Best way to get non KYC maximally private Bitcoin is to buy Monero either on an exchange or ideally via Retoswap non-KYC then swapping from a site on trocador.app or via Retoswap into Bitcoin.

For those ideologically opposed to non Bitcoin projects, Bisq is your best bet: Tor onion routing by default, high fiat liquidity etc. Others exist like Mostro, Vexl, Peach but they have more tradeoffs from an OPSEC perspective but generally are easier to use. Robosats is good if your lightning setup is private but most have an LSP setup or even worse, a custodial setup like Wallet of Satoshi in which you get less privacy than with on-chain Bitcoin from your custodian.

In my opinion, if you're trying to go as simple as possible, I'd get a Foundation Passport hardware wallet and just buy Bitcoin via Bisq using either cash by mail, USPS Money Orders (assuming US), or Zelle (assuming US). Ideally use a Linux computer for this but windows works (really use Linux though). Then transfer the Bitcoin to your Passport.

If you don't mind KYC or other projects you're better off buying Monero from Kraken, sending that to a Cake Wallet (app on iOS or Android or Desktop) address then swapping to Bitcoin mid app into your Foundation wallet. That's going to give you better on-chain privacy than even buying from Bisq (your UTXO will be linked to the information you give depending on payment method) while having a pretty simple UX and excellent air gapped security with the foundation wallet.

These are just my ideas I'm coming up with off the dome, there may be a better solution but these options provide a high degree of privacy and security with a smaller learning curve.

You're totally right. For most, secure element hardware wallet with a simple 6 digit pin will do. They're open to attack from the secure element manufacturer and state intelligence backdoors but they're also likely completely KYCed and have no on-chain privacy so the state is not in their threat model anyway.

If one has larger holdings hiring nostr:nprofile1qqs0w2xeumnsfq6cuuynpaw2vjcfwacdnzwvmp59flnp3mdfez3czpsprpmhxue69uhkummnw3ezumr0wpczuum0vd5kzmp0ksxxx2 and having his company or another competitor set up an elaborate multisig setup would be ideal. That way they handle all the cypherpunk security stuff.

For us autistically obsessed cypherpunk types, yeah we are going as hard as possible mainly for fun.

Haha he deleted his response too what a coward.

I've never done it on GLiNet I've just flashed my OpenWRT One to update.

Find yours on https://openwrt.org/. You'll have to do some digging on that site but the docs are pretty decent IMO and search works well enough.

Generally you can flash back to the original OS, I can't think of an instance where you can't for any firmware flashing. The GLiNet default firmware is a proprietary fork of OpenWRT so it's already pretty similar. I brought them up since they're generally pretty powerful for the price and take to flashing well from what I've heard in the OpenWRT forums.

It seems so. Just today he's now recommending his followers try to memorize a 128 bit passphrase for their Trezor Model T wallet, while saying multisig is overrated. Like bro you're not adding basically any security brute forcing isn't the concern with hardware wallets, it's a wrench attack or misuse at that point.

For spending you can sign a transaction and export it via a USB stick with Sparrow and broadcast it on another computer that has networking access. This is an airgapped solution that uses maximal security. You can also make a seed signer device with a raspberry pi. Lots of airgapped options.

Granted this setup is pretty unintuitive and laborious. Only for specific threat models and use cases. You can compromise by loading the seed phrase into a hot wallet, but greater risk of loss of funds due to malware or a 0day vulnerability.

Security is a spectrum depending on your risk tolerance and threat model. If you've got a few bitcoins, you're probably going to want to do an airgapped solution as I've described, likely with multi signature too so you need to recover multiple seed phrases to sign a transaction. All tradeoffs between usability and security.

What isn't going to help much is using a Trezor but adding what amounts to a second seed (128bit passphrase) onto your seed. You still will get wrenched and lose everything. The difference between brute forcing 256 bit keys and 384bit keys is the difference between impossible and impossible. You don't gain any cryptographic security, just security theater, thus my criticism of nostr:nprofile1qqs0eac2gh86s9l24qfmnw52xawhz0f3d862yleaetpafygjmanaxlspzdmhxue69uhhqatjwpkx2urpvuhx2ue0qy88wumn8ghj7mn0wvhxcmmv9uq3uamnwvaz7tmwdaehgu3dwp6kytnhv4kxcmmjv3jhytnwv46z7ramexg's "advice".

Ideally you have a computer with no networking hardware installed running TAILS OS or Kicksecure in live mode. Then you open some sort of Bitcoin wallet software (I'd choose Sparrow) then you make a wallet, copy down the seed phrase then an address.

You could export view keys to a USB then load those into another computer with networking access. You're going to have to be careful with your network privacy while doing this as a malicious Electrum server can link your transactions to you, but using a view only wallet will give you assurance your transactions are recieved while the private keys are only written down on paper. You could also just watch the address you're sending to on a blockchain explorer like mempool.space

The problem with this is that on-chain all of your transactions are accumulating on one address. Terrible for privacy. There are stealth addresses in some wallets but the adoption is low thus far, I think Cake wallet and one other are the only ones that can recieve steath address payments.

Point of multisig isn't to increase cryptographic entropy to reduce brute force of a single device. It's to distribute signatures amongst multiple devices in different geolocations and under different custodians ideally. This makes it such that multiple different devices have to be compromised for your UTXOs to move. It's an inherently different threat model than just creating a longer passphrase. You can have a 48 word seed phrase as your passphrase and have identical vulnerability to a wrench attack than if it were just a 12 word seed.

A passphrase is not a multisignature. It's a single signature that's encoded by the concatenation of the seed phrase plus the passphrase hashed into whatever the encoding algorithm is.

Please please please do your research idk why you consistently make giant errors in your "advice".

Default seed phrase length is 12 which is about 128 bits of entropy. If you have to memorize a 128 bit passphrase just to unlock your Trezor then what's the advantage over just using a paper wallet. If you're already basically memorizing a seed phrase, just skip all hardware vulnerabilities and use a paper wallet.

The whole point of a hardware wallet is to use the security of the wallets software and hardware to encode a memorizable low entropy pin or password into the 256 bit or higher seed that's encrypted on the device. You rely on the firmwares brute force resistance. The secure element claims to do this better but is a major centralized black box that almost certainly has a backdoor.

Point is if you're at the level where you've memorized 128 bits of entropy, just use a paper wallet and plug it into an airgapped laptop when you need to spend. You've basically surpassed the need for a hardware wallet. Very conflicting information you're spreading.

Maybe if you're using your ISP provided one like you suggested previously lol. Just get a OpenWrt One or a GLiNet and flash OpenWRT. I run an i2p router, public monero node and Tor relay totalling over 5000 active connections and it barely uses like 1% CPU and 10% RAM

Haha I knew it was a good gotcha.

Is one 2023 Honda civic Sport Touring equal to one 2023 Honda Civic Touring?

I'm not trading my Monero for tainted bitcoin UTXOs if I want to cash out at an exchange. I'm only taking clean ones that aren't on am OFAC sanctions list or are declared tainted by chainalysis since I will have my assets seized and will have to prove legitimacy in gaining them.

Very fungible.

Stop calling us idiots. Full stop I'm way smarter than you. Kinda a dick thing to say I know but you gotta be reminded that.

Don't insult this guy he's clearly arguing in good faith. You gotta learn some manners and how to construct an argument and create a counterargument. Listening to Bitcoin maxie podcasts every day then coming here and throwing around platitudes doesn't cut it.

Yeah I couldn't really continue that one after I made the argument for why Bitcoin isn't fungible and he responded "but it is fungible tho" with no evidence. Clearly not arguing in good faith, just another religious zealot.

Nope, it's necessary. Blacks are lauded for saying such things. We must not feel shame to have the same level of self respect.

Yeah he blocked me for being a "monero shitcoiner". I just want to talk opsec and stuff he's not really about hearing differing opinions.

Yeah totally agree. It's way more important to get normies doubting the system then to onboard them on to a particular crypto project be it Monero or Bitcoin.

Pretty awesome regarding the tax revolt bit.

Too bad most W4 employees have more stolen per paycheck then they actually owe. They have to file just to get their money back. Pretty insipid.

Yeah true, but on Monero he's ideologically tainted by his religious allegiance to Bitcoin. Router software? There's no excuse he can make there, simply ignorance and negligence.

Based alert on Asmongold??

Absolutely. We agree 100%. It frustrates me that nostr:nprofile1qqs0eac2gh86s9l24qfmnw52xawhz0f3d862yleaetpafygjmanaxlspzdmhxue69uhhqatjwpkx2urpvuhx2ue0qy88wumn8ghj7mn0wvhxcmmv9uq3uamnwvaz7tmwdaehgu3dwp6kytnhv4kxcmmjv3jhytnwv46z7ramexg calls himself so while betraying that he's like 3 YouTube videos deep into privacy and security. And he's gotta larger platform on Nostr, like bro you gotta do your research or you're gonna fuck peoples privacy up.

How fun. Gotta love the Japanese.

You could even defeat a modem locked to a specific MAC address router by spoofing your OpenWRT router's MAC address to match so there are always "Cypherpunk" solutions for proper security and privacy.