Vision Statement

A common sentiment is brewing online; a shared desire for the internet that might have been. After decades of corporate encroachment, you don't need to be a power user to realize that something has gone very wrong.
In the early days of the internet, the future was bright. In that future, when you sent an instant message, it traveled directly to the recipient. When you needed to pay a friend, you announced a transfer of value to their public key. When an app was missing a feature you wanted, you opened up the source code and implemented it. When you took a picture on your phone, it was immediately encrypted and backed up to storage that you controlled. In that future, people would laugh at the idea of having to authenticate themselves to some corporation before doing these things.
What did we get instead? Rather than a network of human-sized communities, we have a handful of enormous commons, each controlled by a faceless corporate entity. Hey user, want to send a message? You can, but we'll store a copy of it indefinitely, unencrypted, for our preference-learning algorithms to pore over; how else could we slap targeted ads on every piece of content you see? Want to pay a friend? You can—in our Monopoly money. Want a new feature? Submit a request to our Support Center and we'll totally maybe think about it. Want to backup a photo? You can—inside our walled garden, which only we (and the NSA, of course) can access. Just be careful what you share, because merely locking you out of your account and deleting all your data is far from the worst thing we could do.
You rationalize this: "MEGACORP would never do such a thing; it would be bad for business." But we all know, at some level, that this state of affairs, this inversion of power, is not merely "unfortunate" or "suboptimal" – No. It is degrading. Even if MEGACORP were purely benevolent, it is degrading that we must ask its permission to talk to our friends; that we must rely on it to safeguard our treasured memories; that our digital lives are completely beholden to those who seek only to extract value from us.
At the root of this issue is the centralization of data. MEGACORP can surveil you—because your emails and video chats flow through their servers. And MEGACORP can control you—because they hold your data hostage. But centralization is a solution to a technical problem: How can we make the user's data accessible from anywhere in the world, on any device? For a long time, no alternative solution to this problem was forthcoming.
Today, thanks to a confluence of established techniques and recent innovations, we have solved the accessibility problem without resorting to centralization. Hashing, encryption, and erasure encoding got us most of the way, but one barrier remained: incentives. How do you incentivize an anonymous stranger to store your data? Earlier protocols like BitTorrent worked around this limitation by relying on altruism, tit-for-tat requirements, or "points" – in other words, nothing you could pay your electric bill with. Finally, in 2009, a solution appeared: Bitcoin. Not long after, Sia was born.
Cryptography has unleashed the latent power of the internet by enabling interactions between mutually-distrustful parties. Sia harnesses this power to turn the cloud storage market into a proper marketplace, where buyers and sellers can transact directly, with no intermediaries, anywhere in the world. No more silos or walled gardens: your data is encrypted, so it can't be spied on, and it's stored on many servers, so no single entity can hold it hostage. Thanks to projects like Sia, the internet is being re-decentralized.
Sia began its life as a startup, which means it has always been subjected to two competing forces: the ideals of its founders, and the profit motive inherent to all businesses. Its founders have taken great pains to never compromise on the former, but this often threatened the company's financial viability. With the establishment of the Sia Foundation, this tension is resolved. The Foundation, freed of the obligation to generate profit, is a pure embodiment of the ideals from which Sia originally sprung.
The goals and responsibilities of the Foundation are numerous: to maintain core Sia protocols and consensus code; to support developers building on top of Sia and its protocols; to promote Sia and facilitate partnerships in other spheres and communities; to ensure that users can easily acquire and safely store siacoins; to develop network scalability solutions; to implement hardforks and lead the community through them; and much more. In a broader sense, its mission is to commoditize data storage, making it cheap, ubiquitous, and accessible to all, without compromising privacy or performance.
Sia is a perfect example of how we can achieve better living through cryptography. We now begin a new chapter in Sia's history. May our stewardship lead it into a bright future.

Overview

Today, we are proposing the creation of the Sia Foundation: a new non-profit entity that builds and supports distributed cloud storage infrastructure, with a specific focus on the Sia storage platform. What follows is an informal overview of the Sia Foundation, covering two major topics: how the Foundation will be funded, and what its funds will be used for.

Organizational Structure

The Sia Foundation will be structured as a non-profit entity incorporated in the United States, likely a 501(c)(3) organization or similar. The actions of the Foundation will be constrained by its charter, which formalizes the specific obligations and overall mission outlined in this document. The charter will be updated on an annual basis to reflect the current goals of the Sia community.
The organization will be operated by a board of directors, initially comprising Luke Champine as President and Eddie Wang as Chairman. Luke Champine will be leaving his position at Nebulous to work at the Foundation full-time, and will seek to divest his shares of Nebulous stock along with other potential conflicts of interest. Neither Luke nor Eddie personally own any siafunds or significant quantities of siacoin.

Funding

The primary source of funding for the Foundation will come from a new block subsidy. Following a hardfork, 30 KS per block will be allocated to the "Foundation Fund," continuing in perpetuity. The existing 30 KS per block miner reward is not affected. Additionally, one year's worth of block subsidies (approximately 1.57 GS) will be allocated to the Fund immediately upon activation of the hardfork.
As detailed below, the Foundation will provably burn any coins that it cannot meaningfully spend. As such, the 30 KS subsidy should be viewed as a maximum. This allows the Foundation to grow alongside Sia without requiring additional hardforks.
The Foundation will not be funded to any degree by the possession or sale of siafunds. Siafunds were originally introduced as a means of incentivizing growth, and we still believe in their effectiveness: a siafund holder wants to increase the amount of storage on Sia as much as possible. While the Foundation obviously wants Sia to succeed, its driving force should be its charter. Deriving significant revenue from siafunds would jeopardize the Foundation's impartiality and focus. Ultimately, we want the Foundation to act in the best interests of Sia, not in growing its own budget.

Responsibilities

The Foundation inherits a great number of responsibilities from Nebulous. Each quarter, the Foundation will publish the progress it has made over the past quarter, and list the responsibilities it intends to prioritize over the coming quarter. This will be accompanied by a financial report, detailing each area of expenditure over the past quarter, and forecasting expenditures for the coming quarter. Below, we summarize some of the myriad responsibilities towards which the Foundation is expected to allocate its resources.

Maintain and enhance core Sia software

Arguably, this is the most important responsibility of the Foundation. At the heart of Sia is its consensus algorithm: regardless of other differences, all Sia software must agree upon the content and rules of the blockchain. It is therefore crucial that the algorithm be stewarded by an entity that is accountable to the community, transparent in its decision-making, and has no profit motive or other conflicts of interest.
Accordingly, Sia’s consensus functionality will no longer be directly maintained by Nebulous. Instead, the Foundation will release and maintain an implementation of a "minimal Sia full node," comprising the Sia consensus algorithm and P2P networking code. The source code will be available in a public repository, and signed binaries will be published for each release.
Other parties may use this code to provide alternative full node software. For example, Nebulous may extend the minimal full node with wallet, renter, and host functionality. The source code of any such implementation may be submitted to the Foundation for review. If the code passes review, the Foundation will provide "endorsement signatures" for the commit hash used and for binaries compiled internally by the Foundation. Specifically, these signatures assert that the Foundation believes the software contains no consensus-breaking changes or other modifications to imported Foundation code. Endorsement signatures and Foundation-compiled binaries may be displayed and distributed by the receiving party, along with an appropriate disclaimer.
A minimal full node is not terribly useful on its own; the wallet, renter, host, and other extensions are what make Sia a proper developer platform. Currently, the only implementations of these extensions are maintained by Nebulous. The Foundation will contract Nebulous to ensure that these extensions continue to receive updates and enhancements. Later on, the Foundation intends to develop its own implementations of these extensions and others. As with the minimal node software, these extensions will be open source and available in public repositories for use by any Sia node software.
With the consensus code now managed by the Foundation, the task of implementing and orchestrating hardforks becomes its responsibility as well. When the Foundation determines that a hardfork is necessary (whether through internal discussion or via community petition), a formal proposal will be drafted and submitted for public review, during which arguments for and against the proposal may be submitted to a public repository. During this time, the hardfork code will be implemented, either by Foundation employees or by external contributors working closely with the Foundation. Once the implementation is finished, final arguments will be heard. The Foundation board will then vote whether to accept or reject the proposal, and announce their decision along with appropriate justification. Assuming the proposal was accepted, the Foundation will announce the block height at which the hardfork will activate, and will subsequently release source code and signed binaries that incorporate the hardfork code.
Regardless of the Foundation's decision, it is the community that ultimately determines whether a fork is accepted or rejected – nothing can change that. Foundation node software will never automatically update, so all forks must be explicitly adopted by users. Furthermore, the Foundation will provide replay and wipeout protection for its hard forks, protecting other chains from unintended or malicious reorgs. Similarly, the Foundation will ensure that any file contracts formed prior to a fork activation will continue to be honored on both chains until they expire.
Finally, the Foundation also intends to pursue scalability solutions for the Sia blockchain. In particular, work has already begun on an implementation of Utreexo, which will greatly reduce the space requirements of fully-validating nodes (allowing a full node to be run on a smartphone) while increasing throughput and decreasing initial sync time. A hardfork implementing Utreexo will be submitted to the community as per the process detailed above.
As this is the most important responsibility of the Foundation, it will receive a significant portion of the Foundation’s budget, primarily in the form of developer salaries and contracting agreements.

Support community services

We intend to allocate 25% of the Foundation Fund towards the community. This allocation will be held and disbursed in the form of siacoins, and will pay for grants, bounties, hackathons, and other community-driven endeavours.
Any community-run service, such as a Skynet portal, explorer or web wallet, may apply to have its costs covered by the Foundation. Upon approval, the Foundation will reimburse expenses incurred by the service, subject to the exact terms agreed to. The intent of these grants is not to provide a source of income, but rather to make such services "break even" for their operators, so that members of the community can enrich the Sia ecosystem without worrying about the impact on their own finances.

Ensure easy acquisition and storage of siacoins

Most users will acquire their siacoins via an exchange. The Foundation will provide support to Sia-compatible exchanges, and pursue relevant integrations at its discretion, such as Coinbase's new Rosetta standard. The Foundation may also release DEX software that enables trading cryptocurrencies without the need for a third party. (The Foundation itself will never operate as a money transmitter.)
Increasingly, users are storing their cryptocurrency on hardware wallets. The Foundation will maintain the existing Ledger Nano S integration, and pursue further integrations at its discretion.
Of course, all hardware wallets must be paired with software running on a computer or smartphone, so the Foundation will also develop and/or maintain client-side wallet software, including both full-node wallets and "lite" wallets. Community-operated wallet services, i.e. web wallets, may be funded via grants.
Like core software maintenance, this responsibility will be funded in the form of developer salaries and contracting agreements.

Protect the ecosystem

When it comes to cryptocurrency security, patching software vulnerabilities is table stakes; there are significant legal and social threats that we must be mindful of as well. As such, the Foundation will earmark a portion of its fund to defend the community from legal action. The Foundation will also safeguard the network from 51% attacks and other threats to network security by implementing softforks and/or hardforks where necessary.
The Foundation also intends to assist in the development of a new FOSS software license, and to solicit legal memos on various Sia-related matters, such as hosting in the United States and the EU.
In a broader sense, the establishment of the Foundation makes the ecosystem more robust by transferring core development to a more neutral entity. Thanks to its funding structure, the Foundation will be immune to various forms of pressure that for-profit companies are susceptible to.

Drive adoption of Sia

Although the overriding goal of the Foundation is to make Sia the best platform it can be, all that work will be in vain if no one uses the platform. There are a number of ways the Foundation can promote Sia and get it into the hands of potential users and developers.
In-person conferences are understandably far less popular now, but the Foundation can sponsor and/or participate in virtual conferences. (In-person conferences may be held in the future, permitting circumstances.) Similarly, the Foundation will provide prizes for hackathons, which may be organized by community members, Nebulous, or the Foundation itself. Lastly, partnerships with other companies in the cryptocurrency space—or the cloud storage space—are a great way to increase awareness of Sia. To handle these responsibilities, one of the early priorities of the Foundation will be to hire a marketing director.

Fund Management

The Foundation Fund will be controlled by a multisig address. Each member of the Foundation's board will control one of the signing keys, with the signature threshold to be determined once the final composition of the board is known. (This threshold may also be increased or decreased if the number of board members changes.) Additionally, one timelocked signing key will be controlled by David Vorick. This key will act as a “dead man’s switch,” to be used in the event of an emergency that prevents Foundation board members from reaching the signature threshold. The timelock ensures that this key cannot be used unless the Foundation fails to sign a transaction for several months.
On the 1st of each month, the Foundation will use its keys to transfer all siacoins in the Fund to two new addresses. The first address will be controlled by a high-security hot wallet, and will receive approximately one month's worth of Foundation expenditures. The second address, receiving the remaining siacoins, will be a modified version of the source address: specifically, it will increase the timelock on David Vorick's signing key by one month. Any other changes to the set of signing keys, such as the arrival or departure of board members, will be incorporated into this address as well.
The Foundation Fund is allocated in SC, but many of the Foundation's expenditures must be paid in USD or other fiat currency. Accordingly, the Foundation will convert, at its discretion, a portion of its monthly withdrawals to fiat currency. We expect this conversion to be primarily facilitated by private "OTC" sales to accredited investors. The Foundation currently has no plans to speculate in cryptocurrency or other assets.
Finally, it is important that the Foundation adds value to the Sia platform well in excess of the inflation introduced by the block subsidy. For this reason, the Foundation intends to provably burn, on a quarterly basis, any coins that it cannot allocate towards any justifiable expense. In other words, coins will be burned whenever doing so provides greater value to the platform than any other use. Furthermore, the Foundation will cap its SC treasury at 5% of the total supply, and will cap its USD treasury at 4 years’ worth of predicted expenses.

Addendum: Hardfork Timeline
We would like to see this proposal finalized and accepted by the community no later than September 30th. A new version of siad, implementing the hardfork, will be released no later than October 15th. The hardfork will activate at block 293220, which is expected to occur around 12pm EST on January 1st, 2021.

Addendum: Inflation specifics
The total supply of siacoins as of January 1st, 2021 will be approximately 45.243 GS. The initial subsidy of 1.57 GS thus increases the supply by 3.47%, and the total annual inflation in 2021 will be at most 10.4% (if zero coins are burned). In 2022, total annual inflation will be at most 6.28%, and will steadily decrease in subsequent years.

Conclusion

We see the establishment of the Foundation as an important step in the maturation of the Sia project. It provides the ecosystem with a sustainable source of funding that can be exclusively directed towards achieving Sia's ambitious goals. Compared to other projects with far deeper pockets, Sia has always punched above its weight; once we're on equal footing, there's no telling what we'll be able to achieve.
Nevertheless, we do not propose this change lightly, and have taken pains to ensure that the Foundation will act in accordance with the ideals that this community shares. It will operate transparently, keep inflation to a minimum, and respect the user's fundamental role in decentralized systems. We hope that everyone in the community will consider this proposal carefully, and look forward to a productive discussion.

[WTS] Auction Leftovers #1

Good morning!
I'm trying something new today - so let's see how this goes. (If it works, I'll do it again. It it doesn't, I won't waste anyone's time with it next time because it's a LOT of work.)
What we have here are the leftovers from yesterday's auction. I have heard from a few people that the buyer's premium and other fees the auctioneer adds on (so he can make money and pay for the auctions) are too high - so I'm offering them all here for sale individually.
No buyer's premiums. No additional fees. In fact, I'M OFFERING DISCOUNTS:
*All the World Silver is 10% off the listed price.
*All the World Non-Silver marked $1.00 are now $.75 each.
*FREE shipping for any order over $100.
Each lot was individually imaged (front and back) for the auction - so the easiest way for you to see exactly what you're buying is to visit the auction link (the auction is over, so I'm not advertising anything different or advertising an upcoming auction) - so here that is:
https://www.auctionzip.com/auction-catalog/Coins-US,-Foreign-,-Rare,-Graded,-Type,-Jewelry,-More-3_Q37IBJZ4W1/?page=0&searchWithAll=&size=200&sort=
Here is the required "prove you still have the stuff" photo with the username card and today's date (I pulled the first five items out of the storage trays so you weren't just seeing the tops of bags):
PHOTO
Payment: PayPal. I do not have Venmo/Zello/Bitcoin or any other form of digital payment at this time.
Shipping: I will charge you what it costs me for the USPS label rounded up to the nearest dollar. For First Class that is usually $4, for USPS Priority Mail Flat Rate Small Box it will be $9. I will get you a tracking number right after payment is received and will get your package scanned into the USPS system within 24 hours of receipt of payment.
What do YOU need to do to buy coins from this group: send me a list of which lots you want (for example, I want to buy lots # 51, 52, 53, 54, 55) and I will send you a total.
I will do my absolute best to update the ad as soon as lots sell.
World Silver (10% off listed price!)
51 ~~World Silver - Philippines 1944 S 50 Centavos $8.00~~
52 ~~World Silver - Philippines 1944 S 50 Centavos $8.00~~
53 ~~World Silver - Philippines 1944 S 50 Centavos $8.00~~
54 ~~World Silver - Philippines 1944 D 20 Centavos $3.00~~
55 ~~World Silver - Philippines 1944 D 20 Centavos $3.00~~
56 ~~World Silver - Philippines 1944 D 20 Centavos $3.00~~
57 ~~World Silver - Belgium 1909 1 Frank $5.00~~
58 ~~World Silver - Philippines 1944 D 20 Centavos $3.00~~
59 ~~World Silver - Philippines 1944 D 20 Centavos $3.00~~
60 ~~World Silver - Philippines 1944 D 20 Centavos $3.00~~
61 ~~World Silver - Philippines 1944 D 10 Centavos $2.00~~
62 ~~World Silver - Philippines 1944 D 10 Centavos $2.00~~
64 ~~World Silver - Philippines 1944 D 10 Centavos $2.00~~
65 ~~World Silver - Australia 1942 (m) 1 Shilling BETTER DATE $5.00~~
66 ~~World Silver - New Zealand 1941 1 Florin NICE $12.00~~
67 World Silver - Switzerland 1920 1/2 Franc $2.00
68 World Silver - Switzerland 1951 1/2 Franc $2.00
69 World Silver - Switzerland 1952 1/2 Franc $2.00
70 World Silver - Italy 1959 500 Lire $9.00
71 World Silver - Italy 1960 500 Lire $9.00
73 World Silver - Spain 1869 (69) SN-M 1 Peseta KEY DATE $25.00
74 ~~World Silver - Sweden 1938 1 Krona $6.00~~
75 World Silver - France 1913 50 Centimes $2.00
76 ~~World Silver - Hong Kong 1884 10 Cents $3.00~~
78 World Silver - Canada 1913 25 Cents $5.00
79 ~~World Silver - Canada 1906 25 Cents $5.00~~
80 World Silver - Canada 1910 25 Cents $5.00
81 World Silver - Cyprus 1901 9 Piastres $10.00
82 World Silver - Canada 1917 25 Cents $5.00
83 World Silver - Canada 1918 25 Cents $5.00
84 ~~World Silver - Canada 1888 10 Cents $3.00~~
85 World Silver - Canada 1906 10 Cents $3.00
86 World Silver - Canada 1916 10 Cents $3.00
87 World Silver - Canada 1918 10 Cents $3.00
88 World Silver - Philippines 1917 S 10 Centavos $2.00
89 ~~World Silver - Canada (Newfoundland) 1942 C 10 Cents $3.00~~
90 ~~World Silver - Guatemala 1894 2 Reales Pendant $5.00~~
92 ~~World Silver - Great Britain 1917 3 Pence $2.00~~
93 ~~World Silver - Great Britain 1917 3 Pence $2.00~~
94 ~~World Silver - Great Britain 1916 3 Pence $2.00~~
95 ~~World Silver - Great Britain 1919 3 Pence $2.00~~
97 ~~World Silver - Great Britain 1920 3 Pence $2.00~~
98 ~~World Silver - Great Britain 1916 3 Pence $2.00~~
99 World Silver - Caribbean Country 1915 20 Centavos $5.00
100 World Silver - Caribbean Country 1953 25 Centavos $5.00
~~252~~ ~~World Silver - Great Britain 1918 3 Pence $2.00~~
253 World Silver - Switzerland 1945 1/2 Franc $3.00
254 World Silver - Switzerland 1950 1/2 Franc $3.00
255 World Silver - Switzerland 1953 1/2 Franc $3.00
256 World Silver - Switzerland 1975 1 Franc $8.00
~~257~~ ~~World Silver - Switzerland 1903 1 Franc $5.00~~
258 World Silver - Switzerland 1958 1 Franc $6.00
~~259~~ ~~World Silver - Great Britain 1919 3 Pence $2.00~~
~~260~~ ~~World Silver - Great Britain 1916 3 Pence $2.00~~
~~261~~ ~~World Silver - Great Britain 1919 3 Pence $2.00~~
263 World Silver - Australia 1914 (L) Sixpence $4.00
~~264~~ ~~World Silver - Australia 1916 M Sixpence KEY DATE $15.00~~
~~265~~ ~~World Silver - Australia 1919 M Sixpence $8.00~~
266 World Silver - Australia 1922 Sixpence $10.00
267 World Silver - Australia 1922 Sixpence $10.00
268 World Silver - Australia 1923 Sixpence $6.00
269 World Silver - Australia 1923 Sixpence $6.00
~~270~~ ~~World Silver - Australia 1936 Sixpence $3.00~~
271 World Silver - Australia 1939 Sixpence $4.00
272 World Silver - Australia 1911 Shilling $5.00
273 World Silver - Australia 1912 Shilling $8.00
274 World Silver - Australia 1912 Shilling $10.00
275 World Silver - Australia 1914 Shilling $6.00
276 World Silver - Australia 1920 Shilling $8.00
277 World Silver - Australia 1920 Shilling $10.00
278 World Silver - Australia 1922 Shilling $6.00
279 World Silver - Australia 1928 Shilling $8.00
280 World Silver - Australia 1943 Shilling $10.00
~~281~~ ~~World Silver - Germany (Bavaria) 1902 D 5 Marks $28.00~~
~~282~~ ~~World Silver - Germany (Saxony) 1876 E 2 Marks $20.00~~
~~283~~ ~~World Silver - Great Britain 1889 Sixpence $4.00~~
~~284~~ ~~World Silver - Great Britain 1889 Sixpence $6.00~~
~~286~~ ~~World Silver - Great Britain 1900 Sixpence $4.00~~
~~287~~ ~~World Silver - Great Britain 1904 Sixpence $4.00~~
~~288~~ ~~World Silver - Great Britain 1907 Sixpence $10.00~~
~~289~~ ~~World Silver - Great Britain 1921 Sixpence $4.00~~
~~290~~ ~~World Silver - Great Britain 1925 Sixpence NICE $12.00~~
~~293~~ ~~World Silver - Germany (Prussia) 1849 A 1/6 Thaler $8.00~~
294 World Silver - Portugal 1933 2 1/2 Escudos KEY DATE $8.00
~~295~~ ~~World Silver - New Zealand 1939 6 Pence $3.00~~
~~297~~ ~~World Silver - Great Britain 1872 (14) Shilling $8.00~~
~~298~~ ~~World Silver - Great Britain 1873 (81) Shilling $8.00~~
299 World Silver - New Zealand 1943 6 Pence $3.00
~~451~~ ~~World Silver - Seychelles 1944 25 Cents (mintage 36k) $3.00~~
~~453~~ ~~World Silver - Columbia 1874 10 Centavos LOW MINTAGE $4.00~~
454 World Silver - Guatemala 1899 1 Real $4.00
455 World Silver - Philippines 1868 20 Centimos $6.00
~~457~~ ~~World Silver - Great Britain 1918 Shilling $6.00~~
~~458~~ ~~World Silver - Great Britain 1924 Shilling $6.00~~
~~459~~ ~~World Silver - Great Britain 1925 Florin KEY DATE $15.00~~
463 World Silver - Egypt 1917 2 Piastres $3.00
~~464~~ ~~World Silver - Canada 1882 H Ten Cents $8.00~~
465 World Silver - Canada 1882 H Ten Cents $10.00
466 World Silver - Canada 1886 Ten Cents $15.00
~~467~~ ~~World Silver - Curacao 1944 D 1/4 Gulden NICE $6.00~~
~~468~~ ~~World Silver - Canada 1888 Ten Cents $8.00~~
469 World Silver - Canada 1891 Ten Cents $10.00
470 World Silver - Canada 1899 Ten Cents $8.00
471 World Silver - Canada 1902 Ten Cents $6.00
472 World Silver - Canada 1902 H Ten Cents $3.00
474 World Silver - Canada 1908 Ten Cents $4.00
476 World Silver - Canada 1908 Ten Cents $6.00
477 World Silver - Canada 1909 Ten Cents $4.00
478 World Silver - Canada 1909 Ten Cents $4.00
~~479~~ ~~World Silver - Italy 1887 1 Lira $5.00~~
480 World Silver - Poland 1840 MW 10 Groszy $2.00
482 World Silver - Canada 1916 Ten Cents $3.00
~~485~~ ~~World Silver - Norway 1898 50 Ore LOW MINTAGE $6.00~~
~~486~~ ~~World Silver - Sweden 1877 25 Ore $6.00~~
~~487~~ ~~World Silver - Germany (Empire) 1919 F 1/2 Mark $6.00~~
~~489~~ ~~World Silver - Germany (Empire) 1918 F 1/2 Mark $6.00~~
490 World Silver - Canada 1948 Ten Cents $3.00
~~491~~ ~~World Silver - Canada 1951 Ten Cents NICE $3.00~~
~~492~~ ~~World Silver - Canada 1870 25 Cents $10.00~~
493 World Silver - Canada 1871 H 25 Cents $10.00
~~494~~ ~~World Silver - Canada 1872 H 25 Cents $10.00~~
~~495~~ ~~World Silver - Germany (Lippe) 1860 A 1 Silver Groschen $10.00~~
497 World Silver - Canada 1874 H 25 Cents $8.00
~~498~~ ~~World Silver - Germany (Reuss-Schleiz) 1846 A 1 Silver Groschen (mintage 62k) $6.00~~
499 World Silver - Canada 1881 H 25 Cents $15.00
500 World Silver - Canada 1948 25 Cents $6.00
651 World Silver - Canada 1954 50 Cents NICE $9.00
652 World Silver - Canada 1903 25 Cents $8.00
653 World Silver - Canada 1904 25 Cents $8.00
654 World Silver - Canada 1905 25 Cents $8.00
655 World Silver - Canada 1905 25 Cents $8.00
~~656~~ ~~World Silver - Canada 1907 25 Cents $6.00~~
657 World Silver - Canada 1908 25 Cents $8.00
658 World Silver - Austria - 1868 10 Kreuzer $2.00
659 World Silver - Canada 1912 25 Cents $6.00
660 World Silver - Canada 1916 25 Cents $6.00
661 World Silver - Canada 1916 25 Cents $8.00
662 World Silver - Spain 1892 (92) 50 Centimos $3.00
663 World Silver - Canada 1921 25 Cents $8.00
664 World Silver - Canada 1921 25 Cents $8.00
~~665~~ ~~World Silver - Norway 1899 25 Ore $8.00~~
666 World Silver - Canada 1931 25 Cents $6.00
~~667~~ ~~World Silver - Canada 1931 25 Cents $8.00~~
669 World Silver - Russia 1879 20 Kopeks $4.00
~~672~~ ~~World Silver - Germany (Prussia) 1856 A 1 Silver Groschen $3.00~~
~~673~~ ~~World Silver - Germany (Empire) 1877 F 50 Pfennig $10.00~~
~~675~~ ~~World Silver - Germany (Empire) 1918 D 1/2 Mark NICE $3.00~~
677 World Silver - Switzerland 1955 1/2 Franc BETTER DATE $4.00
~~678~~ ~~World Silver - Germany (Empire) 1911 A 1 Mark NICE $6.00~~
~~679~~ ~~World Silver - Germany (Prussia) 1870 A 2 1/2 Silver Groschen $4.00~~
~~680~~ ~~World Silver - Sweden 1875 ST 50 Ore $10.00~~
~~681~~ ~~World Silver - Germany (Hesse-Darmstadt) 1842 6 Kreuzer $6.00~~
~~682~~ ~~World Silver - Philippines 1918 S 20 Centavos $5.00~~
~~683~~ ~~World Silver - Philippines 1919 S 20 Centavos $6.00~~
684 World Silver - Saint Thomas & Prince Island (Sao Tome et Principe) 1951 2 1/2 Escudos LOW MINTAGE $25.00
~~686~~ ~~World Silver - Germany (Wurttemberg) 1833 6 Kreuzer $4.00~~
687 World Silver - Dominican Republic 1891 1 Franco $10.00
688 World Silver - Straits Settlements 1895 10 Cents NICE $12.00
689 World Silver - Straits Settlements 1910 10 Cents $5.00
~~690~~ ~~World Silver - Straits Settlements 1919 10 Cents $3.00~~
691 World Silver - Germany (Empire) 1918 F 1/2 Mark NICE $15.00
~~692~~ ~~World Silver - Great Britain 1915 Shilling NICE $12.00~~
~~693~~ ~~World Silver - Japan 1899 20 Sen $6.00~~
694 World Silver - Japan 1932 50 Sen $6.00
697 World Silver - Canada 1929 10 Cents $3.00
700 World Silver - Canada 1948 10 Cents $3.00
851 World Silver - Egypt 1916 5 Piastres $6.00
852 World Silver - South Africa 1962 20 Cents $6.00
854 World Silver - Egypt AH1293 (Year 10; 1884) 10 Qirsh $12.00
857 World Silver - Panama 1931 1/10 Balboa $5.00
861 World Silver - Egypt AH1327 (1910-1913) 5 Qirsh $6.00
863 World Silver - Turkey AH1327 (Year 6; 1914) 5 Kurush $6.00
~~864~~ ~~World Silver - Turkey AH1293 (Year 24; 1898) 2 Kurush $3.00~~
865 World Silver - Egypt AH1384 (1964) 5 Piastres $3.00
867 World Silver - Syria (United Arab Republic) 1959 50 Qirsh $4.00
~~869~~ ~~World Silver - Great Britain 1834 Sixpence $8.00~~
~~870~~ ~~World Silver - Great Britain 1859 Sixpence $8.00~~
~~871~~ ~~World Silver - Great Britain 1866 (53) Sixpence $8.00~~
~~874~~ ~~World Silver - Great Britain 1835 1/2 Crown (LOW MINTAGE) $20.00~~
~~875~~ ~~World Silver - Australia 1917 M Sixpence $12.00~~
876 World Silver - Australia 1920 M Sixpence $10.00
877 World Silver - Australia 1912 Shilling $12.00
878 World Silver - Australia 1913 Shilling $12.00
879 World Silver - Australia 1914 Shilling $6.00
~~880~~ ~~World Silver - Australia 1925/3 Shilling $6.00~~
~~882~~ ~~World Silver - Australia 1914 Shilling $6.00~~
885 World Silver - Morocco AH1380 (1960) 1 Dirham NICE $6.00
886 World Silver - Canada 1902 10 Cents $6.00
887 World Silver - Canada 1908 10 Cents $5.00
891 World Silver - Canada 1949 10 Cents $3.00
~~892~~ ~~World Silver - Canada 1882 H 25 Cents $20.00~~
893 World Silver - Canada 1902 H 25 Cents $10.00
894 World Silver - Canada 1903 25 Cents $10.00
895 World Silver - Canada 1909 25 Cents $10.00
896 World Silver - Canada 1912 25 Cents $8.00
899 World Silver - Canada 1948 25 Cents $6.00
~~World Non-Silver (If it's listed at $1.00, it's .75)~~
ALL BASE METAL SOLD, THANK YOU
THANK YOU AND HAVE A WONDERFUL DAY!

Everyday info sec, hardcore info sec, and DNMs

Edit: Since first post I have updated a few sections with additional information.
I recommend reading it all even if it is very long, I might have placed some relevant info in different sections while thinking about what else needed to be added, plenty of steps remains mostly the same except when I comment directly on it. It is not necessary to do 100% security all the time, unless you absolutely need it, combining some high and some lower security ideas for a balance of security and convenience is useful.
I will base this mostly on Windows, Linux users probably know this, and I have no idea how apple machines work (tho many things in here are still relevant for other operating systems, as they are just general tips)
Disclaimer: There are certainly other steps that can make you more anonymous or safer, however I think for most people this will surfice. Any software I recommend should be independently verified for security, and examples of software are not to be taken as endorsements. I simply use examples and give recommendations when I believe it necessary, or helpful.
I will not really differentiate between anonymity and security, they are often the same thing. As such the word security can mean either more anonymous, less vulnerable, or both.
--------
Everyday Simple Info Sec:

Password for the device is an obvious one (8+ characters minimum, best if over +12), if there is sensitive information on any of the drives, either encrypt the entire drive or just the sensitive files, and make encrypted backups on a different memory storage device (There many programs to encrypt files and drives I'm sure a search will figure it out)

-There could be a hidden administrator user on your PC, make sure to change its password

Always use the device on a non admin account
- a VPN that doesn't log (use with kill switch on, should be enough for everyday stuff, more safe stuff in the high security section) (VPNs that claim they don't log sometimes do, it's bad, but I would like to point out that not using a VPN will always expose your traffic to your ISP and also remove additional encryption. Even if the VPN tracks, there is no downside because your ISP would track anyways, and VPNs can be more anonymous, and also add extra encryption)
disable location tracking (preferably make all your privacy setting to release minimal info, get rid or cortana, change privacy settings in all of your accounts as well, there's no reason why you should allow Facebook to give you target ads. Use the setting they give you.
TOR, Firefox or similar browser, stay the fuck away from Google Chrome.
your preferred search engine should be duckduckgo (other privacy focused search engines exist as well)
use an adblocker that also prevents the adding of tacking cookies
Use pgp with all your friends or messaging services that implemented end to end encryption (Implemented services can still be bypassed, but are way more convenient so for everyday use they should suffice, some examples should be Telegraph, Signal, WhatsApp etc) (more info on pgp in high security section)

(Snapchat msgs, reddit dms, discord msgs, are just a few examples of msgs that are never encrypted)
-Any info even send in encrypted msgs (and obviously non encrypted) should still be kept with possible deniability, don't say "I'm gonna do MDMA", say "I'm going out with molly."

use software (like ccleaner) that purges cookies and other data after every use, before shutting down your device
use a virus scanner daily (I like spy bot Search and destroy, many other options also exist)
never use the same password/passphrase twice (I will address what passphrase are below) (Better yet use randomized passwords that are stored in a master key chain, make them as long as possible (tho it is okay to go with the minimum of 12 never go below 7, I recommend 15+ depending on how often you have to manually enter the password instead of copying/pasting it) Don't generate too long keys for things you need to access regularly without copy/paste, except your master key ring)
its ideal to never use the same email or username as well, especially username, email is obviously tricky and also very annoying, but it would be best to always change the email.
it's also ideal to check https://haveibeenpwned.com and anything you have that comes up positive should be immediately changed

-DO NOT STORE ANY PASSWORDS ON GOOGLE, IF GOOGLE LOGIN IS AUTHENTICATED IT WILL AUTFILL ALL PASSWORDS IT HAS SAVED (same with other similar services) (This means if you are logged in to chrome and someone has access to your machine, they can auto fill passwords without entering a single password)
-use a rememberable passphrase, especially for your master key ring aka password manager A long sentence that is memorable makes an okay password (decent example,: "I met my wife at Little Ceasers for the first time on 07/09/20" better even if it's just something you know, if its impersonal, and if you can add special characters or numbers that you won't forget) (A better example for a passphrase is: "There is 0nly 0ne letter that d0esn’t appear in any U.S. state nameQ")

for your main password manager(key ring), I highly recommend Keepass 2, make backups of the file save to separate devices and drives (Flash drives, phone, PC, laptop, etc, if you loose that file, you lose all of your passwords) (Other good password managers exist as well, I don't recommend online password managers as you lose the control over passwords)

-Purge your internet activity frequently, there's a reason why I only have one post, and a few comments appearing in my account, but thousands of kama. Exposing information needlessly is not good.
-Never post private information publicly, and if you do, do it vaguely as possible. (Example: Not "I'm 15", say "I'm a teenager") Do not post any vital information ever, no birthdays, mother's maiden name, age, or anything you have ever seen in a security question. Never post your current activities while they are ongoing. You going on a vacation? Don't announce it to the world, taking picture there? Post them when you are home.

Any account that is supposed to remain anonymous and as secure as possible should only be used on secured devices. A unsecured device can link you to the account.
always shutdown your machine when leaving it (To prevent access, and to prevent a possible attack vector)
2 factor factor authentication is not great anymore. Unless you can do it over a anonymous source. A cell phone is usually directly connected to you, so it is not a anonymous device. There might still be secure/anonymous 2 factor authentication methods that won't expose you, for example over a secure email. (If there is 2FA that doesn't need a device that removes anonymity and is secure, use it.) (Please don't misunderstand, 2FA is great, however it can remove the anonymity that you worked hard to establish)

-Rethink how you do security questions. Many answers to security questions can be found in your internet history. One could use the first word of the security question as an answer, or a different sceme that will mean you always remember it. (Security question need to go, the amount of personal info an average person puts on the internet makes it easy to attack anything using security question)
-------_
High level crimimal information security:
The motto here is, "All the Security, All the Time" As one fuck up can end with you leaving a lick of traceability, and you could be fucked.
Pre Note: All of your software should always be up to date. Also even perfect info sec does not guarantee you are completely safe, a new zero day (exploit) can still fuck you, but good info security makes you significantly safer, by eliminating as many attacks as possible.
-Get a new device (or make a already owned device seem like you never owned it, do this only if you know how to, there's a lot of stuff that goes into that, like changing your mac adress etc) buy with cash, and your face covered, preferably far away from where you live. (Do I need to specify to not bring your phone or anything else that tracks your location to anywhere you want to go anonymously?) (Be aware that even hardware can have vulnerabilities, many cpus have known vulnerabilities, I can't list them all, do some research before buying)

Do not EVER use a high security device at any lower level of security. There are unique identifiers to your device, exposing them once can expose you for everything you do.

-If you know how to use Tails (A linux distro designed for Info sec) use that, preferably on a USB. (Or learn how to use tails, its better, but complicated) Otherwise a clean copy of windows (make sure its not in any way associated with you) can do the job too, tho not as well. (Using a VM might give extra security, since VMs usually erase all data and RAM they were using on shutdown)
-Get a non tracking VPN, Enable the kill switch (a setting that disables all traffic that doesn't go through the VPN) (change your firewall settings to only allow the traffic from the VPN, windows guide (Change settings so only traffic from the tor application is send) Edit: (Due to complaints: do not use vpn over tor, use tor over vpn. tor over vpn has no notable downside, if the VPN logs it makes no difference, your ISP will always log anyways, and vpns remove other attack vectors and also provide backup security should tor fail. Again even if the VPN tracks you only change the people doing the tracking, but now you are further removed making it more anonymous and also with less vulnerabilities)
-rember privacy settings, cookie cleaner, and antivirus, password (There could be a hidden administrator user on your PC, make sure to change its password)
-Always use the device on a non admin account

encrypt the entire drive, here are 3 free whole disk encryption softwares. Thoese are just examples do your own research. Free ones could be less safe then paid ones, this will require research.

-Ideally use this device only on networks that are not connected with you. Such as public networks (try to never use the same public networks twice, move around) (a home network should be fine now, as it should never be exposed, but more security is always better) (Its just a conveniences vs security trade)
-Never use accounts that have been exposed to lower security on higher security machines
-your browser is now TOR (or your preferred security focused browser, if you dont plan on using onion ) Make sure you get the standalone version of tor not the addon build (the standalone is safer, because there are less settings and options to tweak)
-Change your tor settings, to safest mode, enable a bridge (to my knowledge there's no difference in security between the build in bridges in tor), enable automatic updates, set duckduckgo onion as your primary browser. Set dark.fail onion page as your home page. (Or your preferred privacy search engine and onion directory)

set up a new pgp (can't use the same one you use for regular use, again less safer accounts are never used on safer devices) Cleopatra is my choice, its simple to use. Make sure you back up the private key multiple times, on safe devices. (Dont let the private key fall into anyone's hands) Give it a generic name like "HighSecurityPGP" do not give the pgp key pair a name that could identify you. (No initials etc) (Some pgp key pair programs want an associated email for a key pair, you can create a safe email, or which I recoend you can use a different program (like Cleopatra) (Feds & LEOs are known to copy private keys if they have your machine, so you will need to set up a new key pair if they ever take a device with a private key copy)
a high security machine that facilitates criminal activity can not use many programs. Many programs collect your devices mac adress, which is a unique identifier, amongst other things. It's should be used only for the activity you want to do.

-------_
How to use dark net markets (DNMs)
If you finished your High Security setup, we can dive right in. Otherwise go do that. This is where all that is essential.
Quick info on Tor, and onion sites. There is no search engine. It's all based of directories and addresses you are given by others. Tor will likely not be very quick, it has to pass through multiple networks to get to the destination. DNMs sometimes exit scam, an exit scam is when a market shuts down completely and takes all the money, this is a risk when using DNMs, it's not too common but happens maybe 0-4 times a year. The admins of thoese servers need to get out at some point, before they get jailed, so they exit the game, and scam everyone out of their money.
-A very useful onion directory is dark.fail it has a lot of links, for all kinds of stuff. News, email, DNMs, Psychonautwiki (harm reduction website), forums etc. (Other directories also exist)
-Pick a market, preferably one that handles secure connection server side instead of requiring you to establish the secure connection. Then create an account. Your account once created should include an entry box in your profile for a pgp key, post your PUBLIC key in there. (Verify the link is not a scam, most markets should provide a pgp signature)
-Next is currency setup. All major cryptocurrency exchangers can be used, I can recommend coin base but there could be better ones out there. Unless you find a small non U.S., exchange, they will always ask for your identity. So unless you can find a trustworthy exchange that doesn't ID, you will need to give it to them. (Side note, all major crypto exchangers report to the IRS, if the IRS asks you if you bought cryptocurrency and you bought while having IDed yourself SAY YES, DO NOT COMMIT TAX FRAUD WHEN THEY KNOW YOU DID)

I recommend using Monero, it's hard to track, so it makes your job a lot easier. (If you use bitcoin you should run it through a scrambler, because BTC is tracable to anyone who knows what they are doing)

-Transfer (monero you can send directly, btc you should scramble) to your wallet. There are two options a cold wallet (physical) or a software wallet. Software wallets usually dont cost anything so I recommend them, even if often less safe. Electrum is easy to use, and pretty safe. You can also do your own research and find a wallet that fits your needs.

decide where you want to ship it. You can send to your home, to a PO box, to a PO box that you opened with a fake ID, a abandoned house. These are some options, sending it to your own home, isn't ideal, but its pretty much the only easy way.

-now you are ready to buy, only buy using escrow (it means the money is held by the market as a middle man until the product is delivered, they will also handle any issues like wrong quantity, cuts, etc), judge the reviews for a product, and if available look at the history of the vendor, until you find a product from a vendor you trust. (I recommend to buy within your country as much as possible, so it doesn't go through customs, it's very rare that something is found, but it can happen)
-now you get to buy, depending on market, you either have cryptocurrency stored in their wallets (not recommend, you will lose it in an exit scam) or you can send it every order. When you send your delivery adress (or the one you want it to go to) encrypt the adress using the sellers public key. Make sure the adress is correct.
-wait for the product, make sure to extend the escrow until the product arrives, if you can't extend it anymore dispute the order, and a moderator will step in
-test the product, use it, and leave a review. PLEASE LEAVE A REVIEW, DNMs only work because of reviews.
Edit: Didn't imagine I would write over 15000 words. Oh well, it was fun. Hope it helps, if you have any questions feel free to ask.
No idea how long this will stay up, I might purge it in 7 days, or never.

A guide to Popcorn Time [For beginners]

Ledger Live adds Coin control: Here's why that matters.

READ THIS NOW: My life of SHOULD'VE, WOULD'VE, COULD'VE until I discovered Crypto.

Mostly all here are invested into Crypto. We all have our own reasons, methods, values of how we invest our money. One thing in common is we all have one main goal. That is to get as much money as possible out of this with the time, and money we can spare.

That's the dam truth##.

We are all here together, and since we are all here on our own will , I want to tell you why you should be proud to hold all your crypto.
I'm 40 years old. At 18 after I graduated HS I had about $7800. $1400 from my graduation party, and $6400 selling my MTG collection on EBay. I also managed a small arcade for about $350 a week.
Back to my MTG collection...
I sold it because it changed. The designs on the new series looked too modern. The original designs were a work of art.
Anyway, I seriously wanted to hold those magic cards but I kept telling myself...
"I can get them back if I want. The price isn't going to move anytime soon. The market is in slight decline. Some of these have been the same price for 2 years now."
I was right, the price of my two Lotus's stayed the same for 5 more years. Not budging . 12 years later after that , those same two cards value at over $60,000ea I believe. If I held untill a few years ago or now, I would've been able to do a quick sale at $400,000. Yes at a discount.
The same goes for all the first edition garbage pail kids I had.

So, what did I do with all $7800##?

I told myself I want to invest it into Microsoft. But I talked myself out of it by saying
"Some people told me the market was a risk, and I had to prepare myself to lose it all"
So I didn't do it. I was close, but I didn't. I could've had OVER A MILLION!
I instead used that money for a school. Business computer programming. It was a waste because 90% of what they taught me came natural. I was doing basic programming at 13 for fun.
I regret not going with my initial FOMO on Microsoft , I regret listening to my own FUD with the MTG cards.
7 years later, I repeated the same mistake...
I had about $15,000 in the bank. I wanted to invest $10,000 in apple after I read about the release of the iphone. Instead opted to do 5k over FUD I read. It was FUD about the risk since they never made phones, and alot of people were ridiculing their idea.
Then I said to myself...
"Fuck that, I don't want to do this. I could do so much more with this 5k"
I instead used the 15k turbocharge my transam, add a racing transmission, tires, rims, new stero system, and I took a 2 week vacation ...GONE!
I got what I wanted. Got laid a bunch of times, went to car shows. That could of been $500k by now.
To top this off, I missed out on a quick $78,000 win at the racetrack because if my own FUD. Horses.
I lost $200, and was left with only I $5 that night. I decided, "you know what, fuck it, I'm going to do a completely off the wall wild bet.
I did a completely wild bet for $5. I picked all longshots in what they call a "Superfecta"(4 horses in that exact order 1st, 2nd, 3rd, 4th place prediction.
1 minute before the race started, I Cancelled the bet. I told myself ...
"this is stupid, 99:1, 78:1, 56:1, 38:1 long shots coming out in this order? THATS INSANE...Why am I blowing 5 away? Fuck that, I instead put $5 on the 10:1 to win hopefully my to maybe get $50 back "
Well. Guess what? The 3nd largest superfecta payout in history. No body won it! It came out in the original order I out it in that's to a series of freak disqualifications in the race.
I hate myself for cancelling that. But hey, maybe that happened for a reason. Maybe I wouldn't have ended up living on another country for 2 years. Learning another language.
You see
So many times in my life I had the perfect opportunity, and I didn't take it. I let Fear, Uncertainty, and Doubt make my Choices for me.
Then came crypto currency. In late 2016, a client of mine told me he got rich off Bitcoin. He raved about it . He told me about ripple, ETH etc.
I invested in his recommendation about XRP when it was $0.005. it FLEW UP from there. I took some of that massive gain and bought other things, and those FLEW. For someone like me, it was LOTS of money off my original $500.
Sure this was a "lucky time" to get in but that's not the point I'm trying to make here. The point is that I finally did it! I didn't let FUD fuck with my head. I just did it. I cashed out already in late 2017. About 90% of what I gained. Payed off all my debt, and my truck, and had another $30k or so to put a down payment on a house. If I didn't just stick with my guns and let the FUD get to me, then I would still be in a whole bunch of debt. Especially with this whole lockdown bullshit. But now....
NOW ,I never again I will tell myself...
"IF ONLY I DID THAT WHEN I HAD THE CHANCE"
NOW I NEVER HAVE TO SAY THAT AGAIN! I DONT GIVE A SHIT IF IT TANKS ANOTHER 50% FROM HERE because it's all house money. I NOW NEVER HAVE TO SAY ...
"IF ONLY I DID IT"
NOW I DID!
Crypto Currency is severely undervalued. Its manipulated down right now. This about this logic, how can something increasingly popular with more and more support by the day drop in price? Crypto isn't human. Bitcoin isnt getting fired over sexual harrassement, there isn't a corporate takeover. Its manipulation.
I don't care if this shit takes 5 years to recover. I'm holding . I don't care if BTC dips to $1000. I'm holding till this MCAP tops 10 trillion. so if you love your crypto, hold that F#%KING SHIT!
The lesson here is never let FUD make choices for you. Stick to your original beliefs. If there's a voice in the back of your head telling you "I want to do this", then Listen to that voice. That's you! Listen to yourself, not the new voice that intrudes after your choice.

Technical: Confidential Transactions and Their Implementation Tradeoffs

As requested by estradata here: https://old.reddit.com/Bitcoin/comments/iylou9/what_are_some_of_the_latest_innovations_in_the/g6heez1/
It is a general issue that crops up at the extremes of cryptography, with quantum breaks being just one of the extremes of (classical) cryptography.

Computational vs Information-Theoretic

The dichotomy is between computationally infeasible vs informationally-theoretic infeasible. Basically:

Something is computationally infeasible if it could in theory be done, but you would not be able to build a practical computer to do it within the age of the universe and using only the power available in just one galaxy or thereabouts.
Something is informationally-theoretic infeasible if even if you had any arbitrarily large amount of time, space, and energy, you cannot do it.

Quantum breaks represent a possible reduction in computational infeasibility of certain things, but not information-theoretic infeasibility.
For example, suppose you want to know what 256-bit preimages map to 256-bit hashes. In theory, you just need to build a table with 2²⁵⁶ entries and start from 0x0000000000000000000000000000000000000000000000000000000000000000 and so on. This is computationally infeasible, but not information-theoretic infeasible.
However, suppose you want to know what preimages, of any size, map to 256-bit hashes. Since the preimages can be of any size, after finishing with 256-bit preimages, you have to proceed to 257-bit preimages. And so on. And there is no size limit, so you will literally never finish. Even if you lived forever, you would not complete it. This is information-theoretic infeasible.

Commitments

How does this relate to confidential transactions? Basically, every confidential transaction simply hides the value behind a homomorphic commitment. What is a homomorphic commitment? Okay, let's start with commitments. A commitment is something which lets you hide something, and later reveal what you hid. Until you reveal it, even if somebody has access to the commitment, they cannot reverse it to find out what you hid. This is called the "hiding property" of commitments. However, when you do reveal it (or "open the commitment"), then you cannot replace what you hid with some other thing. This is called the "binding property" of commitments.
For example, a hash of a preimage is a commitment. Suppose I want to commit to something. For example, I want to show that I can predict the future using the energy of a spare galaxy I have in my pocket. I can hide that something by hashing a description of the future. Then I can give the hash to you. You still cannot learn the future, because it's just a hash, and you can't reverse the hash ("hiding"). But suppose the future event occurs. I can reveal that I did, in fact, know the future. So I give you the description, and you hash it and compare it to the hash I gave earlier. Because of preimage resistance, I cannot retroactively change what I hid in the hash, so what I gave must have been known to me at the time that I gave you the commitment i..e. hash ("binding").

Homomorphic Commitments

A homomorphic commitment simply means that if I can do certain operations on preimages of the commitment scheme, there are certain operations on the commitments that would create similar ("homo") changes ("morphic") to the commitments. For example, suppose I have a magical function h() which is a homomorphic commitment scheme. It can hide very large (near 256-bit) numbers. Then if h() is homomorphic, there may be certain operations on numbers behind the h() that have homomorphisms after the h(). For example, I might have an operation <+> that is homomorphic in h() on +, or in other words, if I have two large numbers a and b, then h(a + b) = h(a) <+> h(b). + and <+> are different operations, but they are homomorphic to each other.
For example, elliptic curve scalars and points have homomorphic operations. Scalars (private keys) are "just" very large near-256-bit numbers, while points are a scalar times a standard generator point G. Elliptic curve operations exist where there is a <+> between points that is homomorphic on standard + on scalars, and a <*> between a scalar and a point that is homomorphic on standard * multiplication on scalars.
For example, suppose I have two large scalars a and b. I can use elliptic curve points as a commitment scheme: I can take a <*> G to generate a point A. It is hiding since nobody can learn what a is unless I reveal it (a and A can be used in standard ECDSA private-public key cryptography, with the scalar a as the private key and the point A as the public key, and the a cannot be derived even if somebody else knows A). Thus, it is hiding. At the same time, for a particular point A and standard generator point G, there is only one possible scalar a which when "multiplied" with G yields A. So scalars and elliptic curve points are a commitment scheme, with both hiding and binding properties.
Now, as mentioned there is a <+> operation on points that is homomorphic to the + operation on corresponding scalars. For example, suppose there are two scalars a and b. I can compute (a + b) <*> G to generate a particular point. But even if I don't know scalars a and b, but I do know points A = a <*> G and B = b <*> G, then I can use A <+> B to derive (a + b) <*> G (or equivalently, (a <*> G) <+> (b <*> G) == (a + b) <*> G). This makes points a homomorphic commitment scheme on scalars.

Confidential Transactions: A Sketch

This is useful since we can easily use the near-256-bit scalars in SECP256K1 elliptic curves to easily represent values in a monetary system, and hide those values by using a homomorphic commitment scheme. We can use the hiding property to prevent people from learning the values of the money we are sending and receiving.
Now, in a proper cryptocurrency, a normal, non-coinbase transaction does not create or destroy coins: the values of the input coins are equal to the value of the output coins. We can use a homomorphic commitment scheme. Suppose I have a transaction that consumes an input value a and creates two output values b and c. That is, a = b + c, i.e. the sum of all inputs a equals the sum of all outputs b and c. But remember, with a homomorphic commitment scheme like elliptic curve points, there exists a <+> operation on points that is homomorphic to the ordinary school-arithmetic + addition on large numbers. So, confidential transactions can use points a <*> G as input, and points b <*> G and c <*> G as output, and we can easily prove that a <*> G = (b <*> G) <+> (c <*> G) if a = b + c, without revealing a, b, or c to anyone.

Pedersen Commitments

Actually, we cannot just use a <*> G as a commitment scheme in practice. Remember, Bitcoin has a cap on the number of satoshis ever to be created, and it's less than 2⁵³ satoshis, which is fairly trivial. I can easily compute all values of a <*> G for all values of a from 0 to 2⁵³ and know which a <*> G corresponds to which actual amount a. So in confidential transactions, we cannot naively use a <*> G commitments, we need Pedersen commitments.
If you know what a "salt" is, then Pedersen commitments are fairly obvious. A "salt" is something you add to e.g. a password so that the hash of the password is much harder to attack. Humans are idiots and when asked to generate passwords, will output a password that takes less than 2³⁰ possibilities, which is fairly easy to grind. So what you do is that you "salt" a password by prepending a random string to it. You then hash the random string + password, and store the random string --- the salt --- together with the hash in your database. Then when somebody logs in, you take the password, prepend the salt, hash, and check if the hash matches with the in-database hash, and you let them log in. Now, with a hash, even if somebody copies your password database, the can't get the password. They're hashed. But with a salt, even techniques like rainbow tables make a hacker's life even harder. They can't hash a possible password and check every hash in your db for something that matches. Instead, if they get a possible password, they have to prepend each salt, hash, then compare. That greatly increases the computational needs of a hacker, which is why salts are good.
What a Pedersen commitment is, is a point a <*> H, where a is the actual value you commit to, plus <+> another point r <*> G. H here is a second standard generator point, different from G. The r is the salt in the Pedersen commitment. It makes it so that even if you show (a <*> H) <+> (r <*> G) to somebody, they can't grind all possible values of a and try to match it with your point --- they also have to grind r (just as with the password-salt example above). And r is much larger, it can be a true near-256-bit number that is the range of scalars in SECP256K1, whereas a is constrained to "reasonable" numbers of satoshi, which cannot exceed 21 million Bitcoins.
Now, in order to validate a transaction with input a and outputs b and c, you only have to prove a = b + c. Suppose we are hiding those amounts using Pedersen commitments. You have an input of amount a, and you know a and r. The blockchain has an amount (a <*> H) <+> (r <*> G). In order to create the two outputs b and c, you just have to create two new r scalars such that r = r[0] + r[1]. This is trivial, you just select a new random r[0] and then compute r[1] = r - r[0], it's just basic algebra.
Then you create a transaction consuming the input (a <*> H) <+> (r <*> G) and outputs (b <*> H) <+> (r[0] <*> G) and (c <*> H) <+> (r[1] <*> G). You know that a = b + c, and r = r[0] + r[1], while fullnodes around the world, who don't know any of the amounts or scalars involved, can just take the points (a <*> H) <+> (r <*> G) and see if it equals (b <*> H) <+> (r[0] <*> G) <+> (c <*> H) <+> (r[1] <*> G). That is all that fullnodes have to validate, they just need to perform <+> operations on points and comparison on points, and from there they validate transactions, all without knowing the actual values involved.

Computational Binding, Information-Theoretic Hiding

Like all commitments, Pedersen Commitments are binding and hiding.
However, there are really two kinds of commitments:

computationally binding, information-theoretic hiding
information-theoretic binding, computationally hiding

What does this mean? It's just a measure of how "impossible" binding vs hiding is. Pedersen commitments are computationally binding, meaning that in theory, a user of this commitment with arbitrary time and space and energy can, in theory, replace the amount with something else. However, it is information-theoretic hiding, meaning an attacker with arbitrary time and space and energy cannot figure out exactly what got hidden behind the commitment.
But why?
Now, we have been using a and a <*> G as private keys and public keys in ECDSA and Schnorr. There is an operation <*> on a scalar and a point that generates another point, but we cannot "revrese" this operation. For example, even if I know A, and know that A = a <*> G, but do not know a, I cannot derive a --- there is no operation between A G that lets me know a.
Actually there is: I "just" need to have so much time, space, and energy that I just start counting a from 0 to 2²⁵⁶ and find which a results in A = a <*> G. This is a computational limit: I don't have a spare universe in my back pocket I can use to do all those computations.
Now, replace a with h and A with H. Remember that Pedersen commitments use a "second" standard generator point. The generator points G and H are "not really special" --- they are just random points on the curve that we selected and standardized. There is no operation H G such that I can learn h where H = h <*> G, though if I happen to have a spare universe in my back pocket I can "just" brute force it.
Suppose I do have a spare universe in my back pocket, and learn h = H G such that H = h <*> G. What can I do in Pedersen commitments?
Well, I have an amount a that is committed to by (a <*> H) <+> (r <*> G). But I happen to know h! Suppose I want to double my money a without involving Elon Musk. Then:

(a <*> H) <+> (r <*> G)
== (a <*> (h <*> G)) <+> (r <*> G)
== ((a * h) <*> G) <+> (r <*> G); remember, <*> is also homomorphic on multiplication *.
== ((a * h + a * h - a * h) <*> G) <+> (r <*> G); just add 0.
== ((a * h + a * h) <*> G) <+> ((-a * h) <*> G) <+> (r <*> G)
== ((2 * a * h) <*> G) <+> ((r - a * h) <*> G)
== ((2 * a) <*> (h <*> G)) <+> ((r - a * h) <*> G)
== ((2 * a) <*> H) <+> ((r - a * h) <*> G); TADA!! I doubled my money!

That is what we mean by computationally binding: if I can compute h such that H = h <*> G, then I can find another number which opens the same commitment. And of course I'd make sure that number is much larger than what I originally had in that address!
Now, the reason why it is "only" computationally binding is that it is information-theoretically hiding. Suppose somebody knows h, but has no money in the cryptocurrency. All they see are points. They can try to find what the original amounts are, but because any amount can be mapped to "the same" point with knowledge of h (e.g. in the above, a and 2 * a got mapped to the same point by "just" replacing the salt r with r - a * h; this can be done for 3 * a, 4 * a etc.), they cannot learn historical amounts --- the a in historical amounts could be anything.
The drawback, though, is that --- as seen above --- arbitrary inflation is now introduced once somebody knows h. They can multiply their money by any arbitrary factor with knowledge of h.
It is impossible to have both perfect hiding (i.e. historical amounts remain hidden even after a computational break) and perfect binding (i.e. you can't later open the commitment to a different, much larger, amount).
Pedersen commitments just happen to have perfect hiding, but only computationally-infeasible binding. This means they allow hiding historical values, but in case of anything that allows better computational power --- including but not limited to quantum breaks --- they allow arbitrary inflation.

Changing The Tradeoffs with ElGamal Commitments

An ElGamal commitment is just a Pedersen commitment, but with the point r <*> G also stored in a separate section of the transaction.
This commits the r, and fixes it to a specific value. This prevents me from opening my (a <*> H) <+> (r <*> G) as ((2 * a) <*> H) <+> ((r - a * h) <*> G), because the (r - a * h) would not match the r <*> G sitting in a separate section of the transaction. This forces me to be bound to that specific value, and no amount of computation power will let me escape --- it is information-theoretically binding i.e. perfectly binding.
But that is now computationally hiding. An evil surveillor with arbitrary time and space can focus on the r <*> G sitting in a separate section of the transaction, and grind r from 0 to 2²⁵⁶ to determine what r matches that point. Then from there, they can negate r to get (-r) <*> G and add it to the (a <*> H) <+> (r <*> G) to get a <*> H, and then grind that to determine the value a. With massive increases in computational ability --- including but not limited to quantum breaks --- an evil surveillor can see all the historical amounts of confidential transactions.

Conclusion

This is the source of the tradeoff: either you design confidential transactions so in case of a quantum break, historical transactions continue to hide their amounts, but inflation of the money is now unavoidable, OR you make the money supply sacrosanct, but you potentially sacrifice amount hiding in case of some break, including but not limited to quantum breaks.

The three things that keep me up at night.

Tonight I read this article and while it doesn’t get too deep into the technical weeds, I thought I could do better by breaking down some of the IT threats and concerns that keep me up at night into more of a non-tech person’s language while giving real world examples why this stuff really does matter to everyone, not just the uber nerds, naysayers, and tinfoil hat wearing conspiracy theorists.
https://nakedsecurity.sophos.com/2020/09/18/a-real-life-maze-ransomware-attack-if-at-first-you-dont-succeed/
Security (both digital and physical) is something most people don’t understand and as a result they act like an ostrich by burying their head in the sand; if I can’t see it, it can’t see me. Until recently I was an IT consultant and would frequently bring this up to my clients. The usual reply I hear is along the lines of “but my company doesn’t have much money, isn’t a bank, doesn’t do anything interesting, etc. so they aren’t going to target me and I don’t have anything to worry about.” Sadly, this isn’t the case. These crooks “spray and pray” and will victimize anyone who gets caught in their snare. They will send out hundreds of millions of emails, compromise thousands of websites, and make tens of thousands of robocalls all with the expectation that they are only going to be able to victimize 0.0001% of their attempts.
For years there have been two big threats in the IT world that literally keep me up at night; regulatory compliance and ransomware. There is now a third, extortionware.
Regulatory compliance is an area business owners and executives commonly overlook because they don’t think it applies to their company because they’re not in health care or banking. PCI (Payment Card Industry), PII (Personal Identifiable Information), HIPAA (Health Insurance Portability and Accountability Act), and HITECH (Health Information Technology for Economic and Clinical Health Act) are the most common compliance standards and now cover just about every company in existence in the United States. If the company takes credit cards of any kind there are some levels of PCI compliance that they need to be adhered with. PII covers most HR information like social security numbers or driver license numbers. HIPAA and HITECH both cover information related to health records. This is one that most companies overlook because they don’t realize things like workmen’s compensation claims, HR records that discuss health related issues, etc. are all covered by these standards. Fines from the governing bodies that cover their respective compliance standards are usually preventable because they have general guidelines that cover what needs to be done to be in compliance on the logistical, physical, and digital fronts. If your company does anything with the European Union, then GDPR (General Data Protection Regulation) is a new regulation that has some pretty serious consequences if not followed properly.
Ransomware is a genre of computer virus that is just evil. It encrypts your data and give you a very short period of time (typically only a couple days) to pay the ransom using untraceable funds transfers via cryptocurrencies like Bitcoin. If you don’t pay the ransom in time they will delete the decryption key thus destroying all your data. If you do pay the ransom then chances are you will get your data back however you are likely very literally funding terrorism and/or some other kind of organized crime. These ransoms are also meant to be payable but be painful to pay. The newer ransomware variants will scan your network to get an idea of how big it is then adjust the ransom accordingly; the more devices, the higher the ransom. Typical ransoms start around a few thousand dollars and work their way up hundreds of thousands or even millions of dollars. If you’re infected with these viruses then the best course of action to remove it is to wipe your entire network (all servers, workstations, firewall and switch configs, etc.) and rebuild it from scratch while restoring your important data from backups into a separate clean environment, scanning it for any traces of the virus, then moving it into the newly rebuilt network. While this is typically more expensive than paying the ransom it is the only way you can be sure the virus is no longer on your network and thus capable of infecting everything all over again and repeating the ransom process.
Extortionware is similar to its older sibling ransomware in that the virus typically does all the same things however it adds an even more sinister twist, it copies your data offsite to a server only the criminals can access. They do this because of the increased number of companies that have opted to not pay the ransom and just rebuild their network. Using extortionware the criminals now have the company’s intellectual property (usually proprietary), HR data, internal memos, financial data, emails, etc.. Did someone say something unflattering about someone else in an email, did HR have a spreadsheet with every employee’s SSNs, hire dates, etc., or are there private financial records relating to an upcoming acquisition that your competitors shouldn’t know about? All of this and more will be used by the criminals to extort money from the company. This means that even if you have a rock solid backup of all your data, you still need to pay to prevent your data from being released to the public and/or press.
While this post just scratches the surface, it does cover the highlights on why I push for stronger passwords (longer is better than higher complexity https://xkpasswd.net), keeping non-company owned and unmanaged devices off internal networks, multiple factor authentication on everything, never sharing your passwords with anyone, running regular security related exercises, using unique passwords on everything, and using a reputable password manager to keep track of all your passwords.

Taproot, CoinJoins, and Cross-Input Signature Aggregation

It is a very common misconception that the upcoming Taproot upgrade helps CoinJoin.
TLDR: The upcoming Taproot upgrade does not help equal-valued CoinJoin at all, though it potentially increases the privacy of other protocols, such as the Lightning Network, and escrow contract schemes.
If you want to learn more, read on!

Equal-valued CoinJoins

Let's start with equal-valued CoinJoins, the type JoinMarket and Wasabi use. What happens is that some number of participants agree on some common value all of them use. With JoinMarket the taker defines this value and pays the makers to agree to it, with Wasabi the server defines a value approximately 0.1 BTC.
Then, each participant provides inputs that they unilaterally control, totaling equal or greater than the common value. Typically since each input is unilaterally controlled, each input just requires a singlesig. Each participant also provides up to two addresses they control: one of these will be paid with the common value, while the other will be used for any extra value in the inputs they provided (i.e. the change output).
The participants then make a single transaction that spends all the provided inputs and pays out to the appropriate outputs. The inputs and outputs are shuffled in some secure manner. Then the unsigned transaction is distributed back to all participants.
Finally, each participant checks that the transaction spends the inputs it provided (and more importantly does not spend any other coins it might own that it did not provide for this CoinJoin!) and that the transaction pays out to the appropriate address(es) it controls. Once they have validated the transaction, they ratify it by signing for each of the inputs it provided.
Once every participant has provided signatures for all inputs it registered, the transaction is now completely signed and the CoinJoin transaction is now validly confirmable.
CoinJoin is a very simple and direct privacy boost, it requires no SCRIPTs, needs only singlesig, etc.

Privacy

Let's say we have two participants who have agreed on a common amount of 0.1 BTC. One provides a 0.105 coin as input, the other provides a 0.114 coin as input. This results in a CoinJoin with a 0.105 coin and a 0.114 coin as input, and outputs with 0.1, 0.005, 0.014, and 0.1 BTC.
Now obviously the 0.005 output came from the 0.105 input, and the 0.014 output came from the 0.114 input.
But the two 0.1 BTC outputs cannot be correlated with either input! There is no correlating information, since either output could have come from either input. That is how common CoinJoin implementations like Wasabi and JoinMarket gain privacy.

Banning CoinJoins

Unfortunately, large-scale CoinJoins like that made by Wasabi and JoinMarket are very obvious.
All you have to do is look for a transactions where, say, more than 3 outputs are the same equal value, and the number of inputs is equal or larger than the number of equal-valued outputs. Thus, it is trivial to identify equal-valued CoinJoins made by Wasabi and JoinMarket. You can even trivially differentiate them: Wasabi equal-valued CoinJoins are going to have a hundred or more inputs, with outputs that are in units of approximately 0.1 BTC, while JoinMarket CoinJoins have equal-valued outputs of less than a dozen (between 4 to 6 usually) and with the common value varying wildly from as low as 0.001 BTC to as high as a dozen BTC or more.
This has led to a number of anti-privacy exchanges to refuse to credit custodially-held accounts if the incoming deposit is within a few hops of an equal-valued CoinJoin, usually citing concerns about regulations. Crucially, the exchange continues to hold private keys for those "banned" deposits, and can still spend them, thus this is effectively a theft. If your exchange does this to you, you should report that exchange as stealing money from its customers. Not your keys not your coins.
Thus, CoinJoins represent a privacy tradeoff:

It's very hard for everyone else to determine which output belongs to which input.
It's obvious to everyone else that the output was involved in a mixing operation.

Taproot

Let's now briefly discuss that nice new shiny thing called Taproot.
Taproot includes two components:

The use of Schnorr-based signature scheme, with multisignature support. Spending from a Schnorr pubkey is called a "keypath spend".
The ability to secretly commit to a set of scripts, one of which can be revealed later and its inputs provided correctly in order to spend the coin. Spending via a hidden script is called a "scriptpath spend".

This has some nice properties:

Direct multisignature support means all multisignature uses look the same. In current Bitcoin, a 2-of-2 "multisignature" is really a script which demands that two signatures be provided, from 2 different pre-specified public keys. To a cryptographer, the strict definition of multisignature is that this is a single signature that is cooperatively created by multiple parties.
- A typical minimal "multisig" setup would be a 2-of-3, because that lets you lose one signing device while still being able to keep access to your money, and still providing an increase in security relative to a singlesig, since a 2-of-3 requires that potential thieves abscond with at least two signing devices. In current Bitcoin, a 2-of-3 is a SCRIPT containing 3 public keys, requiring that two signatures from those three public keys be provided.
- But a Lightning Network channel has exactly two participants. Thus, it uses a 2-of-2, and is a SCRIPT containing 2 public keys, requiring that two signatures from those public keys be provided. If you look for 2-of-2 spends on the blockchain after Lightning became cool, the chances are very good that a random 2-of-2 spend is a Lightning Network channel being closed, because there are hardly ever any other uses of 2-of-2.
- Just from there, you can easily differentiate the most common HODLer multisig of 2-of-3 (SCRIPT contains 3 pubkeys) from the Lightning channel 2-of-2 (SCRIPT contains 2 pubkeys).
- Fortunately, with Taproot, 2-of-3 and 2-of-2 (and any arbitrary k-of-n) can look exactly the same, because Schnorr allows for the cryptographer's strict definition of "multisignature": a single signature cooperatively created by multiple parties.
Complex SCRIPTs, like HTLCs, can be hidden in a Taproot output.
- For example, the output can have a keyspend branch that is a n-of-n of all participants, with hidden SCRIPTs that encode the conditions under which the output can be spent
- The hidden SCRIPTs ensure that the protocol is followed. If one of the participants drops from the protocol, the rest can reveal the hidden SCRIPTs and follow their conditions.
- If everyone follows the protocol correctly, and agrees to the result, they can all cooperatively sign with the keyspend n-of-n. They can just all agree on what the result of the SCRIPTs would be, and sign a transaction that performs that, without revealing any SCRIPTs. Since all of them agreed on the result, nobody should complain (if one of them believes the result is not correct, they can just refuse to sign and force everyone else to publish the SCRIPTs onchain).
- If everyone agrees, they get privacy: none of the SCRIPTs they were following ever get published onchain, and it looks like every other multisignature spend.

Taproot DOES NOT HELP CoinJoin

So let's review!
CoinJoin:

CoinJoin inputs are singlesig
There are no SCRIPTs involved in CoinJoin.

Taproot:

Improves multisig privacy.
Improves SCRIPT privacy.

There is absolutely no overlap. Taproot helps things that CoinJoin does not use. CoinJoin uses things that Taproot does not improve.

B-but They Said!!

A lot of early reporting on Taproot claimed that Taproot benefits CoinJoin.
What they are confusing is that earlier drafts of Taproot included a feature called cross-input signature aggregation.
In current Bitcoin, every input, to be spent, has to be signed individually. With cross-input signature aggregation, all inputs that support this feature are signed with a single signature that covers all those inputs. So for example if you would spend two inputs, current Bitcoin requires a signature for each input, but with cross-input signature aggregation you can sign both of them with a single signature. This works even if the inputs have different public keys: two inputs with cross-input signature aggregation effectively define a 2-of-2 public key, and you can only sign for that input if you know the private keys for both inputs, or if you are cooperatively signing with somebody who knows the private key of the other input.
This helps CoinJoin costs. Since CoinJoins will have lots of inputs (each participant will provide at least one, and probably will provide more, and larger participant sets are better for more privacy in CoinJoin), if all of them enabled cross-input signature aggregation, such large CoinJoins can have only a single signature.
This complicates the signing process for CoinJoins (the signers now have to sign cooperatively) but it can be well worth it for the reduced signature size and onchain cost.
But note that the while cross-input signature aggregation improves the cost of CoinJoins, it does not improve the privacy! Equal-valued CoinJoins are still obvious and still readily bannable by privacy-hating exchanges. It does not improve the privacy of CoinJoin. Instead, see https://old.reddit.com/Bitcoin/comments/gqb3udesign_for_a_coinswap_implementation_fo

Why isn't cross-input signature aggregation in?

There's some fairly complex technical reasons why cross-input signature aggregation isn't in right now in the current Taproot proposal.
The primary reason was to reduce the technical complexity of Taproot, in the hope that it would be easier to convince users to activate (while support for Taproot is quite high, developers have become wary of being hopeful that new proposals will ever activate, given the previous difficulties with SegWit).
The main technical complexity here is that it interacts with future ways to extend Bitcoin.
The rest of this writeup assumes you already know about how Bitcoin SCRIPT works. If you don't understand how Bitcoin SCRIPT works at the low-level, then the TLDR is that cross-input signature aggregation complicates how to extend Bitcoin in the future, so it was deferred to let the develoeprs think more about it.
(this is how I understand it; perhaps pwuille or ajtowns can give a better summary.)
In detail, Taproot also introduces OP_SUCCESS opcodes. If you know about the OP_NOP opcodes already defined in current Bitcoin, well, OP_SUCCESS is basically "OP_NOP done right".
Now, OP_NOP is a do-nothing operation. It can be replaced in future versions of Bitcoin by having that operation check some condition, and then fail if the condition is not satisfied. For example, both OP_CHECKLOCKTIMEVERIFY and OP_CHECKSEQUENCEVERIFY were previously OP_NOP opcodes. Older nodes will see an OP_CHECKLOCKTIMEVERIFY and think it does nothing, but newer nodes will check if the nLockTime field has a correct specified value, and fail if the condition is not satisfied. Since most of the nodes on the network are using much newer versions of the node software, older nodes are protected from miners who try to misspend any OP_CHECKLOCKTIMEVERIFY/OP_CHECKSEQUENCEVERIFY, and those older nodes will still remain capable of synching with the rest of the network: a dedication to strict backward-compatibility necessary for a consensus system.
Softforks basically mean that a script that passes in the latest version must also be passing in all older versions. A script cannot be passing in newer versions but failing in older versions, because that would kick older nodes off the network (i.e. it would be a hardfork).
But OP_NOP is a very restricted way of adding opcodes. Opcodes that replace OP_NOP can only do one thing: check if some condition is true. They can't push new data on the stack, they can't pop items off the stack. For example, suppose instead of OP_CHECKLOCKTIMEVERIFY, we had added a OP_GETBLOCKHEIGHT opcode. This opcode would push the height of the blockchain on the stack. If this command replaced an older OP_NOP opcode, then a script like OP_GETBLOCKHEIGHT 650000 OP_EQUAL might pass in some future Bitcoin version, but older versions would see OP_NOP 650000 OP_EQUAL, which would fail because OP_EQUAL expects two items on the stack. So older versions will fail a SCRIPT that newer versions will pass, which is a hardfork and thus a backwards incompatibility.
OP_SUCCESS is different. Instead, old nodes, when parsing the SCRIPT, will see OP_SUCCESS, and, without executing the body, will consider the SCRIPT as passing. So, the OP_GETBLOCKHEIGHT 650000 OP_EQUAL example will now work: a future version of Bitcoin might pass it, and existing nodes that don't understand OP_GETBLOCKHEIGHT will se OP_SUCCESS 650000 OP_EQUAL, and will not execute the SCRIPT at all, instead passing it immediately. So a SCRIPT that might pass in newer versions will pass for older versions, which keeps the back-compatibility consensus that a softfork needs.
So how does OP_SUCCESS make things difficult for cross-input signatur aggregation? Well, one of the ways to ask for a signature to be verified is via the opcodes OP_CHECKSIGVERIFY. With cross-input signature aggregation, if a public key indicates it can be used for cross-input signature aggregation, instead of OP_CHECKSIGVERIFY actually requiring the signature on the stack, the stack will contain a dummy 0 value for the signature, and the public key is instead added to a "sum" public key (i.e. an n-of-n that is dynamically extended by one more pubkey for each OP_CHECKSIGVERIFY operation that executes) for the single signature that is verified later by the cross-input signature aggregation validation algorithm00.
The important part here is that the OP_CHECKSIGVERIFY has to execute, in order to add its public key to the set of public keys to be checked in the single signature.
But remember that an OP_SUCCESS prevents execution! As soon as the SCRIPT is parsed, if any opcode is OP_SUCCESS, that is considered as passing, without actually executing the SCRIPT, because the OP_SUCCESS could mean something completely different in newer versions and current versions should assume nothing about what it means. If the SCRIPT contains some OP_CHECKSIGVERIFY command in addition to an OP_SUCCESS, that command is not executed by current versions, and thus they cannot add any public keys given by OP_CHECKSIGVERIFY. Future versions also have to accept that: if they parsed an OP_SUCCESS command that has a new meaning in the future, and then execute an OP_CHECKSIGVERIFY in that SCRIPT, they cannot add the public key into the same "sum" public key that older nodes use, because older nodes cannot see them. This means that you might need more than one signature in the future, in the presence of an opcode that replaces some OP_SUCCESS.
Thus, because of the complexity of making cross-input signature aggregation work compatibly with future extensions to the protocol, cross-input signature aggregation was deferred.

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.

You the HODLer should be the one who controls where your money goes. Your keys, your coins.
You the HODLer should be able to coordinate and make contracts with other people regarding your funds.
You the HODLer should be able to do the above without anyone watching over your shoulder and judging you.

I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:

Privacy. Everyone scraping the Bitcoin blockchain can see any HTLCs, and preimages used to claim them.
- This can be mitigated by using offchain techniques so HTLCs are never published onchain in the happy case. Lightning would probably in practice be the easiest way to do this offchain. Of course, there are practical limits to what you can pay on Lightning. If you are buying something expensive, then Lightning might not be practical. For example, the "software" you are activating is really the firmware of a car, and what you are buying is not the software really but the car itself (with the activation of the car firmware being equivalent to getting the car keys).
- Even offchain techniques need an onchain escape hatch in case of unresponsiveness! This means that, if something bad happens during payment, the HTLC might end up being published onchain anyway, revealing the fact that some special contract occurred.
- And an HTLC that is claimed with a preimage onchain will also publicly reveal the preimage onchain. If that preimage is really the activation key of a software than it can now be pirated. If that preimage is really the activation key for your newly-bought cryptographic car --- well, not your keys, not your car!
Trust requirement. You are trusting the developer that it gives you the hash of an actual valid activation key, without any way to validate that the activation key hidden by the hash is actually valid.

Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:

Privacy: PTLCs are private even if done onchain. Nobody else can learn what the private key behind the public key is, except you who knows the adaptor signature that when combined with the complete onchain signature lets you know what the private key of the activation key is. Somebody scraping the blockchain will not learn the same information even if all PTLCs are done onchain!
- Lightning is still useful for reducing onchain use, and will also get PTLCs soon after Taproot is activated, but even if something bad happens and a PTLC has to go onchain, it doesn't reveal anything!
Trust issues can be proven more easily with a public-private keypair than with a hash-preimage pair.
- For example, the developer of the software you are buying could provide a signature signing a message saying "unlock access to the full version for 1 day". You can check if feeding this message and signature to the program will indeed unlock full-version access for 1 day. Then you can check if the signature is valid for the purported pubkey whose private key you will pay for. If so, you can now believe that getting the private key (by paying for it in a PTLC) would let you generate any number of "unlock access to the full version for 1 day" message+signatures, which is equivalent to getting full access to the software indefinitely.
- For the car, the manufacturer can show that signing a message "start the engine" and feeding the signature to the car's fimrware will indeed start the engine, and maybe even let you have a small test drive. You can then check if the signature is valid for the purported pubkey whose privkey you will pay for. If so, you can now believe that gaining knowledge of the privkey will let you start the car engine at any time you want.
- (pedantry: the signatures need to be unique else they could be replayed, this can be done with a challenge-response sequence for the car, where the car gathers entropy somehow (it's a car, it probably has a bunch of sensors nowadays so it can get entropy for free) and uses the gathered entropy to challenge you to sign a random number and only start if you are able to sign the random number; for the software, it could record previous signatures somewhere in the developer's cloud server and refuse to run if you try to replay a previously-seen signature.)

Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:

(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)

So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.

Current quantum computers can barely crack prime factorization problem for primes of 5 bits.
The 256-bit elliptic curve use by Bitcoin is, by my (possibly wrong) understanding, equivalent to 4096-bit primes, so you can see a pretty big gap between now (5 bit primes) and what is needed (4096 bit primes).
A lot of financial non-Bitcoin systems use the equivalent of 3072-bit primes or less, and are probably easier targets to crack than the equivalent-to-4096-bit-primes Bitcoin.

So:

Quantum computers capable of cracking Bitcoin are still far off.
Pay-to-public-key-hash is not as protective as you might think.
We will probably see banks get cracked before Bitcoin, so the banking system is a useful canary-in-a-coal-mine to see whether we should panic about being quantum vulnerable.

For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

If you are a singlesig HODL-only Bitcoin user, Taproot will not affect you positively or negatively. Importantly: Taproot does no harm!
If you use or intend to use multisig, Taproot will be a positive for you.
If you transact onchain regularly using typical P2PKH/P2WPKH addresses, you get a minor reduction in feerates since multisig users will likely switch to Taproot to get smaller tx sizes, freeing up blockspace for yours.
If you are using multiparticipant setups for special systems of trade, Taproot will be a positive for you.
- Remember: Lightning channels are multipartiicpiant setups for special systems of lightning-fast offchain trades!

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

If you have developer experience especially in C, C++, or related languages
- Review the Taproot code! There is one pull request in Bitcoin Core, and one in libsecp256k1. I deliberately am not putting links here, to avoid brigades of nontechnical but enthusiastic people leaving pointless reviews, but if you are qualified you know how to find them!
- But I am not a cryptographeBitcoin Core contributomathematician/someone as awesome as Pieter Wuille
- That's perfectly fine! The cryptographers have been over the code already and agree the math is right and the implementation is right. What is wanted is the dreary dreary dreary software engineering: are the comments comprehensive and understandable? no misspellings in the comments? variable names understandable? reasonable function naming convention? misleading coding style? off-by-one errors in loops? conditions not covered by tests? accidental mixups of variables with the same types? missing frees? read-before-init? better test coverage of suspicious-looking code? missing or mismatching header guards? portability issues? consistent coding style? you know, stuff any coder with a few years of experience in coding anything might be able to catch. With enough eyes all bugs are shallow!
If you are running a mining pool/mining operation/exchange/custodial service/SPV server
- Be prepared to upgrade!
- One of the typical issues with upgrading software is that subtle incompatibilities with your current custom programs tend to arise, disrupting operations and potentially losing income due to downtime. If so, consider moving to the two-node setup suggested by gmax, which is in the last section of my previous post. With this, you have an up-to-date "public" node and a fixed-version "private" node, with the public node protecting the private node from any invalid chainsplits or invalid transactions. Moving to this setup from a typical one-node setup should be smooth and should not disrupt operations (too much).
If you are running your own fullnode for fun or for your own wallet
- Be prepared to upgrade! The more nodes validating the new rules (even if you are a non-mining node!), the safer every softfork will be!
If you are using an SPV wallet or custodial wallet/service (including hardware wallets using the software of the wallet provider)
- Contact your wallet provider / SPV server and ask for a statement on whether they support Taproot, and whether they are prepared to upgrade for Taproot! Make it known to them that Taproot is something you want!

But I Hate Taproot!!

That's fine!

Raise your objections to Taproot now, or forever hold your peace! Maybe you can raise them here and some of the devs (probably nullc, he goes everywhere, even in rbtc!) might be able to see your objections! Or if your objections are very technical, head over to the appropriate pull request and object away!
Maybe you simply misunderstand something, and we can clarify it here!
Or maybe you do have a good objection, and we can make Taproot better by finding a solution for it!

Discussions About Taproot Activation

IRC logs for freenode.net ##taproot-activation: http://gnusha.org/taproot-activation
Telegram group: https://t.me/bips_activation
Reddit: https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/

Don’t rant, you aren’t helping

A Bitcoin wallet, like a normal wallet, is a place to keep your precious and valuable currencies. Just like you cannot toss a Bitcoin into a leather wallet you just purchased from the mall, you cannot stuff a dollar bill into a Bitcoin wallet (or a cryptocurrency wallet). A Bitcoin wallet, which can take various forms: mobile wallet, web wallet ... Add Money Through Bank Account Here is the best and safe ways to purchase money into Bitcoins for the beginners. Whether you have free hot Bitcoins wallet or hardware Bitcoins wallet, you need to enter your bank account information to make it solid. Individuals, businesses, developers: learn from our simple Bitcoin guides. How Bitcoin works, what is Bitcoin, what is blockchain, how to buy Bitcoin, what is Bitcoin mining and more. How to Add Money to Bitcoin Wallet Coinmama 1st January 2019 Every so often at Coinmama, we get a question that makes us scratch our heads, rethink how we explain things, and go back to Bitcoin basics . Enter your Bitcoin Wallet. Select the amount of Available free Money to get and press on Add.

How to Send & Receive Bitcoin with Cash App - YouTube

Latest Blockchain Tutorial for 2020 https://youtu.be/27R8--QYtCU Blockchain Step-by-Step Guide https://everybithelps.co.uk/blockchain-tutorial-how-to-buy... Walkthrough buying bitcoin via Cashapp, transferring it to Hugosway and funding your live account. Questions? DM me @theamandarogers (Telegram, Instagram, Tw... https://www.bitcoinofamerica.org/bitcoin-atm-locations/ A bitcoin ATM is an Internet enabled machine that allows users to exchange bitcoins and cash. Unlike ... Video capturing a Bitcoin ATM and how to use it. Spend your Bitcoin on Amazon and save 20% off using www.bitcart.io In this video tutorial, I show you how to easily send and receive bitcoin from Coinbase to your blockchain wallet. Sign up for Coinbase and get $10 worth of ...

11 Ways to Buy Bitcoin with Bank Account or Transfer (2020 ...

Bitcoin Canadian Subreddit

Bitcoin USA

PointsPrizes.com: Paid Surveys, Free Gift Cards, Make Money Online, Free Games, Work From Home

How to add Money Inside your Account in the Money Making Machine with Bitcoin BTC from home with the Internet

How do I add money to my Microsoft.com account with Bitcoin?

How much money do you need to (hypothetically), to buy the whole order book for Bitcoin on Binance? Can you calculate this, by take the sum of the bids, add some % for invisible stop orders?

How do I add money to my Microsoft.com account with Bitcoin? /r/btc

How to add money to Bitcoin Vault?

How to add money to Microsoft using Bitcoin.

What barriers would money changers face if trying to add Bitcoin? And how could they overcome them? Discussion.

Proposal: The Sia Foundation

Vision Statement

Overview

Organizational Structure

Funding

Responsibilities

Maintain and enhance core Sia software

Support community services

Ensure easy acquisition and storage of siacoins

Protect the ecosystem

Drive adoption of Sia

Fund Management

Conclusion

[WTS] Auction Leftovers #1

Everyday info sec, hardcore info sec, and DNMs

A guide to Popcorn Time [For beginners]

Popcorn Time takes its inspiration from Netflix, boasting a clean outlook with thumbnails and categories - And streams pirated copies of movies and shows to your computer or smartphone

Index

What Exactly is Popcorn Time?

How it Works

How to Install Popcorn Time?

Which version is legit, and real?

Where does popcorn time store movies?

Popcorn Time APK for Android

Is Popcorn Time available on iOS?

Is it Illegal to Use Popcorn Time?

How does the developers make money?

Are there any alternatives?

Summary

Ledger Live adds Coin control: Here's why that matters.

How does it work?

Using Coin control in Ledger Live

Coin status

The Privacy use case

Let us know what you think!

READ THIS NOW: My life of SHOULD'VE, WOULD'VE, COULD'VE until I discovered Crypto.

That's the dam truth##.

So, what did I do with all $7800##?

Technical: Confidential Transactions and Their Implementation Tradeoffs

Computational vs Information-Theoretic

Commitments

Homomorphic Commitments

Confidential Transactions: A Sketch

Pedersen Commitments

Computational Binding, Information-Theoretic Hiding

Changing The Tradeoffs with ElGamal Commitments

Conclusion

The three things that keep me up at night.

Taproot, CoinJoins, and Cross-Input Signature Aggregation

Equal-valued CoinJoins

Privacy

Banning CoinJoins

Taproot

Taproot DOES NOT HELP CoinJoin

B-but They Said!!

Why isn't cross-input signature aggregation in?

Technical: Taproot: Why Activate?

Taproot and Your /Coins

Taproot and Your Contracts

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Quantum Quibbles!

Summary

I Wanna Be The Taprooter!

But I Hate Taproot!!

Discussions About Taproot Activation

Don’t rant, you aren’t helping

How to Send & Receive Bitcoin with Cash App - YouTube