Topic: Does it make sense to have mobile wallet + desktop wallet from same brand? (Read 619 times)

It sounds like you haven't tried it yet. I can only recommend doing so.
Most (if not all) Linux distributions boot into a working GUI straight from the installation DVD. Some offer the kernel option "toram" so you can remove the DVD (and run much faster), but that's optional. All of them create a virtual file system in RAM, where you can save files normally and even install packages (although this is quite limited when running Live Linux). The only difference is that's it all gone the moment you turn off your computer.

I was having the impression that when the OS starts up, there has to be temporary storage for activities like writing logs, caching data, creating temporary files etc. And that when the computer shuts down, in the case of Tails, it erases what it wrote. But, apparently, unless you want a persistent storage, writing isn't necessary at all. It runs fully on memory.

And it makes sense. If erasing files was to be processed when the computer shut down, it wouldn't work with power outages or force shutdowns.

The OS will operate just fine, you just won't be able to save any data between sessions. Every time you boot from your DVD, it will be like a completely fresh install. But this is exactly how Tails is intended to be used. The "A" in Tails stands for amnesic - if you don't set up an encrypted persistent storage, then every time you boot Tails you'll be in a completely clean sessions with no memory of any previous sessions.

Okay. So, you'll need another storage device which will be used as encrypted partition, otherwise the OS cannot operate.

Using a (read only) DVD instead of USB means your OS can't be tampered with for sure. The moment you reboot, it's fresh again.
Your data can still be stored on any other encrypted partition.

To me, the ideal wallet setup is this:

• Cold storage wallet, used very rarely (mainly to send coins to it). It works as savings for the long term.
• Cold storage wallet, used as frequently as you're making on-chain transactions.
• Hot storage wallet, used for micro-payments, or when you're in hurry. (includes lightning)

All of which are viewed by connecting to your own node, via some computer that is dedicated solely for that purpose only.

How's DVD-R safer? I don't understand. If the DVD is one-time burned, then you probably can't run any OS on it. If it isn't one-time, then it works similarly to a USB? Curious, actually, I may be wrong. I haven't ever used DVD for anything beyond burning videos.

Jee makes lot of sense now. I think I know what I was going to do and it was entirely wrong concept that I had back of the mind. I think it is best to follow what you said in the summary, have different wallets for different purposes. Since there is no limit on how many addresses I can generate I think it is perfectly fine that I just keep the devices concept away for now. I mean exposing the same private key over and over on different device could bring me in a situation of mumble jumble!

Of course, if I am holding trillions then I am definitely going to keep it low profile about my wallet. 


Yes, I already did after reading few of the replies initially. I am more or less going to trust paper wallet and hardware wallet. I wouldn't mind creating different one's as you mentioned.

Thanks for the heads up and also replying the long answer :-)

Agreed A false sense of security can make you sloppy.

Correct.

Although I've not tried this with Tails specifically, there are multiple ways to encrypt an entire OS: https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system

You can even hide the encrypted OS inside a VeraCrypt hidden volume, allowing you to unlock a secondary decoy OS if forced to do so: https://veracrypt.eu/en/VeraCrypt%20Hidden%20Operating%20System.html

But my point was really this: Just sticking Tails on a USB drive and assuming that what you have is now completely safe or is comparable to a proper hardware wallet is a mistake. There are a lot more things which need to be considered which are far outside the scope of the average user. If you don't want to use a hardware wallet, then airgapping an old laptop will be the best option, rather than using Tails in this manner on a computer which is not airgapped.

I don't think you can encrypt the entire Tails USB stick. You mean it should ask for a password before it boots, right?

A simpler way to avoid tampering with your OS is burning a DVD-R, then write on it so you know it wasn't switched out. But if you're that worried about targeted physical attacks, encryption alone probably won't protect you.

It's not that Tails only supports version 4.0.2, but rather that's the version which is part of the Tails bundle. Tails is deliberately designed in such a way that you cannot upgrade individual components. You must download the appimage and run it as a standalone, as I said above.

Yes, but encrypting the persistent storage only is insufficient. The entire drive should be encrypted in a way so that if a malicious third party gains access to it, they can't hide malware on it alongside your installation of Tails which could alter the entropy your copy of Electrum generates, change addresses you copy and paste, or copy your private keys for transmission at a later time.

I don't think that's over cautious at all. It is simply good sense not to have all your coins in a single wallet, regardless of how secure you think that wallet is.

I would personally not do that....

A single hack can basically ruin you, if you have a lot of coins in the "single" wallet. I like to have the majority of my "hoard" in hardware wallets or Paper wallets for long-term storage and then only a small amount of coins on my desktop wallet and my mobile phone.

They cannot take out all my coins in a single hack, because I split the risk into cold storage and then also small amounts on the hot wallets. I am a bit over cautious, so this strategy works for me... 

I don't see many benefits in what you are trying to do. It would be good to know how you are storing your most valuable or biggest stash of coins?
Are you only relying on hot wallets (mobile, desktop) or is there a hardware wallet or airgapped device somewhere in the mix?

If you have both an iOS and Android phone with you, I see no point in having the same seed imported on both wallets. 2x the risk.
If you use a desktop + phone combination, then what's your main way of sending and receiving bitcoin? Via your desktop or mobile wallet? And is it really mandatory to replicate the same seed across both devices when you can create different wallets with different seeds on each one?

You said you don't want to use your laptop that often and intent to spend the coins from your phone on the go. Perfect. So create a separate wallet on your phone and just transfer what you need to spend on the go to it.

I feel like you are trying to save on fees by importing your seed across different devices. In my opinion, it's not worth it. One wrong step on either your phone or laptop, and your coins could be gone because they share the same seed. 

Yes Sir is acceptable. I originally just wanted to try how to install Elecktrum on a flashdisk and be able to carry it anywhere.
I realize that this is still a hot wallet in USB Flashdisk hardware and security vulnerabilities are also still quite risky, such as malware that will infect from several different device users.

Tail OS only supports the old version of Electrum 4.0.2 and it needs to be upgraded to the latest version by downloading from the official Electrum website.
and Persistent storage is one of the features provided by Tail OS to be used as secure storage of user data and personal settings between usage sessions.

Persistent storage on Tails OS is encrypted by default using LUKS (Linux Unified Key Setup) or Veracrypt.

Yeah, as Loyce says, this is not a hardware wallet. This is a software wallet which may or may not be airgapped depending on how you use it. And if the USB drive isn't fully encrypted, then it's really only secure as storing your seed phrase in plain text electronically, which is not safe at all.

Any good Linux distro will work. Bear in mind that the version of Electrum which is prebundled with Tails is quite old - 4.0.2 which was released 3+ years ago. If you want to use the most recent version, you'll need to use the download (and verify) the relevant appimage as described here: https://electrum.readthedocs.io/en/latest/tails.html

And if you are using Tails, remember to set up persistent storage.

You should realize this is not a hardware wallet, and it's not cold storage either. If you enter your seed phrase on an unknown computer running from your own USB stick, a hardware key logger can still steal it. It's still a hot wallet, and therefore I'd always assume malware can get to it.
It's good to keep this in mind, but it will probably just work without problems.

I don't see how this is relevant. The Tor servers you use aren't related to the Electrum server you use. And Electrum doesn't have "a default server".

Electrum connects to multiple nodes to determine the block headers but fetches data from only one server.

MITM is still difficult in this case; connections are secured through SSL with the certificates. This makes MITM difficult unless you're intentionally choosing one that doesn't have SSL.

Routing doesn't impact security, especially so for onion servers.

True, but because many people do not know how to use a server, they can use it only as a sign.
I used it, and I don't care about that, I use it that way just to protect my private key. To Push and broadcast raw transactions, I used third-party sites which can be found outside, like bestchange, blockcypher, blockchair, and etc.

This is what I plan to try.
creating a Bootable Linux OS on a USB Flashdisk with Elecrum Wallet inside.

The goal is to make a portable hardware wallet from a USB Flashdisk, with good enough security and of course cheaper.
Only used to do a few main transactions and include protection when you want to open the Bootable Flashdisk.

The Linux distro that is suitable for Electrum and has been integrated is Tail OS.
It also uses TOR servers, so using the electrum wallet on Tail OS we get more privacy than others,

but on the other hand, because TOR uses a lot of unknown server circuits, it will certainly be dangerous if we use the default electrum server.
For that, we need to reset the Electrum server in Tail OS.

I am of the opinion that modern smartphones can never be reliably airgapped. You are taking a device whose sole purpose is to communicate in as many ways as possible and trying to stop every single one of those processes. A simple software switch - turn off WiFi, turn off Bluetooth, turn off NFC, turn on airplane mode, etc. - will never be as reliable as a proper hardware airgap which you can achieve on a laptop or computer by physically removing the modules in question. And we also know the NSA are still able to track phones with location turned off and airplane mode turned on, so they must still be transmitting some data. Which leads to the point - how do you verify your phone is not still transmitting information? How can the average person verify that the WiFi really is off, that the location data really is off, and so on? You can't.

And that's all without touching on the fact that the physical security of a phone is inferior to the physical security of a proper hardware wallet.

If you want a pocket size airgapped device, then buy an open source airgapped hardware wallet such as a Passport. A phone is a very poor alternative.

AirgapIt consists of two parts — airgap vault and airgap wallet. Let's put wallet aside since it'll be connected to Internet. But when the vault never connects to the Internet, where is potential to get comprised?


If it helps, It's open source [1].


Well, similarly take out the sim card, turn off wi-fi, turn on airplane mode?

---

[1] https://github.com/airgap-it

I wouldn't use unknown software for finances. And I wouldn't trust them to do what they say they do. You know the drill: Verify, don't trust.

Of course it is. At least this way you know what you're installing, and if you take out the Wifi card, you know for sure it can't connect to the internet.

For sure, you are doing it because you want to spend the money while at your computer and also when you are on the go with mobile with you only. In that case, it is ok to have your wallet login through private keys on both devices. But keep in mind that you do not store a lot of money (or all of it) on the hot storage and also you need to safeguard your devices from malwares etc.



How about using this software https://airgap.it/ for making your Android device as a cold storage? I have heard much about it but haven't used it.  Is there any loop holes here or using a personal computer without Wifi is a better option?

Those are hardware wallets that are airgapped, and you have to purchase them like every other hardware wallet, take note that it isn't all hardware wallets that are airgapped, many are not. You can find the list of airgapped hardware wallets here: https://bitcointalksearch.org/topic/airgapped-hardware-wallets-5361456

It is common practice that when talking about airgapped wallets we mean wallets that you create yourself on a completely airgapped device that is disconnected from the internet and will never be connected to one. Though it is difficult for newbies to create their own airgapped wallet and use it in a safe enviroment, so for newbies who cannot do this, it is better they buy a hardware wallet. Read to see how to create an airgapped wallet on Electrum: https://electrum.readthedocs.io/en/latest/coldstorage.html

Are you saying we can not buy air gapped wallets or are you saying the best practice is not to buy one and make them at home by yourself? Because there are many Air gapped wallet that we can buy online just like this articles contains some.

The Best Air-Gapped Wallets

If you are saying that we can not buy an airgapped wallet then what are these wallet. Sorry if i am asking childish question just to clear more i am still learning and hope to get some good replies thanks.

Keep in mind that having an entirely separate computer is not the only way to create an airgapped wallet. You can either use live Linux OS where you install and run the wallet each time recovering your wallet using the seed phrase you have written on a piece of paper; or you can just install the Linux OS on a bootable removable media like a USB disk to have persistence and store the wallet between restarts.
This old topic explains the second type for example: https://bitcointalksearch.org/topic/diybitcoin-cold-wallet-usb-stick-creation-step-by-step-guide-853288

No.

If you have an old personal computer, you format it and reinstall the operating system. You remove the WiFi card and the Bluetooth. You have made it airgapped already.

Hardware wallet is different entirely. You can buy a hardware wallet but you can not buy an airgapped wallet, you will make it by yourself.

I understand your concerns here buy DIY are not advice able to newbies and air gapped wallet are bought able so why hesitate to make them at home. But still i got your point and thanks for the clarification for the OP here. I do know what airgapped wallet is and still there are many options to buy airgapped wallets but i think if you are not newbie then the best practice is to make one at home and if you are not newbie then it's OK.

Air gapped wallets can be bought bro.

I have both phone and laptop. There was a time I have my seed phrase on Electrum on both my phone and laptop and I used them both for signature campaigns payment. This gives convenience.

I have unstoppable wallet for altcoins. Electrum and Unstoppable wallet with passphrase.

I have my laptop at home. I monitor my trading position at work or while not at home. I may need to transfer collateral or not. Example, I have $100 to risk on a centralized exchange, I opened 10x with $100. The remaining $900 will be on my Electrum wallet. If I am not at home, I am with my phone. If I am getting half close to liquidation, I send coins to my exchange account for my position not to get liquidated. I want to have the wallet only on desktop but my trading strategies can not make that work.

My campaign earning, I moved it immediately I see it.

There are some good reasons to have wallet on both phone and laptop, but we should try as much as possible to avoid malware and online attacks and to leave only little amount of money on online wallets. Because I have the wallet on both devices, it does not still mean I do not have cold wallets.

You're asking different things. In the title, you're asking if it's okay to install the same wallet on different devices. I'd say that's fine (as long as the wallet itself can be trusted).

Then, you're asking this:
I don't think this exists. The transactions (in a HD wallet) will of course be synced through the blockchain, but the wallet itself (including the address labels) won't get synchronized.

That will work.

Well, "it depends": you asked for "wallets that are secure", but you should also make sure the OS is secure. If you use the same wallet on different devices, you need to make sure they're all secure.
Will there be an issue? Only if your phone gets compromised. Or your desktop. And that's the issue: you don't know that until it's too late, but by doing so, you're doubling the risk. And that's why I wouldn't do it.

---

---

I think you need to take a step back: what are you trying to accomplish? If you own a small amount in Bitcoin that you can afford to lose, you can just do what you're suggesting. It will be very convenient and you know (and accept) the risk.
But, and I assume that applies to most people: if you want to get an increasingly larger amount of Bitcoin, it's better to create different wallets for different purposes (and that's what I do). Sometimes I use the same wallet brand, sometimes I use the same seed, sometimes it's watch-only, and some are different wallets. That doesn't mean they're all loaded, but that's not really the point.

And then there's privacy. If you have $5 trillion in your mobile wallet, your local barista may be tempted to hit you on the head. And if you buy a jet, you may not want the seller to know you bought 2 jets from his competitor the other day.
Separate wallets for different purposes are great for privacy!

I guess you're referring to hot wallets like web wallets (e.g. Blockchain.com) that need an e-mail and password to log in. If you do use a wallet like that, consider moving to other wallets asap since they are less secure. You also need to depend on another party to make sure you can still access your wallet if you never export your seeds before.

It doesn't offer "secure synchronization", if your wallet lets you access the privatekeys, you can actually access your bitcoins in any wallet regardless of the type of device with the default sync process (fetching data from the blockchain). Maybe you're talking about how to securely import the wallet to different devices, which one depends on how you do it.

I'm doing this for how many years while here and I never got a problem, when I'm away from home and can't access my PC, I used my mobile phone to access my Electrum wallet to transfer funds and convert to fiat without a problem.  But the most I like on PC version of the wallet has more features than the iOS wallet.  Of course, this is only intended for a hot wallet, not for a cold wallet.

It might be what you mean here is the hardware wallet, I never heard of someone selling an air-gapped wallet.

You don't buy airgapped 'devices', you create them yourself, by airgapped we mean a wallet that is totally disconnected from the internet and will never be connected to one; it is a DIY wallet. Let's say you download Electrum wallet on a completely airgapped device and verify your download, this wallet holds your keys that won't ever touch the internet, then on another online device you use the master public key of your airgapped wallet to create a watch-only version of the wallet, you use this to create and broadcast transactions that have been signed in your airgapped wallet, that's how it works. Though there are airgapped hardware wallets that you have to purchase, but that's not what my post was about.

Air gapped device are the most best advice you have gave here. But sometimes the access to but them is restricted due to the legislation of some countries i hope you understand my words here. But if the OP here has the access to buy air gapped devices then these are the best options but i think his intentions are not to buy any instead of logging in on two different devices.

And for that i think best practice is not to login on two devices at the same time. Thanks for vouching me here. I really appreciate your concerns.

Pretty much. The stumbling block won't be if your transaction is or is not opted in to RBF, but whether your wallet software supports creating and broadcasting an RBF transaction.

There are already several major pools mining full RBF replacements, such as F2Pool and AntPool. And even although a lot of nodes have not enabled full RBF, it is still fairly easy to get a full RBF replacement broadcast through the network. Given that the average node makes 8 connections to peers, with only 25% of the network running full RBF then each node still has a 90% chance of connecting to at least one full RBF node.

You can take a look here to see all the full RBF replacements being mined: https://mempool.space/rbf#fullrbf

The full RBF has been on node settings many months before I posted this: Bitcoin open source wallets that support replace-by-fee (RBF)

There are many nodes that have not change their setting to support full RBF.

When it is time we do not need to discuss anymore about opt-in RBF, nearly all or transactions should have been supporting full RBF.

Will that matter though, especially since when mempoolrbf becomes the default option on full nodes (right now there is still a little pushback but it seems inevitable that it will be turned on by default at some point in the future), you will still be able to bump the transaction fee of Bluewallet transactions, just not in Bluewallet itself but in another wallet?

Bluewallet supports Electrum wallet seed phrase importation, but know that any transaction made will not support replace-by-fee. Also this will happen if you import private key on Bluewallet. If you want your transaction to support replace-by-fee, use BIP39 seed phrase on Bluewalletnwhich is also the seed phrase that the wallet uses.

With the multiple wallets features that exist in Bluewallet, I don't think it will be a problem.
Bluewallet supports imports from several standard wallets including electrum and I have done it on the Android Bluewallet.¹

Everything depends on the user. If you feel doubt, there will be a problem, don't do it. Just use the Electrum Desktop to make it calmer even though the benefits of using a wallet in Mobile have ease when traveling.
Sometimes the need when traveling there is a possibility that it does not really require a lot of transactions.

---

1. https://bluewallet.io/features/

You can have the two wallets and probably not lose your funds, just the way you can have one hot wallet and not lose your funds, but it still doesn't mean that hot wallets are safe, because surely they are prone to hacking, and in your specific case, you are creating two channels that you can be attacked from without having a real purpose of doing it.
If it is your main wallet, run it on a totally airgapped device or use a hardware wallet, but if it is a hot wallet for spending on the go, then some of your advice here may help.

Then why put it on your laptop at all? All you are doing is doubling the attack surface, doubling the chance your wallet is hacked, and greatly increasing the chance you accidentally leak your seed phrase when importing it in to a new wallet.

If you are going to use your laptop very infrequently, then just keep the wallet on your phone. If you absolutely must interact with the wallet from both your phone and your laptop, then get a hardware wallet and pair it with both devices.

According to my experience it should not be a problem but the best practice i follow is not to logging same wallet on two different device. Because in this way the spammers, hackers have two doorways to break, let's say before there were only one and you were safe too as that door was not breakable but when you created second door then that door might be breakable most of the time the hacks and spams i have seen are on desktop or laptops.

Because most of the people prefer to use cracked version of different apps on laptops (windows or IOS) + Most of the user even do not use official windows or any other OS instead they download them from websites (pirated ones).

The best practice if you wanted to log in any type of wallet on desktop is to not to use any crack website, or software on your device try not to click on any links etc. Try not to attach any usb or any other external device which might be compromised and then i think you are good to go. But still, these are just my experiences that i am sharing with you i hope you will find these helpful.

Okay great I even got the solution of using desktop wallet (x brand) and synching it up with the another iOS app (y brand). So in the above case it seems to be combo of Electrum wallet and Bluewallet. I think I will give this a test run myself and see how it goes. I am doing this because I am mostly going to put it on laptop and use that very less. I will be having this over my phone because I would want to spend them on the go and I do not have viable option right now due to mycelium failure.

I understand the risk of having it on multiple devices but definitely we can have that much precautions while handling them and have best of both the world.


I think I will have to wait for @LoyceV until they get on their desktop and reply their long answer. I am excited about it as to why they wouldnt do it. Interesting.

I wouldn't do it.

LoyceV give the long answer from desktop please.

The real question is why do you need to do this?

If you are going to spend bitcoin in person or make transactions on the go, then you want your hot wallet on your phone. Is there ever a time you are using your computer and you don't have your phone with you, which would require you to have the wallet duplicated on your computer? For most people the answer to that is no.

If you are not going to spend bitcoin in person or make transactions on the go, then you don't need your wallet on your phone.

Every additional piece of software you import the same seed phrase to increases the attack surface for that wallet. Similarly, every additional device you import the same seed phrase to increases the attack surface for that wallet. There is nothing stopping you duplicating the same wallet across multiple pieces of software on multiple device, but is the increased risk really worth it?

Bluewallet? It is like that also on Android. There are times you just have to close the app and open the app back. Also if you make transaction, you better check the mempool to customize the fee. The fee estimation is not that accurate, especially few weeks or months ago. Recently that mempool is showing 7 sat/vbyte, Bluewallet will estimated highest fee priority as 6 sat/vbyte which is causing the recent inaccurate few estimation.

You can sync all your balance even with different brand because they are non custodial wallet.  Bluewallet and Electrum wallet is your best combo if you are an iOS since electrum is not available in there.

The only problem I encounter on iOS is the inaccurate transaction fee and very slow to update to recent transactions especially if you have multiple transactions made on different device with same private key.


No, as long as both device is secured.

No issue, but know that your wallet will become more vulnerable as it is online on two devices. One can be better, but also depends on how secure you make your device to be. Avoid malware and store just little amount of coins on it.

For high amount of coins, go for cold wallet.

For online desktop, you can go for Electrum, Sparrow or Spectre. Or Bluewallet, for MacOS.

On mobile, you can go for Bluewallet for Android or iOS, or Electrum for Android. Know that mobile Electrum does not have fee customization but it has fee slider, but which is not that accurate for me.

Mycelium wallet? I can not recommend it as a bitcoin wallet. It is not even supporting replace-by-fee.

I would personally not do that, I think the fewer devices the better (to reduce the risks), but yes, you can create an Electrum wallet on your desktop, and then use Electrum's seed on Bluewallet for example.

I got a very simple query to ask. I am recently switching from the Mycelium wallet because it has many issues in it's iOS version. It's not much friendly and frustrating to operate on the regular basis. The android version is good but I am not fan of it. Perhaps mycelium is in existence since 2012 but they have not progressed much.

Now I want to ask whether there are Wallets that are secure, synchable in between the desktop app and mobile app together?

For example if I am going to set up the wallet on desktop then I will have to enter the Private key there. In similar ways when I will set the wallet on my phone then also I will have to set the private key there.

Is it going to be issue to insert my private keys on two different devices?