I agree.  It is undesirable to risk winding up on this list:  https://github.com/jlopp/physical-bitcoin-attacks

The maintainer of that list is not anonymous; his name is Jameson Lopp.  However, he took extraordinary measures to “vanish” after he himself suffered a real-world physical attack.


Security instructions:  Use PGP for code signing.  Generating a PGP key does not require identifying oneself, just as with generating a Bitcoin key.


If that is true, past performance is no guarantee of future results.  What if Github gets hacked?  What if a Github employee acts maliciously, or an Amazon employee with access to Github’s AWS download backend, or...?

Every serious crypto project uses PGP signatures to verify downloads.  Bitcoin Core does not rely on Github’s security, or the security of any download server; they have a highly sophisticated process for making sure that what you download is what the developers are trying to give you, and it is all ultimately anchored in PGP signatures.  See what I said above about Monero—oh, and I think you can be sure that the Monero people love anonymity!  Examples abound...


By design, mining is supposed to be trustless.


LOL, bank account.  I do not trust that.  I trust my Bitcoin wallet (and my underlying OS) much more.  Of course, I have verified the origin of every bit of code on my system using digital signatures—no exceptions!  There is no excuse to do otherwise!  (I have also audited not-insignificant portions of the source code myself; but that is obviously no way to exclude all vectors for malicious code.)