The Bitcoin Cryptography & Bitcoin Algorithm Pluralsight ...

[Guide] How to make money in EFT

EDIT : Thanks to everybody for pointing out the few mistakes/improvements that can be made in this new-player level guide.
For the sake of summarizing here :
- Intel documents are NOT worth 250k. I didn't check them on the flea before writing this and for some reason I always remembered them at 250k. Game is in maintenance so I can't check the real price. That being said, it's still profitable to craft USB into Intel, it's just not x2 profitable.
- Scav case : moonshine / intel docs, some people seem to say they've never been profitable. I personally *did not* measure those, I eyeballed it. I'm working on so much shit that I didn't bother. On average I think that I'm in a net positive, but it's as believable as people saying they're not : without proof we can't really say for sure. That bein said, it's certainly more profitable to run lower-tier scav runs that are *faster* when you're online, and to run a moonshine or intel when you log off. It's more efficient to get a lot of runs while you can re-start them every time.
- Crafting moonshine : It's not profitable to spam it ; I was under the assumption that the average player who will read this will usually not play for 4-5 hours straight and will end up collecting yesterday's moonshine, craft a new one, and that's it. If that's you're rythm then yes, spam it. If you intend to play more than one craft worth's of time, then you will craft moonshine faster than you can spend it, and it's not really worth to sell it on the flea except to up your market reputation for a small loss (about 10k). So in short : craft moonshine to be able to start a moonshine run for when you log off, but you don't *need* more than that.

Check this out

Here is some actual data on the lavatory !!

Hey everybody !

I know it can be a struggle to get a stable economy in this game, especially when you die a lot. Today I'm gonna try and give a few guidelines on how to make money safely, efficiently, fast, or in any other way we can think of.
If you're struggling to stay above the 15-20 million rouble treshold, this guide is definitely for you.
Very often I'll hear newer players say "Damn I can't seem to make money, I keep loosing. Every time I take gear I die instantly". There is some truth in that. Today I'll help you improve your survival rate, but most importantly I'll unbalance the other side of the equation. When you complain about losing a lot of money, I will help you spend less by a significant margin, as well as earn more. You'll also get rid of gear fera naturally.
Remember this throughout this very, very long read : It all depends on how you want to play, and how much. Some of these tips will not fit how you want to play the game, and like Nikita always says : this game is supposed to be fun before anything else.

1. Hideout

Safety Score : 100%
Reward : Moderate but very stable.
Maxing your hideout should be one of your top priorities, probably before telling your mom how much you love her every now and then. If you're not doing either of those, the big gamer in you knows what to do.
Early wipe, save your fuel for when you're online and playing. If you're playing, your generator should definitely be running and all your stations should be crafting something.
Once you have Medstation 1, Workbench 1 and Lavatory 2, you really have no reason to turn your generator off when you're playing.
Once you have the bitcoin farm, you should never turn off the generator.
Medstation :
Craft salewas and/or IFAKs permanently. They cost 8k and sell for 15k. That's a net profit of about 25k / hour for salewas, as well as never having to buy any.
Lavatory :
Always be crafting Bleach. If you have 2 empty blue fuel, use those empty cans to craft a Magazine case.
You can then keep the magazine cases until you've enough for your liking and sell those for a good profit.
The bleach you will use to buy the 6B47 helmets which are better than the SSh-68 helmets. Buying from 2x bleach barter at ragman level 1 means you get the helmet for 18k (instead of 33k on the market). This helmet has better head coverage, less slow/negative effects, less weight, has a slot for a mount, has +11 ergonomics AND is cheaper than the 22k SSh-68. That being said, it has a slight noise reduction that the Ssh does not have. If you wear headphones I'd say this is negligible but debatable. I prefer to have the extra protection and ergonomics for sure, considering it's slightly cheaper.

You can also barter for that helmet and instantly sell it back for a profit (five times) and level up ragman money requirements.
Bleach can also be traded for the Blackjack backpack at level 4, as well as the TTV rig at level 2. You should definitely do it.
Sell excess bleach on the flea market when the prices are around 10.5k or more. (around midnight Central European Time).
Workbench :
You can buy Power Cords and craft Wires forever and always make a profit. Buy in the morning and sell in the evening for better profits (CET timezone). For even more profit, you can craft gunpowders and ammo which tend to also be ridiculously pricy at night.
Buying grenades from Peacekeeper and crafting green (Eagle) gunpowder is a good way to make a lot of money and level up Peacekeeper.
Intel Center :
You main objective is to get this one to level 3 for reduced fees and better quest rewards, but also access to the bitcoin farm at level 2.
If you need FiR for quests, craft that. When you're done craft Intel Documents at all times (buy the USB), and use it for scav case or sell for a x2 profit. ( 3x40 for USB = 120, documents sell for 250)
Bitcoin Farm :
Once you have it, spend all your money on GPU until its maxxed, then level it up even more. The BTC farm is definitely worth it. At 50GPU you need to connect every 15 hours to clic. If you can't, keep it level 2 and connect every 24 hours to clic. Even at level 1 its worth. But its much, much faster at higher levels.
From 0 to 50 GPUs it takes about 30 days to pay for itself. GPUs should not be sold until you maxxed it.
Water Collector :
Must be running at all times. Buy the components if you don't have them.
Booze Generator :
Must be running at all times. Buy the components if you don't have them.
Scav Case :
Always have it running on moonshine, and use intel documents once you're done crafting one.
Nutrition Unit :
It's not really worth crafting sugar to put in the Booze gen, as the price for chocolate is pretty much = the price of sugar. So buy the sugar instead and craft something else. I tend to craft Hot Rods when the prices are good (morning) and then use them to barter 5.45 BS Ammo with Prapor or sell for a profit.

If you do all that, you should have about 150k an hour fairly easily. Don't forget to check it between every raid.

2. Traders

Safety Score : 100%
Reward : Quite good.
Once your mom has received all the love she deserves and your hideout is taken care of, you should have max traders (traders are a requirement for most of the hideout anyway).
Traders level 4 will net you much better prices on most mods and open very good barter trades.
Buy as much as you can from barter trades. You can buy almost everything from it, and it's usually at least 25% cheaper to buy the requirements and then do the barter. Ragman4 has the CPC Armored Rig which is level 5 armor, you'll get it for about 200k instead of 250k on the flea. The Slick is also much cheaper. The Blackjack backpack is literally half priced.
You can also NOT use what you barter and just sell it back to a dealer (sometimes the same from which you bartered) for a profit as well as having 2 times the loyalty money increase (from bartering then from selling).
Another good example is buying a Recbat 14k from the market, getting an ADAR for skier, selling it to Mechanic and winning 8k just like that. You can find every single barter that nets a profit yourself and just buy-resell and you'll probably make another 100k every reset, if you really are struggling and have the patience. I personally advise to just use the equipment for yourself unless you're levelling traders, but I wouldn't go as far as buying all profitable items every reset.
Every trader at every level has good barters. You can make a full decent kit at level 1 traders for about 40k roubles on barter, instead of 90 if you buy it all. (Paca for masks, helmet for bleach, ADAR for recbatt, salewa from craft, backpack, etc. all barters)

Bleach is beautiful and is coveted in the real world for its ability to cure diseases.

3. Modding

Safety Score : 100%
Reward : Very profitable.
Don't mod out of your reach. Don't mod Meta. If money is an issue for you, having +1 ergo won't change your life.
For example,
Priced at 10k roubles
Priced at 45k Roubles

See where I'm going with this?
If you have money, sure, go for the Shift. If you wanna have fun and try, sure, go for it as well. But if you're struggling, buy 4 cobras and mod 4 guns for the price of 1% recoil which will not make you a gamer god anyway.
Also, do NOT buy mods from the flea market when you see you can buy them from traders. Look at the top of the market, if the mod is greyed out, look at the price. It means you don't have access (yet). If the price is too inflated for you, find another mod. There are always other mods. You can make 2 AKMs that have a difference of 2% recoil and 4 Ergonomics and have a 150k price difference. It's up to you. When money is the issue, this was the answer.

Note : Some guns are inherently much more expensive. Guns shooting 5.56 or 5.45 tend to be more expensive than 7.62. AKMs are VERY good budget guns. They're a bit harder to handle, but you can get a fully modded AK for 150-200k, where as you will have an entry level M4 for that price. 7.62 PS ammo is also incredibly cheap while being decent. Play 7.62 if you're struggling with money. It's not meta, but it's far more than enough, trust me. You'll rarely lose fights exclusively because you had PS ammo in an AKM. Rarely.

4. Statistical loadout balance

This is fairly simple yet overlooked a LOT. To be accurate, you need data. Personally I kept it in an excel spreadsheet, if you're hardcore you should do something similar.

A somewhat relevant spreadsheet I used a wipe ago to measure some of my stats
What you need to know about yourself for this :
These will help us measure how much you fuck up or not.
Lets make it simple.
If you have a 500k loadout and you usually extract with 100k, at 10% survival rate, that means you will spend 500k x 10 = 5.000.000 roubles over 10 raids on average, die 9 times, and earn 100k once. This very obvious example shows the loss.
Basically we're gonna try and balance that equation so that you never lose money on average. You'll have ups and downs obviously, but over a week or two, it'll smooth things out for you, like math always does in a pleasant conversation with a girl.

So what can you do to improve that equation ?

4.1 Improve survival rate

Seems simple enough, DIE LESS. You do not need to be good, smart, or special to die less. If you die a lot, do something different. If you die less, try more of that. Explore statistical advantages through different gameplay.
What can you do to die less practically? Here is a list of checkboxes you can tick depending on your money, skill, mood, or any other factor like the map and sheer luck:
Do all that, it'll give you a LOT of data to actually improve by just doing something different without really being fastestronger, just smarter.
And I repeat : you can do some of it, all of it, it depends on what you like, what you're comfortable with, and the time/investment you're putting in the game. It's okay to play at your own pace.

4.2 Reduce gear cost

The second part of our "profit equation" above is how much gear you take with you. Using previous tips, reduce that cost. Barters, cheaper mods, etc.

4.3 Increase extracted value

This one is not as tricky as it sounds. Basically there are two ways to extract with more money in the backpack :
The goal is to pay for the gear you will loose when you die while making a profit on top. That one time you extract if you have a MBSS backpack, you'll need items worth like 50k per slot to break even. If you take a tri-zip, suddenly it's only 30k per slot. If you take a blackjack and blackrock from good old ragman, suddenly it's 10k per slot. So you can break even by looting crickents and DVD players almost.
See where I'm going ? Always take a tri-zip or bigger unless you're doing something special. That way you can afford to loot shitty areas, take less risk, and survive more while having a little less value.
We'll cover that in a minute, but there are ways to loot high value items, moderate value and low value. Those have also different risk/reward.

All of those are also map specific. In woods I'll often go with a 6B3TM armored rig for 40k, no helmet, 20k headphones and a sniper rifle. Rest is pouched so does not count. That's less than 100k investment. All players tend to have low value gear so I never extract with a lot either so it balances out. But on Woods, my survival rate is 20% instead of my overall 40%. So I know it's not a map I can reliably make money on, because I measured that accurately over time. This example is very common and should make sense to you.
Same goes for interchange where I have more about 50% survival but will tend to go in with 600k worth of gear, but will also often extract with over 500k quite regularly. Different ratios, different values, different purposes.
You can measure your own data if you're willing to do so, or you can eyeball it. Eyeballing it is much faster but very inaccurate because you will tend to include emotions in the mix when you die. You'll remember losses ~2x more than your wins (that's somewhat scientifically proven), and if you're eyeballing your loadout you might think you have 600k but really you might have only 450k. I would advise to go hardcore and measure it all for price, initial loadout, losses and earnings, for each map.

5. Money runs

Now money runs are vast and numerous. All include different levels of risk and reward. It's up to you once again to find what you're willing to do for the time it takes, the fun it will give you and how much it will actually help you. You can always try them all for ~50 raids the sake of trying something different and see how your data is impacted. it doesn't have to be 50 in a row if you don't want to. As long as you keep track of it it can be over a whole wipe. You'd have your data ready for the next wipe :) Faster is better though.

5.1 Hatchling runs

Safety Score : 100%
Reward : Very Variable. Mentally exhausting.
Those are incredibly money efficient. You're investing a gear of 0 value, so whatever you extract with is 100% win, so you cannot possibly lose money that way. Is it fun? Is it rewarding? I don't care, to each is own. Statistcally speaking, hatchling runs are an efficient way to make money.
They do however require a little bit of knowledge, but not skill. You'll be much more efficient at doing these kind of runs if you know where to go, what to look for, and how to get there depending on your spawn. That being said, such knoweldge is easily found ; it's nothing complex, it just takes time to learn. Once again, depends on how much you're willing to invest (if not roubles, time).

5.2 Scav runs

Safety Score : 100%
Reward : Low-ish
Scav runs are also incredibly efficient for the same reason as hatchlings. Except those have a cooldown. Statisticall speaking I have noticed you should always run your scavs as fast as possible on the map where you extract both the fastest and most frequently.
The explanation is simple, lets make it simpler :
The scav is a button that makes you earn free money. When you press it the button becomes unpressable for some time, when you release the button you earn money (sometimes).
That means you want to release the button as often as possible. And for that, you need to release it as fast as possible. It's that simple. So make scavs incredibly fast. I'm talking "Run through" fast.
Unless you're looking for FiR items or doing something specific like annoying a streamer, you should literally run straight to the extract every single time, and loot what you have that doesn't make you go out of your way too much. Usually I suggest factory, go in, kill a random scav, loot it, get out.
Two weapons is at LEAST 50k, 100 if they have a scope. There you go. That's 100k every 20 minutes (or less with intel center). That's MUCH BETTER than going up to 150-200k but taking 30 minutes to extract, and taking more risk by spending more time in the map. Every second you're in someone can shoot. Nobody can shoot you in the hideout.
The exception to that rule is Scavs with a pilgrim which you can take on your favourite loot-run map, probably interchange or reserve. There you should just fill everything you can and extract once you're full, no matter what you have. 30 crickents and an extra gun is fine.

5.3 Stash runs

Safety Score : Very
Reward : Okay
Those are very very safe and can be done with a pistol and a backpack only. Very cheap, quite unchalleneged, for a moderate reward. Just go on a map that you like and run around and loot all stashes until you're full, then get out. You can vary the map/route depending on the traffic of players. Interchange and shoreline are good contenders for that.
It'll net you easy money. Not great money, but definitely safe.

5.4 Loot Runs

Safety Score : Moderate
Reward : Quite alright
Once you have better knowledge/skill you can start having a specific route in a specific map, depending on a specific spawn. So it'll take time to learn. Usually very similar than a hatchling run except this time you bring moderate gear and go for moderate loots. For example, instead of going for fast techlight, in-and-out interchange, you can decide "alright I'll loot 100% of Oli and the computers in the back", it'll take time, but it'll make good loot. More money than stashes, definitely will see scavs to kill, and most probably some more pvp. More risk. If you win that PvP you have even more loot as well. But overall good reward.
Loot runs need to be "scheduled" and thought of after several tries, so you know how much you can take per person depending on backpack size. For example you can't say "lets loot oli" if you have a 5-man with blackjacks, you'll all be empty. Adapt.

5.4 PvP

Safety Score : Insane
Reward : Unreliably moderate
This one is pretty obvious. Very risky, unpredictable rewards. Usually better than loot runs when you survive. I won't elaborate on this, because if you're reading this far you're probably struggling in PvP. And the rest of this guide already covers a fair bit.

6. Insurance

Safety Score : "Meh"
Reward : Very profitable.
Now this is very, very important. Always insure your gear. Always.
If you die you will get stuff back, pretty much for free. If you're really struggling people won't loot your "trash", so you WILL get it back.
If you play in a group it's very likely that people will hide your stuff too.
And most importantly : you can insurance fraud. This is the best way to balance the equation we talked about earlier. If you find a decent-ish gun, replace yours. You drop your initial investment by a significant margin, you will definitely get it back, and if you extract it's a flat profit. Weapons don't take inventory slot, so if you have two weapons that are not yours initially they will usually pay for your whole gear. I have quite often left my super-mega-modded HK just for an average M4 or other weapon that I can fight with, just so I can reduce my investment by 350k and up my reward by like 200k instantly. Replace your headphones all the time too, that's an easy -30+30k, same with helmets. even if it's a bit broken or slightly worse.
If you're struggling with money, try to leave every raid with at least 3-4 pars of your equipment that aren't yours initially.
But value the risk behind this. I won't leave my slick for a Paca at the third minute of a raid just to have that extra 28k. I won't leave my meta-modded HK for a naked mosin. But if it seems decent/doable, do it. It will pay off. Because even if you die, you still get your shit back, and gun is usually the most expensive part of the gear.

7. Final notes

It's all about balance. Find what works *for you* and try shit out. Really, try. You'll die, you'll learn, you'll adapt with data to back that up. I find it crazy that people will die and not try to learn from it. That's how you will improve as a player.
First you gotta get smarter, then you'll get better. And with time, skill, mechanics, gamesense, all that will improve on the side. Earning more will snowball in your favour. And if you know you're statistically okay, you will have a much smaller gear fear and enjoy the game more.

Sorry for the wall of text, you guys should be used to it with me by now :D I made these guides in video but not in english, so here I am typing it all for you guys.
Enjoy :)
submitted by SixOneZil to EscapefromTarkov [link] [comments]

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

Taproot, CoinJoins, and Cross-Input Signature Aggregation

It is a very common misconception that the upcoming Taproot upgrade helps CoinJoin.
TLDR: The upcoming Taproot upgrade does not help equal-valued CoinJoin at all, though it potentially increases the privacy of other protocols, such as the Lightning Network, and escrow contract schemes.
If you want to learn more, read on!

Equal-valued CoinJoins

Let's start with equal-valued CoinJoins, the type JoinMarket and Wasabi use. What happens is that some number of participants agree on some common value all of them use. With JoinMarket the taker defines this value and pays the makers to agree to it, with Wasabi the server defines a value approximately 0.1 BTC.
Then, each participant provides inputs that they unilaterally control, totaling equal or greater than the common value. Typically since each input is unilaterally controlled, each input just requires a singlesig. Each participant also provides up to two addresses they control: one of these will be paid with the common value, while the other will be used for any extra value in the inputs they provided (i.e. the change output).
The participants then make a single transaction that spends all the provided inputs and pays out to the appropriate outputs. The inputs and outputs are shuffled in some secure manner. Then the unsigned transaction is distributed back to all participants.
Finally, each participant checks that the transaction spends the inputs it provided (and more importantly does not spend any other coins it might own that it did not provide for this CoinJoin!) and that the transaction pays out to the appropriate address(es) it controls. Once they have validated the transaction, they ratify it by signing for each of the inputs it provided.
Once every participant has provided signatures for all inputs it registered, the transaction is now completely signed and the CoinJoin transaction is now validly confirmable.
CoinJoin is a very simple and direct privacy boost, it requires no SCRIPTs, needs only singlesig, etc.

Privacy

Let's say we have two participants who have agreed on a common amount of 0.1 BTC. One provides a 0.105 coin as input, the other provides a 0.114 coin as input. This results in a CoinJoin with a 0.105 coin and a 0.114 coin as input, and outputs with 0.1, 0.005, 0.014, and 0.1 BTC.
Now obviously the 0.005 output came from the 0.105 input, and the 0.014 output came from the 0.114 input.
But the two 0.1 BTC outputs cannot be correlated with either input! There is no correlating information, since either output could have come from either input. That is how common CoinJoin implementations like Wasabi and JoinMarket gain privacy.

Banning CoinJoins

Unfortunately, large-scale CoinJoins like that made by Wasabi and JoinMarket are very obvious.
All you have to do is look for a transactions where, say, more than 3 outputs are the same equal value, and the number of inputs is equal or larger than the number of equal-valued outputs. Thus, it is trivial to identify equal-valued CoinJoins made by Wasabi and JoinMarket. You can even trivially differentiate them: Wasabi equal-valued CoinJoins are going to have a hundred or more inputs, with outputs that are in units of approximately 0.1 BTC, while JoinMarket CoinJoins have equal-valued outputs of less than a dozen (between 4 to 6 usually) and with the common value varying wildly from as low as 0.001 BTC to as high as a dozen BTC or more.
This has led to a number of anti-privacy exchanges to refuse to credit custodially-held accounts if the incoming deposit is within a few hops of an equal-valued CoinJoin, usually citing concerns about regulations. Crucially, the exchange continues to hold private keys for those "banned" deposits, and can still spend them, thus this is effectively a theft. If your exchange does this to you, you should report that exchange as stealing money from its customers. Not your keys not your coins.
Thus, CoinJoins represent a privacy tradeoff:

Taproot

Let's now briefly discuss that nice new shiny thing called Taproot.
Taproot includes two components:
This has some nice properties:

Taproot DOES NOT HELP CoinJoin

So let's review!
CoinJoin:
Taproot:
There is absolutely no overlap. Taproot helps things that CoinJoin does not use. CoinJoin uses things that Taproot does not improve.

B-but They Said!!

A lot of early reporting on Taproot claimed that Taproot benefits CoinJoin.
What they are confusing is that earlier drafts of Taproot included a feature called cross-input signature aggregation.
In current Bitcoin, every input, to be spent, has to be signed individually. With cross-input signature aggregation, all inputs that support this feature are signed with a single signature that covers all those inputs. So for example if you would spend two inputs, current Bitcoin requires a signature for each input, but with cross-input signature aggregation you can sign both of them with a single signature. This works even if the inputs have different public keys: two inputs with cross-input signature aggregation effectively define a 2-of-2 public key, and you can only sign for that input if you know the private keys for both inputs, or if you are cooperatively signing with somebody who knows the private key of the other input.
This helps CoinJoin costs. Since CoinJoins will have lots of inputs (each participant will provide at least one, and probably will provide more, and larger participant sets are better for more privacy in CoinJoin), if all of them enabled cross-input signature aggregation, such large CoinJoins can have only a single signature.
This complicates the signing process for CoinJoins (the signers now have to sign cooperatively) but it can be well worth it for the reduced signature size and onchain cost.
But note that the while cross-input signature aggregation improves the cost of CoinJoins, it does not improve the privacy! Equal-valued CoinJoins are still obvious and still readily bannable by privacy-hating exchanges. It does not improve the privacy of CoinJoin. Instead, see https://old.reddit.com/Bitcoin/comments/gqb3udesign_for_a_coinswap_implementation_fo

Why isn't cross-input signature aggregation in?

There's some fairly complex technical reasons why cross-input signature aggregation isn't in right now in the current Taproot proposal.
The primary reason was to reduce the technical complexity of Taproot, in the hope that it would be easier to convince users to activate (while support for Taproot is quite high, developers have become wary of being hopeful that new proposals will ever activate, given the previous difficulties with SegWit).
The main technical complexity here is that it interacts with future ways to extend Bitcoin.
The rest of this writeup assumes you already know about how Bitcoin SCRIPT works. If you don't understand how Bitcoin SCRIPT works at the low-level, then the TLDR is that cross-input signature aggregation complicates how to extend Bitcoin in the future, so it was deferred to let the develoeprs think more about it.
(this is how I understand it; perhaps pwuille or ajtowns can give a better summary.)
In detail, Taproot also introduces OP_SUCCESS opcodes. If you know about the OP_NOP opcodes already defined in current Bitcoin, well, OP_SUCCESS is basically "OP_NOP done right".
Now, OP_NOP is a do-nothing operation. It can be replaced in future versions of Bitcoin by having that operation check some condition, and then fail if the condition is not satisfied. For example, both OP_CHECKLOCKTIMEVERIFY and OP_CHECKSEQUENCEVERIFY were previously OP_NOP opcodes. Older nodes will see an OP_CHECKLOCKTIMEVERIFY and think it does nothing, but newer nodes will check if the nLockTime field has a correct specified value, and fail if the condition is not satisfied. Since most of the nodes on the network are using much newer versions of the node software, older nodes are protected from miners who try to misspend any OP_CHECKLOCKTIMEVERIFY/OP_CHECKSEQUENCEVERIFY, and those older nodes will still remain capable of synching with the rest of the network: a dedication to strict backward-compatibility necessary for a consensus system.
Softforks basically mean that a script that passes in the latest version must also be passing in all older versions. A script cannot be passing in newer versions but failing in older versions, because that would kick older nodes off the network (i.e. it would be a hardfork).
But OP_NOP is a very restricted way of adding opcodes. Opcodes that replace OP_NOP can only do one thing: check if some condition is true. They can't push new data on the stack, they can't pop items off the stack. For example, suppose instead of OP_CHECKLOCKTIMEVERIFY, we had added a OP_GETBLOCKHEIGHT opcode. This opcode would push the height of the blockchain on the stack. If this command replaced an older OP_NOP opcode, then a script like OP_GETBLOCKHEIGHT 650000 OP_EQUAL might pass in some future Bitcoin version, but older versions would see OP_NOP 650000 OP_EQUAL, which would fail because OP_EQUAL expects two items on the stack. So older versions will fail a SCRIPT that newer versions will pass, which is a hardfork and thus a backwards incompatibility.
OP_SUCCESS is different. Instead, old nodes, when parsing the SCRIPT, will see OP_SUCCESS, and, without executing the body, will consider the SCRIPT as passing. So, the OP_GETBLOCKHEIGHT 650000 OP_EQUAL example will now work: a future version of Bitcoin might pass it, and existing nodes that don't understand OP_GETBLOCKHEIGHT will se OP_SUCCESS 650000 OP_EQUAL, and will not execute the SCRIPT at all, instead passing it immediately. So a SCRIPT that might pass in newer versions will pass for older versions, which keeps the back-compatibility consensus that a softfork needs.
So how does OP_SUCCESS make things difficult for cross-input signatur aggregation? Well, one of the ways to ask for a signature to be verified is via the opcodes OP_CHECKSIGVERIFY. With cross-input signature aggregation, if a public key indicates it can be used for cross-input signature aggregation, instead of OP_CHECKSIGVERIFY actually requiring the signature on the stack, the stack will contain a dummy 0 value for the signature, and the public key is instead added to a "sum" public key (i.e. an n-of-n that is dynamically extended by one more pubkey for each OP_CHECKSIGVERIFY operation that executes) for the single signature that is verified later by the cross-input signature aggregation validation algorithm00.
The important part here is that the OP_CHECKSIGVERIFY has to execute, in order to add its public key to the set of public keys to be checked in the single signature.
But remember that an OP_SUCCESS prevents execution! As soon as the SCRIPT is parsed, if any opcode is OP_SUCCESS, that is considered as passing, without actually executing the SCRIPT, because the OP_SUCCESS could mean something completely different in newer versions and current versions should assume nothing about what it means. If the SCRIPT contains some OP_CHECKSIGVERIFY command in addition to an OP_SUCCESS, that command is not executed by current versions, and thus they cannot add any public keys given by OP_CHECKSIGVERIFY. Future versions also have to accept that: if they parsed an OP_SUCCESS command that has a new meaning in the future, and then execute an OP_CHECKSIGVERIFY in that SCRIPT, they cannot add the public key into the same "sum" public key that older nodes use, because older nodes cannot see them. This means that you might need more than one signature in the future, in the presence of an opcode that replaces some OP_SUCCESS.
Thus, because of the complexity of making cross-input signature aggregation work compatibly with future extensions to the protocol, cross-input signature aggregation was deferred.
submitted by almkglor to Bitcoin [link] [comments]

CryptoSmarts 4: The Best Free Password Managers

CryptoSmarts 4: The Best Free Password Managers
MintDice is proud to bring you the fourth part of the CryptoSmarts series, a 100% unbiased/non-affiliate paid article set that will focus on relatively simple ways you can boost your privacy, take power away from overbearing governments and corporations while also doing relative good for society all at the same time with minimal effort. Rest assured that anything suggested here is solely for your own benefit.
In this article, we'll take a deep dive into password managers, which applications to go for, how to optimize your password managers and which ones to avoid. It's of increasing importance for all users to adopt a password manager because commonly used passwords and repeated use of log-in + password combinations are the two weakest points in any normal individual's security online. Meanwhile, memorizing dozens of unique and complex passwords is beyond the scope of what most people can do, especially long term. Thus password managers have been created as a way to store multiple passwords into a single file that can help ensure your security and privacy online.
For a little encouragement, we'll share the now extremely famous dialogue between Edward Snowden and John Oliver talking about passwords. As should be painfully obvious by now, password managers are one of the best solutions to this entire dilemma.

https://preview.redd.it/ribbtjwz1it51.png?width=1000&format=png&auto=webp&s=3c3a9a31bdb8c4f9ec83bea98638fec5dd78b38f

PASSWORD MANAGER BASICS

We should first note that not all password managers are created the same as we've noted with software across all of our other articles. By and large, we'll be looking for similar characteristics in our password managers as we would our other software which includes open sourced software protocols and best software security practices. And when it comes to Bitcoin, cryptocurrency and your entire life's work on the internet, there is a lot at stake here. I'd argue that it is more important for password managers than for any other application to make sure to get this one correct since it will have your entire livelihood on the line.
The very amazing thing with demanding open sourced software for your password manager is that it by definition will also be free at the most basic level. This is because if it weren't, all it would take would be someone to fork over a program to make it free. So you are in a sense getting the best of both worlds here; a free software that is also of the highest quality. Meanwhile, ironically, many of the more commonly known password managers like Dashlane or Lastpass use closed source software and often charge fees to use their service. Funnily enough, Lastpass, the password manager itself, was actually formerly hacked in the past. One could argue this at least in part had to do with it's closed source software since having open sourced software at least in part makes software more secure. In short, do not used these closed source services that are frequently advertised for on the web as they are detrimental to you in more ways than one.

RECOMMENDED BEST PASSWORD MANAGERS

Bitwarden is our first recommendation. Bitwarden is truly one of the all time greats by approaching password management on the individual, team and even enterprise level to create a one size fits all solution. Bitwarden is compatible on virtually all devices out there from all desktops to mobile devices and so forth. Additionally, while they offer a centralized cloud service for free, Bitwarden is also set up to allow you to run your own private server to keep your own key base entirely under your own control, fully encrypted.

https://preview.redd.it/zmlkf5d12it51.jpg?width=770&format=pjpg&auto=webp&s=02998b777d05ab00557a97c616a4b0d505b324aa
Next up we have KeePassXC which is a fork of one of the longest standing password managers in existence, formerly known as KeePass that halted a lot of it's ongoing development some time ago. KeePassXC was created as a locally held password manager application that could work across platforms. Unlike Bitwarden where your key file is held in cloud storage, KeePassXC is simply a program client and a local file that you must maintain and backup yourself. This has some pros and cons. The good news is that you have full control of everything related to KeePassXC as the program under most situations will not be talking to any online server which could expose private or sensitive information. The bad news is that if you ever were to lose control of your key file, you are completely out of luck. For this reason, it's imperative to back up your encrypted key file in multiple locations to protect against what would be catastrophic loss. You can do this with USB drives, e-mail accounts, cloud storage, safe deposit boxes or a whole host of other creative solutions that you might come up with.
The final recommended option is LessPass. LessPass is very interesting technology because it is a no-knowledge password manager. By inputting a few pieces of information which could be a master password in conjunction with an e-mail address or user name, a password is automatically attached to any URL address. It will simply cross all of these pieces of information via PBKDF2 and SHA-256 to produce random yet consistent outputs for any of your web browsing. The advantage of this program is that it is extremely light weight, and so long as you can remember your e-mail address, account name and master password, you can now gain full access to everything around the internet without the need of any files. The downside is some level of control over password flexibility since the passwords are automatically generated for you.
In summation of these three options, BitWarden is the best overall password manager for most people's use cases. Meanwhile, LessPass is probably best suited for the most casual user who contains fewer accounts across the internet and wants something extremely simple and easy to use. Lastly, KeePassXC, will be the ultimate in privacy password manager technology and is best suited for those that are prepared to take the extra steps to ensure their key file is kept up to date as the months and years tick by.

https://preview.redd.it/r4icjup22it51.jpg?width=1920&format=pjpg&auto=webp&s=622cf1b967ec5622e3feb2b49e5ac29917629cdf

BEST PRACTICES WITH YOUR NEW PASSWORD MANAGER

Once you have chosen a password manager from the above list, it will be important to change all of your account passwords one by one to incorporate it into your new system. This will help you get away from your commonly used log-in and password combinations and over to your new, more secure and robust set up. With your new set up, if you have a key file to back up, you must now start getting in the habit of doing so, especially after major or important changes to your password manager. Or if you wish to use BItWarden with a private cloud server, make sure that that is fully set up and running.
Generally speaking, when choosing password length from your password manager for standard and robust security, 25 random characters, letters (and symbols if you wish, but they aren't necessary), is mostly considered to be uncrackable. This is because while every password is in theory beatable, it takes dramatically more computational energy over time to figure out what your password is, and at some point, it becomes unreasonable. That said, NSA grade security often holds itself up to 50 random characters which is considered to be unbreakable even on a government wide scale.
On that same token, you'll have to use a master password for your password manager. Given that you only need to know one password, it will now be extremely important to make this a very good password. Because a password that you need to remember most likely won't (or perhaps shouldn't) be completely random so that it's easy to remember, it should, at the very least, be long. I would suggest making sure that you come up with a master password that is at least 40 characters long or 125 bits of information. To check out how many bits of entropy your master password is, you can type it into the password field of KeePassXC and it will tell you roughly how secure your master password is. While 40 characters may seem like a lot, do keep in mind that this is now the only gateway between yourself and all of your access keys to all of your accounts held on this account.

Bits of Entropy Example on KeePassXC
Finally, it is worth investing in a YubiKey or similar 2-FA device if you can get one. This can apply to BitWarden and KeePassXC. With the normal password managers, a hacker will need access to not only your password but also your key file in order to have free reign over all of your accounts. However, a sophisticated hacker that has full access to your device with a keylogger could ultimately, in theory, compromise your full set up, and this would be disastrous for you. Fortunately, this can be resolved by buying and activating a Yubikey or other such device. The Yubikey example requires that a Yubikey, with a private key that you set up for your password manager, is present to access your database. Therefore, even if a hacker were to obtain your key file and your master password, they still won't be able gain access to your account. As a precaution, however, if you lose access to your Yubikey and/or private key, you too, will be locked out. Therefore, it is important to keep your Yubikey backed up and to keep extra copies available.

IN CONCLUSION

Owning Bitcoin or other cryptocurrencies comes with a lot of responsibility if you want to minimize risk. As does maintaining a strong hack-resistant presence online. One of the best defenses you can make is by implementing a password manager. Similar to the previous CryptoSmarts articles that we have written prior, it will take some small amount of set up work to get fully acclimated to your new system, but you'll thank yourself down the road that you have done this. And the sooner you start, the better, as things will only continue to get more complex, with more risk factors at play as the internet plays an ever increasing role in all of our day to day lives.
Finally, while the article is current as of the writing of the article, it will undoubtedly lose merit over time. Be sure to check if everything in this article is up to date or that any password manager that you select from this article continues development or continues to abide by the proper best practice principles.
If you enjoyed this article, we would encourage you to check out our other previous CryptoSmarts articles discussing private e-mails, secure messenger applications and proper web browsers.
submitted by MintDiceOfficial to MintDice [link] [comments]

[ Bitcoin ] Technical: Taproot: Why Activate?

Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
[deleted comment]
[deleted comment]
[deleted comment]
submitted by anticensor_bot to u/anticensor_bot [link] [comments]

[Table] IAmA dark web expert, investigative journalist and true crime author. I’ve met dark web kingpins in far flung prisons and delved the murky depths of child predator forums. I’ve written six books and over a dozen Casefile podcast episodes. AMA (part 2/2)

Source | Guestbook
Previous thread
Questions Answers
Around here nobody talks about the argument that increased regulation of the internet would help stop child predators. Is that true, and if so where do you fall on the Net Neutrality vs law enforcement spectrum? No I don't think that's true at all. Child predators have been around much longer than the internet, and I would argue child abuse was more prevalent 50+ years ago when children were seen and not heard and it wasn't talked about. The dark web hasn't created more predators, it has just given them a new place to gather and hang out.
The one thing I found really interesting when I was lurking the forums of the child predators was their frustration about how children are now taught from a very young age that certain touching and acts are wrong and that they shouldn't keep certain secrets. It came up over and over again that they could not abuse certain children because they knew those children had someone they would tell. It was pretty clear that education was a child's best defence against getting abused.
the below is a reply to the above
That's so interesting, thanks for the AMA! Can you remember any other thing that a child could do in order to protect himself from being abused? What other characteristics do the abusers hate in potential victims? That seems to be the main one. Kids who speak up and who have close relationships with one or more people they are likely to confide in
What do folks talk about in the child predator forums? Do they like give each other advice on how to improve their craft? Yes, quite literally. The give each other tips on how not to get caught, how to edit out incriminating details in videos, how to drug children, techniques for convincing kids not to tell etc
the below is a reply to the above
Given your insight into how predators operate, do you have any advice for parents on protecting their kids? I'll cut'n'paste a response i gave to someone else about this, because it was something that really stuck out to me:
The one thing I found really interesting when I was lurking the forums of the child predators was their frustration about how children are now taught from a very young age that certain touching and acts are wrong and that they shouldn't keep certain secrets. It came up over and over again that they could not abuse certain children because they knew those children had someone they would tell. It was pretty clear that education was a child's best defence against getting abused. Kids who speak up and who have close relationships with one or more people they are likely to confide in
Has the exponential increase in Bitcoin value affected darknet dealers in any profound way? I can imagine that some drug dealers were sitting on quite a large sum of Bitcoin when the value shot up. Crypto purists hate to admit it, but bitcoin would not be where it is today without Silk Road. It was sitting at less than a dollar when Silk Road began and the markets showed a robust use case for cryptocurrency and as the markets grew, so did the demand for bitcoin. It also provided real-life use data for those who were not interested in drugs but who weren't sure if it had practical application. When SR went down, Bitcoin was at about $650 and it continued to grow as adoption became more mainstream. There are many many stories of drug dealers (and at least one faux-hitman!) who gained most of their wealth not by selling the drugs, but by the growth in value of their bitcoin holdings
Since you have a lot of experience with them online. Do you think pedophiles(not child abusers) should be treated as criminals, or as people suffering from a mental illness? Contact offenders should be treated as criminals, because they are criminals. They have abused or hurt someone. Same with those who support the creation and dissemination of child abuse materials.
Pedophiles who do not act on their urges should be given as much help as humanly possible.
Are there any mysterious or suspicious pages or communities that you haven’t been able to access? Anything that seems especially weird? there are a lot of Russian communities that I can't access, mostly because I don't speak Russian. Some of the more technical hacking communities have entry barriers that I'm not technical enough to score an invite to
How much these bad people really exist out there? Hundreds? Thousands? More? It depends what you mean by bad. If you mean people who use the dark web to buy drugs (who I do not consider bad) then there are many many thousands. There are also thousands of people who deal in stolen information to make money.
Unfortunately there are also thousands of child predators and the dark web has provided a "safe space" for them to come together to share materials and "tips". I hope this is where most of the resources of law enforcement are concentrated
Ehy mine is a rare question: what do you know about art on dark web? I'm talking about the black market made of stolen important pieces from museums, art used as value to money laundry and other criminal affairs I'm an artist and what I know is people don't think too much about the dark side of art and probably they need to open their eyes about I really haven't come across much in the way of that. Some of the markets have an "art" section, but that is mostly blotter art
How accurate are the legends? Any legends in particular? For a lowdown copied from a post I made in another forum:
1Red Rooms  The one that is most persistent is the myth of the "Red Room" - live streaming of torture/rape that ends in the murder of the victim and which people can pay to watch, or even bid to type in commands for the torturer to carry out (highest bid wins!). The most famous was the “ISIS Red Room” pictured above, where people could provide instructions to torture captured terrorists - you can read what happened here.
People have this idea of Hostel with webcams exist all over the dark web, but you just need an invite to get into them. It's ridiculous. They don't exist. They certainly wouldn't exist on Tor. But people are desperate to believe and they always come back with "You can't prove they don't exist, people are crazy, therefore they must exist." Picture my eyes rolling here.
2.Hitman sites
I don't think many people are taken in by the hitmen sites anymore, though the press loves playing up the fact that there are sites offering up hitman services. But every single one of them has turned out to be a scam, especially Besa Mafia, the one that did the most marketing. Again, you can read about it at the same link as above.
3.Exotic animals  People are always asking where they can find markets for exotic animals. Obviously the illegal trade in exotic animals exists, and some communications and transactions may well take place over Tor, but there are no markets like the drug markets where you can go and look at a picture and then put a tiger or ocelot or something into your basket and buy it with bitcoin.
SO WHAT DOES HAPPEN ON THE DARK WEB?
1.People buy and sell drugs.
The drug markets are more busy than ever. You have probably heard of Silk Road, the most famous online drug market that got busted a few years ago and the owner sent to prison for two consecutive life terms? A lot of people thought that was the end of drugs being sold on the dark web. In fact, dark web sales of drugs have tripled since the shutdown of Silk Road.
The reason people buy drugs this way is that for many they offer a safer alternative for people who are going to do drugs anyway. There is no possibility of any violence. The vast majority of the time a buyer knows exactly what they are getting, because of the feedback and rating system. That's not the case in a nightclub, or even friends-of-friends, where you just blindly accept that the pill, powder or tab is what the seller says it is.
2.People buy and sell other illegal things
Mostly they buy and sell stolen credit cards and financial information, fake IDs (though lots of these are scams), personal information, “dumps” of hacked data and fraud-related items. For a long time, a seller was making a fortune selling fake discount coupons that really worked.
3.People access and create childporn  Unlike the other markets, the CP market is generally not for money, but rather they are groups who swap vile images and videos for free. The worst of the worst is called “hurtcore’. Thankfully, most of the people behind the worst sites have been arrested and put in jail.
4.People talk about stuff
There are plenty of sites, forums and chatrooms where people talk about all sorts of things - conspiracies, aliens, weird stuff. They take advantage of the anonymity.
5.People anonymously release information
Whistleblowers use the dark web to release information and make sure their identities won't be compromised. You will find Wikileaks, for example, on the dark web.
6.People surf the web anonymously
The number 1 thing people use the dark web for is just to surf the web completely anonymously. Not everybody wants to be tracked by advertisers.
I have a question: what are the odds of the casual Darkweb drug buyer - not buying mega loads all the time - the occasional purchase - what are the risks of being busted? Kinda figuring pretty low. But you’re the expert. What do you think? Obviously there is always a risk, but the risk is very low. It is rare for personal amounts to be seized. Even if a package is seized, there's usually no resources to follow it up. Many people report simply receiving a letter from Customs saying they have seized what they believe is contraband and the person has a choice of going to claim it or it will be destroyed. Even if LE does knock on the door there is plausible deniability: "I don't know who sent that stuff to me".
So yeah, rare, but it does happen. You might be the unlucky one
How do you find things on the dark web without search engines? There are a lot of entry sites, set up with links to the most popular places. You can generally get a link to one of them by browsing places like reddit. From there it is a matter of checking out different places, people will put links in forums etc.
I also use a Pastebin where people paste sites they have made/found, and a Fresh Onion site, which crawls all the newly-populated .onion addresses
Hi. there!! Thank you for answering questions. Mine is very simple. How do sellers get the drugs to people? Regular mail? That's always puzzled me bc I'd assume USPS, UPS, fedEx or any other mail carrier would catch at least some goods. If people are ordering drugs, particularly in powder form, for personal use, they can be flattened, sealed in MBB (moisture barrier baggies) and sent in a regular business envelope, indistinguishable from billions of other envelopes going through the postal system every day. The chances of a particular package being intercepted is very low.
Some people take the extra precaution of having the person taking delivery of the drugs different to the person/household that is ordering them.
How did you move from being a corporate lawyer to researching and writing about dark web? I was in London, working for one of the most conservative law firms in the world when the Global Financial Crisis hit. I liked the job but it struck me when people were losing their livelihoods that I was working for the bad guys. I'd always wanted to be a writer so when I came back to Australia I quit law and enrolled in a writing course planning to be a novelist, but I discovered I was better at journalism. I first wrote for newspapers here about Silk Road and it grew from there
I've always wanted to check out the dark web, what is a normal day for you look like on there? Can you give me any tips on how to safely surf the dark web? A normal day looks like me sitting at my desk writing things on my computer. When I'm researching a book or a case I venture away from my computer to trials and to interview people (at least I did pre-COVID)
There is nothing inherently unsafe in surfing the dark web. All the usual precautions you take surfing the clearweb apply. Don't visit any child exploitation sites - it will be pretty obvious that's what they are by the names/descriptions before you log in.
It is only when you want to do more than surfing - e.g. buying drugs etc - that you need to do a LOT of homework or you will absolutely get scammed
Is there anything good about the dark web? It depends what you are into. A lot of academic research has concluded that the darknet markets provide a safer way for people to buy and use drugs, due to the ratings of vendors, services that independently test and report back on batches of drugs, doctor on staff ready to answer questions, no violence in transactions etc.
News sites provide a dark web option so that whistleblowers can safety provide information and upload documents that get stripped of any identifying metadata before being available.
It bypasses firewalls and allows for secure communications under hostile regimes
the below is a reply to the above
How does this make you feel about the idea of the decriminalization of drugs? I've always been for full legalization of drugs, and studying the darknet markets just proved I was right.
I was invited to an experts roundtable in Portugal about drugs and cybercrime a few years ago and the Portugal model of decriminalisation has been a great success
the below is a reply to the above
Hey, you are still answering. Been reading this thread for 1-2 hours now. Thank you so much for all the good work and info! Always been intrigued by this topic, downloaded tor once to explore a bit but couldn’t and deleted it right away, to be on the safer side. Great insights. Thanks! I've been writing it for about 14 hours. Going a bit loopy
How was working on Casefile? What's the production process like? Which episodes did u do?? I have listened to... all of them.... I absolutely LOVE working for Casefile. I am a freelancer, so I source and write my own cases and then sell the scripts to Casefile. I've done at least a dozen, but some of my most popular are Amy Allwine, Mark & John, Ella Tundra, Leigh Leigh, Rebecca Schaeffer...
As for the production process, once I have sold the script to them, a staff member edits them and then they are passed on to Casey to narrate. After that, they go to Mike for sound editing, music etc. They are the best team ever
the below is a reply to the above
Oh, Leigh Leigh was so well written!! How do you choose which stories to write? Do you just pick true crime you're interested in? Thank you! I have a huge list of potential episodes. Any time I come across an interesting crime on reddit, or in the news or wherever I make a note of it. Then I just pick one when it comes time to write a new script.
Sometimes I've been personally involved (e.g. Amy Allwine), gone to trials etc. Those are always the best ones
Hi Eiley, your twitter just reminded me of this AMA :) What are your thoughts on bitcoin? And would you prefer to be paid in crypto or fiat? OOOOH, I know that name! Love & Light to you!
I like Bitcoin and I wish I had a whole lot of it and like many many people, I wish I had kept the first crypto I bought at something like $4 a coin :D I do not have a whole lot of it but I do have a little bit. I like the philosophy behind it and in theory it should change the world. However the reality is that the vast majority of it is concentrated in a very few hands which allows for market manipulation and stops it being useful as a post-fiat currency.
As long as I'm getting paid, I'm pretty happy!
the below is a reply to the question
I too remember your name Pluto! Such a decent human ❤ he is!! True OG right there <3
Is the dark web subject to more racism than its counterpart, the world wide web? There are some white power sites and that sort of thing and the chans are even more uncensored than the clearweb ones (4chan, 8chan) but to be honest they are the same cesspools in different spots. Drug forums don't seem to be very racist. I've seen worse on Twitter
Have you seen any consequential political or social organizing being carried out on the dark web? Not directly, but the dark web helped facilitate the Arab Spring uprising in 2010 by allowing activists to remain anonymous and to access blocked websites and social media. Wikileaks, obviously. Some white supremacy organizations seem to use it to coordinate attacks, but they are not places I'm keen to hang out in.
What’s the most expensive thing for sale you’ve seen on the dark web? What was surprisingly inexpensive? I can't remember specific listings, but there were sometimes sales of things like coke by the kilo, so that sort of thing I guess.
LSD could easily be found for $1/tab and one huge dealer gave it away for free if it was for personal use
the below has been split into separate questions
1. I’m going to ask a couple in hopes that one will catch your interest! I know you’re anonymous on the dark web, but even so, have you ever felt worried about your safety? I actually made the decision to be upfront and honest about who I am on the dark web, so I use the name OzFreelancer (which is easily traceable to my real name) on all the dark web sites where i went looking for interviews. The people there had the option of talking to me or not, so they had no reason to want to harm me.
2. I’ve found your comments about your relationship with Yura fascinating. Did y’all develop a friendship? Did you build any other relationships that stand out in your mind? Since you were straightforward about being on the dark web for stories, did people seem reluctant to communicate, or were they excited for the opportunity to divulge a secret? We do have a friendship of sorts, it is really quite weird. I do hope to met him one day. I met all of the senior staff of Silk Road other than the Dread Pirate Roberts himself and keep in touch with some. Some people wanted nothing to do with me of course, but many more were happy to talk to me. i think sometimes it was a relief to them to be able to talk to one person who they knew was who they said they were.
3. On violent forums, did users ever express remorse, guilt, shame, or anything indicative of some recognition that what they were viewing/seeking was awful? Do you see doxxing teams on the dark web working together to uncover info, or is the info already there through previous hacks/breaches, and someone just accesses and releases it? Sorry if any of those don’t make sense! I’m not familiar with the dark web lingo but am so intrigued by your work. Not really. I think if they were contributing to the forums, they were comfortable with who they were and what they were doing. Many of the "regular" pedophiles expressed revulsion about Lux and hurtcore sites though
these have probably been asked before but has there ever been a time where you where genuinely been scared for your life and whats the most messed up thing you've witnessed did you have any help? Yeah both things have been answered in this thread, so I'll cut'n'paste
The only time I've felt even slightly in danger despite all this nosing around in there was when I helped uncover a hitman scam. The owner of Besa Mafia, the most profitable murder-for-hire site in history, came after me when I started writing about him. He made loads of threats ("you don't know who I am, but I know who you are and where you live") but that wasnt scary, as I had access to the backdoor of his site thanks to a friendly hacker and knew he didn't really want to hurt anybody.
It took a bit of a darker turn when he told the people who had signed up to work as hitmen on his site - and who he made video themselves burning cars with signs on them to advertise how legit his site was, then never sent them the promised money for doing so - that I was the owner of the site who had ripped them off. That could have become ugly, but luckily even the thugs weren't dumb enough to believe him.
The only other time I've been a bit nervous was when Homeland Security wanted to have a "friendly" meeting with me on one of my trips to the US to attend a trial. They were friendly, but scary too.
The most frightening experience I've ever had is coming face to face with Lux, the owner of Pedoempire and Hurt2theCore, the most evil and reviled person on the entire dark web. He was responsible for procuring and hosting Daisy's Destruction, the most repulsive video ever made, created by Peter Scully, whose crimes were so bad, the Philippines are considering reinstating the death penalty especially for him.
It wasn't frightening because Lux was frightening - he was anything but. It was frightening because he looked so inoffensive and normal.
It was frightening because he was living proof that monsters walk among us and we never know.
[deleted] It is absolute crap for browsing the clearweb, and a lot of sites detect that it is odd traffic and you have to solve their CAPTCHAs before doing the most basic things
I’m sure you’ve seen some really bad stuff, do you regularly talk to a therapist to help? I've never seen a therapist (they don't really seem to be a thing in Australia they way they are in the US), but I have been known to unload on my partner and my dog
the below is a reply to the question
Yo, speaking as an Aussie, they absolutely are a thing, you can get them covered thru medicare, and I recommend it if you possibly can! Bro, therapy is awesome. I'm not against therapy as a thing, but I've honestly never been so traumatised that I feel I need it. Also I had a bad experience with a psychologist after I watched my partner die in an accident - they suggested I find God, and I noped out of there
the below is another reply to the answer
Therapist is an American term- we call them psychs. And the one who told you to find God was terrible and out of line. Yeah she didn't last long before I was over it. Also a doctor decided I needed Xanax, which was also a bad move, because what I really needed was to grieve and Xanax doesn't let you do that properly
Do you find any good things on the dark web? Happy stuff that gives people hope? Or just the trash? I like the psychonaut communities. They just want peace, love and mungbeans for everybody
Have you heard of "The Primarch System" rumor of the dark web? Sounds downright silly to me. But I'm curious if anyone who spends time on the deep web actually takes it seriously, or if as an idea it is connected to anything serious at all. Nah, up there with the Shadow Web and Mariana's Web. There's always people who want to find out where the "deeper" "more secret" "really dark" stuff is. To them I say what, hurtcore isn't dark enough for you?
Doesn't delving the murky depths of child predator forums categorize you with the child predators in the eyes of an investigating law enforcement agency? Do you have some sort of amnesty due to your journalism, or is that something you worry about having to explain away? Has your presence there ever caused some sort of a scare? No, I never went into any of the sites that had actual photos or videos (you can't un-see that shit), but did spend a lot of time in pedophile discussion forums. I also went to a hurtcore hearing and saw screenshots in the police files, as well as listening for two days to videos being described frame-by-frame and private communications between the site owner and the sadists.
Besides drugs and sex crimes, what else is going on in the dark web? Are there other interesting nooks and crannies? I often post screenshots of bizarre sites I find on my Twitter. However, the main uses for the dark web are drugs, digital/fraud goods and child exploitation
I have one, it might be rather boring though, but here goes. On these "child predator forums" are they actually forums devoted to stalking children and do they share social media profiles of children among themselves? That would be kik ids, snapchat and facebook ids, instagram, stuff like that, info that would allow online access and that may have been chosen for suitability? Creepy question I know, but anyway I would be interested to hear your answer. I came here from TrueCrime, you referred to these things in your post on that sub. I suspect I already know the answer yet would like to hear your take on it. Yes, they provide information and tips on how to approach children, how to ensure they won't tell, how to sedate them in some instances, where to find child exploitation material, how to remove metadata and any identifying characteristics in photos and videos before sharing and so on.
They don't tend to share socia media, as that is the sort of thing that can be traced easily. They do talk about how to approach kids on social media and on the worst forums how to blackmail children into stripping/meeting etc
the below is a reply to the above
So you're saying they have a more general approach rather than identifying individual children on the internet? Again a creepy question because what I suggest is that a child's social media could be used and circulated on the dark web as potential information to gain access by anonymity, even if it was just online access only. I actually wonder as I have recently read of the anonymity of apps like ''kik messenger'' and how the police are often unable to get any information from the communications as they remain encrypted and off the server and require little if any valid ID to make an account. No doubt photos from social media are uploaded as part of the materials they have. I haven't seen anything where they get together and try to track down a specific child, but I'm sure some predators do this. Most are more likely to abuse children in their orbit - family, kids of friends, or they work where they have access to children
I heard there are forums to download books but it was really dangerous, Is it true? I'm just a poor guy who wants to finish the young Jack sparrow series Whenever you download anything from a pirate site you run the risk of infection
What do you think of QAnon? Wackjob conspiracy
the below is a reply to the above
Who should the conspiracy theorists actually be worried about if they actually care about thwarting pedophilia? The vast, vast majority of child abuse takes place within the child's personal orbit - relatives, family friends, parents of their own friends, people involved in their activities (coaches, leaders, etc)
So, those people
the below is another reply to the answer
Also how to we get people to stop believing in QAnon? Outside my area of expertise, sorry
do you personally believe there was/is any truth to the "defense" (story) that DPR was a title handed down to different admins for the original silk road, or was it just a convenient defense? do you have any theories as to who satoshi nakamoto is? besides the original SR, are there any other darkweb markets that you think have a good enough story to turn into a book? eg sheep market? i've seen you talk a little about the child predator forums, and (as with h2tc) noted are mainly populated by males. i'm curious if you've ever encountered females on such forums/websites (eg. btfk) No. There was a time that I believed the person posting on the forums as DPR changed, but the ownership and administration of the market I believe never changed hands. Variety Jones is claiming a part ownership (which may or may not be true) but I believe that is so he can run a Fourth Amendment argument
So many theories have some credibility to them, but no one theory ticks all the boxes. Highly recommend the 3-part youtube deep dive by Barely Sociable
I'm not sure any one market has the story that Silk Road had, but I would like to write a definitive history that encompasses the most compelling features of all the markets. Backopy of BMR apparently got away clean. The admins of Atlantis got wind of a security issue and closed shop, trying to warn DPR. AlphaBay ended in Alexander Cazes death in a Bangkok prison cell. Then everyone flocked to Hansa, which by that time was being run by law enforcement. Evolution ended in the most brazen exit scam, followed by a bizarre cloak'n'dagger situation played out right here on reddit. The WSM/DDW follow-the-money case. And these are just some that come right off the top of my head. I just need a publisher to provide me an advance I can live off while I write it!
There were a very few people on the forums who identified as female (obvs anyone can be anyone on a dark web forum) and there have been one or two arrests of women in relation to dark web child pornography. Peter Scully's female assistant who carried out some of the torture was originally one of his victims, turned into a sadist.
What’s the one lingering unanswered question you have about SR? I am hanging out for Joel Ellingson to go to trial so that I can find out once and for all whether redandwhite, lucydrop and Tony76 are one and the same person.
There are several people who I got to "know" by their handles who I wonder about from time to time, but mostly I hope they are safe and well and i don't want to track them down or expose them
the below is a reply to the above
Eileen, I am fangirling PRE-TTY hard right now. Talking SR and Tony76 with you is how I imagine it feels to talk to a royal correspondent about Prince Andrew 😅 Ellingson being all three would be a very neat end to an otherwise insane story. Part of me wants to pin Oracle in with that trio too but that’s mostly a desperate attempt from me to add another layer to the madness. I miss the twists and turns that came with the rise and fall of SR. From your own experience - would you agree with the idea that more than one person staffed the DPR account? Thanks for the reply! Ha! You have no idea what it is like when I find someone who really knows about this stuff and can have informed conversations about it. I latch onto them and don't let go. The very BEST was meeting up with DPR's three deputies (SSBD in Australia, Inigo in US and Libertas in Ireland) so I could actually have conversations with people who knew more than I did! Variety Jones was cool too, but the conversation couldn't flow too freely thanks to him being incarcerated in Bangkok prison at the time.
I think others sometimes posted from the forum account, but Ulbricht kept a vice-like grip on his market account
the below is a reply to the above
I can imagine it’s so satisfying and exciting to get those tidbits of info that piece the jigsaw together. The bedlam that played out over the forum in the aftermath was a cloud of paranoia and adrenaline that kept me refreshing pages for days. Would love to hear accounts from SSBD, Inigo and Libertas from this time. One last question: what were your thoughts when the Chloe Ayling story first broke? I assumed it was a publicity stunt. I don't think that any more. I guess I can't blame her for milking her kidnapping for publicity in the aftermath, though I don't think she does herself any favors the way she goes about it sometimes
Sorry if this has been covered before but in your research, mainly related to child abuse, where are these children coming from? Children in their care/ family? Kidnapped? The vast majority of child abuse is carried out by someone within their social circle - family and acquaintances. However, the hurtcore stuff was often carried out in third world countries on orphans or where desperate families gave up their children to "benefactors" who they believed were going to provide food an education
What Casefile episodes have you written? I became obsessed with it and ripped through all the episodes and now nothing will fill that void. Thanks for your efforts! Casefile – the murder of Amy Allwine
Casefile – Blue Skies, Black Death
Casefile – Ella Tundra
Casefile – Dnepropetrovsk Maniacs
Casefile – Motown Murders
Casefile – Rebecca Schaeffer
Casefile – Sian Kingi
Casefile – John & Mark
Casefile – Shauna Howe
Casefile – Chloe Ayling
Casefile – Johnny Altinger
Casefile – Killer Petey
Casefile – The Santa Claus Bank Robbery
Casefile – Martha Puebla
Casefile – Leigh Leigh
Is there any way parents can keep their kids safe from this without being helicopter parents? I'll cut'n'paste a response i gave to someone else about this, because it was something that really stuck out to me:
The one thing I found really interesting when I was lurking the forums of the child predators was their frustration about how children are now taught from a very young age that certain touching and acts are wrong and that they shouldn't keep certain secrets. It came up over and over again that they could not abuse certain children because they knew those children had someone they would tell. It was pretty clear that education was a child's best defence against getting abused. Kids who speak up and who have close relationships with one or more people they are likely to confide in
What does it take in terms of degrees and experience to get into this business? Nothing official. I was a lawyer, but that had no bearing on what I do now (I did corporate law). I didn't have any official credentials when I began as a freelance journalist, though later I got a diploma of professional writing and editing. Anyone can be an author, provided they can write
If you could take a guess from your findings, what would be some speculative statistics on these abuse/torture sites? How many people (tens of thousands?) are involved? Do they generally come from the same places in the world or are they seemingly geographically random (based on victim ethnicity, or language spoken, perhaps)... what are some quantifying stats to wrap our heads around how prevalent this shit is? Most dark web users come from western countries, just because infrastructure supports it. The sites often have tens of thousands of registered users, but a lot of them would be people for whom curiosity got the better of them and who signed up then left. Active users more like in the thousands, hyper-active users the hundreds.
One of the things that makes life difficult for law enforcement is that most of these sites don't operate on a commercial basis - people aren't making money from them, so there is no cryptocurrency chain to follow. They operate on a sharing basis and to get access to the more private parts of the sites, a user has to upload "fresh" material and/or prove they are actively abusing a child. Hurt2theCore used to get users to have the children hold up signs or have the site name or a username written on their bodies with a marker. This stopped law enforcement from getting access to those parts (like the "producers lounge") of the sites unless they were able to take over an account of a user who already had access. Even then, the rules of the hurtcore sites would require constant new proof in order to maintain access.
Some sites allowed people to buy access, such as one called "Welcome to Video" and then were taken down by law enforcement carrying out blockchain analysis of the Bitcoin transaction that led to the owner when they cashed out to fiat without moneylaundering precautions
the below is a reply to the above
Do you think LE uses deep fakes to simulate a picture to gain access? Is that possible? It is definitely possible, but I don't know whether they are doing it as they are understandably secretive about their methods. I know it is deeply problematic, as even fake child porn is still illegal (even cartoon stuff, including some Hentai in some countries). But they have used questionable methods before, most notably running the dark web's largest site, Playpen, for over a year in order to identify contact offenders
the below is another reply to the original answer
Am I hearing you that many people are NOT doing this for financial gain? Just to do it and share it?? Child exploitation, yes, it is mostly a sharing community. Some people make some money out of it, but it is not like drugs where a lot of people are making a LOT of money
On the subject of abused kids... did you ever help the kids in any way? I never met any of the kids. I never saw any of the photos and videos. I don't know who any of the kids are.
Daisy has been taken into care and her identity changed. I hope she is doing okay
What exactly does the dark web look like? You hear about it often, but don’t know if it looks like Google Chrome, Safari, or just a page full of code. It looks like a normal browser and operates just like a normal browser. It's just that it can access sites that your normal browser can't.
e.g. http://thehub5himseelprs44xzgfrb4obgujkqwy5tzbsh5yttebqhaau23yd.onion/index.php is the URL of a dark web forum. If you plug it into your normal browser you will get an error. If you plug it into the Tor browser you will get the registration page for The Hub
How do you keep yourself from hating all humanity? I am happy to report that, even on the dark web, the good people outnumber the bad
Hi! First off I'd like to say that I find what you do quite fascinating and would love to do something like that in the future. My question is in regards to art and other forms of artistic expression on the dark web. Is it true that the dark web is a place where you can also find awesome things such as art and literature? Not really, because all that stuff is readily available on the clearweb. There are sites like the Imperial Library of Trantor, which is a pirate site for books, where you can read thousands of books for free, but that's really no different to The Pirate Bay. Some people share their LSD art, but again, nothing you won't find on the clearweb
submitted by 500scnds to tabled [link] [comments]

LE BITCOIN, C'EST QUOI ? COMMENT EN OBTENIR ? Explication ... Bitcoin Explained - A Simple Explanation - Easy To Understand Bitcoin Explained Video Bitcoins Erklärung: In nur 12 Min. Bitcoin verstehen ... Blockchain - mehr als nur Bitcoin // Basiswissen What is Bitcoin? Bitcoin Explained Simply for Dummies ...

Bitcoin is unique, however, since the block reward schedule is public. All Bitcoin users and miners know the approximate date of each halving, meaning the Bitcoin price may not be affected when the halving happens. Bitcoin’s first block halving happened on November 28, 2012. The block reward dropped from 50 bitcoins per block to 25 per block. The price later climbed to $260 per BTC in April ... Looking under the hood of the bitcoin protocol helps give insight to the mathematical foundations of the digital currency. Some simple bitcoin economics ... In each period, a publicly observable, aggregate random shock θ t ∈ Θ ⊂ R is realized. All random variables in period t are assumed to be functions of the history θ t = (θ 0, …, θ t) of these shocks, i.e. measurable with respect to the filtration generated by the stochastic sequence (θ t) t ∈ {0, 1, …} and thus known to all participants at the ... Bitcoin uses a scripting system for transactions. Forth-like, Script is simple, stack-based, and processed from left to right. It is intentionally not Turing-complete, with no loops. A script is essentially a list of instructions recorded with each transaction that describe how the next person wanting to spend the Bitcoins being transferred can gain access to them. The script for a typical ... SHA-256 is a member of the SHA-2 cryptographic hash functions designed by the NSA. SHA stands for Secure Hash Algorithm. Cryptographic hash functions are mathematical operations run on digital data; by comparing the computed "hash" (the output from execution of the algorithm) to a known and expected hash value, a person can determine the data's integrity.

[index] [11393] [5831] [44803] [24039] [15676] [10461] [43701] [12028] [32009] [49468]

LE BITCOIN, C'EST QUOI ? COMMENT EN OBTENIR ? Explication ...

Start trading Bitcoin and cryptocurrency here: http://bit.ly/2Vptr2X Bitcoin is the first decentralized digital currency. All Bitcoin transactions are docume... What is Bitcoin - A simple non technical explanation about the concept of Bitcoin for beginners. For the complete text guide visit: http://bit.ly/2DvHagt Joi... What is The History of Bitcoin: Super Easy Explanation - https://blockgeeks.com/ We’ll start at the very beginning by understanding the history of blockchain... Simple explanation of bitcoin in Hindi by bitcoin expert Mr. Ajith Khurana. Understand what is cryptocurrency, how does it work and its pros & cons. Bitcoin and cryptocurrency mining explained with the Byzantine Generals Problem. We use it to explain the essence of cryptocurrency mining. https://www.udemy...

#