I know this is going to be embarrassing as a project lead but I wanted to share a scam that can get you if you're tired and not at your best and shows the huge UX issue that can happen with BTC.
User sends first confirmation bitcoin and it confirms, you send the coins /1 #BTC
All the while you're on a call with the person, he sends the second batch of Bitcoin, the amount shows on your Trezor (the new Suite UI) and he starts hurrying you. What you don't notice is that it's with a low fee and will take hours to confirm. /2
You send the coins, then he double spends the Bitcoin placing a higher fee and he gets his Bitcoin back. After being used to having quick transactions in ETH/SOL/AVAX and InstantSend locked transactions in FIRO that can't be double spent, I forgot about this /3
Yes I know I'm an idiot and it's an extremely expensive lesson but I think it's important esp as we get complacent with quick L1s that we get lax with Bitcoin. Don't be me. /4.
This is how the UI looked like on Trezor Suite. The total had gone up so I had thought it was in and not just waiting confirmation. My window wasn't complete maximized but should have double checked.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
1) Apple despite marketing itself as being for privacy is inexplicably introducing a new feature that would make your phone report to Apple who then reports to authorities if it detected child porn material (CSAM) on it. First of all does this truly solve the issue? #appleprivacy
2) Real offenders can easily use different devices and methods at the cost of the billion or so people now having a backdoor in their Apple device. Secondly, the system can be trivially modified to make your phone report on other non CSAM material.
3) Given this easy circumvention, is this just about making CSAM not an Apple problem or is the real reason more nefarious? Time and time again we surrender our liberties with questionable results on actually solving the issues they claim to solve.
/1 From what was just a desire to solve trusted setup and no fancy curve pairings in a privacy protocol to Lelantus coming live on $FIRO, it's been a wild ride! $XZC @aramjivanyan
2/ We first looked at bulletproof circuits which turned out to be a dead end due to poor performance. Verification times were several seconds long. We were crushed as we didn't have any immediate idea on how to bring Zcoin's tech forward.
3/ We decided to look at one-out-of-many proofs (OOOMP) again despite many dismissing it as being too slow with verification time increasing linearly with the size of the set. OOOMP did not support hidden amounts which also represented a huge privacy issue.