Free Bitcoin Generator Tool - BTC Cloud Mining Generated ...

Bitcoin Fullnode Install Guide for Dummies ;-)

Bitcoin Fullnode Install Guide for Dummies ;-)
Feel free to stop at Level 0 or Level 1, which is fine. More advanced configs are offered to those with more tech savvy. This guide, obviously assumes a Windows 10 install, but other OSes work fine, just find a different guide. BTW, the "For Dummies" is a callback to a set of "tech" books in the 90's intended to be as easy as possible. It is in jest and not intended to insult the reader. Finally, if you dislike the formatting, a well formatted copy can be found here
There is a fairly small subset of Bitcoin users that run a full node. I think the idea of running a full node has gotten a bad rap over the years since there is so much talk about running on a Raspberry Pi, or getting zippy SSDs. Although all of this can be fun, it is often not really required at all. Here are some ways to run a full node starting with the very simple. I'll get into more complex configs, but these are all optional.

Tech Skill Level: 0 (the basics)

  1. Download Bitcoin Core
  2. Launch the downloaded installer and install the app
  3. Launch the installed "Bitcoin Core" app and let it run overnight
In many cases, thats it. If your running a new machine with a fairly good internet connection, 8 or 9 hours will be enough to complete the "Initial Block Download" (IBD). This may fill up your drive a bit, but again, on most new machines, 300 GB of space isn't that hard to come by.

Tech Skill Level: 1 (encrypted wallet)

One thing we left out in the level-0 exercise is encrypting your wallet. It's easy enough to do well, but a bit more difficult to do right. The main challenge is that humans generate really poor passwords. If you want a good password, the best way is to use something called "diceware". Basically, you just grab 4 or 5 dice and each throw of the dice represents a certain word on a special list. The throw {1,4,5,3,1} for example would be the word camping on the EFF-diceware-wordlist. So you repeat this a few times until you have a list of 8 or so words which becomes the passphrase you use to encrypt your wallet. Write it down, it is always hard to remember at first. So at level-1 your list becomes:
  1. Download Bitcoin Core
  2. Launch the downloaded installer and install the app
  3. Launch the installed "Bitcoin Core" app and let it run overnight
  4. Choose Encrypt Wallet from the Settings menu
  5. Enter your 8 word (or so) passphrase generated using the Diceware method

Wallet Encryption Dialog

Tech Skill Level: 2 (enable pruning if needed)

Though I said "300 GB of space isn't hard to come by", some times it actually is. If space is an issue, a simple way to fix it is to tell bitcoin to simple take less space. This is called "pruning" and can take that number from 300 GB down to below 5 GB. If you can't find 5 GB, then you'll have to read ahead to level-4 to add USB storage. But the good news is, enabling pruning is pretty easy, we just add another step to our working list:
  1. Download Bitcoin Core
  2. Launch the downloaded installer and install the app
  3. Launch the installed "Bitcoin Core" app and let it run overnight
  4. Do the wallet encryption steps here if you wish
  5. Choose Options from the Settings menu
  6. Choose Prune block storage to: and select the max size for the blocks to use
  7. Exit and restart the bitcoin application for the changes to take effect

Pruning Dialog
Note, even setting this to 1 GB will still leave you with about a 4.5 GB install. The blocks take up a lot of space, but the chainstate and other folders eat up at least 3.5 GB and they can't be pruned. Also, be aware, to disable pruning requires you to perform the entire IBD again. While pruned some other functions my be disabled as well, so just know that pruning does limit some functionality.

Tech Skill Level: 3 (verify the installer)

Although this is arguably something that should be done at level-0, some find the intricacies of comparing hash (thumbprint) values to be tedious and beyond the scope of a beginner. You will find these types of hash compares suggested quite often as a way to prevent running tainted programs. Programs are often tainted by bad disk or network performance, but most often, taint is malicious code inserted by viruses or malware. This is a way to guard yourself against those types of attacks.
What I cover here is a very basic comparison on the certificate, but a more thorough verification advised by mosts uses a program called Gpg4Win, and is beyond the scope of this beginners guide. But regardless, most users should strive to do this minimum level of validation.
  1. Download Bitcoin Core
  2. Launch the downloaded installer
  3. When prompted "Do you want to allow..." click Show more details
  4. In the details section select Show information about the publisher's certificate
  5. In the certificate window select the Details tab
  6. In the Details tab Subject should start with "CN = Bitcoin Core Code Signing Association"
  7. Ensure Thumbprint in Details reads ea27d3cefb3eb715ed214176a5d027e01ba1ee86
  8. If the checks pass, click OK to exit the certificate window and Yes to allow the installer to run.
  9. Launch the installed "Bitcoin Core" app and let it run overnight
  10. Do the wallet encryption steps here if you wish
  11. Do the optional pruning steps here if you wish

Certification Validation Windows
Note: The certificate used to sign the current Bitcoin installer is only valid from March 2020 to March 2021. After that point the thumbprint on the certificate will change. This is by design and intentional. If your reading this post after March 2021, then it is understood that the thumbprint has changed.

Tech Skill Level: 4 (use secondary storage)

We glossed over the "new machine with fairly good internet" part. Truth be known many people do not have fairly new machines, and find the IBD to take longer than the "over night" best wishes. For most people the slowdown is the disk access when calculating what is called chainstate. This requires fast random reads and writes to the disk. If you have an SSD disk, this will be no problem, but if you have a non-SSD "spinning" disk, random writes are always slow. Though an SSD will speed things up, they are pricey, so a nice middle ground may be a simple high-end USB key drive. You can get some with 10 to 15 MB/s random writes for $20 on Amazon. This is usually a order of magnitude faster than a "spinning" disk. And with pruning (see level-2), a small USB drive should be fine.
Once you decide on a drive, the tricky part will be to enable external storage. It requires editing a configuration file and adding a line. First, we want to create a directory on the key drive. You will need to determine the drive letter of your USB key drive. For the sake of this example, we will assume it is D:, but you must determine this yourself and correct the example. Once you know the drive letter, create a blank folder on the drive called Bitcoin. So for this example, creating Bitcoin on drive D: will create the path D:\Bitcoin. Once done, assuming that D: is your drive, here are the new steps including the edit of the configuration file:
  1. Download Bitcoin Core
  2. Launch the installer, verify it, then run it
  3. Launch the installed "Bitcoin Core" app and let it run overnight
  4. Do the wallet encryption steps here if you wish
  5. Do the optional pruning steps here if you wish
  6. Launch "Notepad" by typing "Notepad.exe" in the windows search bar then click Open
  7. Type the line datadir=D:\Bitcoin (depending on your drive letter) in the blank file
  8. Choose Save from the File menu in notepad
  9. Type %APPDATA%\Bitcoin\bitcoin.conf (note the percent signs) in the File name box
  10. Select All Files from the Save as type dropdown
  11. Click the Save button and overwrite the file if prompted
  12. Exit and restart the bitcoin application for the changes to take effect

Save As Dialog
Now that you've reached this level of technical expertise, there are many new configuration options that you can begin to modify if you wish. Most configuration data is contained in the bitcoin.conf file and learning how to maintain it is a key step for a node operator.

Tech Skill Level: 5 (all other customizations)

Here's a short list of various things you can ADD to your bitcoin.conf file. You generally just add a new line for each configuration settings.
  • addresstype=bech32
  • changetype=bech32
The addresstype / changetype allows your wallet to use the native-segwit (bech32) format. This is the most efficient and inexpensive way to spend bitcoin, and is a recommended configuration. The default uses something called p2sh-segwit which is more compatible with older wallets, but more expensive to spend.
  • minrelaytxfee=0.00000011
Changing the minrelaytxfee setting allows you to help propagate lower fee transactions. It will require more memory but TXN memory is capped at 300 MB by default anyways, so if you have enough memory, it is a good setting to choose.
  • dbcache=2048
The dbcache setting controls how many MB of memory the program will use for the chainstate database. Since this is a key bottleneck in the IBD, setting this value high (2048 MB) will greatly speed up the IBD, assuming you have the memory to spare
  • blocksdir=C:\Bitcoin
  • datadir=D:\Bitcoin
In level-4 we discussed moving the datadir to a fast external storage, but the majority of the space used for bitcoin is the blocks directory (blocksdir). Although you should always use for fastest storage for datadir, you are free to use slow storage for blocksdir. So if you only want to consume a small amount of your SSD (assumed D:) then you can keep your blocks on your slow "spinning" drive.
  • upnp=1
One of the harder challenges you may face running a node, is to get incoming connections. If you are lucky, you may find that your firewall and network HW support the uPnP protocol. If they do, this setting will allow bitcoin to configure uPnP to allow incoming connections to your node. Other methods exist to make your node reachable, but they are well beyond the scope of this guide.
submitted by brianddk to Bitcoin [link] [comments]

Everyday info sec, hardcore info sec, and DNMs

Edit: Since first post I have updated a few sections with additional information.
I recommend reading it all even if it is very long, I might have placed some relevant info in different sections while thinking about what else needed to be added, plenty of steps remains mostly the same except when I comment directly on it. It is not necessary to do 100% security all the time, unless you absolutely need it, combining some high and some lower security ideas for a balance of security and convenience is useful.
I will base this mostly on Windows, Linux users probably know this, and I have no idea how apple machines work (tho many things in here are still relevant for other operating systems, as they are just general tips)
Disclaimer: There are certainly other steps that can make you more anonymous or safer, however I think for most people this will surfice. Any software I recommend should be independently verified for security, and examples of software are not to be taken as endorsements. I simply use examples and give recommendations when I believe it necessary, or helpful.
I will not really differentiate between anonymity and security, they are often the same thing. As such the word security can mean either more anonymous, less vulnerable, or both.
--------
Everyday Simple Info Sec:
-There could be a hidden administrator user on your PC, make sure to change its password
(Snapchat msgs, reddit dms, discord msgs, are just a few examples of msgs that are never encrypted)
-Any info even send in encrypted msgs (and obviously non encrypted) should still be kept with possible deniability, don't say "I'm gonna do MDMA", say "I'm going out with molly."
-DO NOT STORE ANY PASSWORDS ON GOOGLE, IF GOOGLE LOGIN IS AUTHENTICATED IT WILL AUTFILL ALL PASSWORDS IT HAS SAVED (same with other similar services) (This means if you are logged in to chrome and someone has access to your machine, they can auto fill passwords without entering a single password)
-use a rememberable passphrase, especially for your master key ring aka password manager A long sentence that is memorable makes an okay password (decent example,: "I met my wife at Little Ceasers for the first time on 07/09/20" better even if it's just something you know, if its impersonal, and if you can add special characters or numbers that you won't forget) (A better example for a passphrase is: "There is 0nly 0ne letter that d0esn’t appear in any U.S. state nameQ")
-Purge your internet activity frequently, there's a reason why I only have one post, and a few comments appearing in my account, but thousands of kama. Exposing information needlessly is not good.
-Never post private information publicly, and if you do, do it vaguely as possible. (Example: Not "I'm 15", say "I'm a teenager") Do not post any vital information ever, no birthdays, mother's maiden name, age, or anything you have ever seen in a security question. Never post your current activities while they are ongoing. You going on a vacation? Don't announce it to the world, taking picture there? Post them when you are home.
-Rethink how you do security questions. Many answers to security questions can be found in your internet history. One could use the first word of the security question as an answer, or a different sceme that will mean you always remember it. (Security question need to go, the amount of personal info an average person puts on the internet makes it easy to attack anything using security question)
-------_
High level crimimal information security:
The motto here is, "All the Security, All the Time" As one fuck up can end with you leaving a lick of traceability, and you could be fucked.
Pre Note: All of your software should always be up to date. Also even perfect info sec does not guarantee you are completely safe, a new zero day (exploit) can still fuck you, but good info security makes you significantly safer, by eliminating as many attacks as possible.
-Get a new device (or make a already owned device seem like you never owned it, do this only if you know how to, there's a lot of stuff that goes into that, like changing your mac adress etc) buy with cash, and your face covered, preferably far away from where you live. (Do I need to specify to not bring your phone or anything else that tracks your location to anywhere you want to go anonymously?) (Be aware that even hardware can have vulnerabilities, many cpus have known vulnerabilities, I can't list them all, do some research before buying)
-If you know how to use Tails (A linux distro designed for Info sec) use that, preferably on a USB. (Or learn how to use tails, its better, but complicated) Otherwise a clean copy of windows (make sure its not in any way associated with you) can do the job too, tho not as well. (Using a VM might give extra security, since VMs usually erase all data and RAM they were using on shutdown)
-Get a non tracking VPN, Enable the kill switch (a setting that disables all traffic that doesn't go through the VPN) (change your firewall settings to only allow the traffic from the VPN, windows guide (Change settings so only traffic from the tor application is send) Edit: (Due to complaints: do not use vpn over tor, use tor over vpn. tor over vpn has no notable downside, if the VPN logs it makes no difference, your ISP will always log anyways, and vpns remove other attack vectors and also provide backup security should tor fail. Again even if the VPN tracks you only change the people doing the tracking, but now you are further removed making it more anonymous and also with less vulnerabilities)
-rember privacy settings, cookie cleaner, and antivirus, password (There could be a hidden administrator user on your PC, make sure to change its password)
-Always use the device on a non admin account
-Ideally use this device only on networks that are not connected with you. Such as public networks (try to never use the same public networks twice, move around) (a home network should be fine now, as it should never be exposed, but more security is always better) (Its just a conveniences vs security trade)
-Never use accounts that have been exposed to lower security on higher security machines
-your browser is now TOR (or your preferred security focused browser, if you dont plan on using onion ) Make sure you get the standalone version of tor not the addon build (the standalone is safer, because there are less settings and options to tweak)
-Change your tor settings, to safest mode, enable a bridge (to my knowledge there's no difference in security between the build in bridges in tor), enable automatic updates, set duckduckgo onion as your primary browser. Set dark.fail onion page as your home page. (Or your preferred privacy search engine and onion directory)
-------_
How to use dark net markets (DNMs)
If you finished your High Security setup, we can dive right in. Otherwise go do that. This is where all that is essential.
Quick info on Tor, and onion sites. There is no search engine. It's all based of directories and addresses you are given by others. Tor will likely not be very quick, it has to pass through multiple networks to get to the destination. DNMs sometimes exit scam, an exit scam is when a market shuts down completely and takes all the money, this is a risk when using DNMs, it's not too common but happens maybe 0-4 times a year. The admins of thoese servers need to get out at some point, before they get jailed, so they exit the game, and scam everyone out of their money.
-A very useful onion directory is dark.fail it has a lot of links, for all kinds of stuff. News, email, DNMs, Psychonautwiki (harm reduction website), forums etc. (Other directories also exist)
-Pick a market, preferably one that handles secure connection server side instead of requiring you to establish the secure connection. Then create an account. Your account once created should include an entry box in your profile for a pgp key, post your PUBLIC key in there. (Verify the link is not a scam, most markets should provide a pgp signature)
-Next is currency setup. All major cryptocurrency exchangers can be used, I can recommend coin base but there could be better ones out there. Unless you find a small non U.S., exchange, they will always ask for your identity. So unless you can find a trustworthy exchange that doesn't ID, you will need to give it to them. (Side note, all major crypto exchangers report to the IRS, if the IRS asks you if you bought cryptocurrency and you bought while having IDed yourself SAY YES, DO NOT COMMIT TAX FRAUD WHEN THEY KNOW YOU DID)
-Transfer (monero you can send directly, btc you should scramble) to your wallet. There are two options a cold wallet (physical) or a software wallet. Software wallets usually dont cost anything so I recommend them, even if often less safe. Electrum is easy to use, and pretty safe. You can also do your own research and find a wallet that fits your needs.
-now you are ready to buy, only buy using escrow (it means the money is held by the market as a middle man until the product is delivered, they will also handle any issues like wrong quantity, cuts, etc), judge the reviews for a product, and if available look at the history of the vendor, until you find a product from a vendor you trust. (I recommend to buy within your country as much as possible, so it doesn't go through customs, it's very rare that something is found, but it can happen)
-now you get to buy, depending on market, you either have cryptocurrency stored in their wallets (not recommend, you will lose it in an exit scam) or you can send it every order. When you send your delivery adress (or the one you want it to go to) encrypt the adress using the sellers public key. Make sure the adress is correct.
-wait for the product, make sure to extend the escrow until the product arrives, if you can't extend it anymore dispute the order, and a moderator will step in
-test the product, use it, and leave a review. PLEASE LEAVE A REVIEW, DNMs only work because of reviews.
Edit: Didn't imagine I would write over 15000 words. Oh well, it was fun. Hope it helps, if you have any questions feel free to ask.
No idea how long this will stay up, I might purge it in 7 days, or never.
submitted by seven_N_A7 to u/seven_N_A7 [link] [comments]

What I currently use for privacy (after almost 2 years of long investing into it)

First of all, my threat model: I'm just an average person that wants to AVOID the maximum I can to be monitored and tracked by the government and big corps, a lot of people out there REALLY hate me and I've gone through lots of harassment and other stuff, I also plan to take my activism and love for freedom more seriously and to do stuff that could potentially lead me to very high danger or even put my life on the line. That being said, my main focus is on something that is privacy-friendly but also something with decent security (no point having a lot of privacy if a script kiddie can just break into it an boom, everything is gone) anonymity is also desirable but I'm pretty aware that true 100% anonymity is simply not possible and to achieve the maximum you can of it currently you'd have to give up A LOT of stuff in which I don't think I really could. So basically, everything that I said + I don't want to give up some hobbies of mine (as playing games etc)
Here's what I use/have done so far, most of it is based on privacytools.io list and research I've done.
Mobile:
Google Pixel 3a XL running GrapheneOS
Apps: Stock apps (Vanadium, Gallery, Clock, Contacts etc) + F-DROID, NewPipe, OsmAnd+, Joplin, Tutanota, K-9 Mail, Aegis Authenticator, KeePassDX, Syncthing, Signal, Librera PRO, Vinyl, Open Camera and Wireguard.
I also use BlahDNS as my private DNS.
Other smartphone stuff/habits: I use a Supershieldz Anti Spy Tempered Glass Screen Protector on my phone and I also have a Faraday Sleeve from Silent Pocket which my phone is on most of the times (I don't have smartphone addiction and would likely advice you to break free from smartphone addiction if you have it). I NEVER use bluetooth (thank god Pixel 3a have a headphone jack so yeah, no bluetooth earphones here) and always keep my Wi-Fi off if I'm not using it.
Computer:
I have a desktop that I built (specs: Asus B450M Gaming, AMD Ryzen 3 3300X, Radeon RX 580 8GB, 16GB DDR4 2666Mhz, 3TB HDD, 480GB SSD) that is dualbooted with QubesOS and Arch Linux.
Qubes is my main OS that I use as daily driver and for my tasks, I use Arch for gaming.
I've installed linux-hardened and its headers packages on my Arch + further kernel hardening using systctl and boot parameters, AppArmor as my MAC system and bubblewrap for sandboxing programs. I also spoof my MAC address and have restricted root access, I've also protected my GRUB with password (and use encrypted boot) and have enabled Microcode updates and have NTP and IPV6 disabled.
Also on Arch, I use iptables as a firewall denying all incoming traffic, and since it's my gaming PC, I don't game on the OS, instead, I use a KVM/QEMU Windows VM for gaming (search "How I Built The "Poor-Shamed" Computer" video to see what I'm talking about) I also use full disk encryption.
Software/Providers:
E-Mails: I use ProtonMail (Plus Account paid with bitcoin) and Tutanota (free account as they don't accept crypto payment yet, come on Tutanota, I've been waiting for it for 2 years already) since I have plus account on ProtonMail it allows me to use ProtonMail Bridge and use it on Claws Mail (desktop) and K-9 Mail (mobile) as for Tutanota I use both desktop and mobile app.
Some other e-mails habits of mine: I use e-mail aliases (ProtonMail plus account provides you with 5) and each alias is used for different tasks (as one for shopping, one for banking, one for accounts etc) and none of my e-mails have my real name on it or something that could be used to identify me. I also highly avoid using stuff that require e-mail/e-mail verification for usage (e-mail is such a pain in the ass tbh) I also make use of Spamgourmet for stuff like temporary e-mail (best service I found for this doing my research, dunno if it's really the best tho, heard that AnonAddy does kinda the same stuff but dunno, recommendations are welcomed)
Browsers/Search Engine: As mentioned, I use Vanadium (Graphene's stock browser) on mobile as it is the recommended browser by Graphene and the one with the best security for Android, for desktop I use a Hardened Firefox (pretty aware of Firefox's security not being that good, but it's the best browser for PC for me as Ungoogled Chromium is still not there in A LOT of things + inherent problems of Chrome as not being able to disable WebRTC unless you use an extension etc) with ghacks-user.js and uBlock Origin (hard mode), uMatrix (globally blocking first party scripts), HTTPS Everywhere (EASE Mode), Decentraleyes (set the recommended rules for both uBlock Origin and uMatrix) and Temporary Containers as addons. I also use Tor Browser (Safest Mode) on a Whonix VM on Qubes sometimes. DuckDuckGo is my to-go search engine and I use DNS over HTTPS on Firefox (BlahDNS as my provider once again)
browsing habits: I avoid JavaScript the maximum I can, if it's really needed, I just allow the scripts temporarely on uBlock Origin/uMatrix and after I'm done I just disable it. I also generally go with old.reddit.com instead of reddit.com (as JavaScript is not required to browse the old client), nitter.net for checking twitter stuff (although I rarely have something peaking my interest on Twitter) and I use invidious.snopyta.org as youtube front-end (I do however use YouTube sometimes if a video I wanna see can't be played on invidious or if I wanna watch a livestream) and html.duckduckgo.com instead of duckduckgo.com other than avoiding JavaScript most of my browsing habits are just common sense at this point I'd say, I also use privatebin (snopyta's instance) instead of pastebin. I also have multiple firefox profiles for different tasks (personal usage, shopping, banking etc)
VPN: I use Mullvad (guess you can mention it here since it's PTIO's recommended) paid with bitcoin and honestly best service available tbh. I use Mullvad's multihop implementation on Wireguard which I manually set myself as I had the time and patience to learn how.
password manager: KeePassXC on desktop and KeePassDX on my smartphone, my password database for my desktop is stored on a USB flash driver I encrypted with VeraCrypt.
some other software on desktop: LibreOffice (as a Microsoft Office substitute), GIMP (Photshop substitute), Vim (I use it for multiple purposes, mainly coding IDE and as a text editor), VLC (media player), Bisq (bitcoin exchange), Wasabi (bitcoin wallet), OBS (screen recording), Syncthing (file sync), qBitTorrent (torrent client) and Element (federated real-time communication software). I sadly couldn't find a good open-source substitute to Sony Vegas (tested many, but none was in the same level of Vegas imo, KDENLive is okay tho) so I just use it on a VM if I need it (Windows VM solely for the purpose of video editing, not the same one I use for gaming)
Other:
router: I have an Asus RT-AC68U with OpenWRT as its firmware. I also set a VPN on it.
cryptocurrency hardware wallet: I store all of my cryptocurrency (Bitcoin and Monero) on a Ledger Nano S, about 97% of my money is on crypto so a hardware wallet is a must for me.
I have lots of USB flash drivers that I use for Live ISOs and for encrypted backups. I also have a USB Data Blocker from PortaPow that I generally use if I need to charge my cellphone in public or in a hotel while on a trip (rare occasion tbh).
I have a Logitech C920e as webcam and a Blue Yeti microphone in which I never let them plugged, I only plug them if it's necessary and after I'm done I just unplug them.
I also have a Nintendo Switch Lite as a gaming console that I most of the times just use offline, I just connect to the internet if needed for a software update and then just turn the Wi-Fi off from it.
Other Habits/Things I've done:
payments: I simply AVOID using credit card, I try to always pay on cash (I live in a third-world country so thank god most of people here still depend on cash only) physically and online I try my best to either by using cryptocurrency or using gift cards/cash by mail if crypto isn't available. I usually buy crypto on Bisq as I just don't trust any KYC exchange (and neither should you) and since there aren't many people here in my area to do face to face bitcoin trade (and I'm skeptical of face to face tbh), I use the Wasabi Wallet (desktop) to coinjoin bitcoin before buying anything as this allows a bit more of privacy, I also coinjoin on Wasabi before sending my bitcoins to my hardware wallet. I also don't have a high consumerism drive so I'm not constantly wanting to buy everything that I see (which helps a lot on this criteria)
social media/accounts: as noted, aside from Signal and Element (which I don't even use that often) I just don't REALLY use any social media (tried Mastodon for a while but I was honestly felt it kinda desert there and most of its userbase from what I've seen were some people I'd just... rather don't hang with tbh) and, althoug not something necessary is something that I really advise people to as social media is literally a poison to your mind.
I also don't own any streaming service like Netflix/Amazon Prime/Spotify etc, I basically pirate series/movies/songs and that's it.
I've also deleted ALL my old accounts from social media (like Twitter etc) and old e-mails. ALL of my important and main accounts have 2FA enabled and are protected by a strong password (I use KeePass to generate a 35 character lenght password with numbers, capital letters, special symbols etc, each account uses a unique password) I also NEVER use my real name on any account and NEVER post any pictures of myself (I rarely take pictures of stuff if anything)
iot/smart devices: aside from my smartphone, I don't have any IOT/smart device as I honestly see no need for them (and most of them are WAY too expensive on third-world countries)
files: I constatly backup all of my files (each two weeks) on encrypted flash drivers, I also use BleachBit for temporary data cleaning and data/file shredding. I also use Syncthing as a substitute to stuff like Google Drive.
Future plans:
learn to self-host and self-host an e-mail/NextCloud (and maybe even a VPN)
find something like BurneHushed but FOSS (if you know any please let me know)
So, how is it? anything that I should do that I'm probably not doing?
submitted by StunningDistrust to privacytoolsIO [link] [comments]

Some newbie questions about Trezor device and bitcoin wallets

Greetings
I have never owned bitcoin before, but I studied how it works, so I think I have some understanding. I also studied options and it seems hardware wallet is the way to go for safety reasons.
So, question number One, am I correct that:
Unlike a bank account, where you keep one account usually, with bitcoin you keep generating new addresses, so if you own 1 bitcoin, you don't store it on one address, rather, you own many addresses, each containing part of your bitcoin, and when you spend, you just expend some of the addresses and throw them away, and when you receive, you generate new addresses for every transaction, so you accumulate these addresses that each are like a banknote of sorts, each having their own nominal value, and then you spend those banknotes and never use those addresses again. Right?
Question number Two, am I correct that:
All the addresses are generated from a certain big number, "master key" of sorts, which is private to me, which can be written in a form of "seed" which is what the device will give me when initialized, which is what I can use to recover my master key if I lose or break the device?
Question number Three, who does the address generation for bitcoin wallets for new incoming transactions? I assume it's the online wallet Trezor uses, right? So the device does not store any addresses of bitcoin wallets, right? It only stores my master key?
Assuming all are correct, can you please explain, in simpliest terms, how do I restore these addresses themselves, should Trezor online wallet be unavailable? I mean, it's hardly a possibility, but assume I have my seed, or even my Trezor device, but Trezor online wallet is unavailable. Assume I made hundreds of bitcoin transactions and my bitcoin is stored in hundreds of small pieces on different addresses. How do I recover all those? How do I know when to stop, when I have recovered them all? Assuming I don't know the amount I totally own by heart, so I cannot know when to stop (When I found all my bitcoin)?
I mean, it's unlimited, right, the amount of bitcoin addresses that can be generated from my "master key" of my Trezor? So how do I know which of them contain bitcoin? Like, say I have used 200 of them and 100 of them still contain bitcoins, and I lose the device, and have to restore from seed, how does it know that it has to generate only those 200, like, how does it know it doesnt have to generate more addresses, maybe those other addresses contain some bitcoin on them too?
Or does it, generate them always in the same order, so if it sees only blank unused addresses, it assumes it's time to stop? Like, if address 0-200 are all used but 200-300 are all unused still, it assumes it's fine to stop checking?
Also, on an unrelated note, how can I be sure I made no mistake in recording the seed? Can I just wipe the device and restore it from seed right after initializing it and receiving a small bitcoin transaction, to test it and be sure that I can recover my bitcoin in case I lose it? Is the device unlimited in terms of how many times it can be wiped and restored?
Thanks in advance!
submitted by RPMahoutsukai to TREZOR [link] [comments]

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

[OWL WATCH] Waiting for "IOTA TIME" 20; Hans's re-defined directions for DLT

Disclaimer: This is my editing, so there could be some misunderstandings...
--------------------------------------------
wellwho오늘 오후 4:50
u/Ben Royce****how far is society2 from having something clickable powered by IOTA?
Ben Royce오늘 오후 4:51
demo of basic tech late sep/ early oct. MVP early 2021
---------------------------------------------------
HusQy
Colored coins are the most misunderstood upcoming feature of the IOTA protocol. A lot of people see them just as a competitor to ERC-20 tokens on ETH and therefore a way of tokenizing things on IOTA, but they are much more important because they enable "consensus on data".
Bob
All this stuff already works on neblio but decentralized and scaling to 3500 tps
HusQy
Neblio has 8 mb blocks with 30 seconds blocktime. This is a throughput of 8 mb / 30 seconds = 267 kb per second. Transactions are 401+ bytes which means that throughput is 267 kb / 401 bytes = 665 TPS. IOTA is faster, feeless and will get even faster with the next update ...
-----------------------------------------------------------------------------
HusQy
Which DLT would be more secure? One that is collaboratively validated by the economic actors of the world (coporations, companies, foundations, states, people) or one that is validated by an anonymous group of wealthy crypto holders?
HusQy
The problem with current DLTs is that we use protection mechanisms like Proof of Work and Proof of Stake that are inherently hard to shard. The more shards you have, the more you have to distribute your hashing power and your stake and the less secure the system becomes.
HusQy
Real world identities (i.e. all the big economic actors) however could shard into as many shards as necessary without making the system less secure. Todays DLTs waste trust in the same way as PoW wastes energy.
HusQy
Is a secure money worth anything if you can't trust the economic actors that you would buy stuff from? If you buy a car from Volkswagen and they just beat you up and throw you out of the shop after you payed then a secure money won't be useful either :P
HusQy
**I believe that if you want to make DLT work and be successful then we need to ultimately incorporate things like trust in entities into the technology.**Examples likes wirecard show that trusting a single company is problematic but trusting the economy as a whole should be at ...
**... least as secure as todays DLTs.**And as soon as you add sharding it will be orders of magnitude more secure. DLT has failed to deliver because people have tried to build a system in vacuum that completely ignores things that already exist and that you can leverage on.
----------------------------------------------------------------------------------
HusQy
Blockchain is a bit like people sitting in a room, trying to communicate through BINGO sheets. While they talk, they write down some of the things that have been said and as soon as one screams BINGO! he hands around his sheet to inform everybody about what has been said.
HusQy
If you think that this is the most efficient form of communication for people sitting in the same room and the answer to scalability is to make bigger BINGO sheets or to allow people to solve the puzzle faster then you will most probably never understand what IOTA is working on.
--------------------------------------------------------------------------------
HusQy
**Blockchain does not work with too many equally weighted validators.****If 400 validators produce a validating statement (block) at the same time then only one can survive as part of a longest chain.**IOTA is all about collaborative validation.
**Another problem of blockchain is that every transaction gets sent twice through the network. Once from the nodes to the miners and a 2nd time from the miners as part of a block.**Blockchain will therefore always only be able to use 50% of the network throughput.
And****the last problem is that you can not arbitrarily decrease the time between blocks as it breaks down if the time between blocks gets smaller than the average network delay. The idle time between blocks is precious time that could be used for processing transactions.
-----------------------------------------------------------------------------
HusQy
I am not talking about a system with a fixed number of validators but one that is completely open and permissionless where any new company can just spin up a node and take part in the network.
------------------------------------------------------------------------
HusQy
Proof of Work and Proof of Stake are both centralizing sybil-protection mechanism. I don't think that Satoshi wanted 14 mining pools to run the network.
And "economic clustering" was always the "end game" of IOTA.
-----------------------------------------------------------------------------
HusQy
**Using Proof of Stake is not trustless. Proof of Stake means you trust the richest people and hope that they approve your transactions. The rich are getting richer (through your fees) and you are getting more and more dependant on them.**Is that your vision of the future?
----------------------------------------------------------------------------

HusQy
Please read again exactly what I wrote. I have not spoken of introducing governance by large companies, nor have I said that IOTA should be permissioned. We aim for a network with millions or even billions of nodes.

HusQy
That can't work at all with a permissioned ledger - who should then drop off all these devices or authorize them to participate in the network? My key message was the following: Proof of Work and Proof of Stake will always be if you split them up via sharding ...

HusQy
... less secure because you simply need fewer coins or less hash power to have the majority of the votes in a shard. This is not the case with trust in society and the economy. When all companies in the world jointly secure a DLT ...

HusQy
... then these companies could install any number of servers in any number of shards without compromising security, because "trust" does not become less just because they operate several servers. First of all, that is a fact and nothing else.

HusQy
Proof of Work and Proof of Stake are contrary to the assumption of many not "trustless" but follow the maxim: "In the greed of miners we trust!" The basic assumption that the miners do not destroy the system that generates income for them is fundamental here for the ...

HusQy
... security of every DLT. I think a similar assumption would still be correct for the economy as a whole: The companies of the world (and not just the big ones) would not destroy the system with which their customers pay them. In this respect, a system would be ...

HusQy
... which is validated by society and the economy as a whole probably just as "safely" as a system which is validated by a few anonymous miners. Why a small elite of miners should be better validators than any human and ...

HusQy
... To be honest, companies in this world do not open up to me. As already written in my other thread, safe money does not bring you anything if you have to assume that Volkswagen will beat you up and throw you out of the store after you ...

HusQy
... paid for a car. The thoughts I discussed say nothing about the immediate future of IOTA (we use for Coordicide mana) but rather speak of a world where DLT has already become an integral part of our lives and we ...

HusQy
... a corresponding number of companies, non-profit organizations and people have used DLT and where such a system could be implemented. The point here is not to create a governance solution that in any way influences the development of technology ...

HusQy
... or have to give nodes their OK first, but about developing a system that enables people to freely choose the validators they trust. For example, you can also declare your grandma to be a validator when you install your node or your ...

HusQy
... local supermarket. Economic relationships in the real world usually form a close-knit network and it doesn't really matter who you follow as long as the majority is honest. I also don't understand your criticism of censorship, because something like that in IOTA ...

HusQy
... is almost impossible. Each transaction confirms two other transactions which is growing exponentially. If someone wanted to ignore a transaction, he would have to ignore an exponential number of other transactions after a very short time. In contrast to blockchain ...

HusQy
... validators in IOTA do not decide what is included in the ledger, but only decide which of several double spends should be confirmed. Honest transactions are confirmed simply by having other transactions reference them ...

HusQy
... and the "validators" are not even asked. As for the "dust problem", this is indeed something that is a bigger problem for IOTA than for other DLTs because we have no fees, but it is also not an unsolvable problem. Bitcoin initially has a ...

HusQy
Solved similar problem by declaring outputs with a minimum amount of 5430 satoshis as invalid ( github.com/Bitcoin/Bitcoi…). A similar solution where an address must contain a minimum amount is also conceivable for IOTA and we are discussing ...

HusQy
... several possibilities (including compressing dust using cryptographic methods). Contrary to your assumption, checking such a minimum amount is not slow but just as fast as checking a normal transaction. And mine ...

HusQy
... In my opinion this is no problem at all for IOTA's use case. The important thing is that you can send small amounts, but after IOTA is feeless it is also okay to expect the recipients to regularly send their payments on a ...

HusQy
... merge address. The wallets already do this automatically (sweeping) and for machines it is no problem to automate this process. So far this was not a problem because the TPS were limited but with the increased TPS throughput of ...

HusQy
... Chrysalis it becomes relevant and appropriate solutions are discussed and then implemented accordingly. I think that was the most important thing first and if you have further questions just write :)

HusQy
And to be very clear! I really appreciate you and your questions and don't see this as an attack at all! People who see such questions as inappropriate criticism should really ask whether they are still objective. I have little time at the moment because ...

HusQy
... my girlfriend is on tour and has to take care of our daughter, but as soon as she is back we can discuss these things in a video. I think that the concept of including the "real world" in the concepts of DLT is really exciting and ...

HusQy
... that would certainly be exciting to discuss in a joint video. But again, that's more of a vision than a specific plan for the immediate future. This would not work with blockchain anyway but IOTA would be compatible so why not think about such things.
-----------------------------------------------------------------------

HusQy
All good my big one :P But actually not that much has changed. There has always been the concept of "economic clustering" which is basically based on similar ideas. We are just now able to implement things like this for the first time.
----------------------------------------------------------------------------------

HusQy
Exactly. It would mean that addresses "cost" something but I would rather pay a few cents than fees for each transaction. And you can "take" this minimum amount with you every time you change to a new address.

HusQy
All good my big one :P But actually not that much has changed. There has always been the concept of "economic clustering" which is basically based on similar ideas. We are just now able to implement things like this for the first time.
-----------------------------------------------------------------------------------

Relax오늘 오전 1:17
Btw. Hans (sorry for interrupting this convo) but what make people say that IOTA is going the permissioned way because of your latest tweets? I don't get why some people are now forecasting that... Is it because of missing specs or do they just don't get the whole idea?

Hans Moog [IF]오늘 오전 1:20
its bullshit u/Relaxan identity based system would still be open and permissionless where everybody can choose the actors that they deem trustworthy themselves but thats anyway just sth that would be applicable with more adoption
[오전 1:20]
for now we use mana as a predecessor to an actual reputation system

Sissors오늘 오전 1:31
If everybody has to choose actors they deem trustworthy, is it still permissionless? Probably will become a bit a semantic discussion, but still

Hans Moog [IF]오늘 오전 1:34
Of course its permissionless you can follow your grandma if you want to :p

Sissors오늘 오전 1:36
Well sure you can, but you will need to follow something which has a majority of the voting power in the network. Nice that you follow your grandma, but if others dont, her opinion (or well her nodes opinion) is completely irrelevant

Hans Moog [IF]오늘 오전 1:37
You would ideally follow the people that are trustworthy rather than your local drug dealers yeah

Sissors오늘 오전 1:38
And tbh, sure if you do it like that is easy. If you just make the users responsible for only connection to trustworthy nodes

Hans Moog [IF]오늘 오전 1:38
And if your grandma follows her supermarket and some other people she deems trustworthy then thats fine as well
[오전 1:38]
+ you dont have just 1 actor that you follow

Sissors오늘 오전 1:38
No, you got a large list, since yo uwant to follow those which actually matter. So you jsut download a standard list from the internet

Hans Moog [IF]오늘 오전 1:39
You can do that
[오전 1:39]
Is bitcoin permissionless? Should we both try to become miners?
[오전 1:41]
I mean miners that actually matter and not find a block every 10 trillion years 📷
[오전 1:42]
If you would want to become a validator then you would need to build up trust among other people - but anybody can still run a node and issue transactions unlike in hashgraph where you are not able to run your own nodes(수정됨)
[오전 1:48]
Proof of Stake is also not trustless - it just has a builtin mechanism that downloads the trusted people from the blockchain itself (the richest dudes)

Sissors오늘 오전 1:52
I think most agree it would be perfect if every person had one vote. Which is pr oblematic to implement of course. But I really wonder if the solution is to just let users decide who to trust. At the very least I expect a quite centralized network

Hans Moog [IF]오늘 오전 1:53
of course even a trust based system would to a certain degree be centralized as not every person is equally trustworthy as for example a big cooperation
[오전 1:53]
but I think its gonna be less centralized than PoS or PoW
[오전 1:53]
but anyway its sth for "after coordicide"
[오전 1:54]
there are not enough trusted entities that are using DLT, yet to make such a system work reasonably well
[오전 1:54]
I think the reason why blockchain has not really started to look into these kind of concepts is because blockchain doesnt work with too many equally weighted validators
[오전 1:56]
I believe that DLT is only going to take over the world if it is actually "better" than existing systems and with better I mean cheaper, more secure and faster and PoS and PoW will have a very hard time to deliver that
[오전 1:56]
especially if you consider that its not only going to settle value transfers

Relax오늘 오전 1:57
I like this clear statements, it makes it really clear that DLT is still in its infancy

Hans Moog [IF]오늘 오전 1:57
currently bank transfers are order of magnitude cheaper than BTC or ETH transactions

Hans Moog [IF]오늘 오전 1:57
and we you think that people will adopt it just because its crypto then I think we are mistaken
[오전 1:57]
The tech needs to actually solve a problem
[오전 1:57]
and tbh. currently people use PayPal and other companies to settle their payments
[오전 1:58]
having a group of the top 500 companies run such a service together is already much better(수정됨)
[오전 1:58]
especially if its fast and feeless
[오전 2:02]
and the more people use it, the more decentralized it actually becomes
[오전 2:02]
because you have more trustworthy entities to choose of

Evaldas [IF]오늘 오전 2:08
"in the greed of miners we trust"


submitted by btlkhs to Iota [link] [comments]

Have you exceeded your Gap Limit?

What the hell!? Just got my first cold card so I am learning tons of new shit.
We are strongly encouraged to use a new receive address every time. But how does one not run afoul of the dreaded “gap limit?”
Simple. Don’t let multiple sources derive wallet addresses. If you have watch-only wallets, they could be deriving addresses beyond the gap limit from the “HOME” wallet. This could lead to addresses bearing btc not being detected when using the home wallet, and from what I am reading, access to those addresses could get very difficult.
So should we actually encourage using the same address over and over again, to be sure we aren’t getting screwed up by the gap limit? Better to reuse an address than generate an address from a non-home wallet.
Similar to the Gap limit, in the realm of generating receive addresses: ColdCard even has concerns about strange or custom derivation of new addresses by other wallets. This goes a step further from the gap limit in potentially complicating your future bitcoin access. Because your main wallet may not recognize the derivation pattern of those addresses and you won’t have access. Main point: use the same wallet to derive/verify receive addresses that will be ultimately doing outgoing transactions.
Correct me if i am wrong in the comments, thanks.
Cold Card website citation:
Although the subkey derivation will be correct, and we have researched the BIP32 derivation paths in use by these popular systems, we make no guarantees about what they are using at present, and some are configurable.
Do not make deposits to these payment addresses without confirming they match the wallet in question, and in general, please only use addresses produced by the wallet which will be responsible for tracking the UTXO on the blockchain. These can be verified using the "Address Explorer", found on the Advanced menu.
LEDGER website citation:
Address gap limit The address gap limit refers to the standard number of public addresses that are checked for transactions in the blockchain in order to calculate an account's balance. Transactions received on an address beyond the address gap limit are not detected. This can only happen when using an external wallet to derive addresses.”
Address gap limit example
If you receive a transaction on the first address, address 1, Ledger Live will scan addresses 2 to 21 for any additional transaction history. If nothing is found, it will stop looking. If address 22 has received, Ledger Live will not see it because it stopped at address 21.
submitted by dreftylefty to Bitcoin [link] [comments]

Here is how to play the altcoin game - for newbies & champs

I have been here for many previous altcoin seasons (2013,2017 etc) and wanted to share knowedle. It's a LOOONG article.
The evaluation of altcoins (i.e not Bitcoin) is one of the most difficult and profitable exercises. Here I will outline my methodology and thinking but we have to take some things as a given. The first is that the whole market is going up or down with forces that we can't predict or control. Bitcoin is correlated with economic environments, money supply increases, safe havens such as Gold, hype and country regulations. This is an impossible mix to analyze and almost everyone fails at it. That's why you see people valuing Bitcoin from $100 to $500k frequently. Although I am bullish on the prospects of Bitcoin and decentralization and smart contract platforms, this is not the game I will be describing. I am talking about a game where you try to maximize your BTC holdings by investing in altcoins. We win this game even if we are at a loss in fiat currency value. To put it another way:
If you are not bullish in general on cryptocurrencies you have no place in investing or trading cryptocurrencies since it's always a losing proposition to trade in bubbles, a scientifically proven fact. If on the other hand you are then your goal is to grow your portfolio more than you would if holding BTC/ETH for example.

Bitcoin is the big boy

How the market works is not easily identifiable if you haven't graduated from the 2017 crypto university. When there is a bull market everything seems amazingly profitable and things keep going up outgrowing Bitcoin by orders of magnitude and you are a genius. The problem with this is that it only works while Bitcoin is going up a little bit or trades sideways. When it decides to move big then altcoins lose value both on the way up and on the way down. The second part is obvious and proven since all altcoins from 2017 are at a fraction of their BTC value (usually in the range of 80% or more down). Also, when BTC is making a big move upwards everyone exits altcoins to ride the wave. It is possible that the altcoin market behaves as an inversed leveraged ETF with leakage where in a certain period while Bitcoin starts at 10k and ends at 10k for example, altcoins have lost a lot of value because of the above things happening.

We are doing it anyway champ!

OK so we understand the risks and just wanna gambol with our money right? I get it. Why do that? Because finding the ideal scenario and period can be extremely profitable. In 2017 several altcoins went up 40x more than BTC. But again, if you don't chose wisely many of them have gone back to zero (the author has first hand experience in this!), they have been delisted and nobody remembers them. The actual mentality to have is very important and resembles poker and other speculative games:
A certain altcoin can go up in value indefinitely but can only lose it's starting investment. Think about it. You either lose 1 metric or gain many many more. Now that sounds amazing but firstly as we said we have the goal to outperform our benchmark (BTC) and secondly that going up in value a lot means that the probability is quite low. There is this notion of Expected Value (EV) that poker players apply in these kind of situations and it goes like that. If you think that a certain coin has a probability let's say 10% to go up 10X and 90% probability it goes to zero it's an even bet. If you think that probability is 11% then it's a good bet, a profitable bet and you should take it. You get the point right? It's not that it can only go 10X or 0X, there is a whole range of probability outcomes that are too mathematical to explain here and it doesn't help so much because nobody can do such analysis with altcoins. See below on how we can approximate it.

How to evaluate altcoins

A range of different things to take into account outlined below will form our decision making. Not a single one of them should dictate 100% of our strategy.

Basics

It's all about market cap. Repeat after me. The price of a coin doesn't mean anything. Say it 10 times until you believe it. I can't remember how many times I had conversations with people that were comparing coins using their coin price instead of their market cap. To make this easy to get.
If I decide because the sky is blue to make my coin supply 100 Trillion FoolCoins with a price of $0.001 and there is another WiseCoin with a supply of 100 Million and price of $1 then FoolCoins are more expensive. - Alex Fin's Cap Law

Fundamental analysis

This is done usually in the stock world and it means that each company has some fundamental value that includes it's assets, customers, growth prospects, sector prospects and leadership competence but mostly centered in financial measures such as P/E ratios etc. Valuation is a proper economic discipline by itself taught in universities. OK, now throw everything out of the window!.
This kind of analysis is impossible in vague concepts and innovations that are currently cryptocurrencies. Ethereum was frequently priced at the fictional price of gas when all financial systems on earth run on the platform after decades (a bit of exaggeration here). No project is currently profitable enough to justify a valuation multiple that is usually equal to P/E in the thousands or more. As such we need to take other things into account. What I do is included in the list below:

Relative valuation

One of my favorite ways to value altcoins that is based on the same principle in the stock market is to look at peers and decide what is the maximum cap it can grow to. As an example you take a second layer Ethereum solution that has an ICO and you want to decide if you will enter or not. You can take a look at other coins that are in the same business and compare their market caps. Thinking that your coin will outperform by a lot the top coins currently is overly optimistic so I usually take a lower valuation as a target price. If the initial offering is directly implying a valuation that is more than that then there is no room to grow according to my analysis and I skip it. Many times this has proven me wrong because it's a game theory problem where if many people think irrationally in a market it becomes a self-fulfilling prophecy. But since there is opportunity cost involved, in the long run, getting in initial offerings that have a lot of room to grow will pay off as a strategy.

Sector prospects

In 2017 the sexiest sector was platforms and then coins including privacy ones. Platforms are obviously still a highly rated sector because everything is being built on them, but privacy is not as hot as it used to be. In 2018 DEXes were all they hype but still people are massively using centralized exchanges. In 2020 Defi is the hottest sector and it includes platforms, oracles and Defi projects. What I am saying is that a project gets extra points if it's a Defi one in 2020 and minus points if it's a payment system that will conquer the world as it was in 2017 because that's old news. This is closely related to the next section.

Hype

Needless to say that the crypto market is a worse FOMO type of inexperienced trigger happy yolo investors , much worse than the Robinhood crowd that drove a bankrupt company's stock 1200% after they declared bankruptcy. The result is that there are numerous projects that are basically either vaporware or just so overhyped that their valuation has no connection to reality. Should we avoid those kind of projects? No and I will explain why. There are many very good technically projects that had zero hype potential due to incompetent marketing departments that made them tank. An example (without shilling because I sold out a while back) is Quantum Resistant Ledger. This project has amazing quantum resistant blockchain, the only one running now, has a platform that people can build tokens and messaging systems and other magnificent stuff. Just check how they fared up to now and you will get the point. A project *needs* to have a hype factor because you cannot judge it as normal stocks that you can do value investing like Warren Buffet does where a company will inevitable post sales and profitability numbers and investors will get dividends. Actually the last sentence is the most important: No dividends. Even projects that give you tokens or coins as dividends are not real dividends because if the coin tanks the value of the dividend tanks. This is NOT the case with company stocks where you get dollars even if the company stock tanks. All that being said, I would advice against betting on projects that have a lot of hype but little substance (but that should be obvious!).

How to construct your portfolio

My strategy and philosophy in investing is that risk should be proportional to investment capital. That means that if you are investing 100K in the crypto market your portfolio should be very different than someone investing 1K because 10% annual gains are nothing in the latter while they are very significant in the former. Starting from this principle each individual needs to construct a portfolio according to how much risk he wants to take. I will emphasize two important concepts that play well with what I said. In the first instance of a big portfolio you should concentrate on this mantra: "Diversification is the only free meal in finance". In the case of a small portfolio then this mantra is more important: "Concentrate to create wealth, diversify to maintain wealth". Usually in a big portfolio you would want to hold some big coins such as BTC and ETH to weather the ups and downs explained in previous paragraphs while generating profits and keep progressively smaller parts of your portfolio for riskier investments. Maybe 50% of this portfolio could be big caps and 10% very risky initial offerings. Adapting risk progressively to smaller portfolios makes sense but I think it would be irrational to keep more than 30% of a portfolio no matter what tied to one coin due to the very high risk of bankruptcy.

Conclusion

The altseason is supposedly coming every 3 months. Truth is that nobody can predict it but altcoins can be profitable no matter what. Forget about maximalists who are stuck in their dogmas. Altcoins deliver different value propositions and it makes sense because we are very far from a situation where some project offers everything like Amazon and we wouldn't even want that in the first place since we are talking about decentralization and not a winner takes all and becomes a monster kind of scenario! Some last minute advice:
P.S If you find value in reading this and want more weekly consider subscribing to my newsletter here
submitted by aelaos1 to CryptoCurrency [link] [comments]

small passive income while browsing the web

Introduction
If you were on the internet in the late 1990s, you might remember companies like "AllAdvantage" that promised to pay you to browse the web. You could install a program that tracked your browsing and showed you targeted ads at the top of the screen, then "AllAdvantage" would give you a cut of the ad revenue you generated.
These schemes largely disappeared after the dot-com crash. But Brendan Eich, the creator of the JavaScript programming language and cofounder and former CTO of Mozilla, thinks his company Brave Software has found a way to revive that old idea.
What is it?
Brave makes a browser based on Google Chrome that blocks tracking scripts and other technologies that spy on your online activity. As a result, it also blocks many web ads; if you visit any website using the Brave browser, you won’t see any ads. But Brave will give users the option to see ads that Eich says will respect your privacy. The ads will appear as desktop notifications, he says, not as replacements for the ads the Brave browser blocks. So you still won’t see ads on any website, but you might see them on the right lower corner of your screen. If you choose to see these ads, you’ll get 70 percent of the revenue they generate.
Eich hopes Brave can solve two of the web's most vexing problems the privacy and revenue problem by turning the traditional digital advertising model on its head. Today, ad networks pay sites for ad space and web browsers like Brave and Chrome deliver content from those publishers to users. Brave is trying to put the browser in the center of the advertising experience. Instead of paying publishers directly, ad networks would pay Brave, which will pass part of the money to users and keep a cut for itself.
By handling advertising in the browser on your device, Brave says it will be able to target ads without sending your data to the cloud, and protect your privacy. When you interact with an ad on Brave, the browser sends notice to the company's servers, but doesn't include any identifying information. Eich sees four sets of winners: browser makers get paid; users get paid, and get more privacy; advertisers can target pitches without running afoul of European privacy regulations; and publishers can survive in a world where many users are installing ad blockers.
Publishers and ad networks might bristle at the idea of putting browser makers in the middle of their business. But in recent years browsers have taken a more active role in shaping the web, instead of merely displaying a website’s content. Chrome now blocks ads on a small number of sites with particularly egregious advertising practices, while browsers like Firefox and Safari have added privacy protections. Meanwhile, browser plugins are giving users more control over their experience. There are Chrome extensions, for example, that let you change Facebook's color scheme, or change the way images are displayed on Pinterest. And of course there are extensions that block all ads.
Trying to win advertisers and publishers to a new model isn't Brave's only challenge. It also needs users. Eich says Brave has 15 million users and is growing.
Brave will give users a 70 percent cut of its advertising revenue, which Eich estimates could work out to about $10 a month. Brave will pay users with its own bitcoin-style "cryptocurrency” called Basic Attention Tokens or BAT, which has traded for as little as 24 cents over the past 12 months, according to CoinMarketCap. You can exchange the BAT you have received for viewing ads into USD, EUR, GBP, CHF and many more currencies.
The company offers a service through the cryptocurrency exchange Uphold to allow users to change, sell and buy BAT or donate it to publishers, and for publishers to exchange the BAT they receive for dollars. Advertisers like HomeDepot or recent campaigns included brands such as Verizon, Newegg, Chipotle, and PayPal/Honey, in addition to earlier campaigns by Amazon, Harry’s Razors, Intel, CBS, KIND snacks, Logitech, Lenovo, Grubhub, Belkin, Quickbooks, Evernote and some of cryptocurrency related companies, will be able to buy ads either with BAT or with traditional currencies.
Eich says Brave opted to create its own tokens using the Ethereum cryptocurrency platform in part to avoid regulatory requirements, such as verifying users' identifies, that partners like Uphold are better equipped to handle.
Estimated revenue? (depending on the country you live in the revenue can be higher or lower)
I made around 3oo$ so far this year using 3 devices, just for viewing some ads.
5 months so far july is not included if you calculate it down for 1 device, 100$/5months = 20$ a month just for viewing ads, you would need to buy risky stocks worth of 2000$ to get the same amount per month.
can only recommend everyone to try it, not every country has the same number of advertisers so you probably get the most out of it when you live in the USA.
If you are interested here is a quick guide how to set it up to get the max amount out of Brave:
Quickstartguide:
1 Download brave here
2 Activate the reward system (gif link below)Gif link
3 go into the settings an deactivate auto contribution and activate 5 ads per hour (image link below)image link
4 Create an Account on Uphold and connect it with your BraveBrowser.
Now you are good to go and can make some money on something you do anyway.
I hope this helps some folks in the community to make some extra bucks.
edit1:you can find more infos and support here:brave_browser & BATProject or www.brave.com
edit2:the earnings are depenging on the number of devices you are using and were you are living. Best paying countries: United States (69) United Kingdom (39) Canada (36) Australia (35) New Zealand (26) Germany (21) Ireland (21) France (18)( the number next to the country are the companies that are running ads on brave for this particular country, the more companies the more revenue )
you can find a full list with all countries and campaigns here: https://brave.com/transparency/
edit3:You don't need to browse to a certain website to receive ads, just browse as you are used to, play browser games, watch videos on youtube or do whatever you want.Sometimes Ads appear on the startpage looks like that https://i.imgur.com/5tohhRc.jpg and after some time on the right lower corner a clickable pop-up appears looks like that->https://i.imgur.com/CTGdVsu.png
edit4:If you want to import your bookmarks and settings from your old browser:on the right top corner of the browser is a button ->https://i.imgur.com/oi8EAri.jpg click it > than on settings > and than you got the option to import bookmarks and settings from your old browser.
If you want to sync brave between devices and for backups:type brave://flags/ into the adressbar and than brave sync into the search bar and acticate itif its enabled it should look like this https://imgur.com/a/tCMDgDjthan just click on sync ->https://i.imgur.com/oi8EAri.jpg
here is a guide ->https://support.brave.com/hc/en-us/articles/360021218111-How-do-I-set-up-Sync
edit5: Don't keep your BAT from free token grants to long in your browser, always send your bat to an external wallet or exchange like uphold, only tokens from free token grants have an expire date if they dont get used they go back to the bat pool. you can find more infos about this here -> https://support.brave.com/hc/en-us/articles/360018305731-Why-does-my-BAT-have-an-expiration-date-
submitted by OnlyReveal6 to beermoneyglobal [link] [comments]

Don't blindly follow a narrative, its bad for you and its bad for crypto in general

I mostly lurk around here but I see a pattern repeating over and over again here and in multiple communities so I have to post. I'm just posting this here because I appreciate the fact that this sub is a place of free speech and maybe something productive can come out from this post, while bitcoin is just fucking censorship, memes and moon/lambo posts. If you don't agree, write in the comments why, instead of downvoting. You don't have to upvote either, but when you downvote you are killing the opportunity to have discussion. If you downvote or comment that I'm wrong without providing any counterpoints you are no better than the BTC maxis you despise.
In various communities I see a narrative being used to bring people in and making them follow something without thinking for themselves. In crypto I see this mostly in BTC vs BCH tribalistic arguments:
- BTC community: "Everything that is not BTC is shitcoin." or more recently as stated by adam on twitter, "Everything that is not BTC is a ponzi scheme, even ETH.", "what is ETH supply?", and even that they are doing this for "altruistic" reasons, to "protect" the newcomers. Very convenient for them that they are protecting the newcomers by having them buy their bags
- BCH community: "BTC maxis are dumb", "just increase block size and you will have truly p2p electronic cash", "It is just that simple, there are no trade offs", "if you don't agree with me you are a BTC maxi", "BCH is satoshi's vision for p2p electronic cash"
It is not exclusive to crypto but also politics, and you see this over and over again on twitter and on reddit.
My point is, that narratives are created so people don't have to think, they just choose a narrative that is easy to follow and makes sense for them, and stick with it. And people keep repeating these narratives to bring other people in, maybe by ignorance, because they truly believe it without questioning, or maybe by self interest, because they want to shill you their bags.
Because this is BCH community, and because bitcoin is censored, so I can't post there about the problems in the BTC narrative (some of which are IMO correctly identified by BCH community), I will stick with the narrative I see in the BCH community.
The culprit of this post was firstly this post by user u/scotty321 "The BTC Paradox: “A 1 MB blocksize enables poor people to run their own node!” “Okay, then what?” “Poor people won’t be able to use the network!”". You will see many posts of this kind being made by u/Egon_1 also. Then you have also this comment in that thread by u/fuck_____________1 saying that people that want to run their own nodes are retarded and that there is no reason to want to do that. "Just trust block explorer websites". And the post and comment were highly upvoted. Really? You really think that there is no problem in having just a few nodes on the network? And that the only thing that secures the network are miners?
As stated by user u/co1nsurf3r in that thread:
While I don't think that everybody needs to run a node, a full node does publish blocks it considers valid to other nodes. This does not amount to much if you only consider a single node in the network, but many "honest" full nodes in the network will reduce the probability of a valid block being withheld from the network by a collusion of "hostile" node operators.
But surely this will not get attention here, and will be downvoted by those people that promote the narrative that there is no trade off in increasing the blocksize and the people that don't see it are retarded or are btc maxis.
The only narrative I stick to and have been for many years now is that cryptocurrency takes power from the government and gives power to the individual, so you are not restricted to your economy as you can participate in the global economy. There is also the narrative of banking the bankless, which I hope will come true, but it is not a use case we are seeing right now.
Some people would argue that removing power from gov's is a bad thing, but you can't deny the fact that gov's can't control crypto (at least we would want them not to).
But, if you really want the individuals to remain in control of their money and transact with anyone in the world, the network needs to be very resistant to any kind of attacks. How can you have p2p electronic cash if your network just has a handful couple of nodes and the chinese gov can locate them and just block communication to them? I'm not saying that this is BCH case, I'm just refuting the fact that there is no value in running your own node. If you are relying on block explorers, the gov can just block the communication to the block explorer websites. Then what? Who will you trust to get chain information? The nodes needs to be decentralized so if you take one node down, many more can appear so it is hard to censor and you don't have few points of failure.
Right now BTC is focusing on that use case of being difficult to censor. But with that comes the problem that is very expensive to transact on the network, which breaks the purpose of anyone being able to participate. Obviously I do think that is also a major problem, and lightning network is awful right now and probably still years away of being usable, if it ever will. The best solution is up for debate, but thinking that you just have to increase the blocksize and there is no trade off is just naive or misleading. BCH is doing a good thing in trying to come with a solution that is inclusive and promotes cheap and fast transactions, but also don't forget centralization is a major concern and nothing to just shrug off.
Saying that "a 1 MB blocksize enables poor people to run their own" and that because of that "Poor people won’t be able to use the network" is a misrepresentation designed to promote a narrative. Because 1MB is not to allow "poor" people to run their node, it is to facilitate as many people to run a node to promote decentralization and avoid censorship.
Also an elephant in the room that you will not see being discussed in either BTC or BCH communities is that mining pools are heavily centralized. And I'm not talking about miners being mostly in china, but also that big pools control a lot of hashing power both in BTC and BCH, and that is terrible for the purpose of crypto.
Other projects are trying to solve that. Will they be successful? I don't know, I hope so, because I don't buy into any narrative. There are many challenges and I want to see crypto succeed as a whole. As always guys, DYOR and always question if you are not blindly following a narrative. I'm sure I will be called BTC maxi but maybe some people will find value in this. Don't trust guys that are always posting silly "gocha's" against the other "tribe".
EDIT: User u/ShadowOfHarbringer has pointed me to some threads that this has been discussed in the past and I will just put my take on them here for visibility, as I will be using this thread as a reference in future discussions I engage:
When there was only 2 nodes in the network, adding a third node increased redundancy and resiliency of the network as a whole in a significant way. When there is thousands of nodes in the network, adding yet another node only marginally increase the redundancy and resiliency of the network. So the question then becomes a matter of personal judgement of how much that added redundancy and resiliency is worth. For the absolutist, it is absolutely worth it and everyone on this planet should do their part.
What is the magical number of nodes that makes it counterproductive to add new nodes? Did he do any math? Does BCH achieve this holy grail safe number of nodes? Guess what, nobody knows at what number of nodes is starts to be marginally irrelevant to add new nodes. Even BTC today could still not have enough nodes to be safe. If you can't know for sure that you are safe, it is better to try to be safer than sorry. Thousands of nodes is still not enough, as I said, it is much cheaper to run a full node as it is to mine. If it costs millions in hash power to do a 51% attack on the block generation it means nothing if it costs less than $10k to run more nodes than there are in total in the network and cause havoc and slowing people from using the network. Or using bot farms to DDoS the 1000s of nodes in the network. Not all attacks are monetarily motivated. When you have governments with billions of dollars at their disposal and something that could threat their power they could do anything they could to stop people from using it, and the cheapest it is to do so the better
You should run a full node if you're a big business with e.g. >$100k/month in volume, or if you run a service that requires high fraud resistance and validation certainty for payments sent your way (e.g. an exchange). For most other users of Bitcoin, there's no good reason to run a full node unless you reel like it.
Shouldn't individuals benefit from fraud resistance too? Why just businesses?
Personally, I think it's a good idea to make sure that people can easily run a full node because they feel like it, and that it's desirable to keep full node resource requirements reasonable for an enthusiast/hobbyist whenever possible. This might seem to be at odds with the concept of making a worldwide digital cash system in which all transactions are validated by everybody, but after having done the math and some of the code myself, I believe that we should be able to have our cake and eat it too.
This is recurrent argument, but also no math provided, "just trust me I did the math"
The biggest reason individuals may want to run their own node is to increase their privacy. SPV wallets rely on others (nodes or ElectronX servers) who may learn their addresses.
It is a reason and valid one but not the biggest reason
If you do it for fun and experimental it good. If you do it for extra privacy it's ok. If you do it to help the network don't. You are just slowing down miners and exchanges.
Yes it will slow down the network, but that shows how people just don't get the the trade off they are doing
I will just copy/paste what Satoshi Nakamoto said in his own words. "The current system where every user is a network node is not the intended configuration for large scale. That would be like every Usenet user runs their own NNTP server."
Another "it is all or nothing argument" and quoting satoshi to try and prove their point. Just because every user doesn't need to be also a full node doesn't mean that there aren't serious risks for having few nodes
For this to have any importance in practice, all of the miners, all of the exchanges, all of the explorers and all of the economic nodes should go rogue all at once. Collude to change consensus. If you have a node you can detect this. It doesn't do much, because such a scenario is impossible in practice.
Not true because as I said, you can DDoS the current nodes or run more malicious nodes than that there currently are, because is cheap to do so
Non-mining nodes don't contribute to adding data to the blockchain ledger, but they do play a part in propagating transactions that aren't yet in blocks (the mempool). Bitcoin client implementations can have different validations for transactions they see outside of blocks and transactions they see inside of blocks; this allows for "soft forks" to add new types of transactions without completely breaking older clients (while a transaction is in the mempool, a node receiving a transaction that's a new/unknown type could drop it as not a valid transaction (not propagate it to its peers), but if that same transaction ends up in a block and that node receives the block, they accept the block (and the transaction in it) as valid (and therefore don't get left behind on the blockchain and become a fork). The participation in the mempool is a sort of "herd immunity" protection for the network, and it was a key talking point for the "User Activated Soft Fork" (UASF) around the time the Segregated Witness feature was trying to be added in. If a certain percentage of nodes updated their software to not propagate certain types of transactions (or not communicate with certain types of nodes), then they can control what gets into a block (someone wanting to get that sort of transaction into a block would need to communicate directly to a mining node, or communicate only through nodes that weren't blocking that sort of transaction) if a certain threshold of nodes adheres to those same validation rules. It's less specific than the influence on the blockchain data that mining nodes have, but it's definitely not nothing.
The first reasonable comment in that thread but is deep down there with only 1 upvote
The addition of non-mining nodes does not add to the efficiency of the network, but actually takes away from it because of the latency issue.
That is true and is actually a trade off you are making, sacrificing security to have scalability
The addition of non-mining nodes has little to no effect on security, since you only need to destroy mining ones to take down the network
It is true that if you destroy mining nodes you take down the network from producing new blocks (temporarily), even if you have a lot of non mining nodes. But, it still better than if you take down the mining nodes who are also the only full nodes. If the miners are not the only full nodes, at least you still have full nodes with the blockchain data so new miners can download it and join. If all the miners are also the full nodes and you take them down, where will you get all the past blockchain data to start mining again? Just pray that the miners that were taken down come back online at some point in the future?
The real limiting factor is ISP's: Imagine a situation where one service provider defrauds 4000 different nodes. Did the excessive amount of nodes help at all, when they have all been defrauded by the same service provider? If there are only 30 ISP's in the world, how many nodes do we REALLY need?
You cant defraud if the connection is encrypted. Use TOR for example, it is hard for ISP's to know what you are doing.
Satoshi specifically said in the white paper that after a certain point, number of nodes needed plateaus, meaning after a certain point, adding more nodes is actually counterintuitive, which we also demonstrated. (the latency issue). So, we have adequately demonstrated why running non-mining nodes does not add additional value or security to the network.
Again, what is the number of nodes that makes it counterproductive? Did he do any math?
There's also the matter of economically significant nodes and the role they play in consensus. Sure, nobody cares about your average joe's "full node" where he is "keeping his own ledger to keep the miners honest", as it has no significance to the economy and the miners couldn't give a damn about it. However, if say some major exchanges got together to protest a miner activated fork, they would have some protest power against that fork because many people use their service. Of course, there still needs to be miners running on said "protest fork" to keep the chain running, but miners do follow the money and if they got caught mining a fork that none of the major exchanges were trading, they could be coaxed over to said "protest fork".
In consensus, what matters about nodes is only the number, economical power of the node doesn't mean nothing, the protocol doesn't see the net worth of the individual or organization running that node.
Running a full node that is not mining and not involved is spending or receiving payments is of very little use. It helps to make sure network traffic is broadcast, and is another copy of the blockchain, but that is all (and is probably not needed in a healthy coin with many other nodes)
He gets it right (broadcasting transaction and keeping a copy of the blockchain) but he dismisses the importance of it
submitted by r0bo7 to btc [link] [comments]

[ Bitcoin ] Technical: Taproot: Why Activate?

Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
[deleted comment]
[deleted comment]
[deleted comment]
submitted by anticensor_bot to u/anticensor_bot [link] [comments]

What is a Bitcoin Wallet? (in Plain English) - YouTube How to find your bitcoin wallet address on Luno.com? - YouTube Bitcoin Wallet Generator How to find your Bitcoin wallet address on AltCoinTrader ... How to find your bitcoin wallet address Bitfinex

A Bitcoin Address is an ID of 26-35 alphanumeric numbers, that represents a possible destination for an (incoming) Bitcoin payment for example to a Bitcoin Wallet. A Bitcoin wallet address, which is a hash of the corresponding public key, always starts either with number 1 or with the number 3. All Bitcoin transactions are stored in a public ledger. Anybody can see the balance and transactions of any wallet (even if not their own). However, they are anonymous. No one can know who owns a wallet or who they send or receive Bitcoin from. You can use any Bitcoin Explorer to see any address balance and transactions. Free Bitcoin Cloud Mining Generator Online Tool is Free BTC Generate wallet and earn your bitcoin wallet mining daily. Free Bitcoin Generator Cloud Mining Select amount how many BTC would you like generated: 0.1 BTC. GET START Current System Status. 0 % Bitcoin ... 1. Tri-Fold Template. This bitcoin key generator guides you to print both a front side and a back side for your paper wallet. All sensitive details on the front side (the private key and QR code) are folded up and securely taped shut so as to stay hidden. What is my BTC address? Your BTC address is a string of 26-35 letters and numbers that identify your Bitcoin wallet. BTC addresses begin with either a 1 or a 3 and are case-sensitive.. When you want to receive funds, this is the information that you provide to the person paying you.

[index] [24523] [32013] [17941] [29984] [17017] [10478] [20572] [32158] [34939] [28508]

What is a Bitcoin Wallet? (in Plain English) - YouTube

Bitcoin generator 2020 - 100% working + real review #Bch #Bitcoincash #Bitcoincashhackdirectlytocoinbase #Bitcoincashhachdirectlytocoins #HowcanIhackbitcoinc... bitcoin secret, bitcoin trading, bitcoin millionaire, bitcoin day trading, make money with bitcoin, bitcoin guide, bitcoin mining, bitcoin tutorial bitcoin a bitcoin miner If you want to someone to send you money to your Bitcoin account, Give them this address. you may donate to our network via Bitcoin as well :) Bitcoin addres... Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. #inthetrend #hackblockchain #bitcoingenerator #bitcoingeneratorhack #блокчейн ***** Download for Windows on the official website of t...

#