The US Commodity Futures Trading Commission (CFTC) announced on Thursday that spot crypto asset contracts will soon be available for trading on futures exchanges that are registered with the agency, aligning with the positive regulatory changes championed by President Donald Trump’s administration. 

Crypto Sprint Progress

The CFTC disclosed that this recent decision follows recommendations from the President’s Working Group on Digital Asset Markets and insights gathered from the CFTC’s Crypto Sprint initiative, as well as collaborative efforts with the Securities and Exchange Commission (SEC). 

Acting CFTC Chairman Caroline Pham highlighted the importance of providing Americans with access to safe and regulated markets, stating, “Recent events on offshore exchanges have shown us how essential it is for Americans to have more choice and access to safe, regulated US markets.”

In addition to the introduction of spot trading, the Crypto Sprint initiative includes measures to enable tokenized collateral—such as stablecoins—within derivatives markets. 

The CFTC also plans to implement regulatory updates to facilitate the use of blockchain technology in various operational areas, including collateral, margin, clearing, settlement, reporting, and recordkeeping.

Historic Shift In CFTC’s Digital Asset Trading Move

Market expert MartyParty on social media stated that this latest move is an historic decision that will empower retail and institutional traders to buy, sell, and leverage crypto assets directly on CFTC-registered exchanges. MartyParty further noted:

It’s the culmination of years of regulatory groundwork, including a joint SEC-CFTC statement clarifying that existing laws already permit such trading on registered venues.

Pham remarked on the collaborative efforts of the administration, stating that President Trump’s leadership has fostered a comprehensive plan for the US to reclaim its status as a global leader in digital asset markets. As she noted, “The CFTC has a central role to play” in this initiative.

Featured image from DALL-E, chart from TradingView.com 

Chances are, you have more personal information posted online than you think.

In 2024, the U.S. Federal Trade Commission (FTC) reported that 1.1 million identity theft complaints were filed, where $12.5 billion was lost to identity theft and fraud overall—a 25% increase over the year prior.

What fuels all this theft and fraud? Easy access to personal information.

Here’s one way you can reduce your chances of identity theft: remove your personal information from the internet.

Scammers and thieves can get a hold of your personal information in several ways, such as information leaked in data breaches, phishing attacks that lure you into handing it over, malware that steals it from your devices, or by purchasing your information on dark web marketplaces, just to name a few.

However, scammers and thieves have other resources and connections to help them commit theft and fraud—data broker sites, places where personal information is posted online for practically anyone to see. This makes removing your info from these sites so important, from both an identity and privacy standpoint.

Data brokers: Collectors and aggregators of your information

Data broker sites are massive repositories of personal information that also buy information from other data brokers. As a result, some data brokers have thousands of pieces of data on billions of individuals worldwide.

What kind of data could they have on you? A broker may know how much you paid for your home, your education level, where you’ve lived over the years, who you’ve lived with, your driving record, and possibly your political leanings. A broker could even know your favorite flavor of ice cream and your preferred over-the-counter allergy medicine thanks to information from loyalty cards. They may also have health-related information from fitness apps. The amount of personal information can run that broadly, and that deeply.

With information at this level of detail, it’s no wonder that data brokers rake in an estimated $200 billion worldwide every year.

Sources of your information

Your personal information reaches the internet through six main methods, most of which are initiated by activities you perform every day. Understanding these channels can help you make more informed choices about your digital footprint.

Digitized public records

When you buy a home, register to vote, get married, or start a business, government agencies create public records that contain your personal details. These records, once stored in filing cabinets, are now digitized, accessible online, and searchable by anyone with an internet connection.

Social media sharing and privacy gaps

Every photo you post, location you tag, and profile detail you share contributes to your digital presence. Even with privacy settings enabled, social media platforms collect extensive data about your behavior, relationships, and preferences. You may not realize it, but every time you share details with your network, you are training algorithms that analyze and categorize your information.

Data breaches

You create accounts with retailers, healthcare providers, employers, and service companies, trusting them to protect your information. However, when hackers breach these systems, your personal information often ends up for sale on dark web marketplaces, where data brokers can purchase it. The Identity Theft Research Center Annual Data Breach Report revealed that 2024 saw the second-highest number of data compromises in the U.S. since the organization began recording incidents in 2005.

Apps and ad trackers

When you browse, shop, or use apps, your online behavior is recorded by tracking pixels, cookies, and software development kits. The data collected—such as your location, device usage, and interests—is packaged and sold to data brokers who combine it with other sources to build a profile of you.

Loyalty programs

Grocery store cards, coffee shop apps, and airline miles programs offer discounts in exchange for detailed purchasing information. Every transaction gets recorded, analyzed, and often shared with third-party data brokers, who then create detailed lifestyle profiles that are sold to marketing companies.

Data broker aggregators

Data brokers act as the hubs that collect information from the various sources to create comprehensive profiles that may include over 5,000 data points per person. Seemingly separate pieces of information become a detailed digital dossier that reveals intimate details about your life, relationships, health, and financial situation.

The users of your information

Legally, your aggregated information from data brokers is used by advertisers to create targeted ad campaigns. In addition, law enforcement, journalists, and employers may use data brokers because the time-consuming pre-work of assembling your data has largely been done.

Currently, the U.S. has no federal laws that regulate data brokers or require them to remove personal information if requested. Only a few states, such as Nevada, Vermont, and California, have legislation that protects consumers. In the European Union, the General Data Protection Regulation (GDPR) has stricter rules about what information can be collected and what can be done with it.

On the darker side, scammers and thieves use personal information for identity theft and fraud. With enough information, they can create a high-fidelity profile of their victims to open new accounts in their name. For this reason, cleaning up your personal information online makes a great deal of sense.

Types of personal details to remove online

Understanding which data types pose the greatest threat can help you prioritize your removal efforts. Here are the high-risk personal details you should target first, ranked by their potential for harm.

Highest priority: Identity theft goldmines

• Social Security Number (SSN) with full name and address: This combination provides everything criminals need for identity theft, leading to fraudulent credit accounts, tax refund theft, and employment fraud that may take years to resolve, according to the FTC.
• Financial account information: Bank account numbers, credit card details, and investment account information enable direct financial theft. Even partial account numbers can be valuable when combined with other personal details from data breaches.
• Driver’s license and government-issued ID information: These serve as primary identity verification for many services and can be used to bypass security measures at financial institutions and government agencies.

High priority: Personal identifiers

• Full name combined with home address: This pairing makes you vulnerable to targeted scams and physical threats, while enabling criminals to gather additional information about your household and family members.
• Date of birth: Often used as a security verification method, your DOB combined with other identifiers can unlock accounts and enable age-related targeting for scams.
• Phone numbers: This information enables SIM swapping, where criminals take control of your phone number to bypass two-factor authentication and access your accounts.

Medium-high priority: Digital and health data

• Email addresses: Your primary email serves as the master key to password resets across multiple accounts, while secondary emails can reveal personal interests and connections that criminals exploit in social engineering.
• Medical and health app data: This is highly sensitive information that can be used for insurance discrimination, employment issues, or targeted health-related scams.
• Location data and photos with metadata: Reveals your daily patterns, workplace, home address, and frequented locations. Photos with embedded GPS coordinates can expose your exact whereabouts and enable stalking or burglary.

Medium priority: Account access points

• Usernames and account handles: These help criminals map your digital footprint across platforms to discover your personal interests, connections, and even potential security questions answers. They also enable account impersonation and social engineering against your contacts.

When prioritizing your personal information removal efforts, focus on combinations of data rather than individual pieces. For example, your name alone poses minimal risk, but your name combined with your address, phone number, and date of birth creates a comprehensive profile that criminals can exploit. Tools such as McAfee Personal Data Cleanup can help you identify and remove these high-risk combinations from data broker sites systematically.

Step-by-step guide to finding your personal data online

1. Targeted search queries: Search for your full name in quotes (“John Smith”), then combine it with your city, phone number, or email address. Try variations like “John Smith” + “123 Main Street” or “John Smith” + “555-0123”. Don’t forget to search for old usernames, maiden names, or nicknames you’ve used online. Aside from Google, you can also check Bing, DuckDuckGo, and people search engines.
2. Major data broker and people search sites: Search for yourself in common data aggregators: Whitepages, Spokeo, BeenVerified, Intelius, PeopleFinder, and Radaris. Take screenshots of what you find as documentation. To make this process manageable, McAfee Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.
3. Social media platforms and old accounts: Review your Facebook, Instagram, LinkedIn, Twitter, and other platforms for publicly visible personal details. Check old accounts—dating sites, forums, gaming platforms, or professional networks. Look for biographical information, location data, contact details, photos, and even comment sections where you may have shared details.
4. Breach and dark web monitoring tools: Have I Been Pwned and other identity monitoring services can help you scan the dark web and discover if your email addresses or phone numbers appear in data breaches.
5. Ongoing monitoring alerts: Create weekly Google Alerts for your and your family member’s full name, address combinations, and phone number. Some specialized monitoring services can track once your information appears on new data broker sites or gets updated on existing ones.
6. Document everything in a tracker: Create a spreadsheet or document to systematically track your findings. Include the website name and URL, the specific data shown, contact information for removal requests, date of your opt-out request, and follow-up dates. Many sites require multiple follow-ups, so having this organized record is essential for successful removal.

This process takes time and persistence, but services such as McAfee Personal Data Cleanup can continuously monitor for new exposures and manage opt-out requests on your behalf. The key is to first understand the full scope of your online presence before beginning the removal process.

Remove your personal information from the internet

Let’s review some ways you can remove your personal information from data brokers and other sources on the internet.

Request to remove data from data broker sites

Once you have found the sites that have your information, the next step is to request to have it removed. You can do this yourself or employ services such as McAfee’s Personal Data Cleanup, which can help manage the removal for you depending on your subscription. ​It also monitors those sites, so if your info gets posted again, you can request its removal again.

Limit the data Google collects

You can request to remove your name from Google search to limit your information from turning up in searches. You can also turn on “Auto Delete” in your privacy settings to ensure your data is deleted regularly. Occasionally deleting your cookies or browsing in incognito mode prevents websites from tracking you. If Google denies your initial request, you can appeal using the same tool, providing more context, documentation, or legal grounds for removal. Google’s troubleshooter tool may explain why your request was denied—either legitimate public interest or newsworthiness—and how to improve your appeal.

It’s important to know that the original content remains on the source website. You’ll still need to contact website owners directly to have your actual content removed. Additionally, the information may still appear in other search engines.

Delete old social media accounts

If you have old, inactive accounts that have gone by the wayside such as Myspace or Tumblr, you may want to deactivate or delete them entirely. For social media platforms that you use regularly, such as Facebook and Instagram, consider adjusting your privacy settings to keep your personal information to the bare minimum.

Remove personal info from websites and blogs

If you’ve ever published articles, written blogs, or created any content online, it is a good time to consider taking them down if they no longer serve a purpose. If you were mentioned or tagged by other people, it is worth requesting them to take down posts with sensitive information.

Delete unused apps and restrict permissions in those you use

Another way to tidy up your digital footprint is to delete phone apps you no longer use as hackers are able to track personal information on these and sell it. As a rule, share as little information with apps as possible using your phone’s settings.

Remove your info from other search engines

• Bing: Submit removal requests through Bing’s Content Removal tool for specific personal information like addresses, phone numbers, or sensitive data. Note that Bing primarily crawls and caches content from other websites, so removing the original source content first will prevent re-indexing.
• Yahoo: Yahoo Search results are powered by Bing, so use the same Bing Content Removal process. For Yahoo-specific services, contact their support team to request removal of cached pages and personal information from search results.
• DuckDuckGo and other privacy-focused engines: These search engines don’t store personal data or create profiles, but pull results from multiple sources. We suggest that you focus on removing content from the original source websites, then request the search engines to update their cache to prevent your information from reappearing in future crawls.

Escalate if needed

After sending your removal request, give the search engine or source website 7 to 10 business days to respond initially, then follow up weekly if needed. If a website owner doesn’t respond within 30 days or refuses your request, you have several escalation options:

• Contact the hosting provider: Web hosts often have policies against sites that violate privacy laws
• File complaints: Report to your state attorney general’s office or the Federal Trade Commission
• Seek legal guidance: For persistent cases involving sensitive information, consult with a privacy attorney

For comprehensive guidance on website takedown procedures and your legal rights, visit the FTC’s privacy and security guidance for the most current information on consumer data protection. Direct website contact can be time-consuming, but it’s often effective for removing information from smaller sites that don’t appear on major data broker opt-out lists. Stay persistent, document everything, and remember that you have legal rights to protect your privacy online.

Remove your information from browsers

After you’ve cleaned up your data from websites and social platforms, your web browsers may still save personal information such as your browsing history, cookies, autofill data, saved passwords, and even payment methods. Clearing this information and adjusting your privacy settings helps prevent tracking, reduces targeted ads, and limits how much personal data websites can collect about you.

• Clear your cache: Clearing your browsing data is usually done by going to Settings and looking for the Privacy and Security section, depending on the specific browser. This is applicable in Google Chrome, Safari, Firefox, Microsoft Edge, as well as mobile phone operating systems such as Android and iOS.

• Disable autofill: Autofill gives you the convenience of not having to type your information every time you accomplish a form. That convenience has a risk, though—autofill saves addresses, phone numbers, and even payment methods. To prevent websites from automatically populating forms with your sensitive data, disable the autofill settings independently. For better security, consider using a dedicated password manager instead of browser-based password storage.
• Set up automatic privacy protection: Set up your browsers to automatically clear cookies, cache, and site data when you close them. This ensures your browsing sessions don’t leave permanent traces of your personal information on your device.
• Use privacy-focused search engines: Evaluate the possibility of using privacy-focused search engines like DuckDuckGo as your default. These proactive steps significantly reduce how much personal information browsers collect and store about your online activities.

Get your address off the internet

When your home address is publicly available, it can expose you to risks like identity theft, stalking, or targeted scams. Taking steps to remove or mask your address across data broker sites, public records, and even old social media profiles helps protect your privacy, reduce unwanted contact, and keep your personal life more secure.

1. Opt out of major data broker sites: The biggest address exposers are Whitepages, Spokeo, and BeenVerified. Visit their opt-out pages and submit removal requests using your full name and current address. Most sites require email verification and process removals within 7-14 business days.
2. Contact public records offices about address redaction: Many county and state databases allow address redaction for safety reasons. File requests with your local clerk’s office, voter registration office, and property records department. Complete removal isn’t always possible, but some jurisdictions offer partial address masking.
3. Enable WHOIS privacy protection on domain registrations: If you own any websites or domains, request your domain registrar to add privacy protection services to replace your personal address with the registrar’s information.
4. Review old forum and social media profiles: Check your profiles on forums, professional networks, and social platforms where you may have shared your address years ago. Delete or edit posts containing location details, and update bio sections to remove specific address information.
5. Verify removal progress: Every month, do a search of your name and address variations on different search engines. You also can set up Google Alerts to monitor and alert you when new listings appear. Most data broker removals need to be renewed every 6-12 months as information gets re-aggregated.

The cost to delete your information from the internet

The cost to remove your personal information from the internet varies, depending on whether you do it yourself or use a professional service. Read the guide below to help you make an informed decision:

DIY approach

Removing your information on your own primarily requires time investment. Expect to spend 20 to 40 hours looking for your information online and submitting removal requests. In terms of financial costs, most data brokers may not charge for opting out, but other expenses could include certified mail fees for formal removal requests—about $3-$8 per letter—and possibly notarization fees for legal documents. In total, this effort can be substantial when dealing with dozens of sites.

Professional removal services

Depending on which paid removal and monitoring service you employ, basic plans typically range from $8 to $25 monthly while annual plans, which often provide better value, range from $100 to $600. Premium services that monitor hundreds of data broker sites and provide ongoing removal can cost $1,200-$2,400 annually.

The difference in pricing is driven by several factors. This includes the number of data broker sites to be monitored, which could cover more than 200 sites, and the scope of removal requests which may include basic personal information or comprehensive family protection. The monitoring frequency and additional features such as dark web monitoring, credit protection, and identity restoration support and insurance coverage typically command higher prices.

The value of continuous monitoring

The upfront cost may seem significant, but continuous monitoring provides essential value. A McAfee survey revealed that 95% of consumers’ personal information ends up on data broker sites without their consent. It is possible that after the successful removal of your information, it may reappear on data broker sites without ongoing monitoring. This makes continuous protection far more cost-effective than repeated one-time cleanups.

Services such as McAfee Personal Data Cleanup can prove invaluable, as it handles the initial removal process, as well as ongoing monitoring to catch when your information resurfaces, saving you time and effort while offering long-term privacy protection.

Aside from the services above, comprehensive protection software can help safeguard your privacy and minimize your exposure to cybercrime with these offerings such as:

• An unlimited virtual private network to make your personal information much more difficult to collect and track
• Identity monitoring that tracks and alerts you if your specific personal information is found on the dark web
• Identity theft coverage and restoration helps you pay for legal fees and travel expenses, and further assistance from a licensed recovery pro to repair your identity and credit
• Other features such as safe browsing to help you avoid dangerous links, bad downloads, malicious websites, and more online threats when you’re online

So while it may seem like all this rampant collecting and selling of personal information is out of your hands, there’s plenty you can do to take control. With the steps outlined above and strong online protection software at your back, you can keep your personal information more private and secure.

Essential steps if your information is found on the dark web

Unlike legitimate data broker sites, the dark web operates outside legal boundaries where takedown requests don’t apply. Rather than trying to remove information that’s already circulating, you can take immediate steps to reduce the potential harm and focus on preventing future exposure. A more effective approach is to treat data breaches as ongoing security issues rather than one-time events.

Both the FTC and Cybersecurity and Infrastructure Security Agency have released guidelines on proactive controls and continuous monitoring. Here are key steps of those recommendations:

1. Change your passwords immediately and enable multi-factor authentication. Start with your most critical accounts—banking, email, and any services linked to financial information. Create unique, strong passwords for each account and enable MFA where possible for an extra layer of protection.
2. Monitor your financial accounts and credit reports closely. Check your bank statements, credit card accounts, and investment accounts for any unauthorized activity. Request your free annual credit reports from all three major bureaus and carefully review them for accounts you didn’t open or activities you don’t recognize.
3. Place fraud alerts or credit freezes. Contact Equifax, Experian, and TransUnion to place fraud alerts, which require creditors to verify your identity before approving new accounts. Better yet, consider a credit freeze to block access to your credit report entirely until you lift it.
4. Replace compromised identification documents if necessary. If your Social Security number, driver’s license, or passport information was exposed, contact the appropriate agencies to report the breach and request new documents. IdentityTheft.gov provides step-by-step guidance for replacing compromised documents.
5. Set up ongoing identity monitoring and protection. Consider using identity monitoring services that scan the dark web and alert you to new exposures of your personal information.
6. Document everything and report the incident. Keep detailed records of any suspicious activities you discover and all steps you’ve taken. File a report with the FTC and police, especially if you’ve experienced financial losses. This documentation will be crucial for disputing fraudulent charges or accounts.

Legal and practical roadblocks

As you go about removing your information for the internet, it is important to set realistic expectations. Several factors may limit how completely you can remove personal data from internet sources:

• The United States lacks comprehensive federal privacy laws requiring companies to delete personal information upon request.
• Public records, court documents, and news articles often have legal protections that prevent removal.
• International websites may not comply with U.S. deletion requests.
• Cached copies could remain on search engines and archival sites for years.
• Data brokers frequently repopulate their databases from new sources even after opt-outs.

While some states like California have stronger consumer privacy rights, most data removal still depends on voluntary compliance from companies.

Final thoughts

Removing your personal information from the internet takes effort, but it’s one of the most effective ways to protect yourself from identity theft and privacy violations. The steps outlined above provide you with a clear roadmap to systematically reduce your online exposure, from opting out of data brokers to tightening your social media privacy settings.

This isn’t a one-time task but an ongoing process that requires regular attention, as new data appears online constantly. Rather than attempting to complete digital erasure, focus on reducing your exposure to the most harmful uses of your personal information. Services like McAfee Personal Data Cleanup can help automate the most time-consuming parts of this process, monitoring high-risk data broker sites and managing removal requests for you.

The post How to Remove Your Personal Information From the Internet appeared first on McAfee Blog.

Mozilla has implemented fresh fingerprinting protections to prevent hidden trackers from identifying Firefox users.

The post New Firefox Protections Halve the Number of Trackable Users appeared first on SecurityWeek.

Bitcoin Magazine

Taproot Assets – Bitcoin As A Medium Of Exchange 

What is Bitcoin and who is it for? There are a plethora of catchphrases available on Twitter to cover this one. Bitcoin is for everyone… no wait, it’s for anyone! Bitcoin is a store of value. Bitcoin is a medium of exchange. We could do a classic appeal to authority and declare that Bitcoin is exactly what Satoshi described, “A Peer-to-Peer Electronic Cash System”.

Bitcoin becomes what we make it. It serves the people we choose to build for. If we want Bitcoin to be a store of value or medium of exchange, we have to build the protocols and services that make this happen. 

Sometimes it’s more interesting to ask specifically, who are we building for? Are we building for Americans looking for a long-term investment? Are we building for a shop owner in Brazil? A reseller in Turkey? A software developer in Nigeria? 

If we want bitcoin to be a medium of exchange, we need to focus on the users who need it most — and Taproot Assets is the tool for that job. 

Taproot Assets

Taproot Assets allows us to take the assets, and units of account, that people want and need today as mediums of exchange — and move them to Bitcoin infrastructure on the Lightning Network.

From a technical perspective, Taproot Assets is a protocol that allows for the minting of assets on the Bitcoin blockchain in a very blockspace-efficient fashion using taproot transactions, made possible by the November 2021 Taproot soft fork activation. Client-side validation is used, the protocol is opt-in, and no consensus changes are required. Fungible assets are exchangeable on the Lightning Network, and you can use this protocol on mainnet today!

Taproot Assets is a flexible protocol that’s already opening the door to a wide variety of use cases, but the core use case is stablecoins on Lightning.

For those wanting to learn more, here are the docs, and tutorial and demo videos can be found here.

So, why is this such a powerful tool for adoption? 

Meet People Where They Are

It’s easy to get immersed in the Bitcoin world — where we use bitcoin, talk about it constantly, and dive deep into all the things it fixes. That passion and curiosity is powerful. But the real magic happens when we connect that world to people outside it.

Most people don’t have the time available to study monetary theory or economic history. Free time and disposable income are not the norm in the world. Stay humble. If we want Bitcoin to serve the world, let’s meet people where they are. And we can: We have the tools and the skills to build things that are truly useful — products that people love not because they’re Bitcoin-powered, but because they solve real problems. 

Adoption won’t come just from our impressive understanding of Austrian economics, it will come from building things that are so useful people can’t help using them. The true measure is in the utility. The true measure is in the users. Number of people go up!

Stablecoins

And so let’s talk about stablecoins. Love them or question them, stablecoins have clearly found product-market fit. The invisible hand has spoken! 

Let’s look at some numbers:

In Brazil, approximately 90% of crypto transactions are tied to stablecoins, primarily for payments and remittances. 

Tether estimates it has 434 million users worldwide, transacting $31 billion USDT daily. About 13% of the total USDT supply is held by savers who are likely emerging markets users without other access to dollars.

Tether (USDT) has a market cap of $153 billion and recorded over $10 trillion in total volume in 2024. USD Coin (USDC) follows with a $61 billion market cap. (Numbers from CoinGecko at time of writing.)

Utility 

Why have the people chosen stablecoins? Utility.

Most people around the world don’t have the luxury to HODL through a bear market. Most humans don’t ponder the intricacies of fractional reserve banking. They’re busy living — busy being fathers, and mothers, and small business owners, and doctors, and carpenters, and farmers, teachers, and students. All the things that keep the world turning.

Most people are simply seeking an improvement in their day-to-day lives, and it’s our job, as experts on money, to give them what they need. 

They need stability and affordability. 

Infrastructure Adoption

As the Bitcoin adoption story goes, first we achieve store of value, then medium of exchange, and then unit of account — the final boss! But if we facilitate stablecoins, are we preventing bitcoin from achieving unit of account? No. Bitcoin will be a unit of account if and when the world needs it to, if and when we make it available.

Those choosing to use a stablecoin on the Lightning Network will be doing so because it is the best option for them; it’s the option that brings the most utility. They aren’t thinking about “adopting Bitcoin”, and they don’t intend to adopt bitcoin, the unit of account. But they will be adopting Bitcoin, the network. They will be adopting Bitcoin, the payments infrastructure. 

We often think of replacing the Visa network and to do that we have to be more useful than Visa, which processes transactions in 175 different currencies.

Our Turkish reseller is an expert in what he does, and not an expert on decentralized networking technology. He’ll choose Lightning over Visa when it becomes the better, more affordable, easier option for running his business. And for many businesses, Lightning already is the faster, more affordable option. 

Let’s imagine that precoiner shop owner in Brazil. She’s managing her business making transactions using a stablecoin via a Taproot Assets Lightning wallet. She’s made the switch to Bitcoin infrastructure. She was enticed to do so by a simple, easy-to-use mobile wallet that simplified her business, cut her costs, and reduced her risk. This wallet allows her to make instantly settled, global, incredibly affordable transactions, and to do so in a wide variety of currencies. She came for the utility of this medium of exchange, but is now one button away from losing her precoiner status.

And, should that global fiat money collapse finally arrive one random Tuesday afternoon, she just needs to push that button to switch out of fiat and into sats because she is already running on Bitcoin infrastructure. 

A Multi-Asset Network

The potential and utility of a Taproot Assets-enabled, multi-asset Lightning Network is grossly underappreciated. Seriously: It’s a medium of exchange like the world has never seen before.

Application builders and their users can have any unit of account that they like — U.S. dollars, Brazilian reais, euros, etc. — and it’s all routed through Bitcoin. Taproot Assets Lightning transactions require Bitcoin liquidity. These transactions support and grow the Lightning Network and enable a plethora of options. A payment can be sent out by Alice in USD, but Bob can receive BTC. Alice can send another payment in USD that will be routed through the Lightning Network, through the sats-denominated liquidity in the center of the Lightning Network, on to Carol who opts to receive a euro-denominated stablecoin.

Our Turkish reseller can sell goods to our Brazilian shop owner using a stablecoin. Not only can he interact with businesses around the world without friction, but also any regular Bitcoiner can transact with either using sats, seamlessly. No need to touch that stablecoin if they don’t want to. 

And it gets even cooler. Let’s imagine for a moment this scenario…

(https://x.com/MichaelLevin/status/1885402488955662448) 

A global, scalable, instantly settled payment network that’s meaningfully cheaper than Visa — a payment network that now gives users the option to transact in whatever coin they prefer. This is the brilliance of building with Bitcoin as infrastructure — people adopt the network before they even know it’s Bitcoin. 

Conclusion 

If we want to see Bitcoin as a medium of exchange, if this is what we are building for, it’s our job as the experts to give the people what they are clearly telling us that they need: instant, low-fee, stable-value transactions. In other words, multi-asset Lightning.

Now, of course Taproot Assets is a versatile protocol. It can and will be used for all sorts of things — including use cases that appeal to the American crowd who see bitcoin primarily as a long-term investment. Yay, permissionless innovation! With this protocol, we’re helping usher Bitcoin in its medium of exchange era.

This piece is an article featured in the latest Print edition of Bitcoin Magazine, The Lightning Issue. We’re sharing it here to show the ideas explored throughout the full issue.

This post Taproot Assets – Bitcoin As A Medium Of Exchange  first appeared on Bitcoin Magazine and is written by Hannah Rosenberg.

0 Disclaimer (The author did not participate in the XX action, don't trace it)

• This tool is only for legally authorized enterprise security construction behaviors and personal learning behaviors. If you need to test the usability of this tool, please build a target drone environment by yourself.

• When using this tool for testing, you should ensure that the behavior complies with local laws and regulations and has obtained sufficient authorization. Do not scan unauthorized targets.

We reserve the right to pursue your legal responsibility if the above prohibited behavior is found.

If you have any illegal behavior in the process of using this tool, you shall bear the corresponding consequences by yourself, and we will not bear any legal and joint responsibility.

Before installing and using this tool, please be sure to carefully read and fully understand the terms and conditions.

Unless you have fully read, fully understood and accepted all the terms of this agreement, please do not install and use this tool. Your use behavior or your acceptance of this Agreement in any other express or implied manner shall be deemed that you have read and agreed to be bound by this Agreement.

1 Introduction

 _   __
|#| /#/ Lightweight Asset Mapping Tool by: kv2	
|#|/#/   _____  _____     *     _   _
|#.#/   /Edge/ /Forum|   /#\   |#\ |#|
|##|   |#|___  |#|      /###\  |##\|#|
|#.#\   \#####\|#|     /#/_\#\ |#.#.#|
|#|\#\ /\___|#||#|____/#/###\#\|#|\##|
|#| \#\\#####/ \#####/#/     \#\#| \#|

Kscan is an asset mapping tool that can perform port scanning, TCP fingerprinting and banner capture for specified assets, and obtain as much port information as possible without sending more packets. It can perform automatic brute force cracking on scan results, and is the first open source RDP brute force cracking tool on the go platform.

2 Foreword

At present, there are actually many tools for asset scanning, fingerprint identification, and vulnerability detection, and there are many great tools, but Kscan actually has many different ideas.

• Kscan hopes to accept a variety of input formats, and there is no need to classify the scanned objects before use, such as IP, or URL address, etc. This is undoubtedly an unnecessary workload for users, and all entries can be normal Input and identification. If it is a URL address, the path will be reserved for detection. If it is only IP:PORT, the port will be prioritized for protocol identification. Currently Kscan supports three input methods (-t,--target|-f,--fofa|--spy).

• Kscan does not seek efficiency by comparing port numbers with common protocols to confirm port protocols, nor does it only detect WEB assets. In this regard, Kscan pays more attention to accuracy and comprehensiveness, and only high-accuracy protocol identification , in order to provide good detection conditions for subsequent application layer identification.

• Kscan does not use a modular approach to do pure function stacking, such as a module obtains the title separately, a module obtains SMB information separately, etc., runs independently, and outputs independently, but outputs asset information in units of ports, such as ports If the protocol is HTTP, subsequent fingerprinting and title acquisition will be performed automatically. If the port protocol is RPC, it will try to obtain the host name, etc.

IP address: 114.114.114.114
IP address range: 114.114.114.114-115.115.115.115
URL address: https://www.baidu.com
File address: file:/tmp/target.txt

[Empty]: will detect the IP address of the local machine and detect the B segment where the local IP is located
[all]: All private network addresses (192.168/172.32/10, etc.) will be probed
IP address: will detect the B segment where the specified IP address is located

fofa search keywords: will directly return fofa search results

usage: kscan [-h,--help,--fofa-syntax] (-t,--target,-f,--fofa,--spy) [-p,--port|--top] [-o,--output] [-oJ] [--proxy] [--threads] [--path] [--host] [--timeout] [-Pn] [-Cn] [-sV] [--check] [--encoding] [--hydra] [hydra options] [fofa options]


optional arguments:
  -h , --help     show this help message and exit
  -f , --fofa Get the detection object from fofa, you need to configure the environment variables in advance: FOFA_EMAIL, FOFA_KEY
  -t , --target Specify the detection target:
                  IP address: 114.114.114.114
                  IP address segment: 114.114.114.114/24, subnet mask less than 12 is not recommended
                  IP address range: 114.114.114.114-115.115.115.115
                  URL address: https://www.baidu.com
                  File address: file:/tmp/target.txt
  --spy network segment detection mode, in this mode, the internal network segment reachable by the host will be automatically detected. The acceptable parameters are:
                  (empty), 192, 10, 172, all, specified IP address (the IP address B segment will be detected as the surviving gateway)
  --check Fingerprinting the target address, only port detection will not be performed
  --scan will perform port scanning and fingerprinting on the target objects provided by --fofa and --spy
  -p , --port scan the specified port, TOP400 will be scanned by default, support: 80, 8080, 8088-8090
  -eP, --excluded-port skip scanning specified ports，support：80,8080,8088-8090
  -o , --output save scan results to file
  -oJ save the scan results to a file in json format
  -Pn After using this parameter, intelligent survivability detection will not be performed. Now intelligent survivability detection is enabled by default to improve efficiency.
  -Cn With this parameter, the console output will not be colored.
  -sV After using this parameter, all ports will be probed with full probes. This parameter greatly affects the efficiency, so use it with caution!
  --top Scan the filtered common ports TopX, up to 1000, the default is TOP400
  --proxy set proxy (socks5|socks4|https|http)://IP:Port
  --threads thread parameter, the default thread is 100, the maximum value is 2048
  --path specifies the directory to request access, only a single directory is supported
  --host specifies the header Host value for all requests
  --timeout set timeout
  --encoding Set the terminal output encoding, which can be specified as: gb2312, utf-8
  --match returns the banner to the asset for retrieval. If there is a keyword, it will be displayed, otherwise it will not be displayed
  --hydra automatic blasting support protocol: ssh, rdp, ftp, smb, mysql, mssql, oracle, postgresql, mongodb, redis, all are enabled by default
hydra options:
   --hydra-user custom hydra blasting username: username or user1,user2 or file:username.txt
   --hydra-pass Custom hydra blasting password: password or pass1,pass2 or file:password.txt
                  If there is a comma in the password, use \, to escape, other symbols do not need to be escaped
   --hydra-update Customize the user name and password mode. If this parameter is carried, it is a new mode, and the user name and password will be added to the default dictionary. Otherwise the default dictionary will be replaced.
   --hydra-mod specifies the automatic brute force cracking module: rdp or rdp, ssh, smb
fofa options:
   --fofa-syntax will get fofa search syntax description
   --fofa-size will set the number of entries returned by fofa, the default is 100
   --fofa-fix-keyword Modifies the keyword, and the {} in this parameter will eventually be replaced with the value of the -f parameter

6.2 Survival network segment detection

6.3 Fofa result retrieval

6.4 Brute-force cracking

6.5 CDN identification

0 Disclaimer (The author did not participate in the XX action, don't trace it)

• This tool is only for legally authorized enterprise security construction behaviors and personal learning behaviors. If you need to test the usability of this tool, please build a target drone environment by yourself.

• When using this tool for testing, you should ensure that the behavior complies with local laws and regulations and has obtained sufficient authorization. Do not scan unauthorized targets.

We reserve the right to pursue your legal responsibility if the above prohibited behavior is found.

If you have any illegal behavior in the process of using this tool, you shall bear the corresponding consequences by yourself, and we will not bear any legal and joint responsibility.

Before installing and using this tool, please be sure to carefully read and fully understand the terms and conditions.

Unless you have fully read, fully understood and accepted all the terms of this agreement, please do not install and use this tool. Your use behavior or your acceptance of this Agreement in any other express or implied manner shall be deemed that you have read and agreed to be bound by this Agreement.

1 Introduction

 _   __
|#| /#/ Lightweight Asset Mapping Tool by: kv2	
|#|/#/   _____  _____     *     _   _
|#.#/   /Edge/ /Forum|   /#\   |#\ |#|
|##|   |#|___  |#|      /###\  |##\|#|
|#.#\   \#####\|#|     /#/_\#\ |#.#.#|
|#|\#\ /\___|#||#|____/#/###\#\|#|\##|
|#| \#\\#####/ \#####/#/     \#\#| \#|

Kscan is an asset mapping tool that can perform port scanning, TCP fingerprinting and banner capture for specified assets, and obtain as much port information as possible without sending more packets. It can perform automatic brute force cracking on scan results, and is the first open source RDP brute force cracking tool on the go platform.

2 Foreword

At present, there are actually many tools for asset scanning, fingerprint identification, and vulnerability detection, and there are many great tools, but Kscan actually has many different ideas.

• Kscan hopes to accept a variety of input formats, and there is no need to classify the scanned objects before use, such as IP, or URL address, etc. This is undoubtedly an unnecessary workload for users, and all entries can be normal Input and identification. If it is a URL address, the path will be reserved for detection. If it is only IP:PORT, the port will be prioritized for protocol identification. Currently Kscan supports three input methods (-t,--target|-f,--fofa|--spy).

• Kscan does not seek efficiency by comparing port numbers with common protocols to confirm port protocols, nor does it only detect WEB assets. In this regard, Kscan pays more attention to accuracy and comprehensiveness, and only high-accuracy protocol identification , in order to provide good detection conditions for subsequent application layer identification.

• Kscan does not use a modular approach to do pure function stacking, such as a module obtains the title separately, a module obtains SMB information separately, etc., runs independently, and outputs independently, but outputs asset information in units of ports, such as ports If the protocol is HTTP, subsequent fingerprinting and title acquisition will be performed automatically. If the port protocol is RPC, it will try to obtain the host name, etc.

IP address: 114.114.114.114
IP address range: 114.114.114.114-115.115.115.115
URL address: https://www.baidu.com
File address: file:/tmp/target.txt

[Empty]: will detect the IP address of the local machine and detect the B segment where the local IP is located
[all]: All private network addresses (192.168/172.32/10, etc.) will be probed
IP address: will detect the B segment where the specified IP address is located

fofa search keywords: will directly return fofa search results

usage: kscan [-h,--help,--fofa-syntax] (-t,--target,-f,--fofa,--spy) [-p,--port|--top] [-o,--output] [-oJ] [--proxy] [--threads] [--path] [--host] [--timeout] [-Pn] [-Cn] [-sV] [--check] [--encoding] [--hydra] [hydra options] [fofa options]


optional arguments:
  -h , --help     show this help message and exit
  -f , --fofa Get the detection object from fofa, you need to configure the environment variables in advance: FOFA_EMAIL, FOFA_KEY
  -t , --target Specify the detection target:
                  IP address: 114.114.114.114
                  IP address segment: 114.114.114.114/24, subnet mask less than 12 is not recommended
                  IP address range: 114.114.114.114-115.115.115.115
                  URL address: https://www.baidu.com
                  File address: file:/tmp/target.txt
  --spy network segment detection mode, in this mode, the internal network segment reachable by the host will be automatically detected. The acceptable parameters are:
                  (empty), 192, 10, 172, all, specified IP address (the IP address B segment will be detected as the surviving gateway)
  --check Fingerprinting the target address, only port detection will not be performed
  --scan will perform port scanning and fingerprinting on the target objects provided by --fofa and --spy
  -p , --port scan the specified port, TOP400 will be scanned by default, support: 80, 8080, 8088-8090
  -eP, --excluded-port skip scanning specified ports，support：80,8080,8088-8090
  -o , --output save scan results to file
  -oJ save the scan results to a file in json format
  -Pn After using this parameter, intelligent survivability detection will not be performed. Now intelligent survivability detection is enabled by default to improve efficiency.
  -Cn With this parameter, the console output will not be colored.
  -sV After using this parameter, all ports will be probed with full probes. This parameter greatly affects the efficiency, so use it with caution!
  --top Scan the filtered common ports TopX, up to 1000, the default is TOP400
  --proxy set proxy (socks5|socks4|https|http)://IP:Port
  --threads thread parameter, the default thread is 100, the maximum value is 2048
  --path specifies the directory to request access, only a single directory is supported
  --host specifies the header Host value for all requests
  --timeout set timeout
  --encoding Set the terminal output encoding, which can be specified as: gb2312, utf-8
  --match returns the banner to the asset for retrieval. If there is a keyword, it will be displayed, otherwise it will not be displayed
  --hydra automatic blasting support protocol: ssh, rdp, ftp, smb, mysql, mssql, oracle, postgresql, mongodb, redis, all are enabled by default
hydra options:
   --hydra-user custom hydra blasting username: username or user1,user2 or file:username.txt
   --hydra-pass Custom hydra blasting password: password or pass1,pass2 or file:password.txt
                  If there is a comma in the password, use \, to escape, other symbols do not need to be escaped
   --hydra-update Customize the user name and password mode. If this parameter is carried, it is a new mode, and the user name and password will be added to the default dictionary. Otherwise the default dictionary will be replaced.
   --hydra-mod specifies the automatic brute force cracking module: rdp or rdp, ssh, smb
fofa options:
   --fofa-syntax will get fofa search syntax description
   --fofa-size will set the number of entries returned by fofa, the default is 100
   --fofa-fix-keyword Modifies the keyword, and the {} in this parameter will eventually be replaced with the value of the -f parameter

6.2 Survival network segment detection

6.3 Fofa result retrieval

6.4 Brute-force cracking

6.5 CDN identification