Moon Cash | Free bitcoin cash faucet

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

[ Bitcoin ] Technical: Taproot: Why Activate?

Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
[deleted comment]
[deleted comment]
[deleted comment]
submitted by anticensor_bot to u/anticensor_bot [link] [comments]

Monthly Nano News: December 2019 + Year Recap Special

This is what NANO has been up to lately. I don't think I lie if I say it has been quite an amazing year!
See you soon and happy new year! Something nice is coming soon that I have been working on for a while, stay tuned..

December 2019

November 2019

October 2019

September 2019

August 2019

July 2019

June 2019

May 2019

Apr 2019

Mar 2019

Feb 2019

Jan 2019


More news here: https://nanolinks.info/news

https://preview.redd.it/9sw5nkoxlt741.png?width=749&format=png&auto=webp&s=3426d4eafb9430c0304a6d161596102536df4318
submitted by Joohansson to nanocurrency [link] [comments]

List of moderately difficult skribbl words for your new friend group (1200+ words)

That is to say that this list contains words that this list contains words that:
  1. Usually aren't instantly guess-able (like star, apple, or Nike).
  2. Can be played with a group of acquaintances (I play with a group of interns at work to blow off time)
Created this list by modifying an existing difficult word list we found online and adding a bunch of new words. If you see a stupid difficult word, it was probably a word from the existing difficult word list that I forgot to remove. (amicable and reimbursement were the type of bs I removed lol).
abraham lincoln, accordion, accounting, acre, actor, adidas, advertisement, air conditioner, aircraft carrier, airport security, alarm clock, alcohol, alert, alice in wonderland, alphabet, altitude, amusement park, angel, angle, angry, ankle, apathetic, apathy, apparatus, applause, application, apron, archaeologist, archer, armada, arrows, art gallery, ashamed, asteroid, athlete, atlantis, atlas, atmosphere, attack, attic, audi, aunt, austin powers, australia, author, avalanche, avocado, award, baby, baby-sitter, back flip, back seat, baggage, baguette, baker, balance beam, bald, balloon, bamboo, banister, barbershop, barney, baseboards, bat, beans, beanstalk, beard, bed and breakfast, bedbug, beer pong, belt, beluga whale, berlin wall, bible, biceps, bikini, binder, biohazard, biology, birthday, biscuit, bisexual, bitcoin, black hole, blacksmith, bleach, blizzard, blueprint, bluetooth, blunt, blush, boa constrictor, bobsled, bonnet, book, bookend, bookstore, border, boromir, bottle cap, boulevard, boundary, bow tie, bowling, boxing, braces, brain, brainstorm, brand, bride, bride wig, bruise, brunette, bubble, bubble bath, bucket, buckle, buffalo, bugs bunny, bulldog, bumble bee, bunny, burrito, bus, bushel, butterfly, buzz lightyear, cabin, cable car, cadaver, cake, calculator, calendar, calf, calm, camera, cannon, cape, captain, captain america, car, car accident, carat, cardboard, carnival, carpenter, carpet, cartography, cartoon, cartoonist, castaway, castle, cat, catalog, cattle, cd, ceiling, cell, cellar, centimetre, centipede, century, chain mail, chain saw, chair, champion, chandelier, channel, chaos, charger, chariot, chariot racing, check, cheerleader, cheerleader dust, chef, chemical, cherub, chess, chevrolet, chick-fil-a, chicken coop, chicken legs, chicken nugget, chime, chimney, china, chisel, chord, church, circus tent, clamp, classroom, cleaning spray, cliff, cliff diving, climate, clique, cloak, clog, clown, clue, coach, coast, cockpit, coconut, coffee, coil, comedian, comfy, commercial, community, companion, company, compare, comparison, compromise, computer, computer monitor, con, confidant, confide, consent, constrictor, convenience store, conversation, convertible, conveyor belt, copyright, cord, corduroy, coronavirus, correct, cot, country, county fair, courthouse, cousin, cowboy, coworker, cramp, crane, cranium, crate, crayon, cream, creator, credit, crew, crib, crime, crisp, criticize, crop duster, crow's nest, cruise, cruise ship, crumbs, crust, cubicle, cubit, cupcake, curtain, cushion, customer, cutlass, czar, dab, daffy duck, dance, danger, darth vader, darts, dashboard, daughter, dead end, deadpool, deceive, decipher, deep, default, defect, degree, deliver, demanding, demon, dent, dentist, deodorant, depth, descendant, destruction, detail, detective, diagonal, dice, dictate, disco, disc jockey, discovery, disgust, dismantle, distraction, ditch, diver, diversify, diversity, diving, divorce, dizzy, dodge ball, dog, dolphin, donald trump, doorbell, doppelganger, dorsal, double, doubloon, doubt, doubtful, download, downpour, dragon, drain, dream, dream works, dress shirt, drift, drip, dripping, drive-through, drought, drowning, drugstore, dryer, dryer sheet, dryer sheets, dugout, dumbbell, dumbo, dust, dust bunny, duvet, earache, earmuffs, earthquake, economics, edge, edit, education, eel, effect, egg, eiffel tower, eighteen-wheeler, electrical outlet, elf, elope, emigrate, emotions, emperor, employee, enemy, engaged, equation, error, eureka, everglades, evolution, exam, exercise, exhibition, expired, explore, exponential, extension, extension cord, eyeball, fabric, factory, fad, fade, fake flowers, family tree, fan, fast food, faucet, feather, feeder road, feeling, ferris wheel, fiddle, figment, finding nemo, firefighter, firefox, fireman, fireman pole, fireplace, fireside, fireworks, first class, first mate, fish bone, fishing, fizz, flag, flat, flavor, flight, flip flops, flock, florist, flotsam, flowchart, flower, flu, flute, flutter, flying saucer, fog, foil, food court, football player, forklift, form, forrest gump, fossil, fowl, fragment, frame, fresh water, freshwater, friction, fries, front, frost, fuel, full, full moon, fun, fun house, funnel, fur, galaxy, gallon, gallop, game, gamer, garden, garden hose, gas station, gasoline, gavel, gentleman, geologist, germ, germany, geyser, giant, ginger, giraffe, gladiator, glasses, glitter, glue, glue stick, goalkeeper, goatee, goblin, gold, gold medal, golden retriever, gondola, good-bye, government, gown, graduation, grain, grandpa, gratitude, graveyard, gravity, great-grandfather, grenade, grill, grim reaper, groom, groot, group, guess, guillotine, gumball, guru, gymnast, hail, hair dryer, haircut, half, hand soap, handful, handle, hang, hang glider, hang ten, harry potter, hawaii, hay wagon, hearse, heater, heaven, helmet, hermit crab, high heel, high tops, highchair, hitler, hockey, homework, honk, hoodies, hoop, hopscotch, hot, hot dog, hot fuzz, hot tub, hotel, houseboat, human, humidity, hunter, hurdle, husband, hut, hydrant, hydrogen, hypothermia, ice, ice cream cone, ice fishing, icicle, idea, igloo, illuminati, implode, important, improve, in-law, incisor, income, income tax, index, inertia, infect, inglorious bastards, inside out, insurance, interception, interference, interject, internet, invent, invisible, invitation, iron man, ironic, irrational, irrigation, isaac newton, island, ivy, ivy full, jackhammer, japan, jaw, jazz, jedi, jellyfish, jet lag, jig, jigsaw, joke, joker, journal, juggle, jump rope, jungle, junk, junk drawer, junk mail, justice, kangaroo, ketchup, kill bill, killer, kilogram, kim possible, kiss, kitten, kiwi, kit-kat, kneel, knight, koala, lace, lady bug, ladybug, lamp, lance, landfill, landlord, lap, laptop, last, laundry detergent, layover, leak, leap year, learn, leather, lebron james, lecture, legolas, leprechaun, letter, letter opener, lettuce, level, lice, lichen, lie, lifeguard, lifejacket, lifestyle, light, lightning, lightning mcqueen, lightsaber, limit, lion, lipstick, living room, lobster, logo, loiterer, lollipop, loonie, lord of the rings, lottery, love, loveseat, loyalty, lullaby, lumberjack, lumberyard, lunar eclipse, lunar rover, lung, lyrics, macaroni, machete, machine, macho, magnet, mailbox, makeup, mammoth, manatee, mark zuckerberg, martian, mascot, mascot fireman, mask, mast, mastercard, mat, mayhem, mechanic, megaphone, member, memory, mercedes benz, mermaid, meteor, michael scott, michelangelo, microscope, microsoft, microsoft word, microwave, midnight, migrate, millionaire, mime, mine, mine car, miner, minivan, mirror, missile, mitten, mohawk, moisturizer, molar, mold, mom, monsoon, monster, monsters inc, mooch, moonwalk, moth, mount rushmore, mozart, mr potato head, mulan, mummy, music, mysterious, myth, name, nanny, naruto, navigate, negotiate, neighborhood, nemo, nepal, nest, netflix, neutron, newsletter, night, nightmare, nike, north pole, nose, nostril, nurse, nutmeg, oar, obey, observatory, office, offstage, olive oil, olympics, one-way street, opaque, optometrist, orange juice, orbit, organ, organize, ornament, ornithologist, ounce, oven, owl, oyster, pacific ocean, pacifier, page, pail, pain, palace, pancakes, panda, panic, pantyhose, paper plate, paperclip, parade, paranoid, parent, parking garage, parley, parody, partner, password, pastry, patrick starr, pawnshop, peace, peacock, peanut, peasant, pelt, pen pal, pendulum, pepsi, periwinkle, personal, pest, pet store, petroleum, pharaoh, pharmacist, philosopher, phineas and ferb, phone, photo, piano, pickup truck, picnic, pigpen, pigtails, pile, pilgrim, pilot, pinboard, pineapple express, ping pong, pink panther, pipe, pirate, pizza, pizza sauce, plan, plank, plantation, plastic, playground, pleasure, plow, plumber, pocket, pocket watch, point, pokeball, pokemon, pole, police, pomp, pompous, pong, popeye, population, portfolio, positive, positive champion, post, post office, practice, president, preteen, prey, prime meridian, printer ink, prize, produce, professor, profit, promise, propose, protestant, psychologist, publisher, pumpkin, pumpkin pie, punching bag, punishment, punk, puppet, putty, quadrant, quarantine, quartz, queue, quicksand, quit, quiver, raccoon, race, raft, rage, rainbow, raindrop, rainwater, random, raphael, ratatouille, ratchet, ray, reaction, realm, ream, receipt, recess, record, recorder, recycle, referee, refund, regret, religion, remain, resourceful, rest stop, retail, retire, reveal, revenge, reward, rhyme, rhythm, rib, rick and morty, riddle, right, rim, rind, ringleader, risk, rival, robe, robot, rock band, rocket, rodeo, roller coaster, roommate, roundabout, rowboat, rubber, ruby, rudder, runt, rv, s'mores, safe, salmon, salt, sand castle, sandbox, sandbox bruise, sandpaper, santa claus, sap, sapphire, sash, sasquatch, satellite, saturn, sausage, saxophone, scarf, scatter, schedule, school, school bus, science, scissors, scooby doo, scrambled eggs, scream, screwdriver, script, scuba diving, scythe, seahorse, season, seat, seat belt, seed, serial killer, servant, sewer, shaft, shakespeare, shame, shampoo, sheep, sheets, shelter, sherlock holmes, shipwreck, shoelace, shopping cart, shotgun wedding, shower, shower curtain, shrew, shrink, shrink ray, sickle, sidekick, siesta, signal, silhouette, silt, simba, simpsons, skateboard, skating rink, ski goggles, ski lift, skip, skipping rope, skydiving, slack, sleep, sleet, slim shady, slipper, slump, snag, snapchat, sneeze, snooze, snore, snow globe, snowball, snowflake, soak, social distancing, socks, softball, solar eclipse, somersault, song, sophomore, soul, soulmate, soviet russia, space, space-time, spaceship, spaghetti, spare, speakers, spiderman, spirited away, sponge, spoon, spotify, spring, sprinkler, squat, stage, stage fright, stagecoach, stairs, staple, starbucks, starfish, startup, star trek, statement, stationery, statue of liberty, stay, steamboat, steel drum, stethoscope, stew, stewie griffin, sticky note, stingray, stockings, stork, storm trooper, story, stout, stowaway, stranger, strawberry, streamline, student, stuff, stun, submarine, sugar, suit, sun, sunburn, sunlight, sunscreen, superbad, superman, surfing, sushi, swamp, swarm, sweater, swim shorts, swing dancing, switzerland, swimming, syringe, system, tachometer, taco bell, tadpole, tag, tank, tattle, taxes, taxi, teabag, team, tearful, teenage mutant ninja turtle, teenager, teepee, telepathy, telephone booth, telescope, temper, ten, tesla, testify, tetris, thanos, the beatles, the dark knight, the prestige, theory, think, thread, thrift store, throne, ticket, tide, time, timeline, time machine, time zone, tin, tinting, tiptoe, tire, tissue box, toast, today, toddler, toilet paper, toll road, tomato sauce, tombstone, toothbrush, toothpaste, top hat, torch, tornado, toronto maple leafs, tourist, tournament, tow, tow truck, toy store, toy story, trademark, traffic jam, trail, trailer, train, train tracks, transformers, translate, transpose, trapped, trash bag, trash can, trawler, treatment, trench coat, tricycle, trip, trombone, truck, truck stop, tsunami, tub, tuba, tug, tugboat, turret, tutor, tutu, twang, twitter, umbrella, unemployed, united states, university, upgrade, vacation, vampire, van, vanilla, vanquish, vegan, vegetarian, vehicle, vein, venn diagram, vest, villain, violent, vision, vitamin, voice, voicemail, volleyball, wag, wall-e, wallet, wallow, wasabi, washing machine, water, water buffalo, water cycle, water vapor, wax, wealth, weather, wedding, wedding cake, weed, welder, werewolf, wet, wetlands, whale, whatsapp, whey, whip, whiplash, whisk, wifi, wig, wikipedia, win, wind, winnie the pooh, wish, witch, wizard, wolverine, woody, workout, world, wormhole, writhe, yacht, yak, yard, yardstick, yawn, yeti, yin yang, yoda, yodel, yolk, youtube, zamboni, zen, zero, zeus, zip code, zipper, zombie, zombieland, zoo
submitted by skribblwords to skribbl [link] [comments]

The ultimate guide to passive crypto earnings!

I've spent the last couple months figuring out a good strategy to generate some passive cryptocurrency without investing money before a big bull-run starts. As Bitcoin is still fairly low, but cryptos have been risen again in the last weeks, it's best to get in now. I don't have very much time, so I examinated the best-working websites with the littlest time investment and the highest result possible.

Disclaimer: This will be a long post and I'll tell you all the sites I use and how my strategy works. Use it as an inspiration and develop your own working strategy. Skip stuff that doesn't seem to be worth your time or websites you don't like. If you don't like to use a referral-link, just remove the last part of the link. Most websites will give you a bonus when signing up with a ref-link, though and I would appreciate it for the effort I put in this guide.

I assume you have some basic knowledge on cryptocurrencies, a wallet and accounts on Faucethub and Coinpot.

So, let's get started.

Step 1: Claim once a day from stacking up faucets

If you're familiar with faucets, you probably know the moon-faucets that pay directly to Coinpot. They keep stacking up until your next claim, so they are the best and highest-paying faucets if you want to keep your time claiming as little as possible. I suggest you use them at least once a day to accumulate the daily bonus that will really change your game. I do a quick claiming round once in the morning and once in the evening. If you have more time, they are also really worth being claimed more often. For the sake of completion I will include them here:

Moonbitcoin for Bitcoin
Moonlitecoin for Litecoin
Moonbitcoincash for Bitcoin Cash
Moondash for Dash
Moondogecoin for Dogecoin
Bitfun stacking up Bitcoin-faucet that pays instantly to Coinpot

Two new exact clones of the Moonfaucets that pay instantly to Faucethub with no minimum. They also have daily bonus:

Getcoin Bitcoin for Bitcoin
Getcoin Litecoin for Litecoin

And the last stacking up faucet for BTC: Yannik.biz

So yeah, try to claim them at least once a day to maintain your daily bonus. The bonus can really be a game changer on these ones. Claiming them all will take no more than 5-10 minutes every day.

Step 2: Receive daily interest on your faucet claims!

Send your Bitcoin to Freebitcoin and receive daily interest on your balance once you have more than 30000 Satoshis (shouldn't take too long if you put in some effort in the beginning). You can also use the website as a faucet once a hour. It is actually paying well. If you use my link to sign up a new account you will receive life-long +12,5% on your daily interest and +25% on all your claims. If you already have an account, just create a new one with this link and delete your old one as this ref-back-bonus will give you a decent boost on your earnings. Freebitcoin is one of the oldest and most trusted website in the crypto scene!

Step 3: Claim even more cryptos once you have some spare time

Highest-paying sites I found where you can claim every hour along with Freebitcoin are these:

Cointiply: very high paying and they also give you daily interest, but are tied to USD-rates, so you're better off withdrawing your satoshis to Freebitcoin once you reached minimum withdrawal as you would lose satoshis if BTC price continues to rise.

Freedogecoin: Same as Freebitcoin, but with less functions.

Bitsfree: New website with cool design where you can claim once a hour and withdraw to Faucethub at a fairly low amount. Pays pretty well.

Claimbits: Same script as Bitsfree, but pays a bit less and you have to solve three shortlinks once in a while to be able to claim. It's still worth participating in.

Remember: On every claim on these websites you have the chance to win a big amount of cash. So try to use them as often as possible. Unlike the stacking up faucets, with the exception of Cointiply, they don't have a daily bonus, so it's no problem if you ignore them for a while.

Bonusbitcoin: Claim a good amount of satoshis every 15 minutes. Instant payments to Coinpot again.

Click high-paying ads on AdBtc and Dogeads. Another good website for high-paying BTC-ads is Bits-Pays.

Use websites where you can do surveys and all kinds of stuff to earn money that also pay in cryptocurrency. The best website I found that is similar to Swagbucks and has the option to pay cryptos is probably Grindabuck.

Claim your daily bonus at Firefaucet, collect some Autoclaims during the week and run it during the happy hours on the weekend to get most of it. Instant payments to Faucethub.

Step 4: Use semi-passive methods with crypto farming games

There are some crypto games out there that have the ability to build you a decent chunk of passive income after a while. The sites require small tasks you do to earn crypto or credits which you can re-invest in stuff that will generate passive income for you. It takes some effort upfront, but once set up they will passively pay you with no additional effort.Here are my favorites:

Satoshi-Labs: Claim from a faucet every 5 minutes, do surveys and shortlinks and re-invest your earnings in buildings that will generate satoshis for you every hour.

Cryptomininggame: Play a simulated mining game and do missions to level up. As you level up, your earnings increase. This site has a high stacking up daily bonus and can be very profitable once you get to a high level.

Bits-Pays: Has several options to earn passive income. You can play their mining game or buy company shares that will give you dividends. It has a lot of attractive offers for advertisers and very high paying ads and daily bonus, too!

Bitcoinfun: This is a new website that works the exact same as satoshilabs. Once you're into satoshilabs you will also get Bitcoinfun. I see a lot of potential for this website.

Step 5: Fully passive methods

So yeah, let's come to the best part. There are options that require no effort at all! Let's go.

I've already written about sending my satoshis to Freebitcoin for daily interest, but what you can also do is sending some cryptos to Eobot. They are probably the only legit Cloudmining platform out there that has been paying since 2013. You can also claim some GHS there every 24 hours if you set Mining to GHS 5.0. first, which is cool. I like to send some of my altcoins like Doge and Bitcoin Cash to them and convert them in GHS to earn passive Satoshis.

You have probably heart it a thousand times on this sub, but you can also earn Bitcoin by using the two legit autosurfers that pay in Bitcoin by now. This is a fully passive method, just run them whenever you're online.

Getcashfree and Fastcashmining.
Another fully passive website planning to add crypto-payments soon is Radioearn.

Use browser extensions that will automatically generate money for you just for using them:

Presearch: This is probably the best search engine I've ever seen. After installing it will be opened every time you open a new tab. You can customize it, so you can choose from searching via Google, Amazon, Reddit, Wikipedia and much more without accessing the websites first. This is very comfortably and the best part about it: You earn Pre-Tokens for every search, which you can later exchange for BTC.

Surfe.be: A browser extension that shows you some Banners while surfing the web and pays you some money for it. You can disable it at any time and it isn't over-present at all when surfing (I barely notice the banners).

Claim every 24 hours from Mellowads and use it to advertise your ref-links. You can also promote your ref-links on AdBTC, Bits-Pays and DogeAds. Having referrals is another good way to generate some passive income.

Sign up for Mannabase. This is a cool project that aims to create some sort of crypto Universal Basic Income for everyone. After signing up you will need to verify your identity and once they accept you, you'll receive free Manna every week. You can then exchange Manna for BTC or USD. As they have a lot of pending approvals, expect it to take 1-2 months before they accept you.

Conclusion

So yeah, that's basically my main sources and my strategy and I treat it as some sort of site-business. If I am lazy, I spend no more than 10-15 minutes a day to claim the stacking up faucets and daily bonuses on websites and receive my daily interest, payments from Eobot, crypto games and browser extensions anyway. It's really cool to watch your balances, bonus and interest grow over time and who knows? 1$ in Crypto could be 30$ of Crypto in the future. Use this guide as an inspiration to develop your own strategy of acquiring as many Cryptos for free as you can. For me these websites work the best. And I tested a lot of websites.

Additional tips: Use different passwords on the websites and write them all down. It can be a hassle memorizing several passwords. Also create a separate e-mail-address for all the crypto websites. To make it easier handling all the websites, group them in a document e.q. all 1 hour faucets, all stacking up faucets and add links, so you can quickly access them when you want to use this particular group of websites. Be patient at first, your earnings will increase over time.

Feel free to ask me anything, have fun and happy claiming! :)
submitted by kryptanthrax to beermoneyglobal [link] [comments]

A slightly overboard response to my threat model.

For what I hope are obvious reasons, I don't want, and probably will never post my threat model publicly online. However, regardless of that, what I'm sure you will extrapolate from this post is that I live my life, digitally in particular, with a fairly high level threat model. This is not because I'm some super sophisticated criminal mastermind, but rather, I am at this level because I genuinely love playing around with this stuff. And I just happen to understand the importance of privacy and just how vital it is to a truly healthy society. I would like to extend a thanks to ProgressiveArchitect for the sharing of the knowledge they have done on this subreddit, /privacytoolsio, and the like. We may have never interacted, but nevertheless, your input into this community is truly interesting and extremely informative and educating. I'm sure those of you familiar with PA's setup will be able to draw some parallels with mine and their's.
Thank you.
I hope you all enjoy reading this write up.
I run Qubes OS on a Lenovo ThinkPad X230 laptop. Specs for it are as following: - i7-3520M - 16GB RAM - 1TB Samsung 860 Evo SSD - Qualcomm Atheros AR9285 wireless card
Additionally, I used a Raspberry Pi Model 3B+ and a Pomono SPI clip to replace the stock BIOS firmware with coreboot+me_cleaner. This wasn't done out of any "real" concern for the Intel ME (though of course proprietary black-boxes like it should be avoided at all costs and not trusted), but rather for open source enthusiasm and for increased security and faster boot times than what the stock BIOS firmware allows for. On that note about the ME, I don't believe the conspiracy theories that claim that it is a state-sponsored attack method for surveillance. I believe that Intel had good intentions for improving the lives of IT professionals who need to manage hundreds, if not thousands of remote machines. However, it has proven time and time again to be insecure, and I don't need the remote management and the "features" that it provides on my machines.
In Qubes, I use a combination of AppVMs and StandaloneVMs for a variety of different purposes. All VMs use PVH over HVM, except for the Mirage Unikernel Firewall, which uses PV, and the sys-net and sys-usb StandaloneVMs which have to use HVM because of PCI device passthrough. Right now most of my VMs are AppVMs, but for maintenance and compartmentalization reasons, I am considering moving more towards StandaloneVMs, despite the increase in disk space and bandwidth usage for updates.
General route of from Qubes to the Internet for anonymous browsing, general private browsing, accessing Uni services, and Uni-related anonymous browsing respectively: 1. Qubes->sys-mirage-firewall->sys-vpn-wg->sys-corridor->sys-whonix->whonix-ws-15-dvm to the internet. 2. Qubes->sys-mirage-firewall->sys-vpn-wg to the Internet. 3. Qubes->sys-mirage-firewall->uni-vpn-wg to the Internet. 4. Qubes->sys-mirage-firewall->uni-vpn-wg->uni-corridor->uni-whonix->uni-anon-research to the Internet.

(Note: the VPN name is substituted in the "vpn" above. I had to remove it to comply with this subreddit's rules. It is easy to identify what VPN it is as it randomly generates a long numaric string and has fantastic support for WireGuard.)

Web Browsers: - Tor Browser (primary) in a disposable Whonix VM. - Firefox (secondary) with the about:config changes listed on privacytools.io and the following extensions: Cookies AutoDelete, Decentraleyes, HTTPS Everywhere, uBlock Origin (advance user, all third party content blocked and JavaScript disabled), and Vim Vixen. Used in my personal AppVM. - Ungoogled Chromium (Uni only) with standard uBlock Origin and cVim. Used only for Uni-related access in my uni-campus and uni-home AppVMs.
Search Engine: SearX, Startpage, and DuckDuckGo.
Password Manager: KeePassXC.
Office: LibreOffice.
Notes: Standard Notes.
Messaging: Signal Desktop.
Media Playback: mpv.
Emails: I access my personal email within my personal Qubes domain and my Uni email using my Uni Qubes domains. My emails are downloaded to a local repository using isync, send using msmtp, and read using neomutt with html emails converted to plain text using w3m. Emails are sent in plain text too. All of the attachments in the emails (PDFs mostly) are automatically opened in DisposableVMs.
My personal Posteo email account has incoming encryption setup. This means that I emailed my public GPG key to an address correlated to my actual Posteo email address so that all email that I receive is encrypted with my public key and can only be decrypted using my private key. So even if my emails were intercepted and/or my account broken into, the contents of them are safe since they are encrypted as soon as they hit Posteo's servers.
I have setup a number of Posteo aliases that are completely segregated from the email I used to register my account. One of those is considered my "professional" email for my current job. I have another couple aliases, one dedicated for 33mail and another dedicated for Abine Blur. I make use of 33mail alias addresses for catch-all email addresses for registering for accounts that need to be under a username associated with my name anyways. This is for purposes like putting different compartmentalized, but still related emails to put onto my Resume. I use a different alias for each Resume I put out online. That way, when that information gets sold, traded, etc., I can easily trace it back to who sold the information. For example, if I applied for a job online that required me to go through the process of registering an account through a third-party, say 'xyz Inc', the address I would register that account with would be [email protected], or something along those lines. Abine Blur is used much in the same manner but for accounts that don't need to be associated with my real name in any way, say online shopping on Amazon that I do under an many aliases, then ship to various address that I don't live at, but that I can visit with no problems. I use a different Blur address with each service like with 33mail for the same reasoning shown above.
The passwords for the accounts are encrypted and stored locally in each of the domains, however, my private key is stored in my vault domain, so even if an adversary were to compromise the domains, they wouldn't be able to steal my private key without exploiting the hypervisor. They would only be able to wait for me to authorize the usage of my private key in that domain, and even then, it could only be used to decrypt files. That is a concern that they can use my private key to decrypt messages, but they wouldn't be able to steal the key. With my personal email, the emails would also be encrypted locally anyway so they wouldn't be able to read them. My Uni email, in contrast, uses Outlook unfortunately, so there isn't any option to enable incoming encryption, and even if it was, I'm not sure how private it would be anyways.
For those looking for an in depth list of all my VMs, with explanations for the more obscure ones, I have listed them below. I have got a lot of templates, hence why I am considering moving over to StandaloneVMs, but as of right now:

Templates:

StandaloneVMs:

AppVMs:

Phone: Motorola Moto G5s running Lineage OS 16.0 Pie no G-Apps or micro-G with the following Apps: - AdAway: Open Source hosts file-based ad blocker. (Requires root.) - AFWall+: Linux iptables front end. (Requires root.) - Amaze: File manager. - andOPT: 2FA app. I like it since it can export the entries to an AES encrypted file. - AntennaPod: Podcast manager. - AnySoftKeyboard - Simple Calendar - Simple Contacts Pro - DAVx5: CalDav syncronization with my calendar on my Posteo email account. - F-Droid - Fennec F-Droid: Web Browser. Has the same Firefox addons like on Qubes minus Vim Vixen. I used the app Privacy Settings to configure the about:config. - KeePassDX: Password manager. - KISS launcher - Magisk Manager - NewPipe: YouTube app replacement. - S.Notes: Standard Notes. - OsmAnd~: Maps and navigation. - Red Moon: Blue light filter. - SELinuxModeChanger: Exactly as it sounds. (Requires root.) - Shelter: Work profile manager. - Signal: Messaging. - Vinyl Music Player: Music player. - WireGuard: VPN protocol frontend. Is configured to use my VPN account. Is setup as an always-on and connected VPN.
As mentioned, I use Shelter to manage my work profile. In it I isolate the following apps: - Clover: *chan browser. - Orbot: For routing apps through Tor. Is setup as an always-on and connected VPN. - RedReader: Reddit client. - Tor Browser
Over the last several years, I have started using my phone less and less and taking advantage of less of what it has got to offer. I don't check email on my device. I have no real need to browse the Internet on it outside of watching videos using NewPipe, browsing Reddit, and various *chan boards.
On the Smart Phone side of things, I am considering purchasing an older used iPhone SE or 6S for use with MySudo when outside of my home as well as an iPod Touch for use on WiFi only for use inside my home. The iPhone would be kept inside of a faraday bag when I am at home and not using it. It would also be kept in the faraday bag whenever at home to avoid associating that device with my home address. The iPod Touch would be used for MySudo calls instead.
Future outlook and plan for my privacy and security:
To avoid as much deanonymisation of my privacy as possible, I'm only going to specify enough so that anyone reading this can get the jist of my situation in life. I am quite young (age 16 to 25) and I started along this privacy journey when I was even younger. I was never a very heavy social media user, however I did have an online presence if you looked hard enough. My name fortunately is a very common and short name, so that does help to bury information that I was not able to remove further in the vast trenches that is the Internet.
On the digital side of things, I mentioned that I have a dedicated Crypto AppVM for handling crypto currency transactions using Bisq. I have setup a dedicated bank account that I have periodically been transferring money into so that I can trade crypto. Unfortunately, I do not live in the US, so being able to effectively start trades with others is more difficult. I also do not have access to a credit card masking account like privacy.com (that I absolutely would use given the ability). I plan on getting an anonymous VPS to host my own Tor exit node for better speeds and to mitigate the possibility of malicious exit nodes. The country I live in has been a proponent of absolute dragnet surveillance on all activities occurring online and in real life, though the former is far more visible on this subreddit. I will be using crypto with cleaned Bitcoin (as seen with ProgressiveArchitect's setup) for purchasing my VPN service, etc.
With future hardware, to replace my aging laptop, I am very hopeful for Xen, then eventually Qubes OS getting ported to Power9. When that happens I'll be getting a Raptor Computing Blackbird as a desktop. Maybe in the future I'll get a Purism Librem laptop, but for now my corebooted X230 works perfectly for my use cases. On that note, I have successfully build the Heads firmware for the X230 and I was able to get the minimal 4MB image flashed on my laptop. I did revert it back to my coreboot setup after playing around a little with it, and unfortunately I haven't had time since to do a full, complete flash of it.
On the physical/real life side of things, I plan on making use of various Trusts in order to hold assets, say to keep my name from being immediately visible on the title of my car. As of right now I am fortunate enough to have the title of my car under the name of someone who I trust. Unless I am legally required, and where there are immediate and absolute consequences, I use fake names in real life. With Uni, I am enrolled under my real name and address. This is a requirement and it is verified, so there is nothing that I can realistically do about it. As for other services, I plan on setting up a personal mailbox (PMB), etc if possible to use as a real, physical address that is associated with my real name and that is used for things like Government issued ID. In the future when I move again, I plan on renting a place in cash to try and keep my name dissociated with my real address. For those looking for reasoning on why one would want to do that, please read How to be Invisible by J.J. Luna. It's truly the Bible of physical privacy.
At this stage I am just going off on a ramble, so I should cut it short here.
I have just started and I live for this shit.
submitted by ComprehensiveAddict to privacy [link] [comments]

A Beginners Guide to Bitcoin, Blockchain & Cryptocurrency

As cryptocurrency, and blockchain technology become more abundant throughout our society, it’s important to understand the inner workings of this technology, especially if you plan to use cryptocurrency as an investment vehicle. If you’re new to the crypto-sphere, learning about Bitcoin makes it much easier to understand other cryptocurrencies as many other altcoins' technologies are borrowed directly from Bitcoin.
Bitcoin is one of those things that you look into only to discover you have more questions than answers, and right as you’re starting to wrap your head around the technology; you discover the fact that Bitcoin has six other variants (forks), the amount of politics at hand, or that there are over a thousand different cryptocurrencies just as complex if not even more complex than Bitcoin.
We are currently in the infancy of blockchain technology and the effects of this technology will be as profound as the internet. This isn’t something that’s just going to fade away into history as you may have been led to believe. I believe this is something that will become an integral part of our society, eventually embedded within our technology. If you’re a crypto-newbie, be glad that you're relatively early to the industry. I hope this post will put you on the fast-track to understanding Bitcoin, blockchain, and how a large percentage of cryptocurrencies work.

Community Terminology

Altcoin: Short for alternative coin. There are over 1,000 different cryptocurrencies. You’re probably most familiar with Bitcoin. Anything that isn’t Bitcoin is generally referred to as an altcoin.
HODL: Misspelling of hold. Dank meme accidentally started by this dude. Hodlers are much more interested in long term gains rather than playing the risky game of trying to time the market.
TO THE MOON: When a cryptocurrency’s price rapidly increases. A major price spike of over 1,000% can look like it’s blasting off to the moon. Just be sure you’re wearing your seatbelt when it comes crashing down.
FUD: Fear. Uncertainty. Doubt.
FOMO: Fear of missing out.
Bull Run: Financial term used to describe a rising market.
Bear Run: Financial term used to describe a falling market.

What Is Bitcoin?

Bitcoin (BTC) is a decentralized digital currency that uses cryptography to secure and ensure validity of transactions within the network. Hence the term crypto-currency. Decentralization is a key aspect of Bitcoin. There is no CEO of Bitcoin or central authoritative government in control of the currency. The currency is ran and operated by the people, for the people. One of the main development teams behind Bitcoin is blockstream.
Bitcoin is a product of blockchain technology. Blockchain is what allows for the security and decentralization of Bitcoin. To understand Bitcoin and other cryptocurrencies, you must understand to some degree, blockchain. This can get extremely technical the further down the rabbit hole you go, and because this is technically a beginners guide, I’m going to try and simplify to the best of my ability and provide resources for further technical reading.

A Brief History

Bitcoin was created by Satoshi Nakamoto. The identity of Nakamoto is unknown. The idea of Bitcoin was first introduced in 2008 when Nakamoto released the Bitcoin white paper - Bitcoin: A Peer-to-Peer Electronic Cash System. Later, in January 2009, Nakamoto announced the Bitcoin software and the Bitcoin network officially began.
I should also mention that the smallest unit of a Bitcoin is called a Satoshi. 1 BTC = 100,000,000 Satoshis. When purchasing Bitcoin, you don’t actually need to purchase an entire coin. Bitcoin is divisible, so you can purchase any amount greater than 1 Satoshi (0.00000001 BTC).

What Is Blockchain?

Blockchain is a distributed ledger, a distributed collection of accounts. What is being accounted for depends on the use-case of the blockchain itself. In the case of Bitcoin, what is being accounted for is financial transactions.
The first block in a blockchain is referred to as the genesis block. A block is an aggregate of data. Blocks are also discovered through a process known as mining (more on this later). Each block is cryptographically signed by the previous block in the chain and visualizing this would look something akin to a chain of blocks, hence the term, blockchain.
For more information regarding blockchain I’ve provided more resouces below:

What is Bitcoin Mining

Bitcoin mining is one solution to the double spend problem. Bitcoin mining is how transactions are placed into blocks and added onto the blockchain. This is done to ensure proof of work, where computational power is staked in order to solve what is essentially a puzzle. If you solve the puzzle correctly, you are rewarded Bitcoin in the form of transaction fees, and the predetermined block reward. The Bitcoin given during a block reward is also the only way new Bitcoin can be introduced into the economy. With a halving event occurring roughly every 4 years, it is estimated that the last Bitcoin block will be mined in the year 2,140. (See What is Block Reward below for more info).
Mining is one of those aspects of Bitcoin that can get extremely technical and more complicated the further down the rabbit hole you go. An entire website could be created (and many have) dedicated solely to information regarding Bitcoin mining. The small paragraph above is meant to briefly expose you to the function of mining and the role it plays within the ecosystem. It doesn’t even scratch the surface regarding the topic.

How do you Purchase Bitcoin?

The most popular way to purchase Bitcoin through is through an online exchange where you trade fiat (your national currency) for Bitcoin.
Popular exchanges include:
  • Coinbase
  • Kraken
  • Cex
  • Gemini
There’s tons of different exchanges. Just make sure you find one that supports your national currency.

Volatility

Bitcoin and cryptocurrencies are EXTREMELY volatile. Swings of 30% or more within a few days is not unheard of. Understand that there is always inherent risks with any investment. Cryptocurrencies especially. Only invest what you’re willing to lose.

Transaction & Network Fees

Transacting on the Bitcoin network is not free. Every purchase or transfer of Bitcoin will cost X amount of BTC depending on how congested the network is. These fees are given to miners as apart of the block reward.
Late 2017 when Bitcoin got up to $20,000USD, the average network fee was ~$50. Currently, at the time of writing this, the average network fee is $1.46. This data is available in real-time on BitInfoCharts.

Security

In this new era of money, there is no central bank or government you can go to in need of assistance. This means the responsibility of your money falls 100% into your hands. That being said, the security regarding your cryptocurrency should be impeccable. The anonymity provided by cryptocurrencies alone makes you a valuable target to hackers and scammers. Below I’ve detailed out best practices regarding securing your cryptocurrency.

Two-Factor Authentication (2FA)

Two-factor authentication is a second way of authenticating your identity upon signing in to an account. Most cryptocurrency related software/websites will offer or require some form of 2FA. Upon creation of any crypto-related account find the Security section and enable 2FA.

SMS Authentication

The most basic form of 2FA which you are probably most familiar with. This form of authentication sends a text message to your smartphone with a special code that will allow access to your account upon entry. Note that this is not the safest form of 2FA as you may still be vulnerable to what is known as a SIM swap attack. SIM swapping is a social engineering method in which an attacker will call up your phone carrier, impersonating you, in attempt to re-activate your SIM card on his/her device. Once the attacker has access to your SIM card he/she now has access to your text messages which can then be used to access your online accounts. You can prevent this by using an authenticator such as Google Authenticator.

Authenticator

The use of an authenticator is the safest form of 2FA. An authenticator is installed on a seperate device and enabling it requires you input an ever changing six digit code in order to access your account. I recommend using Google Authenticator.
If a website has the option to enable an authenticator, it will give you a QR code and secret key. Use Google Authenticator to scan the QR code. The secret key consists of a random string of numbers and letters. Write this down on a seperate sheet of paper and do not store it on a digital device.
Once Google Authenticator has been enabled, every time you sign into your account, you will have to input a six-digit code that looks similar to this. If you happen to lose or damage the device you have Google Authenticator installed on, you will be locked out of your account UNLESS you have access to the secret key (which you should have written down).

Hardware Wallets

A wallet is what you store Bitcoin and cryptocurrency on. I’ll provide resources on the different type of wallets later but I want to emphasize the use of a hardware wallet (aka cold storage).
Hardware wallets are the safest way of storing cryptocurrency because it allows for your crypto to be kept offline in a physical device. After purchasing crypto via an exchange, I recommend transferring it to cold storage. The most popular hardware wallets include the Ledger Nano S, and Trezor.
Hardware wallets come with a special key so that if it gets lost or damaged, you can recover your crypto. I recommend keeping your recovery key as well as any other sensitive information in a safety deposit box.
I know this all may seem a bit manic, but it is important you take the necessary security precautions in order to ensure the safety & longevity of your cryptocurrency.

Technical Aspects of Bitcoin

TL;DR
  • Address: What you send Bitcoin to.
  • Wallet: Where you store your Bitcoin
  • Max Supply: 21 million
  • Block Time: ~10 minutes
  • Block Size: 1-2 MB
  • Block Reward: BTC reward received from mining.

What is a Bitcoin Address?

A Bitcoin address is what you send Bitcoin to. If you want to receive Bitcoin you’d give someone your Bitcoin address. Think of a Bitcoin address as an email address for money.

What is a Bitcoin Wallet?

As the title implies, a Bitcoin wallet is anything that can store Bitcoin. There are many different types of wallets including paper wallets, software wallets and hardware wallets. It is generally advised NOT to keep cryptocurrency on an exchange, as exchanges are prone to hacks (see Mt. Gox hack).
My preferred method of storing cryptocurrency is using a hardware wallet such as the Ledger Nano S or Trezor. These allow you to keep your crypto offline in physical form and as a result, much more safe from hacks. Paper wallets also allow for this but have less functionality in my opinion.
After I make crypto purchases, I transfer it to my Ledger Nano S and keep that in a safe at home. Hardware wallets also come with a special key so that if it gets lost or damaged, you can recover your crypto. I recommend keeping your recovery key in a safety deposit box.

What is Bitcoins Max Supply?

The max supply of Bitcoin is 21 million. The only way new Bitcoins can be introduced into the economy are through block rewards which are given after successfully mining a block (more on this later).

What is Bitcoins Block Time?

The average time in which blocks are created is called block time. For Bitcoin, the block time is ~10 minutes, meaning, 10 minutes is the minimum amount of time it will take for a Bitcoin transaction to be processed. Note that transactions on the Bitcoin network can take much longer depending on how congested the network is. Having to wait a few hours or even a few days in some instances for a transaction to clear is not unheard of.
Other cryptocurrencies will have different block times. For example, Ethereum has a block time of ~15 seconds.
For more information on how block time works, Prabath Siriwardena has a good block post on this subject which can be found here.

What is Bitcoins Block Size?

There is a limit to how large blocks can be. In the early days of Bitcoin, the block size was 36MB, but in 2010 this was reduced to 1 MB in order to prevent distributed denial of service attacks (DDoS), spam, and other malicious use on the blockchain. Nowadays, blocks are routinely in excess of 1MB, with the largest to date being somewhere around 2.1 MB.
There is much debate amongst the community on whether or not to increase Bitcoin’s block size limit to account for ever-increasing network demand. A larger block size would allow for more transactions to be processed. The con argument to this is that decentralization would be at risk as mining would become more centralized. As a result of this debate, on August 1, 2017, Bitcoin underwent a hard-fork and Bitcoin Cash was created which has a block size limit of 8 MB. Note that these are two completely different blockchains and sending Bitcoin to a Bitcoin Cash wallet (or vice versa) will result in a failed transaction.
Update: As of May 15th, 2018 Bitcoin Cash underwent another hard fork and the block size has increased to 32 MB.
On the topic of Bitcoin vs Bitcoin Cash and which cryptocurrency is better, I’ll let you do your own research and make that decision for yourself. It is good to know that this is a debated topic within the community and example of the politics that manifest within the space. Now if you see community members arguing about this topic, you’ll at least have a bit of background to the issue.

What is Block Reward?

Block reward is the BTC you receive after discovering a block. Blocks are discovered through a process called mining. The only way new BTC can be added to the economy is through block rewards and the block reward is halved every 210,000 blocks (approximately every 4 years). Halving events are done to limit the supply of Bitcoin. At the inception of Bitcoin, the block reward was 50BTC. At the time of writing this, the block reward is 12.5BTC. Halving events will continue to occur until the amount of new Bitcoin introduced into the economy becomes less than 1 Satoshi. This is expected to happen around the year 2,140. All 21 million Bitcoins will have been mined. Once all Bitcoins have been mined, the block reward will only consist of transaction fees.

Technical Aspects Continued

Understanding Nodes

Straight from the Bitcoin.it wiki
Any computer that connects to the Bitcoin network is called a node. Nodes that fully verify all of the rules of Bitcoin are called full nodes.
In other words, full nodes are what verify the Bitcoin blockchain and they play a crucial role in maintaining the decentralized network. Full nodes store the entirety of the blockchain and validate transactions. Anyone can participate in the Bitcoin network and run a full node. Bitcoin.org has information on how to set up a full node. Running a full node also gives you wallet capabilities and the ability to query the blockchain.
For more information on Bitcoin nodes, see Andreas Antonopoulos’s Q&A on the role of nodes.

What is a Fork?

A fork is a divergence in a blockchain. Since Bitcoin is a peer-to-peer network, there’s an overall set of rules (protocol) in which participants within the network must abide by. These rules are put in place to form network consensus. Forks occur when implementations must be made to the blockchain or if there is disagreement amongst the network on how consensus should be achieved.

Soft Fork vs Hard Fork

The difference between soft and hard forks lies in compatibility. Soft forks are backwards compatible, hard forks are not. Think of soft forks as software upgrades to the blockchain, whereas hard forks are a software upgrade that warrant a completely new blockchain.
During a soft fork, miners and nodes upgrade their software to support new consensus rules. Nodes that do not upgrade will still accept the new blockchain.
Examples of Bitcoin soft forks include:
A hard fork can be thought of as the creation of a new blockchain that X percentage of the community decides to migrate too. During a hard fork, miners and nodes upgrade their software to support new consensus rules, Nodes that do not upgrade are invalid and cannot accept the new blockchain.
Examples of Bitcoin hard forks include:
  • Bitcoin Cash
  • Bitcoin Gold
Note that these are completely different blockchains and independent from the Bitcoin blockchain. If you try to send Bitcoin to one of these blockchains, the transaction will fail.

A Case For Bitcoin in a World of Centralization

Our current financial system is centralized, which means the ledger(s) that operate within this centralized system are subjugated to control, manipulation, fraud, and many other negative aspects that come with this system. There are also pros that come with a centralized system, such as the ability to swiftly make decisions. However, at some point, the cons outweigh the pros, and change is needed. What makes Bitcoin so special as opposed to our current financial system is that Bitcoin allows for the decentralized transfer of money. Not one person owns the Bitcoin network, everybody does. Not one person controls Bitcoin, everybody does. A decentralized system in theory removes much of the baggage that comes with a centralized system. Not to say the Bitcoin network doesn’t have its problems (wink wink it does), and there’s much debate amongst the community as to how to go about solving these issues. But even tiny steps are significant steps in the world of blockchain, and I believe Bitcoin will ultimately help to democratize our financial system, whether or not you believe it is here to stay for good.

Final Conclusions

Well that was a lot of words… Anyways I hope this guide was beneficial, especially to you crypto newbies out there. You may have come into this realm not expecting there to be an abundance of information to learn about. I know I didn’t. Bitcoin is only the tip of the iceberg, but now that you have a fundamental understanding of Bitcoin, learning about other cryptocurrencies such as Litecoin, and Ethereum will come more naturally.
Feel free to ask questions below! I’m sure either the community or myself would be happy to answer your questions.
Thanks for reading!

Related Links

Guides

Exchanges

submitted by MrCryptoDude to Bitcoin [link] [comments]

Initially, I liked SegWit. But then I learned SegWit-as-a-SOFT-fork is dangerous (making transactions "anyone-can-spend"??) & centrally planned (1.7MB blocksize??). Instead, Bitcoin Unlimited is simple & safe, with MARKET-BASED BLOCKSIZE. This is why more & more people have decided to REJECT SEGWIT.

Initially, I liked SegWit. But then I learned SegWit-as-a-SOFT-fork is dangerous (making transactions "anyone-can-spend"??) & centrally planned (1.7MB blocksize??). Instead, Bitcoin Unlimited is simple & safe, with MARKET-BASED BLOCKSIZE. This is why more & more people have decided to REJECT SEGWIT.
Summary
Like many people, I initially loved SegWit - until I found out more about it.
I'm proud of my open-mindedness and my initial - albeit short-lived - support of SegWit - because this shows that I judge software on its merits, instead of being some kind of knee-jerk "hater".
SegWit's idea of "refactoring" the code to separate out the validation stuff made sense, and the phrase "soft fork" sounded cool - for a while.
But then we all learned that:
And we also got much better solutions: such as market-based blocksize with Bitcoin Unlimited - way better than SegWit's arbitrary, random centrally-planned, too-little-too-late 1.7MB "max blocksize".
This is why more and more people are rejecting SegWit - and instead installing Bitcoin Unlimited.
In my case, as I gradually learned about the disastrous consequences which SegWit-as-a-soft-fork-hack would have, my intial single OP in December 2015 expressing outspoken support for SegWit soon turned to an avalanche of outspoken opposition to SegWit.
Details
Core / Blockstream lost my support on SegWit - and it's all their fault.
How did Core / Blockstream turn me from an outspoken SegWit supporter to an outspoken SegWit opponent?
It was simple: They made the totally unnecessary (and dangerous) decision to program SegWit as a messy and dangerous soft-fork which would:
  • create a massive new threat vector by making all transactions "anyone-can-spend";
  • force yet-another random / arbitrary / centrally planned "max blocksize" on everyone (previously 1 MB, now 1.7MB - still pathetically small and hard-coded!).
Meanwhile, new, independent dev teams which are smaller and much better than the corrupt, fiat-financed Core / Blockstream are offering simpler and safer solutions which are much better than SegWit:
  • For blocksize governance, we now have market-based blocksize based on emergent consensus, provided by Bitcoin Unlimited.
  • For malleability and quadratic hashing time (plus a future-proof, tag-based language similar to JSON or XML supporting much cleaner upgrades long-term), we now have Flexible Transactions (FlexTrans).
This is why We Reject SegWit because "SegWit is the most radical and irresponsible protocol upgrade Bitcoin has faced in its history".
My rapid evolution on SegWit - as I discovered its dangers (and as we got much better alternatives, like Bitcoin Unlimited + FlexTrans):
Initially, I was one of the most outspoken supporters of SegWit - raving about it in the following OP which I posted (on Monday, December 7, 2015) immediately after seeing a presentation about it on YouTube by Pieter Wuille at one of the early Bitcoin scaling stalling conferences:
https://np.reddit.com/btc/comments/3vt1ov/pieter_wuilles_segregated_witness_and_fraud/
Pieter Wuille's Segregated Witness and Fraud Proofs (via Soft-Fork!) is a major improvement for scaling and security (and upgrading!)
I am very proud of that initial pro-SegWit post of mine - because it shows that I have always been totally unbiased and impartial and objective about the ideas behind SegWit - and I have always evaluated it purely on its merits (and demerits).
So, I was one of the first people to recognize the positive impact which the ideas behind SegWit could have had (ie, "segregating" the signature information from the sender / receiver / amount information) - if SegWit had been implemented by an honest dev team that supports the interests of the Bitcoin community.
However, we've learned a lot since December 2015. Now we know that Core / Blockstream is actively working against the interests of the Bitcoin community, by:
  • trying to force their political and economic viewpoints onto everyone else by "hard-coding" / "bundling" some random / arbitrary / centrally-planned 1.7MB "max blocksize" (?!?) into our code;
  • trying to take away our right to vote via a clean and safe "hard fork";
  • trying to cripple our code with dangerous "technical debt" - eg their radical and irresponsible proposal to make all transactions "anyone-can-spend".
This is the mess of SegWit - which we all learned about over the past year.
So, Core / Blockstream blew it - bigtime - losing my support for SegWit, and the support of many others in the community.
We might have continued to support SegWit if Core / Blockstream had not implemented it as a dangerous and dirty soft fork.
But Core / Blockstream lost our support - by attempting to implement SegWit as a dangerous, anti-democratic soft fork.
The lesson here for Core/Blockstream is clear:
Bitcoin users are not stupid.
Many of us are programmers ourselves, and we know the difference between a simple & safe hard fork and a messy & dangerous soft fork.
And we also don't like it when Core / Blockstream attempts to take away our right to vote.
And finally, we don't like it when Core / Blockstream attempts to steal functionality away from nodes while using misleading terminology - as u/chinawat has repeatedly been pointing out lately.
We know a messy, dangerous, centrally planned hack when we see it - and SegWit is a messy, dangerous, centrally planned hack.
If Core/Blockstream attempts to foce messy and dangerous code like SegWit-as-a-soft-fork on the community, we can and should and we will reject SegWit - to protect our billions of dollars of investment in Bitcoin (which could turn into trillions of dollars someday - if we continue to protect our code from poison pills and trojans like SegWit).
Too bad you lost my support (and the support of many, many other Bitcoin users), Core / Blockstream! But it's your own fault for releasing shitty code.
Below are some earlier comments from me showing how I quickly turned from one of the most outspoken supporters of Segwit (in that single OP I wrote the day I saw Pieter Wuille's presentation on YouTube) - into one of most outspoken opponents of SegWit:
I also think Pieter Wuille is a great programmer and I was one of the first people to support SegWit after it was announced at a congress a few months ago.
But then Blockstream went and distorted SegWit to fit it into their corporate interests (maintaining their position as the dominant centralized dev team - which requires avoiding hard-forks). And Blockstream's corporate interests don't always align with Bitcoin's interests.
https://np.reddit.com/btc/comments/57zbkp/if_blockstream_were_truly_conservative_and_wanted/
As noted in the link in the section title above, I myself was an outspoken supporter championing SegWit on the day when I first the YouTube of Pieter Wuille explaining it at one of the early "Scaling Bitcoin" conferences.
Then I found out that doing it as a soft fork would add unnecessary "spaghetti code" - and I became one of the most outspoken opponents of SegWit.
https://np.reddit.com/btc/comments/5ejmin/coreblockstream_is_living_in_a_fantasy_world_in/
Pieter Wuille's SegWit would be a great refactoring and clean-up of the code (if we don't let Luke-Jr poison it by packaging it as a soft-fork)
https://np.reddit.com/btc/comments/4kxtq4/i_think_the_berlin_wall_principle_will_end_up/
Probably the only prominent Core/Blockstream dev who does understand this kind of stuff like the Robustness Principle or its equivalent reformulation in terms of covariant and contravariant types is someone like Pieter Wuille – since he’s a guy who’s done a lot of work in functional languages like Haskell – instead of being a myopic C-tard like most of the rest of the Core/Blockstream devs. He’s a smart guy, and his work on SegWit is really important stuff (but too bad that, yet again, it’s being misdelivered as a “soft-fork,” again due to the cluelessness of someone like Luke-Jr, whose grasp of syntax and semantics – not to mention society – is so glaringly lacking that he should have been recognized for the toxic influence that he is and shunned long ago).
https://np.reddit.com/btc/comments/4k6tke/the_tragedy_of/
The damage which would be caused by SegWit (at the financial, software, and governance level) would be massive:
  • Millions of lines of other Bitcoin code would have to be rewritten (in wallets, on exchanges, at businesses) in order to become compatible with all the messy non-standard kludges and workarounds which Blockstream was forced into adding to the code (the famous "technical debt") in order to get SegWit to work as a soft fork.
  • SegWit was originally sold to us as a "code clean-up". Heck, even I intially fell for it when I saw an early presentation by Pieter Wuille on YouTube from one of Blockstream's many, censored Bitcoin scaling stalling conferences)
  • But as we all later all discovered, SegWit is just a messy hack.
  • Probably the most dangerous aspect of SegWit is that it changes all transactions into "ANYONE-CAN-SPEND" without SegWit - all because of the messy workarounds necessary to do SegWit as a soft-fork. The kludges and workarounds involving SegWit's "ANYONE-CAN-SPEND" semantics would only work as long as SegWit is still installed.
  • This means that it would be impossible to roll-back SegWit - because all SegWit transactions that get recorded on the blockchain would now be interpreted as "ANYONE-CAN-SPEND" - so, SegWit's dangerous and messy "kludges and workarounds and hacks" would have to be made permanent - otherwise, anyone could spend those "ANYONE-CAN-SPEND" SegWit coins!
Segwit cannot be rolled back because to non-upgraded clients, ANYONE can spend Segwit txn outputs. If Segwit is rolled back, all funds locked in Segwit outputs can be taken by anyone. As more funds gets locked up in segwit outputs, incentive for miners to collude to claim them grows.
https://np.reddit.com/btc/comments/5ge1ks/segwit_cannot_be_rolled_back_because_to/
https://np.reddit.com/btc/search?q=segwit+anyone+can+spend&restrict_sr=on&sort=relevance&t=all
https://np.reddit.com/btc/comments/5r9cu7/the_real_question_is_how_fast_do_bugs_get_fixed/
Why are more and more people (including me!) rejecting SegWit?
(1) SegWit is the most radical and irresponsible change ever proposed for Bitcoin:
"SegWit encumbers Bitcoin with irreversible technical debt. Miners should reject SWSF. SW is the most radical and irresponsible protocol upgrade Bitcoin has faced in its history. The scale of the code changes are far from trivial - nearly every part of the codebase is affected by SW" Jaqen Hash’ghar
https://np.reddit.com/btc/comments/5rdl1j/segwit_encumbers_bitcoin_with_irreversible/
3 excellent articles highlighting some of the major problems with SegWit: (1) "Core Segwit – Thinking of upgrading? You need to read this!" by WallStreetTechnologist (2) "SegWit is not great" by Deadalnix (3) "How Software Gets Bloated: From Telephony to Bitcoin" by Emin Gün Sirer
https://np.reddit.com/btc/comments/5rfh4i/3_excellent_articles_highlighting_some_of_the/
"The scaling argument was ridiculous at first, and now it's sinister. Core wants to take transactions away from miners to give to their banking buddies - crippling Bitcoin to only be able to do settlements. They are destroying Satoshi's vision. SegwitCoin is Bankcoin, not Bitcoin" ~ u/ZeroFucksG1v3n
https://np.reddit.com/btc/comments/5rbug3/the_scaling_argument_was_ridiculous_at_first_and/
u/Uptrenda on SegWit: "Core is forcing every Bitcoin startup to abandon their entire code base for a Rube Goldberg machine making their products so slow, inconvenient, and confusing that even if they do manage to 'migrate' to this cluster-fuck of technical debt it will kill their businesses anyway."
https://np.reddit.com/btc/comments/5e86fg/uuptrenda_on_segwit_core_is_forcing_every_bitcoin/
"SegWit [would] bring unnecessary complexity to the bitcoin blockchain. Huge changes it introduces into the client are a veritable minefield of issues, [with] huge changes needed for all wallets, exchanges, remittance, and virtually all bitcoin software that will use it." ~ u/Bitcoinopoly
https://np.reddit.com/btc/comments/5jqgpz/segwit_would_bring_unnecessary_complexity_to_the/
Just because something is a "soft fork" doesn't mean it isn't a massive change. SegWit is an alt-coin. It would introduce radical and unpredictable changes in Bitcoin's economic parameters and incentives. Just read this thread. Nobody has any idea how the mainnet will react to SegWit in real life.
https://np.reddit.com/btc/comments/5fc1ii/just_because_something_is_a_soft_fork_doesnt_mean/
Core/Blockstream & their supporters keep saying that "SegWit has been tested". But this is false. Other software used by miners, exchanges, Bitcoin hardware manufacturers, non-Core software developers/companies, and Bitcoin enthusiasts would all need to be rewritten, to be compatible with SegWit
https://np.reddit.com/btc/comments/5dlyz7/coreblockstream_their_supporters_keep_saying_that/
SegWit-as-a-softfork is a hack. Flexible-Transactions-as-a-hard-fork is simpler, safer and more future-proof than SegWit-as-a-soft-fork - trivially solving malleability, while adding a "tag-based" binary data format (like JSON, XML or HTML) for easier, safer future upgrades with less technical debt
https://np.reddit.com/btc/comments/5a7husegwitasasoftfork_is_a_hack/
(2) Better solutions than SegWit are now available (Bitcoin Unlimited, FlexTrans):
ViABTC: "Why I support BU: We should give the question of block size to the free market to decide. It will naturally adjust to ever-improving network & technological constraints. Bitcoin Unlimited guarantees that block size will follow what the Bitcoin network is capable of handling safely."
https://np.reddit.com/btc/comments/574g5l/viabtc_why_i_support_bu_we_should_give_the/
"Why is Flexible Transactions more future-proof than SegWit?" by u/ThomasZander
https://np.reddit.com/btc/comments/5rbv1j/why_is_flexible_transactions_more_futureproof/
Bitcoin's specification (eg: Excess Blocksize (EB) & Acceptance Depth (AD), configurable via Bitcoin Unlimited) can, should & always WILL be decided by ALL the miners & users - not by a single FIAT-FUNDED, CENSORSHIP-SUPPORTED dev team (Core/Blockstream) & miner (BitFury) pushing SegWit 1.7MB blocks
https://np.reddit.com/btc/comments/5u1r2d/bitcoins_specification_eg_excess_blocksize_eb/
The Blockstream/SegWit/LN fork will be worth LESS: SegWit uses 4MB storage/bandwidth to provide a one-time bump to 1.7MB blocksize; messy, less-safe as softfork; LN=vaporware. The BU fork will be worth MORE: single clean safe hardfork solving blocksize forever; on-chain; fix malleability separately.
https://np.reddit.com/btc/comments/57zjnk/the_blockstreamsegwitln_fork_will_be_worth_less/
(3) Very few miners actually support SegWit. In fact, over half of SegWit signaling comes from just two fiat-funded miners associated with Core / Blockstream: BitFury and BTCC:
Brock Pierce's BLOCKCHAIN CAPITAL is part-owner of Bitcoin's biggest, private, fiat-funded private dev team (Blockstream) & biggest, private, fiat-funded private mining operation (BitFury). Both are pushing SegWit - with its "centrally planned blocksize" & dangerous "anyone-can-spend kludge".
https://np.reddit.com/btc/comments/5sndsz/brock_pierces_blockchain_capital_is_partowner_of/
(4) Hard forks are simpler and safer than soft forks. Hard forks preserve your "right to vote" - so Core / Blockstream is afraid of hard forks a/k/a "full node refendums" - because they know their code would be rejected:
The real reason why Core / Blockstream always favors soft-forks over hard-forks (even though hard-forks are actually safer because hard-forks are explicit) is because soft-forks allow the "incumbent" code to quietly remain incumbent forever (and in this case, the "incumbent" code is Core)
https://np.reddit.com/btc/comments/4080mw/the_real_reason_why_core_blockstream_always/
Reminder: Previous posts showing that Blockstream's opposition to hard-forks is dangerous, obstructionist, selfish FUD. As many of us already know, the reason that Blockstream is against hard forks is simple: Hard forks are good for Bitcoin, but bad for the private company Blockstream.
https://np.reddit.com/btc/comments/4ttmk3/reminder_previous_posts_showing_that_blockstreams/
"They [Core/Blockstream] fear a hard fork will remove them from their dominant position." ... "Hard forks are 'dangerous' because they put the market in charge, and the market might vote against '[the] experts' [at Core/Blockstream]" - ForkiusMaximus
https://np.reddit.com/btc/comments/43h4cq/they_coreblockstream_fear_a_hard_fork_will_remove/
The proper terminology for a "hard fork" should be a "FULL NODE REFERENDUM" - an open, transparent EXPLICIT process where everyone has the right to vote FOR or AGAINST an upgrade. The proper terminology for a "soft fork" should be a "SNEAKY TROJAN HORSE" - because IT TAKES AWAY YOUR RIGHT TO VOTE.
https://np.reddit.com/btc/comments/5e4e7d/the_proper_terminology_for_a_hard_fork_should_be/
If Blockstream were truly "conservative" and wanted to "protect Bitcoin" then they would deploy SegWit AS A HARD FORK. Insisting on deploying SegWit as a soft fork (overly complicated so more dangerous for Bitcoin) exposes that they are LYING about being "conservative" and "protecting Bitcoin".
https://np.reddit.com/btc/comments/57zbkp/if_blockstream_were_truly_conservative_and_wanted/
"We had our arms twisted to accept 2MB hardfork + SegWit. We then got a bait and switch 1MB + SegWit with no hardfork, and accounting tricks to make P2SH transactions cheaper (for sidechains and Lightning, which is all Blockstream wants because they can use it to control Bitcoin)." ~ u/URGOVERNMENT
https://np.reddit.com/btc/comments/5ju5r8/we_had_our_arms_twisted_to_accept_2mb_hardfork/
u/Luke-Jr invented SegWit's dangerous "anyone-can-spend" soft-fork kludge. Now he helped kill Bitcoin trading at Circle. He thinks Bitcoin should only hard-fork TO DEAL WITH QUANTUM COMPUTING. Luke-Jr will continue to kill Bitcoin if we continue to let him. To prosper, BITCOIN MUST IGNORE LUKE-JR.
https://np.reddit.com/btc/comments/5h0yf0/ulukejr_invented_segwits_dangerous_anyonecanspend/
Normal users understand that SegWit-as-a-softfork is dangerous, because it deceives non-upgraded nodes into thinking transactions are valid when actually they're not - turning those nodes into "zombie nodes". Greg