Ungovernable Misfits

Share on social media:

Max and Q cover the latest happenings in the world of Bitcoin, privacy and much more. 

NEWS

• Soft fork proposal
• Alby attack
• Solo Miner wins a block
• BitKey collaborative custoday improvement BIP
• Lugano Stream
• WoS Spark privacy concerns

UPDATES/RELEASES

• Trezor release
• Ledger release
• Arkade beta
• Cake v5.5.0 + v5.5.1
• Bull by Bull Bitcoin
• Bitcoin for Signal
• SatGo integrates Spark 
• Peach BTCPay Plugin
• Stack Duo v1.3.0
• RoninDojo v2.4.0

Education

• Passport guide
  • And another
• Cupcake deep dive
• Seth Ark article
• Ark explainer by Neil

VALUE FOR VALUE

Thanks for listening you Ungovernable Misfits, we appreciate your continued support and hope you enjoy the shows.

You can support this episode using your time, talent or treasure.

TIME:

- create fountain clips for the show
- create a meetup
- help boost the signal on social media

TALENT:

- create ungovernable misfit inspired art, animation or music
- design or implement some software that can make the podcast better
- use whatever talents you have to make a contribution to the show!

TREASURE:

- BOOST IT OR STREAM SATS on the Podcasting 2.0 apps @ https://podcastapps.com
- DONATE via Monero @ https://xmrchat.com/ugmf
- BUY SOME STICKERS @ https://www.ungovernablemisfits.com/shop/

FOUNDATION

https://foundation.xyz/ungovernable

Foundation builds Bitcoin-centric tools that empower you to reclaim your digital sovereignty.

As a sovereign computing company, Foundation is the antithesis of today’s tech conglomerates. Returning to cypherpunk principles, they build open source technology that “can’t be evil”.

Thank you Foundation Devices for sponsoring the show!

Use code: Ungovernable for $10 off of your purchase

CAKE WALLET

https://cakewallet.com

Cake Wallet is an open-source, non-custodial wallet available on Android, iOS, macOS, and Linux.

Features:
- Built-in Exchange: Swap easily between Bitcoin and Monero.
- User-Friendly: Simple interface for all users.

Monero Users:
- Batch Transactions: Send multiple payments at once.
- Faster Syncing: Optimized syncing via specified restore heights
- Proxy Support: Enhance privacy with proxy node options.

Bitcoin Users:
- Coin Control: Manage your transactions effectively.
- Silent Payments: Static bitcoin addresses
- Batch Transactions: Streamline your payment process.

Thank you Cake Wallet for sponsoring the show!

MYNYMBOX

https://mynymbox.net

Your go-to for anonymous server hosting solutions, featuring: virtual private & dedicated servers, domain registration and DNS parking. We don't require any of your personal information, and you can purchase using Bitcoin, Lightning, Monero and many other cryptos.

Explore benefits such as No KYC, complete privacy & security, and human support.

(00:00:41) Welcome, show format, and brief housekeeping

(00:05:19) UK weather banter and setting the scene

(00:05:22) Events and product updates: Bitfest, Envoy 2.10, Passport audit

(00:08:06) BIT-444 proposal to restrict arbitrary data on Bitcoin

(00:12:03) Critiques: miniscript breakage, Peter Todd demo, and soft vs hard fork risk

(00:18:26) Mining politics, hash power, and potential chain splits

(00:18:33) Security incident: Alby password reset spam and email exposure

(00:20:45) Feel-good story: solo miner finds a block via Public Pool on Umbrel

(00:23:05) New BIP: Chaincode Delegation for private collaborative multisig

(00:28:08) Conference notes and a privacy PSA on Spark implementations

(00:32:28) Boosts and community feedback: swaps, Moon wallet UX, and Boltz reliance

(00:37:09) Q&A: consolidating UTXOs, PayJoin, Whirlpool, and Robosats flows

(00:42:11) Q&A: Running a self-hosted AlbyHub LDK node—backup and privacy

(00:46:12) Hardware wallet releases: Trezor Safe 7 and Ledger Nano Gen 5

(00:52:35) Multisig device choices and inheritance practicality

(00:52:38) ARC in the wild: Arcade.money public beta hands-on

(00:53:55) Cake Wallet 5.5 updates and hardware support

(00:54:22) Bull Bitcoin releases Bull Wallet: features and roadmap

(00:58:12) eCash in Signal fork: UX gains vs custodial trade-offs

(01:02:30) Spark adoption notes: SatGo and Wallet of Satoshi privacy caveats

(01:03:31) Peach plugin for BTCPay and Stack Duo’s Frost multisig progress

(01:05:06) RoninDojo 2.4 and Fulcrum 2.0 stability improvements

(01:06:03) Education picks and closing logistics

(01:07:29) Stats corner addendum by John: RoboSats, Whirlpool, Bisq, and more

[00:00:04] Unknown:

Bitcoin   is close to becoming worthless.  

[00:00:11] Unknown:

Bitcoin.  

[00:00:16] Unknown:

Now what's the Bitcoin?  

[00:00:19] Unknown:

Bitcoin's like rat poison.  

[00:00:20] Unknown:

Yeah.  

[00:00:22] Unknown:

Oh. The greatest scam in history.  

[00:00:25] Unknown:

Let's get it.  

[00:00:27] Unknown:

Bitcoin will go to fucking zero.  

[00:00:42] Unknown:

Welcome back to The Bitcoin Brief, the show where me and q and a catch up every two weeks to talk about Bitcoin,   privacy,   open source,   keeping your Bitcoin secure,   and the news and software updates that matter.   I just wanted say a massive thank you to everyone who's been supporting Ungovernable Misfits   and a big thank you to Foundation Devices   for supporting the show. If you haven't already checked them out, go to foundation.x,xyz.   They make cypherpunk tools for fuckwits, and anyone can use this, even me. If you have any questions or you want to reach out, feel free, and I'll be happy to go through things with you. For anything super technical, I'll pass you on to q. If you wanna buy one of these incredible passports,   use the code ungovernable.  

It will get you a discount, and it will let them know that I'm shilling.   I'd also like to say a huge thank you to the k Wallet team.   Not only are they supporting this show, but they're also bringing out some incredible features.   For those of you who actually use Bitcoin   and actually care about their privacy and security,   Cake Wallet make it incredibly simple for you to live outside of the traditional financial system.   You can use Cake Pay within the app to buy gift cards   for food, petrol, and whatever else you might need day to day. You can use silent payments,   and, of course, you can use Monero.  

You can connect both Bitcoin and Monero nodes,   use coin control,   and this team are constantly innovating.   And I'm really excited to be working with them. If you have any questions, you can reach out to me, but check them out at cakewallet.com.   Download the APK   or start using this today   on Mac, Windows,   Linux,   iPhone,   or, of course, your Android device.   Enjoy the show.  

[00:02:44] Unknown:

Hello again, mate. Good morning. How are you?  

[00:02:48] Unknown:

Very, very well.   Very well. It was only a couple of days ago we spoke.  

[00:02:53] Unknown:

It was. Freedom set Friday. Once again, it was a fun one. Enjoyed that one. We covered spending your sats.   Shock horror.  

[00:03:02] Unknown:

How dare you? Yeah.   That was a good one. Definitely one that I'm looking into some of the things we talked about and,   had a few messages and people asking things. There's a lot of audience participation   and people with different ideas on it, so that was cool. Yes, sir. It was a fun one. Yeah. You busy weekend? Anything exciting going on? Not really. I'm away at the moment, and the air con where I am is not working. So I'm mainly just sweating my bollocks off. That's kind of my main pastime at the moment.   Nice. I must be a little microclimate there. I didn't know it was this hot in, In the Shetlands. Yeah. Well, we're away at the moment. Oh, I see. The place we're renting is very fucking hot. And where I'm recording now, got no air con, and I think it's maybe, like, 30 degrees here or something like that.  

So in fact, I actually I am actually gonna take my T shirt off while I'm recording. Hold on a second. I'll hit you. I'll hit you.  

[00:03:59] Unknown:

Well, quite the contrary over here in the old People's Republic Of The United Kingdom at the moment. The clock went back   this weekend, so it feels very dark and wintery in the mornings and the evenings now, sadly.  

[00:04:11] Unknown:

Yeah. I don't miss that. I don't miss that time where it starts just get more and more disgusting, and the days get shorter and shorter,   and it's wet and it's cold and it's miserable. I can't say. I'm envious of that. Yeah. Stay in the Shetlands, mate. It's,  

[00:04:29] Unknown:

Shetlands will be worse than my right. Shetlands will.  

[00:04:33] Unknown:

Shetlands is probably one of the worst places, isn't it? Isn't there one place in Scotland that's, like, the worst of the worst that's like, I'm sure there's a place, and I can't remember what it's called, that for ten years, there's never been a day where there hasn't been any rain?  

[00:04:47] Unknown:

Seriously?  

[00:04:49] Unknown:

Yeah. Someone was telling it to me the other day,   a Scottish guy. And I was like, really? And they're like, yeah. It's I can't remember what the place was now. Someone will verify. Probably Karen will will verify this. But there is a place supposedly where it's never well, for ten years, it's not   had a day without rain. Like, there's been the odd day where it's like a little drizzle or something, but pretty much   it rains.  

[00:05:12] Unknown:

Nice. We're really painting a picture for tourism to The UK at the moment.   So what's going on in Bitcoin land? Well, a couple of, housekeeping stuff for me before we dive into the list. Reminder that Bitfest in Manchester in The UK is coming up just a matter of weeks away.   Bitfest.uk.   You can use code q and a 10 if you wanna get a discount on your ticket. To be clear, I don't get any kickbacks from that. Just a code that mister Day sent me to, tryna pump the numbers a little bit. So, yeah, if you're in the local area   and you enjoy rain, please head down head down to Manchester and come and say hello.  

What else we got? Foundation stuff. We spoke about Envoy two one o beta   release   on the   last brief. That's now our main release. So go ahead and check your app stores or play stores and get yourselves updated.   We released the security   audit,   both the report and the response   for Passport Prime. So that is now available on our website and linked in the show notes for the technical people to go and kind of see what happened during our independent   third party audit by the KeyLab's team, what holes they were able to poke, and what we did to patch them. TLDR is basically they found a couple of very low severity   risks. Other than that, it was a very glowing report, and any of the low severity stuff has already been fixed and will be part of the base firmware when we finally begin shipping hopefully soon. What sort of low severity stuff we're talking about? Oh, you've put me on the spot now. Let me,   pull it up. The finding was randomizing PIN verification timing to reduce side channel   risk, clearing memory more aggressively after failed attempts on boot,   ensuring Shamir shares are wiped immediately after use,   zeroing   Securam when the PIN retries are exhausted,   and reducing exposure of nonessential debug pads on the PCB in future hardware revisions.  

Did tell you it's pretty technical. Yeah. Okay.   The full response is contained in the blog post that's linked below. They've all been already fixed on what form part of the the base firmware when we ship.   Last bit of AOB for me, Passport Core is out of stock at the moment, and I'm just waiting for some news from the factory as to when that's gonna be back in stock, just so there's no surprises when people head to the website and see that they can't order.   Working on it and hoping to be able to share more information in the coming days, if not couple of weeks.   Okay. How about you, mate? Any, AOB from the ungovernable empire?  



[00:07:42] Unknown:

Not really. Just busy chugging along, really. I'm gonna be doing some more artwork today. I've carved out some time. So doing that. Recorded with Chet   the other day, which is a good one. Chet.   Smiley Chet. Yeah. Normally happy, sometimes aggressive Chet.   I'll be old. Yeah. But, no, that was really good, actually. That's it, mate. Just getting, prepared for Friday again, really. Love to hear it. Alright. Let's hit the news, shall we?  

[00:08:09] Unknown:

First and the the biggest item on the list begins with a caveat.   This came across my Twitter feed less than twelve hours ago and I was sleeping for eight of those. So I've had very little time to read into this   and form a valid opinion. So I'm kind of relying heavily on some AI summary to help me   wander through this, but I didn't wanna leave it for another two weeks   before covering it. So it's very hot off the press. So bear with me if I get anything factually incorrect here. But Luke dash junior, Dasher in fact, let's nail that down first, Max.   Luke Dasher. Luke Dasher junior.  



[00:08:45] Unknown:

Dasher because it's like Dasher and Dancer and Prancer and Blitzen and all of that. Dasher with his glowing nose. Luke Dasher and co and the colloquially  

[00:08:54] Unknown:

named Nazis   Yeah. Have proposed BIT four four four, which is a temporary soft fork of Bitcoin's consensus rules aiming to last around one year intended to restrict the embedding of arbitrary or non financial data in transactions.   The main proposed changes include   limit outputs created via op return to 83 bytes of data,   basically reverting the most recent core v 30 expansion of that data field. Yeah. Cap most other script pub key outputs at 34 bytes,   I e restrict large custom scripts or data blobs. Restrict size of individual data pushes in scripts, e g limiting data payloads.   Invalidate unused or undefined script versions to prevent bypasses,   cap the size of embedded Merkle trees and Taproot outputs, and forbid   op if inside TapScripts,   which would, in effect, kill the popular ordinals inscription method.  

The proposal frames these changes as temporary emergency measures to give developers time to evaluate longer term solutions to arbitrary data and storage issues.   In short, the goal is to reduce block space used for arbitrary data rather than purely financial transactions   to protect node operators   from potential liabilities   and to preserve decentralization   of node validation.   So it seems   that they're kind of doubling down on the whole   save the children. We don't want illegal CSAM content on our nodes because daddy government's gonna tell us that we can't run a node. So we are now throwing the baby out with the bathwater. Probably not the best term to use there, but you know what I mean. And basically, we're just gonna lock down everything. And they want to get it not merge, what's the term I'm looking for, I guess, proposed   sooner rather than later. They frame the change as risk mitigation and not a philosophical shift. There's a quote here. This isn't intended to be an ideal solution, only good enough and super simple to buy time to design a long term solution.  

They emphasize that if node operators face a choice between shutting down or violating laws, it undermines decentralization and validates their incentives.   What's your your take on this, Max? Just while I pull out some more useful stuff from the summary. Well, we did talk about there was a leak  

[00:11:18] Unknown:

a few weeks ago. Was it on the last brief or the one before maybe we talked about that there was a leak. Someone had shown what Dasher was saying   that he was talking about a soft fork,   so I guess that came true.   I don't know really what to think.  

[00:11:33] Unknown:

Some other things that I've seen that are tangential to this, again, in the last literally in the last few hours from the critics,   I believe that in its current guise, it would break some of the mini script   scripting that's used. So people like Anchor Watch and things like that where they've got collaborative custody,   those transactions   could be marked as invalid or even   could act as a confiscatory   effect on those coins that are already locked by those specific kind of complex scripting.   Mhmm. Which is obviously not great because that is quite literally financial transactions under their own description, I guess. Mhmm.   Peter Todd, who is clearly one of the biggest critics of the knot camp and their recent campaigns over the past couple of months around the whole   possibility of forking and CSAM and shrieking about illegal content, etcetera,   has demonstrated   quite beautifully in my opinion   by creating   a transaction   that still embeds a lot of data   using methods that would be deemed as completely valid if this new bit proposal were to be widely adopted.  

Basically telling them that, look, you still can't stop all of this embedded data. And do you know what the data was that embedded?  

[00:12:49] Unknown:

No. I don't.  

[00:12:50] Unknown:

It was the entire text from this exact BIP   into a single transaction   using methods that would, again, still be valid if this BIP were to be proliferated,   kind of demonstrating in a very beautiful way that, look, you still can't stop it. So the unintended   consequences of locking down all this stuff, not only does it not fix your initial problem, but also it has unintended consequences where you could be blocking   what you deem as,   financial transactions.   So to me, it seems   again, I've had a couple of hours to kind of ponder on this. It seems   knee jerk and completely ineffective   at stopping the end goal of embedding data.  

It might fix some of the initial methods or existing methods,   but it doesn't fix them all. And that's kind of what one of the most critiqued opinions has been from anybody that's in, I guess, the core crowd is that you can't prevent all aspects of data embedding in in a public ledger like this.  

[00:13:51] Unknown:

Yeah. Well, we've kind of always said that, haven't we? Just like, there's gonna be a workaround. There's gonna be another way. That's why this all feels so disingenuous.   It's like   the people who are pushing   this as hard as they are and   screaming about save the children,   a, that immediately gets my back up because it's always the tactic.   And it's always the tactic by people who don't have our best interests at heart.   And then on top of that, they're not stupid. They must know that there's other ways around it. So it's like, they're not stupid enough technically   technically, at least,   that they wouldn't know, okay. We can make all these changes, and then you can still work around   it. Like, people find ways around things. So   it definitely doesn't feel like  

[00:14:40] Unknown:

a genuine  

[00:14:41] Unknown:

thing. It feels like like a lot of things have done in Bitcoin to me for a while now, an orchestrated   way to create division   to take some type of control.   It feels   like it's coming from outside of the genuine Bitcoin user groups,   and it feels a bit glowy.   That's all I'll say.  

[00:15:07] Unknown:

Yeah. There's some very questionable   terminology used in this bit as well. There's a quote here.   I'm not sure which part of it. I've just got a screenshot. It just says, there are certainly practical concerns to take into consideration,   and this reads very much like a threat. Rejecting this soft fork   may subject you to legal or moral consequences   or could result in you splitting off to a new altcoin like BCash.   That reads to me like, adopt this or we're gonna call the cops on you essentially.   That might sound a bit hyperbolic, but that's the way it reads to me. Yeah. Legal or moral implications.  

[00:15:43] Unknown:

You know, that is   yeah. It definitely reads that way. It's stupid. I don't know.   The only concerning thing, I guess, for me is, like, where does it lead? Because it's not like people aren't listening. It's not like this is, like, one of the many attacks that I'm sure   these agencies   throw at us, but it seems like it's got a decent following of people. And a lot of the people who are following along and nodding along have   quite   large reach,   And all this stuff is technical   and especially for newer users, it's really easy to sort of nod along and be like, yeah. Of course, we'll, you know, save the children. Of course, we'll do this. And, like, oh, oh, well, I don't want legal or or moral implications. I don't want that on me. What   is the worst case scenario if they get what they want?  



[00:16:32] Unknown:

What happens in the fork? To be clear, it it's a soft fork   for now Yeah.   In the best scenario.   I guess it could result in a hard fork. Let me think about how that would happen. I guess it would depend on miner adoption. Right? Because if you get some miners mining on the Bit 44 compatible   blocks   and then some miners not, you're gonna get the Bit 44 nodes rejecting any blocks that   the other miners mine. And then the miners who are mining Bit 44 compatible blocks, like, they'll be it will be a hard fork at that point. One crowd will be deeming some blocks as valid, and all the miners or minor groups will be deeming them as invalid and a node will be rejecting them.   So it could, I guess, depending on minor adoption, result in hard fork.  



[00:17:20] Unknown:

And this would be   supported presumably by, like, Ocean and, like, anyone who's in that little click,   which would make a lot of sense of why there was this massive Ocean push and why they were, like they were doing some weird stuff in the background. People have to go back and listen through, like, what me and John have gone over over the last year. And maybe John will listen to this and jump in. But they were doing some weird stuff, and it would kind of make sense because a lot of the things we were looking at were like, this doesn't make any sense what you're doing. Like, what the fuck are you playing at? And now it's like, oh, well, having some presence   and having some hash would be valuable  

[00:17:57] Unknown:

if you want to disrupt in this way. Yeah. It's just all so unclear at the moment. Like I say, it's all pretty new. I struggle to see how they would gain   a majority of minor  

[00:18:08] Unknown:

hash rate to get behind this, but we'll see. Yeah. We'll see. It's like a a show that you wish had ended a couple of seasons ago. Like, it shouldn't have continued, and it just keeps coming out with more and more outrageous   stupidity.   I wish we could just turn it off, but we can't, unfortunately, because it does actually affect people. So I don't know. I guess we'll keep reporting on it. Can't really say much more than that, but  

[00:18:32] Unknown:

another weird move. Yeah. Absolutely. Okay. Next on the list, there was   Albi?   Yes. Indeed. Albi. Last week, a lot of, if not most, Albi users woke up to a an email about a password reset on their account. Most of them had not requested that. So, basically, somebody had been attacking the Albi service,   basically trying to gain access to to people's accounts.   It doesn't appear that that was the case. There's been some vulnerability within their system, basically, that they were able to gain access to the emails of their users   Mhmm. And then send through password requests. But, obviously, unless you've got control of the the email address itself, then you you weren't able to gain access to the account. Albee were claiming that many of the requests are likely for emails that have been included in some data breach or have been publicly exposed by their owner. Password request emails have also been requested for lightning addresses, which falsely expose the user's email addresses.  

So I think that was it basically where the attacker was able to   somehow get the user's email address from the lightning address associated with an Albi account. Right. Okay. But as many users post their lightning address on profiles like Nosta, they should not be exposed, and the fix has been deployed immediately. Generally, there should be no way to display a user's email address, and we   Generally, there should be no way to display a user's email address, and we have failed here. Yeah. There you go. About 5,500   password reset emails have been requested by the attacker. So there's no massive cause for alarm, I guess, because, like I say, there's there's no evidence that any accounts have been compromised. But   the email address associated with your Albi account, if you're an Albi customer,   could be exposed as in somebody knows that this account uses this email address, essentially. So Yeah. Yeah. You know, might be a good idea to change that, but, like, again, it's it's not the end of the world, especially if you're somebody   like me where my Lightning address is public and I use Alby,  

[00:20:27] Unknown:

then it wouldn't have took you much to work out that, you know, it's not public information. Exactly. Yeah. Yeah. Yeah. Well, it's the same here because, obviously, we use Alpi as well, but then it's under the ungovernable   stuff and emails and everything. And so it's like, well, I don't know. I   they already know who it is, so I don't see that as a risk particularly.  

[00:20:45] Unknown:

Very nice. Next on the list, bit of positive news, mate. Solo miner found a block.   Oh. And not only was it a solo miner, it was a solo miner that was mining   using public pool on their Umbrel,   completely self sovereign.   So it wasn't like they were pointing their hash to c k pool, which, you know, would still be very cool. They were doing it all on their own. Everything in house. Yeah. Yeah. And it turns out they had about a 120   Terahash. They had, like, six of the beefiest   bit access that you can get now with, like, multiple chips on them. So it wasn't like it was just a single machine. They had a, you know, a fair amount of of hash rate. Still less than a single modern day s nine at Yeah. A lot less. Yeah. Yeah. Yeah. But the fact that they've won the best part of, like, $350,000   just from having a little setup at home, putting into their own node is cool as fuck.  



[00:21:37] Unknown:

Yeah. That's really cool. Are they public about it? Well, they must be because otherwise, we wouldn't know their setup. We knew the setup because the block header  

[00:21:45] Unknown:

says something to the effect of mine by public pool on Umbrel. So we knew it was a solo miner, but the the person came forward in the Bittax Reddit posting photos and communicating that it was them and that they had what hash rate they had and then everything like that. So very cool. A very cool point here as well is that the difficulty and hopefully, you can help me here. I think the difficulty   required   was, like, 212   g, whatever that means. And they hit two point o eight p. So they didn't just meet the difficulty target. They smashed it to smithereens.   Maybe it was best that we leave it for John to kind of do the maths. I know this is his his forte.  

Yeah. But all that to say is that, like The odds were low. Even with these little solo machines, the odds of of this actually happening are are very, very, very few few and far between, like, astronomically rare. But when they did meet the target, they beat it by an order of magnitude   rather than just, like, creeping over the line.  

[00:22:42] Unknown:

Very nice.   Well, congratulations to you, whoever you are. That was pretty cool. Yeah. Definitely. Was,  

[00:22:48] Unknown:

very happy to see that. I do I do, enjoy a solo miner finding a block, especially when they're doing it to their own node as well. It's just Yeah. That's cool. A flex.   Yeah. Alright. Next on the list, this is a very cool another new BIP, actually, BIP proposal, should I say, coming from some of the guys behind the Bitkey   product. And it's called Chaincode Delegation.   The idea behind Chaincode Delegation is simple. Users should be able to benefit from collaborative multisig without revealing their wallet balance or transaction history,   which is a great framing, but allow me to kind of dive a bit deeper.  

If you interact with a service like   Casa Unchained   or Nunchuk, although I think Nunchuk might have protections against this all already, but definitely with Casa and Unchained,   where you'd hold two keys, maybe one on your phone, one on a passport, and then they hold the third key. So that on the normal operation, you're the sole custodian. They can't steal from you. But if the shit really hits the fan, like you die or you lose a device,   then Casa or Unchained or whoever the third party service is   can help you get out of the shit by using their key so that you can move your funds to a new wallet where you are once again the sole custodian or the majority key holder. Does that make sense? Mhmm.   So a very useful service. Right? Especially for people who are less technically   competent or   just don't have confidence in their inheritance protocol. That's where these things really shine. But they do have a massive trade off Used in the most naive and simple way and the way that it's become common over the last five, if not longer, years   is that the third party can see all of your transactions because they are a part of the wallet.  

Yeah. That should be normal operation. So if I was a Casa customer, they could see my balances. They could see every address I use, wherever I do my spends to, wherever I receive from, everything, the whole shebang for as long as I use that service.   Terrible from a privacy perspective, especially when most of them require you to give your government ID to sign up as well. Up until now, there has also been a mitigation proposal that has not become widely adopted that kind of aim to fix that problem that I've just outlined.   Mhmm. We covered it a long, long time ago, and it's called Blinded XPUBs   where, essentially,   it aims to fix this problem by not giving the third party all of the wallet details. They still hold the third private key, so they are able to sign from you. But   you withhold all of the private information such as the balances, the addresses, etcetera,   up until a point where you need their help.  

So they're completely in the blind up until you need their help, and then you you say, alright. Okay. Here's all the rest of the information you need. Help me out.  

[00:25:27] Unknown:

Still with me? That make sense? Yeah. Yeah. Well, that's and that's not a bad trade off, to be honest, because Absolutely not. Hope that you shouldn't need that. You you hope you should never need that.  

[00:25:37] Unknown:

Yeah. Indeed. I saw somebody on commented wherever this is posted, and and it was a a great kinda summary of it is that that blinded export thing has, like, a big blast radius where it's like a one and done type thing. As soon as you need the help, they learn everything. They see everything, all of the future transactions, and, of course, all of the history as well, the whole   balance. So it's kind of like a pull a pin out of the grenade and then it's gone off and you've you've lost all privacy at that point. Obviously, that's probably a fine trade off for most people because the alternative is you lose all of your Bitcoin. So it's, like, deemed acceptable by most people.   Where this new proposal comes in called Chaincode Delegation   basically   is that   it modifies how multisig arrangements share information. So instead of giving cosigners access to the full Chaincode,   that chain code part is like the crucial part here, and it's very, very technical. I'm not even gonna try and attempt it. So just stick with me at high level. And if you're interested, read the blog post in the show notes.  

So instead of giving full access to that, it withholds them entirely.   When a transaction requires a signature, the user shares only the minimal information necessary to sign that specific transaction.   This means that cosigners like Casa or Unchained, if they adopt   it, can still participate in actions like recovery and enabling spending limits like you've got with the Bitkey protocol   without learning anything about unrelated transactions or overall balances.   So you get the best of both worlds now. Any multiparty wallet like this, corporate treasuries, family wallets, or just simple collaborative custody like Casa   can now have cosigners that cannot access the balance or the transaction history.  

So that means that well, it's just a win win all around. Right? Like, you you have the fallback, but you don't have to pull a pin out the grenade in terms of nuking your privacy when you need to to call upon the third party.   Very cool. Very, very, very cool. I'm sure there's probably some trade offs of this, but I've yet to learn about them.   I guess, obviously, the first one will be complexity to getting it over the line. Just to reiterate, this is a bit proposal at the moment. Nobody's using this, but Bitkey have promised to pioneer it because it seems like it's their team that have come up with the solution.   So, yeah, I mean, for me, if they were to do this, it make Bitkey a lot more recommendable to normies because, you know, the wallet is essentially a lot more private from the third party that which is can have the most impact on that user's privacy, if that makes sense. Yeah. No. That's very cool. I love that. Yeah. So I hope to see that proliferated.  

Like you say, it looks like Bitkey are gonna be the first one to implement that. So as and when that takes place, we will, of course, be reporting on it. What else have we got? Oh, Lugano has been on this weekend. Got some major FOMO. Beautiful city in,   in Switzerland, near the Italian border.   Looks like a really beautiful place, one I wanna get fucking when I get out to. I saw your I saw your view. Fuck you. Yeah. Seth sent us a view from his hotel room,   and it looked like basically, if you typed into to Midjourney, show me a beautiful hotel room view in paradise,   It would've looked just like that basically. Yeah. I haven't seen any of the talks. The reason I'm mentioning it is there's a link in the show notes for a ten hour stream for those of you that want to go and catch up with all of the talking heads. Seth was on a privacy panel with Odell and a few other privacy advocates. So definitely I'll definitely be checking that one out as well. And the last one is just privacy   PSA, I guess. There's been lots of talk of Spark and Arc at the moment in terms of the thing, in terms of scaling that everybody,   myself included, is quite positive about and feeling quite bullish on. But I came across a a note on Losta from Evan at Zeus   highlighting   some quite drastic flaws in the privacy of one of the implementations here,   specifically   the Spark implementation   in Wallet of Satoshi,   where they are using I forget the company name now, but it's not David Marcus, his company. Lightspark.  

They're using them as a back end because they are the ones that are pioneering the Spark   implementation   of this. Basically, Evan is   rightly so shining a light on the complete lack of privacy that the Wallet's Satoshi implementation has. He says, in case you missed it, if you have someone's new Wallet's Satoshi Lightning address, you can look up all of their payments on the Spark transaction explorer,   which is fucking horrible. Nice. I believe that this is something that can be quite easily fixed by the LightSpark team who are running the back end here for the Wallet Satoshi Spark implementation,   but that has not been   fixed or publicized   at the moment, which is why I'm talking about it here because Just use LightningPro privacy   and stuff. Yeah. So it seems like it to be fair, Ben the Carmen here as well has actually made a little tool   literally called Spark Invoice Doxer   where you basically paste in an invoice   from a, you know, somebody's wallet, Satoshi wallet, and it will just give you all the information that it gets from the Spark transaction explorer to show   balances and payments and stuff, which is fucking horrible. I believe that not all Spark implementations   have this downfall.  

I believe that the Breeze guys have done it in a such a way that this is not an issue. But maybe it's I think it's probably worth, getting Seth to talk about this in greater detail on Freedom Tech Friday because, Didn't he do, like, a disgustingly  

[00:30:54] Unknown:

long  

[00:30:55] Unknown:

rock That was what I was just about to say. Linked at the very bottom of the show notes this week, I've actually included an education piece. I'll quickly cover them now because, there's, two passport guides in there by Vibrant, which are great, by the way. Thank you for those. Nice. Thank you, Vibrant. There's a great deep dive on Cupcake from the k quality team. I believe took through that one. There's an ARC video explainer by Neil Woodfine.   Very great ARC explainer. It's actually not a new video. I just came across it. And then there is the new ArcSpark   comparison   from our good friend, mister Seth, for privacy that dives into all of the details and the trade offs of the different implementations.  

So if you are concerned by this, which to be clear, you absolutely should be. And if you are using what is associated in the new noncustodial manner, I would urge you to stop until they fix this because it's horrible. Yeah. Definitely don't use it. If Breeze have it why do Breeze always do everything right? I never we never Slack Breeze off. Honestly, Roy is a fucking legend. Like, he just quietly sits there   shipping cool shit. He's always at the forefront of new shit, and he always writes awesome blog posts.   Big fan big fan of Breeze and and Roy. And it's him. So that's why.  

Shout out Roy. Yeah. Roy just gets it. But also what I do like is, like, they've got a a liquid implementation, which, you know, I'm not a big fan of. But he's pragmatic about the approach, and he's like, look. Until something better comes along, like, this is a viable trade off that I know some of my users will use. Yeah. Doesn't go running around, like, putting shit at everybody else. He just builds shit and says, look. This is it. Here's the trade offs. Use it if you want. Yeah. Very cool. I love that. Alright. Should we hit some boost, mate, before we, get to the software a bit? Yeah.  

[00:32:32] Unknown:

Yeah. Let's do it. Late stage Huddl with 6,006   sats. Keep up the good work, my friends. Thank you. Thank you, late stage Huddl. Sir. Yeah. Nice boost. Rev Huddl with 721.  

[00:32:45] Unknown:

I've been using Moon Wallet as my submarine swap service of choice because there is no minimum amount required for a swap.   As Max mentioned, it's a bit frustrating because the wallet needs to be empty for the swaps to be effective in maintaining privacy.   Because there is no coin control, it's impossible to be sure UTXOs   won't be consolidated when swapping. This means only moving one UTXO through the wallet at a time to accomplish change consolidation   on a lightning channel.   Because there is no send full balance feature, which makes no sense to me whatsoever   This is what I was saying the other day. It's sort of fucking mental. He said it takes a few tries to get the swap to leave and the wallet totally empty. We need more swap services and not just everything using Bolts on the back end. I agree. To be clear, I think Bolts is fucking incredible. It's such a useful tool. The sole reliance on them as they're the back end for a lot of these wallets now. A lot of the Breeze stuff uses Bolts. I know the Aqua Wallet uses Bolts. I think Bitcoin might be using it as well. It works, but it's like if they go down, a lot of these wallets are gonna have significant issues if you're trying to pay I don't know, let's say it's Aqua and you hold your balance in light in liquid and you're trying to pay a a lightning invoice. If Bolt is down, like, you ain't making that payment. So it is like a single point of failure. Not from a theft perspective because, again, everything they do is atomic. Like, they can't steal from you, but I guess if they go down or get taken down, like there's a lot of wallets that are gonna have difficulty. On the flip side to that, like I'm sure it's not easy to run a Bolt Server. Like the amount of liquidity management that you need to do on a daily or minute by minute basis is probably mind blowing. And then you've gotta balance that out with on chain fees, with liquid fees,  

[00:34:24] Unknown:

with channel management fees, and stuff like that. That's a lot. I can understand why there's not many players in this space at the moment. I hope there will be, but, yeah, we'll see. Well, at the moment, Bolts does do an an incredible job. And Moon is great, but as I'd said, oh, this could just be me being a fucking idiot, and I haven't worked out how to use coin control or   send all feature.   But Rev Huddl is not an idiot, so I'm pretty confident it's not me now. And it would be nice if they could just do a send all or coin control, something like that because it is  

[00:34:56] Unknown:

great. Other than that, it's just hopefully, that wouldn't be the hard I mean, is that the hardest thing to add in? Send all? I don't see why not. I mean, it seems like it would really streamline the UX because it's like, send the maximum amount, take the fees off the top. As long as you communicate back to the user, look, your balance was 75,000   sats. But when you press send all, you're actually only gonna be sending 73,000   sats because here's the fee. Yeah. Go for it. That's the way it works in most wallets. Yeah. Even if it's not a swap, like, if you press send max, you'll see how much is gonna be spent because, you know, the wallet has no choice but to skim the fee off the top. Yeah. Okay. Well, if anyone from Moon is listening and you're still actively developing in any way, we'd really appreciate that if you did it. It's, funny to me actually how Moon hasn't made a resurgence in terms of, like, popularity and people talking about it because the fees have been so fucking low that it works really well at the moment. You know, once up a byte, Moon is primed for making stuff really easy. But do you know if it's even been maintained? Have you seen any updates recently? Honestly, I have no idea. The only reason I started using it again is because our good friend, Black Coffee, suggested it because I was having a load of problems with swaps and whatever. Don't need to go into it. Just I was having loads of issues. He was like, like, just use Moon. It's really good. It's cheap. It's like it works. I was like, oh, yeah. I'll try that. But other than that, I've not heard it talked about or really anyone using it or any updates  

[00:36:15] Unknown:

about it at all. But like you say, this is the perfect time to be using it. If anyone knows, let us know. It is. I've I've just checked. Yeah. They had version 55.3  

[00:36:24] Unknown:

last week. There's no release notes or anything like that, but Okay. They're still updating the code, which is good to see. Okay. Over to you, mate. Hapalmos  

[00:36:33] Unknown:

to Bitcoin.   Hapalmos   to Bitcoin. I'm definitely was pronouncing that wrong. An orange love heart. Thank you. And five 100 sats. Thank you, sir. Yeah. And 500 sats. Pies. Hey. Chingity ching.  

[00:36:45] Unknown:

With a 121   sats, salute, strong-arm, mushroom,   emojis.  

[00:36:51] Unknown:

Eric PP   streamed 560   sats.  

[00:36:55] Unknown:

Chad Farrow streamed 1,780   sats. Thank you, sir.  

[00:36:59] Unknown:

Kaz Peeland  

[00:37:01] Unknown:

with 900 sats. And Block seven streamed 860  

[00:37:05] Unknown:

sats. Thank you all to the streamers and the boosters. Yeah. Thank you very much. Right, mate. Once again, I'm gonna let you choose. Updates or questions?  

[00:37:16] Unknown:

Let's do questions.  

[00:37:17] Unknown:

Oh, okay. I'm gonna let you tackle the answers to this one first before I do. It comes from TamTam Bam on Nosta who originally tagged it for Freedom Tech Friday, but I thought it was worth us   covering it here. They said, I'm thinking in the context of building your non KYC stack. When consolidating   your UTXOs,   one compromised transaction could lead to the ownership of all other UTXOs   being revealed.   Correct? So rather than consolidating your coins in your wallet, would a better method to be to pay your entire balance   through PayJoin to one address? Would this be enough obfuscation   to not connect all of GTXOs   to one owner?  

Or are there any other methods you would recommend?  

[00:38:03] Unknown:

Yeah. My recommendation would be don't consolidate   unless you really have to. Unless you've got   really, like, stupidly small UTXO sizing that's just not gonna be useful,   I would say   leave it personally because   every time that people worry about fees, it's not long until   we don't worry about them.   What seems like a small UTXO   day in sort of a few years, then suddenly it doesn't look so weird. Like, I look at some of the UTXOs that I consolidated,   you know, four, five years ago, and now I'm like,   you know, that I didn't need to do that. That that's, like, more than was necessary.   So   consider not consolidating.  

And then if you have to,   I would hope that you label well enough that you don't mix   like, for example, if you're buying from a KYC exchange, a load of them,   and then some of them are, you know, non KYC from mining or,   buying from peer to peer or something like that, if you label them properly,   then you could   safely consolidate   all the well, I say you bought a load from Coinbase and you've got 50 UTXOs.   They already know that you've bought, and they are tracking you. So   consolidating those, I don't think is so much of a problem. And the same if you're buying from one entity who's non KYC,   I'd probably do that if you're gonna consolidate at all. In terms of the pay join stuff,   I don't know. Q, you're gonna know better than me on that, but I don't think it would be a good idea.  



[00:39:41] Unknown:

Yeah. So generally agree with everything that you said. Like, don't consolidate unless you have to, like, unless you're really concerned about the size of your UTXOs.   I would say   100 k SATs is the smallest I would go these days at the moment just to be have a bit of, I guess, future proofing.   Would I pay join them? No. Because   the point of pay join is to kind of obfuscate or or for the the common input ownership US citizen sender and recipient where there's two people mixing their UTXOs.   If you're doing that with your own UTXOs,   it would provide some level of plausible deniability or or multiple interpretations for the transaction.  

You could also use something like a Stonewall in Ashigaru   or in Sparrow.   That would also enable you to   combine some coins and consolidate at the same time   and provide multiple possible interpretations.   But you're still ultimately consolidating. So you're still kind of giving some possible threads that could be pulled on in the future   to de anonymize or or cluster together those coins.   PagerDuty certainly won't be the strongest way to do that, especially if it's just you doing it.   Some other options that you've got,   it depends on sizing. Like, if you're buying, you know, a couple of thousand dollars   per month and you're a bit of a whale, then I would say   each UTXO is probably gonna be large enough that you don't need to consolidate them anyway. Or if they are on that threshold and you wanted to consolidate, you could use something like Ashigaru Whirlpool where you can consolidate through, let's say, one of the larger pools.  

That would give you very good privacy protections, but, obviously, you've gotta consider   the cost of doing so and also   the fact that   those coins have clearly been through CoinJoin service, which may or may not cause you headaches in the future depending on what you plan to do with that Bitcoin. If you're not a whale and you're just stuck it in smaller amounts,   I think a great solution is to use Robosats,   buy via Lightning, build up your Lightning   balance up until it's to a point where it's big enough that you got 500,000   sats now, and then use a loop out or a swap service to then take that out of your Lightning channel and into a new UTXO on chain. Great privacy from who you're buying from and gives you a fresh UTXO   on the Blockchain. The only history it has is coming from a Bolt swap service. So that would probably be the ultimate way that I would suggest that you do it is that you build up in Lightning   and then just swap out when your channel gets full. Yeah. Good channel. Alright. The next question we have, and this one came in just before we started recording. So it comes from Observer on Nostra.  

So caveat, I've not had much time to do any research here, but I included it because I think Max might have used the service before as part of Albi.   Observer asks, what are the risks of running an LDK node, e g, self hosted on Albi Hub? And he's give some hashtags here with regards to backup, restore, and privacy.  

[00:42:37] Unknown:

Is this a service that you do use or have used in before, Max? Or have you got Alby Hook connected to to a node that you run? No. I've not got it connected to a node that I run. I just use their I can't remember what it's called. Like, I pay them, like, 20,000   sets a month or 10,000 sets a month or something like that. And   they do all the hosting and all the   stuff, whatever. I don't really understand it, to be honest, but it works. I only use it for Nosta   connected to Noster.   And does it collect the sats that come in from boosts?   No. That's fountain. I can't remember. It's it's one of those things that is I've done it so long ago. I updated it so long ago. I can't remember. I can't answer that question well for you at all, mate. I'm sorry. I've just seen it. I don't know if I mentioned it when I met when I read the question, but the caveat was self hosted AlbyHub.  



[00:43:27] Unknown:

Oh, okay. No. I've not. Yeah. That makes it a bit easier to answer, I think. If if you're self hosting it, then it's running on your own hardware. Then the kind of trade offs in terms of backup, obviously, you're responsible for the backup.   I believe LDK   and I'll be hope just uses a normal 12 word recovery phrase,   which kind of makes things nice and simple. Restoration, again, I I've not gone through that process, but, presumably, it's just gonna be whacking in your 12 words and probably a static channel backup.   But I don't know whether LDK actually uses those or whether they have something   different. It's not a service that I've interacted before.  

And in terms of privacy, again, if you're self hosting it,   then the privacy is probably   pretty good. I'm gonna presume that the route finding will be done by the LDK lightweight node that you're self hosting.   You'll have all of the usual   receiver side privacy pitfalls   that   generic lightning does. So, you you know, you're gonna be sharing the UTXO ID that funded the channel or channels.   It's gonna be clear which node is being paid from the invoice, but that's just a lightning problem, not necessarily an LDK problem. But generally speaking, as it's self hosted, it's gonna be pretty good privacy just due to the fact that it is kind of self hosted. Mhmm. If you're using that in conjunction   with, you know, the LDK node is running on some hardware that you have, say, Raspberry Pi Home or similar,   but you're then using   the Albi   service where they have the the Lightning address functionality,   then that does give you a little bit of a privacy and a security trade off where the privacy trade off would be because I'll be the one serving your, you know, max at ungovernablemisfits.com   lightning address on their web server and then pointing it to your node, they can see whenever you get paid. So they have your transaction   information. They presumably will see the bounces because they'll be, yeah, I'm not sure on that one.  

And then the security risk is that, again, because they're the one hosting your Lightning address, they could in theory not ping your node, your LDK node for an invoice when somebody wants to pay you, and they could give an invoice from their own node so that   when somebody's paying Max on governablemisfits.com   and it goes through fine, it could be going to a malicious ALB because they're the one hosting   the lightning address. But, again, that's not specific to LDK.  

[00:45:44] Unknown:

It would be quite silly for them to do that, though. Yeah. Absolutely. Because they'd quickly get found out, and lightning invoices   generally aren't massive.   So it wouldn't take long to destroy their business. Of course. So it is a risk. It is a risk, but it's kind of maybe one that people shouldn't worry about too much. I agree. I agree. They're financially incentivized not to be dicks.  

[00:46:09] Unknown:

Right. Make sure we hit the updates and releases.   Let's do it. Let's do it. The Trezor guys had a rather large event last week to announce the launch of their new Trezor Safe seven.   Seems that they invited every possible influencer on Bitcoin Twitter, which ironically like me. Not many of them were open and honest about the fact that they were, you know, all expenses paid to go out there and talk about the device. Some were in fairness, but not all of them were. So they were all, seen having a what looked like a quite a lavish party, a launch party for the new Trezor Safe seven, which includes the long awaited Tropic Square is the company. I think it's called Tropic o one. Their,   quote, open source   secure element. The reason I say quote open source is I believe quotes. I believe it doesn't actually fit the open source definition. I'd need to look into technically why, but I've just spoken to a couple of engineers and it's more open than most chips, but not fully open source is the fair assumption that I've been told. Is it a step in the right direction compared to other chips in terms of openness and auditability?  

It seems that way. Yes. Absolutely. To be perfectly fair. Open source has become quite loosey goosey. It's just like, yeah. It's it's open. It's open. Yeah. I mean, there's open stuff and there's things that are open. I opened a door to get into my office, so it's pretty much just open source. Yeah. Indeed. I believe correct me if I'm wrong listeners, but this is the first ever Trezor hardware wallet with a secure element. I think oh, actually, no. The Trezza five last time. Did that have a chip? I think it might have. But this is obviously the first commercial hardware wallet with their very own Tropic Square, quote, open source secure element in it. I guess from an engineering perspective, it's good to see that that's actually made it into the mainstream onto a, you know, a customer facing device. But I believe, you know, just be careful around the claims of fully open source because I believe it doesn't meet that definition. I'm gonna try and do a bit more homework and work out why that is. I'll probably have to speak to Zach and stuff. Before we sound like we're shitting on it, that obviously is a step in the right direction, at least in some way.  

[00:48:07] Unknown:

Is it a decent device? I saw seed signer was shitting on them because of the influencer stuff and all that. And it's kind of annoying, a lot of this stuff. And most of these  

[00:48:17] Unknown:

influencer types wouldn't even know how to fucking turn it on anyway. They're on wallet, Satoshi. Yeah. To be perfectly clear, I am not shitting on this device. I think this is the best device they've ever made. They've done some Okay. Very good on engineering decisions here. It's got a solid metal body to give it some heft and some kind of stiffness, and so it doesn't feel like a plastic toy, which to be clear, I've picked up the Trezor five at conference once, and it felt like it was filled with helium. Like, it did not inspire me at confidence whatsoever. They've got encrypted Bluetooth. Seems as though they've gone down a similar route to what we have with Quantum Link. They've got some very, very questionable marketing around the device being quantum ready security,   which a lot of people have called them out on the bullshit.  

I think they just threw in the quantum ready to kind of use the buzzword, but they've used it very loosely. Basically, that it's prepared for a quantum ready update, but it's not quantum resistant at the moment. And the marketing's a bit misleading around that, unfortunately.   What else have they done? It's got magnetic   wireless Qi charging, which is, I believe, the first in a hardware wallet, which is very good to see. Much bigger color touchscreen.   And what else have they got? Yeah. That's about it. It's just it's the biggest device they've ever done. Seems as though it's the highest quality device they've ever done. I like the encrypted Bluetooth,   and I like the form factor, albeit it still looks a little bit on the small side to me, and it seems like it could be a bit fiddly to be entering seed phrases in. But, yeah, obviously, they're a competitor, but, like, this from my perspective is the best device they've ever done. Okay. Very good. Talking of shitting on people, Ledger have also done a release, the Nano five Gen five,   which has been released. I have not logged into this one as much, and this had a much quieter release.  

They're still sticking with this stupid e ink display. I've no idea why they're doing this   and how they're able to sell so many of them considering it looks so dog shit.   But this seems like they've kind of mashed the flex, like, the bigger device with the with the larger e ink display   with the the nano, which is the most popular on which up until now has been the the USB   stick design.   This is kind of like a squash down version of the both essentially, where it's got an e ink touchscreen display, but it's much, much smaller and it's kind of rectangular in in shape. Other than that, I don't think it's got any new features worth shouting about.   Interestingly, they've gone down the marketing route of protecting your digital identity. Where have we heard that before?  

They really can't talk. Yes. Yeah. Indeed. So I don't know what this is gonna market at. Is there any pricing on the list? No. I can't see any. I just can't wrap my head around this whole e ink display for hardware. Well, it just doesn't seem to make any sense whatsoever. Like, who wants to interact with one of those   when everybody's used to, like, really bright OLED displays on their phone? Like, it just feels like such a backward step. Yeah. I don't know. Maybe they're trying to be all cool and  

[00:51:08] Unknown:

retro or it's not even really retro though, is it? I don't know. I don't know. I haven't used Ledger for a long time. Meaning They let everyone down in such a big way. Yep. But Zach seems to be a massive fan of them. The same UI as the Flex on a smaller screen. Like, it doesn't seem anything groundbreaking. It just seems like they've shrunk the Flex and put it in a cheaper designed housing, I guess, $179.   So as things stand now with hardware,   we've talked about this loads of times, but, like, if you wanted to have   multiple devices from multiple vendors and you are using multisig,   what would be your   go tos, obviously, Passport? But would you still say Passport, maybe SeedSigner?  

Is there anything else that you'd currently throw in there or not? Honestly, I wouldn't use SeedSigner  

[00:51:55] Unknown:

for my use case because   I don't trust that my wife would know how to load a seed into it and and deal with it. Got you. Like, it just it's just unnecessary added complexity.   That's not an attack on the device itself. I think in the right hands, it's one of the best options on the entire market. But for me and my inherited use case, like, I don't want my Wi Fi having to deal with loading seeds into shit. Like, it's gonna be a struggle for it to know the pins to all of the devices. Like, just I wanna keep it simple. Fair enough. Yeah. I don't know. Right? The Trezor that we spoke about seemed compelling. I've never used it, but, like, just from looking at it, I would throw that one in as a third option. Maybe just two passports Mhmm. And a Trezor. Okay.   Okay. Next on the list, back to more ARK news. The ARK Labs team   have now got their public beta live of their first web wallet, so you can interact with the ARK protocol   on mainnet. If you go to what is the URL?  

Have you tried this? I have tried it. Yes. Somebody sent me a couple of sats last week.   Very, very simple web wallet.   Send, receive. Just gives you an ARC address that looks similar to a Lightning address. The interaction of sending and receiving is the exact same that you're already used to. It happens instantaneously,   and that's literally it. If you go to arcade.money,   and arcade is with a k, not a c, obviously, because these these are Bitcoiners   if you wanna test it out. Again, it is a public beta, so don't be reckless. Yeah. You can go ahead and test it. Progressive web app at the moment, so you you can save it to your phone or you can just interact with it on the desktop. Yeah. Good to see it make it into fruition. This is basically the wallet that I used when we went to   Baltic Honey Badger.  

It's the same thing, just in a more polished version that's ready for public beta testing, essentially. So once again, good to see more of the the ARK ecosystem   being built out. Signpost you to Seth's   article linked in the show notes if you wanna learn more about this sort of stuff. Speaking of Seth, Cake Wallet version 5.5   has been released.   I believe they also quietly launched five point five point one with some bug fixes and enhanced Trezor support last week.   The headlines here, yeah, just support for the new Trezor device, support for a Bitbox device on the Android app,   to be clear. IOS continuing to make things more difficult there.  

I think that's the main BitCurran related stuff.   Yeah. So it's just hardware wallet support, for those two devices.   Okay. Next on the list. This one had much fun fair last week as well, Max. I don't know whether you saw it, but the Bull Bitcoin team have released   publicly  

[00:54:29] Unknown:

the Bull wallet. Seen anything about this one? I haven't actually. No. What is the Bull oh, hold on. Is this something like they have  

[00:54:37] Unknown:

pay join built in or something like that? Yeah. Is that what they did? It's come out the box, pretty fully featured. I I got a sneak peek in Madrid. I was with Ben Kaufman, who now works over there, which is, you know, a great indicator for a company if Ben Kaufman works along. Yeah. Headlines, fully open source, MIT licensed, reproducible build's coming soon,   operates on top of BDK similar to Envoy,   uses BIP 39. You can connect to your own nodes, supports coin selection, labeling,   mempool based fee algorithms,   Bitcoin only. You can use watch only wallets. It supports Passport, although I believe that's a hidden feature at the moment. But they've got support for most of the hardware wallets about to land. What else do they do? BIP 35   derivation, testnet support. It supports Bitcoin, Lightning, Liquid.  

It's got a good way of segregating   your cold storage if you've got a a hardware wallet connected.   I think they call it your spending balance, which is basically   under the hood. I think it works similar to Aqua,   where you hold your balance in liquid, and then you're able to either receive   or spend to Onchain   or Lightning via, again, the Boltz team.   So whilst they still have some significant trade offs of anything within that spending while it is on liquid, so you are not custodying the Bitcoin, it makes, like, onboarding very easy where, you know, you have the traditional send and receive. You don't have any headaches of channel management, and you can still pay on chain or lightning or obviously liquid because it is under the hood a a native liquid hot wallet, essentially. One cool thing as well that I didn't know until I heard Francis   talking about this is that they have auto swap feature for the hot wallet.  

So when   if you reach a million sats in the spending balance, which, again, under the hoodies, funds held on liquid,   it will automatically   swap the funds into a on chain BTC wallet. It'll do that automatically for you. That's quite good. And you can change that threshold as well. So you could down dial it if you want to if you're only comfortable withholding   50,000 sats or a 100,000 sats on liquid   such that once you reach that balance, the next time you open the wallet, it will automatically do a swap and then send the funds   to an on chain hot wallet, again, controlled by the same private keys because it's all done on BIP 85.  



[00:56:52] Unknown:

That's quite cool. Yeah. And so when they're developing this,   obviously, Bull Bitcoin is like it's an exchange as far as I was understanding   it. So   it's a wallet that anyone can use whether you're using their exchange or not. It's just a completely separate product.  

[00:57:09] Unknown:

That's right. Yep. Yeah. You don't need to be a Bull Bitcoin customer to use this. It's just an open source application   that complements their exchange services as well. So, obviously, if you are their exchange user, I believe you can do, like, auto withdrawals to your Bull wallet. Connecting the app to the Bull Bitcoin exchange is entirely optional, but when you do, the experience is truly magical. Yeah. And they've also got silent payments coming in the next release, ARC network integration. So if you don't like the liquid trade offs, you can use the ARC implementation as well. Secure and anonymous metadata backups,   add support for all major hardware wallets, NOSTA based anonymous chat, Lightning node addresses,   multisig wallets, and mini scripts. Like, they've got big plans. Like, this is gonna be a do everything wallet type thing. So I hope they can achieve all of that whilst maintaining   the somewhat simplistic UI that they've currently got, or that's gonna be a tall order. Mhmm. Nice. Good to see. Yeah. And if you're interested in learning more, right, you found this one on, Citadel dispatch with with Odell last week. I thought it was a very interesting conversation as   to how it's got to here and what they've got planned in the years to come, some of which I've just headlined.  

Okay. Next on the list, we spoke briefly about this on Freedom Tech Friday. So if you wanna deep dive and you haven't heard it, somebody asked a question about   the new Bitcoin for signal   project, bitcoinforsignal.org,   link in the show notes,   where basically somebody has done a a fork of signal to demonstrate   how   eCash can be   embedded within to the signal protocol to enable basically sending funds Bitcoin, albeit custodial Bitcoin within an eCash Mint to your friends or anybody that you speak to on signal. Again, we've done a deep dive on it. The implementation   seems very cool, seems very slick. But, again, you know, it's a custodial solution that you should be very aware of the trade offs of. Do I think Signals ever gonna implement this? No. I don't think they're gonna do it because   to do it properly, they'll probably need to be the mint runner, and then that opens them up to all sorts of regulatory hurdles.  

I guess they could do it where users can choose their own mint, but for me, it doesn't seem like Signal had bought into the idea of Bitcoin or eCash enough at the moment that   they would go ahead and do this. What are your thoughts? Yeah. Like you say, we did cover it in-depth.  

[00:59:20] Unknown:

So people should probably go back and have a a proper listen through that Freedom Tech Friday. But yeah. I mean, it's cool enough. It doesn't get me that excited because it is custodial.   It is e cash. It's a fork of signal, not actually signal, you know, all those things that we've discussed, but it's not necessarily a bad thing. I think the point that Seth made and which is a good point is   with all of this custodial stuff and these e cash things,   what   you don't want is I think someone said, like, oh, well, why does it really matter if you've only got $50 or something like that? And his point was good. Like, I was saying, oh, well, $50 can be a lot to some people. It, you know, it might be nothing to you, but it's a lot to some people, and that could be very detrimental to their lives if they lose it. But he actually was saying, well, also it's the trust thing. And so   if someone   gets rugged using Bitcoin,   they don't distinguish the difference between the two and actually having custody and not having custody. And once they're rugged once,   their trust is gone,   and then they're also gonna tell other people. So it's kind of like it gives this,   unrealistic   view of what Bitcoin really is,   and you're not using it in the way that it should be used. And then you can get rugged, and it can scare people off. And I think that's something that is missed quite often now where there's this this constant push for these different, like, yeah. Well, you know, it's not you don't really custody it. But, you know, so what? It's only like, you know, as well as the Toshiba. You've only got a $100 on there. You've only got this, so you're gonna have that. But then all the development of funding goes towards these things, and then they're suggested by   all the influencers.  

And then it's used by the people who haven't used Bitcoin before, and then that's their first entry into the system. And it's like, well, this could go really wrong.  

[01:01:09] Unknown:

Yeah. This is why I agree with all that, by the way. This is why   you've heard me talking a lot more about ARK and Spark in the last couple of months because   it seems to be able to fix   the UX   problems that Cashew undoubtedly fixes. There's no channel management rule. That is just a case of you can receive as soon as you have the wallet. Like, it's ready   to go. ARK enable to do that as well. But as soon as you build up a balance in ARK that's over the dust limit effectively,   you can enter around and have a proper secured   VTXO   so that you have the option to go and unilaterally exit so you can't be rugged essentially.  

Below that does limit, obviously, that's just the limitation of Bitcoin is you just cannot have self custody because if you've got, like, 50,   you haven't got enough to exercise that on chain, and you cannot unilaterally exit anyway. So Yeah. To be pragmatic, like, if you're only interacting with tiny, tiny, tiny amounts,   then something like Cashew or similar makes sense because there is no physical way you can do that in a self custodial way. That's why Arc seems to strike the best balance for me. If you're transacting really, really small amounts just like tips,   when it gets big enough that it makes sense for you to be able to unilaterally exit, you can go and do that in a way that has the best of both worlds. Easy onboarding, easy usage, but then you can prevent the rogue once you've got enough stats. Yeah. Next on the list, SatGo, which I've never ever heard of until I saw this tweet come up. The latest SatGo update on iOS,   brackets Android coming soon,   introduces, would you guess it, the Spark network support,   enabling instant Bitcoin payments, a seamless cross chain bridging all inside the app. So looking at the Twitter handle of SatGo, which again, I've never heard of until now, it's SatGo Bitcoin, ordinals, runes, and rare sat. So it's a degenerate wallet, essentially. Yeah. But the irony is that they're at the forefront on one of the first wallets to go live with one of the cutting edge scaling technologies in Spark Mhmm. Ahead of a lot of the legacy wallets. So I just thought that was interesting to highlight. Have zero interest in any of the rest of the crap that's within the wallet. But very good to see, and I believe, looking at the comments, that they've done this through the Breeze implementation,   which I can only assume   means that this is the more private version and not the clusterfuck that Wallace Satoshi have adopted up until now.  

But, again, tread carefully. I haven't tried it. I literally just saw a tweet and wanted to mention it. Next on the list, Peach Bitcoin   have come out with a BTC pay server plugin. Oh, nice. Pretty cool. So what does this mean? Basically, like, as as the name suggests, it is a solution for BTC pay merchants   that allows them to do pay to pay trades essentially through the Peach network. From within the plugin, they can do one click sell offers.   They can do different discounting or pricing   relative to   a specific KYC exchange rate. And, yeah, basically just means that from your BTP Hot Wallet, you can interact with all of the usual Peach goodness.   Again, haven't tried it, but this is pretty cool if you, are a merchant and you wanna offload some sats or purchase some sats. My guess is gonna be mainly selling if you're a merchant because   most of the inbound traffic will be coming one way. This is pretty cool. Happy to see this. Yeah. Nice. A good combination. Yeah. I like Peach as well. Good team. Indeed.  

Next on the list, StackDuo version 1.3 has been released. StackDuo team been quiet for quite a while, but I was pleased to see an update from them. Version 1.3 includes updated tool libraries, bump flutter version,   removed unnecessary libraries, some Monero updates. They've added a QR code scan feature, and they've also done some fixes for the Frost   Multisig   integration, which, again, we've talked about quite a while ago now   where they have the, They got the bounty. Yeah. They got the bounty. They did the first one. It was a very early integration.   Haven't done any testing since, but it's good to know that it's still being focused on in terms of fixes and things like that now that they've kind of secured the bounty. So,   yeah. Wanted to mention that one. Last but not least, this one came out just last night. Running Dojo 2.4   has been released. What have we got in this one? This is me opening the release notes for the very first time. Oh, they've updated   Fulcrum   to version two point zero. All the changes, updated Node. Js dependencies, bump versions of b t c explorer,   SSL handling errors,   database   variable upgrades. So the main highlight here is that running Dojo now supports  

[01:05:34] Unknown:

Fulcrum. Two point zero. And I think we covered this on the last brief maybe, but Fulcrum   two point o is meant to stop this kind of corruption  

[01:05:44] Unknown:

That's right. Problem. Yeah. Which play, I'm sure, most Fulcrum users at some point during their journey where if you had any   instability in the in the device that was running Fulcrum, it would more often than not corrupt the database and you'd have to start all over again. So Yeah. Good to see and good to see you running Dojo getting some love as well. Yeah. Thanks, Pavel. Yeah. Yeah. Thank you, mate. Very cool. Alright. That brings us to the end of the list. And just to reiterate, I've also linked some educational pieces in the show notes. Quickly did mention them earlier, but two passport guys from Vibrant,   a cupcake deep dive by the guys at Cake.  

Seth's very, detailed ARC and Spark article, and an ARC explainer video by Neil over on Twitter, Neil Woodfine. Very good.  

[01:06:24] Unknown:

You sent a load of excuses in the, the chat earlier.  

[01:06:29] Unknown:

Can't do this Friday, I'm fucking getting my legs waxed. And this Friday, I've got this. And this Friday, I've got that. Are we seeing you this Friday? Are we not seeing you this Friday? You're seeing me this Friday. The disruption only happens it's a couple of weeks away yet. To be clear, I think there's only one of the three where I say I can't actually make it full stop. One of them I'm gonna be hosting   or live streaming live from the Noster Shire day at Bitfest. Spoke to mister Nathan Day this morning and he said, yep. You can have a room and host it here, which would be pretty cool. The week before that, I'm gonna be, at the in laws place in the mountains.   And if anything's history is anything to go by, the last time I tried to host it from that location, we didn't do all that well. So I'll be there, but I'll have to get your set to host it so that the stream doesn't fall over when my connection drops out. But, yeah, Friday November 28, I won't be able to make it. That's the only one that I won't be around. Okay. Alright. Alright then, mate. Well, I will speak to you on Friday. Yeah. Catch up. You have a good week, mate. See you later.  



[01:07:29] Unknown:

John here. I factored into Max's storage and added this section as cute, and Max forgot to cover the stats that BTC wrestle worked so hard to collect.   Pretty ungrateful and unprofessional   if you ask me.   So here they are.   RoboSats,   38   public   buy orders,   88,210,769   sats.   Book liquidity   0.24662708   Bitcoin   contracted twenty four hour volume.   Ashigaru   Whirlpool   down   5.63   BTC since last week.   Bisque   twenty four hour volume   0.2692   BTC   seven   Devon 1.115   BTC.   Also,   BISC came out with their mobile   app.   Thanks to BTCWrestle   for taking the time to collect these stats.   Max,   q,  

[01:08:44] Unknown:

do better. Before you go,   mine inbox.i0   help keep your online presence   hidden.   They provide anonymous server hosting solutions, virtual private and dedicated servers, domain registration,   and DNS   parking. They don't require any of your personal   information,   and you can purchase using Bitcoin, Lightning, or Monero.   No personal information required.   None.   Zero.   Mine in box.io.   Stay. Ungovernable.