How to import private keys - Bitcoin Wiki

Namecoin and the future of self-sovereign digital identity.

Namecoin's motto is "Bitcoin frees money – Namecoin frees DNS, identities, and other technologies."
biolizard89 has done fantastic work on the DNS part, but let's focus on the identity use case here. Recent events have convinced me that digital identity on the internet is broken. Consider:
What was true in 1993 when cartoonist Peter Steiner wrote "On the internet, nobody knows you are a dog" is still true today. The only difference is that identity is increasingly being weaponized using AI/ML so "On the internet, nobody knows you are a bot" would perhaps be more apt.
I read the following comment from a user on slashdot yesterday:
For the time being, you can assume that this comment was written by a human being. You can click on my username, look back at my history of posts, and go, "OK, here's a bunch of posts, by a person, going back more than a decade, to the TIME BEFORE BOTS." That is, before the first year of 2020.
Since humans are likely to adopt the majority opinion, bad actors find real value in being able to control the narrative online by surrounding the reader with manufactured opinions by bots that due to advances in ML/AI are quickly becoming indistinguishable from real users. This amounts to a Sybil attack on the minds of digital content consumers and poses major threat to the integrity of our social fabric.
Apart from the recent twitter incident used for scamming, nation states have been known to create massive bot armies of fake and hijacked user accounts to try and shift the narratives regarding the Hong Kong independence protests as well as national elections. This will only increase.
Currently, our digital identity is fragmented into silo's largely controlled by government institutions and mega corporations (FAANG) based on a "Trust us" model. As recent events have proven, this is a bad model and in dire need of improvement/replacement. IMHO we need to move from "Trust us" to a "Trust but verify" model where the user is in full control of their digital identity.
Namecoin can and should play an important role in building this 'web of trust composed of self-sovereign identities" as it is neutral (no owner), permissionless and secure (merge-mined). Daniel already developed a proof of concept with NameID but what can we do to take this further?
Personally I'd like to see users create Namecoin identities and link them to their social identities (e.g. Google, Facebook, Twitter, Reddit, etc). Then whenever they create content, they sign it with their private keys. This would allow a reader to verify the content was created by the user. Content verification would have stopped the recent twitter hack, because even if the hackers would have access to internal admin tools they would not have the private keys that the users produce valid content with. "Not your keys, not your content"
Content verification is only one part. Ideally a user would like to verify the integrity of the content creator as well. E.g. has this user passed human verification in any of the linked platforms? Does a trusted linked entity vouch for the reputation or integrity of this user (e.g. a government entity, financial entity or non-governmental organization?). This would require those platforms to allow linking of Namecoin ID with their Platform ID and allow lookup and signing of metadata provided by these platforms. (e.g. UserID Y is linked to PlatformID X and completed human verification on date Z, signed Twitter).
I image users could install an extension similar to uBlock or Privacy Badger that contains human curated blacklists and heuristics that operate on Namecoin entities to perform these checks and flag or filter content and users that fail integrity checks. This would allow a users to automatically weed out potential bots and trolls but keep full control of this process themselves, avoiding potential censorship if this task would fall on the platform owners themselves (something governments are pushing for).
We could take this even further and integrate Namecoin ID's in software and hardware devices as well. This could create chains of trust to verify the entire chain of content creation and manipulation to the final content posted on a social platform. Where every entity signs the resulting content. (E.g. camera -> photoshop -> twitter post)
Apart from signing content/messages (PGP style). Namecoin could perhaps also be used for managing identity tokens in a users 'Identity wallet'. Looking into my physical wallet this could include things like credit cards, insurance cards, government issued IDs, membership cards, transportation cards, key cards, etc. This could be done similar to 'colored coins' on Bitcoin. But would have to support some type of smart contract functionality to be useful (e.g. expiring tokens, etc).
I'm not a developer nor a technical writer, but I do think we need to think long and hard about how we can solve digital identity in a way that empowers users to trust and verify the content and identities of the peers we interact with online while also respecting privacy and preventing censorship by external parties. Namecoin could be the better path to building this web of trust, but given the current pace of AI/ML and the willingness by bad actors to weaponize it at scale against users interests we might not have much time. (Apologies for the rant!)
submitted by rmvaandr to Namecoin [link] [comments]

NOOBS GUIDE - How not to get your bitcoin stolen on Empire Market and verify any empire site

Hi guys and gals,
I have made this guide because as some of you have probably experienced before there are tons of phishing sites that are mimicking empire market. Lots of them are very credible but steal your bitcoins. The most convincing phishing sites use a 'man in the middle' attack where it directs traffic to the original empire market site, but changes the bitcoin deposit address. People fall for this because the nature of the attack means that the users individual personal phrase is displayed correctly and everything seems to be normal but when you deposit, the coins disappear. This has led many users to falsely blame empire market and assume they are conducting an exit scam which is not true.

Firstly I would like to say to avoid this you must have a critical mindset of every empire market onion url you visit. Even if it has worked several times before. I will detail in this guide how to stop getting your money stolen and this is for educational purposes only. I do not take responsibility for anything you buy on the site. Please let me know if there is anything you would like added to the guide and I will aim to do so. I would also appreciate if everyone could upvote this and if the mods could sticky this so we can get maximum views to stop people getting scammed.

With that out of the way, I am assuming you know how to use PGP. if you don't please research how to do this before you continue, the following links may help you (if there is enough demand I will eventually make a separate tutorial on this):

http://www.bitcoinnotbombs.com/beginners-guide-to-pgp/
https://www.reddit.com/SilkRoad/comments/1qh266/guide_pgp_4_n00bz/

The critical requirements you must have before continuing:

The reason why most people get scammed is because they don't verify their links, and when they have, they use the wrong empire market public PGP key located on the phishing sites. The attackers have set this up to work with their own phishing empire market site. The real empire market PGP key has always been located on dreadditevelidot.onion:

  1. Copy dreadditevelidot.onion into Tor
  2. on the right hand side of the page you will see a link saying '/d/EmpireMarket' click on it
  3. towards the top of the page underneath where it says 'Dread' you should see a button called 'PGP' click on it.
  4. Copy the PGP public key into notepad and save it as a .txt or .asc file and import it into your chosen PGP program (i tend to use GPA as part of the GPG4WIN toolkit but others prefer to use kleopatra, each to their own it does the same job)

Once you have this key imported name it something like empire market or whatever you wish, this will be the real key that will tell you if any site you are on is genuine or not. It is published only by the creator of empire market. NEVER and I repeat NEVER use the empire market PGP public key located on any empire market url as this can be faked. Only use the one on dreadditevelidot.onion, I hope that is crystal clear.

Now in general, what you want to do next is:

  1. take a link from dark.fail e.g. dkndfkn9gfnf.onion(not real) and add '/safe' to the end of it, or alternatively click on 'verify mirror' once you land on the site.
  2. follow the prompts until you see a PGP message displayed for you, copy this into GPA or other program and click 'verify', if all is good you should see a popup saying 'valid signature' and maybe some text highlighted in green. It looks like this:
https://pasteboard.co/IkNVbsC.png
  1. If you see anything saying 'bad signature' then under no circumstances login or use the site as it is a phishing site.
https://pasteboard.co/IkNVP1l.png
  1. if the signature is good proceed to login

Now, once you are certain the site is real, you still don't want to trust it 100%. What you want to do is go to the bitcoin deposit page and click 'generate a bitcoin deposit address'. Once that is done, underneath you will see a link saying 'Get PGP signed proof of ownership', click that and go through the prompts (as similar to before on /safe) you will see a PGP and you want to verify that also to make sure the signature is valid.

Once you have successful signatures for the previous steps you pretty much have the green light to deposit your bitcoin to that address. However if you are planning on depositing an amount you can't afford to lose, what I would suggest is depositing a small amount first. And if it is successful then you can deposit again later as the site will be confirmed to be genuine. This is an almost fool proof way of ensuring you don't lose your bitcoin if you follow the steps I have mentioned. HOWEVER IT MUST BE STATED THAT EVERY TIME YOU DEPOSIT TO A BITCOIN ADDRESS, YOU HAVE TO GENERATE A NEW BITCOIN ADDRESS AS ANY NEW COINS YOU SEND TO A PREVIOUS ADDRESS WILL BE LOST.

To prevent any further losses to your account you can go into your profile and enable 2FA authentication. This essentially ensures that no one can access your account unless they have your private PGP key and also if the .onion you see in the decrypted message doesn't match the url one you are on, it is a phishing site. If you would like a tutorial on how to do this please request it enough times and I will try to find time to write a tutorial up.

I am writing this from a position of frustration after losing a large amount of money to scammers and hope that my information can help you. Please take the time to follow all the steps meticulously and feel free to comment if you are having trouble. I work full time so I will try to get back to people when I am free. Please excuse any grammar errors as I wrote this in a rush and plan on editing it based on feedback. Happy Shopping

Mods please sticky this, spread the word and lets eliminate the scammers.

EDIT: I have had alot of requests from people who still can't successfully verify the mirror. Please make sure when you solve the captcha on the 'verify mirror' link that you copy the whole txt including the signature and the pgp code before you verify. If you are using dark.fail and it still isn't working then retry the captcha a few times becuase there may be a sync issue on the empire market server. For all the other users who still can't get it to work, for these people I think only a video tutorial would help. Also probably better not to login to any site until you have a firm grip of PGP, how it works and how to use it. As you can understand this would take time and i plan on releasing one on the weekend so please stay patient until i have edited and uploaded one on youtube. To make life easier for people I also plan on uploading empire markets PGP key to a download website, but I am hesitant to do this because I don't want anyone to half follow the instructions and then blame me if they lose their bitcoin.

EDIT [8 JULY 2019]: i apologise again for my delays, i live a very busy life. However please read the following information for those of you who are still having trouble verifying your links. I have ascertained the reason why some people are still get invalid signatures (note this is different to a 'bad signature'). The reason why is because kleopatra doesnt recognise where this key is coming from as its not part of the pgp network (not 100% accurate explanation but as noob friendly of an explanation i can give). To fix this what you need to do is certify the key in kleopatra:
  1. Open kleopatra, you should see a collection of public and private pgp keys including your own.
  2. Look for the empire market key and right click on it, then click certify
  3. Follow the prompts and certify it against your own pgp key. (You may need to enter your password)
  4. Once its all done you should see somewhere on the final dialog box where it says certification successful. (If not try it again)
  5. Click finish
  6. Now when you go through this tutorial again if the key is valid you should definitely see 'good signature' displayed in GPA.
  7. Smile and enjoy your hard work and patience of going through the tutorial.
Guys here is the empire market key that I have on my own computer (use at your own risk, it works for me and other people):
http://www.filedropper.com/empirekey
submitted by ufcfanatic123 to darknet [link] [comments]

MultiBit is being sold to KeepKey LLC

MultiBit is being sold to KeepKey LLC submitted by jim618 to Bitcoin [link] [comments]

Recover Bitcoin Cash from old Ledger

So here's the problem, i got some Bitcoin Cash on a ledger version 1.3.1 which was never updated, updating this version of ledger will reset the device.
I managed to connect it to an older computer and rescued some other coins, but i haven't had any luck with Bitcoin Cash.
I've tried multiple versions of Electron Cash, but 3.1 and later versions says the ledger version is too old and must be updated, while older versions of electron cash can import the ledger wallet, but the network is dead (offline).
So what happened to the recovery phrase you might be asking?
Instead of keeping the whole recovery phrase on paper, i thought it was a good idea to split and encrypt the phrase in different ways on different devices. stupidly, one of those was an iOS app which no longer exists, i only got a screenshot of the icon of this app: https://ibb.co/bHS6tHc
I think it was just called "Encrypt" and i think the developer name looked Vietnamese, but i don't actually have the name or any other details, and i have had no luck finding any trace of this app.
The app was supposed to just encrypt with a password, but i have tried using multiple decryption algorithms, and none of them work. The encrypted string has random looking characters, with three '+'s, then two '/'s and ends with '='
I suspect this may be a PGP encryption that also included a hidden private key which was built into the app.
So i am all ears if anyone has any plausible solution, and i wonder if a hardfork made the old way of signing transactions completely obsolete, or if some software could potentially sign a working transaction using it.
I do have the first 16 words of the 24 word recovery phrase, any idea how and how long it would take to brute force the last 8?
submitted by gameyey to btc [link] [comments]

[Call to Action] Make your political contributions in Bitcoin (HowTo)

As the political season heats up I've patiently waited for politicians to install BTCPay servers to allow bitcoin contributions. I'm now realizing that the wait will likely take forever. Then I realized I didn't need to wait. I can send anyone bitcoin anytime I want using an expiring paperwallet. It's all totally legit. Works like this:
  1. Any "gift" to a campaign is an "in-kind" contribution.
  2. Disclosure of personal information is only required for contributions above $200.
  3. Paper wallets can easily be mailed to the campaign headquarters just like checks.
  4. You should keep the private keys and revoke the funds after 90 days (or whatever).
  5. The more paper wallets they receive, the more likely they are to favor bitcoin.
Be aware, your contribution will likely just get stolen by a volunteer, so don't go overboard.
If everyone on this subreddit who plans (or can) vote in the upcoming elections were to give 11,000 SAT to the candidate of their choice, eventually they would have enough to warrant getting an exchange account KYC'ing and going through all the same pains we go through to comply with US AML/KYC law. Possibly provide them a way to walk a mile in our shoes. It will also show these candidates that bitcoin can be used "for good" and isn't just for drug runners.
Although you don't need to fill out a disclosure for small ( < $200 ) contributions, it is still probably a good idea to do so. What you should disclose is Name, Address, Employer, and Occupation. You will also need to sign a statement attesting that you are not contributing on behalf of a labor union, federal contractor, or foreign national (unless a lawful US resident).
As warned above, care should be taken in how much you put on the wallet. It's just like cash, so any volunteer opening mail could swipe it. You also need to be careful to only use a trusted wallet. The bitaddress.org is broadly trusted and a good default choice. I ported it to python in the pypaperwallet module, but most people will likely stick with bitaddress.org as it has had years to build trust and reputation. Obviously you should download the zip and run it locally so as not to trust a web server with private keys.

Basic bitaddress.org HowTo:

  1. Download zip from https://github.com/pointbiz/bitaddress.org/tree/v3.3.0
  2. Download PGP key from https://www.bitaddress.org/ninja_bitaddress.org.txt
  3. Import Ninja's expired key that you downloaded in [2] into GPG.
  4. Verify Ninja's key fingerprint matches the fingerprint in his BitcoinTalk post
  5. Unzip the zip downloaded in [1] and enter that directory
  6. Verify the file bitaddress.org.html.sig using Ninja's expired key
  7. Open the bitaddress.org.html file in Chrome
  8. Print the paper wallet and fund it with a few dollars worth of BTC
  9. Include a letter attesting that you aren't a foreign influencer, with a union, or contractor
  10. Include your Name, Address, Employer and Occupation in the letter and sign it
  11. Make a copy of the wallets private key to void the wallet after 90 days
  12. Mail the wallet and signed letter to the campaign of your choosing
  13. If the funds haven't moved after 90 days, sweep them back to yourself
I've produced the form letters in pypaperwallet, but as I said, it's a new repo from some random redditor. In any case, here's the howto for my module:

Basic pypaperwallet HowTo:

  1. Find latest release at https://github.com/brianddk/pypaperwallet/releases
  2. Expand "Assets" and download the "Source code (tar.gz)" as pypaperwallet.tar.gz.
  3. Download the *.tar.gz.sig file naming it pypaperwallet.tar.gz.sig
  4. Download my key from https://brianddk.github.io/darkweb/brianddk/pub.asc
  5. Import my key using gpg --import pub.asc or whatever you named it.
  6. Verify download with gpg --verify pypaperwallet.tar.gz.sig
  7. Extract the contents of the .zip or .tar.gz file to any directory
  8. From Python 3.7 run pip install pypaperwallet.tar.gz to install dependencies
  9. Review the README.md on how to install the GTK cairo dependency
  10. Modify test.py to your liking and run from python 3.7 to produce the PDFs.
  11. To change wording, modify the contents of template.py
Disclaimer: This mainly pertains to US campaign law, but other countries likely have similar ways for voters to contribute.
submitted by brianddk to CryptoCurrency [link] [comments]

[Call to Action] Make your political contributions in Bitcoin (HowTo)

As the political season heats up I've patiently waited for politicians to install BTCPay servers to allow bitcoin contributions. I'm now realizing that the wait will likely take forever. Then I realized I didn't need to wait. I can send anyone bitcoin anytime I want using an expiring paperwallet. It's all totally legit. Works like this:
  1. Any "gift" to a campaign is an "in-kind" contribution.
  2. Disclosure of personal information is only required for contributions above $200.
  3. Paper wallets can easily be mailed to the campaign headquarters just like checks.
  4. You should keep the private keys and revoke the funds after 90 days (or whatever).
  5. The more paper wallets they receive, the more likely they are to favor bitcoin.
Be aware, your contribution will likely just get stolen by a volunteer, so don't go overboard.
If everyone on this subreddit who plans (or can) vote in the upcoming elections were to give 11,000 SAT to the candidate of their choice, eventually they would have enough to warrant getting an exchange account KYC'ing and going through all the same pains we go through to comply with US AML/KYC law. Possibly provide them a way to walk a mile in our shoes. It will also show these candidates that bitcoin can be used "for good" and isn't just for drug runners.
Although you don't need to fill out a disclosure for small ( < $200 ) contributions, it is still probably a good idea to do so. What you should disclose is Name, Address, Employer, and Occupation. You will also need to sign a statement attesting that you are not contributing on behalf of a labor union, federal contractor, or foreign national (unless a lawful US resident).
As warned above, care should be taken in how much you put on the wallet. It's just like cash, so any volunteer opening mail could swipe it. You also need to be careful to only use a trusted wallet. The bitaddress.org is broadly trusted and a good default choice. I ported it to python in the pypaperwallet module, but most people will likely stick with bitaddress.org as it has had years to build trust and reputation. Obviously you should download the zip and run it locally so as not to trust a web server with private keys.

Basic bitaddress.org HowTo:

  1. Download zip from https://github.com/pointbiz/bitaddress.org/tree/v3.3.0
  2. Download PGP key from https://www.bitaddress.org/ninja_bitaddress.org.txt
  3. Import Ninja's expired key that you downloaded in [2] into GPG.
  4. Verify Ninja's key fingerprint matches the fingerprint in his BitcoinTalk post
  5. Unzip the zip downloaded in [1] and enter that directory
  6. Verify the file bitaddress.org.html.sig using Ninja's expired key
  7. Open the bitaddress.org.html file in Chrome
  8. Print the paper wallet and fund it with a few dollars worth of BTC
  9. Include a letter attesting that you aren't a foreign influencer, with a union, or contractor
  10. Include your Name, Address, Employer and Occupation in the letter and sign it
  11. Make a copy of the wallets private key to void the wallet after 90 days
  12. Mail the wallet and signed letter to the campaign of your choosing
  13. If the funds haven't moved after 90 days, sweep them back to yourself
I've produced the form letters in pypaperwallet, but as I said, it's a new repo from some random redditor. In any case, here's the howto for my module:

Basic pypaperwallet HowTo:

  1. Find latest release at https://github.com/brianddk/pypaperwallet/releases
  2. Expand "Assets" and download the "Source code (tar.gz)" as pypaperwallet.tar.gz.
  3. Download the *.tar.gz.sig file naming it pypaperwallet.tar.gz.sig
  4. Download my key from https://brianddk.github.io/darkweb/brianddk/pub.asc
  5. Import my key using gpg --import pub.asc or whatever you named it.
  6. Verify download with gpg --verify pypaperwallet.tar.gz.sig
  7. Extract the contents of the .zip or .tar.gz file to any directory
  8. From Python 3.7 run pip install pypaperwallet.tar.gz to install dependencies
  9. Review the README.md on how to install the GTK cairo dependency
  10. Modify test.py to your liking and run from python 3.7 to produce the PDFs.
  11. To change wording, modify the contents of template.py
Disclaimer: This mainly pertains to US campaign law, but other countries likely have similar ways for voters to contribute.
submitted by brianddk to Bitcoin [link] [comments]

[Call to Action] Make your political contributions in Bitcoin instead (HowTo)

As the political season heats up I've patiently waited for politicians to install BTCPay servers to allow bitcoin contributions. I'm now realizing that the wait will likely take forever. Then I realized I didn't need to wait. I can send anyone bitcoin anytime I want using an expiring paperwallet. It's all totally legit. Works like this:
  1. Any "gift" to a campaign is an "in-kind" contribution.
  2. Disclosure of personal information is only required for contributions above $200.
  3. Paper wallets can easily be mailed to the campaign headquarters just like checks.
  4. You should keep the private keys and revoke the funds after 90 days (or whatever).
  5. The more paper wallets the receive, the more likely they are to favor bitcoin.
Be aware, your contribution will likely just get stolen by a volunteer, so don't go overboard.
If everyone on this subreddit who plans (or can) vote in the upcoming elections were to give 11,000 SAT to the candidate of their choice, eventually they would have enough to warrant getting a exchange account KYC'ing and going through all the same pains we go through to comply with US AML/KYC law. Possibly provide them a way to walk a mile in our shoes. It will also show these candidates that bitcoin can be sued "for good" and isn't just for drug runners.
Although you don't need to fill out a disclosure for small ( < $200 ) contributions, it is still probably a good idea to do so. What you should disclose is Name, Address, Employer, and Occupation. You will also need to sign a statement attesting that you are not contributing on behalf of a labor union, federal contractor, or foreign national (unless a lawful US resident).
As warned above, care should be taken in how much you put on the wallet. It's just like cash, so any volunteer opening mail could swipe it. You also need to be careful to only use a trusted wallet. The bitaddress.org is broadly trusted and a good default choice. I ported it to python in the pypaperwallet module, but most people will likely stick with bitaddress.org as it has had years to build trust and reputation. Obviously you should download the zip and run it locally so as not to trust a web server with private keys.

Basic bitaddress.org HowTo:

  1. Download zip from https://github.com/pointbiz/bitaddress.org/tree/v3.3.0
  2. Download PGP key from https://www.bitaddress.org/ninja_bitaddress.org.txt
  3. Import Ninja's expired key that you downloaded in [2] into GPG.
  4. Verify Ninja's key fingerprint matches the fingerprint in his BitcoinTalk post
  5. Unzip the zip downloaded in [1] and enter that directory
  6. Verify the file bitaddress.org.html.sig using Ninja's expired key
  7. Open the bitaddress.org.html file in Chrome
  8. Print the paper wallet and fund it with a few dollars worth of BTC
  9. Include a letter attesting that you aren't a foreign influencer, with a union, or contractor
  10. Include your Name, Address, Employer and Occupation in the letter and sign it
  11. Make a copy of the wallets private key to void the wallet after 90 days
  12. Mail the wallet and signed letter to the campaign of your choosing
  13. If the funds haven't moved after 90 days, sweep them back to yourself
I've produced the form letters in pypaperwallet, but as I said, it's a new repo from some random redditor. In any case, here's the howto for my module:

Basic pypaperwallet HowTo:

  1. Find latest release at https://github.com/brianddk/pypaperwallet/releases
  2. Expand "Assets" and download the "Source code (tar.gz)" as pypaperwallet.tar.gz.
  3. Download the *.tar.gz.sig file naming it pypaperwallet.tar.gz.sig
  4. Verify download with gpg --verify pypaperwallet.tar.gz.sig
  5. Extract the contents of the .zip or .tar.gz file to any directory
  6. From Python 3.7 run pip install pypaperwallet.tar.gz to install dependencies
  7. Review the README.md on how to install the GTK cairo dependency
  8. Modify test.py to your liking and run from python 3.7 to produce the PDFs.
  9. To change wording, modify the contents of template.py
Disclaimer: This mainly pertains to US campaign law, but other countries likely have similar ways for voters to contribute.
submitted by brianddk to brianddk [link] [comments]

Bylls — the Canadian Bitcoin bill payment service by Bull Bitcoin — celebrates its 6th birthday

I sometimes find it hard to believe that it has already been 6 years since the public launch of Bylls on January 13 2014. What started out as a simple and humble “garage startup”, the world’s first Bitcoin bill payment service, evolved into so much more.
Bylls eventually became the company that people know today as Bull Bitcoin, and it is from Bylls’ UASF advocacy that sprouted the Cyphernode open-source project. I also like to think of Bylls as a “bitcoin culture” institution that served as the vanguard of the Bitcoin Maximalist and Cypherpunk movements within the Bitcoin exchange and payments industry.
Happy Birthday Bylls! 🎂

What is Bylls?

For those of you who don’t know about Bylls, here’s a short summary:

Short history of world’s first Bitcoin bill payment service

Bylls was founded in 2013 by Eric Spano, a Montreal entrepreneur part of the original Bitcoin Embassy team. Eric, one of my earliest and most influential mentors, is a true Bitcoin OG. Check out his 2014 Bitcoin Ted Talk or his 2019 Podcast on Tales From the Crypt which describes in great detail the inception of Bylls.
When Bylls was launched, I was Public Affairs Director at the Bitcoin Embassy, the world’s first physical Bitcoin hub (a 14,000 square feet building downtown Montreal). Bylls was effectively a one-man operation, with Eric doing pretty much everything himself. I wasn’t directly involved with the company, but Bylls was one of the startups in the Embassy’s incubator program, so I was helping out in various ways. My first “public appearance” in the Bitcoin industry was actually to man the Bylls booth at the Toronto Bitcoin Expo in 2014!
In 2015, Eric was offered a huge career opportunity that he couldn’t accept without stepping down from running Bylls. It was to me an inconceivable tragedy for Bitcoin to let Bylls quitely close down. For the past 2 years, whenever somebody asked me “what can you do with Bitcoin?”, I would always reply “well, for starters, you can pay all your bills in Canada, even your taxes and your credit card”. What was I going to say now?
I had just founded my company Satoshi Portal Inc. with the aim of developing a non-custodial Bitcoin exchange (which eventually became Bull Bitcoin). And so, I acquired Bylls from Eric and it immediately became the focus of all my energy. For the first year, our team consisted of only 2 people including our lead developer Arthur which is still working on Bylls features to this day. From the beginning until today, we are still 100% self-funded. We grew organically and slowly. My philosophy on entrepreneurship and startup scaling is articulated in this medium post.It has been an incredibly intense journey. I cannot think of a more challenging professional experience than being a startup founder and entrepreneur in the Bitcoin industry. The number of Bitcoin startups that have perished since is a stark reminder. Some of them sank quietly, but many went down in flames taking down their users with them. The fact that Bylls is still standing — without VC funding and with its reputation intact — is my proudest achievement.
Over the past 4 years. we completely redesigned the software, continuously adding new features, but the core of the service remained the same. Most importantly, we added the ability for users to pay any individual or business in Canada by creating a personal biller from their bank details. Previously, they were limited to Bylls’ biller list of around 9000 billers.
One of the defining moments in the history of Bylls was UASF. Bylls was one of the first Bitcoin companies to support BIP-148 for the activation of Segwit (second after Bitconic). Not only that, but we were the first to run a public BIP-148 block explorer and public UASF electrum server. We had done a “seppuku pledge” regarding BIP-148, meaning that we would only accept coins from the UASF segwit chain and would pay the Bitcoin market price for them. If UASF had failed, we would not have survived. This cemented our ideology of “skin-in-the-game”. We would never compromise on our values, no matter the cost. Our policy on forks (2017) was described here. But the jist of it is:
Satoshi Portal is a Bitcoin-only company and does not conduct any transaction in any altcoin, including altcoins that are the result of a fork of the Bitcoin blockchain and which can be spent with Bitcoin private keys. This includes, but is not limited to, the coins commonly referred to as BCash, Segwit2X, BGold, Clams and Lumens.We strongly oppose the “New York Agreement” and will under no circumstance ever recognize the Segwit2X blockchain (and BTC1 client) as Bitcoin, regardless of market response or hashing power. In the unlikely event that an overwhelming majority of the Bitcoin ecosystem migrates to the Segwit2X blockchain, Satoshi Portal will continue nevertheless to support the Bitcoin blockchain.
Following the UASF/NO2X “war” in 2017, we devoted a large prortion of ressources to building Cyphernode, an open-source project that makes it very easy for startups to build and deploy Bitcoin applies without any third-parties, using exclusively their own full nodes. We are still developing this project today and plan on actively maintaining it in the future.
It is also worth noting that Bylls has never accepted any altcoins and was one of the first company to pledge never to accept altcoins in the future, leading to what became the “Bitcoin-Only” movement. We were also the first Bitcoin exchange and payment processing company, to our knowledge, that has integrated coinjoin as part of its processes.

Unbanking yourself with Bylls

The coolest feature of Bylls is that you can pay pretty much all your expenses with Bitcoin without needing to go through a bank account. In Canada, you can obtain a credit card without having it linked to a bank account. In 2016, the last of my personal bank accounts was closed due to my activities in the Bitcoin industry. I decided not apply at another bank and try the experiment of living completely unbanked. I’m happy to report it was a success, and serves as a powerful testament for the use-cases provided by Bylls.
I really like the idea of not owning any fiat. You can pay pretty much all daily expenses with a credit card, and pay back the debt with Bitcoin. Of course you have fiat-denominated debts which conveniently tends to diminish in price over time.
You can withdraw cash from a credit card and pay it off instantly with Bylls, so you can get access to cash at any time, in any country across the world, without having a bank account. The only inconvenience is the cash advance fee.
When you have to pay larger amounts such as rent or whatever services don’t accept cash or credit card, you can find the biller in the Bylls list or ask the recipient for his banking details, the same as you would for a wire transfer.

The future of Bylls

Many people ask us if we intend to expand outside of Canada. The answer is, unequivocally, no. We will always be a Canada-only, Bitcoin-only company. That doesn’t mean that we stop working hard to improve our services. We will continue to be the first to integrate the cutting-edge Bitcoin technologies that
Here is are some of the features you can expect in 2020:
Thanks for reading! 🎂
Yours truly,
Francis
Original post here: https://medium.com/bull-bitcoin/bylls-the-canadian-bitcoin-bill-payment-service-by-bull-bitcoin-celebrates-its-6th-birthday-ef6d22acdf2a
submitted by FrancisPouliot to BitcoinCA [link] [comments]

User Guide, FAQ and 10 Commandments

Dear Wasabikas,
Thank you all for taking the time to consider your privacy, and welcome to the community. This post is a guide for using Wasabi and should be read before reaching out for help. Currently Wasabi Support accepts questions in the following languages: English, Spanish (español), French (français), Russian (Русский), Italian (italiano) and Hungarian (magyar).
Our support team now has a dedicated PGP key set:
PGP Fingerprint: 30FE 98B2 6219 2F35 72BB 9C6D F8FC B536 5407 1408
You may choose to ask for help more discretely through DM, or perhaps you have sensitive information that you may need to share. We recommend encrypting data against the support key, however you may choose to encrypt messages against any of the following keys you trust (you may also encrypt against several keys).

After you have looked through the commandments, please check out our FAQ written by 6102bitcoin, and our community built documentation: https://github.com/zkSNACKs/WalletWasabi/blob/masteWalletWasabi.Documentation/FAQ.md https://docs.wasabiwallet.io/

The Ten Commandments

1 - Wasabi is for defense only

2 - Verify the integrity of your software

Wasabi Wallet is an open-source project with many contributors. When downloading the wallet, you may chose to go to the official site or to the official GitHub to build from source. Wasabi is available at our official site:
https://wasabiwallet.io/ (Clear-net)
http://wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad.onion
Please check signatures after completing downloads, the concern here is that you may accidentally fall for a phishing attempt and be on a malicious site downloading a malicious piece of software.
Alternatively, you may also build the code from source here, instructions are available here:
https://github.com/zkSNACKs/WalletWasabi

3 - Keep your mnemonic words and password safely stored (BOTH!)

When creating a new wallet - write down your mnemonic seed AND password and store those safely. Wasabi is a fully non-custodial wallet, which means that should always be in possession of your keys, and this means safely storing a backup in case your computer is lost or the wallet crashes. Often times when things go wrong, users panic. If you have done this step, there is very little you have to worry about. Also, under no circumstance should you reveal the password or mnemonic words to anyone that asks for them. Lastly, understand that if you lose your password, it becomes much harder (if not impossible) to restore your wallet - so store both safely!

4 - Practice good labeling AND try to never reuse addresses

Each time you receive coins, you will be asked to create a label. This label is only for you and is stored exclusively on your device. Wasabi has strong coin control features, and as you continue to use the wallet, you will observe that the history of your coins will appear, and this history is only useful to you if you are practicing good labeling. An example of a good label:
June 20 - $400 from Coinbase, primary account
June 7 - 0.2 BTC Received from Bob via Bisq
Examples of bad labels:
Address #1
0.5 BTC
Lastly, if you must use an exchange, try to ask for a new deposit address on each deposit. In the same way that you should never receive Bitcoin to the same address twice, you should try to avoiding sending Bitcoin to the same address twice.

5 - CoinJoin whenever possible and be patient!

The process of engaging in a CoinJoin is as simple as selecting a coin or coins to en-queue and entering your password. Once coins have en-queued for CoinJoining, you must keep your computer online and awake, as the CoinJoin process is interactive. As a coinjoin is really just many users (up to 100) en-queuing coins at the same time, it may take up to two hours for you to successfully participate in a CoinJoin and clean outputs should only be spent once the CoinJoin transaction is confirmed. For context, Wasabi currently does 18 CoinJoins a day, or roughly one every 1 hour and 20 minutes. As more users join the network, the frequency of these CoinJoins will go up. Lastly, if you are able and patient enough to re-mix your coins, please do so. Re-mixing coins is nearly free and greatly encouraged!

6 - Use separate profiles

When you put a label on an address, or ask a question on this Reddit or send coins to a merchant be wary of the profile you choose. If you can create a dummy Reddit account as opposed to an account where you may have revealed your personal details elsewhere - use that. When you spend coins from your wallet, consider what you might want to keep private from the merchant or individual you are interacting with. In the same way that reusing addresses hurts your privacy, consolidating all of your online behavior into one profile can do the same.

7 - Never merge mixed and unmixed coins, and avoid large merges of mixed coins!

The first part should be somewhat intuitive - coins in your wallet have shields (red, yellow, green and green +) and it is at a minimum important to never send non-red coins (coins with anonset > 1) with red coins (coins with anonset == 1). By merging your tainted coins with your mixed coins, you undo the privacy benefits of CoinJoins! Further, when sending mixed coins to your cold storage, make sure to send your coins in parallel. Don't merge all of your Bitcoin (more than 0.8 BTC) in a single transaction! Instead, take your time and send coins to multiple addresses belong to your cold storage over a few hours or days. If you are sending coins to an exchange, you can get the same result by requesting a brand new address to receive coins.
For more information, please see the discussions here: https://www.reddit.com/WasabiWallet/comments/avxbjy/combining_mixed_coins_privacy_megathread/

8 - Avoid 3rd party servers & Buy Bitcoin P2P

Wasabi is designed to allow users to see their balances without any concern that a third party would be able to link your addresses to you, or to each other. Very few wallets can say this, but if you proceed to enter your address into a block explorer, or use a third party wallet with your keys or your hardware device - all bets are off. So if you want to check on the status of a transaction or the balance on an address, you should first:
(a) Check your Wasabi Wallet
(b) Check through your full node
(c) Use a block explorer through Tor (e.g. Blockstream.info T address)
If you think that forensics companies are not paying big money to block explorers for user information, you are wrong. Even something as simple as leaving a comment on a YouTube video or Reddit post will be scraped.
More importantly, if you are using a hardware wallet, an easy way to undo the previous times you plugged in the wallet through non-private applications is to create a new account on the device with a passphrase. For example, for ledger nano s, you can do this in the device home screen > security > passphrase. Remember Commandment 2!
Remember, Bitcoin is a peer-to-peer cash system, so when you have the opportunity to do so, buy your coins directly from someone you know or through a P2P market place. Not only will this benefit your privacy, it will save you on exchange fees and potential insolvency issues with the exchange you are dealing with.

9 - Run your own full node (if you can)

Wasabi will work just fine without a local full node on your device, however, if you can spare the resources on your device, running a full node will do that much more for your privacy. Local full nodes will (when running in tandem with Wasabi) be automatically used for querying blocks.

10 - Use Lightning

Wasabi is an ideal wallet for many things, but trade-offs exist with everything. If you have small amounts of un-mixed change from previous CoinJoins and you are unable to meet the requirements to engage in a COinJoin, consider using that coin to open a lightning channel. Lightning is still a project in its' early days, but the privacy topology of lightning payments is much more ideal over on-chain payments if you have the choice. Routing large amounts can be uncertain, but for small amounts the network is becoming steadily more reliable. Currently Wasabi does not support in-wallet lightning features, but it is on the road-map.

Credits

Much of this list comes from the work of our good friends at JoinMaket. In particular, we need to thank Adam Gibson (u/waxwing) and Chris Belcher (u/belcher_) for their outstanding contribution to privacy in Bitcoin. Please take a look at https://en.bitcoin.it/wiki/Privacy , https://en.bitcoin.it/wiki/JoinMarket and the github https://github.com/JoinMarket-Org.
Edited (July 22) - Changed Commandment 7 to reflect merging theory from past months. Moved "Buy Bitcoin P2P" to commandment 8. Edited (August 5) - Added documentation page ( https://docs.wasabiwallet.io/ )
submitted by iLoveStableCoins to WasabiWallet [link] [comments]

A reminder of who Craig Wright is and the benefits to BCH now he has gone.

This needs to be repeated every so often on this subreddit so new people can understand the history of the fork of BCH into BCH and BSV
From Jonald Fyookball's article
https://medium.com/@jonaldfyookball/bitcoin-cash-is-finally-free-of-faketoshi-great-days-lie-ahead-bb0c833e4c5d
Craig S. Wright (CSW) leaving the Bitcoin Cash community is a wonderful thing. This self-described “tyrant” has been expunged, and now we can get back to our mission of bringing peer-to-peer electronic cash to the world.
The markets will rebound when they see the chaos is over, but regardless of the price, we will keep building. Nothing will stop the sound money movement. Calling Out Bad Behavior
As Rick Falkvinge recently explained, there is a difference between small-minded gossiping about personalities and legitimately calling out bad behavior.
CSW’s bad behavior must be called out, because he has done tremendous damage to Bitcoin Cash (and possibly even the entire cryptocurrency sector).
The brief history is that he gained his reputation by claiming to be Bitcoin’s creator (Satoshi Nakamoto). He said he would provide “extraordinary proof” but he has never done so.
Supposedly, he did some “private signings” to a few people, and this allowed him to gain influence in the BCH community. The destruction he has been causing was not widely recognized until after a huge mess had been made.
Thanks to u/Contrarian__ for the following compliation of CSW’s misgivings:
Some background on Craig’s claim of being Satoshi, for the uninitiated:
He faked blog posts He faked PGP keys He faked contracts and emails He faked threats He faked a public key signing He has a well-documented history of fabricating things bitcoin and non-bitcoin related He faked a bitcoin trust to get free money from the Australian government but was caught and fined over a million dollars. 
And specifically concerning his claim to be Satoshi:
He has provided no independently verifiable evidence He is not technically competent in the subject matter His writing style is nothing like Satoshi’s He called bitcoin “Bit Coin” in 2011 when Satoshi never used a space He actively bought and traded coins from Mt. Gox in 2013 and 2014 He was paid millions for ‘coming out’ as Satoshi as part of the deal to sell his patents to nTrust — for those who claim he was ‘outed’ or had no motive 
Caught Red Handed Plagiarizing
No respectable academic, scientist, or professional needs to stoop so low as to steal and take credit for the work of others — least of all Satoshi. Yet, CSW has already been caught at least 3 times plagiarizing.
His paper on selfish mining has full sections copied almost verbatim from a paper written by Liu & Wang. His “Beyond Godel” paper which purports to claim that Bitcoin script is turing complete, is heavily plagiarized. A paper on block propagation was blatantly and intentionally plagiarized. 
Can’t Even Steal Code Correctly
CSW was also caught attempting to plagiarize a “hello world” program (the simplest of all computer programs).
He apparently does not understand base58 or how Bitcoin address checksums work (both of these are common knowledge to experienced Bitcoiners), and has made other embarrasing errors. So How Did Such an Obvious Fraud Gain So Much Power and Influence?
There are no easy answers here. It seems that as humans, we are very susceptible to manipulation and misinformation. The greatest weapon against sinister forces is a well-educated populace. This is something that can only improve over the long run.
The “Satoshi factor” is a powerful one and appeals to the glamorization of a mythical figure. Even people such as myself, who are technically astute, gave CSW all benefit of the doubt until the evidence staring us in the face could no longer be denied.
The seduction of the BCH community was also facilitated by CSW becoming a strong advocate for the on-chain/big-block scaling movement at a time when the community was dying to hear it. This message, delivered with a brazen, in-your-face style, was a sharp contrast to anything seen before.
In addition, CSW was able to find obscure topics (“2pda”), network topology, etc, that seemed to establish him as an expert with esoteric knowledge above and beyond anyone else. Basically, he was using technobabble, but it wasn’t immediately obvious except to very technical people… who were then attacked and discredited.
Eventually, as more and more of the community began to realize his technical claims were bogus, CSW banned those people from his twitter feed and slack channel, leaving only a group of untechnical “believers”, which the larger BCH community referred to as “the church” AKA the Cult-of-Craig.
Finally, if some believed that CSW possesed Satoshis’s stash of 1M BTC, then they may have been gnawing to get a piece of it. But it may turn out that these are the coins that never were. Broken Promises
If this article so far seems like an “attack piece” on CSW, remember it is important to get all the facts out in the open. We’ll get to the silver lining and bright future in a moment… but let’s continue here to “get it all out”.
One of the biggest ways that CSW has damaged the community is to make an endless series of broken promises. This caused others to wait, to waste time on his unproven ideas and solutions, and to postpone or drop their own ideas and initiatives.
He said he was building a mining pool to “stop SegWit” He said he was bringing big companies to use the BCH chain He said that he was providing a fungibility solution based on blind threshold signatures He said he was providing novel technology based on oblivious transfers He said he was providing a method where people could do atomic swaps without using timelocks He said he was going to show everyone how we can do bilinear pairings using secp256k1 He said he was going to release source code for nakasendo He said he was releasing some information that would “kill the lightning network” He said he was going to show everyone how the selfish mining theory is wrong He said he was going to show everyone how we can tokenize everything in the universe squared He said a few times “big things are coming in 2 months” 
How CSW Has Damaged the BCH Community
In addition to the broken promises, the BCH community was wounded due to:
The division of the community (with classic divide and conquer tactics) Loss of focus. Huge amounts of drama and distraction from building and adoption Investor confidence has been shaken due to uncertainty and chaos. BCH is a laughing stock to outsiders due to CSW’s antics Gemini deployment of BCH and other rollouts paused Loss of developer talent due to toxic and abrasive personality Various patent and legal threats 
The Hash War Event and Split into BitcoinSV
Every 6 months, BCH has a scheduled network upgrade. This is technically a “hard fork” but a non-contentious fork does not result in a split of the chain — it is simply new network rules being activated.
Bitcoin Cash has multiple independent developer groups including Bitcoin ABC, Bitcoin Unlimited, Bitcoin XT, Bitprim, BCHD, bcash, parity, Flowee, and others.
The nChain group, led by CSW, introduced an alternate set of changes a week before the agreed cut-off date, intentionally causing a huge controversey. These changes were incompatible with the changes being discussed between the other groups.
nChain objected to the changes being proposed (cannonical transaction ordering) despite specifically agreeing to it almost a year earlier. The last minute objections were in my opinion, an attempt at sabotage.
An emergency meeting was held in Bangkok to attempt to resolve the differences between the nChain group and the rest of the community. Not only did CSW refuse to listen to the other presentations, he walked out of the meeting after his own speech had been given. The other nChain people refused to discuss the technical issues.
After this, nChain built their own software (“BitcoinSV”) to attempt to compete for the Bitcoin Cash network. But rather than split off to follow their own set of rules, they threatened to attack Bitcoin Cash.
Their attitude was “you follow our rules or we burn it all down”.
The CSW sycophants adopted a strange interpretation of the Bitcoin whitepaper and proselytized the idea that if nChain could “out hash” everyone else, the market should be obliged to follow them.
This faulty thinking was eloquently debunked by u/CatatonicAdenosine. As it turns out, nChain was unable in any case to win at their own game. But Here’s the Obviously Good News…
CSW is gone. It’s over.
He can do whatever he wants on the BitcoinSV chain. He will never be allowed to influence Bitcoin Cash again. And all the negative things and negative people that were a consequence of his involvement in Bitcoin Cash are gone with him.
As a community, we will redouble our efforts and get back to our mission of peer-to-peer electronic cash. We will learn to work together better than ever, and we will learn to detect and punish bad behavior sooner.
The attempted attacks with hashpower also sparked innovation and a focus on the problem of how to stop such attacks in the future. This is only making Bitcoin Cash (BCH) and the entire class of Proof-of-Work coins stronger.
Nothing will stop us.
The reason why millions of dollars were spent to attack and also to defend Bitcoin Cash is because it’s something truly worth fighting over.
It’s sound money.
It’s permissionless.
It’s what Satoshi Nakamoto wrote about in 2008. It’s Bitcoin, a Peer-to-Peer Electronic Cash System.
Bitcoin 
Go to the profile of Jonald Fyookball Jonald Fyookball More from Jonald Fyookball Jimmy Song Tries to Claim Bitcoin Cash is “Fiat Money”… Seriously? Go to the profile of Jonald Fyookball Jonald Fyookball Related reads 600 Microseconds Go to the profile of Awemany Awemany Related reads The scams in Crypto Go to the profile of Craig Wright (Bitcoin SV is the original Bitcoin.) Craig Wright (Bitcoin SV is the original Bitcoin.) Responses
submitted by stewbits22 to btc [link] [comments]

Beginner’s Guide to BitMEX

Beginner’s Guide to BitMEX

https://preview.redd.it/fl5e0q7i3cc41.jpg?width=1024&format=pjpg&auto=webp&s=445485d722839a9adc1ae13db4c965b0ae3e67b7
Founded by HDR Global Trading Limited (which in turn was founded by former bankers Arthur Hayes, Samuel Reed and Ben Delo) in 2014, BitMEX is a trading platform operating around the world and registered in the Seychelles.
Meaning Bitcoin Mercantile Exchange, BitMEX is one of the largest Bitcoin trading platforms currently operating, with a daily trading volume of over 35,000 BTC and over 540,000 accesses monthly and a trading history of over $34 billion worth of Bitcoin since its inception.

https://preview.redd.it/coenpm4k3cc41.jpg?width=808&format=pjpg&auto=webp&s=8832dcafa5bd615b511bbeb6118ef43d73ed785e
Unlike many other trading exchanges, BitMEX only accepts deposits through Bitcoin, which can then be used to purchase a variety of other cryptocurrencies. BitMEX specialises in sophisticated financial operations such as margin trading, which is trading with leverage. Like many of the exchanges that operate through cryptocurrencies, BitMEX is currently unregulated in any jurisdiction.
Visit BitMEX

How to Sign Up to BitMEX

In order to create an account on BitMEX, users first have to register with the website. Registration only requires an email address, the email address must be a genuine address as users will receive an email to confirm registration in order to verify the account. Once users are registered, there are no trading limits. Traders must be at least 18 years of age to sign up.
https://preview.redd.it/0v13qoil3cc41.jpg?width=808&format=pjpg&auto=webp&s=e6134bc089c4e352dce10d754dc84ff11a4c7994
However, it should be noted that BitMEX does not accept any US-based traders and will use IP checks to verify that users are not in the US. While some US users have bypassed this with the use of a VPN, it is not recommended that US individuals sign up to the BitMEX service, especially given the fact that alternative exchanges are available to service US customers that function within the US legal framework.
How to Use BitMEX
BitMEX allows users to trade cryptocurrencies against a number of fiat currencies, namely the US Dollar, the Japanese Yen and the Chinese Yuan. BitMEX allows users to trade a number of different cryptocurrencies, namely Bitcoin, Bitcoin Cash, Dash, Ethereum, Ethereum Classic, Litecoin, Monero, Ripple, Tezos and Zcash.
The trading platform on BitMEX is very intuitive and easy to use for those familiar with similar markets. However, it is not for the beginner. The interface does look a little dated when compared to newer exchanges like Binance and Kucoin’s.
Once users have signed up to the platform, they should click on Trade, and all the trading instruments will be displayed beneath.
Clicking on the particular instrument opens the orderbook, recent trades, and the order slip on the left. The order book shows three columns – the bid value for the underlying asset, the quantity of the order, and the total USD value of all orders, both short and long.
The widgets on the trading platform can be changed according to the user’s viewing preferences, allowing users to have full control on what is displayed. It also has a built in feature that provides for TradingView charting. This offers a wide range of charting tool and is considered to be an improvement on many of the offering available from many of its competitors.
https://preview.redd.it/fabg1nxo3cc41.jpg?width=808&format=pjpg&auto=webp&s=6d939889c3eac15ab1e78ec37a8ccd13fc5e0573
Once trades are made, all orders can be easily viewed in the trading platform interface. There are tabs where users can select their Active Orders, see the Stops that are in place, check the Orders Filled (total or partially) and the trade history. On the Active Orders and Stops tabs, traders can cancel any order, by clicking the “Cancel” button. Users also see all currently open positions, with an analysis if it is in the black or red.
BitMEX uses a method called auto-deleveraging which BitMEX uses to ensure that liquidated positions are able to be closed even in a volatile market. Auto-deleveraging means that if a position bankrupts without available liquidity, the positive side of the position deleverages, in order of profitability and leverage, the highest leveraged position first in queue. Traders are always shown where they sit in the auto-deleveraging queue, if such is needed.
Although the BitMEX platform is optimized for mobile, it only has an Android app (which is not official). There is no iOS app available at present. However, it is recommended that users use it on the desktop if possible.
BitMEX offers a variety of order types for users:
  • Limit Order (the order is fulfilled if the given price is achieved);
  • Market Order (the order is executed at current market price);
  • Stop Limit Order (like a stop order, but allows users to set the price of the Order once the Stop Price is triggered);
  • Stop Market Order (this is a stop order that does not enter the order book, remain unseen until the market reaches the trigger);
  • Trailing Stop Order (it is similar to a Stop Market order, but here users set a trailing value that is used to place the market order);
  • Take Profit Limit Order (this can be used, similarly to a Stop Order, to set a target price on a position. In this case, it is in respect of making gains, rather than cutting losses);
  • Take Profit Market Order (same as the previous type, but in this case, the order triggered will be a market order, and not a limit one)
The exchange offers margin trading in all of the cryptocurrencies displayed on the website. It also offers to trade with futures and derivatives – swaps.

Futures and Swaps

A futures contract is an agreement to buy or sell a given asset in the future at a predetermined price. On BitMEX, users can leverage up to 100x on certain contracts.
Perpetual swaps are similar to futures, except that there is no expiry date for them and no settlement. Additionally, they trade close to the underlying reference Index Price, unlike futures, which may diverge substantially from the Index Price.
BitMEX also offers Binary series contracts, which are prediction-based contracts which can only settle at either 0 or 100. In essence, the Binary series contracts are a more complicated way of making a bet on a given event.
The only Binary series betting instrument currently available is related to the next 1mb block on the Bitcoin blockchain. Binary series contracts are traded with no leverage, a 0% maker fee, a 0.25% taker fee and 0.25% settlement fee.

Bitmex Leverage

BitMEX allows its traders to leverage their position on the platform. Leverage is the ability to place orders that are bigger than the users’ existing balance. This could lead to a higher profit in comparison when placing an order with only the wallet balance. Trading in such conditions is called “Margin Trading.”
There are two types of Margin Trading: Isolated and Cross-Margin. The former allows the user to select the amount of money in their wallet that should be used to hold their position after an order is placed. However, the latter provides that all of the money in the users’ wallet can be used to hold their position, and therefore should be treated with extreme caution.
https://preview.redd.it/eg4qk9qr3cc41.jpg?width=808&format=pjpg&auto=webp&s=c3ca8cdf654330ce53e8138d774e72155acf0e7e
The BitMEX platform allows users to set their leverage level by using the leverage slider. A maximum leverage of 1:100 is available (on Bitcoin and Bitcoin Cash). This is quite a high level of leverage for cryptocurrencies, with the average offered by other exchanges rarely exceeding 1:20.

BitMEX Fees

For traditional futures trading, BitMEX has a straightforward fee schedule. As noted, in terms of leverage offered, BitMEX offers up to 100% leverage, with the amount off leverage varying from product to product.
However, it should be noted that trading at the highest leverages is sophisticated and is intended for professional investors that are familiar with speculative trading. The fees and leverage are as follows:
https://preview.redd.it/wvhiepht3cc41.jpg?width=730&format=pjpg&auto=webp&s=0617eb894c13d3870211a01d51af98561907cb99

https://preview.redd.it/qhi8izcu3cc41.jpg?width=730&format=pjpg&auto=webp&s=09da4efe1de4214b0b5b9c7501aba5320e846b4c
However, there are additional fees for hidden / iceberg orders. A hidden order pays the taker fee until the entire hidden quantity is completely executed. Then, the order will become normal, and the user will receive the maker rebate for the non-hidden amount.

Deposits and Withdrawals

BitMEX does not charge fees on deposits or withdrawals. However, when withdrawing Bitcoin, the minimum Network fee is based on blockchain load. The only costs therefore are those of the banks or the cryptocurrency networks.
As noted previously, BitMEX only accepts deposits in Bitcoin and therefore Bitcoin serves as collateral on trading contracts, regardless of whether or not the trade involves Bitcoin.
The minimum deposit is 0.001 BTC. There are no limits on withdrawals, but withdrawals can also be in Bitcoin only. To make a withdrawal, all that users need to do is insert the amount to withdraw and the wallet address to complete the transfer.
https://preview.redd.it/xj1kbuew3cc41.jpg?width=808&format=pjpg&auto=webp&s=68056f2247001c63e89c880cfbb75b2f3616e8fe
Deposits can be made 24/7 but withdrawals are processed by hand at a recurring time once per day. The hand processed withdrawals are intended to increase the security levels of users’ funds by providing extra time (and email notice) to cancel any fraudulent withdrawal requests, as well as bypassing the use of automated systems & hot wallets which may be more prone to compromise.

Supported Currencies

BitMEX operates as a crypto to crypto exchange and makes use of a Bitcoin-in/Bitcoin-out structure. Therefore, platform users are currently unable to use fiat currencies for any payments or transfers, however, a plus side of this is that there are no limits for trading and the exchange incorporates trading pairs linked to the US Dollar (XBT), Japanese Yen (XBJ), and Chinese Yuan (XBC).
BitMEX supports the following cryptocurrencies:
  • Bitcoin (XBT)
  • Bitcoin Cash (BCH)
  • Ethereum (ETH)
  • Ethereum Classic (ETC)
  • Litecoin (LTC)
  • Ripple Token (XRP)
  • Monero (XMR)
  • Dash (DASH)
  • Zcash (ZEC)
  • Cardano (ADA)
  • Tron (TRX)
  • EOS Token (EOS)
BitMEX also offers leverage options on the following coins:
  • 5x: Zcash (ZEC)
  • 20x : Ripple (XRP),Bitcoin Cash (BCH), Cardano (ADA), EOS Token (EOS), Tron (TRX)
  • 25x: Monero (XMR)
  • 33x: Litecoin (LTC)
  • 50x: Ethereum (ETH)
  • 100x: Bitcoin (XBT), Bitcoin / Yen (XBJ), Bitcoin / Yuan (XBC)

Trading Technologies International Partnership

HDR Global Trading, the company which owns BitMEX, has recently announced a partnership with Trading Technologies International, Inc. (TT), a leading international high-performance trading software provider.
The TT platform is designed specifically for professional traders, brokers, and market-access providers, and incorporates a wide variety of trading tools and analytical indicators that allow even the most advanced traders to customize the software to suit their unique trading styles. The TT platform also provides traders with global market access and trade execution through its privately managed infrastructure and the partnership will see BitMEX users gaining access to the trading tools on all BitMEX products, including the popular XBT/USD Perpetual Swap pairing.
https://preview.redd.it/qcqunaby3cc41.png?width=672&format=png&auto=webp&s=b77b45ac2b44a9af30a4985e3d9dbafc9bbdb77c

The BitMEX Insurance Fund

The ability to trade on leverage is one of the exchange’s main selling points and offering leverage and providing the opportunity for traders to trade against each other may result in a situation where the winners do not receive all of their expected profits. As a result of the amounts of leverage involved, it’s possible that the losers may not have enough margin in their positions to pay the winners.
Traditional exchanges like the Chicago Mercantile Exchange (CME) offset this problem by utilizing multiple layers of protection and cryptocurrency trading platforms offering leverage cannot currently match the levels of protection provided to winning traders.
In addition, cryptocurrency exchanges offering leveraged trades propose a capped downside and unlimited upside on a highly volatile asset with the caveat being that on occasion, there may not be enough funds in the system to pay out the winners.
To help solve this problem, BitMEX has developed an insurance fund system, and when a trader has an open leveraged position, their position is forcefully closed or liquidated when their maintenance margin is too low.
Here, a trader’s profit and loss does not reflect the actual price their position was closed on the market, and with BitMEX when a trader is liquidated, their equity associated with the position drops down to zero.
In the following example, the trader has taken a 100x long position. In the event that the mark price of Bitcoin falls to $3,980 (by 0.5%), then the position gets liquidated with the 100 Bitcoin position needing to be sold on the market.
This means that it does not matter what price this trade executes at, namely if it’s $3,995 or $3,000, as from the view of the liquidated trader, regardless of the price, they lose all the equity they had in their position, and lose the entire one Bitcoin.
https://preview.redd.it/wel3rka04cc41.png?width=669&format=png&auto=webp&s=3f93dac2d3b40aa842d281384113d2e26f25947e
Assuming there is a fully liquid market, the bid/ask spread should be tighter than the maintenance margin. Here, liquidations manifest as contributions to the insurance fund (e.g. if the maintenance margin is 50bps, but the market is 1bp wide), and the insurance fund should rise by close to the same amount as the maintenance margin when a position is liquidated. In this scenario, as long as healthy liquid markets persist, the insurance fund should continue its steady growth.
The following graphs further illustrate the example, and in the first chart, market conditions are healthy with a narrow bid/ask spread (just $2) at the time of liquidation. Here, the closing trade occurs at a higher price than the bankruptcy price (the price where the margin balance is zero) and the insurance fund benefits.
Illustrative example of an insurance contribution – Long 100x with 1 BTC collateral
https://preview.redd.it/is89ep924cc41.png?width=699&format=png&auto=webp&s=f0419c68fe88703e594c121b5b742c963c7e2229
(Note: The above illustration is based on opening a 100x long position at $4,000 per BTC and 1 Bitcoin of collateral. The illustration is an oversimplification and ignores factors such as fees and other adjustments.
The bid and offer prices represent the state of the order book at the time of liquidation. The closing trade price is $3,978, representing $1 of slippage compared to the $3,979 bid price at the time of liquidation.)
The second chart shows a wide bid/ask spread at the time of liquidation, here, the closing trade takes place at a lower price than the bankruptcy price, and the insurance fund is used to make sure that winning traders receive their expected profits.
This works to stabilize the potential for returns as there is no guarantee that healthy market conditions can continue, especially during periods of heightened price volatility. During these periods, it’s actually possible that the insurance fund can be used up than it is built up.
Illustrative example of an insurance depletion – Long 100x with 1 BTC collateral
https://preview.redd.it/vb4mj3n54cc41.png?width=707&format=png&auto=webp&s=0c63b7c99ae1c114d8e3b947fb490e9144dfe61b
(Notes: The above illustration is based on opening a 100x long position at $4,000 per BTC and 1 Bitcoin of collateral. The illustration is an oversimplification and ignores factors such as fees and other adjustments.
The bid and offer prices represent the state of the order book at the time of liquidation. The closing trade price is $3,800, representing $20 of slippage compared to the $3,820 bid price at the time of liquidation.)
The exchange declared in February 2019, that the BitMEX insurance fund retained close to 21,000 Bitcoin (around $70 million based on Bitcoin spot prices at the time).
This figure represents just 0.007% of BitMEX’s notional annual trading volume, which has been quoted as being approximately $1 trillion. This is higher than the insurance funds as a proportion of trading volume of the CME, and therefore, winning traders on BitMEX are exposed to much larger risks than CME traders as:
  • BitMEX does not have clearing members with large balance sheets and traders are directly exposed to each other.
  • BitMEX does not demand payments from traders with negative account balances.
  • The underlying instruments on BitMEX are more volatile than the more traditional instruments available on CME.
Therefore, with the insurance fund remaining capitalized, the system effectively with participants who get liquidated paying for liquidations, or a losers pay for losers mechanism.
This system may appear controversial as first, though some may argue that there is a degree of uniformity to it. It’s also worth noting that the exchange also makes use of Auto Deleveraging which means that on occasion, leveraged positions in profit can still be reduced during certain time periods if a liquidated order cannot be executed in the market.
More adventurous traders should note that while the insurance fund holds 21,000 Bitcoin, worth approximately 0.1% of the total Bitcoin supply, BitMEX still doesn’t offer the same level of guarantees to winning traders that are provided by more traditional leveraged trading platforms.
Given the inherent volatility of the cryptocurrency market, there remains some possibility that the fund gets drained down to zero despite its current size. This may result in more successful traders lacking confidence in the platform and choosing to limit their exposure in the event of BitMEX being unable to compensate winning traders.

How suitable is BitMEX for Beginners?

BitMEX generates high Bitcoin trading levels, and also attracts good levels of volume across other crypto-to-crypto transfers. This helps to maintain a buzz around the exchange, and BitMEX also employs relatively low trading fees, and is available round the world (except to US inhabitants).
This helps to attract the attention of people new to the process of trading on leverage and when getting started on the platform there are 5 main navigation Tabs to get used to:
  • **Trade:**The trading dashboard of BitMEX. This tab allows you to select your preferred trading instrument, and choose leverage, as well as place and cancel orders. You can also see your position information and view key information in the contract details.
  • **Account:**Here, all your account information is displayed including available Bitcoin margin balances, deposits and withdrawals, and trade history.
  • **Contracts:**This tab covers further instrument information including funding history, contract sizes; leverage offered expiry, underlying reference Price Index data, and other key features.
  • **References:**This resource centre allows you to learn about futures, perpetual contracts, position marking, and liquidation.
  • **API:**From here you can set up an API connection with BitMEX, and utilize the REST API and WebSocket API.
BitMEX also employs 24/7 customer support and the team can also be contacted on their Twitter and Reddit accounts.
In addition, BitMEX provides a variety of educational resources including an FAQ section, Futures guides, Perpetual Contracts guides, and further resources in the “References” account tab.
For users looking for more in depth analysis, the BitMEX blog produces high level descriptions of a number of subjects and has garnered a good reputation among the cryptocurrency community.
Most importantly, the exchange also maintains a testnet platform, built on top of testnet Bitcoin, which allows anyone to try out programs and strategies before moving on to the live exchange.
This is crucial as despite the wealth of resources available, BitMEX is not really suitable for beginners, and margin trading, futures contracts and swaps are best left to experienced, professional or institutional traders.
Margin trading and choosing to engage in leveraged activity are risky processes and even more advanced traders can describe the process as a high risk and high reward “game”. New entrants to the sector should spend a considerable amount of time learning about margin trading and testing out strategies before considering whether to open a live account.

Is BitMEX Safe?

BitMEX is widely considered to have strong levels of security. The platform uses multi-signature deposits and withdrawal schemes which can only be used by BitMEX partners. BitMEX also utilises Amazon Web Services to protect the servers with text messages and two-factor authentication, as well as hardware tokens.
BitMEX also has a system for risk checks, which requires that the sum of all account holdings on the website must be zero. If it’s not, all trading is immediately halted. As noted previously, withdrawals are all individually hand-checked by employees, and private keys are never stored in the cloud. Deposit addresses are externally verified to make sure that they contain matching keys. If they do not, there is an immediate system shutdown.
https://preview.redd.it/t04qs3484cc41.jpg?width=808&format=pjpg&auto=webp&s=a3b106cbc9116713dcdd5e908c00b555fd704ee6
In addition, the BitMEX trading platform is written in kdb+, a database and toolset popular amongst major banks in high frequency trading applications. The BitMEX engine appears to be faster and more reliable than some of its competitors, such as Poloniex and Bittrex.
They have email notifications, and PGP encryption is used for all communication.
The exchange hasn’t been hacked in the past.

How Secure is the platform?

As previously mentioned, BitMEX is considered to be a safe exchange and incorporates a number of security protocols that are becoming standard among the sector’s leading exchanges. In addition to making use of Amazon Web Services’ cloud security, all the exchange’s systems can only be accessed after passing through multiple forms of authentication, and individual systems are only able to communicate with each other across approved and monitored channels.
Communication is also further secured as the exchange provides optional PGP encryption for all automated emails, and users can insert their PGP public key into the form inside their accounts.
Once set up, BitMEX will encrypt and sign all the automated emails sent by you or to your account by the [[email protected]](mailto:[email protected]) email address. Users can also initiate secure conversations with the support team by using the email address and public key on the Technical Contact, and the team have made their automated system’s PGP key available for verification in their Security Section.
The platform’s trading engine is written in kdb+, a database and toolset used by leading financial institutions in high-frequency trading applications, and the speed and reliability of the engine is also used to perform a full risk check after every order placement, trade, settlement, deposit, and withdrawal.
All accounts in the system must consistently sum to zero, and if this does not happen then trading on the platform is immediately halted for all users.
With regards to wallet security, BitMEX makes use of a multisignature deposit and withdrawal scheme, and all exchange addresses are multisignature by default with all storage being kept offline. Private keys are not stored on any cloud servers and deep cold storage is used for the majority of funds.
Furthermore, all deposit addresses sent by the BitMEX system are verified by an external service that works to ensure that they contain the keys controlled by the founders, and in the event that the public keys differ, the system is immediately shut down and trading halted. The exchange’s security practices also see that every withdrawal is audited by hand by a minimum of two employees before being sent out.

BitMEX Customer Support

The trading platform has a 24/7 support on multiple channels, including email, ticket systems and social media. The typical response time from the customer support team is about one hour, and feedback on the customer support generally suggest that the customer service responses are helpful and are not restricted to automated responses.
https://preview.redd.it/8k81zl0a4cc41.jpg?width=808&format=pjpg&auto=webp&s=e30e5b7ca93d2931f49e2dc84025f2fda386eab1
The BitMEX also offers a knowledge base and FAQs which, although they are not necessarily always helpful, may assist and direct users towards the necessary channels to obtain assistance.
BitMEX also offers trading guides which can be accessed here

Conclusion

There would appear to be few complaints online about BitMEX, with most issues relating to technical matters or about the complexities of using the website. Older complaints also appeared to include issues relating to low liquidity, but this no longer appears to be an issue.
BitMEX is clearly not a platform that is not intended for the amateur investor. The interface is complex and therefore it can be very difficult for users to get used to the platform and to even navigate the website.
However, the platform does provide a wide range of tools and once users have experience of the platform they will appreciate the wide range of information that the platform provides.
Visit BitMEX
submitted by bitmex_register to u/bitmex_register [link] [comments]

The perfect is the enemy of the good

People have been searching for various modes of scaling (either on- or off-chain) for five years or more --- and it's an important issue and one that I would like to see a perfect technical solution to.
But we have a good solution staring us in the face: bills.
I've seen people post "bitcoin bills" a few times, and we all probably know the problems with them. But let's go through the various "levels" of money and how much trust one needs to have.
  1. Fiat money. Money backed by nothing but trust in the power of the issuer and faith that they won't dilute the supply too much. Requires total faith.
  2. Receipt for a particular quantity of a good (1 oz. gold, for example) from a warehouse/bank. Requires faith that additional receipts are not issued. If they are, one has no way to know unless a bank run develops. Those at the end of the line are defrauded.
  3. Receipt for a particular good (or good stored at a particular address). One can think of a bill which has the public address of bitcoin on it. It can be quickly verified that there is indeed the precise good to back up this bill. There may be other bills with the same address on them though. However, I can go to the bank and ask for that particular good be sent to my account. If there are other bills with the same public address, they are now unbacked, and this becomes apparent without a general bank run. And those who have been defrauded are easily identified. Further, such people are more likely to be more randomly distributed than those at the end of the line in a bank run, i.e., some of them are more likely to have the resources to bring suit.
  4. Receipt for a particular good (cryptocurrency), with the public address printed on the outside for verification and the private address printed, but hidden. (Think scratch off lotto ticket, or tri-folded with foil to completely obscure the private key.) This basically works the same as 2, except that anyone, at any time, without going to the bank, can decide to destroy the bill and move the coins to their own account. Again, any fraud can be found out without a bank run, and the defrauded persons can be perfectly identified, along with the other benefits of 2.
  5. ? I'm still trying to come up with one even better. In particular, the bank might sign the transaction which creates the coin address with a PGP key. There could be third party applications, where one scans a bill and then if someone claims the coins at that address, one is alerted.
I realize that the crypto-world is quite volatile, and that there may not be a huge demand for physical crypto-currency at the moment --- it also isn't a solution for world-wide transactions. However, it *is* a way to facilitate the massive numbers of local transactions which occur. A way to move these transactions off the chain --- both for scalability and privacy. Further, while such a solution as #3 is not perfect, it is much better than #0 (what we currently have) and also better than #1, which is how the banking system used to operate.
submitted by ihaphleas to GoldandBlack [link] [comments]

"Bitcoin is not something you build companies on top of. Bitcoin is something you build economies on top of" - Andreas Antonopolous

Transcribed by me from episode #385 of Let's Talk Bitcoin
Tweetstorm of the highlights: https://twitter.com/Sesame4Bitcoins/status/1087970527887667200
On the topic of different blockchains:
Jonathan Mohan: One of my favourite people to talk to about this is Joey from Augur because he tried to build Augur on top of Bitcoin. They [Bitcoin community] made him feel like he was the dick for even asking, that he was wasting their time. It was just a very toxic experience of trying to work with that community those developers who try to build on top of Bitcoin. He would turn to Ethereum and say, “hey, there's this bug I have that Ethereum can't handle,” and then a week later Vitalik would just update the Ethereum protocol.
Andreas Antonopolous: I think that's a perfect demonstration of not just the difference in philosophy but more importantly the difference in application space. The reason Bitcoin is, and has been, and continues to be conservatively developed is because its area of specialization is super robust, super secure, super deterministic, sound money, and operating in highly adversarial environments where you can't expect the goodwill and cooperation of anyone. Not the hardware vendors, not the miners, not world's governments, not institutions, and in that environment it serves some very important needs that don't exist in the world today.
To be truly neutral, truly sound global money, it has to do those things, and that means you can't have the kind of flexibility where one person decides let's add something to the protocol without very carefully thinking about all of the implications that has down the road - Bitcoin has specialized in that domain.
It's why even though I believe we'll have a proliferation of different currencies in the long run, none of those will be able to effectively compete for the one application of super secure robust sound money that survives adversarial environments. And for exactly that reason Ethereum, can't do that, will never do that. In fact, if it tries to do [sound money] it would actually destroy its other benefits (flexibility). Those are two different application spaces and you can't occupy both at the same time.
Sure, some developers are just dicks and that has nothing to do with with the underlying issue but some of that has to do with the fact that Bitcoin has to be more conservative in order to serve that application space. It cannot simply adopt changes without thinking very very far ahead about the implications those changes will have.
Bitcoin is not something you build companies on top of. Bitcoin is something you build economies on top of.
I never saw really Bitcoin as something that you build companies or apps on top of. The broader cryptocurrency space is playing that game out, and ironically, all of those other things/apps fail to work if you shut off the ability for them to have a sound, neutral money that can be exchanged no matter what, anywhere.
Adam B. Levine: So that kind of brings to mind another question, do you have any past strongly held convictions regarding Bitcoin or cryptocurrency where you've changed your mind?
Andreas M. Antonopolous: Back in 2015. I thought that we had to address scaling sooner rather than later, and I made some comments about that. I supported a tweet that Gavin Andresen made at the time about increasing the block size and that was a belief that I held strongly. Over the next year, I took a 180 and went in the exact opposite direction. The reason I made a 180 was really simple: from the very early stages, I believed in this idea that the protocol ossifies over time as it gets embedded in more devices. And once it's ossified, you can't make any changes. So I've always thought we have a narrowing window of things we can change in the core protocol to make improvements, the absolutely necessary improvements, before that window shuts, and then you can't make any changes.
It's like IPV4 - it's in too many devices, you can't even upgrade it anymore. I believe that's happening. When the scaling debates started I thought we had a window of about two to three years. The debate around scaling which turned into a power play demonstrated practically that that window had already closed for many controversial decisions. That we could not reach consensus, and that the power struggle and ability to make money in that power struggle was already trumping engineering. At that point I realized that in fact, that window was much narrower.
Once I realized that, I also understood that there are other more important things that need to be done first: privacy being the most important. And if we have a narrow window, privacy needs to be done in the base layer but scaling can be done in the second layer. Therefore I flipped. I've started believing that privacy was needed first and scalability could wait until later and mostly be done on the second layer quite effectively. I took a lot of flack for that, but it wasn't arbitrary. It was because the facts changed and based on new facts a strongly held opinion was worth nothing because I had to revise my understanding of the space.
Jonathan Mohan: I don't think the enemies of Bitcoin are the Rogers or the Bitcoin Cash guys. I think the real enemies are going to be the exchanges in the listing agents and what they will or will not allow to be called Bitcoin when a consumer presses “buy,” when Bitcoin ultimately does have privacy. There's no such thing as private money and I think that everyone says that. Bitcoin needs to be more like physical dollars, and I think that if you try to sell physical dollars today, you go to jail. I don't know how legal Bitcoin will be once it's made private and further I don't know to what extent any of the people we consider allies like the Coinbases of the world would in any way support a Bitcoin with privacy in it. I actually I think we're past the point of Bitcoin having privacy, and if a Bitcoin were to have privacy that it would be some marginalized fork that no one can get access to.
I think so my fear has always been: make sure you're building SSL not PGP. Cuz almost everyone uses SSL no one uses PGP. I think we're at the point now where the facts as they are, it's that if Bitcoin were to become truly private, it would be basically the PGP of Bitcoin and the one that isn't would be the SSL of Bitcoin.
Andreas Antonopolous: I really like the fact that all of the privacy developments right now, specifically things like taproot and graftroot are actually around obfuscation and plausible deniability to give the exchanges a “see no evil” out of exactly that conundrum. Meaning that if it looks like a payment to a public key and you can no longer tell the difference between that and a Coinjoin, you're done.
Stephanie Murphy: I don't know what the future is gonna look like, and nobody knows. We can speculate and think about it and it's really fun, but at the end of the day, none of us can really even imagine it fully and we're gonna have to wait and see what happens, but that’s part of the excitement. Being aware that you don't know is also exciting because you can just be surprised by what comes out and not try to control everything or plan everything.
Andreas Antonopolous: I'd like to take the opposite perspective, kind of more optimistic. Because what what you say is true and that's definitely happening but the opposite is also happening. Which is when I think that there's an intractable problem or a very hard problem that we seem stuck on, and then suddenly a brilliant solution emerges from nowhere that nobody expected. That was my experience with for example Ethereum. I had not imagined the application of smart contracts in the way Ethereum did it when it came out when I read that first whitepaper by Vitalik in 2014. I had not seen that coming. Mimble Wimble, Lightning Network, the softfork solutions in Segwit. There's all of these technologies and inventions that came out of nowhere, there was nothing really to prepare me for the idea that these were under development or that someone had thought of them, then boom, suddenly they're on the on the radar. So that's also another thing that makes this such an exciting space: can't predict anything other than it won't be boring.
submitted by lobt to Bitcoin [link] [comments]

Secure chat proposal

Hi everyone. A friend recommended I pitch my idea for a new cellular network on this subreddit and see what people think.
I call the network WiPhone (no relation to the WiPhone project on Facebook). It features end-to-end encryption similar to WhatsApp but it's fully open source. The idea is to use PGP public keys as a subscriber ID, with the full fingerprint being used as the phone number. The network would use a decentralized system of nodes like Bitcoin.
Each node be a server on the Internet acting as a telephone exchange. A user would start their WiPhone PC or mobile app and it would open a connection to the node. If this is their first time, the app would be requested to send the full PGP public key to the node. After this, or if this isn't the user's first time, the node would send a short random string, such as the current date and time and a random number, to the app which would sign it and send back just the signature. The node would respond with a success code if the challenge-response was successful, and then the person's PGP fingerprint would be added to the node's list of connected users.
Nodes would maintain a list of connected users and the IP addresses of other nodes. If the user wants to call or text someone, their app would tell the node and provide the destination number. The node would search its own list of connected users, and then start working down the list of other nodes it knows about, asking them if they know that number. If no one recognizes it, the user would be notified that the number is not available. Otherwise, the destination number would be pinged. The user on the other end would not see anything yet, because their phone would send out a challenge response of its own to make sure the first person is really calling or texting right now and that a replay attack is not happening. Once the second person's app is satisfied with the challenge response, the user on the other end would be notified of the text or incoming call.
Meanwhile, if they haven't already, each party would receive a copy of the other's public key, which their nodes keep a copy of. To prevent man-in-the-middle attacks, each one would check the other's PGP fingerprint to make sure the key hasn't been replaced by an attacker.
If a user is manually adding a contact, they can search for a name or part of a fingerprint and look through the results before adding the person to their contact list. Since PGP fingerprints are so long, WiPhone contact details could be shared as a QR code or URI.
Phone calls would be sent as 20 millisecond packets. Each one would not only be signed but would also contain a header with a number that increases for each one, to help prevent man-in-the-middle attacks. The idea is to start the call with a random 32- or 64-bit integer and increment it for each packet. Losing a few packets would be fine but a sudden large change or significantly lower numbers (not just a few received out of order) would signal a possible replay attack.
The default encryption mode would be AES, which is already used in PGP. One-time pads could be used if both parties met to exchange them. In the normal mode that uses PGP encryption, it would be possible to save all the encrypted traffic and decrypt some of it when you obtain a private key but this could be prevented by using one-time pads and erasing them as they're used.
No matter what encryption method you choose, all communications and challenge-responses would be protected by a PGP signature. I chose DSA for this because a signature is only 96 bytes. The small signature size is important for phone calls because sending large RSA signatures 50 times per second (since the packets are 20 ms each) would require a lot of bandwidth.
Anyone running a node could only see metadata such as client IP addresses (which could probably be masked with TOR), the numbers that are communicating, when, and how long each call lasts. They could not reveal the contents of any call or text even if they were served a warrant and wanted to comply. Someone attempting to eavesdrop would have to steal the intended victim's private key (maybe by picking their pocket or kidnapping them), and even then they could only decrypt half of every conversation since each user encrypts using the other person's key.
For the normal PGP mode, this means if you arrange a drug deal by phone and get caught, the police could only use your key to decrypt what the other person said to you during the call. They would need to capture the other person to hear what you said. Also, if you live in a country where you have the right to remain silent and not reveal passwords, you could encrypt your private key with a passphrase and then your calls would be safe even if you were caught.
On the other hand, if one-time pads were used, neither side of the call could be decrypted and there's nothing anyone could do about it since the keys would be slowly destroyed as they're used. The police would have to rely on your account of what transpired during the call.
Does this idea sound secure? I know in Signal the key exchange is more complicated so I don't know if this could be hacked.
submitted by DoaJC_Blogger to crypto [link] [comments]

[ANN] Mycelium's new Local Trader feature will let anyone be an ATM

Announcement (posted to multiple sources)
This Wednesday, at the Inside Bitcoins conference in Berlin, the team behind the Mycelium Bitcoin Wallet and the much anticipated yet continuously delayed BitcoinCard, will demo a major new feature of their wallet, called Local Trader. This new feature is a person to person exchange, similar to LocalBitcoins.com, built directly into the bitcoin wallet software. As Jan Møller, one of Mycelium’s lead developers explains, “Mycelium Local Trader is a trading platform for the Mycelium Bitcoin Wallet which allows users to buy and sell Bitcoin. The initial idea comes from one of the biggest problems in Bitcoin: How to get your first bitcoins?”
The feature is still being finalized, but is fully functional on testnet, and is expected to be released later this month. At first, the trader options will be limited to “Continuous Seller,” where someone creates an offer to sell bitcoins and waits for buyers, and “Instant Buyer,” where someone who wants bitcoins right now can browse a list of sell offers in their area, and ping one to ask for a trade. When asked why the option to instantly sell bitcoins for cash was not available yet, Jan commented, “We wanted to attack what we believe is the most common problem: Getting your first BTC.”
Image 1
To set up a sale offer, the user first has to load their bitcoin wallet with some bitcoins. Since both the wallet and the trading platform are within the same app, the seller profile actually knows if they really have coins to sell. Once the seller presses the “Sell Bitcoin” button, Local Trader automatically registers one of the wallet’s bitcoin addresses on the exchange server as the key associated with the seller account. Like PGP, this bitcoin address and private key are used to authenticate with the trading server, where your user id, sell offers, trade history, and reputation are stored. Likewise, the private key is used to authenticate API requests to the server, a method that may mitigate the API key theft issues recently experienced by some exchanges, and in the future may be used to authenticate and possibly encrypt communications between users. For now, it just keeps all communications secure, and has the added benefit of being able to import your trade account, along with all its history, simply by importing the associated private key from a backup.
Image 2
In the Sell Order menu, users can create sale orders that include their location (obfuscated to a 1km square block), the exchange used for the price, seller fee, minimum and maximum amount they are willing to sell, and a custom message that buyers will be able to see when they select their offer. Sellers are not limited to the amount of sale offers they can create, and can make sell offers with different fees for different amount traded, different locations, and even set negative fees if they need to swap their bitcoins for cash quickly.
For anyone looking to buy bitcoins, they just have to press “Buy Bitcoin,” and they are instantly presented with a list of 20 closest offers in their area, sorted by distance using their phone’s GPS. Here, buyers can see offer details, such as nickname of the seller, their rating, price, distance, and minimum and maximum they are willing to trade. Clicking on an offer also expands it to show any custom notes the seller may have included. Initiating a buy offer is as simple as typing the amount you wish to buy into the text entry field on the seller’s offer, and selecting Buy.
Image 3
Once an offer is accepted, the seller’s wallet receives a notification, and the trading app switches to a window where the buyer and seller can see the amount and the price being offered, as well as a chat window they can use to negotiate the terms and location of the trade. The price can be changed and refreshed to the more recent exchange price as many times as the traders want before they agree on the trade, up to the point where they meet and swap cash. When each of them agrees on the terms, they hit Accept Offer, and the trade will only be considered accepted when both of them have agreed. However, the trade must go through within 24 hours of the buyer’s initial offer, otherwise it gets automatically aborted. Once the two traders meet, the buyer hands cash to the seller, the seller hits “Cash Received,” and bitcoins are automatically sent to the buyer's wallet, minus whatever fees were negotiated on.
Image 4
Another brand new feature that comes with Local Trader, which will likely be ported to other parts of the wallet, is the “Transaction Confidence” graph. Since Mycelium servers are connected to hundreds, if not thousands, of nodes, they are able to track transaction propagation through the network in real time. Transaction Confidence, expressed in percent, shows a close estimate of how much of the overall Bitcoin network has heard about the transaction. The idea is that, if most of the network has already heard about the transaction, double-spending it becomes much more difficult, and the chances of it being included in the next block approach 100%. So, if the confidence is high enough (it reaches high 90’s within a few seconds), you can be fairly sure that this transaction will be included in the block, and do in person trades with zero block confirmations. No more awkward waiting for 10 minutes (or sometimes as long as 50 as I had the unfortunate experience of at a local McDonald’s) just to make sure that both people are confident enough the transaction won’t fail.
Trader feedback is the only feature still undergoing the final stages of development, and will be automatically calculated based on the number and size of successful trades, response times, and trade aborts. For their part, Mycelium plans to charge about 0.5% per transaction for the service, but, like LocalBitcoin, will not object to people using the service to trade directly, bypassing the fee, since they believe enough people will find the convenience of trading directly through their system, along with maintaining a trade history and reputation, to be worth the small fee.
submitted by Rassah to Bitcoin [link] [comments]

Ultimate Software Verification Gude - Never get Hacked or Phished again!

Due to the amounts of scams and phishing websites and malwared softwares, I made this quick easy to understand tutorial how to verify that the Bitcoin Cash software that you use is legitimate.
The core concept is that you should not rely on any 3rd party to prove the authenticity of files, not even this text, because any website can get potentially hacked so just do all the verification by yourself, as much as you can. It might be a longer work every time you update the software but it's worth it, since the alternative is being a victim of theft.
 
There are 3 ways to verify the authenticity of the software you download:
 
 
 

EASY WAY

In case your IP address is specifically targeted it's advised to have a VPN connection at hand too, and do the verification both on your VPN and on your clearnet IP. I am using Firefox for this example and you should too. This method can be used to verify any website you want by cross-examining their authenticity against eachother relying on 3-4 more or less trusted authority figures.
What you would do is just use 3-4 different search engines that you more or less trust: DuckDuckGo.com, startpage.com, bing.com, wikipedia.org.
Open each search engine in a different tab in your browser, and enter in each one of them the software you search for, in this example "Bitcoin Cash".
In the first search results you will see a link to the supposed bitcoin cash official website (on wikipedia you will just see the link at the right side of the article about bitcoin cash), click on that link from each tab and you will have the official website opened in 4 different tabs.
Now the websites might look the same, but they might not be the same websites, since the connection could be hijacked so you could be on a fake website.
In order to determine the authenticity of the website, click on the green lock icon in Firefox before the HTTPS mark, click on More Information, and click on View Certificate, then you will see there a SHA256 fingerprint, paste that into a text file.
Now go to the other tabs you have opened the website in, and put that SHA256 fingerpring in the text file itself.
Now see if all 4 of them match in the text file by pressing a CTRL+F and copying it in the search box. If they are the same, then you are very likely on the official website, assuming that all search engines remove phishing websites quickly and wikipedia is not hacked.
You might also want to redo this verification from a different IP address in case you think a hacker is speficially targeting your IP address.
Now just download the software from the genuine official website and you are ready to go.
(Note I am not giving you the fingerprint I got from my verification so that you don't have to rely on my authority, you should do the verification yourself!)
 
 

MODERATE WAY

You have to know how to use GnuPG software. I would use a Linux machine for verification since it's very easy to do it there. You can always burn a quick Live Linux DVD and boot that up to do the verification. Just watch some videos to learn how to do that, I assume you already know how to do that.
Now regardless of whether the website is hacked or not, we only care about the software itself here, and if the verification is done properly, any discrepancy can be detected regardless of the website itself. A website can be far easier hacked than an offline private key used to sign softwares, so this method is much more secure.
Every Bitcoin Cash software is usually signed with a GPG key. The issue here is to verify the authenticity of the key itself, once you have that, you can verify any package with that, regardless of source, assuming the developer is honest, so it's not fullproof, but good enough.
Going with the example above you download the Bitcoin Cash software or Electron Cash or whatever, and you grab the software file, the GPG signature file and the GPG Public Key. Then import the GPG key gpg --import keyfilename.txt for example.
The only thing you need to do is to verify the GPG Public Key itself. Let's go with Electron Cash in this example.
Fyookball (the lead developer)'s official key is allegedly 0x4FD06489EFF1DDE1. We don't know if this is true or not, we can either e-mail him directly, but then who knows his e-mail could be hacked or whatnot, so we need are more extensive verification here.
Each GPG key has a fingerprint which is your main point of reference, so the fingerprint you got for the downloaded key, which you can see in SeaHorse or by entering gpg --fingerprint 0x4FD06489EFF1DDE1 in a linux console after you have imported the key.
You need to create a web of trust, enough reputable people vouching that this is indeed his genuine key, usually relying on people who have either met him or has extensively verified his identity.
So we look the key up like in a phone address book, on the MIT server: https://pgp.mit.edu/pks/lookup?op=vindex&search=0x4FD06489EFF1DDE1
Also it's recommended to install Gnome Seahorse, a gui interface to manage GPG keys: sudo apt-get install seahorse
It appears to be signed only by 2 people, I don't know them, but if you do and you have their keys too, then you can rely on their authority to confirm the authenticity of the key.
If by the time you read this, the key will be signed by a trustworthy person from the broader Bitcoin Cash development team or some other well known entity, then what you would do is grab their key (and verify it) and in SeaHorse set their key to Trusted.
Then automatically in Fyookball's key, the other people's signatures will show up, proving that other trusted entities who's keys you have already verified have signed this key, so on their authority you could trust Fyookball's key too.
For example in Bitcoin ABC and other softwares, this is the case, unfortunately not for Electron Cash yet.
So the only thing you can do is grab and verify fyookball's e-mail address, and message him and ask him his GPG key's signature.
I have already done that so based on my authority his key fingerprint is: D56C 110F 4555 F371 AEEF CB25 4FD0 6489 EFF1 DDE1
The only other place that has the key referenced is Github, so you have to rely on their authority to host the genuine key and not get hacked in the process.
There is only 1 electron cash repository which is a fork of the original electrum software: https://github.com/fyookball/electrum, again you could verify the authenticity of Github.com based on the previous method, but there is only 1 repository for Electron Cash so it's not hard to find it.
There you can see the public keys in a separate branch: https://github.com/fyookball/keys-n-hashes
It's not a lot of evidence, so I hope in the future more people will vouch for it, but for now this is all we have, for other softwares you can find a more extensive web of trust.
So after you established the legitimacy of the key, just save it or write down the fingerprint on a piece of paper and put it in a safe, and from then on you can verify any new Electron Cash release against that.
Simply just verify the signature file for example for the latest release: gpg --verify ElectronCash-3.2.tar.gz.sig
And it should give back the fingerprint of it, if the fingerprint matches the one of your verified key, then the software is genuine. But again this relies on the assumption that fyookball is honest, which in my opinion he is, he is a trustworthy developer.
 
 

HARD WAY

The ultimate way to verify the trustworthyness of a software is to:
  • Download and inspect the source code yourself
  • Compile the software from source
  • Verify the output against the downloaded package (verified by the previous step)
This is very complex, but if you want to have a fullproof guarantee that the software is genuine and untampered then this has to be done.
It might be a bit paranoid but dozens of malware clients come out each day, most of them have sneaky code in them that sends out your private key like in this example:
If the developer is both shady and the source code doesn't match the binary, then you can easily get hacked and lose all your money.
What you need to do to be fully secure in a fully trustless verification model is the following:
 
1) Do the previous step for verifying the signed package with the developer's genuine public key, all verified. So now you have an output package that is tied to the developer that is allegedly derived from the source code securely, assuming the developer is honest, and is compiling it securely. So in this case the risk is limited only developer malice or negligence.
2) Download the source code, from the main website, it should be correctly downloaded, so just download it multiple times to verify that the package was downloaded correctly.
3) Inspect the source code yourself or pay a programmer to do it. Especially watch out for the sensitive parts of the code, like the part that does the encryption and the part that does the communication. You should make sure that the private keys are never sent out. You could also use a network inspector software and test whether the private key is sent out.
Now if you have verified that the source code is genuine, then assuming that Github is honest, many other developers will verify this too, so we can establish that the source code does exactly what it meant to do, with no backdoors.
4) Now you need to compile the source code and make it identical to the package you have just verified previously. Determinism is crucial, the package must match the source code 1:1.
Now there may be some config files or cache files that will not but that is not an issue, the Electron Cash software is very messy so there will be a few files that will not match but usually it should.
Open the README.rst file in the Electron Cash source code to see the instructions how to compile it for different OS's. By default I recommend Linux because it's easier to work on.
5) Now that you have a compiled source code folder, every single file in it should match the signed output package you have verified it earlier.
Now you can write a quick code to parse through each file and check for discrepancies. You are lucky because I have already did it:
Download my script, unpack both archives in the same directory and put the script there too and make sure the root directory ElectronCash-3.2 is where the files are, sometimes it might be ElectronCash-3.2/ElectronCash-3.2 depending on how you unpack it with the archive manager.
Now run the python script, and it will show you exactly which files don't match and which files are missing.
Ignore the missing files, in fact just delete them from the other package where they are, since they are surplus files. The script verifies the untrusted package (the one you verified previously, yet untrusted because we don't know whether it's derived from the source yet)
The missing files can't cause problem because they are just extra files put in the output package, if they don't exist in the source, then they are harmless. So just delete the missing files and you are left to deal with the corrupt files.
Also do a search for .pyc extension files and delete all of those too, these are just cache files that get recompiled every time you run Electron Cash, so they can't be malware.
And there are the corrupt files which are modified. Now this could be due to some discrepancies the way the compiler worked or it could be a backdoor we don't know, so we need to verify each corrupt file 1 by 1.
6) Now we need to verify each corrupt file one by one and see the discrepancy.
Get diffuse, which is a simple tool to look for differences in the code:
sudo apt-get install diffuse
Open both of the same named files in it and check out in each pair the differences. Usually it will just be a few misc stuffs so in that case just copy 1 difference over to the other and make them identical.
Do this for every corrupt file pair, and check whether any malicious code was added.
After you are done run the script again and it should give out Packages are Identical!
If you get that, you have now verified beyond the reasonable doubt that:
  • The source code is genuine and secure
  • The package file is certainly created by the developer and based on his reputation it's secure
  • Your compilation is secure
  • Your compilation mathes deterministically the source code
  • Your compilation matches the package file provided by the developer
Therefore the softare is secure and genuine and hasn't been tampered with.
I have verified the ElectronCash-3.2.tar.gz file with the HARD WAY and based on my verification the SHA256 checksum da355ac3d198750e01acb8f1ada82c4d481036bee36fd9d3e2fdff972d9fc082 is genuine.
But don't rely on my authority, verify it all yourself. That is the whole point of the trustless setup.
submitted by alexander7k to btc [link] [comments]

The perfect is the enemy of the good

People have been searching for various modes of scaling (either on- or off-chain) for five years or more --- and it's an important issue and one that I would like to see a perfect technical solution to.
But we have a good solution staring us in the face: bills.
I've seen people post "bitcoin bills" a few times, and we all probably know the problems with them. But let's go through the various "levels" of money and how much trust one needs to have.
  1. Fiat money. Money backed by nothing but trust in the power of the issuer and faith that they won't dilute the supply too much. Requires total faith.
  2. Receipt for a particular quantity of a good (1 oz. gold, for example) from a warehouse/bank. Requires faith that additional receipts are not issued. If they are, one has no way to know unless a bank run develops. Those at the end of the line are defrauded.
  3. Receipt for a particular good (or good stored at a particular address). One can think of a bill which has the public address of bitcoin on it. It can be quickly verified that there is indeed the precise good to back up this bill. There may be other bills with the same address on them though. However, I can go to the bank and ask for that particular good be sent to my account. If there are other bills with the same public address, they are now unbacked, and this becomes apparent without a general bank run. And those who have been defrauded are easily identified. Further, such people are more likely to be more randomly distributed than those at the end of the line in a bank run, i.e., some of them are more likely to have the resources to bring suit.
  4. Receipt for a particular good (cryptocurrency), with the public address printed on the outside for verification and the private address printed, but hidden. (Think scratch off lotto ticket, or tri-folded with foil to completely obscure the private key.) This basically works the same as 2, except that anyone, at any time, without going to the bank, can decide to destroy the bill and move the coins to their own account. Again, any fraud can be found out without a bank run, and the defrauded persons can be perfectly identified, along with the other benefits of 2.
  5. ? I'm still trying to come up with one even better. In particular, the bank might sign the transaction which creates the coin address with a PGP key. There could be third party applications, where one scans a bill and then if someone claims the coins at that address, one is alerted.
I realize that the crypto-world is quite volatile, and that there may not be a huge demand for physical crypto-currency at the moment --- it also isn't a solution for world-wide transactions. However, it *is* a way to facilitate the massive numbers of local transactions which occur. A way to move these transactions off the chain --- both for scalability and privacy. Further, while such a solution as #3 is not perfect, it is much better than #0 (what we currently have) and also better than #1, which is how the banking system used to operate.
submitted by ihaphleas to CryptoCurrency [link] [comments]

Secure paper wallet tutorial

This is my handout for paranoid people who want a way to store bitcoin safely. It requires a little work, but this is the method I use because it should be resistant to risks associated with:
  1. Bad random number generators
  2. Malicious or flawed software
  3. Hacked computers
If you want a method that is less secure but easier, skip to the bottom of this post.
The Secure Method
  1. Download bitaddress.org. (Try going to the website and pressing "ctrl+s")
  2. Put the bitaddress.org file on a computer with an operating system that has not interacted with the internet much or at all. The computer should not be hooked up to the internet when you do this. You could put the bitaddress file on a USB stick, and then turn off your computer, unplug the internet, and boot it up using a boot-from-CD copy of linux (Ubuntu or Mint for example). This prevents any mal-ware you may have accumulated from running and capturing your keystrokes. I use an old android smart phone that I have done a factory reset on. It has no sim-card and does not have the password to my home wifi. Also the phone wifi is turned off. If you are using a fresh operating system, and do not have a connection to the internet, then your private key will probably not escape the computer.
  3. Roll a die 62 times and write down the sequence of numbers. This gives you 2160 possible outcomes, which is the maximum that Bitcoin supports.
  4. Run bitaddress.org from your offline computer. Input the sequence of numbers from the die rolls into the "Brain Wallet" tab. By providing your own source of randomness, you do not have to worry that the random number generator used by your computer is too weak. I'm looking at you, NSA ಠ_ಠ
  5. Brain Wallet tab creates a private key and address.
  6. Write down the address and private key by hand or print them on a dumb printer. (Dumb printer means not the one at your office with the hard drive. Maybe not the 4 in 1 printer that scans and faxes and makes waffles.) If you hand copy them you may want to hand copy more than one format. (WIF and HEX). If you are crazy and are storing your life savings in Bitcoin, and you hand copy the private key, do a double-check by typing the private key back into the tool on the "Wallet Details" tab and confirm that it recreates the same public address.
  7. Load your paper wallet by sending your bitcoin to the public address. You can do this as many times as you like.
  8. You can view the current balance of your paper wallet by typing the public address into the search box at blockchain.info
  9. If you are using an old cell phone or tablet do a factory reset when you are finished so that the memory of the private keys is destroyed. If you are using a computer with a boot-from-CD copy of linux, I think you can just power down the computer and the private keys will be gone. (Maybe someone can confirm for me that the private keys would not be able to be cached by bitaddress?)
  10. To spend your paper wallet, you will need to either create an offline transaction, or import the private key into a hot wallet. Creating an offline transaction is dangerous if you don't know what you are doing. Importing to a client side wallet like Bitcoin-Qt, Electrum, MultiBit or Armory is a good idea. You can also import to an online wallet such as Blockchain.info or Coinbase.
Trusting bitaddress.org
The only thing you need bitaddress.org to do is to honestly convert the brainwallet passphrase into the corresponding private key and address. You can verify that it is doing this honestly by running several test passphrases through the copy of bitaddress that you plan on using, and several other brainwallet generators. For example, you could use the online version of bitaddress, and brainwallet and safepaperwallet and bitcoinpaperwallet. If you are fancy with the linux command line, you can also try "echo -n my_die_rolls | sha256sum". The linux operating system should reply with the same private key that bitaddress makes. This protects you from a malicious paper wallet generator.
Trusting your copy of bitaddress.org
Bitaddress publishes the sha1 hash of the bitaddress.org website at this location:
https://www.bitaddress.org/pgpsignedmsg.txt
The message is signed by the creator, pointbiz. I found his PGP fingerprint here:
https://github.com/pointbiz/bitaddress.org/issues/18
"527B 5C82 B1F6 B2DB 72A0 ECBF 8749 7B91 6397 4F5A"
With this fingerprint, you can authenticate the signed message, which gives you the hash of the current bitaddress.org file. Then you can hash your copy of the file and authenticate the file.
I do not have a way to authenticate the fingerprint itself, sorry. According to the website I linked to, git has cryptographic traceability that would enable a person to do some research and authenticate the fingerprint. If you want to go that far, knock yourself out. I think that the techniques described in this document do not really rely on bitaddress being un-corrupt. Anyway, how do we know pointbiz is a good guy? ;-)
There are a lot of skilled eyes watching bitaddress.org and the signed sha1 hash. To gain the most benefit from all of those eyes, it's probably worthwhile to check your copy by hashing it and comparing to the published hash.
"But we aren't supposed to use brainwallets"
You are not supposed to use brainwallets that have predictable passphrases. People think they are pretty clever about how they pick their passphrases, but a lot of bitcoins have been stolen because people tend to come up with similar ideas. If you let dice generate the passphrase, then it is totally random, and you just need to make sure to roll enough times.
How to avoid spending your life rolling dice
When I first started doing this, I rolled a die 62 times for each private key. This is not necessary. You can simply roll the die 62 times and keep the sequence of 62 numbers as a "seed". The first paper address you create would use "my die rolls-1" as the passphrase, the second would be "my die rolls-2" and so on. This is safe because SHA256 prevents any computable relationship between the resulting private key family.
Of course this has a certain bad security scenario -- if anyone obtains the seed they can reconstruct all of your paper wallets. So this is not for everyone! On the other hand, it also means that if you happen to lose one of your paper wallets, you could reconstruct it so long as you still had the seed.
One way to reduce this risk is to add an easy to remember password like this: "my die rolls-password-1".
If you prefer, you can use a technique called diceware to convert your die rolls to words that still contain the same quantity of entropy, but which could be easier to work with. I don't use diceware because it's another piece of software that I have to trust, and I'm just copy/pasting my high entropy seed, so I don't care about how ugly it is.
Why not input the dice as a Base 6 private key on the Wallet Details tab?
Two reasons. First of all, this option requires that you roll the die 99 times, but you do not get meaningful additional protection by rolling more than 62 times. Why roll more times if you don't have to? Second, I use the "high entropy seed" method to generate multiple private keys from the same die rolls. Using the Base 6 option would require rolling 99 times for every private key.
I'm a big nerd with exotic dice. How many times to roll?
Put this formula in Excel to get the number of times to roll: "=160*LOG(2,f)" where f = number of faces on the die. For example, you would roll a d16 40 times. By the way, somewhat unbelievably casino dice are more fair than ordinary dice
The "Change address" problem:
You should understand change addresses because some people have accidentally lost money by not understanding it.
Imagine your paper wallet is a 10 dollar bill. You use it to buy a candy bar. To do this you give the cashier the entire 10 dollar bill. They keep 1 dollar and give you 9 dollars back as change.
With Bitcoin, you have to explicitly say that you want 9 dollars back, and you have to provide an address where it should go to. If you just hand over the 10 dollar bill, and don't say you want 9 dollars back, then the miner who processes the transaction gives 1 dollar to the store and keeps the remainder themselves.
Wallet software like Bitcoin-Qt handles this automatically for you. They automatically make "change addresses" and they automatically construct transactions that make the change go to the change address.
There are three ways I know of that the change problem can bite you:
  1. You generate a raw transaction by hand, and screw up. If you are generating a transaction "by hand" with a raw transaction editor, you need to be extra careful that your outputs add up to the same number as your inputs. Otherwise, the very lucky miner who puts your transaction in a block will keep the difference.
  2. You import a paper wallet into a wallet software and spend part of it, and then think that the change is in the paper wallet. The change is not in the paper wallet. It is in a change address that the wallet software generated. That means that if you lose your wallet.dat file you will lose all the change. The paper wallet is empty.
  3. You import a paper wallet into a wallet software and spend part of it, and then think that the change is in the change address that the wallet software generated. If the transaction did not need to consume all of the "outputs" used to fund the paper wallet, then there could be some unspent outputs still located at the address of the paper wallet. If you destroyed the paper wallet, and destroyed the copy of the private key imported to the wallet software, then you could not access this money. (E.g. if you restored the software wallet from its seed, thinking all of the money was moved to the wallet-generated change addresses.)
For more on this, see here
The hot paper wallet problem
Your bitcoin in your paper wallet are secure, so long as the piece of paper is secure, until you go to spend it. When you spend it, you put the private key onto a computer that is connected to the internet. At this point you must regard your paper wallet address as hot because the computer you used may have been compromised. It now provides much less protection against theft of your coins. If you need the level of protection that a cold paper wallet provides, you need to create a new one and send your coins to it.
Destroying your paper wallet address
Do not destroy the only copy of a private key without verifying that there is no money at that address. Your client may have sent change to your paper wallet address without you realizing it. Your client may have not consumed all of the unspent outputs available at the paper wallet address. You can go to blockchain.info and type the public address into the search window to see the current balance. I don't bother destroying my used/empty paper wallet addresses. I just file them away.
Encrypting your private key
BIP 0038 describes a standardized way to encrypt your paper wallet private key. A normal paper wallet is vulnerable because if anyone sees the private key they can take the coins. The BIP38 protocol is even resistant to brute force attacks because it uses a memory intensive encryption algorithm called scrypt. If you want to encrypt your wallets using BIP38, I recommend that you use bitcoinpaperwallet because they will let you type in your own private key and will encrypt it for you. As with bitaddress, for high security you should only use a local copy of this website on a computer that will never get connected to the internet.
Splitting your private key
Another option for protecting the private key is to convert it into multiple fragments that must be brought together. This method allows you to store pieces of your key with separate people in separate locations. It can be set up so that you can reconstitute the private key when you have any 2 out of the 3 fragments. This technique is called Shamir's Secret Sharing. I have not tried this technique, but you may find it valuable. You could try using this website http://passguardian.com/ which will help you split up a key. As before, you should do this on an offline computer. Keep in mind if you use this service that you are trusting it to work properly. It would be good to find other independently created tools that could be used to validate the operation of passguardian. Personally, I would be nervous destroying the only copy of a private key and relying entirely on the fragments generated by the website.
Looks like Bitaddress has an implementation of Shamir's Secret Sharing now under the "Split Wallet" tab. However it would appear that you cannot provide your own key for this, so you would have to trust bitaddress.
Durable Media
Pay attention to the media you use to record your paper wallet. Some kinds of ink fade, some kinds of paper disintegrate. Moisture and heat are your enemies.
In addition to keeping copies of my paper wallet addresses I did the following:
  1. Order a set of numeric metal stamps. ($10)
  2. Buy a square galvanized steel outlet cover from the hardware store ($1)
  3. Buy a sledgehammer from the hardware store
  4. Write the die rolls on the steel plate using a sharpie
  5. Use the hammer to stamp the metal. Do all the 1's, then all the 2's etc. Please use eye protection, as metal stamp may emit sparks or fly unexpectedly across the garage. :-)
  6. Use nail polish remover to erase the sharpie
Electrum
If you trust electrum you might try running it on an offline computer, and having it generate a series of private keys from a seed. I don't have experience with this software, but it sounds like there are some slick possibilities there that could save you time if you are working with a lot of addresses.
Message to the downvoters
I would appreciate it if you would comment, so that I can learn from your opinion. Thanks!
The Easy Method
This method is probably suitable for small quantities of bitcoin. I would not trust it for life-altering sums of money.
  1. Download the bitaddress.org website to your hard drive.
  2. Close your browser
  3. Disconnect from the internet
  4. Open the bitaddress.org website from your hard drive.
  5. Print a paper wallet on your printer
  6. Close your browser
submitted by moral_agent to BitcoinWallet [link] [comments]

Bitcoin Private fork How to import private keys and claim ... Bitcoin private key scanner How to Import GPG Keys in the GUI Gnu Privacy Assistant ... Import non spendable bitcoin with private key - YouTube Using Gnu PGP 1.generating private keys 2 exchanging keys 3.importing keys 4.encrypting - Kleopatra

I have gpg --export-secret-key working for the key in question. I have ssh access functional for the remote machine in question. But gpg --export-secret-key SOMEKEYID ssh othermachine gpg --import returns a Passord: prompt and then says bash: gpg: command not found.I have also tried this with just gpg --export which works locally but not in the compound command. It also contains the public and private key for each of your bitcoin addresses. Your bitcoin private key is a randomly generated string (numbers and letters), allowing bitcoins to be spent. A private key is always mathematically related to the bitcoin wallet address, but is impossible to reverse engineer thanks to a strong encryption code base. See: How to import private keys v7+ If you are using Cold storage, a Paper wallet or generating vanity addresses you may have a need to import a Private key. Since Bitcoin-QT/bitcoind v0.6.0, you can import private keys using built-in RPC command importprivkey. Importing your Private Key. Under the File Menu, Click on Import Certificates. Browse to the location where the secret key (Private Key) is stored. Click on the Open button to start the import. After Successful Certificate Import Result. Click on ‘OK’ Button. Tap on ‘My Certificates‘ tab to see the key information. Begin Message ... Thus, there are 2 keys generated during the PGP key creation process: public and private. The public key is the one you will want to share with others (thus the name “public key”). There are several different ways to generate PGP key pairs; in this article we will be using a program called Gpg4win, also known as Kleopatra.

[index] [16719] [12552] [20108] [31483] [973] [25330] [21355] [19746] [13018] [25379]

Bitcoin Private fork How to import private keys and claim ...

Get a professional to get you private key for your existing watch only For more visit https://swiftcyberarena.com Like,comment and subscribe Private Keys from the Samurai Bitcoin Wallet for Android - Duration: ... Recover Lost/Damaged Ledger, Trezor or Keepkey Wallet using Coinomi (Importing Recovery Phrase ... How To Use PGP ... For more info about me, visit my website: https://ankontini.com Create your own public key, import others and use them to send encrypted emails. I made this ... BIP39 Bitcoin Private Key and Aeternity Key Translate Help - Duration: ... How To Export & Import Private Keys (Litecoin/Bitcoin) - Duration: 5:32 ... Managing Your PGP Keys - Duration: ... Bitcoin Private successfully hard forked from Bitcoin and ZClassic and is now safe to claim. This video will show you how to import your private keys and cla...

#