wallet - How can I delete an address (private key) in the ...

Two questions, can I delete a standard bitcoin wallet, and does the address of a BIP84 wallet, SegWit, change after every transaction?

My BlueWallet has an open channel and standard bitcoin wallets.
One of the bitcoin wallets is an Imported HD SegWit (BIP49) what I used, the last time, more than a year ago.
My first question is, can I delete this wallet? If yes, how can I do that?
Question 1 bis, or maybe it's better to close the channel and do a fresh installation of BLueWallet and create new SegWit wallets?
For my second question, I created a new BIP84 SegWit Wallet.
If I use this wallet to receive Bitcoins, will the address change after every transaction? Or will I always have the same bitcoin address?
submitted by Akahura to bluewallet [link] [comments]

I have figure out a way to easily delete one of the virus infecting your bigcoin wallet's address /r/Bitcoin

I have figure out a way to easily delete one of the virus infecting your bigcoin wallet's address /Bitcoin submitted by BitcoinAllBot to BitcoinAll [link] [comments]

Can someone who uses BitWallet explain to me why my wallet generated 3 addresses like this? I just want to easily receive and send Bitcoin. This is an HD Wallet Bit49 (Segwit). Should I just delete the other two addresses and use address 0 for simplicity? /r/Bitcoin

Can someone who uses BitWallet explain to me why my wallet generated 3 addresses like this? I just want to easily receive and send Bitcoin. This is an HD Wallet Bit49 (Segwit). Should I just delete the other two addresses and use address 0 for simplicity? /Bitcoin submitted by BitcoinAllBot to BitcoinAll [link] [comments]

Hey everyone, I’ve got a bunch of bitcoin in a wallet from back in 2013 but I’ve deleted all of my wallet apps since and now only remembered about them now is the last transaction id that I sent to the wallet as well as the bitcoin address number what can I do to find out which wallet I used

submitted by Lordspitemedown to Bitcoin [link] [comments]

I deleted my Wallet.dat but I have the address? /r/Bitcoin

I deleted my Wallet.dat but I have the address? /Bitcoin submitted by BitcoinAllBot to BitcoinAll [link] [comments]

I have bitcoin stored in coinbase, don't know where else to put it

I don't know exactly what a wallet is or how to use one. Which is the best one?
submitted by drifter465 to Bitcoin [link] [comments]

First time expresspct questions

Making my first purchase with expresspct. Do you guys use a throw away email to sign up? Use crypto currency? Any tips to make it as safe as possible are appreciated. From what I’ve read the little amount of stuff I’m ordering isn’t much of a concern but I like to minimize risk when possible.
submitted by FuhgitAboutIt to sarmssourcetalk [link] [comments]

If I was to buy bitcoin through Coinbase, how do I then send that to an offline wallet? And how would I then be able to sell that in the future?

submitted by becauseiwas-inverted to Bitcoin [link] [comments]

Clarification about wallets

So I could download electrum, store my seed, delete the software from my computer then wouldn’t that essentially be an offline cold storage wallet?
submitted by nomtesbit to BitcoinBeginners [link] [comments]

Please help fml

I sent bitcoin to my friends bitcoin code but he closed that code and made a new one so he couldn't be tracked. Is there any way to get into that old bitcoin wallet with the money I sent😭😭
submitted by just_cyroo to Bitcoin [link] [comments]

Gridcoin 5.0.0.0-Mandatory "Fern" Release

https://github.com/gridcoin-community/Gridcoin-Research/releases/tag/5.0.0.0
Finally! After over ten months of development and testing, "Fern" has arrived! This is a whopper. 240 pull requests merged. Essentially a complete rewrite that was started with the scraper (the "neural net" rewrite) in "Denise" has now been completed. Practically the ENTIRE Gridcoin specific codebase resting on top of the vanilla Bitcoin/Peercoin/Blackcoin vanilla PoS code has been rewritten. This removes the team requirement at last (see below), although there are many other important improvements besides that.
Fern was a monumental undertaking. We had to encode all of the old rules active for the v10 block protocol in new code and ensure that the new code was 100% compatible. This had to be done in such a way as to clear out all of the old spaghetti and ring-fence it with tightly controlled class implementations. We then wrote an entirely new, simplified ruleset for research rewards and reengineered contracts (which includes beacon management, polls, and voting) using properly classed code. The fundamentals of Gridcoin with this release are now on a very sound and maintainable footing, and the developers believe the codebase as updated here will serve as the fundamental basis for Gridcoin's future roadmap.
We have been testing this for MONTHS on testnet in various stages. The v10 (legacy) compatibility code has been running on testnet continuously as it was developed to ensure compatibility with existing nodes. During the last few months, we have done two private testnet forks and then the full public testnet testing for v11 code (the new protocol which is what Fern implements). The developers have also been running non-staking "sentinel" nodes on mainnet with this code to verify that the consensus rules are problem-free for the legacy compatibility code on the broader mainnet. We believe this amount of testing is going to result in a smooth rollout.
Given the amount of changes in Fern, I am presenting TWO changelogs below. One is high level, which summarizes the most significant changes in the protocol. The second changelog is the detailed one in the usual format, and gives you an inkling of the size of this release.

Highlights

Protocol

Note that the protocol changes will not become active until we cross the hard-fork transition height to v11, which has been set at 2053000. Given current average block spacing, this should happen around October 4, about one month from now.
Note that to get all of the beacons in the network on the new protocol, we are requiring ALL beacons to be validated. A two week (14 day) grace period is provided by the code, starting at the time of the transition height, for people currently holding a beacon to validate the beacon and prevent it from expiring. That means that EVERY CRUNCHER must advertise and validate their beacon AFTER the v11 transition (around Oct 4th) and BEFORE October 18th (or more precisely, 14 days from the actual date of the v11 transition). If you do not advertise and validate your beacon by this time, your beacon will expire and you will stop earning research rewards until you advertise and validate a new beacon. This process has been made much easier by a brand new beacon "wizard" that helps manage beacon advertisements and renewals. Once a beacon has been validated and is a v11 protocol beacon, the normal 180 day expiration rules apply. Note, however, that the 180 day expiration on research rewards has been removed with the Fern update. This means that while your beacon might expire after 180 days, your earned research rewards will be retained and can be claimed by advertising a beacon with the same CPID and going through the validation process again. In other words, you do not lose any earned research rewards if you do not stake a block within 180 days and keep your beacon up-to-date.
The transition height is also when the team requirement will be relaxed for the network.

GUI

Besides the beacon wizard, there are a number of improvements to the GUI, including new UI transaction types (and icons) for staking the superblock, sidestake sends, beacon advertisement, voting, poll creation, and transactions with a message. The main screen has been revamped with a better summary section, and better status icons. Several changes under the hood have improved GUI performance. And finally, the diagnostics have been revamped.

Blockchain

The wallet sync speed has been DRASTICALLY improved. A decent machine with a good network connection should be able to sync the entire mainnet blockchain in less than 4 hours. A fast machine with a really fast network connection and a good SSD can do it in about 2.5 hours. One of our goals was to reduce or eliminate the reliance on snapshots for mainnet, and I think we have accomplished that goal with the new sync speed. We have also streamlined the in-memory structures for the blockchain which shaves some memory use.
There are so many goodies here it is hard to summarize them all.
I would like to thank all of the contributors to this release, but especially thank @cyrossignol, whose incredible contributions formed the backbone of this release. I would also like to pay special thanks to @barton2526, @caraka, and @Quezacoatl1, who tirelessly helped during the testing and polishing phase on testnet with testing and repeated builds for all architectures.
The developers are proud to present this release to the community and we believe this represents the starting point for a true renaissance for Gridcoin!

Summary Changelog

Accrual

Changed

Most significantly, nodes calculate research rewards directly from the magnitudes in EACH superblock between stakes instead of using a two- or three- point average based on a CPID's current magnitude and the magnitude for the CPID when it last staked. For those long-timers in the community, this has been referred to as "Superblock Windows," and was first done in proof-of-concept form by @denravonska.

Removed

Beacons

Added

Changed

Removed

Unaltered

As a reminder:

Superblocks

Added

Changed

Removed

Voting

Added

Changed

Removed

Detailed Changelog

[5.0.0.0] 2020-09-03, mandatory, "Fern"

Added

Changed

Removed

Fixed

submitted by jamescowens to gridcoin [link] [comments]

Proposal: The Sia Foundation

Vision Statement

A common sentiment is brewing online; a shared desire for the internet that might have been. After decades of corporate encroachment, you don't need to be a power user to realize that something has gone very wrong.
In the early days of the internet, the future was bright. In that future, when you sent an instant message, it traveled directly to the recipient. When you needed to pay a friend, you announced a transfer of value to their public key. When an app was missing a feature you wanted, you opened up the source code and implemented it. When you took a picture on your phone, it was immediately encrypted and backed up to storage that you controlled. In that future, people would laugh at the idea of having to authenticate themselves to some corporation before doing these things.
What did we get instead? Rather than a network of human-sized communities, we have a handful of enormous commons, each controlled by a faceless corporate entity. Hey user, want to send a message? You can, but we'll store a copy of it indefinitely, unencrypted, for our preference-learning algorithms to pore over; how else could we slap targeted ads on every piece of content you see? Want to pay a friend? You can—in our Monopoly money. Want a new feature? Submit a request to our Support Center and we'll totally maybe think about it. Want to backup a photo? You can—inside our walled garden, which only we (and the NSA, of course) can access. Just be careful what you share, because merely locking you out of your account and deleting all your data is far from the worst thing we could do.
You rationalize this: "MEGACORP would never do such a thing; it would be bad for business." But we all know, at some level, that this state of affairs, this inversion of power, is not merely "unfortunate" or "suboptimal" – No. It is degrading. Even if MEGACORP were purely benevolent, it is degrading that we must ask its permission to talk to our friends; that we must rely on it to safeguard our treasured memories; that our digital lives are completely beholden to those who seek only to extract value from us.
At the root of this issue is the centralization of data. MEGACORP can surveil you—because your emails and video chats flow through their servers. And MEGACORP can control you—because they hold your data hostage. But centralization is a solution to a technical problem: How can we make the user's data accessible from anywhere in the world, on any device? For a long time, no alternative solution to this problem was forthcoming.
Today, thanks to a confluence of established techniques and recent innovations, we have solved the accessibility problem without resorting to centralization. Hashing, encryption, and erasure encoding got us most of the way, but one barrier remained: incentives. How do you incentivize an anonymous stranger to store your data? Earlier protocols like BitTorrent worked around this limitation by relying on altruism, tit-for-tat requirements, or "points" – in other words, nothing you could pay your electric bill with. Finally, in 2009, a solution appeared: Bitcoin. Not long after, Sia was born.
Cryptography has unleashed the latent power of the internet by enabling interactions between mutually-distrustful parties. Sia harnesses this power to turn the cloud storage market into a proper marketplace, where buyers and sellers can transact directly, with no intermediaries, anywhere in the world. No more silos or walled gardens: your data is encrypted, so it can't be spied on, and it's stored on many servers, so no single entity can hold it hostage. Thanks to projects like Sia, the internet is being re-decentralized.
Sia began its life as a startup, which means it has always been subjected to two competing forces: the ideals of its founders, and the profit motive inherent to all businesses. Its founders have taken great pains to never compromise on the former, but this often threatened the company's financial viability. With the establishment of the Sia Foundation, this tension is resolved. The Foundation, freed of the obligation to generate profit, is a pure embodiment of the ideals from which Sia originally sprung.
The goals and responsibilities of the Foundation are numerous: to maintain core Sia protocols and consensus code; to support developers building on top of Sia and its protocols; to promote Sia and facilitate partnerships in other spheres and communities; to ensure that users can easily acquire and safely store siacoins; to develop network scalability solutions; to implement hardforks and lead the community through them; and much more. In a broader sense, its mission is to commoditize data storage, making it cheap, ubiquitous, and accessible to all, without compromising privacy or performance.
Sia is a perfect example of how we can achieve better living through cryptography. We now begin a new chapter in Sia's history. May our stewardship lead it into a bright future.
 

Overview

Today, we are proposing the creation of the Sia Foundation: a new non-profit entity that builds and supports distributed cloud storage infrastructure, with a specific focus on the Sia storage platform. What follows is an informal overview of the Sia Foundation, covering two major topics: how the Foundation will be funded, and what its funds will be used for.

Organizational Structure

The Sia Foundation will be structured as a non-profit entity incorporated in the United States, likely a 501(c)(3) organization or similar. The actions of the Foundation will be constrained by its charter, which formalizes the specific obligations and overall mission outlined in this document. The charter will be updated on an annual basis to reflect the current goals of the Sia community.
The organization will be operated by a board of directors, initially comprising Luke Champine as President and Eddie Wang as Chairman. Luke Champine will be leaving his position at Nebulous to work at the Foundation full-time, and will seek to divest his shares of Nebulous stock along with other potential conflicts of interest. Neither Luke nor Eddie personally own any siafunds or significant quantities of siacoin.

Funding

The primary source of funding for the Foundation will come from a new block subsidy. Following a hardfork, 30 KS per block will be allocated to the "Foundation Fund," continuing in perpetuity. The existing 30 KS per block miner reward is not affected. Additionally, one year's worth of block subsidies (approximately 1.57 GS) will be allocated to the Fund immediately upon activation of the hardfork.
As detailed below, the Foundation will provably burn any coins that it cannot meaningfully spend. As such, the 30 KS subsidy should be viewed as a maximum. This allows the Foundation to grow alongside Sia without requiring additional hardforks.
The Foundation will not be funded to any degree by the possession or sale of siafunds. Siafunds were originally introduced as a means of incentivizing growth, and we still believe in their effectiveness: a siafund holder wants to increase the amount of storage on Sia as much as possible. While the Foundation obviously wants Sia to succeed, its driving force should be its charter. Deriving significant revenue from siafunds would jeopardize the Foundation's impartiality and focus. Ultimately, we want the Foundation to act in the best interests of Sia, not in growing its own budget.

Responsibilities

The Foundation inherits a great number of responsibilities from Nebulous. Each quarter, the Foundation will publish the progress it has made over the past quarter, and list the responsibilities it intends to prioritize over the coming quarter. This will be accompanied by a financial report, detailing each area of expenditure over the past quarter, and forecasting expenditures for the coming quarter. Below, we summarize some of the myriad responsibilities towards which the Foundation is expected to allocate its resources.

Maintain and enhance core Sia software

Arguably, this is the most important responsibility of the Foundation. At the heart of Sia is its consensus algorithm: regardless of other differences, all Sia software must agree upon the content and rules of the blockchain. It is therefore crucial that the algorithm be stewarded by an entity that is accountable to the community, transparent in its decision-making, and has no profit motive or other conflicts of interest.
Accordingly, Sia’s consensus functionality will no longer be directly maintained by Nebulous. Instead, the Foundation will release and maintain an implementation of a "minimal Sia full node," comprising the Sia consensus algorithm and P2P networking code. The source code will be available in a public repository, and signed binaries will be published for each release.
Other parties may use this code to provide alternative full node software. For example, Nebulous may extend the minimal full node with wallet, renter, and host functionality. The source code of any such implementation may be submitted to the Foundation for review. If the code passes review, the Foundation will provide "endorsement signatures" for the commit hash used and for binaries compiled internally by the Foundation. Specifically, these signatures assert that the Foundation believes the software contains no consensus-breaking changes or other modifications to imported Foundation code. Endorsement signatures and Foundation-compiled binaries may be displayed and distributed by the receiving party, along with an appropriate disclaimer.
A minimal full node is not terribly useful on its own; the wallet, renter, host, and other extensions are what make Sia a proper developer platform. Currently, the only implementations of these extensions are maintained by Nebulous. The Foundation will contract Nebulous to ensure that these extensions continue to receive updates and enhancements. Later on, the Foundation intends to develop its own implementations of these extensions and others. As with the minimal node software, these extensions will be open source and available in public repositories for use by any Sia node software.
With the consensus code now managed by the Foundation, the task of implementing and orchestrating hardforks becomes its responsibility as well. When the Foundation determines that a hardfork is necessary (whether through internal discussion or via community petition), a formal proposal will be drafted and submitted for public review, during which arguments for and against the proposal may be submitted to a public repository. During this time, the hardfork code will be implemented, either by Foundation employees or by external contributors working closely with the Foundation. Once the implementation is finished, final arguments will be heard. The Foundation board will then vote whether to accept or reject the proposal, and announce their decision along with appropriate justification. Assuming the proposal was accepted, the Foundation will announce the block height at which the hardfork will activate, and will subsequently release source code and signed binaries that incorporate the hardfork code.
Regardless of the Foundation's decision, it is the community that ultimately determines whether a fork is accepted or rejected – nothing can change that. Foundation node software will never automatically update, so all forks must be explicitly adopted by users. Furthermore, the Foundation will provide replay and wipeout protection for its hard forks, protecting other chains from unintended or malicious reorgs. Similarly, the Foundation will ensure that any file contracts formed prior to a fork activation will continue to be honored on both chains until they expire.
Finally, the Foundation also intends to pursue scalability solutions for the Sia blockchain. In particular, work has already begun on an implementation of Utreexo, which will greatly reduce the space requirements of fully-validating nodes (allowing a full node to be run on a smartphone) while increasing throughput and decreasing initial sync time. A hardfork implementing Utreexo will be submitted to the community as per the process detailed above.
As this is the most important responsibility of the Foundation, it will receive a significant portion of the Foundation’s budget, primarily in the form of developer salaries and contracting agreements.

Support community services

We intend to allocate 25% of the Foundation Fund towards the community. This allocation will be held and disbursed in the form of siacoins, and will pay for grants, bounties, hackathons, and other community-driven endeavours.
Any community-run service, such as a Skynet portal, explorer or web wallet, may apply to have its costs covered by the Foundation. Upon approval, the Foundation will reimburse expenses incurred by the service, subject to the exact terms agreed to. The intent of these grants is not to provide a source of income, but rather to make such services "break even" for their operators, so that members of the community can enrich the Sia ecosystem without worrying about the impact on their own finances.

Ensure easy acquisition and storage of siacoins

Most users will acquire their siacoins via an exchange. The Foundation will provide support to Sia-compatible exchanges, and pursue relevant integrations at its discretion, such as Coinbase's new Rosetta standard. The Foundation may also release DEX software that enables trading cryptocurrencies without the need for a third party. (The Foundation itself will never operate as a money transmitter.)
Increasingly, users are storing their cryptocurrency on hardware wallets. The Foundation will maintain the existing Ledger Nano S integration, and pursue further integrations at its discretion.
Of course, all hardware wallets must be paired with software running on a computer or smartphone, so the Foundation will also develop and/or maintain client-side wallet software, including both full-node wallets and "lite" wallets. Community-operated wallet services, i.e. web wallets, may be funded via grants.
Like core software maintenance, this responsibility will be funded in the form of developer salaries and contracting agreements.

Protect the ecosystem

When it comes to cryptocurrency security, patching software vulnerabilities is table stakes; there are significant legal and social threats that we must be mindful of as well. As such, the Foundation will earmark a portion of its fund to defend the community from legal action. The Foundation will also safeguard the network from 51% attacks and other threats to network security by implementing softforks and/or hardforks where necessary.
The Foundation also intends to assist in the development of a new FOSS software license, and to solicit legal memos on various Sia-related matters, such as hosting in the United States and the EU.
In a broader sense, the establishment of the Foundation makes the ecosystem more robust by transferring core development to a more neutral entity. Thanks to its funding structure, the Foundation will be immune to various forms of pressure that for-profit companies are susceptible to.

Drive adoption of Sia

Although the overriding goal of the Foundation is to make Sia the best platform it can be, all that work will be in vain if no one uses the platform. There are a number of ways the Foundation can promote Sia and get it into the hands of potential users and developers.
In-person conferences are understandably far less popular now, but the Foundation can sponsor and/or participate in virtual conferences. (In-person conferences may be held in the future, permitting circumstances.) Similarly, the Foundation will provide prizes for hackathons, which may be organized by community members, Nebulous, or the Foundation itself. Lastly, partnerships with other companies in the cryptocurrency space—or the cloud storage space—are a great way to increase awareness of Sia. To handle these responsibilities, one of the early priorities of the Foundation will be to hire a marketing director.

Fund Management

The Foundation Fund will be controlled by a multisig address. Each member of the Foundation's board will control one of the signing keys, with the signature threshold to be determined once the final composition of the board is known. (This threshold may also be increased or decreased if the number of board members changes.) Additionally, one timelocked signing key will be controlled by David Vorick. This key will act as a “dead man’s switch,” to be used in the event of an emergency that prevents Foundation board members from reaching the signature threshold. The timelock ensures that this key cannot be used unless the Foundation fails to sign a transaction for several months.
On the 1st of each month, the Foundation will use its keys to transfer all siacoins in the Fund to two new addresses. The first address will be controlled by a high-security hot wallet, and will receive approximately one month's worth of Foundation expenditures. The second address, receiving the remaining siacoins, will be a modified version of the source address: specifically, it will increase the timelock on David Vorick's signing key by one month. Any other changes to the set of signing keys, such as the arrival or departure of board members, will be incorporated into this address as well.
The Foundation Fund is allocated in SC, but many of the Foundation's expenditures must be paid in USD or other fiat currency. Accordingly, the Foundation will convert, at its discretion, a portion of its monthly withdrawals to fiat currency. We expect this conversion to be primarily facilitated by private "OTC" sales to accredited investors. The Foundation currently has no plans to speculate in cryptocurrency or other assets.
Finally, it is important that the Foundation adds value to the Sia platform well in excess of the inflation introduced by the block subsidy. For this reason, the Foundation intends to provably burn, on a quarterly basis, any coins that it cannot allocate towards any justifiable expense. In other words, coins will be burned whenever doing so provides greater value to the platform than any other use. Furthermore, the Foundation will cap its SC treasury at 5% of the total supply, and will cap its USD treasury at 4 years’ worth of predicted expenses.
 
Addendum: Hardfork Timeline
We would like to see this proposal finalized and accepted by the community no later than September 30th. A new version of siad, implementing the hardfork, will be released no later than October 15th. The hardfork will activate at block 293220, which is expected to occur around 12pm EST on January 1st, 2021.
 
Addendum: Inflation specifics
The total supply of siacoins as of January 1st, 2021 will be approximately 45.243 GS. The initial subsidy of 1.57 GS thus increases the supply by 3.47%, and the total annual inflation in 2021 will be at most 10.4% (if zero coins are burned). In 2022, total annual inflation will be at most 6.28%, and will steadily decrease in subsequent years.
 

Conclusion

We see the establishment of the Foundation as an important step in the maturation of the Sia project. It provides the ecosystem with a sustainable source of funding that can be exclusively directed towards achieving Sia's ambitious goals. Compared to other projects with far deeper pockets, Sia has always punched above its weight; once we're on equal footing, there's no telling what we'll be able to achieve.
Nevertheless, we do not propose this change lightly, and have taken pains to ensure that the Foundation will act in accordance with the ideals that this community shares. It will operate transparently, keep inflation to a minimum, and respect the user's fundamental role in decentralized systems. We hope that everyone in the community will consider this proposal carefully, and look forward to a productive discussion.
submitted by lukechampine to siacoin [link] [comments]

Recovery

Hey I made a post on here earlier today and this is just an update on my situation. I sent bitcoin to my friend but little did I know he changed this bitcoin adress to remain untraced. So I basicly sent it to an old btc wallet that he no longer has access too. He does not know the seed to this wallet but I am wondering if I could recover the wallet with the btc I sent to it by using digital forensics? I'm sorry I know I sound very dumb I'm just very new to this and looking for any help I can get thank you :)
submitted by just_cyroo to Bitcoin [link] [comments]

Bitcoin will eradicate all idiots/trolls/shills! You have been warned.

Bitcoin is vicious. It is not your friend. It is neither your enemy nor your ally. It will reck every single idiot who is only involved to get rich quick. It will equally reck all the other idiots who try to oppose it's scaling path.
Bitcoin is a small world network that will become so powerful and useful to everyone, that people will flock to it.
We don't need to go around shilling businesses to accept bitcoin. They will use it when it makes sense for them to do so, economically.
Similarly, we don't need to go around trying to sell moon tickets to morons.
We just need to scale! Bitcoin will take care of the rest of the problem.
submitted by m_murfy to bitcoincashSV [link] [comments]

What I currently use for privacy (after almost 2 years of long investing into it)

First of all, my threat model: I'm just an average person that wants to AVOID the maximum I can to be monitored and tracked by the government and big corps, a lot of people out there REALLY hate me and I've gone through lots of harassment and other stuff, I also plan to take my activism and love for freedom more seriously and to do stuff that could potentially lead me to very high danger or even put my life on the line. That being said, my main focus is on something that is privacy-friendly but also something with decent security (no point having a lot of privacy if a script kiddie can just break into it an boom, everything is gone) anonymity is also desirable but I'm pretty aware that true 100% anonymity is simply not possible and to achieve the maximum you can of it currently you'd have to give up A LOT of stuff in which I don't think I really could. So basically, everything that I said + I don't want to give up some hobbies of mine (as playing games etc)
Here's what I use/have done so far, most of it is based on privacytools.io list and research I've done.
Mobile:
Google Pixel 3a XL running GrapheneOS
Apps: Stock apps (Vanadium, Gallery, Clock, Contacts etc) + F-DROID, NewPipe, OsmAnd+, Joplin, Tutanota, K-9 Mail, Aegis Authenticator, KeePassDX, Syncthing, Signal, Librera PRO, Vinyl, Open Camera and Wireguard.
I also use BlahDNS as my private DNS.
Other smartphone stuff/habits: I use a Supershieldz Anti Spy Tempered Glass Screen Protector on my phone and I also have a Faraday Sleeve from Silent Pocket which my phone is on most of the times (I don't have smartphone addiction and would likely advice you to break free from smartphone addiction if you have it). I NEVER use bluetooth (thank god Pixel 3a have a headphone jack so yeah, no bluetooth earphones here) and always keep my Wi-Fi off if I'm not using it.
Computer:
I have a desktop that I built (specs: Asus B450M Gaming, AMD Ryzen 3 3300X, Radeon RX 580 8GB, 16GB DDR4 2666Mhz, 3TB HDD, 480GB SSD) that is dualbooted with QubesOS and Arch Linux.
Qubes is my main OS that I use as daily driver and for my tasks, I use Arch for gaming.
I've installed linux-hardened and its headers packages on my Arch + further kernel hardening using systctl and boot parameters, AppArmor as my MAC system and bubblewrap for sandboxing programs. I also spoof my MAC address and have restricted root access, I've also protected my GRUB with password (and use encrypted boot) and have enabled Microcode updates and have NTP and IPV6 disabled.
Also on Arch, I use iptables as a firewall denying all incoming traffic, and since it's my gaming PC, I don't game on the OS, instead, I use a KVM/QEMU Windows VM for gaming (search "How I Built The "Poor-Shamed" Computer" video to see what I'm talking about) I also use full disk encryption.
Software/Providers:
E-Mails: I use ProtonMail (Plus Account paid with bitcoin) and Tutanota (free account as they don't accept crypto payment yet, come on Tutanota, I've been waiting for it for 2 years already) since I have plus account on ProtonMail it allows me to use ProtonMail Bridge and use it on Claws Mail (desktop) and K-9 Mail (mobile) as for Tutanota I use both desktop and mobile app.
Some other e-mails habits of mine: I use e-mail aliases (ProtonMail plus account provides you with 5) and each alias is used for different tasks (as one for shopping, one for banking, one for accounts etc) and none of my e-mails have my real name on it or something that could be used to identify me. I also highly avoid using stuff that require e-mail/e-mail verification for usage (e-mail is such a pain in the ass tbh) I also make use of Spamgourmet for stuff like temporary e-mail (best service I found for this doing my research, dunno if it's really the best tho, heard that AnonAddy does kinda the same stuff but dunno, recommendations are welcomed)
Browsers/Search Engine: As mentioned, I use Vanadium (Graphene's stock browser) on mobile as it is the recommended browser by Graphene and the one with the best security for Android, for desktop I use a Hardened Firefox (pretty aware of Firefox's security not being that good, but it's the best browser for PC for me as Ungoogled Chromium is still not there in A LOT of things + inherent problems of Chrome as not being able to disable WebRTC unless you use an extension etc) with ghacks-user.js and uBlock Origin (hard mode), uMatrix (globally blocking first party scripts), HTTPS Everywhere (EASE Mode), Decentraleyes (set the recommended rules for both uBlock Origin and uMatrix) and Temporary Containers as addons. I also use Tor Browser (Safest Mode) on a Whonix VM on Qubes sometimes. DuckDuckGo is my to-go search engine and I use DNS over HTTPS on Firefox (BlahDNS as my provider once again)
browsing habits: I avoid JavaScript the maximum I can, if it's really needed, I just allow the scripts temporarely on uBlock Origin/uMatrix and after I'm done I just disable it. I also generally go with old.reddit.com instead of reddit.com (as JavaScript is not required to browse the old client), nitter.net for checking twitter stuff (although I rarely have something peaking my interest on Twitter) and I use invidious.snopyta.org as youtube front-end (I do however use YouTube sometimes if a video I wanna see can't be played on invidious or if I wanna watch a livestream) and html.duckduckgo.com instead of duckduckgo.com other than avoiding JavaScript most of my browsing habits are just common sense at this point I'd say, I also use privatebin (snopyta's instance) instead of pastebin. I also have multiple firefox profiles for different tasks (personal usage, shopping, banking etc)
VPN: I use Mullvad (guess you can mention it here since it's PTIO's recommended) paid with bitcoin and honestly best service available tbh. I use Mullvad's multihop implementation on Wireguard which I manually set myself as I had the time and patience to learn how.
password manager: KeePassXC on desktop and KeePassDX on my smartphone, my password database for my desktop is stored on a USB flash driver I encrypted with VeraCrypt.
some other software on desktop: LibreOffice (as a Microsoft Office substitute), GIMP (Photshop substitute), Vim (I use it for multiple purposes, mainly coding IDE and as a text editor), VLC (media player), Bisq (bitcoin exchange), Wasabi (bitcoin wallet), OBS (screen recording), Syncthing (file sync), qBitTorrent (torrent client) and Element (federated real-time communication software). I sadly couldn't find a good open-source substitute to Sony Vegas (tested many, but none was in the same level of Vegas imo, KDENLive is okay tho) so I just use it on a VM if I need it (Windows VM solely for the purpose of video editing, not the same one I use for gaming)
Other:
router: I have an Asus RT-AC68U with OpenWRT as its firmware. I also set a VPN on it.
cryptocurrency hardware wallet: I store all of my cryptocurrency (Bitcoin and Monero) on a Ledger Nano S, about 97% of my money is on crypto so a hardware wallet is a must for me.
I have lots of USB flash drivers that I use for Live ISOs and for encrypted backups. I also have a USB Data Blocker from PortaPow that I generally use if I need to charge my cellphone in public or in a hotel while on a trip (rare occasion tbh).
I have a Logitech C920e as webcam and a Blue Yeti microphone in which I never let them plugged, I only plug them if it's necessary and after I'm done I just unplug them.
I also have a Nintendo Switch Lite as a gaming console that I most of the times just use offline, I just connect to the internet if needed for a software update and then just turn the Wi-Fi off from it.
Other Habits/Things I've done:
payments: I simply AVOID using credit card, I try to always pay on cash (I live in a third-world country so thank god most of people here still depend on cash only) physically and online I try my best to either by using cryptocurrency or using gift cards/cash by mail if crypto isn't available. I usually buy crypto on Bisq as I just don't trust any KYC exchange (and neither should you) and since there aren't many people here in my area to do face to face bitcoin trade (and I'm skeptical of face to face tbh), I use the Wasabi Wallet (desktop) to coinjoin bitcoin before buying anything as this allows a bit more of privacy, I also coinjoin on Wasabi before sending my bitcoins to my hardware wallet. I also don't have a high consumerism drive so I'm not constantly wanting to buy everything that I see (which helps a lot on this criteria)
social media/accounts: as noted, aside from Signal and Element (which I don't even use that often) I just don't REALLY use any social media (tried Mastodon for a while but I was honestly felt it kinda desert there and most of its userbase from what I've seen were some people I'd just... rather don't hang with tbh) and, althoug not something necessary is something that I really advise people to as social media is literally a poison to your mind.
I also don't own any streaming service like Netflix/Amazon Prime/Spotify etc, I basically pirate series/movies/songs and that's it.
I've also deleted ALL my old accounts from social media (like Twitter etc) and old e-mails. ALL of my important and main accounts have 2FA enabled and are protected by a strong password (I use KeePass to generate a 35 character lenght password with numbers, capital letters, special symbols etc, each account uses a unique password) I also NEVER use my real name on any account and NEVER post any pictures of myself (I rarely take pictures of stuff if anything)
iot/smart devices: aside from my smartphone, I don't have any IOT/smart device as I honestly see no need for them (and most of them are WAY too expensive on third-world countries)
files: I constatly backup all of my files (each two weeks) on encrypted flash drivers, I also use BleachBit for temporary data cleaning and data/file shredding. I also use Syncthing as a substitute to stuff like Google Drive.
Future plans:
learn to self-host and self-host an e-mail/NextCloud (and maybe even a VPN)
find something like BurneHushed but FOSS (if you know any please let me know)
So, how is it? anything that I should do that I'm probably not doing?
submitted by StunningDistrust to privacytoolsIO [link] [comments]

/r/Scams Common Scam Master Post

Hello visitors and subscribers of scams! Here you will find a master list of common (and uncommon) scams that you may encounter online or in real life. Thank you to the many contributors who helped create this thread!

If you know of a scam that is not covered here, write a comment and it will be added to the next edition.

Previous threads: https://old.reddit.com/Scams/search?q=common+scams+master+post&restrict_sr=on
Blackmail email scam thread: https://www.reddit.com/Scams/comments/jij7zf/the_blackmail_email_scam_part_6/
Some of these articles are from small, local publications and refer to the scam happening in a specific area. Do not think that this means that the scam won't happen in your area.

Spoofing

Caller ID spoofing
It is very easy for anyone to make a phone call while having any number show up on the caller ID of the person receiving the phone call. Receiving a phone call from a certain number does not mean that the person/company who owns that number has actually called you.
Email spoofing
The "from" field of an email can be set by the sender, meaning that you can receive scam emails that look like they are from legitimate addresses. It's important to never click links in emails unless absolutely necessary, for example a password reset link you requested or an account activation link for an account you created.
SMS spoofing
SMS messages can be spoofed, so be wary of messages that seem to be from your friends or other trusted people.

The most common scams

The fake check scam (Credit to nimble2 for this part)
The fake check scam arises from many different situations (for instance, you applied for a job, or you are selling something on a place like Craigslist, or someone wants to purchase goods or services from your business, or you were offered a job as a mystery shopper, you were asked to wrap your car with an advertisement, or you received a check in the mail for no reason), but the bottom line is always something like this:
General fraudulent funds scams If somebody is asking you to accept and send out money as a favour or as part of a job, it is a fraudulent funds scam. It does not matter how they pay you, any payment on any service can be fraudulent and will be reversed when it is discovered to be fraudulent.
Phone verification code scams Someone will ask you to receive a verification text and then tell you to give them the code. Usually the code will come from Google Voice, or from Craigslist. In the Google version of the scam, your phone number will be used to verify a Google Voice account that the scammer will use to scam people with. In the Craigslist version of the scam, your phone number will be used to verify a Craigslist posting that the scammer will use to scam people. There is also an account takeover version of this scam that will involve the scammer sending a password reset token to your phone number and asking you for it.
Bitcoin job scams
Bitcoin job scams involve some sort of fraudulent funds transfer, usually a fake check although a fraudulent bank transfer can be used as well. The scammer will send you the fraudulent money and ask you to purchase bitcoins. This is a scam, and you will have zero recourse after you send the scammer bitcoins.
Email flooding
If you suddenly receive hundreds or thousands of spam emails, usually subscription confirmations, it's very likely that one of your online accounts has been taken over and is being used fraudulently. You should check any of your accounts that has a credit card linked to it, preferably from a computer other than the one you normally use. You should change all of your passwords to unique passwords and you should start using two factor authentication everywhere.
Cartel scam
You will be threatened by scammers who claim to be affiliated with a cartel. They may send you gory pictures and threaten your life and the lives of your family. Usually the victim will have attempted to contact an escort prior to the scam, but sometimes the scammers target people randomly. If you are targeted by a cartel scam all you need to do is ignore the scammers as their threats are clearly empty.
Boss/CEO scam A scammer will impersonate your boss or someone who works at your company and will ask you to run an errand for them, which will usually be purchasing gift cards and sending them the code. Once the scammer has the code, you have no recourse.
Employment certification scams
You will receive a job offer that is dependent on you completing a course or receiving a certification from a company the scammer tells you about. The scammer operates both websites and the job does not exist.
Craigslist fake payment scams
Scammers will ask you about your item that you have listed for sale on a site like Craigslist, and will ask to pay you via Paypal. They are scamming you, and the payment in most cases does not actually exist, the email you received was sent by the scammers. In cases where you have received a payment, the scammer can dispute the payment or the payment may be entirely fraudulent. The scammer will then either try to get you to send money to them using the fake funds that they did not send to you, or will ask you to ship the item, usually to a re-shipping facility or a parcel mule.
Craigslist Carfax/vehicle history scam
You'll encounter a scammer on Craigslist who wants to buy the vehicle you have listed, but they will ask for a VIN report from a random site that they have created and they will expect you to pay for it.
Double dip/recovery scammers
This is a scam aimed at people who have already fallen for a scam previously. Scammers will reach out to the victim and claim to be able to help the victim recover funds they lost in the scam.
General fraudulent funds scams The fake check scam is not the only scam that involves accepting fraudulent/fake funds and purchasing items for scammers. If your job or opportunity involves accepting money and then using that money, it is almost certainly a frauduent funds scam. Even if the payment is through a bank transfer, Paypal, Venmo, Zelle, Interac e-Transfer, etc, it does not matter.
Credit card debt scam
Fraudsters will offer to pay off your bills, and will do so with fraudulent funds. Sometimes it will be your credit card bill, but it can be any bill that can be paid online. Once they pay it off, they will ask you to send them money or purchase items for them. The fraudulent transaction will be reversed in the future and you will never be able to keep the money. This scam happens on sites like Craigslist, Twitter, Instagram, and also some dating sites, including SeekingArrangement.
The parcel mule scam
A scammer will contact you with a job opportunity that involves accepting and reshipping packages. The packages are either stolen or fraudulently obtained items, and you will not be paid by the scammer. Here is a news article about a scam victim who fell for this scam and reshipped over 20 packages containing fraudulently acquired goods.
The Skype sex scam
You're on Facebook and you get a friend request from a cute girl you've never met. She wants to start sexting and trading nudes. She'll ask you to send pictures or videos or get on webcam where she can see you naked with your face in the picture. The scam: There's no girl. You've sent nudes to a guy pretending to be a girl. As soon as he has the pictures he'll demand money and threaten to send the pictures to your friends and family. Sometimes the scammer will upload the video to a porn site or Youtube to show that they are serious.
What to do if you are a victim of this scam: You cannot buy silence, you can only rent it. Paying the blackmailer will show them that the information they have is valuable and they will come after you for more money. Let your friends and family know that you were scammed and tell them to ignore friend requests or messages from people they don't know. Also, make sure your privacy settings are locked down and consider deactivating your account.
The underage girl scam
You're on a dating site or app and you get contacted by a cute girl. She wants to start sexting and trading nudes. Eventually she stops communicating and you get a call from a pissed off guy claiming to be the girl's father, or a police officer, or a private investigator, or something else along those lines. Turns out the girl you were sexting is underage, and her parents want some money for various reasons, such as to pay for a new phone, to pay for therapy, etc. There is, of course, no girl. You were communicating with a scammer.
What to do if you are a victim of this scam: Stop picking up the phone when the scammers call. Do not pay them, or they will be after you for more money.
Phishing
Phishing is when a scammer tries to trick you into giving information to them, such as your password or private financial information. Phishing messages will usually look very similar to official messages, and sometimes they are identical. If you are ever required to login to a different account in order to use a service, you should be incredibly cautious.
The blackmail email scam part 5: https://old.reddit.com/Scams/comments/g8jqnthe_blackmail_email_scam_part_5/
PSA: you did not win a giftcard: https://old.reddit.com/Scams/comments/fffmle/psa_you_did_not_win_a_gift_card/
Sugar scams
Sugar scammers operate all over the internet and usually come in two varieties: advance-fee scams where the scammer will ask for a payment from you before sending you lots of money, and fake check style scams where the scammer will either pull a classic fake check scam, or will do a "bill pay" style scam that involves them paying your bills, or them giving you banking information to pay your bills. If you encounter these scammers, report their accounts and move on.
Google Hangouts
Google Hangouts is a messaging platform used extensively by all kinds of scammers. If you are talking with someone online and they want you to switch to Hangouts, they are likely a scammer and you should proceed with caution.
Publishers Clearing House scams
PCH scams are often advance-fee scams, where you will be promised lots of money after you make an initial payment. You will never need to pay if you win money from the real PCH.
Pet scams
You are looking for a specific breed of puppy, bird, or other pet. You come across a nice-looking website that claims to be breeding them and has some available right now - they may even be on sale! The breeders are not local to your area (and may not even list a physical location) but they assure you they can safely ship the pet to you after a deposit or full payment. If you go through with the payment, you will likely be contacted by the "shipper" who will inform you about an unexpected shipping/customs/processing fee required to deliver your new pet. But there was never any pet, both the "breeder" and the "shipper" are scammers, typically operating out of Africa. These sites are rampant and account for a large percentage of online pet seller websites - they typically have a similar layout/template (screenshot - example)
If you are considering buying a pet online, some easy things to check are: (1) The registration date of the domain (if it was created recently it is likely a scam website) (2) Reverse image search the pictures of available pets - you will usually find other scam websites using the same photos. (3) Copy a sentence/section of the text from the "about us" page and put it into google (in quotes) - these scammers often copy large parts of their website's text from other places. (4) Search for the domain name and look for entries on petscams.com or other scam-tracking sites. (5) Strongly consider buying/adopting your pet from a local shelter or breeder where you can see the animal in person before putting any money down.
Thanks to djscsi for this entry.
Fake shipping company scams
These scams usually start when you try to buy something illegal online. You will be scammed for the initial payment, and then you will receive an email from the fake shipping company telling you that you need to pay them some sort of fee or bribe. If you pay this, they will keep trying to scam you with increasingly absurd stories until you stop paying, at which point they will blackmail you. If you are involved in this scam, all you can do is ignore the scammers and move on, and try to dispute your payments if possible.
Chinese Upwork scam
Someone will ask you to create an Upwork or other freelancer site account for them and will offer money in return. You will not be paid, and they want to use the accounts to scam people.
Quickbooks invoice scam
This is a fake check style scam that takes advantage of Quickbooks.
The blackmail email scam The exact wording of the emails varies, but there are generally four main parts. They claim to have placed software/malware on a porn/adult video site, they claim to have a video of you masturbating or watching porn, they threaten to release the video to your friends/family/loved ones/boss/dog, and they demand that you pay them in order for them to delete the video. Rest assured that this is a very common spam campaign and there is no truth behind the email or the threats. Here are some news articles about this scam.
The blackmail mail scam
This is very similar to the blackmail email scam, but you will receive a letter in the mail.
Rental scams Usually on local sites like Craigslist, scammers will steal photos from legitimate real estate listings and will list them for rent at or below market rate. They will generally be hesitant to tell you the address of the property for "safety reasons" and you will not be able to see the unit. They will then ask you to pay them a deposit and they claim they will ship you the keys. In reality, your money is gone and you will have no recourse.
Craigslist vehicle scams A scammer will list a vehicle on Craigslist and will offer to ship you the car. In many cases they will also falsely claim to sell you the car through eBay or Amazon. If you are looking for a car on Craigslist and the seller says anything about shipping the car, having an agent, gives you a long story about why they are selling the car, or the listing price is far too low, you are talking to a scammer and you should ignore and move on.
Advance-fee scam, also known as the 419 scam, or the Nigerian prince scam. You will receive a communication from someone who claims that you are entitled to a large sum of money, or you can help them obtain a large sum of money. However, they will need money from you before you receive the large sum.
Man in the middle scams
Man in the middle scams are very common and very hard to detect. The scammer will impersonate a company or person you are legitimately doing business with, and they will ask you to send the money to one of their own bank accounts or one controlled by a money mule. They have gained access to the legitimate persons email address, so there will be nothing suspicious about the email. To prevent this, make contact in a different way that lets you verify that the person you are talking to is the person you think you are talking to.
Digit wallet scam
A variation of the fake check scam, the scammer sends you money through a digital wallet (i.e. Venmo, Apple Pay, Zelle, Cash App) along with a message claiming they've sent the money to the wrong person and a request to send the money back. Customer service for these digital wallets may even suggest that you send the money back. However, the money sent is from a stolen credit card and will be removed from your account after a few days. Your transfer is not reversed since it came from your own funds.
Cam girl voting/viewer scam
You will encounter a "cam girl" on a dating/messaging/social media/whatever site/app, and the scammer will ask you to go to their site and sign up with your credit card. They may offer a free show, or ask you to vote for them, or any number of other fake stories.
Amateur porn recruitment scam
You will encounter a "pornstar" on a dating/messaging/social media/whatever site/app, and the scammer will ask you to create an adult film with hehim, but first you need to do something. The story here is usually something to do with verifying your age, or you needing to take an STD test that involves sending money to a site operated by the scammer.
Hot girl SMS spam
You receive a text from a random number with a message along the lines of "Hey babe I'm here in town again if you wanted to meet up this time, are you around?" accompanied by a NSFW picture of a hot girl. It's spam, and they'll direct you to their scam website that requires a credit card.
Identity verification scam
You will encounter someone on a dating/messaging/social media/whatever site/app, and the scammer will ask that you verify your identity as they are worried about catfishing. The scammer operates the site, and you are not talking to whoever you think you are talking to.
This type of scam teases you with something, then tries to make you sign up for something else that costs money. The company involved is often innocent, but they turn a blind eye to the practice as it helps their bottom line, even if they have to occasionally issue refunds. A common variation takes place on dating sites/dating apps, where you will match with someone who claims to be a camgirl who wants you to sign up for a site and vote for her. Another variation takes place on local sites like Craigslist, where the scammers setup fake rental scams and demand that you go through a specific service for a credit check. Once you go through with it, the scammer will stop talking to you. Another variation also takes place on local sites like Craigslist, where scammers will contact you while you are selling a car and will ask you to purchase a Carfax-like report from a specific website.
Multi Level Marketing or Affiliate Marketing
You apply for a vague job listing for 'sales' on craigslist. Or maybe an old friend from high school adds you on Facebook and says they have an amazing business opportunity for you. Or maybe the well dressed guy who's always interviewing people in the Starbucks that you work at asks if you really want to be slinging coffee the rest of your life. The scam: MLMs are little more than pyramid schemes. They involve buying some sort of product (usually snake oil health products like body wraps or supplements) and shilling them to your friends and family. They claim that the really money is recruiting people underneath you who give you a slice of whatever they sell. And if those people underneath you recruit more people, you get a piece of their sales. Ideally if you big enough pyramid underneath you the money will roll in without any work on your part. Failure to see any profit will be your fault for not "wanting it enough." The companies will claim that you need to buy their extra training modules or webinars to really start selling. But in reality, the vast majority of people who buy into a MLM won't see a cent. At the end of the day all you'll be doing is annoying your friends and family with your constant recruitment efforts. What to look out for: Recruiters love to be vague. They won't tell you the name of the company or what exactly the job will entail. They'll pump you up with promises of "self-generating income", "being your own boss", and "owning your own company." They might ask you to read books about success and entrepreneurs. They're hoping you buy into the dream first. If you get approached via social media, check their timelines. MLMs will often instruct their victims to pretend that they've already made it. They'll constantly post about how they're hustling and making the big bucks and linking to youtube videos about success. Again, all very vague about what their job actually entails. If you think you're being recruited: Ask them what exactly the job is. If they can't answer its probably a MLM. Just walk away.

Phone scams

You should generally avoid answering or engaging with random phone calls. Picking up and engaging with a scam call tells the scammers that your phone number is active, and will usually lead to more calls.
Tax Call
You get a call from somebody claiming to be from your countries tax agency. They say you have unpaid taxes that need to be paid immediately, and you may be arrested or have other legal action taken against you if it is not paid. This scam has caused the American IRS, Canadian CRA, British HMRC, and Australian Tax Office to issue warnings. This scam happens in a wide variety of countries all over the world.
Warrant Call
Very similar to the tax call. You'll get a phone call from an "agent", "officer", "sheriff", or other law enforcement officer claiming that there is a warrant out for your arrest and you will be arrested very soon. They will then offer to settle everything for a fee, usually paid in giftcards.
[Legal Documents/Process Server Calls]
Very similar to the warrant call. You'll get a phone call from a scammer claiming that they are going to serve you legal documents, and they will threaten you with legal consequences if you refuse to comply. They may call themselves "investigators", and will sometimes give you a fake case number.
Student Loan Forgiveness Scam
Scammers will call you and tell you about a student loan forgiveness program, but they are interested in obtaining private information about you or demanding money in order to join the fake program.
Tech Support Call You receive a call from someone with a heavy accent claiming to be a technician Microsoft or your ISP. They inform you that your PC has a virus and your online banking and other accounts may be compromised if the virus is not removed. They'll have you type in commands and view diagnostics on your PC which shows proof of the virus. Then they'll have you install remote support software so the technician can work on your PC, remove the virus, and install security software. The cost of the labor and software can be hundreds of dollars. The scam: There's no virus. The technician isn't a technician and does not work for Microsoft or your ISP. Scammers (primarily out of India) use autodialers to cold-call everyone in the US. Any file they point out to you or command they have you run is completely benign. The software they sell you is either freeware or ineffective. What to do you if you're involved with this scam: If the scammers are remotely on your computer as you read this, turn off your PC or laptop via the power button immediately, and then if possible unplug your internet connection. Some of the more vindictive tech scammers have been known to create boot passwords on your computer if they think you've become wise to them and aren't going to pay up. Hang up on the scammers, block the number, and ignore any threats about payment. Performing a system restore on your PC is usually all that is required to remove the scammer's common remote access software. Reports of identity theft from fake tech calls are uncommon, but it would still be a good idea to change your passwords for online banking and monitor your accounts for any possible fraud. How to avoid: Ignore any calls claiming that your PC has a virus. Microsoft will never contact you. If you're unsure if a call claiming to be from your ISP is legit, hang up, and then dial the customer support number listed on a recent bill. If you have elderly relatives or family that isn't tech savvy, take the time to fill them in on this scam.
Chinese government scam
This scam is aimed at Chinese people living in Europe and North America, and involves a voicemail from someone claiming to be associated with the Chinese government, usually through the Chinese consulate/embassy, who is threatening legal action or making general threats.
Chinese shipping scam
This scam is similar to the Chinese government scam, but involves a seized/suspicious package, and the scammers will connect the victim to other scammers posing as Chinese government investigators.
Social security suspension scam
You will receive a call from someone claiming to work for the government regarding suspicious activity, fraud, or serious crimes connected to your social security number. You'll be asked to speak to an operator and the operator will explain the steps you need to follow in order to fix the problems. It's all a scam, and will lead to you losing money and could lead to identity theft if you give them private financial information.
Utilities cutoff
You get a call from someone who claims that they are from your utility company, and they claim that your utilities will be shut off unless you immediately pay. The scammer will usually ask for payment via gift cards, although they may ask for payment in other ways, such as Western Union or bitcoin.
Relative in custody Scammer claims to be the police, and they have your son/daughtenephew/estranged twin in custody. You need to post bail (for some reason in iTunes gift cards or MoneyGram) immediately or the consequences will never be the same.
Mexican family scam
This scam comes in many different flavours, but always involves someone in your family and Mexico. Sometimes the scammer will claim that your family member has been detained, sometimes the scammer will claim that your family member has been kidnapped, and sometimes the scammer will claim that your family member is injured and needs help.
General family scams
Scammers will gather a large amount of information about you and target your family members using different stories with the goal of gettimg them to send money.
One ring scam
Scammers will call you from an international number with the goal of getting you to return their call, causing you to incur expensive calling fees.

Online shopping scams

THE GOLDEN RULE OF ONLINE SHOPPING: If it sounds too good to be true, it probably is.
Dropshipping
An ad on reddit or social media sites like Facebook and Instagram offers items at huge discounts or even free (sometimes requiring you to reblog or like their page). They just ask you to pay shipping. The scam: The item will turn out to be very low quality and will take weeks or even months to arrive. Sometimes the item never arrives, and the store disappears or stops responding. The seller drop-ships the item from China. The item may only cost a few dollars, and the Chinese government actually pays for the shipping. You end up paying $10-$15 dollars for a $4 item, with the scammer keeping the profit. If you find one of these scams but really have your heart set on the item, you can find it on AliExpress or another Chinese retailer.
Influencer scams
A user will reach out to you on a social media platform, usually Instagram, and offer you the chance to partner with them and receive a free/discounted product, as long as you pay shipping. This is a different version of the dropshipping scam, and is just a marketing technique to get you to buy their products.
Triangulation fraud
Triangulation fraud occurs when you make a purchase on a site like Amazon or eBay for an item at a lower than market price, and receive an item that was clearly purchased new at full price. The scammer uses a stolen credit card to order your item, while the money from the listing is almost all profit for the scammer.
Instagram influencer scams
Someone will message you on Instagram asking you to promote their products, and offering you a discount code. The items are Chinese junk, and the offer is made to many people at a time.
Cheap Items
Many websites pop up and offer expensive products, including electronics, clothes, watches, sunglasses, and shoes at very low prices. The scam: Some sites are selling cheap knock-offs. Some will just take your money and run. What to do if you think you're involved with this scam: Contact your bank or credit card and dispute the charge. How to avoid: The sites often have every brand-name shoe or fashion item (Air Jordan, Yeezy, Gucci, etc) in stock and often at a discounted price. The site will claim to be an outlet for a major brand or even a specific line or item. The site will have images at the bottom claiming to be Secured by Norton or various official payment processors but not actual links. The site will have poor grammar and a mish-mash of categories. Recently, established websites will get hacked or their domain name jacked and turned into scam stores, meaning the domain name of the store will be completely unrelated to the items they're selling. If the deal sounds too good to be true it probably is. Nobody is offering brand new iPhones or Beats or Nintendo Switches for 75% off.
Cheap Amazon 3rd Party Items
You're on Amazon or maybe just Googling for an item and you see it for an unbelievable price from a third-party seller. You know Amazon has your back so you order it. The scam: One of three things usually happen: 1) The seller marks the items as shipped and sends a fake tracking number. Amazon releases the funds to the seller, and the seller disappears. Amazon ultimately refunds your money. 2) The seller immediately cancels the order and instructs you to re-order the item directly from their website, usually with the guarantee that the order is still protected by Amazon. The seller takes your money and runs. Amazon informs you that they do not offer protection on items sold outside of Amazon and cannot help you. 2) The seller immediately cancels the order and instructs you to instead send payment via an unused Amazon gift card by sending the code on the back via email. Once the seller uses the code, the money on the card is gone and cannot be refunded. How to avoid: These scammers can be identified by looking at their Amazon storefronts. They'll be brand new sellers offering a wide range of items at unbelievable prices. Usually their Amazon names will be gibberish, or a variation on FIRSTNAME.LASTNAME. Occasionally however, established storefronts will be hacked. If the deal is too good to be true its most likely a scam.
Scams on eBay
There are scams on eBay targeting both buyers and sellers. As a seller, you should look out for people who privately message you regarding the order, especially if they ask you to ship to a different address or ask to negotiate via text/email/a messaging service. As a buyer you should look out for new accounts selling in-demand items, established accounts selling in-demand items that they have no previous connection to (you can check their feedback history for a general idea of what they bought/sold in the past), and lookout for people who ask you to go off eBay and use another service to complete the transaction. In many cases you will receive a fake tracking number and your money will be help up for up to a month.
Scams on Amazon
There are scams on Amazon targeting both buyers and sellers. As a seller, you should look out for people who message you about a listing. As a buyer you should look out for listings that have an email address for you to contact the person to complete the transaction, and you should look out for cheap listings of in-demand items.
Scams on Reddit
Reddit accounts are frequently purchased and sold by fraudsters who wish to use the high karma count + the age of the account to scam people on buy/sell subreddits. You need to take precautions and be safe whenever you are making a transaction online.
Computer scams
Virus scam
A popup or other ad will say that you have a virus and you need to follow their advice in order to remove it. They are lying, and either want you to install malware or pay for their software.

Assorted scams

Chinese Brushing / direct shipping
If you have ever received an unsolicited small package from China, your address was used to brush. Vendors place fake orders for their own products and send out the orders so that they can increase their ratings.
Money flipping
Scammer claims to be a banking insider who can double/triple/bazoople any amount of money you send them, with no consequences of any kind. Obviously, the money disappears into their wallet the moment you send it.

General resources

Site to report scams in the United Kingdom: http://www.actionfraud.police.uk/
Site to report scams in the United States: https://www.ic3.gov/default.aspx
Site to report scams in Canada: www.antifraudcentre-centreantifraude.ca/reportincident-signalerincident/index-eng.htm
Site to report scams in Europe: https://www.europol.europa.eu/report-a-crime/report-cybercrime-online
FTC scam alerts: https://www.consumer.ftc.gov/scam-alerts
Microsoft's anti-scam guide: https://www.microsoft.com/en-us/safety/online-privacy/avoid-phone-scams.aspx
https://www.usa.gov/common-scams-frauds
https://www.usa.gov/scams-and-frauds
https://www.consumer.ftc.gov/features/scam-alerts
https://www.fbi.gov/scams-and-safety/common-fraud-schemes
submitted by EugeneBYMCMB to Scams [link] [comments]

Be aware of this scammer: sbaii

Hello community, please be aware of this account https://paxful.com/usesbaii , he scammed me,let me explain how: I opened a trade and he left it to expire and came searching for my username on telegram and telling me that he had an issue with his account, so he suggested to finish the trade in telegram and sent me his BITCOIN wallet address:
3FDjWDQ1hiCo739kQy7cit6ACdA68Ft8vP
when he received it he deleted the conversation and blocked me, I contacted the support with proofs and they didn’t take any action.
For paxful stuff here’s the trade id: KA2neqiEcee
and proofs
I am new to paxful an I don’t know what to do. Please help.
submitted by anasgh20 to paxful [link] [comments]

$TGOP SCAM + weirdness.

So this one had all the hallmarks of a scam from the beginning but I decided to dig a bit deeper as it was so clear this scammer targeted this reddit board to find his victims.
The OP of the now deleted post was seraf1990
https://www.removeddit.com/CryptoMoonShots/comments/j28ar5/the_road_to_el_dorado_or_tgop/
This user recently posted to /bitcoin and /ethereum about how they were scammed by a browser extension vulnerability which modified there wallet address on the clipboard. https://old.reddit.com/Bitcoin/comments/igt68z/warningplease_guys_be_extremely_careful/
If you go back a bit further past all the gun/audio/computer parts shopping you will find him posting on this project
https://medium.com/blockv https://i.imgur.com/HVUtXjI.png
That is the project he imitated in order to carry out this scam.
Anyways, weirdness aside, please keep in mind people are directly targeting this board to scam us. It is not just a matter of people accidentally posting scams they found, it is directed.
If you have money to invest, you are the asset. The dev needs you more than you need them.
submitted by ObscureReference142 to CryptoMoonShots [link] [comments]

[Sextortion] This is pretty surely a mass phishing message, but what's up with the delivery status notification?

See the text of the e-mail below. It seems like a standard mass-phishing scam because there was no data about me anywhere (and it would have been pretty easy to at least add my name, as it was addressed to my work email and a Google search would have returned quite a bit of results).
What I don't understand is that, right after the actual sender's e-mail (which I had not seen, as it went straight to spam), I got a mail in my Primary inbox, with subject "Delivery Status Notification (Failure)", saying "Your message wasn't delivered to [email address] because the address couldn't be found, or is unable to receive mail."
Does this mean the email contained some kind of read receipt that failed to work because it came from a throwaway email?

Hi!
Unfortunately, I have some bad news for you.Several months ago, I got access to the device you are using to browse the internet.Since that time, I have been monitoring your internet activity.
Being a regular visitor of adult websites, I can confirm that it is you who is responsible for this.To keep it simple, the websites you visited provided me with access to your data.
I’ve uploaded a Trojan horse on the driver basis that updates its signature several times per day, to make it impossible for antivirus to detect it. Additionally, it gives me access to your camera and microphone.Moreover, I have backed-up all the data, including photos, social media, chats and contacts.
Just recently, I came up with an awesome idea to create the video where you cum in one part of the screen, while the video was simultaneously playing on another screen. That was fun!
Rest assured that I can easily send this video to all your contacts with a few clicks, and I assume that you would like to prevent this scenario.
With that in mind, here is my proposal:Transfer the amount equivalent to 1500 USD to my Bitcoin wallet, and I will forget about the entire thing. I will also delete all data and videos permanently.
In my opinion, this is a somewhat modest price for my work.You can figure out how to purchase Bitcoins using search engines like Google or Bing, seeing that it’s not very difficult.
My Bitcoin wallet (BTC): [erased]
You have 48 hours to reply and you should also bear the following in mind:
It makes no sense to reply me - the address has been generated automatically.It makes no sense to complain either, since the letter along with my Bitcoin wallet cannot be tracked.Everything has been orchestrated precisely.
If I ever detect that you mentioned anything about this letter to anyone - the video will be immediately shared, and your contacts will be the first to receive it. Following that, the video will be posted on the web!
P.S. The time will start once you open this letter. (This program has a built-in timer).
Good luck and take it easy! It was just bad luck, next time please be careful.

submitted by namesurname80808 to Scams [link] [comments]

Work Email Scam asking for Bitcoins

So I just got a funny email at work from an old work email which we haven't even used for years and boy, papago had a fun time translating this. When I first read it, I gotta admit, my heart did skip a beat lol the English translation was so ominous lol but then it gave specific details which I knew were never true since I've never visited any adult sites at my work computer and after about 2 seconds, logic and reason kicked in and I knew for sure it was a bulk email sent out to everyone lol. I have no idea how they got into the system, this is a pretty funny and clever hack. they should have gone one step further and actually wrote our names in.

Can any bitcoin enthusiasts out there check to see if this wallet or whatever actually received any money???
안녕! 내가 지금 네 계정으로 너한테 이메일 보낸거 보여? 그래, 뭐 간단히 말하면 내가 네 기기에 마음껏 접속할 수 있다는 소리지.
지난 몇 달 동안 널 계속 지켜보고 있었어. 어떻게 지켜봤냐고? 그게 말이지, 넌 네가 접속했던 성인 사이트에 있던 악성 소프트웨어에 감염됐거든.
아마 무슨 소린지 잘 몰겠지만 내가 한 번 설명해볼게. 난 트로이 목마 바이러스를 통해서 네 컴퓨터와 다른 모든 기기에도 접속할 수 있었던거야. 이 말인 즉슨, 내가 원하면 언제라도 네 카메라와 마이크를 통해서 널 볼 수 있다는 뜻이지. 그것도 너 몰래 말이야. 네 폰에 있는 연락처 뿐만 아니라 네가 남들과 주고 받은 메세지도 볼 수 있지.
아마 이런 의문이 들지도 몰라. “내 컴퓨터엔 백신 프로그램이 돌아가고 있는데, 어떻게 그게 가능하단 말이야?” 뭐, 답은 간단해. 내 악성 소프트웨어 프로그램은 드라이버를 사용하기 때문이지. 게다가 4시간마다 그 드라이버의 시그니처를 업데이트해서 탐지를 막기 때문에 네 악성 소프트웨어 탐지 프로그램에 잡히지 않는다고.
난 네가 자위하는 영상을 가지고 있어. 왼쪽 화면엔 네가 딸치는 영상이 나오고 오른쪽엔 네가 자위하는 동안 봤던 영상이 나오지. 이보다 어떻게 더 나빠질 수 있을지 궁금하지? 내가 마우스를 한 번만 클릭하면 이 영상은 네 모든 SNS와 이메일 연락망으로 보내질거야. 네가 주고 받은 이메일이나 네가 사용하는 메신저에 접속해서 포스팅할 수도 있지.
이런 일이 일어나는걸 막고 싶다면, 방법은 간단해. 1500달러 상당의 비트코인을 내 비트코인 주소로 보내. (어떻게 하는지 모른다면 컴퓨터에서 “비트코인 구입”을 검색하도록).
내 비트코인 주소(BTC Wallet)는 : 1LoEmRkVxLWhKepbkK6xNb7Ts6hb3Cv5CE
네가 돈을 보낸게 확인되는 그 즉시 영상을 지워줄게. 그게 끝이야. 앞으로 날 볼 일도 없을거고. 이 거래의 기한은 단 이틀(48시간)이야. 네가 이 메일을 여는 순간 나에게 알람이 오고, 타이머가 작동되겠지.
신고를 하려고 시도해봐도 이 이메일과 내 비트코인 아이디는 추적할 수 없으니 헛수고일거라고. 난 이 일에 아주 오랜 시간을 투자해왔고, 실수는 절대 하지 않으니 말이야.
만약 네가 이 메세지를 다른 사람과 공유하려고 시도했다는 걸 내가 알게 된다면, 앞서 말했던 것처럼 네 영상을 널리 퍼뜨리겠어.
PAPAGO's Translation:
Hello!
Do you see that I just emailed you to your account?
Yeah, in short, it means I can access your device as much as I want.


I've been watching you for the last few months.
How did you watch? You know, you're infected with the malicious software on the adult site you accessed.


I'm sure you're not sure what I'm talking about, but let me explain.
I was able to access your computer and all the other devices through the Trojan horse virus.
Which means I can see you through your camera and microphone whenever I want. That's also behind your back. I can see not only the contact information on your phone but also the messages you exchanged with others.

Maybe you have this question. "There's a vaccine program running on my computer. How is that possible?" Well, the answer is simple.
Because my malware uses drivers. Plus, you update the driver's signature every four hours to prevent detection, so you don't get caught in your malware.

I have a video of you masturbating. On the left, there's a video of you tipping, and on the right, there's a video of you masturbating.
You wonder how it could get worse than this? Once I click on the mouse, this video will be sent to all of your SNS and email contacts.
You can also log on to the email you send and receive or the messenger you use and post it.

If you want to stop this from happening, the way is simple. Send $1500 worth of bitcoins to my bitcoin address. (If you don't know how, search your computer for "buy bitcoins.")

My Bitcoin address (BTC Wallet) is: 1LoEmRkVxLWhKepbkK6xNb7Ts6hb3Cv5CE

I'll delete the video as soon as I check that you sent me the money. That's it. You'll never see me again.
The deadline for this deal is only two days (48 hours).
As soon as you open this mail, the alarm will come to me and the timer will turn on.

If I try to report it, I can't track this email and my Bitcoin ID, so it's going to be a waste of time.
I've been spending a very long time on this, and I never make mistakes.

If I find out that you've tried to share this message with someone else, I'll spread your video like I said before.
submitted by ATMSPIDERTAO to korea [link] [comments]

"My transaction is stuck, what to do?" - an explainer [DRAFT]

In the last days we have been experiencing a sharp rise in price, which is historically correlated with many people transacting over the Bitcoin network. Many people transacting over the Bitcoin network implies that the blockspace is in popular demand, meaning that when you send a transaction, it has to compete with other transactions for the inclusion in one of the blocks in the future. Miners are motivated by profits and transactions that pay more than other transactions are preferred when mining a new block. Although the network is working as intended (blockspace is a scarce good, subject to supply/demand dynamics, regulated purely by fees), people who are unfamiliar with it might feel worried that their transaction is “stuck” or otherwise somehow lost or “in limbo”. This post attempts to explain how the mempool works, how to optimize fees and that one does not need to worry about their funds.

TL;DR: Your funds are safe. Just be patient* and it'll be confirmed at some point. A transaction either will be confirmed or it never leaves your wallet, so there is nothing to worry about in regards to the safety of your coins.

You can see how the mempool "ebbs and flows", and lower fee tx's get confirmed in the "ebb" times (weekends, nights): https://jochen-hoenicke.de/queue/#0,30d
* if you are in hurry there are things like RBF (Replace By Fee) and CPFC (Child Pays For Parent), which you can use to boost your transaction fees; you will need an advanced wallet like Bitcoin Core or Electrum for that though. Keep also in mind that this is not possible with any transaction (RBF requires opt in before sending, f.ex). If nothing else works and your transaction really needs a soon confirmation, you can try and contact a mining pool to ask them if they would include your transaction. Some mining pools even offer a web-interface for this: 1, 2.
Here’s how Andreas Antonopoulos describes it:
In bitcoin there is no "in transit". Transactions are atomic meaning they either happen all at once or don't happen at all. There is no situation where they "leave" one wallet and are not simultaneously and instantaneously in the destination address. Either the transaction happened or it didn't. The only time you can't see the funds is if your wallet is hiding them because it is tracking a pending transaction and doesn't want you to try and spend funds that are already being spent in another transaction. It doesn't mean the money is in limbo, it's just your wallet waiting to see the outcome. If that is the case, you just wait. Eventually the transaction will either happen or will be deleted by the network.
tl;dr: your funds are safe

How is the speed of confirmations determined in bitcoin?

Open this site: https://jochen-hoenicke.de/queue/#0,2w
Here you see how many transactions are currently (and were historically) waiting to be confirmed, i.e how many transactions are currently competing with your transaction for blockspace (=confirmation).
You can see two important things: the differently coloured layers, each layer representing a different fee (higher layer = higher fees). You can point at a layer and see which fees (expressed in sat/byte) are represented in this layer. You can then deduct which layer your own transaction is currently at, and how far away from the top your position is (miners work through the mempool always from the top, simply because the tx's on top pay them more). You can estimate that each newly mined block removes roughly 1.xMB from the top (see the third graph which shows the mempool size in MB). On average, a new block is produced every ten minutes. But keep in mind that over time more transactions come into the mempool, so there can be periods where transactions are coming faster than transactions being “processed” by miners.
The second important observation is that the mempool "ebbs and flows", so even the lower paid transactions are periodically being confirmed at some point.
In short: what determines the speed of a confirmation is A) how high you set the fees (in sat/byte), B) how many other transactions with same or higher fees are currently competing with yours and C) how many transactions with higher paid fees will be broadcast after yours.
A) you can influence directly, B) you can observe in real time, but C) is difficult to predict. So it's always a little tricky to tell when the first confirmation happens if you set your fees low. But it's quite certain that at some point even the cheap transactions will come through.

So what happens if my transaction stays unconfirmed for days or even weeks?

Transactions are being broadcast by the full nodes on the network. Each node can adjust their settings for how long they keep unconfirmed transactions in their mempool. That’s why there is not a fixed amount of time after which a transaction is dropped from the mempool, but most nodes drop unconfirmed tx’s after two weeks [IS THIS CORRECT?]. This means that in the absolute worst case the unconfirmed transaction will simply disappear from the network, as if it never happened. Keep in mind that in those two weeks the coins never actually leave your wallet. It’s just that your wallet doesn’t show them as “available”, but you still have options like RBF and CPFP to get your transaction confirmed with higher fees, or to “cancel” your transaction by spending the same coins onto another address with a higher fee.

Helpful tools to estimate fees for future transactions:

Here are some resources that can help you estimate fees when sending a bitcoin transaction, so you don't end up overpaying (or underpaying) unnecessarily. Keep in mind that in order to take advantage of this, you need a proper bitcoin wallet which allows for custom fee setting. A selection of such wallets you can find here or here.
The order here is roughly from advanced to easy.
1) https://jochen-hoenicke.de/queue/#0,24h
Here you can see a visualization of how many unconfirmed transactions are currently on the network, as well as how many were there in the past. Each coloured layer represents a different fee amount. F.ex the deep blue (lowest layer) are the 1sat/byte transactions, slightly brighter level above are the 2sat/byte transactions and so on.
The most interesting graph is the third one, which shows you the size of the current mempool in MB and the amount of transactions with different fee levels, which would compete with your transaction if you were to send it right now. This should help you estimating how high you need to set the fee (in sat/byte) in order to have it confirmed "soon". But this also should help you to see that even the 1sat/byte transactions get confirmed very regularly, especially on weekends and in the night periods, and that the spikes in the mempool are always temporary. For that you can switch to higher timeframes in the upper right corner, f.ex here is a 30 days view: https://jochen-hoenicke.de/queue/#0,30d. You clearly can see that the mempool is cyclical and you can set a very low fee if you are not in hurry.
2) https://mempool.space
This is also an overview of the current mempool status, although less visual than the previous one. It shows you some important stats, like the mempool size, some basic stats of the recent blocks (tx fees, size etc). Most importantly, it makes a projection of how large you need to set your fees in sat/byte if you want your transaction to be included in the next block, or within the next two/three/four blocks. You can see this projection in the left upper corner (the blocks coloured in brown).
3) https://whatthefee.io
This is a simple estimation tool. It shows you the likelihood (in %) of a particular fee size (in sat/byte) to be confirmed within a particular timeframe (measured in hours). It is very simple to use, but the disadvantage is that it shows you estimates only for the next 24 hours. You probably will overpay by this method if your transaction is less time sensitive than that.
4) https://twitter.com/CoreFeeHelper
This is a very simple bot that tweets out fees projections every hour or so. It tells you how you need to set the fees in order to be confirmed within 1hou6hours/12hours/1day/3days/1week. Very simple to use.
Hopefully one of these tools will help you save fees for your next bitcoin transaction. Or at least help you understand that even with a very low fee setting your transaction will be confirmed sooner or later. Furthermore, I hope it makes you understand how important it is to use a wallet that allows you to set your own fees.
submitted by TheGreatMuffin to u/TheGreatMuffin [link] [comments]

Bob The Magic Custodian



Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses.
Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes.

First, some background. Here is a summary of how custodians make us more secure:

Previously, we might give Alice our crypto assets to hold. There were risks:

But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
See - all problems are solved! All we have to worry about now is:
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are!

"On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid".
"Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since."

"As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!"
"Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?"

"Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party."
"Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!"

"What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven."
"Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!"

"We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies.
And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often".

How many holes have to exist for your funds to get stolen?
Just one.

Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so?
If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security.

The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle.

And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet?

Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds.
So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever.

Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see.
It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation.
A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7.

History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance.
Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.)
Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive.

Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today.
Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well.
Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do.

Facts/background/sources (skip if you like):



Thoughts?
submitted by azoundria2 to QuadrigaInitiative [link] [comments]

How to watch blockchain bitcoin Addresses. How to properly delete old bitcoin wallet and free up 150+ GB of space how to auto changed blockchain wallet address How to find your Bitcoin wallet address on Luno.com - YouTube How to get a Bitcoin Wallet Address - FREE & in under a ...

If someone sends bitcoin to that old address, it may be permanently gone for good and unable to be spent by you. There is zero risk to just leaving your address in there. level 2. Original Poster-3 points · 6 years ago. I'll still have the address, it won't be in that wallet. How do I remove it from the address list. Just open the wallet file in notepad? Thanks for almost answering. We're ... Anybody who helped you "delete your wallet" would become an accessory to whatever crime you've committed. Fortunately there is no way to delete transactions on the Blockchain, so no chance of anybody being charged with destroying evidence. In future, keep your nose clean. People who abuse Bitcoin for criminal ends are scum. Coinbase is a hosted wallet service, which means we manage your private keys for you. It is not possible to delete a crypto address from your Coinbase account. Deleting addresses from any wallet is highly discouraged since any funds sent to an address which has had its private key deleted will be lost forever. To import a bitcoin address from a third party platform, click on + Import Bitcoin Address and select Existing address generated outside this wallet. Enter the private key of the bitcoin address you want to import. Next, add a label for the address (optional) and select an existing sub-wallet to transfer the funds to, or leave this blank if you want the funds to remain in Imported Addresses. Click Then use one of the new addresses of the new wallet and transfer the funds from the old wallet to it. Delete the old wallet in the old datadir and copy over the new wallet.dat. Works for me :) If there is a particular address that you would like to keep, working with dumpprivkey and importing should work.

[index] [19310] [11730] [385] [22059] [3361] [32019] [262] [27186] [47616] [22388]

How to watch blockchain bitcoin Addresses.

This tutorials is to show you how to change winmax miner software bitcoin wallet address and still mine. This video is rated and managed by DevTech Plus IO V... how to auto changed blockchain wallet address If you wanted to chat with us then join this whatsapp group for more information .... Whatsapp link - https://c... How to properly delete old bitcoin wallet and free up 150+ GB of space on your computer hard drive. How to download WinDirStat? https://www.youtube.com/watch... If you want to find out more about the tools we have for cryptocurrency investors in our Masters area, see video here: https://moocharoo.ninja/bmm Also try: ... You can easily find your Unocoin wallet address from your Unocoin dashboard. This video will help you find Uncoin bitcoin wallet address. You can find your p...

#