**Security Update**

I've got some bad news for you guys. This morning, as I was adding error handling to flotilla, I discovered that Coracle has been sending user session objects to bugsnag when reporting errors.

Who is affected: Users who triggered an error in Coracle while signed in with their private key, since December 5th 2023.

What I've done:

- I immediately released a new version of Coracle, both to web and to zap.store

- I have deleted the affected apks from my releases

- I have deleted all my error data from bugsnag

- I have deleted my bugsnag project and rotated my api key, so lingering error reports will be dropped

- I have audited my code for use of the session object to ensure nothing else like this is happening

What you should do:

- If you're logged in with your private key, log out

- Hard refresh the page to ensure you have the latest version of Coracle

The bottom line is that if you signed in to Coracle with your private key, it has been shared with me and with bugsnag. In practical terms, your keys should still be secure, since they were sent over TLS, and have been deleted. But there is no guarantee I can offer that they are in fact gone.

I take my users' privacy seriously. My error reporting implementation doesn't record user IPs, it redacts identifying data, and it allows users to opt-out. I also warn the user when they attempt to enter an nsec into a text field. In this case, I simply screwed up, and I sincerely apologize. Reply to this note if you have any questions.

There’s trackers on your video link

🫠⚡️ 250 SATS FOR ADVICE YOU'D GIVE YOUR YOUNGER SELF⚡️😎

I've only given away 178K sats, but #Bitcoin isn't 100K yet!

That means I need to give away at least 22K sats to have a proper pleb to progress ratio.

Remember, I'm trying to increase adoption and pleb ownership.

🧠 Drop me some advice you'd give your younger self (10 years ago)

✅️ Like + boost the post so others see

🙏 Follows are appreciated

Follow the rules and be patient waiting for your zaps!

Shill me a 3D printer. First timer. Needs to be easy. Time to print not crucial. Less than $1k preferably. #asknostr

I won't lie, I'm at the point where I think I'm just DONE trying to get into #Bitcoin, #Monero or any other coin.

I love the technology. I think it's phenomenal, it presents some truly incredible future possibilities. I also do think it has the potential to free people from the fiat scam. I wouldn't be on Nostr and continually trying to find ways to get into this space if I didn't believe in it.

However, its number one weakness is KYC/AML. Even to buy small amounts, you have to upload sensitive documents to an exchange with some stupid selfie, and you have absolutely no way of verifying that they are doing their absolute best guarding that data even if I were comfortable with them having it (I'm not). It's not even the concern of them tying my identity to my Bitcoin (though that is still problematic), I just don't have any intentions of trusting a CEX with my sensitive data, I am aware of no-KYC DEXes and Bitcoin ATMs. Neither of them work without major sacrifice, risk or geographic issues.

With DEXes, you're risking your money trading with sellers that might not honor the deal. Sure, you usually have escrows, but then you're trusting that DEX. Ignoring that issue for a moment, whatever DEXes I'm on have offers that usually demand either cash by mail or credit card, ans some of them actually run KYC checks of their own. Cash by mail is a huge risk in this day and age, and I certainly have no plans to send a credit card number to a total stranger (and that's assuming one has a credit card; I don't). Then, once again, ignoring that issue brings up another one: the minimum trade amount. Nine times out of ten, any offers I see on a DEX set like a $150 minimum. Problem is, for people like me who just want to start slowly, to test the waters, this is problematic as well. Plus, it goes back to the high potential for scams, and risking $150 that I'm locking away is not a good risk to take, particularly when you're in a tight financial spot like I am.

Then, you have Bitcoin ATMs. Provided you can find one (only one in my area and not in the best town), you're going to spend truly exorbitant amounts on their fees. The one near me charges 20%. If I wanted to start with, say, $50 to start stacking, they'd take $10 of that. Plus, unlike other industries, I've found that it's very difficult to find reviews on these companies and as such, I have no idea how reputable the company is.

At the end of the day, I seriously don't know how y'all do it. Are you all just complying with the absurd KYC regulations or what? Because every other method I've tried (and believe me, I've tried so much) has fallen through in spectacular fashion. How can Bitcoin truly become the replacement I believe it can be, if we all have to either go along with draconian regulations or make a big financial risk?

Please help me understand, because I really am at the point where I'm thinking I'm done trying.

#asknostr #KYC

That being said, I will continue to long for API key-like, permission grants behavior on Nostr.