Pages:
Author

Topic: Best way to store bitcoins safely without a hardware wallet(ledger,etc) (Read 681 times)

newbie
Activity: 23
Merit: 853

There are additional measures you have to take to properly hide your identity.


Sure, that is truism. A few extra  measures have been mentioned in my previous post.

It will suffer if he reuse addresses, if he put his addresses on forums, if he has a single output, a lot of "if" exists.


 But the topic of privacy preservation is the vast one and it cannot be covered by 2 - 3 posts on the single forum. That is why I would recommend you to  snoop through WEB articles. As to TOR, developers say it helps to hide IP and I’m inclined to believe them.



And the answer to that is: It depends.
............
But it does nothing for his privacy, no.



LOL, just knocks it down
newbie
Activity: 23
Merit: 853
but it mostly depends on the user behavior.



Sure, it depends. If user cut off TOR which is part of Tails his privacy  will suffer. It will suffer if he reuse addresses, if he put his addresses on forums, if he has a single output, a lot of "if" exists.  In principle, even  TOR  being turned on might harm if it’s in the  hands of incompetent man . But mrkfdr  didn't seem that and  I guess he understands exactly what I’m saying.



Using electrum, you already reduce the degree of your privacy by a lot. Installing Tails and believing that this makes you somewhat anonymous, as you are saying, is not true and creates a false sense of anonymity.

Well mrkfdr has installed it  and asked  the specific questions.  I  gave  the straight up answers. It is not my fault that you got my answers in a wrong way.
newbie
Activity: 23
Merit: 853
it's not a partial sign,air gap approach , right ?

Yeah, Tails is good for broadcasting TRXs that are already signed because it is capable to hide your identity. For cold wallet which has the ability  to sign raw transaction  you don't  need   Tails in fact, any  comfortable to you OS (even Windows)  on  air-gapped device is appropriate.
legendary
Activity: 1624
Merit: 2481
Sure, it depends. If user cut off TOR which is part of Tails off his privacy  will suffer. In principle, even  TOR  being turned on won’t save if it’s in the  hands of incompetent man. But OP  didn't seem that and  I guess he understands exactly what I’m saying.

"Just" using Tor doesn't make you anonymous at all.
There are additional measures you have to take to properly hide your identity.

It is not as trivial as you have made it sound in your last post:
Yeah, Tails is good for broadcasting TRXs that are already signed because it is capable to hide your identity.



Well mrkfdr has installed it  and asked  the specific questions.  I  gave  the straight up answers. It is not my fault that you got my answers in a wrong way.

Actually, he never asked about anonymity or hiding his identity. Just whether it makes sense using a bootable USB with Tails.

And the answer to that is: It depends.

It is usable, yes. It is slightly better (in terms of security) than an desktop wallet on his main OS, yes.
But it does nothing for his privacy, no.
legendary
Activity: 1624
Merit: 2481
Does this makes sense? using Tails with Electrum on a bootable USB to store Bitcoins and retrieve them occasionally? 

Depends on the context.

It makes sense in terms of that it works. But it is by far not comparable to a hardware wallet regarding the security.
As HCP mentioned, it is a trade off between usability and security.



Yeah, Tails is good for broadcasting TRXs that are already signed because it is capable to hide your identity.

You are giving the impression that using tails is sufficient to preserve some degree of privacy. This is wrong.
Tails itself is just a linux distro with some tools installed. They might help you to stay more anonymous than otherwise, but it mostly depends on the user behavior.

Using electrum, you already reduce the degree of your privacy by a lot. Installing Tails and believing that this makes you somewhat anonymous, as you are saying, is not true and creates a false sense of anonymity.
HCP
legendary
Activity: 2086
Merit: 4363
Just o make it clear when i want to transfer BTC i have to connect to the network to make the transaction ? it's not a partial sign,air gap approach , right ?
Depends on how you want to set it up and use it...

You can either run it as a "LiveOS", but connected to the internet... in which case, it isn't a "cold storage" setup, but likely to have increased privacy due to Tails/Tor use etc...
or
You can use it purely as an offline, transaction signing setup... in which case you'd need to install "watching-only" Electrum on your normal OS, use that to create unsigned transactions, then boot up "offline" into Tails, sign the transaction, boot back into normal OS and broadcast the signed transaction

It can be done either way, you just need to figure out which option is best suited to your particular use-case. The first one is less hassle, but arguably less "secure"... the second option is more secure, but also more hassle.
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
Thnx Captain !
 Just o make it clear when i want to transfer BTC i have to connect to the network to make the transaction ? it's not a partial sign,air gap approach , right ?

You only need to Broadcast Your RAW Transaction once you've created the actual transaction and have the necessary raw TX without connecting the cold wallet to the net.
jr. member
Activity: 47
Merit: 3
Does this makes sense? using Tails with Electrum on a bootable USB to store Bitcoins and retrieve them occasionally?  


Yeah, it does.  Make sure you have the latest version of Tails and after installing it download and install on persistent volume the latest version of Electrum. Running Electrum on tails via TOR  is a good approach for  to preserve you privacy. Besides tails is one of the flavors  of Debian which is good protected itself.

Thnx Captain !
 Just o make it clear when i want to transfer BTC i have to connect to the network to make the transaction ? it's not a partial sign,air gap approach , right ?
jr. member
Activity: 47
Merit: 3
Does this makes sense? using Tails with Electrum on a bootable USB to store Bitcoins and retrieve them occasionally? 

legendary
Activity: 1624
Merit: 2481
I see these things differently. You and me have already discussed all relevant stuff and I think there is no use to start our dispute again here. You stayed with own opinion but me with mine.

As much as i value your opinion, this has nothing to do with point of view.
It is about terminology.

People refer to the internet as "the web" all the time.
Even if that is their opinion, it is simply wrong and doesn't make it right.

Same applies to wallets.
If you use the most commonly used taxonomy - storage of private keys - you either have online wallets (e.g. software-, web- or browser-based wallets) or cold-/offline wallets (paper wallets, air-gapped setups) and depending on the PoV "hybrid" ones (e.g. hardware wallets, which is quite controversial where they belong to).


You know even Ledger is not a pure hardware wallet. It has some embedded  software  (like OS for example) which allows it to operate.

Wait.. are you really trying to argue that hardware needs software to be usable?
legendary
Activity: 1624
Merit: 2481
I guess you meant "cold" wallet sitting on air-gapped  device  that was never been online and in the future  will never go online.

There is no difference between an offline- and a cold wallet.

"Offline" does not only refer to the internet, but to any communication interface (wifi, bluetooth, ..).
Therefore each cold wallet is indeed an offline wallet and each offline wallet is a cold wallet.



Some users are confused with two concept "off-line" device and "air-gapped" one and think if they turn off their WiFi or pulled Ethernet cable that would be enough.

And some users are confused with the concept of computers believing that it is some sort of magic machine.

I don't see any relevance to that topic.
If they simply just disconnect their internet connection, it doesn't make their online wallet an offline-/cold wallet.

Just because their software is running on hardware, it also doesn't make their software wallet a hardware wallet..
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
I guess you meant "cold" wallet sitting on air-gapped  device  that was never been online and in the future  will never go online. Some users are confused with two concept "off-line" device and "air-gapped" one and think if they turn off their WiFi or pulled Ethernet cable that would be enough.
Yes, I meant a "cold" wallet. The device will never go online.

1. From the online device take the unsigned file.
2. Sign it in the off-line device.
3. Go back and broadcast the singed file from the online device.
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
Shopping List:  A form of sheet metal, (galvanised steel etc) an engraver a pencil and ruler and an hour or so. 

Transfer your coins to a paper wallet that you have rolled offline, engrave the private key onto the sheet metal (store in a safe place until needed).  Destroy the paper wallet once you have verified what you engraved is what you intended to have engraved.
Yeah, that metal idea is a pretty good one.  I actually have a steelwallet that I got when I bought my ledger, and it's a pretty solid way to store seed words.  Those are way too expensive IMO, however.

Ages ago the SexCoin community stumbled upon a trader who was creating jewlery with QR codes etched/printed on them for persons collecting payments but not needing to cash out immediately - more practical than being handed cash for services about to begin then being robbed of that cash later on.

https://www.etsy.com/market/qr_code_jewelry






Even better, easier and cheaper, is to buy a piece of normal cheap PVC pipe used in waste water systems.
Carve your private key or seed words to that, and bury it somewhere where no-one will be building new buildings or anything in the future. Preferable to your own land or your relatives land Smiley

I'd always be concerned the pipe would be crushed or melt or some other calamity befall it.
legendary
Activity: 3556
Merit: 7011
Top Crypto Casino
What about Electrum? They do have a backup seed when you create a wallet no?
Yeah, I do believe that's one way to go as long as you can keep that seed phrase secure.  All it takes is a writing instrument, some paper, and you have your coins stored offline.

I don't think there are any security risks involved before the seed phrase is actually written down, and if there are I'd like to hear about them.  I know there are keyloggers and stuff like that, but I don't think the average person has to worry too much about those.

Shopping List:  A form of sheet metal, (galvanised steel etc) an engraver a pencil and ruler and an hour or so. 

Transfer your coins to a paper wallet that you have rolled offline, engrave the private key onto the sheet metal (store in a safe place until needed).  Destroy the paper wallet once you have verified what you engraved is what you intended to have engraved.
Yeah, that metal idea is a pretty good one.  I actually have a steelwallet that I got when I bought my ledger, and it's a pretty solid way to store seed words.  Those are way too expensive IMO, however.
sr. member
Activity: 259
Merit: 250
100% Positive EBAY Feedback Since 2001

the correct name is "Casascius" and it is not offline storage, it is a physical bitcoin

I'd hardly call a gimmick silver coin with a sticker over a QR code a secure method of storage.  

In any event, any of the coins that have been "slabbed" with the sticker still intact you would have no way of knowing whether or not the sticker was peeled off, the details transcribed and then carefully replaced immediately prior to encapsulation.  (We'll know for certain one day into the future if someone decides to cash in the funds)

Actually, its pretty easy to know...simply check the firstbits balance...if it's still there, the coin is not tampered with. Any scammer would steal the balance asap.

Collectibles are gimmicks to some and treasures to others...market determines true numismatic value...
legendary
Activity: 1624
Merit: 2481
If bitcoin is illegal which prevent OP from buying hardware wallet, it's likely that using VPN/Tor is illegal or blocked by government.

It is not that trivial to block VPN communication.
It can be masked to almost look like regular HTTPS traffic (assuming you are using your own VPN server).

The most common blocking techniques are by IP and Ports.
Not using a public VPN provider and connecting to an abnormal port (e.g. 443) would already help quite a lot.

Further, to prevent deep packet inspection where the traffic has to be decrypted, using a strong cipher and certificates to not connect to a man-in-the-middle is recommended.



VPN/tor isn't banned, the only thing banned is crypto, and I just want to store a sum of bitcoins in a wallet and leave it there for months+ I don't usually use crypto to transact anyways, only holding

Then just generate a paper wallet.
You can even do so without downloading/using any wallet.
legendary
Activity: 3472
Merit: 10611
Finally, it is not a physical BTC, as BTC never move away from the blockchain to become an object.
Casascius coins, are collectible and a way to spend / move / trade BTC  off chain (same as openDime).

technically true but "physical bitcoin" is the official term used to describe this type of products specifically Casascius coins https://en.bitcoin.it/wiki/Casascius_physical_bitcoins and it comes from the fact that they have physical form and exactly because they can be traded "physically" and are not meant to be used as wallets for storage.
whether people pealed off the security to reveal the key and claimed their coins doesn't change the nature of this product.
legendary
Activity: 2114
Merit: 1693
C.D.P.E.M


the correct name is "Casascius" and it is not offline storage, it is a physical bitcoin and this type is not exactly meant to be used for storage. they are designed to be used as "collectibles" for those who like having collections such as hobbyist, etc.
they also are meant to have a fixed balance (the balance that was originally put in that key) and remain that way meaning you should never spend from that key (which requires physically revealing the private key) because it makes stop being a collectible.

Well, technically they are not a "physical" bitcoin, they are just 10% of a paper wallet generated by someone else (Mike).
When I say 10% it is because the public key is not even fully displayed on the coin, just part of it, and to find your full public key you have to search for it the database about Casascius coins.
Then, unlike a regular paper wallet, the private key is concealed, and only by unpeeling the coin, you can see it.

They are definitely used to "store" coins (private keys) as there are about 44 000 BTC stored on them.
And you can definitely spend them, as about 45 000 coins loaded on Casascius have been redeemed so far (in 2019  about 530 Casascius were peeled, it is 10 a week !).

Finally, it is not a physical BTC, as BTC never move away from the blockchain to become an object.
Casascius coins, are collectible and a way to spend / move / trade BTC  off chain (same as openDime).

jr. member
Activity: 62
Merit: 4
What could go wrong with having a offline device to store your wallst on? Any risks I should be worried about?

Well, don't lose your device. And you should have a backup.

But the important question (which you didn't answer yet) is how often you want to send BTC.
If it is quite often, you need some form of watch-only wallet to create unsigned transactions.

And here is the difficulty. You need to make sure that you are not leaking any information (i.e. that you install / use that wallet) to your ISP (or who are you trying to hide it from?).

If you don't trust your ISP -> Use a VPN and Tor. (This btw is one of the rare cases where a VPN actually is useful; If you trust your ISP, do NOT use a VPN).
And do not use winodws. Use linux and encrypt your installation. This is important.


VPN/tor isn't banned, the only thing banned is crypto, and I just want to store a sum of bitcoins in a wallet and leave it there for months+ I don't usually use crypto to transact anyways, only holding
newbie
Activity: 13
Merit: 4
Shopping List:  A form of sheet metal, (galvanised steel etc) an engraver a pencil and ruler and an hour or so.  
Transfer your coins to a paper wallet that you have rolled offline, engrave the private key onto the sheet metal (store in a safe place until needed).  Destroy the paper wallet once you have verified what you engraved is what you intended to have engraved.

Even better, easier and cheaper, is to buy a piece of normal cheap PVC pipe used in waste water systems.
Carve your private key or seed words to that, and bury it somewhere where no-one will be building new buildings or anything in the future. Preferable to your own land or your relatives land Smiley

PVC pipe is easy to carve and lasts forever in the ground. It wont rust and metal detectors wont find it. Even house/forest fires are not a problem, because the layer of ground will protect it from heat.

One way to quickly and easily dig it to the ground is to have a battery operated drill and one of those cheap 1m drill bits. Drill a hole to ground, and then push the piece of pipe (if you selected one of those 3cm diameter pvc pipes or a small piece of a bigger pipe.) to the hole, and then just fill the small hole.

You could even dig it underwater in the bottom of a lake or something, where no-one will build anything.

Just save your bitcoin address, so you can always observe and put more coins to that address without needing to dig your private key up.
Pages:
Jump to: