I usually don't bother to login to comment, but I felt compelled in this case. The other replies include a lot of bad advice. You sound like you don't have much of experience actually using bitcoin (or cryptocurrencies). So the best (most secure and easiest) solution is to buy a hardware wallet and use the wallet app which they provide. I suggest either Trezor [1] or Ledger [2]. Do not buy a hardware wallet from secondary marketplaces or second-hand resale websites - buy direct from the developer's website only.
- Use a temporary email address on the order form (e.g. mailinator or similar).
- Do not ship the goods to your home address. Pick-up your order in-person at a drop-off spot, post-office, or have it delivered to your workplace.
A bit more information about hardware vs. software/app wallet:
- Hardware wallets protect your bitcoin and cryptocurrencies by keeping your private keys secure on a dedicated USB (or air-gapped) device. The private keys never leave the device.
- If you use an app on your phone or desktop computer, your private keys could be stolen by malware. This is the exact attack vector that hardware wallets are designed to protect against.
This is good advice. Notably, you don't need to use the vendor wallet software either but can use either with e.g. Electrum.
If you really don't want to get a dedicated hardware wallet, the poor-persons choice would be to (in order of preference):
* In case you're really just holding and won't be wanting to transact with it anytime soon, a paper wallet can work. Generate it on an airgapped device and never let the private keys touch a connected device.
* Use a dedicated boot environment. For example: Set up Tails on a USB drive and boot into it on your laptop, or make a fresh install on a raspberry pi or similar. Use Electrum (or bitcoin core qt / cli), store the wallet file only on a separate encrypted USB drive. Don't use this OS install for other things. Prefer connecting only over Tor, I2P, or cjdns.
* A reputable smartphone wallet. A downside here is that you will have to be very diligent with your system updates and have to keep a peripheral eye on if the author gets acquired or goes rouge etc. You'd have to do your own research but Bluewallet seems decent.
* Ignore all the advice and access the keys on your PC anyway. It's possible to do safely but as noted above it has increased risks and requires a lot of diligence.
What happens if ledger goes out of business? I recall users being able to access their funds when Ledger had a systems outage some time in the past few years.
With both Trezor and Ledger it is possible to use Electrum as the GUI (interface) app. So if they go out of business and/or stop supporting the specific hardware wallet model that you own, you can continue using it with Electrum. Alternatively, you can import the seed backup (12 or 24 words) into a new hardware wallet.
The users weren't unable to access their funds. However, Ledger Live (their desktop and mobile app) uses nodes hosted by Ledger, so effectively this meant that non-technical users who relied on their hosted nodes couldn't access their funds.
One could (and should!) still use the same wallet with a self-hosted node, or a third-party one, by using the wallet with a different software (which is also officially supported; Ledger provides docs for doing so).
> If a site is vulnerable to XSS it's basically game over security-wise.
Another reply seems to have focused on having XSS causing an attacker to gain access to session cookies. But no one has mentioned using Content-Security-Policy [0] - which if set properly can make it nearly impossible to exploit an XSS vulnerability in the first place.
Your comment is so obviously disingenuous. It makes absolutely no sense to open a Lightning Network channel to send one transaction and then immediately close it.
OTOH lightning is IMHO a joke as well, for many reasons. Funds need to be tied up, nodes generally need to be online, routing is a (mathematically) hard issue, and the channel open and close transactions (or 'add funds') would certainly become an issue on the main chain if lightning became popular.
Why? If I want to send money to Bob in Venezuela I need a connection to him. And I'm not interested in sending further transactions to him. And he is in Venezuela and cannot rely on institutions (this is the real scenario that advocates keep bringing up). How am I going to pull this off without an on-chain transaction?
You both use your lightning app connected to a LN payment processor which already has the necessary channels open with other nodes and/or payment processors.
Can't do it in Venezuela. The whole point of that scenario when raised as a reason why btc is awesome is that you don't need an attached institution and your transactions cannot be censored.
An LN payment processor is not institution, it's just a LN node which has channels open to many other nodes and to which you as a user can connect to, so you don't need to open separate channels with everyone you are doing transactions with. And if your LN node becomes unreachable due to censoring: they are often available over Tor too.
It doesn’t need a lot of BTC tied up in channels. It’s enough to have one channel open with another well connected node. Transactions can jump over several nodes to reach their destinations. And everybody can become a bank/payment processor for their friends and family with an LN node, no need for big centralized institutions.
We were talking about the well connected nodes, they need funds tied up in many channels. That's what makes them well connected. And effectively institutions. If it takes off don't be surprised if such entities start charging fees.
It's up to each node how many channels they open and how much bitcoin is used for those channels, but lots of channels doesn't make it an institution. An LN node has to play with the same rules as every other node, it cannot enforce rules like institutions. And if you don't like some LN node's transaction fees, you choose a different node for your transaction to go through. As a result the high-transaction-fee node will soon lower its fees. Btw, every LN node is already charging fees.
Internet is not required [1] to sync a full Bitcoin node. There have also been numerous proof-of-concepts for transmitting Bitcoin transactions via radio.
I think you fundamentally misunderstand why a business might buy an asset like Bitcoin. It's certainly not to participate in a pump and dump scheme - as you seem to be alluding. It takes time for a corporation to build up a position in something like Bitcoin. And it will take time to unwind that position. This is clearly a long-term hedge.
Are you sure you can't spend Bitcoin directly for goods and services? Have you tried? When was the last time you searched for physical shops near you [1] that accept it?
I can buy mining equipment or stay at an hourly love hotel located in the red light district in my city according to the map. I guess some of my needs could be met.
Not bad. I have a dentist one town over, and "Bitcoin Fabio" who has spammed the map in every major city nearby and buys and sells Bitcoin, and seems very trustworthy, because he says it is "100% safe !"
No one should be using on-chain Bitcoin transactions for in-person exchange. Partly due to the high fees, but mostly because of double-spending and lack of privacy. Lightning Network solves all of these problems. Fees are much lower, settlement is instant and clear to even unsophisticated users, and the recipient cannot see from where the funds originated.
Taxes are a different issue and that's up to each jurisdiction to solve via better legislation.
Don't you still have to pay the tx fee to open a lightning network channel? Anyway the whole thing lost me with the block size debate (always been a big blocker). Where are we at with lightning network adoption anyway?
Yes, an on-chain transaction is required to open a channel. But once open you can continue to use it forever, or until you (or your counter-party) decide to close it.
Lightning Network adoption is slow and steady. There are several newbie-friendly mobile wallet apps available [1][2][3]. Some nice improvements have been developed and pushed live in the last 18 months (e.g watchtowers [4] and atomic multi-path payments (AMP) [5]). There are now five Lightning Network node implementations (lnd, eclair, c-lightning, rust lightning, Electrum). And there are hardware projects working to bring LN into the physical space - one of which is my own project, a Lightning-only Bitcoin ATM named "Bleskomat" [6].
My understanding of the space contradicts each of your points. So without either of us providing citations, both of our opinions are pretty useless to the casual reader. But I will add some thoughts here.
> The [humongous] energy wastage of the network should be the biggest cause of concern, but most proponents shoo it away by buzzwords like lightning network etc.
Lightning Network is a second layer payment network that is working today. Its goal is to take the transaction pressure off of the base layer (blockchain). Its design has privacy built-in, so it's not possible to generate statistics [3] on its total transaction thru-put. That's also why articles like the one on which we are commenting are so disingenuous. The source they cite makes a direct comparison of the total transaction volume of the Visa network with the Bitcoin blockchain while completely ignoring layer 2 networks built on-top of Bitcoin.
> Bitcoin is popular in the west and the US specifically because it lacks the cutting edge financial networks rest of the world has. Citizens in China, India, Kenya etc can do transactions in a jiffy using their existing bank accounts, whereas ACH clearance takes longer time.
Bitcoin is not "popular" anywhere. The total number of Bitcoin ATMs [1] and physical shops/vendors [2] transacting with Bitcoin is still quite limited. The vast majority of commerce occurs online. But what I do see is that there is slow, steady growth globally. The infrastructure is still developing to support larger volumes of users - and with more diverse levels of computer skills.
> My understanding of the space contradicts each of your points.
I am a casual observer and have no investment in BTC and the comments are what I feel based on the news that reaches me. For me the most critical aspect is the energy waste, and the lack of regulation. I know crypto-anarchists distrust the govt, but if I've to choose between the r/WSB like extreme evangelism (HODL!) and Fed, I would chose the later safe option.
> Bitcoin is not "popular" anywhere.
But it is quite popular in the technological discourses and it comes up often as the future of payments. That's quite a big mindshare IMO.
> The infrastructure is still developing to support larger volumes of users - and with more diverse levels of computer skills.
I would love to be proven wrong and learn something new about the sector that increases my confidence.
> I would love to be proven wrong and learn something new about the sector that increases my confidence.
That's great. Having an open mind is a good thing. What areas are you specifically interested in? The industry is vast with deep niches and history - mining, exchanges (online/offline/p2p), scripting ("programmable money"), private key security (software/hardware/multi-sig), BIPs/forks/governance, ATMs, end-user apps, scams and shills, cypherpunk history and lore, and so on.
1. Energy efficiency of the transactions and the network
2. How democratic the process to mine new coins is.
3. What steps are taken to manage frauds, speculations bubbles etc. to protect malicious actors from gaming the system.
Those are not really specific questions. But I will try my best to somehow provide useful information.
> 1. Energy efficiency of the transactions and the network
If by "transaction" you mean a single economic exchange between two agents, then the energy cost of a single transaction is impossible to measure. Many of the on-chain transactions in Bitcoin today are "batched" to reduce their total size thus saving on fees. Each of these batched on-chain transactions can easily represent dozens of individual economic exchanges. Lightning Network (LN) takes this even further with bi-directional payment channels now representing potentially tens of thousands of transactions over the lifetime of a single channel. It requires one on-chain Bitcoin transaction to "open" a bi-directional payment channel, and another transaction to "close" it. Closing is not strictly necessary and will be less so as infrastructure and tooling improves.
Bitcoin is not really one single network. It is a few different networks operating in their own niche with their own specific optimizations. Miners can operate as dumb hashing computers with no visibility or knowledge about the blockchain other than the next chunk of data to hash. Full-nodes are typically operated by the "users" that wish to carry on the mantra of "don't trust, verify"; value their personal privacy; or are a large commercial entity. The last estimates that I saw were about 10,000 publicly reachable full-nodes and another 100,000 private or non-reachable. There are also mobile wallets that can be custodial or "light clients". Then the Lightning Network (LN), which consists of public and private nodes, mobile and custodial apps, nodes backed by full-nodes and LN's version of light clients.
> 2. How democratic the process to mine new coins is.
Mining appears much more centralized than it is - due to the success of mining pools. Mining pool operators do not control all the hash power that congregates in their pool. Instead the owners of mining rigs/operators can point their rigs at the mining pool that offers them the best ROI. Of course sometimes other reasons override the profit motive but usually only temporarily - see the SegWit political / governance drama from a few years ago. Corporations (and governments) have already started investing in mining equipment in an effort to secure their own interests in the space. They will compete with each other here just as they have competed with each other over territory and natural resources for hundreds of years.
> 3. What steps are taken to manage frauds, speculations bubbles etc. to protect malicious actors from gaming the system.
Bitcoin is governed today by the same laws and rules as other systems. Fraud is fraud is fraud. Criminals, scammers, and fraudsters use banks and cash too. From the sound of it, you would prefer to err on the side of institutions and regulation. I disagree, and would prefer that individuals take personal responsibility for their own education and finances. The world is a messy place and there is no answer for 100% of the people 100% of the time.
[ x ] Make provocative statements about the uselessness and wastefulness of Thing A without real evidence. But make sure to at least link to some source that provides the illusion of evidence.
[ x ] Recommend Thing B that claims to solve the problems of Thing A. But you probably forgot to mention that you have a financial interest in Thing B succeeding.
[ x ] Finish with unclear call-to-action that requires others to take insane financial risks to support your made up "movement" (e.g shorting Bitcoin - great way to lose infinite money).
> You think a guy smart enough to give birth to Bitcoin, and maintain complete anonymity while doing so and while communicating in public forums etc, would forget his private key?
> You just need to remember one seed and suddenly you have billions of dollars of value stored in your brain. I don't think that's a realistic possibility.
BIP39 mnemonics ("seeds") were not around in the early days. Bitcoin core software generated random private keys that were completely unrelated to one another. So it was necessary to backup the wallet file each time that new keys were created. Most users would generate hundreds (or thousands) of keys at a time, to reduce the frequency of backups.
I can still import a wallet from at least 2012 and move the coins using the official client just like it was created yesterday.
edit: and obviously you can't remember that but if you encrypt your wallet you can save it to long term storages like Dropbox / differrent servers / medias / etc, what Satoshi would most likely be doing
Any one of those individual private keys could be imported into another wallet software application (e.g Electrum). Then the funds can be swept to a newer wallet that has a seed backup.
Private keys are just numbers. That has not changed since the beginning.
The internet didn't magically appear one day in its current form. It is a pile of good-enough solutions, layered on-top of one another as they became needed. The same could be said for many of the other systems that humans have developed.
The internet didn't magically appear one day in its current form.
Correct. Considering we've never seen a decentralized store of value requiring no trusted intermediaries on its way to becoming a reserve asset before, I'd say bitcoin is doing pretty good at a nearly $700 billion market cap.
[1] https://shop.trezor.io/
[2] https://www.ledger.com/
For added opsec:
- Use a temporary email address on the order form (e.g. mailinator or similar).
- Do not ship the goods to your home address. Pick-up your order in-person at a drop-off spot, post-office, or have it delivered to your workplace.
A bit more information about hardware vs. software/app wallet:
- Hardware wallets protect your bitcoin and cryptocurrencies by keeping your private keys secure on a dedicated USB (or air-gapped) device. The private keys never leave the device.
- If you use an app on your phone or desktop computer, your private keys could be stolen by malware. This is the exact attack vector that hardware wallets are designed to protect against.
Good luck!