Ungovernable Misfits

Share on social media:

In this episode of The Bitcoin Brief, Max and Q delve into the latest happenings in the world of Bitcoin and privacy. 

AOB

• Q gonna be in Madrid for WoB
• Q also gonna be in Manchester for Bitfest
• Max AOB

NEWS

• Google will soon required dev KYC
  • Bitcoin brief coverage
• Crypto asset tracing handbook
• BIS paper proposes self-KYC for non-custodial wallets

UPDATES/RELEASES

• Nunchuk adds Miniscript
• RoninDojo v2.3.0
• Mostro v1.0.0+13 Alpha
• Zeus v0.11.4 alpha
• Cake Wallet v5.3.0
• Everything powered by ARK video from Riga

BIP 39 PASSPHRASE TIPS

• https://coldbit.com/blogs/blog/can-bip-39-passphrase-be-cracked

IMPORTANT LINKS

• https://freesamourai.com
• https://p2prights.org/donate.html
• https://ungovernablemisfits.com

VALUE FOR VALUE

Thanks for listening you Ungovernable Misfits, we appreciate your continued support and hope you enjoy the shows.

You can support this episode using your time, talent or treasure.

TIME:

- create fountain clips for the show
- create a meetup
- help boost the signal on social media

TALENT:

- create ungovernable misfit inspired art, animation or music
- design or implement some software that can make the podcast better
- use whatever talents you have to make a contribution to the show!

TREASURE:

- BOOST IT OR STREAM SATS on the Podcasting 2.0 apps @ https://podcastapps.com
- DONATE via Monero @ https://xmrchat.com/ugmf
- BUY SOME STICKERS @ https://www.ungovernablemisfits.com/shop/

FOUNDATION

https://foundation.xyz/ungovernable

Foundation builds Bitcoin-centric tools that empower you to reclaim your digital sovereignty.

As a sovereign computing company, Foundation is the antithesis of today’s tech conglomerates. Returning to cypherpunk principles, they build open source technology that “can’t be evil”.

Thank you Foundation Devices for sponsoring the show!

Use code: Ungovernable for $10 off of your purchase

CAKE WALLET

https://cakewallet.com

Cake Wallet is an open-source, non-custodial wallet available on Android, iOS, macOS, and Linux.

Features:
- Built-in Exchange: Swap easily between Bitcoin and Monero.
- User-Friendly: Simple interface for all users.

Monero Users:
- Batch Transactions: Send multiple payments at once.
- Faster Syncing: Optimized syncing via specified restore heights
- Proxy Support: Enhance privacy with proxy node options.

Bitcoin Users:
- Coin Control: Manage your transactions effectively.
- Silent Payments: Static bitcoin addresses
- Batch Transactions: Streamline your payment process.

Thank you Cake Wallet for sponsoring the show!

MYNYMBOX

https://mynymbox.net

Your go-to for anonymous server hosting solutions, featuring: virtual private & dedicated servers, domain registration and DNS parking. We don't require any of your personal information, and you can purchase using Bitcoin, Lightning, Monero and many other cryptos.

Explore benefits such as No KYC, complete privacy & security, and human support.

[00:00:04] Unknown:

Bitcoin   is close to becoming worthless.   Bitcoin.   Now what's the Bitcoin?  

[00:00:19] Unknown:

Bitcoin's like rat poison.  

[00:00:20] Unknown:

Yeah.   Oh. The greatest scam in history.   Let's get it.  

[00:00:27] Unknown:

Bitcoin will go to fucking zero.  

[00:00:42] Unknown:

Welcome back to The Bitcoin Brief, the show where me and q and a catch up every two weeks to talk about Bitcoin,   privacy,   open source,   keeping your Bitcoin secure,   and the news and software updates that matter.   I just wanted say a massive thank you to everyone who's been supporting Ungovernable Misfits   and a big thank you to Foundation Devices   for supporting the show. If you haven't already checked them out, go to foundation.x,xyz.   They make cypherpunk tools for fuckwits, and anyone can use this, even me. If you have any questions or you want to reach out, feel free, and I'll be happy to go through things with you. For anything super technical, I'll pass you on to queue. If you wanna buy one of these incredible passports,   use the code ungovernable. It will get you a discount, and it will let them know that I'm shilling.  

I'd also like to say a huge thank you to the k Wallet team.   Not only are they supporting this show, but they're also bringing out some incredible features.   For those of you who actually use Bitcoin   and actually care about their privacy and security,   Cake Wallet make it incredibly simple for you to live outside of the traditional financial system.   You can use Cake Pay within the app to buy gift cards   for food, petrol, and whatever else you might need day to day. You can use silent payments,   and, of course, you can use Monero.   You can connect both Bitcoin and Monero nodes,   use coin control,   and this team are constantly innovating.  

And I'm really excited to be working with them. If you have any questions, you can reach out to me, but check them out at cakewallet.com.   Download the APK   or start using this today   on Mac, Windows,   Linux,   iPhone,   or, of course, your Android device.   Enjoy the show.  

[00:02:43] Unknown:

We're live. We're back again, baby. We're not live. No. You can edit this and make me sound somewhat competent. Yeah. Which is nice. I don't have that luxury on Freedom Tech Friday, unfortunately. So I'm well and truly laid bare so that everybody could hear my umms and ifs and you know what. Ahs and all the things. Yes. Do you know what though? I was saying this, I think, to Jordan. I was like, I actually am really enjoying the live stuff, which is a shock to me because I thought, oh, I'm gonna hate the fact that I can't edit, and I'm gonna have to let go of the reins a bit. And And there's that control freak in me of, like, trying to have things as perfect as possible. And   I actually kind of have been enjoying it because I know, like, okay. That's done. And now there's no more editing to do. Yeah. I'll put, like, an out tro on or do you know, I might spend an hour messing around with levels or something, but it's not much. And it's just nice. And I like just the fact that we can chat to people and especially when there's more people in the chat and stuff. So I'm shocked there. That's why I guess you try things you're not sure if you're gonna like. You sort of just give it a go because, actually, you can be shocked. Yeah. Yeah. Indeed. I share the same thoughts really. Now that we've got into a bit of a groove with the streaming stuff, connection issues aside is getting a bit more polished and a bit more of a routine that it is getting enjoyable, especially as you say. When people get involved and ask questions and stuff, the live chat's been relatively busy for the last couple of weeks, which is really nice to see. So I'm glad Young Governors are liking what we're putting out there. They seem to be. Behind the scenes, although there is less editing for you, there's still a lot going on to put something like that together. Oh, yeah. So, yeah, for anyone who hasn't already checked it out, 9AM   eastern or 2PM   London time every single Friday. That's for all the listeners and for UQ because I think you might have some issues with that. Should I put it in your diary?  

You're like, you can.  

[00:04:34] Unknown:

So so for contact listeners, once again, by the time this comes out this coming Friday, we will be back down to two people on Freedom Debt Friday for one week only. Okay. I am attending a a French wedding, which is the other side of the country. I've gotta drive all the way down south to head to a wedding on the Friday. So fortunately I will be present, but I'm gonna leave you in the I was gonna say the capable hands, but I'll leave you in the hands   of Max and Seth to take the reins for this week. And I'm sure it'll be a wonderful stream. I might even be in the car at the time,   so I'm gonna try and listen in because it's like a five or six hour drive for us. I might try and listen in, and I can send the wife into the live chat and start trolling you both.  



[00:05:15] Unknown:

I'd really enjoy that, especially if things are going wrong and she's just absolutely   abusing  

[00:05:21] Unknown:

us. That'd be great.   I almost certainly will be in the car at that point, so I'm gonna try and make that happen. Very nice.  

[00:05:28] Unknown:

Very good. Okay. How was your weekend, my friend? It was stressful, if I'm honest. I'm still dealing with a load of fiat bullshit. It's funny because, like, at the moment, I'm dealing with so much shit that I can't talk about that it makes me be off the ball with Bitcoin and all the Freedom Tech stuff and all the stuff that I care about for the future of my family,   the stuff that matters, I can't focus on it at the moment because we have more imminent attacks constantly at the moment. But it is a stark reminder   of just how   fucked everything is when you're trying to do anything.  

You're trying to get anything done, whether it's   schools or finance or   whatever the thing is, there is just this layer of   stressful   bullshit, whether it's KYC and AML   or fucking vaccine status bullshit or whatever the thing is that you're dealing with. There's just layer and you're just like, this didn't used to be like this. It's not that long ago that you didn't deal with any of this shit, and I'm so   sick of it. And I'm hoping that once I get out the other side of it, hopefully relatively   unscathed,   then I can refocus on what matters, and that is Bitcoin and Freedom Tech and getting the fuck away from all of this stuff as much as you can and insulating yourself as much as you can because it is only getting worse out there. If you wanna do anything, if you're not just behind a keyboard and just retweeting the same old fucking things over and over again, if you're actually building anything or doing anything or changing anything, fuck me. It's hard. Yeah. Obviously, I'm privy to more information than, you're willing to share publicly at the moment, but it certainly does sound like a stressful time. And  

[00:07:09] Unknown:

I guess that's what you get for moving to Africa. Or is it Australia   or Russia? A bit of both. Anyway, one of those places. Yeah. One of those places.   Thankfully, my weekend was a little bit more stress free. Nice. Relatively quiet, to be honest with you. I had a I had a cheeky Nando's yesterday for the first time in Oh.   Probably, like, three years. It's been a long time. Still tastes great. The only thing that's changed is the price has gone up by about 40%.   Has it? Had a bit of a shock. Yeah. It's ridiculous now. Tell me what you ordered and what the price was. I had half a hot chicken   with rice and peas.  

Mhmm. I don't know how much that was individually because, obviously, wife and daughter were with me as well, but the total Right. It comes to it was over £60.  

[00:07:51] Unknown:

Okay. And that's for three of you, though? Yes. Okay. I don't think that's that different. I feel like when did I last have Anando's? Probably like seven months ago. I had one not too long before we left. And what did I have? Probably similar. I always used to go for the four boneless thighs and then the Piri Piri chips   and then coleslaw. If I was, like, being a little bit dirty, I'd go for that. And I feel like that was, like, £20   or £25   or something like that. I can't really remember. Yeah. And Nando's is good. He didn't have you down as a boneless guy. I thought he'd be caveman style. No. Well, I I do generally. I think it was like a really you got more meat and it was like a really succulent option.   Whereas, like, you could get the wings,   but then   you didn't really get as much for me. I think, actually, bang for buck, it was one of the best. I used to go for that. Or before that, I used to go for a half chicken. Yeah. But then I found, like, half of that half chicken, which is quite dry because it was just like the breast that was, like, dried out. So,   anyway, that's probably too much information because most   people who listen to the show are actually based in America, and they they're like, what the fuck is a Nandos?  



[00:09:02] Unknown:

That was literally the next thing I was gonna say. I'm pretty sure I know the answer to this, and it's no. But they don't have Nandos in America, do they? They're quite a backward country.   They do struggle. Let us know in the comments if there is any straight Nandos knocking around in rural America somewhere, if you've ever been. Yeah. Or if you don't have any in America and you have been to one in Europe or wherever they do have them, let us know what you thought. I went to one in Portugal. I can't remember the name of it now, and it was quite a well known one, like, on this little cobbled street. Really fucking lovely place.  

[00:09:31] Unknown:

It was amazing.   It was so good.  

[00:09:35] Unknown:

Was it not called Nando's?   No.  

[00:09:40] Unknown:

It was not called Nando's. It was a proper one in Portugal. It was, like, whatever. I can't remember.   Little, like,   cafe looking thing with little tables outside on the cobble street, lovely, in the sunshine.   I sat and had that, and they got absolutely battered on wine. It was good fun. Oh, nice. Is it raining there by any chance?  

[00:10:00] Unknown:

It is. Yeah. It's raining here. That really sounds like it's coming down. Yeah. It storms where I am at the moment. Oh, nice. Yes. I'll mute my mic while maybe we jump into bit of news. Before we do, just a couple of quick bits of AOB for me. I am gonna be heading out to Madrid next month at the October   for Watch Out Bitcoin, which is obviously a Spanish Bitcoin conference that I believe has been running for maybe three,   maybe four years now. We've had a couple of Spanish members of the Foundation team head out there at least once before, had some great feedback. It's not a massive conference, but, from what I've seen by previous speakers and panels that they've had, it seems like very well aligned with the type of people that kind of listen to the Ungovernable Misfit Show, essentially, where there's a lot of privacy focused stuff. Yeah. I was fortunate enough to   get an invite to go and do a talk on Bitcoin privacy. So   gonna be heading out there. The dates, by the way, for anybody who, wants to head over is the October.  

So if you you are in Spain or within traveling distance, consider stopping by. Say hello. See my talk. And the foundation team, we're also gonna have a small booth there as well. So you might be able to buy some gear off us as well. Consider  

[00:11:13] Unknown:

going to Portugal,   having a proper proper pew pew chicken,   and then hopping across and   Yes. Going and listen to Q talk about Bitcoin. There you go. The Spanish actually are probably, of the people that I've met, some of the most   real Bitcoin types, like real privacy focused people. I know that the, the Barcelona   fucking hell, my house is about to blow away. Yeah. That sounds really loud. Mate, it's I'm I'm telling you, like,   it's fucking a bit hairy where I am.  

[00:11:49] Unknown:

I didn't know it rained in Dubai anyway.  

[00:11:51] Unknown:

Yeah. Well, it can occasionally.   It's a little bit hairy out there. I wouldn't wanna be driving. I put it that way, and I can take it.   But, yeah, the Spanish in   Barcelona, they always have really good meetups and proper privacy talks and stuff, so I'm sure it'd be good.  

[00:12:09] Unknown:

Yeah. They are a very base group of Bitcoiners.   Looking forward to that one. I've never even been to Madrid either as well, so looking forward to going and exploring a new city. Also, I will be the month after in November, I'm gonna be be heading all the way to Manchester to go to Bitfest   twenty twenty five, which is on the twenty first to the November 23. And this is being organized by I don't know whether he's head organizer, but he's got his fingers in the pie some way, shape, or form. Friend of the show, Nathan Day. Three events over three days. There's one day called No   clues on what that one's about. And then there's the main two days of the Bitfest conference as well. And I'll be going out to give once again a talk about Bitcoin privacy. So if you are,   in the vicinity,   in and around the November 21, head over to Manchester, grab yourself a Nando's. There's plenty of them there. Then come and say hi and listen to me talk again about Bitcoin privacy.  



[00:13:01] Unknown:

Do you know what you should do as well if you are there and you do see Q and he delivers a great speech on privacy? Buy me a Nando's. That's exactly what I was gonna say. Buy him a nice Nando's. Give back a little bit. He does so much out there. All these talks,   flying all around the world,   all these different cities he has to go and explore and beers he has to drink and pans he has to shake. It's tough being a robot. There you go. Well, luckily, I haven't got to travel far for that one.  

[00:13:29] Unknown:

Looking forward to that one as well. It'd be good to catch up with Nathan. I haven't seen him for a while. He wasn't in Riga, unfortunately. So Very nice. That's it for my AOB. So let's, hit the news before Max's house blows away.   First on the list is just gonna get a quick mention. The reason for that is we did a deep dive into it in last week's Freedom Tech Friday, link for which will be in the show notes of this show. Google is tightening security measures around Android app distribution.   Company announced last Monday that starting from next year, they're gonna begin to verify the identities of developers distributing their apps on Android devices   and not just those who distribute via the Play Store. This change will affect all, quote,   certified Android devices, which is essentially all stock Android devices unless you've messed around with it and put something like Graphene OS on there. So once live, the global rollout will be more gradual. The tech giant is stressing that this does not mean that developers can't   outside the Play Store. So to be clear, sideloading is still allowed. You can install an APK file on stock Android.  

However,   that APK file must now be   signed by a KYC'd   developer who has gone through the new process with Google to essentially KYC themselves. So no more anonymous or pseudonymous developers   privately publishing APKs and being able to be installed on stock Android. This is gonna begin rolling out in certain parts of the world in October   with looking to be a global rollout by the 2027.   So they are phasing it in. At present, this does not affect   non stock Android. So if you run Graphene OS or similar, then you'll still be able to install APKs from anywhere even if they are completely unsigned and the developer hasn't been through the egregious KYC crap that Google is soon to be instilling upon all of those sorts of developers. So not the end of the world if you are privacy focused Android user because chances are you are already running graphene OS on there. But, yeah, something to stay abreast of. And as I say, we did a bit more of a deep dive on this and the ramifications of it on last week's Freedom Tech Friday. So if this has peaked your interest, maybe go and listen to that show and get more of a deep dive and some takes from Max and Seth. Not maybe.   Definitely. Definitely go and listen. Yeah. Definitely. Keep your eye on it, but if you're a Grafryn user, you're safe for now. Next on the list, we   have a tweet from an account I've never heard of before. Slowmist underscore team   on Twitter has published the crypto asset tracing handbook. This is, as the name suggests, basically a PDF. It's also available on GitHub, which is linked in the show notes, talking about how they are putting into practice to trace various different crypto assets across various different blockchains. I'm I'm gonna go into a bit of details here because there is some ramifications or implications against Wasabi Wallet. But I always like to caveat this sort of stuff by saying that I just remain a little bit skeptical around   chain analysis firms   or the likes of   boasting about what they have done or what the conclusions that they've drawn. Yeah. Because it's marketing. It's marketing. They're incentivized   to make themselves   seem far more competent than they really are.  

However, with that said, there are some useful tidbits in the analysis here. So I'll do some, quoting here. A whale's   wallet private key was leaked, and the funds were stolen with the stolen assets moved into Wasabi CoinJoin.   The affected user sought the assistance of the Mistrack team. Mistrack conducted withdrawal analysis on the stolen funds mixed into Wasabi CoinJoin,   successfully tracking and recovering the flow of funds.   Subsequently, the attacker attempted cross chain transfers.   A mistrack identified historical traces of the hacker's addresses moving funds to exchanges. This that's a key point to remember that.   And assisted law enforcement in contacting the exchanges to request evidence and apply risk controls on the relevant accounts.  

Later, as the attacker further transferred stolen funds to exchange related accounts,   part of the stolen funds were successfully frozen.   Okay. So what else did they do? Yeah. The critical breakthrough was analyzing Wasabi coin joint withdrawals.   Mistrack studied input and output addresses and analyzed intersections   across multiple transactions.   Withdrawal addresses were examined for address usage frequency,   input amounts, withdrawal amounts, and post withdrawal transaction behavior.   After a series of detailed analysis,   the team successfully identified several suspicious withdrawal addresses.  

We then compiled and compared the withdrawal amount from these addresses and found that these amounts were largely consistent   with the funds that were transferred to the Wasabi coin joined by the hackers.   We discovered a correlation between different Wasabi coin joined withdrawal transactions,   and the withdrawal addresses showed a clustering relationship.   Therefore, we can confirm that these addresses are the hackers' withdrawal addresses.   Here's a bird's eye view of the hackers' coin joint transaction. Again, link will be in the show notes.   Finally, after identifying Wasabi coin joint withdrawal addresses, Mistrack further tracked stolen funds. The hacker used Ren BTC for cross chain operations.  

Analysis revealed Ethereum Ren BTC withdrawal addresses, which were then exchanged for ETH and dispersed across multiple exchanges.   After analyzing the hacker's exchange history, Mistrack team immediately shared this information with the affected users and assisted law enforcement agencies   in contacting the exchange to request evidence.   The exchange then implemented risk control measures for potentially implicated accounts.   Ultimately,   as the attacker   attempted to transfer further stolen funds to exchange related accounts, the close collaboration with Mistrack team, law enforcement agencies, and the exchange successfully froze a portion of the stolen funds.   Okay. So what can we learn from this? Well,   essentially, the crooks or the key points for me here is that the main deanonymization   they claim to have done is by correlating   It's amounts and patterns.  

Exactly. Timings, amounts, and patterns pre   and post CoinJoin behavior. So the attacker wasn't very sophisticated,   essentially.   But because they've done some consolidation,   they sent some   mixed funds   to   addresses that they've previously used with exchanges   prior to using the Wasabi coin join. So they've been a bit I say a bit. They've been pretty messy here. Pretty slapdash.   Yeah. What they've also done is use the tool that doesn't have any   post mix spending tools, which could have provided some ability for them to do   some of this consolidation in a way that provided more plausible deniability than the rudimentary technique that they've used just by essentially consolidating after   using Wasabi. So it seems to be a bit of a mix here of predominantly user behavior being very sloppy. We're also using a tool that doesn't have very high guide rails in terms of the best practices after the coin join, if that makes sense. Mhmm. As always, I wanna bring this full circle and say, look. There's a lot of conjecture here in terms of the publisher seems to draw a lot of   conclusions just by assuming that certain amounts   match up pre and post. Yes. There are some address reuse or account reuse, which obviously is has them bank to rights. But just because certain amounts match pre and post doesn't necessarily mean that they've captured 100% of these funds. And I think that's clear by the way that they've mentioned that they were able to freeze parts of it. Yeah. So I haven't read through the report, but there's a part of me that's like, it's for Salvi. Like, fuck them. Like, over the years, they've annoyed me very much and being quite dishonest and  

[00:21:10] Unknown:

frustrating,   especially early days. But the other part of me is, like, how much of this actually is flaws   in what Wasabi   has except for not having post mix spending tools because, really, this sounds like user error more than anything else. So as I say, like, there's a part of me that's, like, wants to share on Wasabi here, but, actually,   I'm not sure that it is anything to do with how their protocol is set up. I'm not smart enough to know that, but it doesn't seem that way.  

[00:21:37] Unknown:

Yeah. And, also, there's a nice little paragraph here in the in this kind of summary to this section.   It's important to note that once funds enter a mix, that the original path is unlikely to be fully constructed,   creating a natural blind spot in on chain tracing.   However, external clues can be used for lateral verification.   For example, the behavioral patterns before mixing and a consistent destination after mixing, leveraging on chain fixed amount characteristics   to trace mixing behavior,   analyzing inflow and outflow paths within a time window,   developing outflow address profiles and behavioral   clustering models,   linking post mixing paths with exchange deposits,   and leveraging open source intelligence   to supplement on chain deficiencies   and establish attribution.  

So, basically, everything that we've just said is like a mixture of a couple of things where they've just predominantly been sloppy. You could argue also not use the best tool for the job if they were really wanting to keep these stolen funds   fully private.  

[00:22:40] Unknown:

Fully stolen. Yes. If you do steal funds, you wanna fully keep your stolen   funds. Yeah. Not give them back to the exchanges.  

[00:22:49] Unknown:

Okay. Well, interesting anyway. I don't know the dates on this actually, but it always makes me laugh. These are from 2022.   So it is, like, three years old. What I was going to say is it always makes me laugh when hacks like this happen.   And then they run straight to a regulated exchange where it's like a choke point. I dunno for me, like, obviously I'm not promoting anybody to steal any funds and try to launder the money so they can keep the stolen funds. In my head, if you were gonna do it, you'd wanna sit on it for quite a while. And I'm not sure whether that would actually help anything in real life. Obviously, I'm not a career criminal, but I don't know. It feels like rather than kind of running for the exit straight away, it might make a bit more sense just to kind of sit on those and just or maybe drip them out through no KYC, peer to peer exchanges. That's what I was just about to say. You're severely limiting your ability to cash out large amounts of funds there, aren't you?  

[00:23:37] Unknown:

Honestly, like, this isn't advice. If you're a criminal thinking about stealing, like, a good person's   Bitcoin, like, reconsider your life a bit. It's kind of like I'm sure if you're smart enough to work things out like hacking and all that stuff, you're probably smart enough to, like, start a business or do something that benefits humanity in some way rather than stealing. But   if I was in that situation and someone has really wronged me and I did take their Bitcoin, what I would probably look to do is very, very slowly piece by piece be moving that   and buying physical   items   and then   moving those. So,   you know, rather than, like, getting a load and then opening a fucking KYC exchange and then giving all your details and then selling it and then being tracked because you've got your bank details and your passport and all that stuff,   buying gift cards or prepaid visas or whatever and buy a watch here that gets sold and whatever would, like, stuff that you can easily   move and just   live off that for the rest of your life rather than being an idiot. But that is not criminal advice.  

It's also not very in with the criminal mind, is it? No. You can't go and buy a Lambo.  

[00:24:48] Unknown:

Yeah. Well no. What I'm saying is, look at me. I've stolen all these funds, and, yeah, I'm gonna go and buy Tesco gift cards with it.  

[00:24:57] Unknown:

Hey. Look. There's nothing wrong with Tesco's. You can go and get a decent rib eye, a nice bottle of wine,   sit down, enjoy an evening with your missus. You can have a nice time, but, no, you can't sort of go and throw, hundreds of strippers and drive down a Lambo and do all the stuff that most of these fucking idiots wanna do. But, yeah, that's what I would do. Alright. Next on the list, this one comes from the guys at the rage. The Bank of International Settlements has proposed a paper for self KYC  

[00:25:24] Unknown:

for noncustodial   wallets. Why does this feel like Groundhog Day, like, all over again?   Oh.   Economists at the Bank of International Settlements often referred to as the Central Bank of Central Banks.   I'm not sure that that's, an accolade to be proud of. But, anyway,   they published a paper for a new approach to anti money laundering compliance for cryptoassets.   The Economist suggests to leverage the provenance and history of any particular unit or balance of a crypto asset asset to implement a risk scoring scheme   with an on and off ramps that would exclude any asset that has ever passed through a no KYC wallet   from being accepted by regulated   entities.  



[00:26:10] Unknown:

Oh, fuck off.   Just fuck off.  

[00:26:14] Unknown:

No. It gets better. Listen listen to this.   With this approach, the BIS aims to create,   quote,   a culture of duty of care among crypto market participants.   Leading users of noncustodial   wallets to not accept no KYC coins and opt for KYC ing their own coins voluntarily.   What are these people smoking?   While customer verification can be performed at points of contact with the conventional monetary system, e g crypto exchanges,   once claims move to unhosted wallets on the permissionless blockchain itself, the transactions are out of the reach of conventional forms of intervention.   Yeah. No shit.  

By using   public transaction histories, a diagnostic AML compliance score could be referenced   in any further interventions by authorities when crypto assets, including stablecoins,   are presented for conversion to fiat currency at the off ramps.   And once again, link in the show notes, but there's a an interesting image here that's, like, got, like, a color chart   and uses the word tainted and fully tainted, directly tainted,   clean tokens. It's got all the buzzwords in there, guys. You'll have a little giggle when you see that one. Wow. Unhosted   wallet.  

An AML compliance call that references the UTXOs for Bitcoins or wallets for stablecoins   could use the information on the blockchain,   including the full history of transactions and the wallets they have passed through.   A higher value, e g maximum 100,   would denote relatively clean funds,   coming mostly from, quote, allowed list wallets,   While lower value, e g minimum zero, would denote funds that are tainted by being associated with one or more wallets   known to be on a deny list.   The paper elaborates.   Who are these people, man? What the fuck? Unbelievable.  

[00:28:16] Unknown:

At that stage,   you are in a much worse position using Bitcoin than you ever were using the traditional banking system. Absolutely. Yeah. Couldn't have said it better myself. Actually,   much worse. Because at least in theory, supposedly,   banks aren't supposed to   give information on their clients to one another, and they're not supposed to give it to authorities without certain   agreements or, like, orders or whatever, you know. Whereas, if you're actually using Bitcoin in the way that's being suggested here, everything is completely   open and scored. At that point, it is full   on the worst   surveillance coin  

[00:28:57] Unknown:

nightmare you could ever dream of. Could you imagine going into the local shop, right, to buy a pack of beers? Yeah. Handing over a £10 note and the cashier being like, hang on a minute. Can you just stand there, hold your driving license in front of you with that £10 note in your other hand so I could take a photo of you? Mate, it's what they'd love. Just wanna check that this £10 note is on the allowed list and that it's got a score greater than 80 before you can buy these Canter Stella. It's like, fuck off.  

[00:29:22] Unknown:

It's what they'd love, though, isn't it? That's where it goes. That's what they want. Yes. It's just so frustrating.   Even just the use of cash,   certainly in The UK, you get some pretty weird looks, especially if it's like large amounts. If you go down Tesco's and you're spending £20, everyone's like, yeah, that's fine. Whatever. But if you go and you you wanna go buy like a laptop or like something of like reasonable value, people are like, that is definitely a drug dealer or he's definitely an arms arms dealer, or like a fucking human trafficker. Like, there's something going on here because he's got cash. So it kind of disincentivizes   people from using it anyway. It's getting harder to spend it a lot of places anyway. Like, a lot of shops and places you go are like, we are cashless. We're saving the planet. Like, no. You're a fucking idiot. There's so many of these places that little coffee shops and things that won't take cash. So it is getting harder, and then you can't get it in the bank or out the bank or it's  

[00:30:18] Unknown:

it's very frustrating. Yeah. Imagine me and you go into Nando's. I picked the bill up on my card, and you tried to give me a tenner.   I'd be like,   sorry, mate. That's not on the allowed list. I can't take it. Sorry. Yeah. I'm gonna file a suspicious activity report on you now.   Yeah. Okay. Well, I know that was pretty doomable. To be clear, that is just some bullshit economist paper at the moment Yeah. Again Yeah. At the moment. But Yeah. We'll see. Let's hit some boosts, mate. Before you do, I just wanna say that BTC wrestle had offered the other day to send in some updates  

[00:30:52] Unknown:

for us very kindly. He said, look. I think the show would benefit from some of these updates. He then put it in his diary, and then I guess he lost his diary   because he completely fucking forgot.   I wouldn't know you were heading with this. It's like, oh, public call out. Nice. Yeah. And then I messaged him just with the eyes, you know, the little side eyes things like,   where's the fucking stuff that you said you were gonna send? He is now, as we are speaking, sending some stuff over. So we may or may not have a new little section with some updates, but I'm just letting you know that he's typing away. Okay.  

[00:31:27] Unknown:

Okay. We mustn't be too hard on him because he has been a staple in the Freedom Tech Friday live chat. So He has. He's been showing up every week. So we'll let him off this time. We will. Andy offered it, and he's trying to help do all that. So we we love you, mate, but I've got to have a little dig there as well. Okay. Onto the boosts. First one is an XMR chat, WebWipe   with 0.0185271   XMR. This is for the Bitcoin brief.   Web wipe is hosting a privacy meetup in Nashville, Tennessee   on September 20.   Join us at Disk Insider   located at 1235   Martin Street from six till 10PM.  

I just realized what you're laughing at.   We'll have presentations and demos on BTC tools, including Ashigaru, Boltzmann calculator, dexes,   and more. That sounds like a bit of me, that Yeah. Nashville food. Ugh. Talking about Bitcoin privacy tools. Amazing. If you're in the area, get yourself there. Yeah. Definitely.   Now, Max, do you wanna enlighten   the listeners as to why you did that little child of people while I read out the name Disk Insider.  

[00:32:37] Unknown:

Disk Insider.   Just my dirty mind, mate. I was just imagining  

[00:32:41] Unknown:

something. Are you gonna leave that open to a different situation? Maybe listeners just swap some of the letters around in Disk Insider and see what you can come up with.   I wonder when they came up with that name whether they thought it was funny as well or not. Probably not. Probably just I'd like to think that the sign writers, when they were putting the sign up, even temporarily, like, they swapped the letters around just to see what it looked like.  

[00:33:03] Unknown:

Well, funny or not,   definitely get yourself down there. That sounds great. They're doing some really good work. That is awesome to see. Rev Huddl with 1,121   SAT says, welcome back. I'm also back to boosting   proof of forty hours per week. Add an in person podcast to your forty hours per week at the South Bend Indiana Bitcoin meetup first Thursday every month at LangLab.   06:30PM.  

[00:33:31] Unknown:

Nothing like experiencing the podcast live and in person at your local meetup. I like that we're getting some meetup stuff. Yeah. This is cool. I like it a lot. I also like the fact that the analogy of Meetup being an in person podcast. Yeah. I guess the only difference being that if you you heckle somebody, like, I could see there's pies on the list coming up, so I'm sure there's gonna be a heckle. I haven't actually read it, but at least you can get some immediate feedback from the podcast.   You get some immediate abuse. Yes. Yeah. Thanks for your boost, by the way, Rev Huddle. Good to see you back. Turkey boosted, no comment, but you sent 500.   And then Pies   Hey.  

Boosted with 421   sats. Max, your childhood sounds like mine. When they put me on Ritalin in elementary school, I didn't like the way it made me feel, so I started selling it to middle school and high school kids Brilliant. And traded it for weed. Course you did. Brilliant. Thus, beginning my criminal journey.   Then in middle school, like q and a, I took the hit for a BB gun pistol   that we were passing around because I was the only one in my group of friends with the balls enough to tell a principal to fuck off. And he couldn't search me and had to call the cops, which he did. Amazing. Amazing pies. None of that surprises me about pies. No. It doesn't surprise me either. I can't even imagine him on Ritalin as well. Although they say that it's supposed to, like, help you focus and calm down, but I imagine that would buzz him up. It'd be all over the place. But there was a bit of a black market for it. As I was leaving high school, it seemed to be all the rage, but I've not tried it. I used to take it in my last like, when I was actually had a career,  

[00:35:07] Unknown:

I used to take Adderall, and it was wonderful stuff. Do you get a comedown off it?   Not really. But I was doing Adderall in the day and then Xanax at night and   all sorts of I was snorting Adderall and Xanax as well just to fucking keep going or knock myself out. Remember us having this conversation before now. It was actually it was a bit mental, but it's great stuff, like, especially for my brain. Even if I'd gone out all night and hadn't had any sleep and I'd come into work, I could still come in and be really effective   if I took that. So it is good stuff, but it's basically what's it called? Speed, isn't it? Yeah. It's basically speed. A different form of that. Yeah. Pretty much. Yeah. A legal form of it. Yeah. And I've not ever tried speed. It was basically the same thing, but it does I don't know whether it's just particular types of brains where it works for some and not for others, but I've heard other people had a really bad time on it. I was   so much more efficient.  

But then there's other ones. Is it modafinil a lot of people take? I tried modafinil, and it fucked me up. I went to go and pick my missus up. This is when oh, I think I was just, like, editing a pod and, like, getting some stuff done, but I hadn't slept for a long time. And I was like, oh, just try some modafinil then. And I went to go and pick her up, and I had, like, the shakes.   I was sweating.   My heart was fucking going. I couldn't concentrate at all. I felt like I'd just done, like, a massive load of crack or something like that. It was horrible.   So I guess I don't know. Different things for different people. Indeed. Not medical advice. Yeah. It doesn't sound like something I'm gonna rush out to try. Idea. Not medical advice. Don't do it, kids. Thank you, Pies. Stack Jarrow says, winning.  

Caz Peland streamed 280   sats.   Club to Polymath   sent 210 sets. I haven't heard of anyone else who was a floppy disc salesman.   My parents couldn't figure out where all the discs were going. I labeled them math homework,   amazing history notes, etcetera.   Later in life, I worked with a lot of my former clients parents,   and the thought that their kids lunch money funded their habits   always brought good chuckles.   I was able to save enough for a CD burner. Oh, he's gone up in the world there. Plebs of polymath   were brothers, mate. I also didn't think there was anyone else operating at that level. That's good to hear. Nice.  

[00:37:33] Unknown:

Final one, brother Abel, 150   sats, and he said   Max was doing non KYC cigarettes before the first strand of the intellectual Silk Road was woven.   I like that.  

[00:37:45] Unknown:

Nicely said. Yeah. Very good. Very good. Oh, before we do any more questions or anything, let me just check if BTC wrestle has he sent me two things. So I'm gonna do the two things that he sent me. It might just not be a section. Ashigaru Whirlpool summary update. The unspent capacity in Ashigaru Whirlpool is 33.85   Bitcoin,   which has an unspent value of $3,700,000.   The Ashigaru pool, 2,500,000.0.   Sat pool has 265.   The 25,000,000   has a 109.   So 27.25   of the total   is the 25,000,000   sample. So that is good to see. Robosats   update. There's six online Robosats   coordinators,   six enabled   coordinators,   38   public buy orders,   29   public sell orders,   and the book liquidity is a 104,966,119   sets. Today,   active robots is 1,019.  

Twenty four hour non KYC Bitcoin premium   is currently sitting at 2.64%  

[00:39:00] Unknown:

over. Wait. What? Just wanna say that there is no premium.  

[00:39:04] Unknown:

You get a discount for KYC and on Coinbase, etcetera. Yeah. Nice. There you go. So I think I got that now. Yeah. That's the real risk premium, isn't it? And then we've got a twenty four hour contracted volume of 0.157   and a lifetime contracted volume of 94.5088   Bitcoin.  

[00:39:24] Unknown:

So there we are. I like that. I like that. Listeners, let us know. Do you want stuff like this at the top of the show, like, all the podcast do? Do you want us to mid roll it? Mhmm. Do you not care at all? Should we just get rid of it? Yeah. Or if you do like it, after you told us where in the show you'd like to hear it, also let us know if there's any other data points that you want added in, and we can crack the whip with b t wrestle and get him to send us some more useful privacy stuff. Should I tell you what he was gonna send? Yes, please. Yep. Podcast ideas he sent me. Clock movies dashboard,  

[00:39:53] Unknown:

block height,   blocks until next difficulty adjustment,   estimated difficulty adjustment, lightning capacity,   Robosats   market update that we've just done,   a BISK market update, that'd be nice, Ashigara liquidity update, which we've just done,   a KYC   hall of shame.  

[00:40:12] Unknown:

Oh. I like that. I think that would be cool. Is that where we find somebody who's got a Coinbase account and just name them? No. No. We would never do that.  

[00:40:20] Unknown:

That was a joke, by the way. I think that would be, like, the most cucked of the week, like, something very KYC,   like, hall of shame   sort of stuff. That's what I think he means. I like it. Notable software updates. We already do that. Featured Bitcoin meetup of the week. Oh, I like that. We've currently obviously done the web wipe one and rev huddles boosted in, but that would be quite nice to do a little highlight. What I'd like is a section at some point of, like, these are the really good meetups that are going on in the next two weeks, and we just do, like, a little section of here's the top five in The US. Here's a couple in The UK, here's one in Spain, bang, bang, bang. And, like, people can listen to that. There's gotta be a website for that that we can reference, surely.  

[00:41:03] Unknown:

Yeah. You'd think so. Okay. Let's see. Let's get some feedback. Thank you, b t c Russell. Appreciate it. Looking forward to building this out with you. Yeah. Definitely.   Alright. Before we hit updates, this question was posted by Bitter twenty one on Nosta for Freedom Tech Friday. But as is always the case with Freedom Tech Friday, we never ever get to the end of that list. So I'm gonna start picking out some of the Bitcoin related ones Mhmm. And just shoehorning them into the Bitcoin brief Nice. If they fit and, you know, the list isn't too long.   So, hopefully, bidder twenty one doesn't just listen to Freedom Tech Friday, and they're gonna catch this. But, hopefully, I can try and remember to send them a link to the show afterwards. But they ask, what is a good passphrase length?  

Should I treat it like an important password,   e g, approximately 20 characters,   letters, numbers, or something like the EFF dice word list?   Great question.  

[00:41:54] Unknown:

That is a good question.  

[00:41:56] Unknown:

There's a couple of schools of thought here. Like, from the standpoint of, like, which is more secure,   I'm gonna guess there's probably not much in it between, like, a generic 20 character password that, say, Proton Pass would give you where it's like a mixture of letters, numbers, and characters   versus   five EFF,   electronic freedom   foundation,   I believe.   From their dice word list, they've got a really great tool that basically a bit like the bit 39 list, but   you can just roll the dice essentially and pick out a corresponding   word. Mhmm. I don't think there's much in the way of additional security. They're probably quite equal. To kind of paint that picture a little bit more, there's gonna be a link in the show notes for this section to a a really great blog post that was done by coldbit.com.  

That's a number of years old now, but it's got some awesome information in there. Does get very technical at some points, but there is some really great kind of simple things that you can use to influence   the length of your passphrase. And before I get into this, I just wanna be clear. Your passphrase should not be memorable. Okay. If it is memorable. Because if you were to choose five words,   then it's not outside of the realms of possibility that you could remember that. And what I'm about to tell you will paint how secure five truly random words can be as as a passphrase. So   maybe I'll walk that one back, but it shouldn't be easy to remember is what I would suggest. So, again, I'm referencing this Colbit blog post that will be in the show notes for the next one. But if you   were to   choose   a dice rolled   five word passphrase from the EFF list or from the bit 39 list, as long as it's truly random,   then there's different classes of attacks. So let's assume that somebody has a top level graphics card pointed at solely trying to crack your passphrase. And they already have your 24 words or 12 words? Obviously, yeah, to lose any funds. But let's say they've got twelve twenty four words, and they just point in a high end graphics card for, like, a million hashes per second Mhmm. For them to guess a five words truly random password,   that would be 55 bits of entropy, and it would take them an entire millennium  

[00:44:03] Unknown:

That's not too long. To crack  

[00:44:06] Unknown:

a five word passphrase. But it's easy to get a graphics card. Right? So let's step it up to the next class of attack, class c, which according to this list is 100,000,000.   So is that a billion? Isn't a billion a thousand million? Eight   zeros. So that's 100,000,000.   A 100,000,000 hashes per second. John's cringing here, isn't he? Because I know he's burning this sort of shit. So So that's, like, a 100 high end graphics cards pointed solely at trying to attack your thing. That   would take   eleven years Okay. To crack your passphrase.   So you can see quickly how, like, five words is gonna be enough for most people. If you choose six, it quickly goes to it's literally infinite. Mhmm. The only kind of rough estimate figure for if you chose six words, again, completely random using the EFF dice word list,   is a class d attack,   which literally doesn't exist today, by the way. Mhmm. And that is one and then nine zero. So I think that is a billion hashes per second. Right? Mhmm. If, hypothetically, somebody was able to do that and they pointed all of it just at your passphrase and it was six words in length, it would take them two millennia   to crack your passphrase. Again, these are estimates, but you're safe with five or six words Yeah. Is the short answer to the question. I just wanna revisit the thought process around  

[00:45:23] Unknown:

not being able to remember your passphrase. And I think it's an important one,   especially for people who have single SIG because   to me, it's kind of I would treat it as like a kind of two of two multi sig in a way where if you had a hardware wallet at your home and you could access it, but you didn't have your passphrase and your passphrase isn't remembered and your passphrase is wherever in a different country in a fucking safety deposit box or something like that or buried under 20 feet of concrete somewhere that you can't access,   it means that even if somebody puts a gun to your head, you can't give them it because you can't remember it. So that might not go your way because they might put a bullet in your head because they might not believe you. But at the same time, you know that you definitely can't send your funds. I think that if you can remember your passphrase,  

[00:46:18] Unknown:

it's not gonna be as useful in those kind of scenarios or those kind of attacks. Yeah. I think that's fair to say. So as I say, this blog post that I've been referencing is a treasure trove of information. There's loads of great tables in there. There's actually a comparison   between if you were to use the BIP 39 word list,   the long dice word list, which is from EFF, which actually has 7,776   words in it. There's a short diceware list, and it even goes into, like, typical passwords like like beta twenty one suggested where it's, like, alphanumeric and things like that. And you can compare the different classes of attacks based on how much kind of power is pointed towards cracking it and, like, the length of your password and the success rate or how long it would take. This might scare a few people. But if you have a six character password alphanumeric,   a class a, so just a single GPU, can crack that in two point five days. Okay. If you bump that up to eight characters, alphanumeric,   a single ASIC would take nine years Mhmm. To crack it. So you can see the exponential   difficulty or increase in entropy just by adding an additional two characters.  



[00:47:23] Unknown:

And then just to take that one step further, if you go to 10 alphanumeric characters, a single ASIC would take eleven millennia to crack it. So longer passwords are definitely your friend. Definitely. The thing I was thinking about a few years ago when I first came across what three words, you know that do you know what three words? Where, like, it will pinpoint exactly where you are. I remember it was, like, early days of Bitcoin, and I was, like, thinking about all this stuff and, like, entropy and how hard it would be to crack. And I was watching all there was, like, a video that was, like, blue, brown, green, or something, and it was like a YouTube video where they were explaining how difficult it would be to hack   one Bitcoin wallet and explaining it with time and all that. And I was finding it a bit difficult to really, like, grasp it. The numbers were so big. And then one of my mates is like ordering a Chinese or something. He was like, I'll give you the what three words. I was like, what the fuck is a what three words? He's like, well,   just wherever you stand,   there are three words that correspond to that two foot by two foot square or whatever it is. And I was like, what? Three? There's only three things. That doesn't make sense. He's like, yeah, in the whole world. And when I looked at that, I was like, okay. I can see how this works. I could understand it better.  



[00:48:33] Unknown:

The human mind has a very difficult time comprehending   exponentially large numbers. And at the crux of it, big fuck off random numbers are essentially what makes Bitcoin  

[00:48:43] Unknown:

secure. Yeah. That's literally it. Yeah. I had a really hard time at the beginning being like, well, what if someone else generates the same address? Yeah. Do you know what I I was like, you you know, that's sure that that's gonna fucking happen at some point, isn't it? It's just at some point that's gotta happen and it's like, no. You don't understand maths well enough or these big numbers well enough to understand, but no.   Yeah. It's weird to think about though. I still don't really grasp it. Like, it's still kind of a bit like magic to me because I just I'm not good enough at math to, like, fucking understand it. I'm just like, I get in theory, no, but the numbers are so big I can't wrap my head around it. Yeah. There's one thing that's actually made me understand it a very, very little bit. There was a saying I've just tried to find it quickly, and I've just found a version of it here. One million seconds  

[00:49:29] Unknown:

Mhmm. Is twelve days.   One billion seconds, which is, like, the next step up the exponential,   is thirty two years. Here we go. Look at this one. This is scary.   One million minutes ago was approximately two years ago. Mhmm. One billion minutes ago was the year January.  

[00:49:48] Unknown:

Fuck it now. Yeah. That's fucking mind blowing, isn't it? That's weird. Yeah. That is weird. That's a way of saying, yeah. Use a long passphrase, and you're pretty fucking secure. Yeah. Yeah. Yeah. Indeed. Indeed. Just got another message come through. Bisc twenty four hour volume   is 0.2285   BTC.  

[00:50:09] Unknown:

I love that we're drip feed in these throughout the whole show. Yeah. It's nice. And number of trades is 24.  

[00:50:15] Unknown:

So  

[00:50:16] Unknown:

that's BISC. Oh, and I did also Wait. We're sorry. Sorry. Mhmm. 24  

[00:50:20] Unknown:

trades in what time frame on BISC? That seems low. I assume twenty four hour volume because he's put twenty four hour volume was 0.2285   BTC. A number of trades was low that, doesn't it? It does seem extremely low. On hold of the BISC network, there's one trade every hour. It seems odd. It seems  

[00:50:38] Unknown:

unlikely, but let's not assume that he's wrong here. But if you are Yeah. No. I wasn't assuming that he's wrong. It was more, I I guess, a sadness that if that is true, that that's not great p two p volume. I know that's only one exchange, but It's not even double what Robosats is doing, which is why I'm surprised because Robosats obviously has much smaller amounts.  

[00:50:58] Unknown:

Alright. Well, look. Hopefully, you're right, b c wrestle. If you're not, you're gonna be in some serious trouble. Alright? Just so you know.   And,   also, my Nimbox   had an announcement.   They said,   warning. We have two times an issue with the swap service,   GoXme.   They block funds for no reason. We are waiting   for hours for a refund.   If you use Truckadore app to pay my inbox services, you can easily avoid them. I guess just a warning, if you are using GoX  

[00:51:30] Unknown:

me to pay for things, maybe reconsider that. Try Truckadore. So thank you, my inbox, for letting everyone know. Nice. Thanks for that. Also, just quickly going back to the whole passphrase thing. I can't believe I forgot to shill my own shit. Oh, here we go. Bitcoin.guide/seed.   We I say we, me and Super Far Arrow have a passphrase generator in there that uses the e f f word list, and you can just input your dice rolls. So you let you just go in there. You roll a dice. You input your dice roll result, and it will just populate the passphrase   for you. Nice. So if you wanna go and do that as, like, just playing around or if you wanna download the tool and do it offline and do it for your actual passphrase,   please make sure you're offline when you do that. That's a good little play around tool that you can use and is relevant. You've got some good tools. Yeah. I can't take much credit for it. I mean, like I say, I had the idea of what Super Fat Arrow is the superstar that builds all that shit. Thank you, Super Fat Arrow. You really are a superstar. Yes. Right. Before we, hit the updates, mate, I just need a piss. Oh my god. That's we're so in sync. I'm literally sat here, like, grabbing my dick, so desperate to piss. Just before we started talking about that, I was like, I can't actually wait another five minutes. I'm so pleased you said that. I'm gonna go at the same time.  



[00:52:41] Unknown:

Oh, that was glorious.   Did you enjoy that?   That was glorious. Sometimes I question how there's so much liquid in my body.   I think it's the combination   of when I get up in the morning, I try and drink, like, a liter of water because I always feel quite dehydrated.   And then I smash   a lot of coffee, a horrible amount of coffee, which obviously makes you piss.   And then we sit down and record. And so that's that's why, you know, we're only an hour in, and I'm just sat here like, oh my god. I'm gonna explode.  

[00:53:14] Unknown:

I also have a notoriously weak bladder, and I always sit down to record this with you with a coffee. I'm also always bursting by the time we hit an hour. Right.   Let's sign off the show with the updates and releases.   Max, the first update is the Ronin Dojo. Nice to see, a new update being pumped out from, Dojo Coder. Very good to see. Version 2.3   has been released. They've updated the underlying Dojo software to version 1.27.   This release also brings the latest version of Samurai Dojo.   Here's a few things that have been updated. So they've updated all of the packages, Bitcoin Core, Tor, full Chrome Explorer, Elect RS,   updated not banned script. That's very, yeah, timely.  

New Dojo API endpoints and updated dependencies.   This update will help you to be prepared for new features that might arrive in Sentinel   or Ashigaru.   Interesting. Very nice. But the biggest new thing in this update is the introduction of Soroban,   a distributed   peer to peer network that your Dojo can leverage for a number of use cases.   The first use case available   in Dojo is Pando   TX.   When you send the transaction through Dojo, it will not be immediately pushed to the Bitcoin network, but it will be sent to a random node on the Soroban network, which will push it to the Bitcoin network.   This also means that your Soroban node will receive other people's transactions and will push these to the Bitcoin network. Mhmm. This further obfuscates the origin of a transaction because the maker of a transaction does not have to be connected with a Bitcoin node that relays the transaction to the network. We hope that this is just the first of many applications built on top of Soroban. Love it. That's interesting.  

That is like if I could draw a quick analogy that popped into my head while I was reading that. I know what you're gonna say as well. It's like a   peer to peer VPN network for your Bitcoin transactions.  

[00:55:11] Unknown:

Would you like that? That is nice. Shout out to you, Pavel. What an absolute legend. He's been one of the most consistent   people that I've met   in this Bitcoin world. It just fucking gets on with stuff.   So shout out to you. And if you're thinking about boosting this show, maybe don't. If you're about to boost us instead, and if you can, go to paynim.rs.   He's plus   b e r s e r k.   So Buesserq,   guess, g u e s s eighty nine, and go and support him because he's an absolute fucking hero. We'll put that in the show notes as well. But don't send us the sats this week. Send it to him. Agreed. And instead of sending us the stats, just share it on Fountain instead. Yeah. But, obviously, send Pavel the funds first. Yes. Do that. Well, that's not all, Max. In part of this update, we've also got Ronin UI update to version 2.6.  

[00:56:06] Unknown:

Oh. Quote, since the unfortunate   demise of KYCP   and OXT   again, we talked about that. Those are length on Freedom Tech Friday. Check it out. There hasn't been a proper way to review transactional privacy and linkability of inputs to outputs.   This now changes with the release of Boltzmann tool. Boltzmann, developed by Lauren MT and Samurais, has been integrated into Ronin UI, which means any user can now locally analyze a transaction and see entropy,   number of combinations, and a linkability   matrix.   While this tool right now is very far from the capabilities of KYCP and OXT,   we hope to add more useful heuristics in the future. Finally, since this release was about empowering users, the next feature is especially about that.  

Users are now able to change certain settings, adjust mempool expiry, turn on or off Pando TX, and other things.   We are still determining which of the settings can be adjusted by the user in a safe manner, so this screen might expand   in the future.   Your ideas are welcome. Love it. Pretty big update. Yeah. Once again, but huge shout out to Pavel and to anybody else working on this Mhmm. Sort of stuff. True warriors. Next on the list, very short mention for Mostro, the peer to peer   exchange network that runs   on Bitcoin and Nosta. Version one   alpha 13 is now available for download   via APK directly from that GitHub. Again, link in the show notes.  

Good to see another one emerging onto the market. The more peer to peer markets we have, the better and that we can push more and more people away from the KYC Panopticon.   So keep up the good work, guys. We'll be testing that on my graphene phone very soon. Cakewallets,   we have version 5.3   o. The main update here other than some Dogecoin stuff is silent payment upgrades.   For our privacy focused users, we've made significant enhancements to silent payments, making your transactions even more discreet and robust.   I'm not sure on the full details of what they've changed there, but, hopefully, it's just a bit of stability. But I'm sure Seth will   enlighten you when you do the Monero monthly. I just wanted to mention it because it's one of the only, if not the only silent payment wallet we have right now. So get out there and use it. Zeus version zero point one one   point four alpha one is available for testing. In this build, they've got l and d watchtower supports.  

They've got pay to hybrid lightning address. What's that? It's just got in brackets, BIP three five three slash bolt 12 slash l n URL pay.  

[00:58:36] Unknown:

Oh, so it's like one QR or one thing and you can send them. That's nice.  

[00:58:42] Unknown:

I like it. Swaps, restore, swaps from seed.   No idea.   Pairs, sorting and filtering.   Animated QR codes, you can now set the animation speed. That's useful if you use Zeus with QR based hardware wallet like Passport. And then bit three twenty one invoice passing. So it's like the updated   Bit 21, essentially. So it's it's what we mentioned earlier where it's all rolled into one. So Yeah. Yeah. Very nice. Again, that's in alpha, so tread carefully. And then the final one before we deep dive into Nunchuk, there's gonna be a link to a video called everything powered by ARC, and it's kind of like a behind the scenes look at the ARC implementation   by the ARC Labs team that took place in Riga at Baltikhanibadji,   which we talked about a little bit on the last Bitcoin brief. But, this is a really cool eighteen minute video that kind of goes behind the scenes. So if you wanna nerd out a little bit and see how it all came together and learn a bit more about ARC, check out that link, which will, again, be in the show notes.  

Last item on the list and one that I'm very, very excited about, and we've kinda talked or skirted around this subject a couple of times at least over the course of the past year or so. Really starts to feel like we're getting towards a place now where Miniscript is not just something that we thought would be nice to have, and it it is being incorporated into much more end user software. Mhmm. Last week, Nunchuk has released support for fully generalized MiniScript usage,   bringing a degree of flexibility and control to their users not seen before.   For those unfamiliar with MiniScript, it is a policy language invented by core developer and former maintainer, Peter Villa, to make the creation of customized Bitcoin scripts easier and safer.  

MiniScript takes the most commonly used pieces of Bitcoin script, I e signature locks, time locks, hash locks, and creates a higher level programming language for users to create custom scripts. The high level language is designed to be safely analyzable and composable, meaning that once users create customized script, they can be sure it will behave in exactly the same way that they would expect it to. At present, Nunchuk, with this release, has provided two basic templates that users can use.   They simply need to fill in the keys they wish to use in their wallet. One is a decaying multisig where after a time lock expires,   less keys are required to spend. So you could have a two of three that can then degrade after a date that you set when you set the wall up into a one of three. So you've got protection there against you losing one of your keys and you're not being shit out of luck. I love that. That's my favorite thing. Yeah. It's fucking awesome, mate. Honestly, I'm so excited that this is coming to mainstream software now. Yeah. The other is an expanding multisig where over time, all the keys can sign for a transaction   beyond the core key set. Mhmm. I you initially have a two of two, but after a time mark, again, you can define when that expires.  

A third key can sign instead. Mhmm. So instead of it being a two of two, it could be a two of three. So that could be a key that you give to a lawyer. Yeah. That, again, safe in the knowledge that that lawyer's key is completely useless until that time lock expires. Yeah. And if you wanna keep the lawyer out of it while you're still alive, you just keep bumping that time lock back and back and back. And, essentially, as long as you stay on top of it, the lawyer or whoever's got that third key in this scenario can do nothing, essentially. In addition to these basic templates, more advanced users can import any custom manuscript template they have created themselves.   Again, tread very carefully there.  

Miniscript templates can be applied to both native Segwit as well as Taproot wallets. Out of the gate, the following hardware wallets will support the native Segwit miniscript, Colecard, TapCiner, BlockchainJade, and Ledger. And the following will   support the Taproot version, which is just call card and ledger. Musik two use with Miniscript will be limited to software keys only for the time being. So you can't use that with hardware wallets because I believe none of them support Musik two. Right. That is one of the the Taproot based multisig solutions.   Right. Nunchuk's end to end encrypted communication function also has full support for mini script templates allowing collaboration between users in constructing and using template based wallets.  

So you and I could do this right now with some of the other ungovernable misfit team   using a key each on all our phones entirely geographically distributed   with decaying setup or a an expanding setup as well. So   this is very, very cool. I quickly rushed through a setup this morning on my own phone with two passports I've got here and a software key. Wanna be clear that Passport doesn't support this right now, but, Nunchuk did let me set it up. So, again, be very careful here, but we are gonna be adding that support very soon.   The setup process   is very similar to a traditional multisig where you add your keys. The only difference is that you have an additional screen essentially where you set up the initial quorum, so it could be a two or three.  

And then you set a time lock, which you can do by block height or you can do by real date in the future. Mhmm. And then you can specify   after that date what does quorum then become. Mhmm. So you could then you know, in that scenario, if I would want it to be an expanding one, after the time lock of, say, two years, my two or three becomes a two or four, and the key that I gave to my   dad then becomes active. There is some confusing bits. It talks about bit 32 paths and things like that when you're adding the fallback and the additional keys. It didn't work in the way that I expected it to. I'm almost certain that's just a lack of my own understanding.   But I was expecting it when I set up the two or three with two passports and a mobile wallet key, that when I wanted to do the expanding   part afterwards where I added a fourth key, the remaining three keys would remain identical. Well, that wasn't the case. It allowed me to keep the same mobile wallet, but it automatically changed the derivation path. Well, then for the hardware wallet key, I had to add basically, I had to export a different account number from the same passport. And I don't understand why because you would expect if it's the same wallet just expanded with an additional key that you haven't yet introduced,   that the existing keys   would remain the same. So I need to do a bit of deep dive as to why that is the case. Like I say, I'm sure it's probably a misunderstanding on my part, but that was the bit that kind of tripped me up. I was able to get to the end of it very quick and set up the wallet, but I kind of whizzed through it knowing that I'm not actually gonna put any funds in here, and I would tread far more carefully if I was gonna put my life savings into this. So I've got a a line into the the Nunchuk team, and they're very responsive. So I'll clear up my understanding now as to to why that is the case, but I'm sure there's a very good reason for it. But other than that, it's kind of just the generic multi sig wallet setup, which is comforting. I guess you could also argue that there's a couple of screens here where it shows you the mini script. It means fuck all to anybody apart from Satoshi Nakamoto, essentially. Again, it's it's early days. There's a lot of confusing stuff in there, but if you follow the guide rails, then feel free to test it out. And and hats off and Nunchuk again for pushing the envelope here and being one of the first or being the first mobile wallet to support this.  



[01:05:30] Unknown:

Very nice. Yeah. It's, to me, probably the most exciting   update for a long time. Just in terms of, like, security wise, this is just the biggest step up that degradating   multisig   for my use cases and I think for a lot of people's use cases, like, that is   extremely   powerful.   It sounds like it's another step closer  

[01:05:51] Unknown:

to an idiot like me maybe being able to do it. Once you've got all the polish of this where you put, like, a nice UI around it and it's like, rather than talking about bit 32 paths and   additional keys and stuff, and you just, like, tap a backup key here and then keep that safe. And it's there's a lot of ways that this can be polished to become a lot more mainstream friendly. It's just, you know, it just takes time. Mhmm. Yeah. Have a play around. If you've got any of those compatible hardware wallets that I mentioned earlier, have a play around with Nunchuk. Considering it's a first cut, they've done a really great job of it. So, yeah, I I'm looking forward to this being more fleshed out and easier to grok and might finally be the impetus for me to move full time into multisig. Very nice. Who knows? Alright. I made a much longer rip than I first anticipated. We've been going for nearly an hour and a half, but, hopefully, listeners, you enjoyed that. As always, if you have enjoyed the show, feel free to send us a boost or a zap and share the show. Drop us a comment. Tell us what you like. Tell us what you didn't like. There's some new stuff in there. And, yeah, just share the show. It really does help. Yeah. It really does. And thank you to everyone who has been boosting and sharing. It's really appreciated. Thank you to BTC wrestle for sending some even though not all of what you promised. We do appreciate that as well. And, yeah, love you all. Love to all the ungovernable family. See you guys.  

[01:07:04] Unknown:

Before you go,   mineinbox.i0   help keep your online   presence   hidden.   They provide anonymous server hosting solutions, virtual private and dedicated servers,   domain registration,   and DNS   parking.   They don't require any of your personal   information,   and you can purchase using Bitcoin, Lightning, or Monero.   No personal information required.   None.   Zero.   Mine in box.io.   Stay. Ungovernable.