This is actually perfect and carries 0 risk of being infected by a USB when you use it every time back and forth between your airgapped device and your online PC. There is no such thing as zero risk. You are right in saying it is a very secure method, but risk is never zero. Assuming your set up is perfectly safe is a bad idea, because it leads to you cutting corners and taking shortcuts thinking that nothing can go wrong. QR codes are only as good as the device which generates them. It is entirely possible for malware on your watch only device to generate a QR code which encodes a transaction which sends your coins to the wrong place. You scan that in to your airgapped device thinking nothing can go wrong, and you end up signing a malicious transaction. QR codes are good, but you should always double check what the QR code is encoding/decoding. |
|
|
|
You can freely edit the code of your own copy of Bitcoin Core to make it run locally in a specific way you choose, such as changing your mempool parameters, what criteria you will accept for replacing transactions, how many nodes you will connect to, what you will relay, and so forth. There is no problem making these kinds of changes and your node will continue to run and connect to peers just fine. The issue will arise if you make a change which breaks with the consensus rules - for example, you start considering some blocks invalid, which the rest of the network still considers valid. At that point you will have forked yourself away from the main network and on to your own personal branch. This is of course assuming you don't make a change which just breaks something entirely.  |
|
|
|
Is it possible that if a user has enabled the recovery feature, and has his/her data held by a third party, then it's probable that a government entity could issue a written order telling the third party to give them access to then user's coins/savings? Yes, absolutely. The Ledger co-founder stated as much here: If you are a Recover user and have your shard into safeguarded by third parties, then yes, a government could subpoeana them and get access to your funds Ledger also admit it here (under Data & Privacy at the bottom of the page): Coincover will never pass your information to a third-party unless it has a legal obligation to do so. For example, law enforcement agencies often have extensive criminal investigation powers including the ability to obtain production orders requiring information to be produced. It may result in a criminal offense for any entity supporting Ledger Recover to fail to comply with a production order, but Coincover would always take all reasonable steps to verify a production order before complying with it. |
|
|
|
Why do people choose to not use reputable, open-source software when it comes to their life savings? I mean, you seriously don't think it's a good idea to spend an hour or two extra, to ensure you won't just let a stranger ruin your life? I mean, if you are dumping $45,000 in to a centralized, absolute shitcoin like XRP, then you probably aren't doing much in the way of research.  But I wonder, how can wallets be compromised? How will hackers gain access?
Does Atomic store customers seeds or how is it even possible? We don't know. Such is the nature of closed source software. Nobody knows what it is actually doing. Is it generating seed phrases from a list that the developers are secretly holding? Is it sending seed phrases over the internet to a server somewhere? Has it got a built in function to sweep all funds to a malicious address at a particular date? Who knows? This is the risk you take with closed source software. |
|
|
|
|
In terms of trust, there is no denying that you need to trust Whirlwind more since you need to deposit coins to their service, as opposed to Whirlpool where you stay in custody of your coins. There is also the issue of trusting the service not to log what you are doing, which can be prevented with Whirlpool by using your own node and Tor. This could change in the future though, as Whirlwind have talked about decentralizing their service and implementing blinded certificates, which would eliminate any trust requirements.
In terms of privacy to an outside observer, then at the moment it depends on how you use them, but in the future I would say Whirlwind will provide better privacy than Whirlpool. If you coinjoin on Whirlpool, then your privacy is dependent on how many times you let the coins be mixed before you spend them. Assuming 5-input and 5-output coinjoins, then after one mix your backwards looking anonymity set is a maximum of 5. After two mixes, a maximum of 25. After three mixes, a maximum of 125. And so on. I say maximum, because if other people in the coinjoin do something stupid and deanonymize their coins, than that lowers your anonymity set. If you leave your coins in Whirlpool for months and months and end up with 10+ remixes then that's a very good anonymity set, but if you just let them be coinjoined once or twice before you spend them then that's not a very good anonymity set. This same principle applies to any coinjoin implementation. Whirlwind, on the other hand, currently has an anonymity set of 414 as long as you don't deposit huge amounts, and this is only going to grow. In the future, you will be able to get an anonymity set with Whirlwind of 10,000 or more.
|
|
|
|
if im using a laptop as an offline air-gapped electrum wallet how to scan the QR code to sign the transaction should i link a camera to the laptop ? You are going to be unable to scan a QR code without a camera, so yes, you'll need to buy a USB webcam or similar if your laptop does not have a built in webcam. Your other option is to transfer your transactions back and forth via a USB drive, although this carries a slightly higher risk of transmitting malware or leaking your keys than via QR code. |
|
|
|
Even in current difficultly level a solo miner with 7524 TH/s hash rate would require almost a year to mine a block. So we only need 365 of such users globally to mean a solo block every day on average. It's not that uncommon for people to solo mine. It is essentially playing the lottery. Many will never find a block. A lucky few will and hit the jackpot, figuratively speaking. ckpool, which is not a pool at all and actually a collection of solo miners, currently has around 2,500 miners with 0.01% of the hashrate: https://poolbay.io/mining-pool/15/solo.ckpool.org. Here's an example of one such very lucky miner: https://nitter.it/ckpooldev/status/1485586948844826629#m. He only had 8.3 TH of hashrate, which was around 0.000004% of the total hashrate at the time. This means he had a 1 in 25 million chance of successfully finding a block. At an average of 144 blocks a day, it would have taken him ~476 years to be successful. Yet he found a block. |
|
|
|
I don't see how their software can be compromised unless they were lying about how are the private keys generated and them being non custodial. Atomic wallet is closed source. Anything could be hiding in the code, not just from them being actively malicious but also from a rogue employee sneaking something in, a malicious third party sneaking something in, someone compromising their app store account to upload a malicious app, or even just plain incompetence. I am also reminded of the Copay wallet hack several years ago. Copay had a dependency on a specific JavaScript library which was no longer maintained. A malicious third party obtained control of this library, merged a malicious update, and it was pulled in to Copay updates without anyone realizing. Just another in the long list of reasons to never use closed source wallets. On top of that, Atomic wallet is owned is owned by Binance which historically has few questionable behavior. Are you confusing them with Trust wallet? I didn't think Atomic was also owned by Binance? |
|
|
|
Have you been using it for a while? Could you share some feedback? Yes, indeed. It's been ages since I set it up so I can't comment on that side specifically, but I don't remember any major hurdles by just following the installation guide. I am obviously on Linux which it is designed for - I imagine trying to install on Windows would be more challenging. Once you have it set up, you can be either a maker (also called a yield generator) or a taker. Most people run as takers only, because it is much simpler. As a taker, you decide which outputs you want to coinjoin, how many other outputs you want to include in your coinjoin, how many coinjoins you want to perform, and so on. You pay the transaction fee and a small fee to each of the other inputs joining your coinjoin, usually in the order of 5-300 sats depending on the size of your inputs. You can do PayJoins to an external address, and you can also do a series of internal coinjoins in a so called "Tumbler" to mix your coins back to your own wallet. It's very versatile. You can also run it via testnet (instructions are on their guides) to get familiar with it first. If you want to be a maker, then there is further software to set up, but you essentially post your outputs on an orderbook and other users will pay you to use your outputs in one of their coinjoins. You get to mix your outputs and you get paid a little for the trouble. Be aware that there are risks and drawbacks to doing this, such as if you don't set up your configuration properly then you can end up with many small outputs that you have to consolidate, which obviously costs as well as decreases your privacy. You can actually view the JoinMarket orderbook here: https://nixbitcoin.org/orderbook/I've also heard good things about this implementation, but I haven't tried it myself yet, so cannot vouch for it directly: https://github.com/joinmarket-webui/jamSparrow seems a balanced option and after a quick Google search I managed to find good guides in using Whirlpool with it, so if everything fails, this would be a nice 2nd option. Sparrow have an official guide available here which is fairly comprehensive: https://sparrowwallet.com/docs/mixing-whirlpool.html. As I said above, if you do use Sparrow, you must link it to your own node and connect via Tor, but this is very simple to do. |
|
|
|
The best method is to set up and use JoinMarket - https://github.com/JoinMarket-Org/joinmarket-clientserverYou run the software yourself via your own node, connect to other users in a peer to peer manner over Tor, and there is no centralized coordinator. It also gives you the most options in terms of customizing your fees, size of your coinjoins, size of your outputs, and so on. It is the best coinjoin implementation at present. However, it is also the most technical to set up and use. There are very good guides on their GitHub, and I have no doubt that a technically minded user such as yourself would be able to get it set up and running, but it will take a bit of time and work to do so. The other option is using Samourai's Whirlpool, as is being discussed in this thread. Whirlpool does use a central coordinator, so it is absolutely vital that you use it with your own node and Tor to keep your privacy from the central coordinator. Your best options at the moment for connecting to Whirlpool are either Samourai wallet on mobile or Sparrow wallet on desktop. There are some other wallets starting to develop Whirlpool access as well, but I haven't tried or reviewed them so I won't recommend them. Again, there are good guides and both wallets provide a nice friendly GUI so they are much easier to set up and use than JoinMarket. Regardless of which one you choose, I would spend some time reading about that specific implementation works, how it handles things like toxic change, and the steps you need to take to not mess up and negate the privacy it provides. |
|
|
|
Pretty neat upgrade. I don't really understand why this is possible without additional fees, but glad to hear it is working anyway. Basically, when you first enroll coins in to Whirlpool, it does so with what it thinks will be a safe fee for relatively quick confirmation of a 5-input-5-output coinjoin. If, when those coins actually come to be coinjoined, it turns out that fee is higher than necessary, it will enroll additional inputs in order to lower the overall fee rate back to a more appropriate level. btw, is there a statistic showing how many coin-join tx whirlpool is running per day? Just curious to see how popular their service has become. See the "Samourai Whirlpool" box in the final third of the boxes here: https://bitcoin.clarkmoody.com/dashboard/. 7,657 transactions coinjoins over the last 30 days. |
|
|
|
Something interesting I read when looking more closely at this: Incoming rendezvous requests will be prioritized based on the amount of effort a client chooses to make when computing a solution to the puzzle. The service will periodically update a suggested amount of effort, based on attack load, and disable the puzzle entirely when the service is not overloaded. So it's not an all or nothing thing as I had initially assumed - the service stipulates x amount of work, if you complete x or more you are connected, if you complete less than x you are not connected. Rather, it's based on prioritization. If you complete less than the suggested amount then you might still connect, but your connection will simply be a lower priority than those who have completed more work. I'm really keen to try this out. Wonder how long it will be before some sites start implementing it? |
|
|
|
I know that if someone is really interested in copying my information will eventually find a way to do it, but I find that it works great as a deterrent for most scenarios. An attacker is going to take the path of least resistance. Are they going to spend several hours trying to edit out your watermark and end up with a result which might still be rejected by whichever service or bank they are trying to fool, or are they just going to move on and use someone else's KYC data instead? When KYC data is widely available to be bought on black markets for ten or twenty bucks for hundreds of users' worth of data, then an attacker is simply going to ignore the one user who has a difficult to remove watermark. You can't live in this world without revealing your KYC documents. House/hotel/car rentals, you need to reveal your KYC documents to get medical help, visit a doctor, get prescribed meds (if any). You have to reveal it to start work. Although obviously neither is good, there is a difference between something like a hospital leaking your documents and something like Ledger Recover leaking your documents. In addition to the risk of identity theft which is common in both scenarios, if Ledger Recover leak your data then you make yourself an instant target for crypto thieves, attackers, and scammers, as well as losing all privacy since your wallets/addresses/coins are now publicly linked to your real identity. So, let's assume our data has been leaked, what's the point of rejecting other services that ask for KYC? The usefulness of much of your data to an attacker is time limited. You can't take out a loan with an expired passport or ID card. If somewhere is asking for a copy of a recent bill, they usually want it within the last few months. Every time you complete KYC, you reset the clock. I mean, is your aim to keep this number of your KYC holders as narrow as possible? Yes. I have never once completed KYC with any crypto service, nor will I ever do so, yet I would wager I spend, trade, send, and receive bitcoin more frequently than 99% of the users on this forum. Bitcoin was designed precisely to avoid centralized third parties. KYC is not the default position - quite the opposite. Rather than asking why we avoid KYC, you should be asking why so many other people are happy to sacrifice their security, their privacy, and their sovereignty, by completing KYC. |
|
|
|
https://gitlab.torproject.org/tpo/core/tor/-/commit/8b46d1c6ca20b8c99b979569c7432a97d8fc20a1o Major features (onion service, proof-of-work):
- Implement proposal 327 (Proof-Of-Work). This is aimed at thwarting
introduction flooding DoS attacks by introducing a dynamic Proof-Of-Work
protocol that occurs over introduction circuits. This introduces several
torrc options prefixed with "HiddenServicePoW" in order to control this
feature. By default, this is disabled. Closes ticket 40634.
It uses the Equi-X algorithm, which is itself developed from RandomX, which is the ASIC resistant PoW algorithm used by Monero. It is also being developed by the same user, tevador. There's a fantastic post here which explains how this is going to work and what the end user will experience: https://darkdot.com/articles/tor-ddos-leads-to-proof-of-work/. Site admins can manually decide how much PoW is required to reach their site, and users can decide how much PoW they are willing to perform. Hopefully this puts an end to DDoS on Tor.
|
|
|
|
without actually validating the person. Given how good AI generated fakes are getting, video or photo selfies will soon be easily fooled as well. The solution is simple - avoid any platform which requires KYC. |
|
|
|
-snip-
He needs a watch only wallet in order to create transactions for his airgapped wallet to sign. You cannot do this with a block explorer. Further, your watch only wallet should be connected to your own node for your privacy. Handing your xpub to a blockchain explorer is a privacy disaster. |
|
|
|
-snip- Smart move. I miss the old days where you could just show a person your ID in person, and they would sign a form to say it all checks out without having to actually keep a copy of your ID. And if they did keep a copy, it was a photocopy kept in a filing cabinet and not a digital copy leaked across the internet. Why don't you recommend Model T right now? Because Trezor are a deeply unethical company: All their devices suffer from unfixable seed extraction vulnerabilities, which they deliberately sweep under the rug and do not tell their users how to mitigate against. They also have a very pro-government, pro-censorship, pro-surveillance, and anti-fungibility ethos, as shown by their support of AOPP and their partnership with Wasabi and blockchain analysis.
|
|
|
|
Do you think it is good to start by exaggerating your experience? How can we trust you in the future and possibly entrust you with money?
You also offer staking but with some "too good to be true" interest rates. Earn up to 37.32% APR... I would like to hear what the possibility of such a high yield is based on. Some extra points to note: The page is filled with trackers, including multiple trackers from both Google and Facebook. Parts of the site are plagiarized. One such example example from the FAQs: While Bitcoin addresses are "pseudonymous" - meaning, they don't, in themselves, reveal the identity of their owner - they can often still be linked to real-world identities. For example, if you withdraw bitcoin from an exchange where you've identified yourself, the exchange knows that the withdrawal address is yours. There are also more advanced techniques - such as blockchain analysis - to tie Bitcoin addresses to real-world identities.
The next time coins move from these addresses, users risk revealing all sorts of personal information. Depending on how they spend the coins, they could reveal how many coins they own (even on other addresses), what they spend their money on, and more.
By mixing their coins, users can obscure the ties between their Bitcoin addresses and real-world identities. This allows them to use Bitcoin more privately. Our service provides you with an opportunity to protect your anonymity.
There are also other sections plagiarized from known scam mixers, which I am not going to link to. |
|
|
|
|
Show Posts
