Kyle Linkinbio

BITCOIN DIY SIGNING DEVICE THREAD Here I'll keep track of the various complete DIY signing devices and their relevant repositories which contain essential info for acquiring parts, assembling, and flashing.

@D00MSDRE Very lazy answer: Use @RoninDojoNode as your node, connect to it with @SparrowWallet, sign transactions with @SeedSigner. More detailed answer: sovrnbitcoiner.com/the-ultimate-b…

@KyleOfTheCorn What is your current preference for full node FOSS and device combo. I'm ready to run a Bitcoin only HW set but had always been lazy and looked at prebuilt....what is your default recommendation to a friend?

BITCOIN DIY SIGNING DEVICE THREAD Here I'll keep track of the various complete DIY signing devices and their relevant repositories which contain essential info for acquiring parts, assembling, and flashing.

@Metatainment More engagement/glow posting. Already been discussed with him. twitter.com/KyleOfTheCorn/…

@KyleOfTheCorn have at it:

@Nme1ess2 @SamouraiWallet @SparrowWallet Yes. If you're going to use bitcoin bought with KYC as an initial deposit on Bisq, use a Whirlpool post-mix output so that it can't be traced back to your identity.

Bitcoin privacy tools @SamouraiWallet and @SparrowWallet have been added to "The Hitchhiker's Guide to Online Anonymity". anonymousplanet.org/guide.html

@SamouraiWallet @btccamper Just pointing out the goalpost. 😉

@KyleOfTheCorn @btccamper

Did I dream this or did I read *somewhere* that the @SamouraiWallet Android app will support a "mix to xpub" feature sometime in the future?

@SamouraiWallet @btccamper So the argument is 5 mobile users and 5 addresses from known xpubs on the input side, 4 addresses from known xpubs on the output side. So that remaining 1 is obvious.

@btccamper @KyleOfTheCorn They'd be indistinguishable from those who are running their own Dojo node or using a non samourai client like Sparrow.

@btccamper @SamouraiWallet Ah so there's where the goalpost goes.

@FullyOrange @SeedSigner @jokoono @revetuzo Absolutely it requires trust in the manufacturer. I would rather build my own signing device with general purpose hardware, which is why I use a SeedSigner.

@KyleOfTheCorn @SeedSigner @jokoono @revetuzo But then, you're putting trust into BitBox manufacturer for 1) doing that in the exact way & order, and 2) not store your signing key somewhere in their server Therefore, tRaDeOfFfs

Is it really so hard to understand? Ooooh, the latter hurts some "Bitcoin only" companies' profits.

@Cryptocasts4u @Vikingobitcoin9 Ah I used to have the 15 methods post there. 🤦‍♂️ Anyway it's at the bottom.

@Cryptocasts4u @Vikingobitcoin9 Look at my last name. 😏

I will not be controlled. This is more than just money. #btc

@carlucci7777 @btc_gorilla @SamouraiWallet It doesn't really affect me because I can use Sparrow and my own Dojo node, yes. I'm excited about this for those who can't.

@KyleOfTheCorn @btc_gorilla @SamouraiWallet Sparrow Wallet already supports this, right? I'm curious why you are excited for mobile app support. How does this factor into improving your setup?

@SeedSigner @jokoono @revetuzo BitBox02 does have good defense against this in that they put their signing key in the device when it's manufactured, so malicious firmware couldn't be installed on it. If I'm remembering correctly.

@jokoono @KyleOfTheCorn @revetuzo The coordinator (not SeSi) derives addresses from the XPUB, but yes if it came from a compromised private key it's the same thing. Unfortunately every HWW is subject to this kind of attack, def makes sense to verify correlation of seed/PK/XPUB regardless what HWW/signer you use.

@jokoono @SeedSigner @revetuzo Do any wallets (coordinators) not validate that the signed tx coming back from the signing device doesn't match the unsigned tx that was sent to it?

@SeedSigner @KyleOfTheCorn @revetuzo I mean that it alters the OS the seed signer is running so that it seems like it uses user supplied entropy / seed but actually derives addresses that are controlled by the attacker.

@jokoono @SeedSigner @revetuzo Yep, this is why it's important to have a Bitcoin-only machine, which would severely limit the chances of it getting infected with such malware.

@SeedSigner @KyleOfTheCorn @revetuzo Of course, everything is a tradeoff - that's all i'm saying and why I made the meme. Exploit would be an infected pc that seemingly builds the correct image but in the bg builds a compromised image, which then gets flashed onto the sd. SS then uses attackers seed for addr gen..

@jokoono @SeedSigner @revetuzo You're gonna make him say tradeooooffffsss!

@SeedSigner @revetuzo @KyleOfTheCorn Yep, but of course that still leaves a compromised pc as a potential risk

@snitchy_asc @SamouraiWallet I'm slow. 🥲

@SamouraiWallet @discretelog @snitchy_asc Yeah I remember an issue on Gitlab about it, but I don't think that one considered PayNyms.

@discretelog @snitchy_asc @KyleOfTheCorn Not new, just newly revealed on birdsite, we think about this stuff a lot ;)

@SamouraiWallet @snitchy_asc This would be very cool, especially if the timing isn't important. On the receiving end, I would want the output to go to my post-mix account so that it can continue remixing and I get post-mix spending tools.

@snitchy_asc @KyleOfTheCorn Mix to PayNym 🤯

@heSAYSuh @Vikingobitcoin9 You're still marked for an amount which you bought with KYC.

@KyleOfTheCorn @Vikingobitcoin9 Why couldn't I eventually buy non-kyc coins with kyc coins?

@AlecGriffin21 @Vikingobitcoin9 twitter.com/KyleOfTheCorn/…