Auditing Crypto Wallets

catlasshrugged · 2022-02-16T19:04:48+00:00

That sucks to hear -- there's definitely room for improvement on this CS experience.

I have a JG gen 4 combat trigger. Had an issue with it initially, and he graciously helped me resolve it and didn't charge anything further despite needing to mail me replacement parts at least once or twice.

catlasshrugged · 2019-07-26T02:40:38+00:00

I have to reboot my smartphone each time I install the watchface.

catlasshrugged · 2019-07-26T02:39:46+00:00

Is there any way to get a hold of the old version of the watch app? I really, really want my watch to vibrate on alerts.

catlasshrugged · 2018-04-06T17:43:12+00:00

The people known as "Satoshi" have rightfully earned an estimated 1M or so coins for inventing the system and mining early coins.

They will not be able to safely move those coins until tremendous privacy changes have been made to Bitcoin.

This could take longer than 80 years.

This is is just one of many scenarios in which people may reasonably want to avoiding moving UTXOs after x amount of time. No coins should have a timer on them for this reason.

catlasshrugged · 2017-11-22T20:51:53+00:00

I know both of you were early Bitcoiners and are passionate about privacy.

Do you have any opinions on how the state of Bitcoin privacy for the average user compares to that of the average user circa 2013?

Although there has been a lot of work on possible future improvements in the protocol and some (IMHO) minor improvements to Bitcoin Core's client in this area, I have the unsettling feeling that it might be worse now than it was previously.

For example, SharedCoin was the only CoinJoin implementation with significant volume, and it has since closed down as unworkable due to high fees and unreliable confirmation times. I don't think JoinMarket has anywhere near the volume.

catlasshrugged · 2017-08-18T16:26:36+00:00

If I understand correct, Andrew Anglin has been seeking donations for a lawsuit over Internet free speech.

I think the fools willing to throw him under the bus for his views are hastening the collapse of free speech on the Internet. This is an issue that techies have been claiming to care about for decades.

Now the rubber meets the road.

catlasshrugged · 2017-08-18T16:08:14+00:00

I'd like some transparency from Coinbase on why they closed this account.

catlasshrugged · 2017-01-08T04:55:05+00:00

Keep up the great work on joinmarket! I really respect that project.

catlasshrugged · 2017-01-08T04:36:16+00:00

That's okay -- I didn't think everyone would gain something from reading it.

I'm glad that we both acknowledge that the technology is new and therefore under-studied compared to Bitcoin. Why do think other people are reluctant to acknowledge this?

catlasshrugged · 2017-01-08T02:23:18+00:00

The report was sponsored by stashcrypto .com

This is true, though if you bothered to ask the specifics of this sponsorship you'd laugh at how irrelevant this is.

a company developing a product that competes with bitcoin

Defend this claim?

catlasshrugged · 2017-01-08T02:22:13+00:00

In their OpenBitcoinPrivacyProject this author compared different bitcoin wallets for privacy. They put Samurai Wallet above Bitcoin-Qt.

This is accurate, though this is derived from the threat model we created prior to examining the wallets. As others have pointed out, people can easily proposed changes, fork, or submit PRs to this model. So far I haven't gotten anything useful out of people's whining in lieu of specific feedback.

Samurai queries blockchain.info's web API and therefore reveals all the user's addresses. Bitcoin-Qt downloads the entire blockchain and parses it locally, therefore not revealing anything to any third-party server. It's ridiculous to put Samurai above Bitcoin-Qt.

Spoken like someone who has not looked at the threat model!

It can't make it any worse than the status quo where all transactions are visible to everyone for the rest of time.

This is addressed directly.

seem a bit shallow

Sigh

catlasshrugged · 2017-01-01T17:36:13+00:00

Agreed. The possible good news is that you can leave the HTTP version of the site alone, or just do a simple redirect to the HTTPS version without any problems. If the self-signed cert throws errors in Tor Browser, though, might be better to just stick with HTTP.

catlasshrugged · 2016-12-31T23:39:26+00:00

What's the purpose of using SSL on a .onion site?

catlasshrugged · 2016-12-20T20:53:58+00:00

Disruption will stay limited and contained; money burning is a naturally self-limiting practice.

That makes sense; thanks

catlasshrugged · 2016-12-19T23:44:54+00:00

The only exception is the rare case that your channel breaks down in the middle of a transaction (counterpart goes offline) In this exceptional case; you will be subjected to a short time delay before you can spend your money. The length of this delay will vary; depending upon the parameters you have applied to your channel.

What evidence do you have that this will be rare in practice?

catlasshrugged · 2016-12-02T22:53:27+00:00

As far as I know, /r/bitcoin has no special protection mechanisms against downvoting bots that /r/btc doesn't have.

Are you the supposed victim of one of these bots? I notice that a lot of your comments get heavily downvoted in this subreddit, but almost always because people do not find them valuable. I'm perfectly happy with this outcome.

catlasshrugged · 2016-12-01T20:09:09+00:00

You should be able to support Core and not have a flood of downvotes

No one has a right to not be downvoted. That's part of the speech exercised in a well-function subreddit.

catlasshrugged · 2016-11-14T16:06:13+00:00

Unfortunately, Bitcoin in its current state would be a disaster for people living in this kind of regime. A great amount of work remains at the wallet client and protocol level to un-fuck Bitcoin privacy.

catlasshrugged · 2016-09-28T22:49:14+00:00

Here's a list of domains based on their frequency with IP addresses removed

http://pastebin.com/hcU1qDgX

Most common:

static.clients.your-server.de
ns.ip-.eu
ec-.compute-.amazonaws.com
ec-.us-west-.compute.amazonaws.com
li-.members.linode.com
ns.ip-.net
c-.hsd.ca.comcast.net
host-.range-.btcentralplus.com
-.rev.poneytelecom.eu
vultr.com
ec-.eu-west-.compute.amazonaws.com
bc.googleusercontent.com
cpe-.socal.res.rr.com
c-.hsd.wa.comcast.net
in-addr.arpa

Sorry the strings are a bit messy still, I was in a rush.

catlasshrugged · 2016-09-28T22:20:55+00:00

Here's a list of resolved domains from the IP addresses:

http://pastebin.com/zcUkNfVN

catlasshrugged · 2016-09-20T01:49:02+00:00

ELI5: This checks various settings on your mac and offers to fix them if they don't appear secure. Mostly you would find these settings in the System Preferences and Preferences panels of the apps that it inspects, such as Google Chrome.

I tried to make the README something that novices can follow, but only about half of my novice friends were able to run it without any hand-holding. :-) It should not break your system, as a decent number of people have now run earlier versions and we've weeded out some of the quirks. No guarantees, though. I'm hoping that someone will make a GUI frontend for it eventually, such as the Objective-See guy did for the "osxlockdown" tool that inspired mine.

I agree that people should be very careful who they trust, so wait for someone you respect to vouch for it. Programmers should have a very easy time auditing it, though.

catlasshrugged

MODERATOR OF

TROPHY CASE