Why not put all your investment information (Amount of BTC and price at which you bought it) into a google sheet or even a simpler way, use Coinmarketcap's Portfolio option? Because by using such methods you can absolutely guarantee that a bunch of third parties will also know all the addresses you own and track all the transactions you make.
|
|
|
Would third parties know if I have my real wallet secured behind a passphrase? Here is what Ledger say on the issue: The Ledger Recover service, if used, does not backup your passphrase. So in theory, no, the third parties would not know if you are using one or more passphrases. But this all depends on whether you trust what Ledger are saying, since I'm sure there will be zero way for the user to actually verify this.
|
|
|
I lost counts how many times I read people lost their coins because of installing fake Electrum or updated it with a click of a button and the balance disappeared. Absolutely, which is all the more reason we should be telling everyone to verify everything they download and never simply trust what they download because they think they are on the right URL. I agree reporting to Google is a waste of time, since Google have shown consistently and repeatedly that they are happy to promote known and proven scams to the top of search results, as long as the scammer pays them. Google don't care whatsoever about their users' safety or security. As Lucius says, for ever site that is taken down (eventually!), five more will take its place. I would also recommend uBlock Origin, but alongside that, simply stop using Google. You can't fall victim to Google's promoted scams if you simply stop using Google.
|
|
|
Another option is to use crypto portfolio tracking apps, such as Delta App, CoinStats, CoinTracking, Blockfolio, Coinigy, etc. The problem with this suggestion is the same as the problem with the other suggestions made above such as a blockchain explorer or Google sheets, as you rightly point out - privacy. As the old saying goes, if you are getting something for free, then you are the product. These services are almost certainly harvesting your data and sharing and selling that with third parties. Setting up an Electrum watch only wallet synced via your own node avoids all this. If you do want to use a crypto portfolio app, then I would suggest manually entering aggregated balances rather than linking it with your wallet or specific transactions, so it cannot track your specific coins. Would it make sense to use listunspent[1] afterwards? This would allow the OP to get the current balance of each address, albeit it wouldn't provide him with a total sum. Is there any command that he could use in CLI to sum each value from the provided addresses and spit the result at the end? He can use the command listaddresses(balance=True) to get a list of all addresses alongside their individual balance, or the command getbalance() to get a total wallet balance. The reason I suggested just doing listaddresses() on its own is because even if he imports a bunch of empty addresses, it means his watch only wallet will automatically stay synced with all this other wallets as he uses more addresses (until he exceeds the gap limit on a wallet, in which case he will need to import the next set of addresses). OP: In order to achieve a better degree of privacy, I would recommend you to run your own node and then you could retrieve this information without relying on any external entity by using Bitcoin Core CLI. I obviously agree as discussed above, but actually if OP is going to be running his own node anyway, then he could avoid the Electrum watch only wallet and simply use Core, importing the master public key from each of his Electrum wallets in to a single Bitcoin Core descriptor wallet.
|
|
|
Given that you cannot import multiple master public keys in to the same wallet in Electrum, then your only way of doing this will be to import all the addresses individually from each wallet in to a single watch only wallet. Rather than copying and pasting each address one by one, in each wallet you want to watch go to the console (if you don't see the console tab then click View -> Show Console) and enter the following command: It will spit out a list of all your receiving and change addresses visible on the addresses tab, so you can copy the whole list at once. You'll still need to manually remove the " and , symbols before attempting to import them, though.
|
|
|
at least six Of course. I forgot that it loops if the value is not between 1 and q-1, which could result in more operations being required (although this is fairly unlikely). But then having said that, his half and half system would also be vulnerable to the exact same drawback, and could still calculate a nonce outside the required range. So this then loops (heh) back round to your original question - why use any computational function at all? If speed is the most important factor here, then why not just have a nonce pre-calculated?
|
|
|
Would be interesting to actually have them name the wallet, but I understand why they can't. It's not a specific wallet - it's a user stealing funds. If you read section 5.1, it explains that most of these peculiar nonces are coming from transaction spending coins from otherwise compromised addresses, such as brainwallets, addresses with previously repeated nonces (and therefore exposed private keys), or addresses with publicly revealed private keys (such as from various libraries). These affected transactions are a user implementing their own script to steal these funds, and inside their own script is this peculiar way of calculating a nonce for their transactions. Interesting that they have linked all this to the forum user amaclin. I guess they wanted something that was faster than RFC 6979 so they could frontrun other transactions, but if speed is your point, why not just pre-generate a ton of cryptographically secure nonces in advance? How long does it take on average to calculate a nonce following RFC 6979? Is it really a significant factor in getting your transaction broadcast first against other bots also trying to steal the same funds?
|
|
|
Verifying the file signature is the best practice but pretty sure there are many who do not have any idea how PGP works and how to deal with Kleopatra or such type of software. So assuring someone on the official site is the first step of many security measurements in my opinion. It's the first step, agreed, but it is entirely inadequate on its own. There are links on the Electrum download page to tutorials regarding how to verify your download, plus a quick search of this forum will find this excellent thread: [GUIDE] How to Safely Download and Verify Electrum [Guide]. Absolutely it's another step in the process, but we shouldn't be taking shortcuts when it comes to the security of our wallets. Has anyone known if electrum-web dot com is the official electrum? No, it isn't. And I don't know if Electrum has telegram also (electrum_support), maybe this site is potentially phishing, but I am not sure about that. Electrum does not have Telegram support. As with 99.9% of things on Telegram, this is a complete scam.
|
|
|
Did I miss something regarding Trezor that I shouldn't have? or you're just referring to their partnership with Wasabi wallet? As DireWolfM14 has explained. Even if you don't touch the Wasabi functionality with Trezor, it reveals a lot about their mentality and their priorities. They also supported AOPP last year, which was essentially a method for centralized exchanges to enforce KYC on your own addresses, and they deliberately sweep their unfixable seed extraction vulnerabilities under the rug and do not warn new users about how to protect themselves against these vulnerabilities. As with Ledger implementing more shitcoin support rather than addressing this Ledger Recovery debacle, it shows that Trezor care first and foremost about profits, with users' privacy and security way down their list of priorities. I would not trust them. If Foundation implements XMR compatibility into their Passport wallet, Trezor will be in real trouble. I'm fairly sure Foundation will never release official XMR firmware, but there is a community project started here (albeit with little activity, it seems): https://github.com/mjg-foundation/passport2-monero
|
|
|
Bookmarking the official site or only visiting the site via the software is not foolproof. There is nothing stopping an attacker from compromising the official site and uploading malicious software there.
You should be verifying all the software you download, regardless of where you download it from.
|
|
|
In addition to what has been mentioned above, strongly consider not using Windows and using an open source Linux distro instead. I would also suggest enabling full disk encryption when you install Linux, so if someone physically accesses your airgapped computer they cannot extract any useful or sensitive information from it. Also make sure to verify the copy of Electrum you download on your live computer before transferring it to your airgapped computer for installation.
Trezor Wasabi Wallet And subject yourself to mass surveillance and government sanctioned censorship? No thanks.
|
|
|
If I am not wrong, Isn't it for Binance.us only? Yes, it's for Binance.us, but I for one don't believe for a second that Binance and Binance.us are entirely separate entities and don't co-mingle funds. The SEC filing even goes as far as ordering CZ to turn over customer coins which are in his personal possession. If CZ is personally holding users' coins, then Binance and Binance.us are almost certainly moving funds back and forth between them. During a Binance-run Twitter Spaces on Dec. 14, the Binance CEO continued to urge caution for those using self-custody wallets, arguing that more often than not, security keys are not stored securely, backed up or properly encrypted: And the biggest typewriter company in the world thinks computers are too complicated and overpriced and says people shouldn't risk using them. He wants people to keep their coins on his platform, because he can use them to make himself more money. CZ reiterated that holding crypto in one’s own wallet is “not risk-free” and postulated that “more people lose money holding their own — lose more crypto when they’re holding on their own than on a centralized exchange.” This is just factually incorrect. Let's add up all the centralized exchange hacks, scams, and insolvencies, shall we?
|
|
|
Did I miss the blog posts? The only blog post they have made since this was shared 18 days ago (which is far more than "In the coming days" implies), is this one: https://www.ledger.com/blog/ledger-live-expands-cosmos-support-with-xprt-nom-qck-coinsShows you exactly where their priorities lie. Instead of actually addressing this mess, they focus instead on implementing more shitcoins and staking to drive more profits for themselves. Security is so boring! Shitcoins are the real important stuff!
|
|
|
Here's a new reason which RickDeckard flagged up here: https://bitcointalk.org/index.php?topic=5452900.msg62374464#msg62374464The SEC has filed charges against Binance, and are ordering them to hand over all customer deposits, coins, assets, private keys, and anything else to the US government. You are crazy if you are still holding your coins on a centralized exchange after the shitshow of the last few months.
|
|
|
But I am curious, if they already know that funds are on the move then is it possible for middle services like sinbad mixer to expose them for the sake of goodness and users money? If Sinbad were to release logs or similar, then they are signing their own death warrant. The whole point of privacy services is to provide privacy, not to hand consent of exposure of your information to a random third party to decide based on their own arbitrary rules. Yes, a minority of users of privacy tools (such as mixers, coinjoins, VPNs, Tor, PGP, end to end encrypted messengers, etc.) are doing illegal things, but the vast majority of users of such services are just average people who do not want random third parties and governments spying on everything that they do. Would you use a encrypted messaging with a government backdoor? Of course not. Would you use a VPN which collects logs and hands them over to third parties? Of course not. Why would anyone use a mixing service which collects logs and hands them over to third parties?
|
|
|
What a joke saying something about analytics while the mixing site you promoting has that too Now you are just lying (or have absolutely zero understanding of the absolute basics of online privacy). imperiume.io The site is using 8 third parties. cdn.jsdelivr.net connect.facebook.net embed.tawk.to fonts.googleapis.com fonts.gstatic.com region1.google-analytics.com va.tawk.to www.googletagmanager.comThe site is using 3 known tracking- or advertising companies. region1.google-analytics.com va.tawk.to www.googletagmanager.comwhirlwind.money The site does not use any third parties.
The site does not use any known tracking- or advertising companies.
|
|
|
Have you added your Electrum wallet's master public key in your EPS' "config.ini" file? If it was a problem with an incorrect or missing xpub, then Electrum would connect but then the EPS window would throw errors about the addresses being incorrect. It looks like everything is set up correctly by OP, so I suspect the issue might be the expired certificates bug. See here for an explanation and a fix: https://github.com/chris-belcher/electrum-personal-server/issues/286If that doesn't work, then at the top of the EPS window it should tell you where it is logging to. Find that file and examine it for errors. Similarly, enable logs in Electrum, and then examine that file for errors too.
|
|
|
-snip- Lol. Good find. SEC literally ordering Binance to hand over all customer funds and private keys. Ledger: "We would only hand over your seed to the government in the case of a subpoena for terrorism or similar, which is never going to happen, so there is nothing to worry about." US Government: "Hold my beer." I doubt those poor bastards can be of much help. All they can do is tell you what they have been told from up above or copy/paste some nonsense making them look unknowledgeable. Their support team are limited to guesswork and regurgitating information from elsewhere. They apparently have been told absolutely nothing about Ledger Recover, and all they know is what the rest of us know from reading the Ledger website and Twitter: I will do my best to answer with a combination of intuition and what I picked up from our AMA
|
|
|
As a solution, I am now contemplating acquiring a Trezor wallet, which has a reputable standing and is open source. Trezor are anything but reputable. They supported AOPP, and they actively fund blockchain analysis, mass surveillance, and government sanctioned censorship via their partnership with Wasabi. There is zero chance I would trust a hardware wallet from a company who are pro-government, pro-censorship, pro-surveillance, and anti-fungibility. With an open-source wallet like Trezor, there are no hidden vulnerabilities that could be exploited to steal our cryptocurrencies. There are instead publicly known and unfixable vulnerabilities, which Trezor deliberately sweep under the rug and make no mention of in their set up guides, putting all new users at risk. Trezor is a poor replacement.
|
|
|
|