strongly advice you to stop wasting your time!

Great, so use one of the available methods above in an airgapped environment.

None of the methods above talk about "web wallet service".

I don't know what experience you have with web wallets. Please don't use web wallets, because they are less secure. Use reputable, open-source, peer-reviewed software like Electrum in a freshly Tails booted, airgapped machine.

So use Electrum.

What hackers?? Electrum is open-source and reputable for years now.

I have come to the conclusion that you have no idea what you're doing. Please be careful or you'll lose bitcoin.

Scammers in social media, what a surprise. But, it's these particular Facebook groups which tend to attract scammers. These posts don't exist in say, a Star Wars fan group. You need to have entered a specific group type with "making money out of crypto" as the main topic. Which you shouldn't have entered in the first place as they're fraud.

Also, what bull run are we talking about? Price recovery in the Bitcoin land is like a morning coffee. Bull run will begin when we exceed the $70k.

Don't try to copy blocks, chainstate and indexes without making sure your external disk is error-free. Check its condition. There's a small chance it has bad sectors, which can lead to incomplete transfers (AKA, corrupted files). During transfer close any unnecessary programs. I'd use a freshly formatted disk for this purpose, if I were you.

Speaking out of experience...  

Sorry if I have confused you. What I meant is that whether you keep the bitwise operation in the expression or not, it won't make a big difference in terms of time, because it is inexpensive. On the other hand, pow is more computationally expensive, and you can notice the difference if you remove it from the expression.

Compilers like GCC have developed overtime and come with optimization options. There are quite a lot. I don't know them all obviously, but I've used -O1, -O2 and -O3.

I know, I'm not totally sure about what -O2 and -O3 do behind the scene, but due to them being more aggressive, I expect they ignore the empty loop.

Yes, but double is... not integer. A double can take up to 2¹²⁸ values (hereby, 128-bit), but it cannot represent all the numbers between 0 and 2¹²⁸, if that was your goal. Read about double-precision in here: https://en.wikipedia.org/wiki/Double-precision_floating-point_format.