Mathematically, it is an interesting piece of work. However, not only will be made more or less obsolete by Schnorr signatures as HeRetiK says, but I have some concerns with it being implemented in practice.

First of all, it still requires trust. It is essentially a 2-of-3 system, meaning the "Service Provider" and "Recovery Server" can collaborate to steal the user's funds. Given that this method does not yet exist, then presumably whichever company first sets it up and offers it to their customers will also be hosting the recovery server, meaning they have complete control over your coins should they turn evil. It also completely relies on this company continuing to operate.

Second of all, even if the "Service Provider" and "Recovery Server" could be spread between two different companies, you are still entirely dependent on this one implementation of the software. If that disappears from wherever it will eventually be hosted, could you recreate it and recover your coins? Again, it involves a lot of trust.

I always check the firmware changelog/release notes before I install it, and I don't bother if it is only minor cosmetic or altcoin changes which I have no need for. 1.6.0 was an important update, which included a bunch of bug fixes as well as security enhancements to how the PIN was entered. 1.6.1 on the other hand had no security improvements, and simply added some stuff relevant for altcoins (BLS12-381 curve, faster uninstalling/installing of apps). Therefore, I have not bothered to upgrade to 1.6.1. I would have to retrieve my devices from their secure locations, and then fire up a VM and install Ledger Live on it, and I can't be bothered doing all of that for an update which means nothing to me.

---

Do you have a link for this? I can't find anything on a (admittedly very cursory) internet search. All the stuff I have read before is in regard to lifting a target fingerprint and creating a copy, as opposed to a "generic" fingerprint.

Electrum is the first wallet to implement such a button, but many wallets already support RBF transactions, which is all that this button does.

Any scammer with access to a search engine and 10 minutes could figure out how to make a RBF transaction back to themselves. This button doesn't really make any significant difference on that front.

Replacing a transaction by hitting the "cancel" button is only possible with transactions which are opted in to RBF and have zero confirmations. Such opted in transactions have never been safe to accept with zero confirmations.

Have you ensured the proxy setting within Electrum itself is disabled? (Tools - Network - Proxy)
Is the other computer which is synchronizing fine on the same network as the computer which is not synchronizing? (This rules out any issue with your connection or router)
Are you trying to connect via a VPN or Tor?

You could try writing your logs to file (details here: https://github.com/spesmilo/electrum-docs/blob/master/faq.rst#how-to-enable-debug-logging) and either taking a look yourself or sharing with us - it might shed some more light on the situation.

I'm not sure if your meaning is getting lost in translation here, but how can you provide evidence of the same amount of mixer use being illegal? Where is this evidence? The biggest analysis done shows that only 8% is illegal.

I am not aware of any law which states that mixers are illegal. Can you provide a link?

No. If we are talking about ChipMixer, then it is trivial to prove that the coins I am spending came from ChipMixer due to their classic chip funding structure and transactions. It doesn't matter where the coins came from before that, because they were not in my possession. I'm not concerned that the cash I am handed in a shop or from an ATM might have come from illegal activities, and so I am not concerned that the bitcoin I am handed from a mixer came from illegal activities.

The same can be said of using Tor, or using encryption, or using end-to-end encrypted messaging, or not allowing the government to tap your phone lines, or read your emails, or your IMs, or your hard drives, or search your house, and on and on. If the only way to stop your government investigating you is by abandoning all privacy, then its time to move country.

I find this is easier if you think in terms of satoshi rather than in terms of bitcoin. There is a limit of (slightly less than) 2,100 trillion satoshi. Global GDP is $81 trillion. Global stock markets are $70 trillion. Even global derivatives markets (which aren't really money) have an upper limit of somewhere around $1,200 trillion. So even if bitcoin becomes a global currency, there will still be plenty to go around.

And even then, the 8 decimal limit can be changed. Lightning already works with 11 decimal places, with the smallest unit being milli-satoshi. With a hard fork we could introduce more decimal places in to the base layer, if the demand for it became great enough.

I wouldn't listen to a single word this author says about bitcoin.

Here he is in 2019 calling bitcoin "fundamentally flawed" - https://www.fool.com/investing/2019/06/25/3-reasons-bitcoin-is-fundamentally-flawed-as-an-in.aspx
Here he is in 2018 calling bitcoin "a gigantic failure" - https://www.fool.com/investing/2018/02/14/is-bitcoin-destined-to-be-a-gigantic-failure.aspx
Here he is in 2017 calling bitcoin "a fraud" - https://www.fool.com/investing/2017/09/18/bitcoin-is-a-fraud-according-to-the-ceo-of-the-lar.aspx
...
Here he is as far back as 2013 calling bitcoin a "fictitious token" - https://www.fool.com/investing/general/2013/04/13/this-is-the-real-danger-of-the-irrational-exuberan.aspx

There are 295 articles authored by him on fool.com which mention bitcoin. For someone who writes so much about it, it's incredible that he is so consistently and fundamentally wrong about it. He's been parroting off the same arguments as in this article over and over for 7 years.

---

I did get a chuckle out of the first two paragraphs though. Paragraph 1 - It isn't really scarce! Paragraph 2 - It's too scarce to be useful!

Absolutely. A determined attacker could even use create a github repository with a name to be similar to spesmilo, just like they use fake URLs that look very similar to the real thing.

It would probably be in their interests to do something not immediately noticeable. They could easily replace the installer with ransomware, for example, but the first person who downloads it is going to go straight to Reddit/Twitter with their situation.

It's an interesting scenario. Outside of updates, I rarely if ever need to download Electrum. I imagine most established users are the same, and these are the users who are most likely to take proper security precautions and verify their downloads. New users, on the other hand, are more likely to be downloading Electrum and also less likely to verify.

Everyone should do this as standard. You can buy external storage for about 25 bucks per terabyte. There is no excuse to not having all your important files and documents regularly backed up.

There is little point in backing up the files on the same piece of hardware as the original files are stored. The only thing that protects you against is if you accidentally delete them or overwrite them. It does not protect against theft, loss, hardware failure or damage, natural disaster, etc.

I don't think they do host both in the same location, though?

If you go to the download page, there is a link to ThomasV's key hosted on the Electrum github: https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc
If you go to the about page, there is a link to ThomasV's key hosted on an OpenPGP keyserver: http://keys.gnupg.net/pks/lookup?search=0x6694D8DE7BE8EE5631BED9502BD5824B7F9470E6&fingerprint=on&op=index

Now obviously an attacker with access to the electrum.org hosting could change those links to point to their own keys, so the point about web of trust, or at least using external sources to verify the correct key, still stands.

You can type anything in to the boxes. The email address doesn't even need to be real one (as in, not even a burner one - they don't email a link or anything), as long as it is of the format xxx@yyy.com. The relevant section beings just after the 37 minute mark.

I'm not sure what you mean by this? Coins from miners are either newly generated block rewards, or rewards gathered from fees. Unless someone tries to launder money through paying an exceptionally high fee and then mining the transaction themselves (which would be entirely obvious), then how can these coins be from scams? Furthermore, the vast majority of coins from major hacks which hit centralized exchanges are going to be frozen or seized long before they are transferred out to mixers.

This is just the "Nothing to fear, nothing to hide" argument, which has been thoroughly debunked. I would direct you to a previous post of mine on the topic here: https://bitcointalk.org/index.php?topic=5214200.msg53499357#msg53499357. I mix or coinjoin all my coins, despite doing nothing illegal with them, for the same reason I don't publish my bank statement on an public forum and I use a password on my email account - privacy.

We will find out very quickly, likely within a couple of hours at most, when someone tries to verify the fake version which they downloaded from the hacked site and find that it was not signed by Thomas Voegtlin. The only people who will be at risk if electrum.org is hacked are the users who fail to verify the download before running it.

If the site is compromised, I would also expect a signed message from Thomas Voegtlin or one of the other main devs to be released very quickly stating as such.

If you are unable to recover the file yourself, there are a number of file recovery services which exist. All of them cost money, and all of them are a huge privacy and security risk as they involving handing over your hard drive (or at least, the clone of your hard drive you should have made) to complete strangers. Only you will know if 0.95 BTC is worth the financial cost and the security and privacy invasion to you personally.

Moving forward, I would suggest to anyone reading this thread that you never destroy your only copy of a wallet, private key, seed phrase, back up, or whatever. There is no telling when you might make a mistake like OP has, or someone sends you coins to an old address, or you need to sign a message from an old address to prove ownership, or a dozen other possible scenarios. There is no good reason to delete a wallet.

I think what OP is asking is how to see the fee of an incoming transaction, so as to get a rough idea of how long it will take to confirm. The answer to that question depends on the client or wallet software you are using, so if you can answer that question then we can give more detailed instructions.

Alternatively, if you know how to find the transaction hash or transaction ID of the incoming transaction, you can paste it in to a block explorer such as https://blockchair.com and look at the field "Fee per vbyte".

"Develop this way or we will pull your funding."

I don't trust Coinbase with a single satoshi. History has shown that anything they stick their grubby little fingers in to is for their own benefit, and their own benefit alone. They are quite happy to sell out their customers and sell out the community to enrich themselves.

I'm not suggesting that Coinbase are going to try to pay off devs to insert malicious code, or that any of the devs would take up such an offer. What I am suggesting is that the only reason Coinbase are doing this is because they want to be able to influence bitcoin's future development and direction. They wanted a few years ago to get rid of the core devs and set up a new team. It was obvious they were never going to be able to do that, so now they are going to try to influence the direction of bitcoin from the inside. Coinbase are essentially going down the path of "If you can't beat them, join them."

They already have in the past, as have most companies. There were minor inconveniences such as reducing the number of apps which could fit on the device, to much more serious ones such as the device resetting when updated, with a handful of reports of users losing coins because of this. Now obviously, the user is also to blame here for not having their seed phrase backed up, but it is undeniable that the Ledger update process leaves much to be desired.

I still love the physical Ledger devices, and I still absolutely hate Ledger Live.

Not only is it not an advantage, but it is a real disadvantage. I would actively avoid any devices which rely on biometrics. If the device has optional biometrics which can be disabled, that's fine, but using biometrics as the only unlocking mechanism is incredibly risky. Looking at the device, there is no other way to unlock the device other than your fingerprint. Doesn't matter if the rest of the wallet is the best in the industry - for this reason alone it should be avoided.

This will be the same Coinbase who were quite keen to fire all the core developers are bring in a whole new team just a few years ago, right? The same Coinbase who tried to swing their weight around to force 2MB blocks and prevent SegWit from happening, against all the recommendations and plans from core developers?


What's changed? Why are they suddenly sponsoring people they wanted rid of a few years ago? Leverage?

Exactly. Coinbase already work hand in hand with governments and banks. These are not the kind of people we want funding bitcoin development.

Biden has already said he would raise corporation tax back up to 28% on day one of this presidency, although with the Republicans still controlling the Senate they could block him.

As you say though, the tax cuts were a boon for corporate profitability. They were not a boon for the average worker as was claimed they were going to be. Does anyone remember this document: https://www.whitehouse.gov/sites/whitehouse.gov/files/documents/Tax%20Reform%20and%20Wages.pdf? Predicted boosts of $4,000 to $9,000 per household, per annum? Never happened. Increase in business investment? Investment actually decreased in 2019, even before COVID hit. By and large, all these tax cuts did was hand more money to billionaire shareholders. The average worker saw zero benefit.

Because people do not understand nor appreciate their privacy. It is concerning that such a lack of understanding is commonplace among the general population, but I find it doubly concerning that it is now becoming commonplace among the crypto community. People seem to want exchanges and governments to be able to monitor their every financial move, which is mind boggling since bitcoin was created specifically to remove trusted third parties from controlling your money.

Please read my previous post two above yours. Pulling random numbers out of thin air, such as "99.999% of mixer traffic is from scams", with absolutely no evidence to back it up, is ludicrous. The biggest analysis of mixer traffic to date showed that only 8% of mixer traffic is linked to scams or otherwise illegal activities.

If you really don't want to visit the link, then please see the graphic below which neatly summarizes their findings:

It's not really surprising. When it comes to their customers, Coinbase have always been about invading their privacy, controlling their spending, freezing (censoring) their coins if they do not like where they came from or where they are going to. It's not exactly surprising that such an ethos would spill over on to their employees as well.

The most surprising thing about all of this is just how much of the community is quite happy to lap up Coinbase's completely transparent attempt at an excuse for this, which is entirely to do with their own profits and has absolutely nothing to do with the wider good.