Someone sent me a serious stack of sats a few hours ago. Whoever it was - thank you! 😎 Always very appreciated! 🙏🧡

A Privacy Loophole When Installing @GrapheneOS on a Pixel For anyone serious about de-Googling their life, you need to know about this. I've seen privacy concerned people overlook a crucial step in the GrapheneOS installation process that creates a direct link to Google. The Step: On a Google Pixel, before you can unlock the bootloader, you must enable "OEM unlocking" in the Developer Options. The moment you toggle that setting, your phone makes a network request to Google's servers. Google receives that request and can see your IP address. If you're doing this from your home network, an IP tied to your name, you've just created a digital fingerprint linking you (and your location) to that specific device's serial number before you even wiped it. Google now knows that 1) the person at your IP address is in possession of that specific Pixel phone, and 2) that you intended to modify its software!!! How to Mitigate: Use a trustworthy VPN, or preferably, public Wi-Fi (like a café) that is not associated with you.

I have a security question that has been bugging me. When a wallet broadcasts a Bitcoin transaction, we trust it's only sending the signature and transaction data. But how can we be certain that fragments of the private key aren't being secretly embedded in the broadcast over time? For example, could a malicious hardware wallet manufacturer design a device that, after many transactions, allows them to reassemble the bits and know the private key? Has anyone ever done a public test where the same seed phrase is used on different hardware wallets (like @Coinkite @DETERMINISTIC OPTIMISM 🌞, Trezor @karliatto, @Keystone) to sign the exact same transaction? If the resulting signatures are identical, would that be definitive proof that both devices are performing the standard, non-corrupted signing process?