@ f1989a96:bcaaf2c1

Good morning, readers! This week, we highlight how authoritarian regimes are manipulating digital assets. The Central African Republic launched a government-backed meme coin that crashed spectacularly within a day of launch as regime insiders cashed out for profits, leaving the public with worthless tokens. Meanwhile, the Nigerian regime introduced its first official stablecoin, cNGN. It is issued by the African Stablecoin Consortium and is backed 1:1 with the naira. Still, it operates under the direct oversight of the Nigerian Securities and Exchange Commission, allowing further surveillance of Nigerians’ financial activity alongside the struggling eNaira CBDC. On the freedom tech front, Mullad VPN now supports Bitcoin payments via the Lightning Network, offering activists, journalists, and individuals under oppressive regimes a censorship-resistant and permissionless way to pay for their privacy. Additionally, SeedSigner, an open-source hardware wallet for Bitcoin self-custody, rolled out multilingual support, expanding accessibility to Spanish-speaking activists and human rights defenders.\ \ Finally, journalist Frank Corva explores Africa’s grassroots Bitcoin movement, where open-source tools and circular economies are empowering communities inside authoritarian regimes with financial freedom. For those who doubt Bitcoin’s real-world impact, this article is a must-read. **Now, let’s get right to it!** ### [**Subscribe Here**](https://mailchi.mp/hrf.org/financial-freedom-newsletter?mc_cid=bf652c0a5a) ## **GLOBAL NEWS** #### **Central African Republic | Launches Meme Coin Experiment** The Central African Republic (CAR) [debuted](https://www.reuters.com/world/africa/central-african-republic-debuts-meme-coin-experiment-2025-02-10/) a government-backed meme coin, $CAR, which President Faustin-Archange Touadéra [claims](https://www.reuters.com/world/africa/central-african-republic-debuts-meme-coin-experiment-2025-02-10/) will “unite people” and “support national development.” In reality, meme coins are speculative assets that often serve as vehicles for insider profit. This scheme follows CAR’s failed [Sango Coin](https://www.mariblock.com/central-african-republic-top-court-rules-sango-coin-unconstitutional/) project, which promised citizenship and land in exchange for [locked](https://www.mariblock.com/central-african-republic-top-court-rules-sango-coin-unconstitutional/) investments but sold only 7.5% of its supply. Those who did “buy in” did not receive what was promised. In 2022, CAR briefly made Bitcoin legal tender, calling it a path to sovereignty — only to [abandon](https://bitcoinmagazine.com/culture/why-bitcoin-failed-in-car) it shortly after. Instead of supporting open and neutral money like Bitcoin, the government has turned to dubious crypto schemes. The real beneficiaries of $CAR appear to be regime insiders who reportedly cashed out [$40 million](https://x.com/bored2boar/status/1889002901370196098) while the public holds [worthless](https://decrypt.co/305225/central-african-republic-president-meme-coin) tokens. #### **Nigeria | Debuts Naira Stablecoin** The Nigerian state [launched](https://www.mariblock.com/move-over-enaira-cngn-enters-the-chat-2/) its first regulated stablecoin, [cNGN](https://cngn.co/?ref=mariblock.com). Similar to US dollar-pegged stablecoins like USDT and USDC, cNGN is pegged 1:1 to its local currency (the naira). It is issued by the African Stablecoin Consortium (ASC), a private coalition of Nigerian financial institutions and blockchain companies. Positioned as a bridge between fiat and digital assets, cNGN aims to facilitate remittances and trade but comes with strict verification requirements that limit financial privacy. The Nigerian SEC also tightly regulates the stablecoin and it is only available on government-approved exchanges, Busha and Quidax. As Nigeria expands its control over digital transactions — through both cNGN and its struggling [eNaira CBDC](https://cbdctracker.hrf.org/currency/nigeria) — more and more Nigerians are [turning](https://www.forbes.com/sites/digital-assets/2024/01/08/central-bank-of-nigeria-approves-naira-stablecoin-for-2024-launch/) to Bitcoin as a censorship-resistant alternative. #### **Russia | Proposes Registry to Track Bitcoin Mining Hardware** Russia’s deputy energy minister, Yevgeny Grabchak, has [proposed](https://theminermag.com/news/2025-02-03/russia-minister-bitcoin-miner/) a centralized registry of Bitcoin mining equipment and wallet addresses to “identify mining activities and ensure stricter enforcement of bans in restricted regions,” such as Russian-occupied Ukraine territories. Meanwhile, the Chairman of the State Duma Committee on Energy, Nikolai Shulginov, warned that last year’s mining ban in several Russian and occupied regions may not be enough to eliminate mining fully. As an authoritarian state with an egregious human rights record and a long history of financial repression, Russia appears intent on tightening surveillance of economic activity — especially that of Bitcoin. By registering, tracking, and restricting mining, the Kremlin expands its financial control, undermines economic autonomy, and limits access to permissionless money. #### **Turkey | Erdoğan Targets Opposition as Inflation Forecast Rises** Turkish President Recep Tayyip Erdoğan sentenced Istanbul Mayor Ekrem Imamoglu — a key political rival — to [seven](https://www.bloomberg.com/news/articles/2025-02-05/turkey-s-main-rival-to-erdogan-faces-jail-time-in-new-indictment) years in prison on charges widely seen as politically motivated. If upheld, the conviction will bar Imamoglu from office, further clearing Erdoğan’s path to dominance ahead of the 2028 elections. At the same time, Turkey’s economic crisis is worsening. [Accelerating inflation](https://www.reuters.com/world/middle-east/turkey-cenbank-raises-inflation-forecast-says-not-autopilot-with-cuts-2025-02-07/) forced the central bank to raise its 2025 forecast from 21% to 24%, exacerbating the lira’s decline and eroding purchasing power. As both political and financial repression deepen, more Turks are turning to alternatives to sidestep Erdoğan’s expanding control over the economic and political sphere. #### **Georgia | Regime to Pass Censorship Law** Georgia’s ruling Georgian Dream party is set to introduce a media censorship [law](https://jam-news.net/georgian-dream-plans-to-pass-media-censorship-law/) aimed at enforcing government-defined standards for journalistic objectivity and ethics, while also restricting foreign funding for media outlets. MP Mamuka Mdinaradze [claims](https://jam-news.net/ngos-and-media-organizations-of-georgia-to-challenge-the-foreign-agents-law-in-strasbourg-court/) the law will establish monitoring mechanisms and is modeled after UK regulations, though critics [compare](https://jam-news.net/opinion-ivanishvili-adopts-belarusian-tactics-to-control-protests/) it to Belarusian-style repression. Georgian Dream Prime Minister Irakli Kobakhidze defended the move as necessary to close legislative “loopholes” and strengthen state control. Journalists and activists warn that the law is part of a broader crackdown on press freedom and dissent. Decentralized social networks like Nostr will become increasingly vital for journalists and activists to communicate freely, resist censorship, and ensure the flow of independent information. \___________________________________________________________\_ #### **Webinar Series for Nonprofits: Become Unstoppable** HRF will host a [free, three-day webinar](https://docs.google.com/forms/d/e/1FAIpQLSf0sjqwSFQo8HGMsWIIDRyhx34TsoonOSTfYoWSy-aaBbLeSw/viewform) from March 17-19, teaching human rights defenders and nonprofits how to use Bitcoin to counter state censorship and confiscation. Sessions run daily from 10:30 a.m. to 12:00 p.m. EDT and are beginner-friendly. The webinar will be led by Anna Chekhovich, HRF’s Bitcoin nonprofit adoption lead and financial manager at Alexei Navalny’s Anti-Corruption Foundation. ### [Register Here](https://docs.google.com/forms/d/e/1FAIpQLSf0sjqwSFQo8HGMsWIIDRyhx34TsoonOSTfYoWSy-aaBbLeSw/viewform) #### **SXSW | The Human Rights Risks of Central Bank Digital Currencies (CBDCs)** Join HRF at [SXSW 2025](https://www.sxsw.com/) in Austin from March 9-12 to explore how CBDCs threaten financial freedom. Experts [Roger Huang](https://x.com/Rogerh1991), [Charlene Fadirepo](https://x.com/CharFadirepo), and [Nick Anthony](https://x.com/EconWithNick) will discuss how authoritarian regimes use CBDCs for surveillance and control on March 9. Attendees can also visit HRF’s [CBDC Tracker](https://cbdctracker.hrf.org/) booth to explore an interactive map of CBDC developments worldwide. ### [Get Tickets](https://www.sxsw.com/conference/) \___________________________________________________________\_ ## BITCOIN AND FREEDOM TECH NEWS #### **Mullvad VPN | Testing Lightning Network Payments** [Mullvad VPN](https://mullvad.net/en) is experimenting with Bitcoin for payments via the Lightning Network, a second-layer payment protocol built on Bitcoin that enables faster, cheaper, and more private transactions. This integration lets Mullvad VPN users pay for their services in bitcoin while enhancing their privacy and bypassing payment networks that track or censor financial activity. VPNs protect users by masking IP addresses and encrypting traffic. Accepting Bitcoin over Lightning strengthens this protection with a censorship-resistant payment option. For activists, journalists, and individuals in authoritarian regimes, this combination provides a shield against surveillance. #### **SeedSigner | Releases Multilingual Support** [SeedSigner](https://seedsigner.com/), an open-source and customizable Bitcoin hardware wallet and HRF grantee, [introduced](https://github.com/SeedSigner/seedsigner/releases/tag/0.8.5) multilingual support for Spanish. This update makes secure Bitcoin self-custody more accessible to Spanish-speaking activists and human rights defenders who may rely on Bitcoin for transactional freedom. By expanding access to secure self-custody, SeedSigner helps reduce dependence on restrictive financial systems and allows more people in Nicaragua, Venezuela, Cuba, and beyond to “be their own bank.” #### **Iris | Implements Private Bitcoin Payments with Cashu** [Iris](https://iris.cx/), a Nostr client, has added support for a Cashu wallet to allow users to send and receive ecash. Cashu is an open-source Chaumian ecash protocol built for Bitcoin and integrated with the Lightning Network. It lets users make fast, low-cost, and extremely private transactions using Bitcoin-backed ecash. While it requires a trusted custodian, it helps users spend Bitcoin anonymously without revealing their identity or transaction activity. This ability provides activists and nonprofits a different way to make private Bitcoin payments alongside nostr’s censorship-resistant communications.  #### **Sparrow Wallet | Supports Lark for USB Hardware Wallets** [Sparrow Wallet](https://sparrowwallet.com/), a popular open-source Bitcoin wallet, has added support for [Lark](https://github.com/sparrowwallet/larkapp?mc_cid=aab08acf41&mc_eid=5c5878c08e), a new tool for USB hardware wallet communication. Lark works alongside the existing [Hardware Wallet Interface](https://github.com/bitcoin-core/HWI) (HWI), giving users an alternative way to connect their hardware wallets via USB. This update improves reliability, reduces dependence on a single software interface, and strengthens Bitcoin self-custody. #### **Bitcoin Dada | Opens Applications for Second Cohort of Dada Devs** [Bitcoin Dada](https://btcdada.com/), an HRF-supported nonprofit initiative empowering African women through Bitcoin and financial education, is now [accepting](https://x.com/DadaDevs/status/1886819762660929674) applications for the second cohort of Dada Devs. This developer program provides hands-on training, mentorship, and a collaborative community to help African women under authoritarian regimes contribute to Bitcoin development. If you’re an aspiring female developer, [apply now](https://docs.google.com/forms/d/e/1FAIpQLSeJ8nXL96qNeCAaXnSlGxqykBPEGm21z9qS9oE1ldNusM0nTA/viewform) to join a network of African women shaping the future of finance. Applications close Feb. 13. #### **Summer of Bitcoin | Applications for Summer 2025 Cohort Now Open** [Summer of Bitcoin](https://www.summerofbitcoin.org/), an HRF-supported Bitcoin internship program, is now accepting [applications](https://www.summerofbitcoin.org/apply) for its summer 2025 cohort. This program introduces students from anywhere, including from authoritarian regimes, to Bitcoin open-source development and design, giving interns the option to choose between a developer or designer track based on their interests. Participants will gain hands-on work experience, contribute to real-world Bitcoin projects, and receive mentorship from industry leaders. You can learn more and apply [here](https://www.summerofbitcoin.org/). #### **Spiral | Announces Grant Renewals for the Bitcoin Design Community and BDK** [Spiral](http://spiral.xyz), a Bitcoin company building and funding open-source projects, announced renewed grants for critical initiatives, including the [Bitcoin Design Community](https://github.com/bitcoindesign) and [Bitcoin Dev Kit](https://bitcoindevkit.org/) (BDK). The Bitcoin Design Community is a free and open-source resource for designers, developers, and others working on non-custodial Bitcoin products. This [grant](https://x.com/spiralbtc/status/1885000120439095607) will support designers who push the user experience and adoption of Bitcoin forward. Meanwhile, BDK is a software library that helps developers in building cross-platform Bitcoin wallets. Its [grant](https://x.com/spiralbtc/status/1884998758976405840) will support the project’s continued refinement and development. ## RECOMMENDED CONTENT #### **The Bitcoin and Cypherpunk Spirit Is Alive and Well in Africa by Frank Corva** In this [article](https://bitcoinmagazine.com/culture/the-bitcoin-and-cypherpunk-spirit-is-alive-and-well-in-africa) for [Bitcoin Magazine](http://bitcoinmagazine.com), journalist [Frank Corva](https://x.com/frankcorva) spotlights Bitcoin's growing presence across Africa. Across the continent, people are building Bitcoin circular economies, open-source financial tools, and educational initiatives. From [Bitcoin Ekasi](https://x.com/BitcoinEkasi) in South Africa to [AfriBit Kibera](https://x.com/AfribitKibera) in Kenya and [Bitcoin Dua](https://x.com/bitcoin_dua) in Ghana, these grassroots initiatives drive financial inclusion and education for individuals and communities. Meanwhile, tools like [Tando](https://tando.me/) and [Machankura](https://8333.mobi/) are expanding access to transactional freedom, and conferences like [Adopting Bitcoin Captetown](https://za25.adoptingbitcoin.org/) and the [Africa Bitcoin Conference](https://afrobitcoin.org/) nurture ongoing collaboration between individuals, developers, and activists to advance financial freedom on a continent that otherwise has very little liberal democracy. Read the full article [here](https://bitcoinmagazine.com/culture/the-bitcoin-and-cypherpunk-spirit-is-alive-and-well-in-africa). #### **Using Bitcoin Without Internet! Here’s How Machankura Makes It Happen with Anita Posch** In this short [interview](https://www.youtube.com/watch?v=XzXfd237XVo), Bitcoin educator and host of the [Bitcoin for Fairness](https://www.youtube.com/@AnitaPosch) channel, Anita Posch, speaks with Mary Imasuen, a [Machankura](https://8333.mobi/) team member, about how this technology makes Bitcoin accessible to Africans without Internet access. Machankura is an app that allows feature phones to send and receive Bitcoin using the Unstructured Supplementary Service Data (USSD) protocol, a mobile communications system similar to SMS. This means people can transact in Bitcoin without needing a smartphone or data connection, a situation common to many living under autocratic regimes in sub-Saharan Africa. By removing Internet barriers, Machankura helps millions of Africans overcome high data costs and unreliable networks, offering a practical solution to financial inclusion. *If this article was forwarded to you and you enjoyed reading it, please consider subscribing to the Financial Freedom Report [here](https://mailchi.mp/hrf.org/financial-freedom-newsletter?mc_cid=bf652c0a5a).* *Support the newsletter by donating bitcoin to HRF’s Financial Freedom program [via BTCPay](https://hrf.org/btc).*\ *Want to contribute to the newsletter? Submit tips, stories, news, and ideas by emailing us at ffreport @ [hrf.org](http://hrf.org/)* *The Bitcoin Development Fund (BDF) is accepting grant proposals on an ongoing basis. The Bitcoin Development Fund is looking to support Bitcoin developers, community builders, and educators. Submit proposals [here](https://forms.monday.com/forms/57019f8829449d9e729d9e3545a237ea?r=use1)*. [**Subscribe to newsletter**](http://financialfreedomreport.org/) [**Apply for a grant**](https://forms.monday.com/forms/57019f8829449d9e729d9e3545a237ea?r=use1&mc_cid=39c1c9b7e8&mc_eid=778e9876e3) [**Support our work**](https://hrf.org/btc?mc_cid=39c1c9b7e8&mc_eid=778e9876e3) [**Visit our website**](https://hrf.org/programs/financial-freedom/)

@ 9673b322:1b75ee9e

This is test content 

@ 9673b322:1b75ee9e

This is some test content Adding a Sample Image 

@ 2e8970de:63345c7a

 > We measure gender differences using the Cross-Gender Friending Ratio, the ratio of female friends in men's networks to the share of female friends in women's networks in a given place. Men almost always have a lower share of female friends than women do, but the degree varies:  > Across countries, the CGFR is strongly predictive of gender differences in labor force participation. Within countries, we also find a strong correlation with gender attitudes in the World Values Survey, such as beliefs about women's suitability for politics. https://x.com/drew_m_johnston/status/1889794718004826288 originally posted at https://stacker.news/items/884660

@ c2827524:5f45b2f7

> innèsto s. m. [der. di innestare]. – 1. In agraria: a. Operazione con cui si fa concrescere sopra una pianta (detta portainnesto o soggetto) una parte di un altro della stessa specie o di specie differenti (detto nesto o oggetto), **al fine di formare un nuovo individuo più pregiato o più produttivo o più giovane**: fare, operare, praticare un innesto. Le collaborazioni sono di una potenza micidiale. Quelle che si sviluppano nello spazio #Bitcoin ancora di più. Non è più una collaborazione, è un #innesto: rami di alberi diversi, destinati da soli a dare grandi frutti, si fondono per **donare ad un intero ecosistema sapori ancora più deliziosi**. Contributi e suggerimenti vanno e vengono alla velocità della luce, col sorriso, senza sacrificio e sempre con la volontà di migliorarsi e crescere. Lo spazio #Bitcoin è una fabbrica magica, che accoglie minuscoli semini(*) da chiunque voglia partecipare, volontariamente, alla crescita della cultura Bitcoin. Ma li trasforma in un **incanto**. In solitaria i semini sarebbero destinati comunque a grandi cose e questo è già, di per sé, meraviglioso. La fabbrica magica, invece, li fa germogliare, fiorire e fruttare in maniera ancora più potente. Quando la magia è totale, avviene l’*innesto*, **la generazione di una nuova creatura più pregiata**. Sta succedendo davanti ai miei occhi. Sono onorata di poter assistere a questo mini miracolo della vita e, manco a dirlo, felice di farne parte. Non è solo cambiare atteggiamento, smussare frizioni e rigidità o correggere la propria visione, è proprio ampliare sé stessi accogliendo gli altri. Grazie nostr:npub1uhj92lnwh8rrhhuvulfqstk4g0ayx0zx35wj2d62jueqheknkxks5m4zj6 nostr:npub1au23c73cpaq2whtazjf6cdrmvam6nkd4lg928nwmgl78374kn29sq9t53j nostr:npub1awnu9vg352863e7tqlc6urlw7jgdf8vf00tmr76uuhflp4nnn68sjmnnl3 e nostr:npub1lrurmgmlfl4u72258fc4q5ke7tr82kw5xct5vchdmzr9uhmx6j4qn3t72a (1) Semini, non #seed [non chiamatelo seed, si dice mnemonica (cit.)] Siccome in italiano la parola **seme** porta alla mente anche *giochini di parole fiat*, se siete qui per perculare fate pure. -> H.F.S.P. 🤣

@ d360efec:14907b5f

**Top-Down Analysis:** กลยุทธ์การเทรดเพื่อมองภาพรวมและจับจังหวะทำกำไร ในโลกของการเทรดที่เต็มไปด้วยความผันผวน การมีเครื่องมือวิเคราะห์ที่แข็งแกร่งเป็นสิ่งสำคัญอย่างยิ่งที่จะช่วยนำทางให้เทรดเดอร์สามารถตัดสินใจได้อย่างมีหลักการและเพิ่มโอกาสในการทำกำไร หนึ่งในเครื่องมือที่ได้รับความนิยมและมีประสิทธิภาพคือ "Top-Down Analysis" หรือการวิเคราะห์จากบนลงล่าง ซึ่งเป็นวิธีการมองภาพรวมของตลาดก่อนที่จะเจาะจงไปที่สินทรัพย์ที่เราสนใจ บทความนี้จะพาคุณไปทำความเข้าใจกับ Top-Down Analysis อย่างละเอียด พร้อมทั้งแนะนำกลยุทธ์การเทรดที่สามารถนำไปปรับใช้ได้จริง **Top-Down Analysis คืออะไร?** Top-Down Analysis เป็นกระบวนการวิเคราะห์ตลาดที่เริ่มต้นจากการพิจารณาภาพรวมในกรอบเวลาที่ใหญ่ขึ้น ก่อนที่จะค่อยๆ ย่อยลงไปในกรอบเวลาที่เล็กลง เพื่อทำความเข้าใจบริบทของตลาดและหาจังหวะการเทรดที่เหมาะสม วิธีการนี้ช่วยให้เทรดเดอร์สามารถมองเห็นทิศทางหลักของตลาด, แนวโน้มที่กำลังเกิดขึ้น, ระดับราคาสำคัญ, และความสมดุลระหว่างอุปสงค์และอุปทาน ก่อนที่จะตัดสินใจเข้าเทรดในกรอบเวลาที่เล็กลง **องค์ประกอบสำคัญของ Top-Down Analysis (อ้างอิงจากภาพ)** ภาพ "Top-Down Analysis" ได้สรุปองค์ประกอบสำคัญของการวิเคราะห์นี้ไว้อย่างชัดเจน โดยแบ่งการวิเคราะห์ออกเป็น 3 กรอบเวลาหลัก: 4 ชั่วโมง (4H), 1 ชั่วโมง (1H), และ 15 นาที (15min) แต่ละกรอบเวลามีองค์ประกอบที่ต้องพิจารณาดังนี้: 1. กรอบเวลา 4 ชั่วโมง (4H): ภาพรวมตลาดและทิศทางหลัก ในกรอบเวลา 4 ชั่วโมง เราจะเน้นการวิเคราะห์ภาพรวมของตลาด เพื่อกำหนดทิศทางหลักและแนวโน้มในระยะกลาง องค์ประกอบสำคัญในกรอบเวลานี้คือ: * Direction (ทิศทาง): ประเมินทิศทางที่ตลาดกำลังเคลื่อนที่ไป โดยพิจารณาจากแนวโน้มและโครงสร้างราคาในภาพรวม ตลาดกำลังเป็นขาขึ้น, ขาลง หรืออยู่ในช่วง Sideways? * Trend (แนวโน้ม): ระบุแนวโน้มหลักของตลาด ไม่ว่าจะเป็นแนวโน้มขาขึ้น (Uptrend), แนวโน้มขาลง (Downtrend) หรือ Sideways การเข้าใจแนวโน้มช่วยในการกำหนดกลยุทธ์การเทรดที่เหมาะสม * Key levels (ระดับราคาสำคัญ): หาระดับราคาแนวรับและแนวต้านที่สำคัญในกรอบเวลา 4 ชั่วโมง ระดับเหล่านี้มักเป็นจุดที่ราคาเคยมีการกลับตัวหรือพักตัวในอดีต และอาจเป็นบริเวณที่ราคาจะตอบสนองอีกครั้งในอนาคต * Supply & Demand (อุปทานและอุปสงค์): วิเคราะห์ความสมดุลระหว่างแรงซื้อ (Demand) และแรงขาย (Supply) ในตลาด โดยพิจารณาจากพฤติกรรมราคาบริเวณแนวรับแนวต้าน และสัญญาณจากเครื่องมือวิเคราะห์อื่นๆ (ถ้าใช้) 2. กรอบเวลา 1 ชั่วโมง (1H): หาจังหวะและบริเวณที่น่าสนใจ เมื่อได้ภาพรวมและทิศทางหลักจากกรอบ 4H แล้ว เราจะย่อยลงมาในกรอบ 1 ชั่วโมง เพื่อหาจังหวะการเทรดที่สอดคล้องกับทิศทางหลัก และมองหารูปแบบราคาที่น่าสนใจ องค์ประกอบสำคัญในกรอบเวลานี้คือ: * Breaks (การทะลุ): สังเกตการทะลุแนวรับแนวต้าน หรือระดับราคาสำคัญในกรอบ 1H ที่สอดคล้องกับทิศทางหลักใน 4H การทะลุเหล่านี้อาจเป็นสัญญาณของการเคลื่อนไหวครั้งใหญ่ของราคา * Reversals (การกลับตัว): มองหารูปแบบการกลับตัวของราคาที่อาจเกิดขึ้นบริเวณระดับราคาสำคัญในกรอบ 1H ซึ่งบ่งบอกถึงจุดสิ้นสุดของแนวโน้มปัจจุบันและเริ่มต้นแนวโน้มใหม่ * OB (Order Blocks): ระบุบริเวณ Order Blocks ในกรอบ 1H ซึ่งเป็นพื้นที่ที่มีการสั่งซื้อขายจำนวนมากในอดีต Order Blocks เหล่านี้มักจะทำหน้าที่เป็นแนวรับแนวต้านในอนาคต * FVG (Fair Value Gaps): มองหา Fair Value Gaps ในกรอบ 1H ซึ่งเป็นช่องว่างของราคาที่เกิดจากการเคลื่อนไหวอย่างรวดเร็ว FVG มักจะเป็นเป้าหมายของราคาในอนาคต เนื่องจากราคาอาจจะกลับมาปิดช่องว่างเหล่านี้ * Liquidity (สภาพคล่อง): ประเมินสภาพคล่องบริเวณระดับราคาที่เราสนใจในกรอบ 1H บริเวณที่มีสภาพคล่องสูงมักจะดึงดูดนักลงทุนรายใหญ่ และอาจทำให้เกิดการเคลื่อนไหวของราคาที่รุนแรง 3. กรอบเวลา 15 นาที (15min): ยืนยันสัญญาณและหาจุดเข้าเทรด ในกรอบเวลา 15 นาที เราจะเน้นการยืนยันสัญญาณการเทรด และหาจุดเข้าเทรดที่แม่นยำ เพื่อลดความเสี่ยงในการเข้าเทรดเร็วเกินไป องค์ประกอบสำคัญในกรอบเวลานี้คือ: * Confirmation (การยืนยัน): รอสัญญาณยืนยันการเคลื่อนไหวของราคาในกรอบ 15 นาที ที่สอดคล้องกับการวิเคราะห์ในกรอบ 1H และ 4H สัญญาณยืนยันอาจมาในรูปแบบของแท่งเทียนกลับตัว, รูปแบบ Chart Patterns, หรือสัญญาณจาก Indicators * จุดเข้าเทรด: เมื่อมีสัญญาณยืนยันที่ชัดเจนในกรอบ 15 นาที และสอดคล้องกับการวิเคราะห์ในกรอบเวลาที่ใหญ่ขึ้น จึงตัดสินใจเข้าเทรด โดยกำหนด Stop Loss เพื่อจำกัดความเสี่ยง และ Take Profit เพื่อตั้งเป้าหมายในการทำกำไร **กลยุทธ์การเทรด Top-Down Analysis: ขั้นตอนสู่ความสำเร็จ** เพื่อนำ Top-Down Analysis ไปใช้ในการเทรดอย่างมีประสิทธิภาพ เราสามารถทำตามขั้นตอนต่อไปนี้: 1. **เริ่มต้นที่ 4H**: กำหนดทิศทางและแนวโน้มหลัก วิเคราะห์กราฟ 4H เพื่อระบุทิศทางหลักของตลาด แนวโน้ม และระดับราคาสำคัญ ประเมินความสมดุลของ Supply & Demand เพื่อกำหนด Bias การเทรด (เน้นซื้อหรือขาย) 2. **เจาะลึก 1H:** หาจังหวะและบริเวณที่น่าสนใจ เมื่อได้ทิศทางหลักจาก 4H แล้ว ให้ย่อยลงมาดูกราฟ 1H เพื่อหารูปแบบราคาที่น่าสนใจ เช่น การทะลุแนวรับแนวต้าน, รูปแบบการกลับตัว, Order Blocks, Fair Value Gaps และบริเวณที่มีสภาพคล่องสูง 3. **ยืนยันใน 15min:** หาจุดเข้าเทรดที่แม่นยำ รอสัญญาณยืนยันในกรอบ 15 นาที ที่สอดคล้องกับการวิเคราะห์ในกรอบเวลาที่ใหญ่ขึ้น ใช้ Price Action, แท่งเทียน, หรือ Indicators เพื่อยืนยันสัญญาณ และหาจุดเข้าเทรดที่แม่นยำ พร้อมกำหนด Stop Loss และ Take Profit ที่เหมาะสม **ประโยชน์ของการใช้ Top-Down Analysis** * มองเห็นภาพรวมตลาด: ช่วยให้เทรดเดอร์เข้าใจบริบทของตลาดในภาพรวม ไม่หลงทางในรายละเอียดเล็กๆ น้อยๆ * ตัดสินใจเทรดอย่างมีหลักการ: ทำให้การตัดสินใจเทรดมีเหตุผลและมีข้อมูลสนับสนุนมากขึ้น ไม่ใช่แค่การคาดเดา * เพิ่มความแม่นยำในการเทรด: การวิเคราะห์หลายกรอบเวลาช่วยกรองสัญญาณรบกวน และเพิ่มโอกาสในการเข้าเทรดในทิศทางที่ถูกต้อง * ลดความเสี่ยง: ช่วยลดโอกาสในการเทรดสวนทางแนวโน้มหลักของตลาด และช่วยในการกำหนด Stop Loss ที่เหมาะสม **ข้อควรจำและข้อควรระวัง** * ฝึกฝนและสังเกต: Top-Down Analysis ต้องอาศัยการฝึกฝนและการสังเกตกราฟราคาอย่างสม่ำเสมอ เพื่อพัฒนาความเข้าใจและทักษะในการวิเคราะห์ * ปรับใช้ให้เข้ากับสไตล์: ปรับกลยุทธ์ให้เข้ากับสไตล์การเทรดของคุณ และสินทรัพย์ที่คุณเทรด * บริหารความเสี่ยง: ให้ความสำคัญกับการบริหารความเสี่ยงเสมอ กำหนดขนาด Position ที่เหมาะสม และใช้ Stop Loss ทุกครั้ง * ไม่มีกลยุทธ์ใดสมบูรณ์แบบ: Top-Down Analysis เป็นเครื่องมือที่มีประสิทธิภาพ แต่ไม่มีกลยุทธ์ใดที่รับประกันผลกำไร 100% การเทรดมีความเสี่ยง โปรดศึกษาและทำความเข้าใจความเสี่ยงก่อนตัดสินใจลงทุน **สรุป** Top-Down Analysis เป็นกลยุทธ์การเทรดที่ทรงพลัง ซึ่งช่วยให้เทรดเดอร์สามารถวิเคราะห์ตลาดอย่างเป็นระบบ มองภาพรวม และจับจังหวะการเทรดได้อย่างแม่นยำ การนำหลักการของ Top-Down Analysis ไปปรับใช้ในการเทรด จะช่วยเพิ่มประสิทธิภาพในการตัดสินใจ และเพิ่มโอกาสในการประสบความสำเร็จในตลาดการเงินได้อย่างยั่งยืน

@ e373ca41:b82abcc5

*This article has been written with the* ***[Pareto client](https://pareto.space/read).*** *(read it there for the full experience). It was first published in German by Milosz Matuschek on* ***["Freischwebende Intelligenz".](https://www.freischwebende-intelligenz.org/p/unterwanderter-journalismus-der-mediale)*** *** It is unmistakable. The hydra of the Deep State is losing a few heads - and this time it's the turn of the media heads. Anyone can look at [USASpending](https://www.usaspending.gov/) to see how much taxpayers' money has gone to whom in the USA. ### When the state pays its advocates The mainstream media were also among the beneficiaries: Politico (100% Axel Springer) received over [USD 7 million](https://www.usaspending.gov/recipient/fa0cefae-7cfb-881d-29c3-1bd39cc6a49e-C/latest); the New York Times received over USD 40 million. Thousands of (probably not always necessary) government subscriptions flowed to large media houses - paid for with taxpayers' money. A form of covert press financing by the state. At what point can or should we speak of state media?  However, this is only the tip of the iceberg. The CIA front organization USAID ([known for its funding of virus research in Wuhan and other questionable activities](https://pareto.space/a/naddr1qqxnzden8quryveexq6rywp3qgswxu72gyq7ykjdfl9j556887jpzwu3mw3v9ez36quas55whq4te3grqsqqqa28qyxhwumn8ghj7mn0wvhxcmmvqyf8wumn8ghj7mmxve3ksctfdch8qatzqythwumn8ghj7urpwfjhgmewdehhxarjxyhxxmmdqy28wumn8ghj7un9d3shjtnyv9kh2uewd9hsz9nhwden5te0wfjkccte9ehx7um5wghxyctwvszsxfjh)) - [pumped USD 472.6 million directly into the media landscape via the “Internews Network”.](https://www.zerohedge.com/political/usaid-funded-massive-global-state-propaganda-news-matrix-nearly-billion-people-reach) FAZ journalist Udo Ulfkotte once called this “bought journalists” in a very clear and media-effective way, which was not good for his health. There is ample evidence of the CIA-USAID connections, for example [here](https://timesofindia.indiatimes.com/toi-plus/international/how-usaid-worked-alongside-cia-in-vietnam-a-whistleblowers-account/articleshow/118164225.cms), [here](https://foreignpolicy.com/2014/04/03/cuban-twitter-and-other-times-usaid-pretended-to-be-an-intelligence-agency/) and [here.](https://www.jstor.org/stable/4017728)  But this is now over for the time being: USD 268 million, which was to go to “independent media for the free flow of information” (according to the [Columbia Journalism Review](https://www.cjr.org/the_media_today/usaid-and-the-media-in-a-time-of-monsters.php)) in 2025, has been frozen. The largest media influence machine in the Western world is bleeding a little. One has to admit: part of the media-deepstate swamp is actually being drained dry financially. The fact that the Columbia Journalism Review doesn't even seem to notice that “free international journalism”, which, as it writes, is largely funded by USAID, ceases to be “free journalism” speaks volumes about this “hotbed of journalism”. Matt Taibbi of Racket News rightly finds, “The legacy media system is dead. They just don't know it yet.” *** ADVERTISEMENT: *Looking for the easiest way to buy Bitcoin and store it yourself? The **[Relai app](https://relai.app/de/?af_xp=custom\&source_caller=ui\&pid=INFLUENCER\&is_retargeting=true\&af_click_lookback=7d\&shortlink=eo5zpzew\&af_channel=branded_url\&af_inactivity_window=30d\&c=Milosz%20Matuszek)** is the No. 1 crypto start-up and No. 2 of all fintech start-ups in Switzerland. **[Here you can buy Bitcoin](https://relai.app/de/?af_xp=custom\&source_caller=ui\&pid=INFLUENCER\&is_retargeting=true\&af_click_lookback=7d\&shortlink=eo5zpzew\&af_channel=branded_url\&af_inactivity_window=30d\&c=Milosz%20Matuszek)** in just a few steps and also set up savings plans. Nobody has access to your Bitcoin except you. With the referral code MILOSZ you save on fees (no financial advice). Disclaimer due to regulatory issues: The services of the Relai App are hereby only recommended to inhabitants of Switzerland or Italy.*  *Need more security? The **[Trezor wallets](https://trezor.io/trezor-safe-5-bitcoin-only?transaction_id=102e192a206d1585e56a2fddef6d83\&offer_id=238\&affiliate_id=35234)** are recommended and easy to use, others are available in the **[store](https://trezor.io/?transaction_id=102bc85bdca2733287749c7f879ebd\&offer_id=133\&affiliate_id=35234)**. Need more advice? Book an **[introductory meeting](https://trezor.io/trezor-expert-session?transaction_id=1020e18dad0aa4b1186289fd22e90f\&offer_id=241\&affiliate_id=35234)** with a wallet expert.* *** Large-scale media manipulation has become visible. The propaganda matrix, if you will. The disastrous thing about it: if the Overton window is infiltrated, so to speak, the entire institution of journalism cannot be trusted. Every day, readers must expect to be pulled through the nose ring of intelligence service narratives and public agendas by mainstream journalists who pretend to be objective (and are often simply clueless and unsuspecting). The panorama of what we are supposed to see and believe, so to speak. How many mainstream journalists today are basically mouthpieces for the services? Every mainstream reader must now ask themselves: Is my favorite journalist at NZZ, Welt, SZ, ZEIT or FAZ perhaps just a CIA-IM? There were no major dissenters among them: EU criticism? Vaccination criticism? Criticism of NATO? Criticism of Biden and America? Criticism of Nord Stream? There were brief moments on television when questions about journalists' ties to lobby organizations were still part of the German satire program. <https://x.com/Spitze_Zunge_/status/1887915509988876786> ### The cards in the media are being reshuffled The watchdog of the powerful has been infiltrated by the powerful. This means that the Fourth Power is not a power at all, but part of the executive branch, a mouthpiece of the government. The claim that the mainstream is quality journalism, the gold standard for trustworthy information, is therefore the real fake news. It is the last, now crumbling dogma of an infiltrated press sect that has formed a cartel and is subjecting citizens to a permanent psy-op with intelligence-controlled taxpayers' money. A troupe of spokespeople at the work of mental synchronization. <https://x.com/TopherField/status/1887962959072149989> ### The fight against independent media But they not only give to one, they also take from the other. While government agencies use taxpayers' money to promote a certain type of journalism, the juice is actively being cut off from the critical part. All it takes is to be classified as a “PEP” (politically exposed person) and the bank account is gone. This is what has just happened to swiss Radio Kontrafunk. The critical Swiss author Stefan Millius was canceled by his publisher. Others have had their monetization via YouTube cut off (Snicklink). Others are harassed by the state media authority (Multipolar, Alexander Wallasch). The next one has a house search. It has been known since the Twitter files that the government and services also intervened massively in social media communication. This is no longer the Cold War. But it is the cold information war. <https://www.youtube.com/watch?v=kmgWAGDFCZI> Is this all so outrageous and new? During the Cold War, the CIA systematically infiltrated media outlets in the US. Thousands of agents were deployed as journalists - and wrote what they were told. This “Operation Mockingbird”, which the Church Committee also investigated, never ended, so to speak. It lives on as Operation Mockingbird 2.0. Intelligence payments to media outlets continue to exist. USAID distributes millions for “pro-democratic” reporting. Government subscriptions keep uncritical media alive. Media control of public opinion is the most important tool of power in a modern “democracy”. The difference to back then? Today, the manipulation is global. However, these revelations come at a time when trust in the media is already at an all-time low. [The fear of being lied to by the powerful is currently the majority opinion at 70%.](https://www.edelman.com/trust/2025/trust-barometer) They are currently in the process of convincing the remaining 30% of their own incompetence.  ### Update on the [Pareto project](https://pareto.space/en)  “Half the victory”, says Sun Tsu, ‘lies in the impregnable defense’. Free media now have the opportunity to build their own impregnable bastion and the [Pareto Project](https://pareto.space/read) invites them to do just that: [become uncensorable, be able to scale infinitely and not depend on third parties for all processes of journalistic work](https://pareto.space/a/naddr1qqxnzdenxuerxdpkxycngvpcqgsvlutjpemmkp50p6aa8zwu65yz9hg6erf2czc0tuyqpt57zhr79vsrqsqqqa28qyxhwumn8ghj7mn0wvhxcmmvqy28wumn8ghj7un9d3shjtnyv9kh2uewd9hs33ee7d). It's all possible now. Everyone has to realize that: With other platforms, you build your house on someone else's property. With Nostr/Pareto, there is nothing and no one between author and reader, both in terms of communication and payment (via Bitcoin/Litghtning). **A brief update on the project, January was very busy.** * We have about 35 journalists, publications, substackers, bloggers, memers onboarded who publish texts via the Pareto client, and the number is growing all the time. * The first Telepolis authors, such as Mathias Bröckers and Alexander Unzicker, will soon be able to re-publish their deleted texts with us in a censorship-proof manner, and we are helping with the migration of content. * We recently successfully tested the newsletter function! We will soon be able to offer all authors and readers the functions of Substack, Steady, Ghost etc. without having to entrust their readers' sensitive data to a platform or expose them to platform tracking. * We are delighted to have more high-caliber additions to our development team, which now comprises around ten wonderful people, almost all of whom come from this group of readers. * Our [open source code is now also public.](https://github.com/twenty-eighty/pareto-client) * We have opened a [crowdfunding on Geyser!](https://geyser.fund/project/pareto) - Our editor will soon be available to everyone free of charge (atm you have to drop us your npub: <team@pareto.space>) ### What's next? This opens up a new window of unimagined possibilities: On a strong basis such as that offered by decentralized technology, many critical authors can now publish securely or new publications can be created - worldwide and uncensorable. What kind of publications would you like to see? Where do you see gaps (also in the critical spectrum) that need to be filled, both in terms of formats and topics? What does the journalism of the future look like to you? Feel free to write to me: **<milosz@pareto.space>** ## One last thing Our funds are coming to an end. If you would like to support us: We have started a [crowdfunding on Geyser](https://geyser.fund/project/pareto), where you can help us with Bitcoin/Lightning donations.&#x20;  For traditional donations, you can find our bank account on our **[landingpage.](https://pareto.space/en)** *** ***Join the marketplace of ideas!** We are building a publishing ecosystem on Nostr for citizen-journalism, starting with a client for blogging and newsletter distribution. Sound money and sound information should finally be in the hands of the people, right? Want to learn more about the [Pareto Project](https://pareto.space/en)? Zap me, if you want to contribute (all Zaps go to the project).* *Are you a publication or journalist and want to be part of it, test us, migrate your content to Nostr? Write to **<team@pareto.space>*** **Not yet on** **[Nostr](https://nostr.com/)** **and want the full experience?** Easy onboarding via **[Start.](https://start.njump.me/)**

@ 3eba5ef4:751f23ae

Security is fundamental to any blockchain. It ensures that all tokens are secure. When talking about a virtual machine and the smart contract platform it forms, security comes in two main aspects: * The code running on the virtual machine must be secure * The virtual machine itself should also be designed to facilitate safer code execution The first aspect often gets sufficient attention. When it comes to [CKB](https://www.nervos.org/), we now encourage developers to write scripts in Rust for maximum security, reserving pure C code only for those who fully understand its risks. Additionally, higher-level languages have been introduced in CKB to strike a better balance between productivity and security. Virtual machine security was a major focus when CKB-VM was originally designed. Many potential risks were addressed at the architectural level, though some—despite thorough research—were still left open. One such issue is **Return-Oriented Programming (ROP)**—a rather ingenious attack. It exploits executable code that has been legitimately loaded into memory, making widely effective protections (e.g., [W^X](https://yakihonne.com/write-article)) futile. It spans multiple architectures and is constantly evolving. Although we’ve spent a great deal of effort in the early days on ROP, we did not implement specific countermeasures to prevent it. Now, with new RISC-V extensions now available, it is the perfect time to introduce design-level protections against ROP. ## Acknowledgments Before diving deeper, we would like to acknowledge Todd Mortimer from the OpenBSD team. His work on ROP mitigations at the OpenBSD kernel in 2018-2019 significantly inspired our research and this article. We highly recommend his [talk](https://www.youtube.com/watch?v=ZvSSHtRv5Mg), slide decks from [AsiaBSDCon 2019](https://www.openbsd.org/papers/asiabsdcon2019-rop-slides.pdf) and [EuroBSD 2018](https://www.openbsd.org/papers/eurobsdcon2018-rop.pdf), and this [paper](https://www.openbsd.org/papers/asiabsdcon2019-rop-paper.pdf) for a deeper understanding of ROP. Several examples on x64 ROP attacks in this post are also drawn from his research. ## Typical Attack Workflow While there are many sophisticated [ways](https://www.wired.com/2016/06/clever-attack-uses-sound-computers-fan-steal-data/) of attacks, a common attack on a program typically follows this process: Prepare a [shellcode](https://en.wikipedia.org/wiki/Shellcode)— a piece of binary code to perform specific actions (e.g., running a shell or other programs on the target computer). Exploit one possible vulnerability in the target system, most commonly a [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow) attack. The attack could be initiated via a network protocol (such as HTTP) against a remote system, or via command line input to a target program; As the result of the attack, the shellcode is inserted to a designated memory region of the target system and gets executed, allowing the attacker to achieve their goal. The consequences vary, like gaining unauthorized access to sensitive data, destroying certain data/machine, planting malicious programs onto the target for further actions, manipulating control flow. While traditional systems face a wide range of attacks, blockchains run in their own limited and unique runtime environment, rendering many conventional attacks irrelevant. Major blockchain security threats includes: * **Private key security**: Blockchain wallets rely on private keys, which are prime targets for various attacks. * **Smart contract vulnerability**: Poorly written smart contracts contain logic flaws that lead to security risks. * **Virtual machine security**: Attacker may send malicious inputs to a smart contract, causing it to terminate unexpectedly with a success status—despite lacking proper credentials. This post focuses specifically on attacks targeting the blockchain’s virtual machine—in our case—CKB Virtual Machine (CKB-VM) specifically. ## CKB’s Early Approach While it is impossible to predict every attack, disrupting the typical attack workflow is an effective defense strategy. From its inception, CKB-VM has implemented [W^X](https://en.wikipedia.org/wiki/W%5EX) protection: at any given time, any memory location in CKB-VM is either writable (allowing data modification) or executable (allowing data execution)—but never both. Once a memory region is marked as **executable**, it cannot be reverted to **writable** throughout the lifecycle of the current CKB-VM instance. Only writable memory location can be **frozen** to executable. This design significantly disrupts the typical attack workflow. For shellcode to execute on CKB-VM, it must reside in **executable** memory. However, an attacker can only provide shellcode as part of program inputs, which are loaded into **writable** memory. As long as a CKB script does not voluntarily mark input data as **executable** (a highly unlikely scenario), the shellcode remains inert. Additionally, attempting to overwrite existing **executable** shellcode is also futile, since executable memory region is unwritable, and cannot be converted back to writable. This way, W^X is a well-established security technique widely used in modern hardwares, operating systems, and virtual machines. Although it cannot prevent all possible attacks, W^X effectively shields many by breaking the standard attack workflow. Even if an attacker successfully injects shellcode into a target machine, the attack is incomplete due to the inability to execute it. ## Understanding ROP While W^X is effective, it does not solve all our problems. This leads to the topic of this post: **Return-oriented Programming (ROP)**. Instead of explicitly injecting new code, ROP exploits executable code that already resides in the target machine’s memory. Essentially, ROP builds a shellcode by chaining existing code snippets together that were never intended to function as such. It may sound like a fantasy, but as we shall see from the following examples, ROP is a practical and effective attack technique. To understand ROP, we must first examine modern CPU architecture and memory layout. While assembly instructions vary in representations and lengths, they are put together in memory one after another as a stream of bytes:  *Image [Source](https://www.quora.com/Is-assembly-language-a-source-code-or-object-code)* As seen in the above example, different assembly instructions come in different lengths. For x86-64 ISA, an instruction can range from 1 to 7 bytes (RISC ISAs such as ARM or RISC-V have more uniform instruction lengths—we will discuss it later). But in memory, instructions are stored sequentially without gaps. This means that with a stream of bytes alone, we really don’t know what instructions the stream of bytes consist of. In the above example, meaningful assembly instructions emerge only when we start decoding from the `B8` byte. In a different occasion, assuming we know elsewhere that `B8 22 11` bytes at the front are for certain magic flags, the decoding would start from `00` byte, yielding a totally different instruction set.  *Image [Source](https://www.quora.com/Is-assembly-language-a-source-code-or-object-code)* It is really the combination of a special program counter (`PC`) register from the CPU and the current memory stream, jointly determine the instructions the CPU executes. Depending on each different ISA or hardware, a booting process initializes a CPU’s `PC` register to a pre-defined value, then loads up instructions from this pre-defined address, and initializes everything related to the operating system. When a user launches a new program, the metadata for each program will contain an `entrypoint` address, where OS sets the CPU’s `PC` register to, in order to start executing the program. It is suffice to say that maintaining a proper `PC` value is a critical job to ensure a computer’s proper function. An invalid `PC` value might lead to a CPU malfunction at best, or at worst, leaking sensitive information or granting attackers unauthorized access. ### Forming an ROP Attack Via ROP Gadgets Let’s look at the following byte instruction stream in a x86-64 CPU: ``` 8a 5d c3 movb -61(%rbp), %bl ``` This 3-byte represents a `mov` instruction: it takes the address of `rbp` register, adds an offset of `-61`, then uses the result as a memory address to load 1 byte data, and finally sets the loaded data to `bl` register. However, if we ignore `8a` and only look at `5b c3` here, it actually represents a different instruction set: ``` 5d popq %rbp c3 retq ``` This byte sequence contains two instructions: * Pop 8-byte value from stack, and use it to set `rbp` register * Pop 8-byte value from stack, and use it to set `PC` register, so we continue executing from the new location We've briefly discussed that shellcode only fulfills a certain task required by the attacker. In fact, the most common type of shellcode simply construct a new shell, where the attacker can execute more operations. Such shellcode can be represented in the following C pseudocode to run a new command via the `execve` syscall: ``` execve(“/bin/sh”, NULL, NULL); ``` To execute this on an x86-64 CPU, the following actions are needed for a syscall: * `rax` register: must contain the syscall number, for `execve`, it is `59` * `rdi`, `rsi`, `rdx` registers: hold the first 3 arguments to the syscall. In this case, `rdi` holds a pointer to the C string `/bin/sh`; `rsi` and `rdx` must be zero. * The `syscall` instruction (or typically `int 80h` on x64) shall be executed A typical shellcode would be a packed assembly sequence directly doing all of the above instructions. In contrast, ROP attack looks for the following sequences: ``` # Those can set the value of different registers from values on the stack pop %rax; ret pop %rdi; ret pop %rsi; ret pop %rdx; ret # Finally, trigger the syscall syscall ``` Each of these small code sequences, are conventionally callled **ROP gadgets**. An attacker searches for these gadgets in the target program or system libraries (such as libc). Once these required gadgets are obtained, the attacker pieces together a sequence of data, much like the following:  With the prepared data sequence, the attacker can exploit a vulnerability in the target computer or program, such as typical buffer overflow attack. During this process, the attacker performs three key actions: * Pushes (or overwrites existing data) the crafted data sequence to the stack * Sets the stack pointer (top of the stack) to `X + 64` * Sets the `PC` register to the address of a code sequence, `pop %rax; ret` in the existing program or libc memory space Now the attack proceeds step by step as follows: 1. The CPU runs `pop %rax; ret`. With the stack pointer pointing to `X + 64`, the CPU pops `59` from the stack and sets `rax` register to `59`. It then pops the address to code sequence `pop %rdi; ret` from the stack, and sets `PC` to this value; 2. The CPU runs `pop %rdi; ret`. With the stack pointer pointing to `X + 48`, the CPU pops value `X`, pointing to the C string `/bin/sh` from the stack, and sets `rdi` register to `X`. It then pops the address to code sequence `pop %rsi; ret` from the stack, and sets `PC` to this value; 3. The CPU runs `pop %rsi; ret`. With the stack pointer pointing to `X + 32`, the CPU pops `0` from the stack and sets `rsi` register to `0`. It then pops the address to code sequence `pop %rdx; ret` from the stack, and sets `PC` to this value; 4. The CPU runs `pop %rdx; ret`. With the stack pointer pointing to `X + 16`, the CPU pops `0` from the stack and sets `rdx` register to `0`. It then pops the address to code sequence `syscall` from the stack, and sets `P`C to this value; 5. The CPU runs `syscall`. At this point, `rax` holds `59`, `rdi` points to `/bin/sh`, and both `rsi` and `rdx` are zero, the CPU invokes `execve("/bin/sh, NULL, NULL);`, granting the attacker a shell for further manipulations. This sequence of ROP gadgets, referred to as **ROP chains**, demonstrates how a complete ROP attack works. Two key takeaways are: * **ROP does not inject new code**. Instead, it injects data into the stack and leverages the existing code loaded in memory and marked them as executable. W^X protections hence cannot prevent ROP attacks. * **Attackers can mine ROP gadgets from the [libc](https://en.wikipedia.org/wiki/C_standard_library) library**. This is because modern computers employs [protection rings](https://en.wikipedia.org/wiki/Protection_ring) as a way for privilege encapsulations: on x86-64 computers, programs normally run at ring level 3, while libc runs at ring level 1. Lower ring levels have higher privileges, meaning that even if a program misbehaves, its capacities are limited at ring level 3. However, by using ROP gadgets in the libc library which runs at ring level 1, ROP attacks can have higher privileges and execute more damaging operations then normal shellcodes. Note that the above examples simply show the most basic ROP gadgets. In reality, ROP gadgets come in all kinds of forms. Since they come from compiler outputs, they can be combined in the least expected way, and can vary the forms as new compiler optimizations come out. Numerous tools (e.g., [ropper](https://scoding.de/ropper/), [ropr](https://github.com/Ben-Lichtman/ropr)) and research papers (e.g., *[Experiments on ROP Attack with Various Instruction Set Architectures](https://dl.yumulab.org/papers/42/paper.pdf)*, *[ROPGMN](https://www.sciencedirect.com/science/article/abs/pii/S0167739X24005314)*, *[Detecting and Preventing ROP Attacks using Machine Learning on ARM](https://www.infosun.fim.uni-passau.de/ch/publications/compsac23.pdf)*, *[KROP](https://arxiv.org/pdf/2406.11880)* ) keep coming out, making it almost impossible to enumerate all possible ROP gadget combinations. ### ROP on ARM & RISC-V ROP attacks are not limited to CISC architectures, where instructions vary in length. They also affect RISC designs, such as [ARM](https://developer.arm.com/documentation/102433/0200/Return-oriented-programming) and [RISC-V](https://pure.royalholloway.ac.uk/ws/portalfiles/portal/37157938/ROP_RISCV.pdf). Take the following sequence for example: ``` 13 4f 83 23 0b 00 ``` Decoding from the start, the first four bytes represent `xori t5,t1,568` following the RISC-V ISA. But if we skip the first two, the latter four represent `lw t2,0(s6)`. This illustrates that a byte stream interpretation also requires `PC` register in a RISC design such as RISC-V. As a result, one can find ROP gadgets from a RISC-V program as well. ### ROP on CKB-VM CKB’s RISC-V machine operates in a more restricted environment: for programs running on CKB, there are no `execve` syscalls to hijack a running shell, and all runtime states are publicly visible on a public blockchain like CKB. However, ROP attacks can still occur on CKB: one could construct an ROP chain that sets `a0` to `0`, `a7` to `93`, then executes `ecall`. This causes CKB-VM to immediately return with a success code (`0`), potentially allowing a script to pass validation when it should have failed—such as a lock script succeeding without a valid signature. ### Short Recap Let’s briefly recap what we’ve learned so far: * ROP attacks utilize existing executable code for malicious purposes. W^X cannot prevent ROP. * ROP is possible across multiple architecture, including x86-64, ARM, RISC-V, and CKB. * The landscape of ROP is constantly evolving. With new tools, techniques, and research emerging regularly, it’s impossible to foresee all ROP gadgets. ROP has been extensively studied over the years, leading to various mitigation strategies, which can be broadly categorized into two main approaches: * **Software Solutions**: Covering techniques like rewriting code sequences and implementing Retguard to prevent the creation of ROP gadgets * **Hardware Solutions**: Introducing additional CPU instructions with Control Flow Integrity (CFI) checks to safeguard control flow. I’ll explore these strategies in greater detail in the following sections. ## Software Solutions to Mitigate ROP ### Rewriting Sequence Certain instruction sequences are often targeted to form ROP gadgets. To prevent ROP, one approach is to alter the compiler, so that such sequences can never be generated. Take the following example: ``` 89 c3 mov %eax,%ebx 90. ``` In x86-64, `c3` represents the `ret` instruction, making it a potential target for ROP gadgets. We can rewrite it into the following equivalent sequence: ``` 48 87 d8 xchgq %rbx, %rax 89 d8 movl %ebx, %eax 48 87 d8 xchgq %rbx, %rax ``` The new sequence lacks `c3` byte at the expense of more bytes and more executed instructions. However, it is really up to real benchmarks to see if this causes noticeable overhead. Further analysis has revealed that the `rbx` register in x86-64 is often the source of ROP gadgets, due to the way Intel encodes x86-64 instructions. Hence, the OpenBSD team decided to avoid `rbx` register wherever possible, reducing the number of potential ROP gadgets. Again, this approach comes at the cost of having bigger code fragments, more instructions to execute, and an additional patched compiler. While OpenBSD has integrated these changes into its distribution, other environments must weigh the benefits against the costs. For a deeper dive, I would strongly recommend Todd Mortimer’s [work](https://www.openbsd.org/papers/asiabsdcon2019-rop-slides.pdf). ### Retguard’s Solution: Prologue and Epilogue Todd Mortimer also introduced Retguard in this [work](https://www.openbsd.org/papers/asiabsdcon2019-rop-slides.pdf) for securing OpenBSD known. ROP attacks typically occur when you enter a function `foo`, but the stack was manipulated, so the CPU exits to another code fragment that is not `foo`. What if to verify that, at each function exit, it is the same function for exiting and entering? Retguard introduces two components to perform this task: * **Prologue**: A prologue is inserted to each function’s entry, taking two inputs: - - A `cookie` value, a random data assigned for this particular function. - - The return address, where to jump to when current function exits—as inputs. The prologue computes the XOR value of these two, and stores the result into the current function’s [frame](https://en.wikipedia.org/wiki/Call_stack#Stack_and_frame_pointers) section, a dedicated memory region designated to the current function to hold data, separated from the stack. * **Epilogue**: An epilogue is inserted to the location where a function might exit. It takes two inputs: - - The saved XOR value from the prologue in the frame section - - The return address it now can access to (most likely popped from the stack in x64 machine, or read from a special `RA` register in RISC design) The epilogue computes the XOR of these two. If the result matches the original `cookie`, execution proceeds. Otherwise, the epilogue halts the program, signaling an error. This prologue-epilogue mechanism in Retguard guards the call stack from tampering. At a noticeable but acceptable cost (both in performance and code size), Retguard eliminates a significant number of ROP gadgets from the OpenBSD kernel. Like other software-based mitigations, it requires a patched compiler, and it is up to each environment to decide if such technique shall be employed. ## Hardware Advancements to Mitigate ROP In addition to software solutions, hardware-based defenses have also been developed. For instance, Intel has introduced [Indirect Branch Tracking](https://edc.intel.com/content/www/us/en/design/ipla/software-development-platforms/client/platforms/alder-lake-desktop/12th-generation-intel-core-processors-datasheet-volume-1-of-2/007/indirect-branch-tracking/?language=en) feature starting with its 12th generation core processors, using a new instruction `endbr32` or `endbr64` added at every location the program might jump to or call into. When the CPU executes a jump/call, it asserts that the target location is a proper `endbr32` / `endbr64` instruction, before updating the program counter `PC` register to proper values. Otherwise, the CPU halts to terminate the program. This ensures that all control flows will follow the intended way, preventing ROP attacks from redirecting execution arbitrary locations. Modern OSes have already extensively leveraged `endbr32` / `endbr64` instructions. Ubuntu 24.04, for instance, has included these instructions in its packages: ``` $ objdump -d /bin/bash | head -n 50 /bin/bash: file format elf64-x86-64 Disassembly of section .init: 0000000000030000 <.init>: 30000: f3 0f 1e fa endbr64 30004: 48 83 ec 08 sub $0x8,%rsp 30008: 48 8b 05 d9 7e 12 00 mov 0x127ed9(%rip),%rax # 157ee8 <__gmon_start__@Base> 3000f: 48 85 c0 test %rax,%rax 30012: 74 02 je 30016 <unlink@plt-0xe1a> 30014: ff d0 call *%rax 30016: 48 83 c4 08 add $0x8,%rsp 3001a: c3 ret Disassembly of section .plt: 0000000000030020 <.plt>: 30020: ff 35 a2 76 12 00 push 0x1276a2(%rip) # 1576c8 <o_options@@Base+0x1cc8> 30026: ff 25 a4 76 12 00 jmp *0x1276a4(%rip) # 1576d0 <o_options@@Base+0x1cd0> 3002c: 0f 1f 40 00 nopl 0x0(%rax) 30030: f3 0f 1e fa endbr64 30034: 68 00 00 00 00 push $0x0 30039: e9 e2 ff ff ff jmp 30020 <unlink@plt-0xe10> 3003e: 66 90 xchg %ax,%ax 30040: f3 0f 1e fa endbr64 30044: 68 01 00 00 00 push $0x1 30049: e9 d2 ff ff ff jmp 30020 <unlink@plt-0xe10> 3004e: 66 90 xchg %ax,%ax 30050: f3 0f 1e fa endbr64 30054: 68 02 00 00 00 push $0x2 30059: e9 c2 ff ff ff jmp 30020 <unlink@plt-0xe10> 3005e: 66 90 xchg %ax,%ax 30060: f3 0f 1e fa endbr64 30064: 68 03 00 00 00 push $0x3 30069: e9 b2 ff ff ff jmp 30020 <unlink@plt-0xe10> 3006e: 66 90 xchg %ax,%ax 30070: f3 0f 1e fa endbr64 30074: 68 04 00 00 00 push $0x4 30079: e9 a2 ff ff ff jmp 30020 <unlink@plt-0xe10> 3007e: 66 90 xchg %ax,%ax 30080: f3 0f 1e fa endbr64 30084: 68 05 00 00 00 push $0x5 30089: e9 92 ff ff ff jmp 30020 <unlink@plt-0xe10> 3008e: 66 90 xchg %ax,%ax 30090: f3 0f 1e fa endbr64 30094: 68 06 00 00 00 push $0x6 30099: e9 82 ff ff ff jmp 30020 <unlink@plt-0xe10> 3009e: 66 90 xchg %ax,%ax ``` The `endbr32` / `endbr64` instructions has been carefully designed, so they are `nop` instructions—meaning they can do nothing at all—on CPUs prior to their introductions. Having them doesn't have any effect on older CPUs but enhances security on supported hardware. ## RISC-V’s Latest Achievements: CFI Extension The above mitigations against ROP fall into two categories: * **Compiler Modifications**: Can generate more secure binary assembly code. * **Additional CPU instructions**: Coming with Control Flow Integrity (CFI) checks to prevent exploitation Back to the beginning of designing CKB-VM, we throughly studied ROP and recognized that a vulnerability in a CKB script could potentially open the door to ROP attacks. However, we eventually did not introduce any specific mitigation against ROP in CKB-VM. Our decision was to stay aligned with the RISC-V ecosystem, avoiding shipping any custom RISC-V spec with additional instructions that would require a patched compiler. Nor do we want to maintain our own compiler set, eliminating the potential that any RISC-V-compliant compiler shall be able to produce CKB script. As the result, we shipped the first version of CKB-VM without ROP mitigations, but that does not mean we’ve ignore this issue: * We’ve [reached out](https://groups.google.com/a/groups.riscv.org/g/isa-dev/c/LyZzjJG7_18/m/pCSnKZPdBAAJ) to the RISC-V community for possible extension similar to Intel’s solution, and kept monitoring advancements in this field; * We’ve been watching over progress and writing secure CKB scripts. Since ROP relies on existing vulnerabilities, secure CKB scripts can kept ROP purely theoretical. We were thrilled when the **RISC-V CFI (Control-Flow Integrity) Extension** was officialy [ratified](https://github.com/riscv/riscv-cfi/releases/tag/v1.0) in July 2024. Designed by the brilliant minds from the RISC-V Foundation, this extension directly addresses ROP attacks with two key features: * `Zicfilp` extension introduces **landing pad**: Resembles Intel’s `endbr32` / `endbr64` to ensure that the CPU can only jump to valid, permitted targets. * `Zicfiss` extension introduces **shadow stack** with a series of instructions:. Offers a hardware solution similar to Retguard, where CPU ensures the control flow integrity or simply puts the call stack, preventing tampering throughout execution. Together, these features offer the state-of-the-art mitigations against ROP. More importantly, RISC-V CFI is now an official extension, meaning all future RISC-V CPUs, compilers, and tools will support this extension. In fact, LLVM 19 has already [supported](https://releases.llvm.org/19.1.0/docs/ReleaseNotes.html#changes-to-the-risc-v-backend), and I believe other compilers and tools will follow soon. Once fully adopted, CKB script developers can simply turn them on like a switch during code compilation. Without modifying the code, they can enjoy the security provided by RISC-V CFI extensions. Even if a vulnerability exists in a CKB script, these built-in enforcements can prevent it from being exploited. ## Final Words Security is complex. While we strive for maximum security, certain design principles might get in the way from introducing specific mitigations. ROP is a prime example: while we did learn much about it early on, implementing the best mitigations needs proper timing. Now the time has come. We are happy to introduce RISC-V CFI in CKB’s next hardfork, bringing stronger security for everyone. *** ✍🏻 Written by Xuejie Xiao His previous posts include: * [A Journey Optimizing CKB Smart Contract: Porting Bitcoin as an Example](https://blog.cryptape.com/a-journey-optimizing-ckb-smart-contract) * [Optimizing C++ Code for CKB-VM: Porting Bitcoin as an Example](https://blog.cryptape.com/optimizing-c-code-for-ckb-vm) Find more in his personal website [Less is More](https://xuejie.space/).

@ 9967f375:04f9a5e1

El día 13, primer viernes de Cuaresma asistió su Exc. y Real Audiencia en la Capilla Real del Palacio a la Misa, y Sermón, que predicó el Doctor Don Pedro Ramírez del Castillo, Canónigo Penitenciario de la Metropoltana. #GacetadeMéxico #Febrero

@ bf47c19e:c3d2573b

Originalni tekst na [dvadesetjedan.com](https://dvadesetjedan.com/blog/bitcoin-privatnost-najbolje-prakse). ###### Autor: [Gigi](https://dergigi.com/2021/03/14/bitcoin-privacy-best-practices/) / Prevod na srpski: [Plumsky](https://t.me/Plumski) --- > Postoji sveto carstvo privatnosti za svakog čoveka gde on bira i pravi odluke – carstvo stvoreno na bazičnim pravima i slobode koje zakon, generalno, ne sme narušavati. Džefri Fišer, Arhiepiskop Canterberija (1959) Pre ne toliko dugo, uobičajen režim interneta je bio neenkriptovan običan tekst (plain text). Svi su mogli špiunirati svakoga i mnogi nisu o tome ni razmišljali. Globalno obelodanjivanje nadzora 2013. je to promenilo i danas se koriste mnogo bezbedniji protokoli i end-to-end enkripcija postaje standard sve više. Iako bitcoin postaje tinejdžer, mi smo – metaforično govoreći – i dalje u dobu običnog teksta narandžastog novčića. Bitcoin je radikalno providljiv protokol sam po sebi, ali postoje značajni načini da korisnik zaštiti svoju privatnost. U ovom članku želimo da istaknemo neke od ovih strategija, prodiskutujemo najbolje prakse, i damo preporuke koje mogu primeniti i bitcoin novajlije i veterani. #### Zašto je privatnost bitna > Privatnost je potrebna da bi otvoreno društvo moglo da funkcioniše u digitalnoj eri. Privatnost nije isto što i tajanstvenost. Privatna stvar je nešto što neko ne želi da ceo svet zna, a tajna stvar je nešto što neko ne želi bilo ko da zna. Privatnost je moć da se čovek selektivno otkriva svom okruženju. Ovim snažnim rečima Erik Hjus je započeo svoj tekst Sajferpankov Manifesto (Cypherpunk's Manifesto) 1993. Razlika između privatnosti i tajanstvenosti je suptilna ali jako važna. Odlučiti se za privatnost ne znači da neko ima tajne koje želi sakriti. Da ovo ilustrujemo shvatite samo da ono što obavljate u svom toaletu ili u spavaćoj sobi nije niti ilegalno niti tajna (u mnogim slučajevima), ali vi svejedno odlučujete da zatvorite vrata i navučete zavese. Slično tome, koliko para imate i gde ih trošite nije naručito tajna stvar. Ipak, to bi trebalo biti privatan slučaj. Mnogi bi se složili da vaš šef ne treba da zna gde vi trošite vašu platu. Privatnosti je čak zaštićena od strane mnogobrojnih internacionalnih nadležnih organa. Iz Američke Deklaracije Prava i Dužnosti Čoveka (American Declaration of the Rights and Duties of Man) Ujedinjenim Nacijama, napisano je da je privatnost fundamentalno prava gradjana širom sveta. > Niko ne sme biti podvrgnut smetnjama njegovoj privatnosti, porodici, rezidenciji ili komunikacijama, niti napadnuta njegova čast i reputacija. Svi imaju pravo da se štite zakonom protiv takvih smetnja ili napada. Artikal 12, Deklaracija Ljudskih Prava Ujedinjenih Nacija #### Bitcoin i privatnost Iako je bitcoin često opisivan kao anoniman način plaćanja medijima, on u stvari poseduje potpuno suprotne osobine. On je poluanoniman u najboljem slučaju i danas mnogima nije ni malo lako primeniti taktike da bi bili sigurni da njihov poluanonimni identitet na bitcoin mreži ne bude povezan sa legalnim identitetom u stvarnom svetu. Bitcoin je otvoren sistem. On je javna baza podataka koju svako može da proučava i analizira. Znači, svaka transakcija koja je upisana u tu bazu kroz dokaz rada (proof-of-work) postojaće i biće otkrivena dokle god bitcoin postoji, što znači - zauvek. Ne primenjivati najbolje prakse privatnosti može imati štetne posledice u dalekoj budućnosti. Privatnost, kao sigurnost, je proces koji je težak, ali nije nemoguć. Alatke nastavljaju da se razvijaju koje čuvaju privatnost kad se koristi bitcoin and srećom mnoge od tih alatki su sve lakše za korišćenje. Nažalost ne postoji panacea u ovom pristupu. Mora se biti svesan svih kompromisa i usavršavati te prakse dok se one menjaju. #### Najbolje prakse privatnosti Kao i sve u bitcoinu, kontrola privatnosti je postepena, korak po korak, procedura. Naučiti i primeniti ove najbolje prakse zahteva strpljivost i odgovornost, tako da ne budite obeshrabreni ako vam se čini da je to sve previše. Svaki korak, koliko god bio mali, je korak u dobrom pravcu. Koje korake preduzeti da bi uvećali svoju privatnost: * Budite u vlasništvu sami svojih novčića * Nikad ne ponavljajte korišćenje istih adresa * Minimizirajte korišćenje servisa koji zahtevaju identitet (Know your customer - KYC) * Minimizirajte sve izloženosti trećim licima * Upravljajte svojim nodom * Koristite Lightning mrežu za male transakcije * Nemojte koristiti javne blok pretraživače za svoje transakcije * Koristite metodu CoinJoin često i rano pri nabavljanju svojih novčića **Budite u vlasništvu sami svojih novčića**: Ako ključevi nisu tvoji, onda nije ni bitcoin. Ako neko drugo drži vaš bitcoin za vas, oni znaju sve što se može znati: količinu, istoriju transakcija pa i sve buduće transakcije, itd. Preuzimanje vlasništva bitcoina u svoje ruke je prvi i najvažniji korak. **Nikad ne kroistite istu adresu dvaput**: Ponavljanje adresa poništava privatnost pošiljalca i primaoca bitcoina. Ovo se treba izbegavati pod svaku cenu. **Minimizirajte korišćenje servisa koji zahtevaju identitet (KYC)**: Vezivati svoj legalni identitet za svoje bitcoin adrese je zlo koje se zahteva od strane mnogih državnih nadležnosti. Dok je efektivnost ovih zakona i regulacija disputabilno, posledice njihovog primenjivanja su uglavnom štetne po korisnicima. Ovo je očigledno pošto je česta pojava da se te informacije često izlivaju iz slabo obezbeđenih digitalnih servera. Ako izaberete da koristite KYC servise da bi nabavljali bitcoin, proučite i razumite odnos između vas i tog biznisa. Vi ste poverljivi tom biznisu za sve vaše lične podatke, pa i buduće obezbeđenje tih podataka. Ako i dalje zarađujete kroz fiat novčani sistem, mi preporučujemo da koristite samo bitcoin ekskluzivne servise koji vam dozvoljavaju da autamatski kupujete bitcoin s vremena na vreme. Ako zelite da potpuno da izbegnete KYC, pregledajte https://bitcoinqna.github.io/noKYConly/. **Minimizirajte sve izloženosti trećim licima**: Poverljivost trećim licima je bezbednosna rupa (https://nakamotoinstitute.org/trusted-third-parties/). Ako možete biti poverljivi samo sebi, onda bi to tako trebalo da bude. **Upravljajte svojim nodom**: Ako nod nije tvoj, onda nisu ni pravila. Upravljanje svojim nodom je suštinska potreba da bi se bitcoin koristio na privatan način. Svaka interakcija sa bitcoin mrežom je posrednjena nodom. Ako vi taj nod ne upravljate, čiji god nod koristite može da vidi sve što vi radite. Ova upustva (https://bitcoiner.guide/node/) su jako korisna da bi započeli proces korišćenja svog noda. **Koristite Lightning mrežu za male transakcije**: Pošto Lightning protokol ne koristi glavnu bitcoin mrežu za trasakcije onda je i samim tim povećana privatnost korišćenja bez dodatnog truda. Iako je i dalje rano, oni apsolutno bezobzirni periodi Lightning mreže su verovatno daleko iza nas. Korišćenje Lightning-a za transakcije malih i srednjih veličina će vam pomoći da uvećate privatnost a da smanjite naplate svojih pojedinačnih bitcoin transakcija. **Nemojte koristiti javne blok pretraživače za svoje transakcije**: Proveravanje adresa na javnim blok pretraživačima povezuje te adrese sa vašim IP podacima, koji se onda mogu koristiti da se otkrije vaš identitet. Softveri kao Umbrel i myNode vam omogućavaju da lako koristite sami svoj blok pretraživač. Ako morate koristiti javne pretraživače, uradite to uz VPN ili Tor. **Koristite CoinJoin često i rano pri nabavljanju svojih novčića**: Pošto je bitcoin večan, primenjivanje saradničkih CoinJoin praksa će vam obezbediti privatnost u budućnosti. Dok su CoinJoin transakcije svakovrsne, softveri koji su laki za korišćenje već sad postoje koji mogu automatizovati ovu vrstu transakcija. Samourai Whirlpool (https://samouraiwallet.com/whirlpool) je odličan izbor za Android korisnike. Joinmarket (https://github.com/joinmarket-webui/jam) se može koristiti na vašem nodu. A servisi postoje koji pri snabdevanju vašeg bitcoina istog trenutka obave CoinJoin tranzakciju automatski. #### Zaključak Svi bi trebalo da se potrude da koriste bitcoin na što privatniji način. Privatnost nije isto što i tajanstvenost. Privatnost je ljudsko pravo i mi svi trebamo da branimo i primenljujemo to pravo. Teško je izbrisati postojeće informacije sa interneta; a izbrisati ih sa bitcoin baze podataka je nemoguće. Iako su daleko od savršenih, alatke postoje danas koje vam omogućavaju da najbolje prakse privatnosti i vi sami primenite. Mi smo vam naglasili neke od njih i - kroz poboljšanje u bitcoin protokolu kroz Taproot i Schnorr - one će postajati sve usavršenije. Bitcoin postupci se ne mogu lako opisati korišćenjem tradicionalnim konceptima. Pitanja kao što su "Ko je vlasnik ovog novca?" ili "Odakle taj novac potiče?" postaju sve teža da se odgovore a u nekim okolnostima postaju potpuno beznačajna. Satoši je dizajnirao bitcoin misleći na privatnost. Na nivou protokola svaka bitcoin transakcija je proces "topljenja" koji za sobom samo ostavlja heuristične mrvice hleba. Protokolu nije bitno odakle se pojavio bilo koji bitcoin ili satoši. Niti je njega briga ko je legalan identitet vlasnika. Protokolu je samo važno da li su digitalni potpisi validni. Dokle god je govor slobodan, potpisivanje poruka - privatno ili ne - ne sme biti kriminalan postupak. Dodatni Resursi [This Month in Bitcoin Privacy](https://enegnei.github.io/This-Month-In-Bitcoin-Privacy/) | Janine [Hodl Privacy FAQ](https://6102bitcoin.com/faq-hodl-privacy/) | 6102 [Digital Privacy](https://6102bitcoin.com/blog/digital-privacy/) | 6102 [UseWhirlpool.com](http://usewhirlpool.com/) | Bitcoin Q+A [Bitcoin Privacy Guide](https://bitcoiner.guide/privacy/) | Bitcoin Q+A Ovaj članak napisan je u saradnji sa Matt Odellom, nezavisnim bitcoin istraživačem. Nađite njegove preporuke za privatnost na [werunbtc.com](https://werunbtc.com/) [Originalni tekst](https://dergigi.com/2021/03/14/bitcoin-privacy-best-practices/)