Topic: advantage of showing unspent outputs among multiple Bitcoin addresses (Read 406 times)

I just don't buy that reasoning. You can get a good hardware wallet for 40 bucks. The inconvenience of plugging it in to your phone and unlocking it versus using a mobile hot wallet is what? 20 seconds? In terms of plugging it in and unlocking compared to navigating to a website an entering your login details, the time different is negligible. If you can carry around your wallet, phone, and keys every day, then you can easily carry around a tiny hardware wallet as well. The privacy and security of holding your own private keys in a hardware wallet on one hand, and not even being able to access your private keys in a custodial web wallet on the other, isn't even comparable.

I maintain the position that there is no good reason to use a web wallet. Unfortunately, many people don't come to that realization until after they've lost their coins to some borderline scam wallet like blockchain.com.

As the saying goes: "Absence of evidence is not evidence of absence"


Honestly, I can certainly understand why some people want to use web wallets, or closed source mobile wallets, or SPV wallets that potentially have privacy concernts etc.

It seems that it comes down to a willingness to trade off convenience and ease of use (and, in some cases, cost) for privacy and/or security. If any given wallet fits with a users personal risk acceptance profile, then all the "evidence" or arguing about which wallet is "best" is probably just a waste of your time

It's highly ironic to use a closed-source wallet which is known for its flaws if you believe that your cryptocurrency has potential. But, even if you have no interest towards what you're buying, if you just want to buy it and then get rid of it, then I'd recommend Exodus rather than Coinomi.

Firstly, they're all virtual. Even the hardware operates essentially virtually. Pretty obvious if the coins are intangible and transferred through the internet. Secondly, they're not owners if others keep their money.

I am not claiming the opposite, but we both know that no matter what you, me, or someone else thinks about them, there will still be a big group of people who will invest in shitcoins expecting them to become the next big thing. For such purposes, Coinomi is neither better nor worse than the alternatives who are also closed-source and have their own flaws. A place to store all that worthless crap in one place if you want.

I think what you mean here is that you think Coinomi can be the forgo as their is no good and reputed wallet option for altcoins, Mycelium that would have been a preferable option only support mobile devices and only support Bitcoin, Ethereum and ERC 20 tokens and nothing more yet. What could be worst about apps and softwares people are using to hold there coins is for the software to be built with close source codes, even if there is spyware or any other malware included along, public will not be able to know this, so it is neither good for Bitcoin not good for altcoins, but the alternatives also such as Trustwallet and the likes are not also good and reputed because they are also all close source wallets.

The problem is that most don't, and by the time they learn, they have already handed out KYC to a bunch of scammers and linked all their bitcoin and altcoin address to their real life identity.

Even if you assume the former, as you say, the security flaw is enormous. How did the developers not pick up on the fact that their app was sending every word of every seed phrase to a Google IP address? Do you trust people who make such a basic mistake to understand the intricacies or not reusing k values, for example? There are a thousand and one more subtle ways to have all your coins stolen from your wallet than Google spell checking your seed phrase. If they didn't even pick up on that, what makes you think they will pick up on anything else?

There was a discussion on here before with one of the developers from Coinomi, who essentially downplayed the entire incident and did not take it seriously at all, which is doubly concerning. Closed source is bad enough, but closed sourced with inadequate and irresponsible devs? No thanks.

"Storing" shitcoins is already a bad idea, I'd say the only useful utility Coinomi provides is an easy way to claim shitcoin airdrops to dump them.

That is a MASSIVE security flaw that is not acceptable in any sense. There is literary no reason to "spellcheck" a mnemonic using a remote server where it can be checked locally apart from out of stupidity or maliciousness, I'm willing to bet that it is the later.
The "biggest problem with Coinomi" is lack of transparency and the history of malicious acts. We have no reason to believe that currently the software (on PC or mobile or anything else) is not sending your secrets to their servers.

I think that Coinomi is good enough to be used as a multi-currency mobile wallet. Yes, they are a closed-source software, but they are still a practical option to store various alts and shitcoins. I wouldn't use it as my main wallet though and I wouldn't keep my bitcoin on it.

To be fair, the biggest problem Coinomi had was concerning their desktop app, not the mobile version. The desktop app sent your recovery phrase to Google spellcheck in an unencrypted format, which caused one user to lose a lot of money. Besides that incident, I can't remember any significant issues or scam accusations against the Coinomi brand.

Truly centralized services have their own advantages, like the exchange feature. I do not think it is bad either for newbies, but if provided the newbie already known much about the transparency design of Bitcoin and most cryptocurrencies generally. From what I have experienced (I can not remember if it is Coinbase as I have seen it on some other centralized services), they will indicate that someone is in the control of his coins when the person has no private key. Later, I used Coinomi (also not recommended as it is close souce), I noticed Coinomi was also easy to use. I later used electrum, also I noticed not hard to use. I have even heard of account freeze or coin seized when transferring from gambling site to Coinbase, when such services will be indicating someone is in control.

What I also still very much noticed is that newbies like to provide kyc even beyond exchanges, which is due to lack of experience, they also provide kyc on other sites such as airdrop sites and many other sites that are not secure and safe to use. The evidence of data breach on exchanges is an indication of how kyc can be very dangerous, even there are some exchanges that hackers were able to get hold of users data during hack. I think before anyone should start making use of Bitcoin and other cryptocurrencies, the person needs to know the danger of kyc.

That's kind of my point though. Many people do not understand just how valuable their data is or just how important their privacy is until it is too late and they have been the victim of fraud, theft, scams, identity theft, or something else. By the time many people figure this out, they have already splashed out their KYC information to multiple exchanges and have absolutely no way of undoing the damage they have already inflicted on themselves.

Again, it is exactly because most newbies don't understand the risks of KYC at exchanges that we shouldn't be recommending them to use exchanges as wallet. The vast majority of traditional financial institutions have vastly superior security to the vast majority of bitcoin exchanges. They also have much stricter rules and regulations about what they can and cannot do with your information, and who they can and cannot share it with, whereas most crypto exchanges have a Privacy Policy which is so intentional vague or wide reaching it essentially gives them carte blanche to do anything they like with your data and share or sell it to anyone else.

We shouldn't be encouraging newbies to use methods which result in near-irreversible compromise of their privacy until they are fully aware of the ramifications of such an action.

Sad as it is, you can't except newcomers to know and understand everything you just explained. Most people are not that cautious about their privacy and traditional financial institutions know all about them already. Having an exchange do the same, wouldn't be something they see as a potential threat.

Just the other day I was shopping in a local supermarket. The shop organized a giveaway. To participate in it, you had to fill out a form with your personal information and put that together with your receipt inside a big box placed near the exit. The information they asked for in the form, is your full name, gender, age, home address, and phone phone number. The box was full and had hundreds maybe thousands of entries. If the form required your ID number or your bank account number, or a picture of you holding your ID and receipt, I doubt you would notice a difference in the number of submissions.

Imagine if someone walked in and just grabbed the box and ran away, or if an employer stole or sold its content? People simply don't think about those kind of things, but they should. 

I agree with your general sentiment regarding a first wallet being something that is simple to use and handles the more complicated stuff for you automatically, but the issue with using an exchange for this function is privacy. By the time someone realizes that the blockchain is an open book, then if they have chosen Coinbase as their wallet then they have probably already completed KYC, linked their bank details, linked any deposit or withdrawal addresses to their real name, and if they have started to try to move to a better wallet such as Electrum or Wasabi, then they've probably revealed the addresses in that wallet to Coinbase as well. Once you've already compromised your privacy to such a huge degree, it can be incredibly difficult to get it back, obfuscate the history of all those coins, move them in to clean addresses not linked back to you, etc. And it will be near impossible to remove your personal details from Coinbase's servers, keep them safe from hacks or thefts, and stop Coinbase from handing them over to the myriad of agencies and governments they work with.

As much as I hate closed source multi-coin wallets, I would advocate for an easy to use one of those over an exchange any day. The privacy still isn't amazing by any means, but at least you don't have to complete KYC.

I don't think it is a bad thing to start with coinbase as your first wallet. I don't know if you were like this or not but for a lot of people the needed initial understanding of bitcoin is overwhelming which is why using a custodial wallet that does most things for them so they don't have to know or worry about things like coin control, fees, change, paying to more than one address at the same time, ... additionally they can also have an easy way to convert their fiat to bitcoin using the same account.

That's right. Here's a link to a post I made a while ago which explains why the differences exist - https://bitcointalksearch.org/topic/--5343500. Interestingly, taproot transactions have a smaller raw size despite having a slightly larger virtual size.

Online multisig wallet is still safer if compared to the use of just a single master public key wallet, if enabling multisig using hardware wallets, this will be a means of maximum security and safety while Taproot fee is still 30% to 75% lower than those that required script hash (P2SH and P2WSH).

Yes, but I want to make comment about what I have found out about Taproot in regard to low transaction fee, the transaction fee is indeed low if compared to the recent multisig (P2SH and P2WSH), and as the pubkeys increase, the fee increase, unlike Taproot transactions that 50-of-50 multisig will still pay the same amount of fee as 2-of-2 Taproot multisig, and also as the same required for the one that require 1 pubkey, this as a result of key aggregation with the help of schnorr signature.

But I have found out that comparing segwit with Taproot using single pubkey payment still has low fee if compared to the lowest minimum amount paid in Taproot transaction, and this fee increases gradually as the transaction output increases (not the transaction input).

Pay-to-taproot
Input vbyte counts = 57.5
Output vbyte counts = 43
Vbyte count = 111.5

Segwit
Input vbyte counts = 68
Output vbyte counts = 31
Vbyte count = 109.5

For 1 inputs and 10 outputs
Vbyte count for Taproot= 498
Vbyte count for Segwit = 388.5

Like the Campaign Managers on this forum that can make use of 1 input and many more output, SegWit (P2WPKH) will still reduce the fee than Taproot if not comparing it with multisig. But Taproot will save much more while comparing it with multisig.

Speaking of pros and cons, I'm toying with the idea of moving all the coins I currently store on hardware wallets to a 2-of-2 multi-sig with one Ledger and one Trezor device once taproot comes along. Doing so would provide very good protection against any critical bugs or vulnerabilities discovered in either one of the devices, with taproot keeping transactions small and fees low. The only downside I can see is the slightly increased time required to make a transaction, and carrying two devices with me rather than one if I want to take my hardware wallets with me anywhere. I'll just need to wait for taproot implementation.

@Charles-Tim: yes, i did give a general comment, not one specific for one user group.
Just to be completely clear: i'm leaning towards ledger, i'm not starting a holy hardware wallet war . I personally own both ledger and trezor devices and i'm happy with both (and both feel secure to me). Ledger does indeed use closed source components, but they have been around for a very long time, they're a public company, and their devices have been tested extensively... So even tough they're using closed source component, i still trust them.

I know the discussion of Ledger vs Trezor has many pro's and con's for each device... If you own one of them, and use proper opsec, you're probably much safer off compared to any desktop wallet on an online machine. That being said, after reading all pro's and con's, and owning hardware wallets from several vendors for many, many years (my oldest HW wallet i still have, eventough it is no longer funded, is a HW.1), my gut feeling tells me that ledger might be a little bit more secure than a trezor, and a trezor one feels more sturdy than ledger devices (the trezor model T on the other hand, feels less sturdy).

Now, when it comes to user friendlyness, i personally find ledger's wallet implementation a little buggy (their UI looks great, but i'm regularly confronted with bugs), trezor's new wallet implementaion on the other hand seems to work better (whilst also providing a clear, user friendly UI)... But i usually only use those implementations for certain altcoins, since i always use my ledger and trezor devices together with electrum instead of the vendor's wallet.

I think it depends on how individual are protecting their wallet device. For beginners, I can recommend Ledger Nano, but experienced users can use Trezor and have his coins completely safe from any form of attack while using a completely open source wallet, the reason I will prefer experienced users to use Trezor is because it is completely open source. The microchip in the Ledger Nano is close source. So far a strong passphrase can help protect coins stored on Trezor from physical attack, I think it meets experienced users needs like you for complete coin protection.

At that point, you are probably wasting your time trying to get them to change wallet. They will not be interested in a better wallet until they become interested in bitcoin or cryptocurrency for reasons other than "get rich quick". And actually, storing coins on some closed source multi-coin wallet like Coinomi rather than a better wallet is the least of their concerns. They are far more likely to lose everything by using a scam exchange or buying a new bugged or scam altcoin.

Even then, bitcoin.org recommends some wallets like BitPay, which I would refuse to even download on to any of my devices, let alone trust with my coins, given how horrendous BitPay are as a company.

And then the same user comes back 6 months later saying how their exchange account has been locked and they can't access their coins or their blockchain recovery phrase doesn't work. Every wallet is fine until the day it isn't, by which point it's usually too late for users using custodial services. It's such a moronic argument as well. Might as well say "I've been driving without a seatbelt for months, so it is perfectly safe and seatbelts are unnecessary."

Wow, in my opinion, that writer completely gives the wrong advice about everything except (maybe) his choice of hardware wallet...
Best Overall: Coinbase (An exchange)
Best for Hardware Wallet for Security: Trezor (eventough i'd personally lean towards Ledger if we're talking about best security, due to their chip)
Best Hardware Wallet for Durability: Ledger (eventough i'd personally lean towards Trezor one for best Durability)
Best for Beginners: SoFi (WTF)
Best for Free Buying and Selling: Robinhood (eventough they basically cheated gamestop buyers)
Best for Mobile: Mycelium (meh.... storing funds on a cellphone isn't a good idear to begin with)
Best for Desktop: Exodus (this one isn't even open source.... I don't think Exodus would be in my top-10 wallet provider's list)

Just to be clear: above list comes from the top article, it's defenately not my list!