Bitcoin Cracking Searching Bitcoin Private Key Space

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

The next XVG? Microcap 100x potential actually supported by fundamentals!

What’s up team? I have a hot one for you. XVG returned 12 million percent in 2017 and this one reminds me a lot of it. Here’s why:
Mimblewimble is like Blu-Ray compared to CD-ROM in terms of its ability to compress data on a blockchain. The current BTC chain is 277gb and its capacity is limited because every time you spend a coin, each node needs to validate its history back to when it was mined (this is how double spending is prevented). Mimblewimble is different - all transactions in a block are aggregated and netted out in one giant CoinJoin, and only the current spending needs to be verified. This means that dramatically more transactions can fit into a smaller space, increasing throughput and lowering fees while still retaining the full proof of work game theory of Bitcoin. These blockchains are small enough to run a full node on a cheap smartphone, which enhances the decentralization and censorship resistance of the network.
The biggest benefit, though, is that all transactions are private - the blockchain doesn’t reveal amounts or addresses except to the actual wallet owner. Unlike earlier decoy-based approaches that bloat the chain and can still be data mined (XMR), Mimblewimble leaves no trace in the blockchain, instead storing only the present state of coin ownership.
The first two Mimblewimble coins, Grin and Beam, launched to great fanfare in 2019, quickly reaching over $100m in market cap (since settled down to $22m and $26m respectively). They are good projects but grin has infinite supply and huge never-decreasing emission, and Beam is a corporate moneygrab whose founding investors are counting on you buying for their ROI.
ZEC is valued at $568m today, despite the facts that only 1% of transactions are actually shielded, it has a trusted setup, and generating a confidential transaction takes ~60 seconds on a powerful PC. XMR is a great project but it’s valued at $1.2b (so no 100x) and it uses CryptoNote, which is 2014 tech that relies on a decoy-based approach that could be vulnerable to more powerful computers in the future. Mimblewimble is just a better way to approach privacy because there is simply no data recorded in the blockchain for companies to surveil.
Privacy is not just for darknet markets, porn, money launderers and terrorists. In many countries it’s dangerous to be wealthy, and there are all kinds of problems with having your spending data be out there publicly and permanently for all to see. Namely, companies like Amazon are patenting approaches to identify people with their crypto addresses, “for law enforcement” but also so that, just like credit cards, your spending data can be used to target ads. (A) Coinbase is selling user data to the DEA, IRS, FBI, Secret Service, and who knows who else? (B) What about insurance companies raising your premiums or canceling your policy because they see you buying (legal) cannabis? If your business operates using transparent cryptocurrency, competitors can data mine your customer and supply chain data, and employees can see how much everyone else gets paid. I could go on, but the idea of “I have nothing to hide, so what do I care about privacy?” will increasingly ring hollow as people realize that this money printing will have to be paid by massive tax increases AND that those taxes will be directly debited from their “Central Bank Digital Currency” wallets.
100% privacy for all transactions also eliminates one HUGE problem that people aren’t aware of yet, but they will be: fungibility. Fungibility means that each coin is indistinguishable from any other, just like paper cash. Why is this important? Because of the ever-expanding reach of AML/KYC/KYT (Anti-Money Laundering / Know Your Customer / Know Your Transaction) as regulators cramp down on crypto and banks take over, increasingly coins become “tainted” in various ways. For example, if you withdraw coins to a mixing service like Wasabi or Samourai, you may find your account blocked. (C) The next obvious step is that if you receive coins that these chainalysis services don’t like for whatever reason, you will be completely innocent yet forced to prove that you didn’t know that the coins you bought were up to no good in a past life. 3 days ago, $100k of USDC was frozen. (D) Even smaller coins like LTC now have this problem, because “Chinese Drug Kingpins” used them. (E) I believe that censorable money that can be blocked/frozen isn’t really “your money”.
Epic Cash is a 100% volunteer community project (like XVG and XMR) that had a fair launch in September last year with no ICO and no premine. There are very few projects like this, and it’s a key ingredient in Verge’s success (still at $110m market cap today despite being down 97% since the bubble peak) and why it’s still around. It has a small but super passionate community of “Freemen” who are united by a belief in the sound money economics of Bitcoin Standard emission (21m supply limit and ever-decreasing inflation) and the importance of privacy.
I am super bullish on this coin for the following reasons:
Because it doesn’t have a huge marketing budget in a sea of VC-funded shitcoins, it is as-yet undiscovered, which is why it’s so cheap. There are only 4 Mimblewimble-based currencies on the market: MWC at $162m, BEAM at $26m, GRIN at $22m, and EPIC at $0.4m. This is not financial advice and as always, do your own research, but I’ve been buying this gem for months and will continue to.
This one ticks all the boxes for me, the only real problem is that it’s hard to buy much without causing a huge green candle. Alt season is coming, and coins like this are how your neighbor Chad got his Lambo back in 2017. For 2021, McLaren is a better choice and be sure to pay cash so that it doesn’t get repossessed like Chad!
  1. A https://www.vice.com/en_us/article/d35eax/amazon-bitcoin-patent-data-stream-identify-cryptocurrency-for-law-enforcement-government
  2. B https://decrypt.co/31461/coinbase-wants-to-identify-bitcoin-users-for-dea-irs
  3. C https://www.coindesk.com/binance-blockade-of-wasabi-wallet-could-point-to-a-crypto-crack-up
  4. D https://cointelegraph.com/news/centre-freezes-ethereum-address-holding-100k-usdc
  5. E https://www.coindesk.com/us-treasury-blacklists-bitcoin-litecoin-addresses-of-chinese-drug-kingpins
  6. F https://www.youtube.com/channel/UCWkTxl5Z6DNN0ASMRxSKV5g
  7. G http://epic.tech/whitepaper
  8. H https://medium.com/epic-cash/epic-cash-on-uniswap-22447904d375
  9. I https://epic.tech/wp-content/uploads/2019/09/figure-3.1.jpg
Links:
submitted by pinchegringo to CryptoMoonShots [link] [comments]

[ Bitcoin ] Technical: Taproot: Why Activate?

Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
[deleted comment]
[deleted comment]
[deleted comment]
submitted by anticensor_bot to u/anticensor_bot [link] [comments]

morning joe

The U.S. State Department has ordered the closure of China's consulate in Houston to protect property and "private information" of Americans as reports came in last night of documents being burned in the compound's courtyard. "We urge the U.S. to immediately withdraw its erroneous decision. Otherwise China will make legitimate and necessary reactions," China's Foreign Ministry declared, as the U.S. dollar surged against the Chinese yuan, breaking the key 7 level. On Tuesday, the DOJ also accused two Chinese hackers of working for the government to steal terabytes of data, including coronavirus research, from Western companies across 11 nations. Go deeper: China may respond by closing the U.S. consulate in Wuhan.
Tensions hit sentiment
S&P 500 futures pulled back 0.4% overnight following the diplomatic flare-up, which adds to concerns over the deteriorating relationship between the economic superpowers. President Trump already dimmed hopes of a Phase 2 trade deal earlier this month, saying the relationship with China had been too badly damaged by COVID-19. Investors are also questioning whether Congress will reach an agreement on the next coronavirus stimulus bill before lawmakers start their summer recess, while Trump warned the pandemic will probably "get worse before it gets better."
Earnings
Two big names are on the radar today as earnings season kicks into high gear. Following a record number of car deliveries earlier in July, Tesla (NASDAQ:TSLA) may report a fourth straight quarterly profit, which could qualify the high-flying stock for inclusion in the S&P 500. Shares have jumped more than 50% this month alone (adding to the stock's more than 3x increase this year), as investors bet on a sudden jump in demand from passive funds that track the benchmark. Don't forget about Microsoft (NASDAQ:MSFT)! Much of the focus will continue to center around its cloud business amid recent trends towards remote work.
Twitter cracks down on 'QAnon' activity
"We've been clear that we will take strong enforcement action on behavior that has the potential to lead to offline harm," the company said via its Twitter Safety account. "In line with this approach, this week we are taking further action on so-called 'QAnon' activity across the service." A Twitter (NYSE:TWTR) spokesperson said more than 7,000 QAnon-related accounts were banned in recent weeks, while the platform limited the distribution of 150,000 others. According to Wikipedia, QAnon is a "far-right conspiracy theory detailing a supposed secret plot by an alleged 'deep state' against U.S. President Donald Trump and his supporters." Last year, the FBI designated QAnon as a potential domestic terror threat.
Abandoning hopes
While U.K. and EU negotiators began the latest round of Brexit negotiations on Monday, the two sides remain deadlocked over fishing rights, level playing field guarantees, governance of the deal and the role of the European Court of Justice. With just days to go until Boris Johnson's deadline for an outline agreement, senior sources told The Telegraph that there is now an assumption that "there won't be a deal." What would happen in that case? The U.K. would leave the bloc on December 31 by following default WTO rules and specific agreements for certain goods. The British government has also abandoned hopes of clinching a U.S. free trade deal ahead of the presidential election in November, with the novel coronavirus outbreak blamed for slow progress.
Record retail trading volumes
Earnings yesterday from some of the biggest publicly traded brokers have highlighted the major jump into retail trading. TD Ameritrade (NASDAQ:AMTD), which is set to be acquired by Charles Schwab (NYSE:SCHW), added a record 661K new funded retail accounts in Q2, surpassing the 608K new accounts during the first quarter. A record 3.4M daily average revenue trades were also noted, more than four times last year's levels and 62% more than the prior quarter. Interactive Brokers (NASDAQ:IBKR), which additionally beat on the top and bottom lines, said its daily average revenue trades increased 111% since the same quarter last year, while customer accounts grew to 867K.
737 MAX may not return until next year
The latest timeline anticipates the FAA won't finish work to lift its March 2019 grounding order until late October or early November because the agency has decided to ask for public comments before finalizing software and hardware changes, WSJ reports. Completing pilot training and maintenance checks is expected to stretch well into December, and only then will the MAX be ready to return to commercial service. That means the jets are expected to be grounded at least as long under current Boeing (NYSE:BA) CEO David Calhoun as under his predecessor, Dennis Muilenburg, who was ousted at the end of 2019 after repeated delays in getting the plane back in the air. BA -1.3% premarket.
Self-driving partnerships
Ending work on autonomous commercial vehicles it began with startup Aurora in 2019, Fiat Chrysler (NYSE:FCAU) has selected Waymo as its exclusive, strategic technology partner for "Level 4" fully self-driving technology across its full product portfolio. The collaboration will start with the Ram ProMaster full-size van, though it's likely to expand given Fiat's expected merger with PSA Group into a company called Stellantis. It's been quite a run for the Alphabet (GOOG, GOOGL) unit. Waymo, considered the leader in autonomous vehicle development, inked another partnership in June with Volvo Cars (OTCPK:GELYY) to develop self-driving electric vehicles designed for ride-hailing.
What else is happening...
Senate committee clears Shelton, Waller for Fed positions.
Apple (NASDAQ:AAPL) pledges to be 100% carbon neutral by 2030.
Best Buy (NYSE:BBY) sales are rebounding as stores reopen.
Tesla's (TSLA) Elon Musk qualifies for another $2.1B payday.
Jamf (JAMF) prices upsized IPO above range at $26.
Tuesday's Key Earnings Coca-Cola (NYSE:KO) +2.3% saying the worst is over. Lockheed Martin (NYSE:LMT) +2.6% topping estimates, raising guidance. Philip Morris (NYSE:PM) +4.2% posting better-than-feared results. Snap (NYSE:SNAP) -6.2% AH on lagging Q2 growth. Texas Instruments (NASDAQ:TXN) +1.3% AH following Q2 beats, upside outlook. United Airlines (NASDAQ:UAL) +1.2% AH expecting to lower cash burn.
Today's Markets In Asia, Japan -0.6%. Hong Kong -2.3%. China +0.4%. India -0.2%. In Europe, at midday, London -0.9%. Paris -1.2%. Frankfurt -0.6%. Futures at 6:20, Dow -0.4%. S&P -0.4%. Nasdaq flat. Crude -1.3% to $41.36. Gold +0.7% to $1856.50. Bitcoin -0.7% to $9351. Ten-year Treasury Yield -2 bps to 0.59%
Today's Economic Calendar 7:00 MBA Mortgage Applications 9:00 FHFA House Price Index 10:00 Existing Home Sales 10:30 EIA Petroleum Inventories 1:00 PM Results of $17B, 20-Year Bond Auction
submitted by upbstock to Optionmillionaires [link] [comments]

My Trezor (MEW?) account got compremised, funds were stolen

Hello ladies and gentleman,
I hope you can help me out somehow. I put it in bitcoin as well despite its ethereum but its about trezor and the btc part is involved. In mid september all my ethereum and ethereum based stuff was cleared from my MEW accounts for roughly 38k USD. Trezor couldnt help me at all and we went through all the topics and questions they had which lead to nothing exept an basic answer “your seeds got compromised in the past“, which doesn’t make any sense and I will explain why.
Lets say, Im a person with some basic tech knowledge and worked as admin and I use common sense to handle my crypto stuff which is part of my business and daily task since 2 years.I check all things again before sending. Adress, amount etc and never had any problems before.I never was on a fake page where I had to give my seed or passphrases inI dont open spam mails nor use my new laptop for something else then work, like visiting porn sites or shady stuff or use cracks etc. I didnt even found a malitous cookie after checking everything. The laptop I used was 3 months old and set up on my own with windows, firwall, antivir and anti malware stuff. Things I am doing form me and my friends since year 2000. No cracks used for programms, everything legal. I use a trezor one since then which is updated accordingly when the tool or page prompts me. I used to use chrome as my default browser (which i learned, over the past months trying to figure out what might have happened, is one oft the worst browsers).
No one has my seedsno one knows my pin to entert the trezorI dont store any of this information onlineI dont know my private keys from trezor
So what happened was that september 9 in the evening, a few hours after I sent some usdt deposit to my adress, I want to check if everything is there, login to my MEW account (online, not offline and url was correct. no addon used, just the shortcut in my browser which i safed there and always used and later checked i fit was linked to something else which wasnt), and the account was empty. Three ethereum adresses where i stored some coins, eth and usdt.
I realised that every transaction below happened while i was standing infront of my laptop (checked time happening), trezor connected cause i did some btc transaction before and chatted to customers on different chat tools like telegram or skype. Obvsly without signing any transaction at all everything was sent to other adresses. It seemed someone got the keys to those adresses before. Now, I dont even know my private keys to those adresses which are stored in trezor right? I wasnt logged into MEW before this incident for about 1.5 days. The btc part on my trezor is MUCH more valuable, but still there. After trezor couldnt help me about what happened and MEW treated me like the standard idiot who gets highjacked and then wonders why his money is gone, I went trough so many possibilities. For the most time I thought some kind of KRACK attack happened.
The only problem is trezor says they dont extract the private keys. Some gurus in this topic ( i read on reddit here) say its possible to get them from the network. Even parts are enough to encrypt the whole key after a while which would underline the timeline that it took 6 days from working in this hotel and having the unusual situation with the sending (down explained) till the accs got cleared.
The hotel incident happened the week before my accounts got cleared. I was visitting friends and coworking agents in Vietnam and stayed in a red doorz hotel in Ho Chi Minh. Using the Hotel Wifi and a nvpn.net VPN I sent some usdt funds via MEW to a befriended customer and something very stranged happened, which I never had before.I sent 4k usdt to a customer and the transaction took 13 min working working working and then failed. I’ve never had something like that. We thought it might be because of eth network or so but we never had that before, me and him sending a lot transactions every day.
Then i copied all details in again and send another 4k and somehow he recieved both!
check the screen. The one transaction processed nearly 13 min then failed. 2min later i sent a new one and without any evidence in this screen he recieved both.
https://s19.directupload.net/images/200121/27e8uyd3.jpg
later
https://s19.directupload.net/images/200121/3todak3u.png
So he sent me back the additional 4k and I shut down everything not thinking about this much anymore. Only when the accounts got cleared I was searching for any unusual happenings which could have let to this because pretty much all other “typical“ mistakes people normally do we could exclude. If somehow my seeds got compromised why only the ETH stuff? The btc parts on the trezor had much much more value. I never searched for trezor page on the web and used a link to access my wallets or to do updates. I always used the trezor bridge and made a shortcut to my wallet in my browser. For MEW i always used the same shortcut in my browser which worked pretty fine for the past years an everytime when setting the browser or pc new i checked it all before.
Because of the unusual thing which happened in Vietnam I flew back there (from philippines) prepared with tools and checking because I couldnt let go and I didnt find any other plausible cause. I even got back my old room. In this hotel there are three hotel wifi network and I remeber 100% that I used the 2nd one before cause it had the strongest signal. Anyway. I switched on wireshark and later on Fiddler, repeated all steps I used to do before. Checking if some rerouting, dns poisening or readressing or so is happening. Nothing unusual happened in the first when entering MEW (I sent some bait funds there).
In the 2nd network I used in september the trezor basically totally freaked out. He didnt let me enter MEW, I had to reenter my pin up to 5 times sometimes, It gave me error messages in MEW or it took 30 fucking seconds to enter it. Trezor writes about this:
“When you enter an invalid PIN a few times, the Trezor adds a forced waiting time between attempts.You can see this feature on the photo where the Trezor is making you wait for 15 seconds before another attempt.This countdown is then multiplied by the factor of two until you reach the 16th invalid PIN entry. After that, the device automatically wipes its memory - deleting all data from it.
The behavior of your Trezor at MEW is undoubtedly not standard or in any form pleasantly functional. Nevertheless, it also isn't anything superbly unusual or unexpected, taking poor internet connection into account.“
The thing is, the pin is 6 digits but pretty basic and I never ever entered it wrong. And I used the strongest wifi and could open webpages very easily .
As well as: “Sadly, this does not tell us anything about how your funds could be compromised. None of this could have ever exposed your private keys or made your device vulnerable in any way.
The Reddit thread you linked discusses cracking BIP-39 passphrases, which is irrelevant to your case. Cracking such passphrases assumes the person trying to break the wallet already has full possession of the recovery seed (recovery words). See, a passphrase is not your recovery seed or some additional password on your device. It is an extension of the seed, and it is also 100% useless without controlling the full seed.
The only threat you are exposed to when using Chrome is using Google itself. When googling "trezor" or "trezor wallet", you might stumble upon a phishing site which will present itself as a genuine Trezor website and force you to go through a fake "recovery" process. There you'd give out your recovery seed, which subsequently grants full access to your wallet and funds.
It's reasonable to assume that malware could guide you to such a website. To this day, we are not aware of any such incident ever happening, and even then, there are protections in place to defend you against phishing attempts.“
Basically, something I never did and all funds would haven been gone then.
I checked the 3rd network as well, and like the 1st nothing special happened. Only in the 2nd.
These are the funds and how the got cleared off the wallets.
I always show last transaction from me to the adress as well on the screens. So adress:
0x253ABB6d747a9404A007f57AaDEc1cA2b80694a1
They withdrew this:
1k USDT and the small amount ETH to send stuff
https://s19.directupload.net/images/200121/sg2lumg8.png
adress:
0x01fd43a713D8F46FF9a7Ed108da2FF74884D8400
They withdrew this:Majority of USDT and small eth for sending stuff
https://s19.directupload.net/images/200121/arycubto.png
adress:
0xf73c8C30072488d932011696436B46005504A7aeThey withdrew this:
Majority of ETh, then all coins from valueable to worthless and then some rest eth
https://s19.directupload.net/images/200121/urbgm2y5.png
https://s19.directupload.net/images/200121/rdkod59h.jpg
So this is what happened at 12th september between 16:49 and 17:15. Sick to see that all happened between 16:49 and 17:00 and its like someone came back checking and saw the 0.014 eth and withdrew it 17:15. Around 10pm i discovered what happened.
So, do you have any ideas? Questions? Feel free to guess or ask Im glad for everything which might lead to what might have happened. I somehow can’t let go off the feeling something inbetween the network, MEW and trezor ist he cause, but what do I know.
submitted by The_Wave13 to Bitcoin [link] [comments]

Mockingbird X.0

Imagine if there was one desk that all stories could cross so that, at 4am, a media plan could be decided upon and disseminated where all news outlets coordinated to set the goalposts of debate and hyper focused on specific issues to drive a narrative to control how you vote and how you spend money; where Internet shills were given marching orders in tandem to what was shown on television, printed in newspapers and spread throughout articles on the World Wide Web.
https://i.imgur.com/Elnci0M.png
In the past, we had Operation Mockingbird, where the program was supremely confident that it could control stories around the world, even in instructions to cover up any story about a possible “Yeti” sighting, should it turn out they were real.
https://i.imgur.com/121LXqy.png
If, in 1959, the government was confident in its ability to control a story about a Yeti, then what is their level of confidence in controlling stories, today?
https://i.imgur.com/jQFVYew.png
https://i.imgur.com/ZKMYGJj.png
In fact, we have a recent example of a situation similar to the Yeti. When Bill Clinton and Loretta Lynch met on the TARMAC to spike the Hillary email investigation, the FBI was so confident it wasn’t them, that their entire focus was finding the leaker, starting with searching within the local PD. We have documentation that demonstrates the state of mind of the confidence the upper levels of the FBI have when dealing with the media.
https://i.imgur.com/IbjDOkI.png
https://i.imgur.com/NH86ozU.png
The marriage between mainstream media and government is a literal one and this arrangement is perfectly legal.
https://i.imgur.com/OAd4vpf.png
But, this problem extends far beyond politics; the private sector, the scientific community, even advice forums are shilled heavily. People are paid to cause anxiety, recommend people break up and otherwise sow depression and nervousness. This is due to a correlating force that employs “systems psychodynamics”, focusing on “tension centered” strategies to create “organizational paradoxes” by targeting people’s basic assumptions about the world around them to create division and provide distraction.
https://i.imgur.com/6OEWYFN.png
https://i.imgur.com/iG4sdD4.png
https://i.imgur.com/e89Rx6B.png
https://i.imgur.com/uotm9Cg.png
https://i.imgur.com/74wt9tD.png
In this day and age, it is even easier to manage these concepts and push a controlled narrative from a central figure than it has ever been. Allen & Co is a “boutique investment firm” that managed the merger between Disney and Fox and operates as an overseeing force for nearly all media and Internet shill armies, while having it’s fingers in sports, social media, video games, health insurance, etc.
https://i.imgur.com/zlpBh3c.png
https://i.imgur.com/e5ZvFFJ.png
Former director of the CIA and Paul Brennan’s former superior George Tenet, holds the reigns of Allen & Co. The cast of characters involves a lot of the usual suspects.
https://i.imgur.com/3OlrX7G.png
In 1973, Allen & Company bought a stake in Columbia Pictures. When the business was sold in 1982 to Coca-Cola, it netted a significant profit. Since then, Herbert Allen, Jr. has had a place on Coca-Cola's board of directors.
Since its founding in 1982, the Allen & Company Sun Valley Conference has regularly drawn high-profile attendees such as Bill Gates, Warren Buffett, Rupert Murdoch, Barry Diller, Michael Eisner, Oprah Winfrey, Robert Johnson, Andy Grove, Richard Parsons, and Donald Keough.
Allen & Co. was one of ten underwriters for the Google initial public offering in 2004. In 2007, Allen was sole advisor to Activision in its $18 billion merger with Vivendi Games. In 2011, the New York Mets hired Allen & Co. to sell a minority stake of the team. That deal later fell apart. In November 2013, Allen & Co. was one of seven underwriters on the initial public offering of Twitter. Allen & Co. was the adviser of Facebook in its $19 billion acquisition of WhatsApp in February 2014.
In 2015, Allen & Co. was the advisor to Time Warner in its $80 billion 2015 merger with Charter Communications, AOL in its acquisition by Verizon, Centene Corporation in its $6.8 billion acquisition of Health Net, and eBay in its separation from PayPal.
In 2016, Allen & Co was the lead advisor to Time Warner in its $108 billion acquisition by AT&T, LinkedIn for its merger talks with Microsoft, Walmart in its $3.3 billion purchase of Jet.com, and Verizon in its $4.8 billion acquisition of Yahoo!. In 2017, Allen & Co. was the advisor to Chewy.com in PetSmart’s $3.35 billion purchase of the online retailer.
Allen & Co throws the Sun Valley Conference every year where you get a glimpse of who sows up. Harvey Weinstein, though a past visitor, was not invited last year.
https://en.wikipedia.org/wiki/Allen_%26_Company_Sun_Valley_Conference
Previous conference guests have included Bill and Melinda Gates, Warren and Susan Buffett, Tony Blair, Google founders Larry Page and Sergey Brin, Allen alumnus and former Philippine Senator Mar Roxas, Google Chairman Eric Schmidt, Quicken Loans Founder & Chairman Dan Gilbert, Yahoo! co-founder Jerry Yang, financier George Soros, Facebook founder Mark Zuckerberg, Media Mogul Rupert Murdoch, eBay CEO Meg Whitman, BET founder Robert Johnson, Time Warner Chairman Richard Parsons, Nike founder and chairman Phil Knight, Dell founder and CEO Michael Dell, NBA player LeBron James, Professor and Entrepreneur Sebastian Thrun, Governor Chris Christie, entertainer Dan Chandler, Katharine Graham of The Washington Post, Diane Sawyer, InterActiveCorp Chairman Barry Diller, Linkedin co-founder Reid Hoffman, entrepreneur Wences Casares, EXOR and FCA Chairman John Elkann, Sandro Salsano from Salsano Group, and Washington Post CEO Donald E. Graham, Ivanka Trump and Jared Kushner, and Oprah Winfrey.
https://i.imgur.com/VZ0OtFa.png
George Tenet, with the reigns of Allen & Co in his hands, is able to single-handedly steer the entire Mockingbird apparatus from cable television to video games to Internet shills from a singular location determining the spectrum of allowable debate. Not only are they able to target people’s conscious psychology, they can target people’s endocrine systems with food and pornography; where people are unaware, on a conscious level, of how their moods and behavior are being manipulated.
https://i.imgur.com/mA3MzTB.png
"The problem with George Tenet is that he doesn't seem to care to get his facts straight. He is not meticulous. He is willing to make up stories that suit his purposes and to suppress information that does not."
"Sadly but fittingly, 'At the Center of the Storm' is likely to remind us that sometimes what lies at the center of a storm is a deafening silence."
https://i.imgur.com/YHMJnnP.png
Tenet joined President-elect Bill Clinton's national security transition team in November 1992. Clinton appointed Tenet Senior Director for Intelligence Programs at the National Security Council, where he served from 1993 to 1995. Tenet was appointed Deputy Director of Central Intelligence in July 1995. Tenet held the position as the DCI from July 1997 to July 2004. Citing "personal reasons," Tenet submitted his resignation to President Bush on June 3, 2004. Tenet said his resignation "was a personal decision and had only one basis—in fact, the well-being of my wonderful family—nothing more and nothing less. In February 2008, he became a managing director at investment bank Allen & Company.
https://i.imgur.com/JnGHqOS.png
We have the documentation that demonstrates what these people could possibly be doing with all of these tools of manipulation at their fingertips.
The term for it is “covert political action” for which all media put before your eyes is used to serve as a veneer… a reality TV show facade of a darker modus operandum.
https://i.imgur.com/vZC4D29.png
https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol36no3/html/v36i3a05p_0001.htm
It is now clear that we are facing an implacable enemy whose avowed objective is world domination by whatever means and at whatever costs. There are no rules in such a game. Hitherto acceptable norms of human conduct do not apply. If the US is to survive, longstanding American concepts of "fair play" must be reconsidered. We must develop effective espionage and counterespionage services and must learn to subvert, sabotage and destroy our enemies by more clever, more sophisticated means than those used against us. It may become necessary that the American people be made acquainted with, understand and support this fundamentally repugnant philosophy.
http://www.nbcnews.com/id/3340677/t/cia-operatives-shadowy-war-force/
Intelligence historian Jeffrey T. Richelson says the S.A. has covered a variety of missions. The group, which recently was reorganized, has had about 200 officers, divided among several groups: the Special Operations Group; the Foreign Training Group, which trains foreign police and intelligence officers; the Propaganda and Political Action Group, which handles disinformation; the Computer Operations Group, which handles information warfare; and the Proprietary Management Staff, which manages whatever companies the CIA sets up as covers for the S.A.
Scientology as a CIA Political Action Group – “It is a continuing arrangement…”: https://mikemcclaughry.wordpress.com/2015/08/25/scientology-as-a-cia-political-action-group-it-is-a-continuing-arrangement/
…Those operations we inaugurated in the years 1955-7 are still secret, but, for present purposes, I can say all that’s worth saying about them in a few sentences – after, that is, I offer these few words of wisdom. The ‘perfect’ political action operation is, by definition, uneventful. Nothing ‘happens’ in it. It is a continuing arrangement, neither a process nor a series of actions proceeding at a starting point and ending with a conclusion.
CIA FBI NSA Personnel Active in Scientology: https://i.imgur.com/acu2Eti.png
When you consider the number of forces that can be contained within a single “political action group” in the form on a “boutique investment firm,” where all sides of political arguments are predetermined by a selected group of actors who have been planted, compromised or leveraged in some way in order to control the way they spin their message.
https://i.imgur.com/tU4MD4S.png
The evidence of this coordinated effort is overwhelming and the “consensus” that you see on TV, in sports, in Hollywood, in the news and on the Internet is fabricated.
Under the guise of a fake account a posting is made which looks legitimate and is towards the truth is made - but the critical point is that it has a VERY WEAK PREMISE without substantive proof to back the posting. Once this is done then under alternative fake accounts a very strong position in your favour is slowly introduced over the life of the posting. It is IMPERATIVE that both sides are initially presented, so the uninformed reader cannot determine which side is the truth. As postings and replies are made the stronger 'evidence' or disinformation in your favour is slowly 'seeded in.'
Thus the uninformed reader will most likely develop the same position as you, and if their position is against you their opposition to your posting will be most likely dropped. However in some cases where the forum members are highly educated and can counter your disinformation with real facts and linked postings, you can then 'abort' the consensus cracking by initiating a 'forum slide.'
When you find yourself feeling like common sense and common courtesy aren’t as common as they ought to be, it is because there is a massive psychological operation controlled from the top down to ensure that as many people as possible are caught in a “tension based” mental loop that is inflicted on them by people acting with purpose to achieve goals that are not in the interest of the general population, but a method of operating in secret and corrupt manner without consequences.
Notice that Jeffrey Katzenberg, of Disney, who is intertwined with Allen & Co funds the Young Turks. He is the perfect example of the relationship between media and politics.
Katzenberg has also been involved in politics. With his active support of Hillary Clinton and Barack Obama, he was called "one of Hollywood's premier political kingmakers and one of the Democratic Party's top national fundraisers."
With cash from Jeffrey Katzenberg, The Young Turks looks to grow paid subscribers:
https://digiday.com/media/with-cash-from-katzenberg-the-young-turks-look-to-grow-paid-subscribers/
Last week, former DreamWorks Animation CEO Jeffrey Katzenberg’s new mobile entertainment company WndrCo was part of a $20 million funding round in TYT Network, which oversees 30 news and commentary shows covering politics, pop culture, sports and more. This includes the flagship “The Young Turks” program that streams live on YouTube every day. Other investors in the round included venture capital firms Greycroft Partners, E.ventures and 3L Capital, which led the round. This brings total funding for Young Turks to $24 million.
How Hollywood's Political Donors Are Changing Strategies for the Trump Era:
https://www.hollywoodreporter.com/features/hollywood-political-donors-are-changing-strategy-post-trump-1150545
Hollywood activism long has been depicted as a club controlled by a handful of powerful white men: Katzenberg, Spielberg, Lear, David Geffen, Haim Saban and Bob Iger are the names most often mentioned. But a new generation of power brokers is ascendant, including J.J. Abrams and his wife, Katie McGrath, cited for their personal donations and bundling skills; Shonda Rhimes, who held a get-out-the-vote rally at USC's Galen Center on Sept. 28 that drew 10,000 people; CAA's Darnell Strom, who has hosted events for Nevada congresswoman Jacky Rosen and Arizona congresswoman Kyrsten Sinema; and former Spotify executive Troy Carter, who held three fundraisers for Maryland gubernatorial candidate Ben Jealous (Carter also was a fundraiser for President Obama).
Soros Group Buys Viacom's DreamWorks Film Library:
https://www.forbes.com/2006/03/17/soros-viacom-dreamworks-cx_gl_0317autofacescan11.html#541a895f1f22
Viacom, after splitting off from Les Moonves Les Moonves ' CBS , still holds Paramount Pictures, and that movie studio in December agreed to acquire DreamWorks SKG, the creative shop founded by the Hollywood triumvirate of Steven Spielberg, David Geffen and Jeffrey Katzenberg (a former exec at The Walt Disney Co.). DreamWorks Animation had been spun off into a separate company.
Now it's time for Freston to make back some money--and who better to do a little business with than George Soros? The billionaire financier leads a consortium of Soros Strategic Partners LP and Dune Entertainment II LLC, which together are buying the DreamWorks library--a collection of 59 flicks, including Saving Private Ryan, Gladiator, and American Beauty.
The money you spend on media and junk food and in taxes goes to these groups who then decide how best to market at you so that they decide how you vote by creating a fake consensus to trick into thinking that you want something other than what is best for you; but will inevitably result in more money being funneled to the top, creating further separation between the super rich and the average person. The goal will be to assert creeping authoritarianism by generating outrage against policies and issues they hate. Part of manipulating your basic assumptions is also to use schadenfreude (think canned laughter on TV) against characters who support the cause that might actually do you the most good (which reaffirms and strengthens your confirmation biased along predetermined political lines).
https://i.imgur.com/PW1cRtj.png
We have a population being taught to hate socialism and love capitalism when the truth is no country is practicing either. These terms are merely disguises for political oligarchies where the collection of wealth is less about getting themselves rich and more about keeping everyone else poor.
What can you guess about the world around you if it turned out that every consensus that was forced on you was fake?
How much money would it take to make it look like 51% of the Internet believed in completely idiotic ideas? Combine shill operations with automation and AI’s, and the cost becomes a good investment relative to the return when measured in political power.
Even the people who are well intentioned and very vocal do not have to consciously be aware that they are working for a political action group. A covert political group will always prefer an unwitting tool to help push their agenda, so that they can remain in the shadows.
FDA Admonishes Drug Maker Over Kim Kardashian Instagram Endorsement https://www.forbes.com/sites/davidkroll/2015/08/11/fda-spanks-drug-maker-over-kim-kardashian-instagram-endorsement/#25174a29587b
The OSS files offer details about other agents than famous chef, Julia Child; including Supreme Court Justice Arthur Goldberg, major league catcher Moe Berg, historian Arthur Schlesinger Jr., and actor Sterling Hayden. http://www.nbcnews.com/id/26186498/ns/us_news-security/t/julia-child-cooked-double-life-spy/
USA Today: Businesses and organizations may refer to it as a tool for competitive advantage and marketing; but make no mistake http://archive.is/37tK3
Shareblue accounts caught in /politics posting links to Shareblue without disclosing their affiliation http://archive.is/7HAkr
Psy Group developed elaborate information operations for commercial clients and political candidates around the world http://archive.is/BBblQ
Top mod of /Mechanical_Gifs tries to sell subreddit on ebay for 999.00 dollars. http://archive.is/kU1Ly
Shill posts picture of a dog in a hammock with the brand clearly visible without indicating that it's an ad in the title of the post http://archive.is/Mfdk9
Arstechnica: GCHQs menu of tools spreads disinformation across Internet- “Effects capabilities” allow analysts to twist truth subtly or spam relentlessly. http://arstechnica.com/security/2014/07/ghcqs-chinese-menu-of-tools-spread-disinformation-across-internet/
Samsung Electronics Fined for Fake Online Comments http://bits.blogs.nytimes.com/2013/10/24/samsung-electronics-fined-for-fake-online-comments/?_r=0
Discover Magazine: Researchers Uncover Twitter Bot Army That’s 350 http://blogs.discovermagazine.com/d-brief/2017/01/20/twitter-bot-army/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A%20DiscoverTechnology%20%28Discover%20Technology%29#.WIMl-oiLTnA
Times of Israel - The internet: Israel’s new PR battlefield http://blogs.timesofisrael.com/the-rise-of-digital-diplomacy-could-be-changing-israels-media-image/
Time: Social Media Manipulation? When “Indie” Bloggers and Businesses Get Cozy http://business.time.com/2013/04/22/social-media-manipulation-when-indie-bloggers-and-businesses-get-cozy/
Content-Driven Detection of Campaigns in Social Media [PDF] http://faculty.cs.tamu.edu/caverlee/pubs/lee11cikm.pdf
the law preventing them from using this in America was repealed http://foreignpolicy.com/2013/07/14/u-s-repeals-propaganda-ban-spreads-government-made-news-to-americans/
Redditor who works for a potato mailing company admits to being a shill. He shows off his 27 thousand dollars he made in /pics
http://i.imgur.com/CcTHwdS.png
Screenshot of post since it was removed. http://i.imgur.com/k9g0WF8.png
Just thought I'd contribute to this thread http://imgur.com/OpSos4u
CNN: A PR firm has revealed that it is behind two blogs that previously appeared to be created by independent supporters of Wal-Mart. The blogs Working Families for Wal-mart and subsidiary site Paid Critics are written by 3 employees of PR firm Edelman http://money.cnn.com/2006/10/20/news/companies/walmart_blogs/index.htm
Vice: Your Government Wants to Militarize Social Media to Influence Your Beliefs http://motherboard.vice.com/read/your-government-wants-to-militarize-social-media-to-influence-your-beliefs
BBC News: China's Internet spin doctors http://news.bbc.co.uk/2/hi/7783640.stm
BBC News: US plans to 'fight the net' revealed http://news.bbc.co.uk/2/hi/americas/4655196.stm
Wall Street Journal: Turkey's Government Forms 6 http://online.wsj.com/news/articles/SB10001424127887323527004579079151479634742?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424127887323527004579079151479634742.html
Fake product reviews may be pervasive http://phys.org/news/2013-07-fake-product-pervasive.html#nRlv
USA Today: The co-owner of a major Pentagon propaganda contractor publicly admitted that he was behind a series of websites used in an attempt to discredit two USA TODAY journalists who had reported on the contractor. http://usatoday30.usatoday.com/news/military/story/2012-05-24/Leonie-usa-today-propaganda-pentagon/55190450/1
ADWEEK: Marketing on Reddit Is Scary http://www.adweek.com/news/technology/marketing-reddit-scary-these-success-stories-show-big-potential-168278
BBC- How online chatbots are already tricking you- Intelligent machines that can pass for humans have long been dreamed of http://www.bbc.com/future/story/20140609-how-online-bots-are-tricking-you
BBC news: Amazon targets 1 http://www.bbc.com/news/technology-34565631
BBC: More than four times as many tweets were made by automated accounts in favour of Donald Trump around the first US presidential debate as by those backing Hillary Clinton http://www.bbc.com/news/technology-37684418
Fake five-star reviews being bought and sold online - Fake online reviews are being openly traded on the internet
http://www.bbc.com/news/technology-43907695
http://www.bbc.com/news/world-asia-20982985
http://www.bbc.com/news/world-asia-20982985
Bloomberg: How to Hack an Election [and influence voters with fake social media accounts] http://www.bloomberg.com/features/2016-how-to-hack-an-election/
"Internet Reputation Management http://www.bloomberg.com/news/articles/2008-04-30/do-reputation-management-services-work-businessweek-business-news-stock-market-and-financial-advice
Buzzfeed: Documents Show How Russia’s Troll Army Hit America http://www.buzzfeed.com/maxseddon/documents-show-how-russias-troll-army-hit-america#.ki8Mz97ly
The Rise of Social Bots http://www.cacm.acm.org/magazines/2016/7/204021-the-rise-of-social-bots/fulltext
CBC News- Canadian government monitors online forums http://www.cbc.ca/news/canada/bureaucrats-monitor-online-forums-1.906351
Chicago Tribune: Nutrition for sale: How Kellogg worked with 'independent experts' to tout cereal http://www.chicagotribune.com/business/ct-kellogg-independent-experts-cereal-20161121-story.html
DailyKos: HBGary: Automated social media management http://www.dailykos.com/story/2011/02/16/945768/-UPDATED-The-HB-Gary-Email-That-Should-Concern-Us-All
Meme Warfare Center http://www.dtic.mil/dtic/tfulltext/u2/a507172.pdf
Shilling on Reddit is openly admitted to in this Forbes article http://www.forbes.com/sites/julesschroede2016/03/10/the-magic-formula-behind-going-viral-on-reddit/#1d2485b05271
Forbes: From Tinder Bots To 'Cuban Twitter' http://www.forbes.com/sites/kashmirhill/2014/04/17/from-tinder-bots-to-covert-social-networks-welcome-to-cognitive-hacking/#4b78e2d92a7d
Hivemind http://www.hivemind.cc/rank/shills
Huffington Post- Exposing Cyber Shills and Social Media's Underworld http://www.huffingtonpost.com/sam-fiorella/cyber-shills_b_2803801.html
The Independent: Massive British PR firm caught on video: "We've got all sorts of dark arts...The ambition is to drown that negative content and make sure that you have positive content online." They discuss techniques for managing reputations online and creating/maintaining 3rd-party blogs that seem independent. http://www.independent.co.uk/news/uk/politics/caught-on-camera-top-lobbyists-boasting-how-they-influence-the-pm-6272760.html
New York Times: Lifestyle Lift http://www.nytimes.com/2009/07/15/technology/internet/15lift.html?_r=1&emc=eta1
New York Times: Give Yourself 5 Stars? Online http://www.nytimes.com/2013/09/23/technology/give-yourself-4-stars-online-it-might-cost-you.html?src=me&ref=general
NY Times- From a nondescript office building in St. Petersburg http://www.nytimes.com/2015/06/07/magazine/the-agency.html?_r=1
NY Times: Effort to Expose Russia’s ‘Troll Army’ Draws Vicious Retaliation http://www.nytimes.com/2016/05/31/world/europe/russia-finland-nato-trolls.html?_r=1
PBS Frontline Documentary - Generation Like http://www.pbs.org/wgbh/frontline/film/generation-like/
Gamers promote gaming-gambling site on youtube by pretending to hit jackpot without disclosing that they own the site. They tried to retroactively write a disclosure covering their tracks http://www.pcgamer.com/csgo-lotto-investigation-uncovers-colossal-conflict-of-interest/
Raw Story: CENTCOM engages bloggers http://www.rawstory.com/news/2006/Raw_obtains_CENTCOM_email_to_bloggers_1016.html
Raw Story: Air Force ordered software to manage army of fake virtual people http://www.rawstory.com/rs/2011/02/18/revealed-air-force-ordered-software-to-manage-army-of-fake-virtual-people/
Redective http://www.redective.com/?r=e&a=search&s=subreddit&t=redective&q=shills
Salon: Why Reddit moderators are censoring Glenn Greenwald’s latest news story on shills http://www.salon.com/2014/02/28/why_reddit_moderators_are_censoring_glenn_greenwalds_latest_bombshell_partne
The Atlantic: Kim Kardashian was paid to post a selfie on Instagram and Twitter advertising a pharmaceutical product. Sent to 42 million followers on Instagram and 32 million on Twitter http://www.theatlantic.com/health/archive/2015/09/fda-drug-promotion-social-media/404563/
WAR.COM: THE INTERNET AND PSYCHOLOGICAL OPERATIONS http://www.theblackvault.com/documents/ADA389269.pdf
The Guardian: Internet Astroturfing http://www.theguardian.com/commentisfree/libertycentral/2010/dec/13/astroturf-libertarians-internet-democracy
The Guardian: Israel ups the stakes in the propaganda war http://www.theguardian.com/media/2006/nov/20/mondaymediasection.israel
Operation Earnest Voice http://www.theguardian.com/technology/2011/ma17/us-spy-operation-social-networks
The Guardian: British army creates team of Facebook warriors http://www.theguardian.com/uk-news/2015/jan/31/british-army-facebook-warriors-77th-brigade
The Guardian: US military studied how to influence Twitter [and Reddit] users in Darpa-funded research [2014] http://www.theguardian.com/world/2014/jul/08/darpa-social-networks-research-twitter-influence-studies
The Guardian: Chinese officials flood the Chinese internet with positive social media posts to distract their population http://www.theguardian.com/world/2016/may/20/chinese-officials-create-488m-social-media-posts-a-year-study-finds
Times of Israel: Israeli government paying bilingual students to spread propaganda online primarily to international communities without having to identify themselves as working for the government. "The [student] union will operate computer rooms for the project...it was decided to establish a permanent structure of activity on the Internet through the students at academic institutions in the country." http://www.timesofisrael.com/pmo-stealthily-recruiting-students-for-online-advocacy/
USA Today: Lord & Taylor settles FTC charges over paid Instagram posts http://www.usatoday.com/story/money/2016/03/15/lord--taylor-settles-ftc-charges-over-paid-instagram-posts/81801972/
Researcher's algorithm weeds out people using multiple online accounts to spread propaganda - Based on word choice http://www.utsa.edu/today/2016/10/astroturfing.html
http://www.webinknow.com/2008/12/the-us-air-force-armed-with-social-media.html
Wired: Powered by rapid advances in artificial intelligence http://www.wired.co.uk/magazine/archive/2015/06/wired-world-2015/robot-propaganda
Wired: Clinton Staff and Volunteers Busted for Astroturfing [in 2007] http://www.wired.com/2007/12/clinton-staff-a/
Wired: Pro-Government Twitter Bots Try to Hush Mexican Activists http://www.wired.com/2015/08/pro-government-twitter-bots-try-hush-mexican-activists/
Wired: Microsoft http://www.wired.com/2015/09/ftc-machinima-microsoft-youtube/
Wired: Military Report: Secretly ‘Recruit or Hire Bloggers’ http://www.wired.com/dangerroom/2008/03/report-recruit/
Wired: Air Force Releases ‘Counter-Blog’ Marching Orders http://www.wired.com/dangerroom/2009/01/usaf-blog-respo/
Reddit Secrets https://archive.fo/NAwBx
Reddit Secrets https://archive.fo/SCWN7
Boostupvotes.com https://archive.fo/WdbYQ
"Once we isolate key people https://archive.is/PoUMo
GCHQ has their own internet shilling program https://en.wikipedia.org/wiki/Joint_Threat_Research_Intelligence_Group
Russia https://en.wikipedia.org/wiki/State-sponsored_Internet_sockpuppetry
US also operates in conjunction with the UK to collect and share intelligence data https://en.wikipedia.org/wiki/UKUSA_Agreement
Glenn Greenwald: How Covert Agents Infiltrate the Internet to Manipulate https://firstlook.org/theintercept/2014/02/24/jtrig-manipulation/
Glenn Greenwald: Hacking Online Polls and Other Ways British Spies Seek to Control the Internet https://firstlook.org/theintercept/2014/07/14/manipulating-online-polls-ways-british-spies-seek-control-internet/
Here is a direct link to your image for the benefit of mobile users https://imgur.com/OpSos4u.jpg
Reddit for iPhone https://itunes.apple.com/us/app/reddit-the-official-app/id1064216828?mt=8
Why Satoshi Nakamoto Has Gone https://medium.com/@ducktatosatoshi-nakamoto-has-gone-4cef923d7acd
What I learned selling my Reddit accounts https://medium.com/@Rob79/what-i-learned-selling-my-reddit-accounts-c5e9f6348005#.u5zt0mti3
Artificial intelligence chatbots will overwhelm human speech online; the rise of MADCOMs https://medium.com/artificial-intelligence-policy-laws-and-ethics/artificial-intelligence-chatbots-will-overwhelm-human-speech-online-the-rise-of-madcoms-e007818f31a1
How Reddit Got Huge: Tons of Fake Accounts - According to Reddit cofounder Steve Huffman https://motherboard.vice.com/en_us/article/how-reddit-got-huge-tons-of-fake-accounts--2
Whistleblower and subsequent investigation: Paid trolls on /Bitcoin https://np.reddit.com/Bitcoin/comments/34m7yn/professional_bitcoin_trolls_exist/cqwjdlw
Confession of Hillary Shill from /SandersForPresident https://np.reddit.com/conspiracy/comments/3rncq9/confession_of_hillary_shill_from/
Why do I exist? https://np.reddit.com/DirectImageLinkerBot/wiki/index
Already a direct link? https://np.reddit.com/DirectImageLinkerBot/wiki/res_links
Here's the thread. https://np.reddit.com/HailCorporate/comments/3gl8zi/that_potato_mailing_company_is_at_it_again/
/netsec talks about gaming reddit via sockpuppets and how online discourse is (easily) manipulated. https://np.reddit.com/netsec/comments/38wl43/we_used_sock_puppets_in_rnetsec_last_year_and_are
Redditor comes clean about being paid to chat on Reddit. They work to promote a politician https://np.reddit.com/offmychest/comments/3gk56y/i_get_paid_to_chat_on_reddit/
Shill whistleblower https://np.reddit.com/politics/comments/rtr6b/a_very_interesting_insight_into_how_certain/
Russian bots were active on Reddit last year https://np.reddit.com/RussiaLago/comments/76cq4d/exclusive_we_can_now_definitively_state_that/?st=j8s7535j&sh=36805d5d
The Bush and Gore campaigns of 2000 used methods similar to the Chinese government for conducting “guided discussions” in chatrooms designed to influence citizens https://np.reddit.com/shills/comments/3xhoq8/til_the_advent_of_social_media_offers_new_routes/?st=j0o5xr9c&sh=3662f0dc
source paper. https://np.reddit.com/shills/comments/4d3l3s/government_agents_and_their_allies_might_ente
or Click Here. https://np.reddit.com/shills/comments/4kdq7n/astroturfing_information_megathread_revision_8/?st=iwlbcoon&sh=9e44591e Alleged paid shill leaks details of organization and actions.
https://np.reddit.com/shills/comments/4wl19alleged_paid_shill_leaks_details_of_organization/?st=irktcssh&sh=8713f4be
Shill Confessions and Additional Information https://np.reddit.com/shills/comments/5pzcnx/shill_confessions_and_additional_information/?st=izz0ga8r&sh=43621acd
Corporate and governmental manipulation of Wikipedia articles https://np.reddit.com/shills/comments/5sb7pi/new_york_times_corporate_editing_of_wikipedia/?st=iyteny9b&sh=b488263f
Ex -MMA fighter and ex-police officer exposes corrupt police practices https://np.reddit.com/shills/comments/6jn27s/ex_mma_fighter_and_expolice_officer_exposes/
User pushes InfoWars links on Reddit https://np.reddit.com/shills/comments/6uau99/chemicals_in_reddit_are_turning_memes_gay_take/?st=j6r0g2om&sh=96f3dbf4
Some websites use shill accounts to spam their competitor's articles https://np.reddit.com/TheoryOfReddit/comments/1ja4nf/lets_talk_about_those_playing_reddit_with/?st=iunay35w&sh=d841095d
User posts video using GoPro https://np.reddit.com/videos/comments/2ejpbb/yes_it_is_true_i_boiled_my_gopro_to_get_you_this/ck0btnb/?context=3&st=j0qt0xnf&sh=ef13ba81
Fracking shill whistleblower spills the beans on Fracking Internet PR https://np.reddit.com/worldnews/comments/31wo57/the_chevron_tapes_video_shows_oil_giant_allegedly/cq5uhse?context=3
https://i.imgur.com/Q3gjFg9.jpg
https://i.imgur.com/q2uFIV0.jpg
TOP SECRET SPECIAL HANDLING NOFORN
CENTRAL INTELLIGENCE AGENCY
Directorate of Operations
October 16, 1964
MEMORANDUM FOR THE DIRECTOR OF THE CIA
Subject: After action report of
Operation CUCKOO (TS)
INTRODUCTION

1) Operation CUCKOO was part of the overall operation CLEANSWEEP, aimed at eliminating domestic opposition to activities undertaken by the Central Intelligence Agency's special activities division, in main regard to operation GUILLOTINE.

2) Operation CUCKOO was approved by the Joint Chiefs of Staff, Department of Defense and the office of The President of the United States as a covert domestic action to be under taken within the limits of Washington D.C as outlined by Secret Executive Order 37.

3) Following the publishing of the Warren Commission, former special agent Mary Pinchot Meyer (Operation MOCKINGBIRD, Operation SIREN) also was married to Cord Meyer (Operation MOCKINGBIRD, Operation GUILLOTINE) threatened to disclose the details of several Special Activities Divisions' operations, including but not limited to, Operation SIREN and GUILLOTENE.
​1
TOP SECRET SPECIAL HANDLING NOFORN
4) It was deemed necessary by senior Directorate of Operations members to initiate Operation CUCKOO as an extension of Operation CLEANSWEEP on November 30th. After Mary Pinchot Meyer threatened to report her knowledge of Operation GUILLOTENE and the details of her work in Operation SIREN from her affair with the former President.

5) Special Activities Division was given the green light after briefing president Johnson on the situation. The situation report was forwarded to the Department of Defense and the Joint Chiefs of staff, who both approved of the parameters of the operation, as outlined under article C of secret executive order 37 (see attached copy of article).
​PLANNING STAGES
6) 8 members of the special activities division handpicked by operation lead William King Harvey began planning for the operation on October 3rd, with planned execution before October 16th.

7) The (?) of the operation was set as the neighborhood of Georgetown along the Potomac river, where the operators would observe, take note on routines, and eventually carry the operation.

8) After nothing Meyer's routines, Edward "Eddy" Reid was picked as the operation point man who would intersect Meyer on her walk on October 12th, with lead William King Harvey providing long range support if necessary from across the Chesapeake and Ohio canal (see illustration A for detailed map).

9) Edward Reid was planned to be dressed in the manner of a homeless black man, due to his resemblances to local trash collector (later found out to be Raymond Crump) who inhabits the AO and the path that Reid was planned to intersect Meyer.
2
TOP SECRET SPECIAL HANDLING NOFORN
submitted by The_Web_Of_Slime to Intelligence [link] [comments]

Idea: Bitcoin-backed digital cash

Paper money has the nice property of not requiring the internet to use. However it has a lot of downsides:
What if we could always transact bitcoins without having the internet always on-hand, and avoid all the above downsides too?
Imagine a service that would send you a hardware wallet containing a private key owned by that service, with a corresponding public key that is unique to that hardware wallet but also can be verified to be owned by the service (using the service's master public key, aka xpub). That hardware wallet would sign any output that it has not signed before (it would keep track of transactions it has already signed). So you create a multi-sig wallet using your private key and the service's private key, and deposit some money into it.
You can then use this multi-sig wallet setup to pay someone out in the desert or the woods, with no internet connection, provided that the recipient has software that supports this protocol, has the service's public key, and trusts one of the following things:
A. that the service produces secure hardware wallets and won't collude with the sender, or
B. that neither the service nor the sender disappear outside the jurisdiction of the legal system.
Here's how a normal successful transaction would work:
  1. The prospective sender and receiver use software that supports this protocol and both have the service's master public key.
  2. The prospective sender creates an account with the service and registers a number of public keys to their identity (why will be explained below). The service sends them a hardware wallet that supports the protocol and is bound to only sign transactions that require a signature from one of the registered public keys.
  3. The prospective sender creates the multi-sig wallet and deposits money into it. Part of the protocol ensures that the service's hardware wallet receives enough block information to know about its balance and be able to verify it.
  4. The prospective sender goes somewhere without any internet connection and pays the recipient by signing a transaction to the recipient and signing the transaction with the service's hardware wallet.
  5. This transaction is instant since the service's hardware wallet will refuse to sign that output again.
  6. Theoretically, this offline transaction can be chained to anyone that supports this protocol and trusts the service in one of the above two ways (A or B).
  7. As soon as the recipient is online, the transaction can be posted and finalized in the usual on-chain way.
What can go wrong?
Well the sender could have compromised the hardware wallet and double spend. In such a case, the sender's public keys (that are tied to their identity) have been used to do this double spend. This means the sender can be held legally responsible for theft, and can be readily identified with the cooperation of the service.
Another thing that could go wrong is that the sender and service collude to double-spend. This case has the same consequences as the above. The service can probably avoid culpability since they can simply claim their hardware wallet was hacked. This would leave the sender with all the legal responsibility, but theoretically the money could be recovered via legal processes.
If the sender disappears into thin air after double-spending, tho, there might be no recourse, since the sender can't be found. If the service disappears into thin air or "fails" to have correct identity information about the sender such that the sender can be tracked down, there might also be no recourse.
So in comparison to cash we have some pros:
And a con:
In comparison to Bitcoin, we have some pros:
And some cons:
I'm curious what people think of this potential offline solution for bitcoin.
submitted by fresheneesz to BitcoinDiscussion [link] [comments]

A friendly reminder about where crypto is going next...

As everyone can hopefully plainly see by now, the groundwork is currently being laid for institutional money to finally enter the crypto market.
I’m not talking about big money individuals or private investors or the like; I’m talking about banks, large corporations/companies, and BIG funds (like pension funds and such).
You see, BIG money like that didn’t have a legitimate way to enter the market. Sure dark pools and buying OTC was possible, but these ways weren’t established enough for BIG institutional money to jump in yet.
Not only that, but BIG money needs to make sure the lifeguards (the SEC and other major govts) are going to let everyone swim and have fun for a bit.
And they will, as evidenced by all the big moves that are happening (Gemini’s exchange patent, Coinbase institutional investing, Kraken registering with the SEC, Goldman Sachs entering into crypto, yadda yadda yadda). These things wouldn’t be happening if those players didn’t already know what the lifeguards will say (and have already started hinting at).
So here’s what’s going to happen: BIG money is going to get in, the price is going to jump from that. The plebs will then FOMO in/back in causing the price to rise more. Then banks and more big funds are going to start offering the average joe the chance to invest in in crypto through them so they don’t have to use an app or manage any keys or worry about any of that “tech stuff” like storing keys and what not.
And that’s going to kick the price up even more.
You see gents, $8400 seems like a lot for one bitcoin, but in reality, when you factor in what is going to happen when BIG money pours in and sparks the next bull run, $8400 ain’t nuffin.
Why do you think all these big names keep throwing out ridiculously high predictions for what bitcoin can reach? $50k, $100k, $1mil...
It’s not just because they want to create hype. It’s because if you know how to do the math, those numbers are not only completely realistic but likely.
Finally, you need to understand this: there won’t be any specific events or news or partnerships that spark the next bull run (I’m looking at you, consensus mongerers). The next bull run is going to happen when you least expect it, when everything is quiet, when everyone thinks nothing is going on...THAT is when you’ll see the price start to rise.
And you’ll be waiting for it to come down and correct, but it won’t....and before you know it, it’s going to take everyone by storm, the likes of which they would have never imagined. It’ll be one which comes out of nowhere and swallows up everyone’s bearish predictions and spits them out all mangled and chewed up. It’s coming....slowly but surely, there’s a good storm coming.
So kick back, relax, crack open a brewski, and build your portfolios while the price is still ripe gents, because when you least expect it, shits gonna get real. And if you’re prepared for it, you’re going to get richer than you ever thought.
submitted by jp4ragon to CryptoCurrency [link] [comments]

I Gave Away Bitcoin Private Keys! - Experiment.

Hello!

I recently launched a new project called BitcoinRoot.

On the website, I slowly revealed the private keys to a topped up Bitcoin wallet.

As I was presenting my new project to my own community and to other crypto communities I noticed that people were ready to deploy all sorts of scripts and apply all sorts of tools to get it cracked before anyone else to reap the prize, which was around $25.

To check out the project I have published a very short video about it here - ]https://www.youtube.com/watch?v=rEn5obPY5wU[/url]

Now, this brings a question. If people have an incentive to crack a private key with only 14 unknowns and with such a small prize at stake. What incentive is there for supercomputers and quantum computers to crack a million dollar worth of BTC wallets!

Is this a big concern for the future of Bitcoin?
submitted by ideas500kcom to Bitcoin [link] [comments]

The importance of being mindful of security at all times - nearly everyone is one breach away from total disaster

This is a long one - TL;DR at the end!

If you haven't heard yet: BlankMediaGames, makers of Town of Salem, have been breached which resulted in almost 8 million accounts being leaked. For most people, the first reaction is "lol so what it's just a game, why should I really care?" and that is the wrong way to look at it. I'd like to explain why everyone should always care whenever they are part of a breach. I'd also like to talk about some ways game developers - whether they work solo or on a team - can take easy steps to help protect themselves and their customers/players.
First I'd like to state that there is no practical way to achieve 100% solid security to guarantee you'll never be breached or part of a breach. The goal here will be to get as close as possible, or comfortable, so that you can rest easy knowing you can deal with problems when they occur (not if, when).

Why You Should Care About Breaches

The sad reality is most people re-use the same password everywhere. Your email account, your bank account, your steam account, your reddit account, random forums and game websites - you get the idea. If you haven't pieced it together yet the implication is that if anyone gets your one password you use everywhere, it's game over for you - they now own all of your accounts (whether or not they know it yet). Keep in mind that your email account is basically the holy grail of passwords to have. Most websites handle password changes/resets through your email; thus anyone who can login to your email account can get access to pretty much any of your accounts anywhere. Game over, you lose.

But wait, why would anyone want to use my password? I'm nobody!

It doesn't matter, the bad guys sell this information to other bad guys. Bots are used to make as much use of these passwords as possible. If they can get into your bank they might try money transfers. If they get into your Amazon account they might spin up $80,000 worth of servers to mine Bitcoin (or whatever coin is popular at the time). They don't care who you are; it's all automated.
By the way, according to this post (which looks believable enough to be real) this is pretty much how they got into the BMG servers initially. They checked for usernames/emails of admins on the BMG website(s) in previous breach dumps (of which there are many) and found at least one that used the same password on other sites - for their admin account!
If you want to see how many of your accounts are already breached check out Have I Been Pwned - I recommend registering all of your email addresses as well so you get notified of future breaches. This is how I found out about the Town of Salem breach, myself.

How You Can Protect Yourself

Before I go into all the steps you can (and should) take to protect yourself I should note that security is in a constant tug of war with convenience. What this means is that the more security measures you apply the more inconvenienced you become for many tasks. It's up to you to decide how much is too much either way.
First of all I strongly recommend registering your email(s) on https://haveibeenpwned.com/ - this is especially important if your email address is associated to important things like AWS, Steam developer account, bank accounts, social media, etc. You want to know ASAP when an account of yours is compromised so you can take steps to prevent or undo damage. Note that the bad guys have a head start on this!

Passwords

You probably need to have better password hygiene. If you don't already, you need to make sure every account you have uses a different, unique, secure password. You should change these passwords at least once a year. Depending on how many accounts you have and how good your memory is, this is your first big security vs convenience trade-off battle. That's easily solved, though, by using a password manager. You can find a list of password managers on Wikipedia here or you can search around for some comparison articles.
Some notable choices to consider:
Regardless of which one you choose, any of them is 100x better than not using one at all.

Multi-Factor Authentication / Two-Factor Authentication (aka MFA / 2FA)

The problem with all these passwords is that someone can still use them if they are found in a breach. Your passwords are only as strong as the website you use them on. In the case of the BMG breach mentioned above - all passwords were stored in an ancient format which has been insecure for years. It's likely that every single password in the breach can be reversed/cracked, or already have been. The next step you need to take is to make it harder for someone else to login with your password. This is done using Multi-Factor Authentication (or Two-Factor Authentication).
Unfortunately not every website/service supports MFA/2FA, but you should still use it on every single one that does support it. You can check which sites support MFA/2FA here or dig around in account options on any particular site. You should setup MFA/2FA on your email account ASAP! If it's not supported, you need to switch to a provider that does support it. This is more important than your bank account! All of the big email providers support it: GMail, Outlook.com, Yahoo Mail, etc.
The type of MFA/2FA you use depends on what is supported by each site/service, but there is a common approach that is compatible on many of them. Most of them involve phone apps because a phone is the most common and convenient "thing you have" that bad guys (or anyone, really) can't access easily. Time-based One-time Password or TOTP is probably the most commonly used method because it's easy to implement and can be used with many different apps. Google Authenticator was the first popular one, but it has some limitations which continue the security vs convenience battle - namely that getting a new phone is a super huge chore (no backup/restore option - you have to disable and setup each site all over again). Many alternatives support cloud backup which is really convenient, though obviously less secure by some measure.
Notable choices to consider:
Some sites/services use their own app, like Blizzard (battle.net) and Steam, and don't allow you to use other ones. You will probably have a few apps on your phone when all your accounts are setup, but it's worth it. You'll definitely want to enable it on your password manager as well if you chose a cloud-based one.
Don't forget to save backup codes in an actual secure location! If you lose your backup codes and your auth app/physical key you will be locked out of accounts. It's really not fun recovering in that situation. Most recommendations are to print them and put in a fireproof safe, but using some other secure encrypted storage is fine.
There is such a thing as bad MFA/2FA! However, anything is at least better than nothing. A lot of places still use SMS (text messaging) or e-mail for their MFA/2FA implementation. The e-mail one has the most obvious flaw: If someone gets into your email account they have defeated that security measure. The SMS flaws are less obvious and much less likely to affect you, but still a risk: SMS is trivial to intercept (capture data over the air (literally), clone your SIM card data, and some other methods). Still, if you're not a person of interest already, it's still better than nothing.

What Does This Have To Do With GameDev?

Yeah, I do know which subreddit I'm posting in! Here's the section that gets more into things specific to game development (or software development in general).

Secure Your Code

Securing your code actually has multiple meanings here: Securing access to your code, and ensuring your code itself is secure against exploitation. Let's start with access since that's the easier topic to cover!
If you're not already using some form of Source Control Management (SCM) you really need to get on board! I'm not going to go in depth on that as it's a whole other topic to itself, but I'll assume you are using Git or Mercurial (hg) already and hosting it on one of these sites (or a similar one):
First, ensure that you have locked down who can access this code already. If you are using private repositories you need to make sure that the only people who have access are the people who need access (i.e. yourself and your team). Second, everyone should have strong passwords and MFA/2FA enabled on their accounts. If 1 person on the team does not follow good security practices it puts your whole project at risk! So make sure everyone on the team is following along. You can also look into tools to do some auditing and even automate it so that if anyone's account becomes less secure over time (say they turned off MFA one day) they would automatically lose their access.
Additionally you should never commit secrets (passwords, API keys, tokens, social security numbers, etc) to your code repository. Probably 90% of cases where people have their AWS/Google Cloud/Azure accounts compromised and racking up huge bills for bitcoin mining is due to having their passwords/keys stored in their git repo. They either accidentally made it public or someone got access to the private repo through a compromised account. Never store sensitive information in your code repository!
Next topic: Securing your code from vulnerabilities. This one is harder to talk about for game dev as most engines/frameworks are not as susceptible (for lack of a better word) to these situations as others. In a nutshell, you need to keep track of the following:
A lot of these things cannot be solved automatically, unfortunately, but some of it can. If you are using Javascript for your game you likely will be using packages from npm - luckily they (recently) added security auditing for packages. For other languages you can look at tools like Snyk or some other alternatives to audit the libraries you use in your project. Unfortunately none that I know of are aimed at game dev in particular, but it's still important to use these tools when you can. In general, be aware of all of your code dependencies and what impact they can have on your game or your customers if there are security bugs. Impact can range from "can cheat in multiplayer" to "can get IP addresses of all players in the world" or even "can get all information I ever put on my server", etc.
In general you'll want to look into Secure Software Development Lifecycle (commonly SDLC) practices. Microsoft has some information on how they do it.

Secure Your Computer

I'm not going to go in depth on this one because at this point everyone should have a handle on this; if not there are limitless articles, blogs, and videos about the how/what/why. In summary: Keep everything updated, and don't open suspicious links.

Secure Your Website

I will have to add more to this later probably, but again there are tons of good articles, blogs, and videos on these topics. Hopefully the information in this section is enough to get you on the right track - if not feel free to ask for more info. Lots of guides can be found on Digital Ocean's site and they are relevant even if you don't use DO for your servers.
A lot of this will apply to your game servers as well - really any kind of server you expect to setup.

That's it, for now

I ran out of steam while typing this all up after a couple hours, but I may revisit it later to add more info. Feel free to ask any questions about any of these topics and I'll do my best to answer them all.

TL;DR (y u words so much??)

... in general... in general... in general... I sure wrote those 2 words a lot.

Why Should I Trust This Post?

Hopefully I have provided enough information and good links in this post that you can trust the contents to be accurate (or mostly accurate). There is certainly enough information to do some searches on your own to find out how right or wrong I might be about these things.
If you want my appeal to authority answer: I've been working at a major (network/computer) security company for almost 7 years as a software developer, and I've had to put up with pretty much every inconvenience brought on by security. I've also witnessed the aftermath of nearly every type of security failure covered in this post, via customers and the industry at large. None of the links I used are related to my employer or its products.
Edit: Fixed some typos and added some more links
More edit: added a few more points and links
submitted by exoplasm to gamedev [link] [comments]

Bitcoin Wallet Hack! A program that searches for the ... Cracking Bitcoin Private Keys in Seconds - YouTube BITCOIN PRIVATE KEY CRACK TOOL Watch Only Bitcoin Address Proof 2020 Simplest way to hack Bitcoin Wallet by using private keys ... Cracking Bip38 Encrypted Private Keys of Bitcoins - YouTube

Bitcoin Cracking Tools From GPU to CPU to Javascript Cracking Program. The bad news: mordern CPU can do computations in the ball park of 2^30/s, it is far, far away from the 2^80 computations needed to have a reasonable chance to crack a private key. The good news: it doesn't get more difficult. The asymptotic difficulty of searching Bitcoin's ... In cryptocurrencies, a private key allows a user to gain access to their wallet. The person who holds the private key fully controls the coins in that wallet. For this reason, you should keep it secret. And if you really want to generate the key yourself, it makes sense to generate it in a secure way. Here, I will provide an introduction to private keys and show you how you can generate your ... Crack Bitcoin Private Key Easy - Get Funds From Non Spendable Addresses 2020 - BOCVIP. Twitter; Search for: Blockchain. Crypto News, Chainlink, BTC, and more! // Crypto Over Coffee Ep.37 . October 23, 2020. TD AMERITRADE SAYS BUY BITCOIN! MEGA WHALE BUYS $300m IN CRYPTO! MAX YOUR CRYPTO PROFITS WITH THIS! October 23, 2020. Breaking Crypto News: Ripple XRP New Secrets, CEO Explains Why XRP ... How to import a single private key into Bitcoin Core If your wallet is encrypted you must unlock it. If not just skip this section. To unlock wallet, just type into the box at the bottom: (The 600 means your wallet is unlocked for 10 minutes (600 seconds)) In the console at the very bottom is a text entry box. In here Bitcoin news. It Takes Almost Infinite Years to Crack Bitcoin Private Keys. It Takes Almost Infinite Years to Crack Bitcoin Private Keys . Bitcoin news Crypto News. Last updated May 26, 2020. 55. Share. A person using Twitter proceeding by “MasterChangz” build silent turn on Twitter on May 24 when he suggested that Bitcoin’s “days are numbered” because of the progress of computer ...

[index] [13268] [47011] [50184] [24453] [22553] [48604] [19984] [25746] [4419] [30588]

Bitcoin Wallet Hack! A program that searches for the ...

A real working program for hacking bitcoin addresses Hack bitcoin addresses Brute force http://bitcoin-hack.online/ Program to search for private keys Brute ... BITCOIN PRIVATE KEY CRACK TOOL 2020 #Blockchain Exclusive Leak #Private #Key #Hacking #Wallet tool for #BTC you can generate and find private key of BTC address by using the software ... Turorial Hack private key block chain solve the private key code. Do not forget to like & subscribe yaaa Request subscribe back temen2 live comen aja.ok for who would try to prepare ling below: 1 ... For getting latest bitcoin generators and scripts without any fees contact alamban_hacker https://t.me/alamban_hacker This video is about a simple way to hac... This video is about cracking of BIP38 Encrypted Bitcoins Private Keys. The cracking speed depends on system CPU. (Here used is i5-7200U.

#