As of 6/4, id field shows up as blank in the URL in TOR Web browser, so there is no way to employ the workaround of going to the alternative noscript page, because no id is given.

Looks like the double spend warning went away after a while.  I guess it just took time for the first transaction to get totally cleared from all the mempools.

I thought the whole point of replace-by-fee was so that it wouldn't be classified as a double spend.

It used to be that if you included 1 Sat / Byte there was a pretty good chance of eventually getting confirmed, if you didn't mind waiting several days.  But now, after segwit, what is the minimum fee to stick around in the pool long enough to eventually get confirmed?  Is it 1 Sat / Byte or 1 Sat / Weight Unit?  Should we all be talking fees in terms of weight units nowadays?  How is the mempool minimum transaction fee coded in a post-segwit world?

What's the collective opinion here?  Is the segwit wallet implementation "bullet-proof" and completely trustworthy for meaningful amounts of bitcoin?  Has it passed the same kind of code review process as the older wallet implementation?

(I'm aware the bech32 address format may still conceivably change, I'm just talking about the safety/reliability of the wallet, for example, being confident that the generated public and private keys always match, and you won't run into a situation where you receive money to a certain address and can't ever spend it because of some bug).

I see now why it would be recommended to move your coins to a new wallet.  However, the instructions on the electrum site only said to move to a completely new wallet if you planned to enter the seed into something untrustworthy like Electron Cash wallet.

Even if you move all your bitcoins to a new wallet, if you access your bitcoin cash first, then your bitcoin gold is exposed and vulnerable the instant you reveal the private keys in order to sweep the bitcoin cash into a bitcoin cash wallet, and vice versa.  There's really no way to do everything simultaneously -- something will always be at risk.

I see your point that it is only a vulnerability if the master public key is also revealed, but Electrum doesn't encrypt its watching wallets, so if you ever run a watching wallet on an internet-connected computer, there is a risk that the master public key could have been compromised at some point in time.  I don't think you have to actually display the public master key on your screen for it to be vulnerable to malware.

Oh wow.  That really is disturbing.  I wish that Electrum had issued some kind of warning when I chose to display a private key.

The problem is that since Electrum is incompatible with bitcoin cash and bitcoin gold, there's really no way to access those coins without moving the individual private keys into another wallet.  I thought that would be safe to do provided the associated address was empty of bitcoin and would never be used again.  Very scary to hear that when combined with the public master key, that's enough to compromise other addresses generated from the same seed.

I would be interested to know the theory behind this.  If the only attack is that you could try a bunch of random seeds and try to find one that generates a given private key, that's not any more viable than trying a bunch of random seeds and finding one that generates a given address.  So what is the mechanism by which you can reverse engineer a seed from one or more private keys?

I think the answer to this is "no", but would appreciate confirmation.  Thanks.  I want to make sure the other addresses in my wallet are still secure, even after revealing the private key to one of the addresses.

It appears that there will be two variants of segwit supported in Electrum: P2SH-segwit and native segwit.  Which is recommended?

Is it safe to use the same mnemonic seed that you use for your solo wallet as the seed for one part of a multisig wallet?  Is it safe to use the same mnemonic seed as a part of two different multisig wallets?

Right, I understand that in principle I could run tails on a computer that "never touches the Internet" and create/send transactions from a regular online computer, but:

1. I'm not sure that's necessary, since tails wipes everything between boots.
2. I'd rather send transaction from an online tails than a regular online computer, since tails is less likely to have a virus.
3. If I'm going to use tails for both the offline and online actions anyway, maybe I could use it on the same computer, which would be simpler.
4. I'm not sure it's really advisable for tails to "never touch the Internet" because you are supposed to update tails regularly, which requires connecting tails to the Internet (although I could do that with storage disengaged).

What kind of isolation is desirable when using Electrum in Tails for both online sending and offline signing?

For example, can I safely:
1. Have both a watching-only and standard wallet in persistent encrypted storage.
2. Start tails with persistent storage and internet connection active.
3. Open watching-only wallet and create unsigned transaction (save to storage).
4. Reboot tails with persistent storage active and internet connection inactive.
5. Open standard wallet, enter passphrase and sign transaction (save to storage).
6. Reboot tails with persistent storage and internet connection active.
7. Open watching-only wallet and send signed transaction.

In this scenario, the password is never entered into the computer while it is online.  Is that good enough, since Tails wipes the computer's memory between boots?

Another scenario:
1. Have standard wallet in persistent encrypted storage, watching-only wallet on 2nd unencrypted thumbdrive.
2. Start tails with persistent storage inactive and internet connection active.
3. Open watching-only wallet and create unsigned transaction (save to 2nd thumbdrive).
4. Reboot tails with persistent storage active and internet connection inactive.
5. Open standard wallet, enter passphrase and sign transaction (save to 2nd thumbdrive).
6. Reboot tails with persistent storage inactive and internet connection active.
7. Open watching-only wallet and send signed transaction.

In this scenario, the persistent storage is never enabled while the computer is online so the computer can't even "see" the electrum wallet while it is online.  Is that good enough?