Right, there's no total solution in jumping jurisdictions. It can't work for more than a small minority. I'm more just saying that in some scenarios, you can't expect much in terms of adoption at the level of everyday life. Progress tends to occur at the edges.

I've lived in El Salvador for 3 years, mostly on bitcoin. It's not just a dream. To me the actual unrealistic thing is to try to push bitcoin adoption in jurisdictions where there is very little motivation. You have to "read the room", so to speak.

You'd be surprised how practically possible it is to live without bank accounts in certain parts of Latin America (and not only), if you're pragmatic about it. Bitrefill, debit cards you can charge, tons of exchange places that accept both bitcoin and (much much more) usdt, and most important of all: countries where cash transactions remain the norm. A huge reason it seems so bad in much of Europe is because cash is slowly being softbanned.

Kinda funny that he's advising against anything but hardware wallets, when it's exactly things like Ledger that have been using an egregiously i architecture of electron apps in javascript. (Ok, metamask style web apps are worse, but Ledger allows you to plug into that...)

The story of integrating Schnorr into Bitcoin and its related applications has been very much this: wow this new (old) signing algorithm is super clean and powerful. We can now do X and Y and Z. But then after some delving into details it becomes "yeah we can do X and Y and Z, but attackers can also do X' and Y' and Z' so, shit, we'd better add a bunch more details to the algorithms for X, Y, Z". and those details have been hard. Crudely, Schnorr being "linear" means you can munge them around in clever ways that are efficient and private, but you need to sort of "restrict" how the linearity is used to make it work the way you want, and not some arbitrary other way that leads to security breaks. Here's a good example of what I mean: I was recently revisiting the idea of an adaptor-based atomic swap. That is, a coin swap which is secure because if one side spends, the other side can also spend, by extracting a secret from the corresponding Schnorr signature. See https://github.com/BlockstreamResearch/scriptless-scripts/blob/a8b6ff21fc7f4529eabbe639fbff49f047a3579d/md/atomic-swap.md . I realized that there's a certain way to do it, that seems very natural, but is actually broken (if not trivially in practice .. but still, broken, in that money *could* be stolen, depending on the setup). I wrote about that attack yesterday here: https://gist.github.com/AdamISZ/489a08a0367137ed131efb90439bc9f5 . But, it's quite obvious (if you're familiar with Wagner's attack!), so not surprisingly this has already been considered and a more secure variant of "adaptor signature for a MuSig2 protocol execution" is in a years-old PR by Jonas Nick here: https://github.com/BlockstreamResearch/scriptless-scripts/pull/24 . It's not merged because it's not thoroughly reviewed and worked out, though I'm not sure if anyone's working on it. Bottom line, using the power of Schnorr and actually convincing yourself that it's being done safely, is not a simple matter. (Consider for example that PTLC Lightning intends to use something like this, so it's not exactly a completely uninteresting side topic). #cryptography

Ok found it nvm.

Where (if anywhere) can I get a link to zkpoor?

Latest ZK podcast episode has Huijia Lin giving a really good introduction to what the heck is "indistinguishability obfuscation": https://zeroknowledge.fm/podcast/375/ #cryptography

How does tx relay over nostr help with censorship resistance? Genuine Q, I'm curious.

How reliable is Orbot nowadays?