New 1.5m sat bounty is live for NIP-26 implementation in Amethyst!

GitHub

[FEATURE] Implement NIP-26 delegated key login via QR codes · Issue #331 · vitorpamplona/amethyst

Is your feature request related to a problem? Please describe. Currently when using Nostr, you have to expose your root private key to any client y...

Specifically asking for login via delegated key signing, allowing you to authorize a login on Amethyst from a cold storage device like Passport without ever revealing your root Nostr key to Amethyst. Your Nostr key stays cold, but you get full client functionality, and you can sign in in just a few seconds with a simple QR code exchange 👀

A post on Wasabi Wallet and their new protocol, WabiSabi after more digging/research: First off, please do not connect my joining their Space last week or researching their protocol as lending *any* credence or support for their approach or wallet. I still do not recommend using it in any way. Digging into WabiSabi has revealed some core issues that should prevent you from considering using it. Note this list is not in any particular order. 1) Wasabi's funding and willing usage of chain surveillance companies puts your on-chain data at risk when you use them. This usage of CA could not only lead to harming your privacy directly, but could also easily be turned into a honeypot where "bad inputs" automatically get sent to mix with only Sybil inputs, providing 0 privacy but not showing that in your client. Easy surveillance. 2) WabiSabi as a protocol is only a tool for aggregating inputs where each input/output is blinded from the coordinator, and is not in any way a Coinjoin protocol - it is merely the input aggregation portion of one. As such, the specifics of the WW2 protocol are unclear. 3) There is currently *zero* way to verify the privacy provided by a given mixing round in WW2, and even Wasabi themselves don't seem to understand how their "anon score" metric works. If you can't verify the privacy you get, you *should not trust it*. 4) "Lonely whales" (i.e. those with larger amounts of Bitcoin) can often gain *zero* privacy in mixes and have 100% deterministic links between their inputs and outputs. Have seen as little as 6 BTC gaining no privacy from mixing rounds. 5) Due to the client + coordinator not learning amounts chosen by participants in rounds before mixing, you can never be sure that a mixing round provides you with any privacy, as it's always possible no one selects the same amounts as you, providing an anon set of 1 (your input/output). 6) The usage of "big TX = good privacy" in Wasabi marketing is BS, as the only thing that matters for privacy in a transaction is the potential outputs to match your inputs. That is really only the outputs that share a denomination with your output, not all outputs in a TX. 7) If the creators of this purported privacy tool don't know how to measure the privacy provided by their protocol, it should raise red flags for you. Not knowing how your own protocol actually provides privacy opens up so many potential implementation flaws. 8) There is a *long* history of tracing of Wasabi's previous implementation due to flaws in protocol and flaws in implementation, so we should be incredibly wary of trusting privacy claims until 100% proven over time. 9) There remain *zero* post-mix spending tools in Wasabi, something that is absolutely vital to actually gaining privacy from Coinjoin's when spending Bitcoin. Even if the protocol was perfect this would lead to many privacy issues and "foot guns". This post comes after spending many hours digging into the WabiSabi protocol, their documentation, and speaking with them at length. I have no personal beef with Wasabi but try to remain open to learning from new approaches and wanted to give WabiSabi a fair shake. As a note to Thibaud and others I spoke with on the Space last week, that was not merely recon or similar, I genuinely wanted to learn and thought that would be a good place. Unfortunately I didn't really get much mic time or many questions answered and it felt like marketing. I don't write this thread to incite more hateful rhetoric between "camps," but because I care about *your* privacy above all and do not want to accidentally push people to use a tool I don't deem sufficient for privacy in Bitcoin. Just as I love and recommend Monero widely while working on Bitcoin, I love and recommend Samourai Wallet as a proven tool for privacy that I have used successfully over the years and seen proven time and again to work and provide solid privacy on-chain. If I saw Wasabi Wallet as a workable and useful privacy tool today without core issues I wouldn't hesitate to recommend it, as I'm not an anything maximalist or tied to any camps. But that is not the case today, and I can't recommend anyone use Wasabi Wallet (still). I'm sure this will piss a lot of people off (I seem good at that recently 🙃) I want to always be sure that people know where I stand in relation to privacy tools, and that stance hasn't changed despite spending a good amount of time digging into Wasabi. tl;dr: Keep using Samourai Wallet or Sparrow Wallet for Bitcoin privacy, the holistic toolkit they've built is beyond compare and has a proven track record of efficacy.

Started a bounty for importing nsec as a QR code from a secure hardware device like Passport:

GitHub

[FEATURE] Allow importing nsec from QR code · Issue #328 · vitorpamplona/amethyst

Is your feature request related to a problem? Please describe. One of the core issues with Nostr today is that generating and storing a Nostr priva...

So far we have 750k sats pledged, really look forward to this as it will greatly simplify logins from a secure, air-gapped device! Step by step we'll get better key management with better backup options by leveraging the infrastructure we already use for our Bitcoin keys.

Busy Sunday for me so far, kicking off #SkepticismSundays a little late! The goal of this thread (which I'll post weekly on Sunday's) is for discussing the uncertainties, shortcomings, and concerns some may have about Bitcoin. NOT the positive aspects of it. Discussing things with a critical thinking approach and level-headed discussion helps us learn where Bitcoin and it's community can improve and go from there. We had a *fantastic* amount of good conversations last week so I can't wait to see this week's! What's gotten you thinking, has you concerned, or always irked you about Bitcoin, its ecosystem, etc?