Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 141. (Read 966173 times)

A Trezor acts as firewall between "the wallet that can be easily stolen from an USB stick" and your host.


Given that a Trezor and a pure offline machine are pretty similar, I tend to disagree here. Pro argument for Trezor: a pure offline machine is still a much more complex machine than a tiny single purpose device, even though, in reality, it's actually not a single purpose device, but a mini version of the complex machine, further restricted by some software as per default.

Assuming both Trezor as well as offline machine are never ever exposed, then they are even. Exposing one of them adds risk, that is without any doubt. A Trezor is likely more secure in an exposed context.

But the initial question was: is an exposed Trezor more secure than annever exposed offline wallet, right?



Well, just keep the offline machine isolated. Create your keys offline, sign your transactions offline. There is no need to connect the offline machine to an online machine or any other machine, ever. Moving data between devices via USB is by no means required, assuming you move data by hand or some other air gapped mechanism. Start here, if you want to use Bitcoin Core, but I'm pretty sure Electrum and especially Armory provide a way to handle offline transactions as well. Think of it this way: where you act as connection between the offline machine and the online machine by moving data around by hand, the Trezor basically does the same, whereby the firmware of the device fulfills your role of moving only the data that is considered as accepted. I think the key difference and the lack of comparsion in the whole discussion is rather based on the assumption that a Trezor is usually connected more frequently, because that it's purpose, while a pure offline wallet is usually used very rarely.


Fully agree. Trezor is a great device and adds a nice layer of protection.


Nevertheless and by the way, it sucks to see some of you guys actually flame gweedo. You may argue about the way his problem was presented, but this doesn't magically solve any problem, which is, without a doubt, exisiting. That said, one of my first experiments with my Trezor was the attempt to feed it with data it probably doesn't understand, namely m-of-n multisig transactions. Guess what: the result was a never ending loop of errors which resulted in a complete browser freeze which I was only able to tame after unplugging the device. That being said, if this wasn't done intentionally and if real coins were involved - which I still could not access (for whatever reason that might be) several days later.. oh well.

My experience with the support was actually fine, with a response in probably less than 6 hours, assuring me that this problem is "known and taken care of by the devs".

PS. However it is true that I have very low opinion of many bitcoin companies, and I am rooting for their failure.  In particular, I view all the bitcoin investment funds as scams: they try to make bitcoin seem an attractive investment, when in fact it is gambling in a lottery with unknown odds and payoffs.   

You do know most these laws apply to legal tenders, and not bartering, which is what it really is called. Since bitcoin is not legal tender, we are technically bartering, which is subject to different laws.

Also I should get back what I paid, if they keep it in stones and sticks, I should get back bitcoins. I only supported them by pre-ordering and having about 5 people pre-order with me as well.



Yes because it would net gain of nothing nor a net loss. I rather get back exactly what I paid with. Only fair way to do it in my books to be honest.


That is why I opted to use escrow so I can't swindle them and they can't swindle me. Also my trezor is basically unusable so I really don't want to keep it.

Can't you see that I am NOT attacking the company, but trying to help it and its clients?


I gave some suggestions (keep it as simple as possible, make the firmware read-only, make the case a bit harder to fake/tamper, ...)

But some risks are probably not fixable, such as the need to trust the manufacturer, hijacking in the mail, social engineering and address substitution ... 

Clients must be warned of those risks, and the warranty must be carefully worded so that the company is not held liable for losses that come from them.

No he only wants what he's entitled to, $300 + 3 btc and to keep his Trezor

I have a hypothetical question for you. Lets say bitcoin had crashed all the way and were currently now worth $1 each, would you still be wanting your refund in btc?

In Czech Republic, accounting act #563/1991 § 4/12 mandates that all accounting is done in Czech Crowns and § 24/2a mandates that the value rate is taken at the day of the payment. Here is the law to calm gweedo's lawyer and Jorge's cynicism: http://www.zakonyprolidi.cz/cs/1991-563

And Jorge, I understand that you are skeptical about BTC. I read your "Beware of Bitcoin" pamphlet yesterday. But I don't understand why do you need to attack every Bitcoin related company? Guys are trying to improve security and they are very open about it. You already told us what are the potential threats about the device. Can you tell us how would you improve it? If they can't improve it, maybe Brazilian government can start making the devices that you will be able to trust based on their open-source software/hardware. Isn't it a good thing?

I'm not the one that needs being convinced.


oh ok so you're only trolling here, not trying to improve things. duly noted.

That's ridiculous.  I have helped enough already, if you can't see the risks, I don't care any more. You have bitcoins, I don't; so bitcoin theft is  your problem, not mine. 

Just ignore him.

Your comparison is inaccurate, because a wallet file on a USB drive is just as easy to steal as a wallet file on a hard drive, if it's plugged in. Trezor isolates the private keys from the computer, which is the whole point. The host computer sends the Trezor the transaction, the Trezor signs it and sends it back, then the computer broadcasts it to the network. The private keys are never accessible by the host machine.

It's less secure than paper wallets in the sense that there could be some sort of bug that would expose your seed, or individual private keys somehow. You can't get total isolation and also be able to use the private keys (if you know how that could be done, I'd be very interested in hearing about it). Trezor is, right now, the best of both worlds between hot and cold wallets.

It's extremely safer than paper, especially when spending

This forum documents that they are refusing to talk to you, not refusing to fix it. And I told you many times that you never payed for the myTrezor web wallet service. I repeat, YOU PAID ZERO BTC/USD/CZK/whatever for the web wallet. It's free. What does your lawyer says about that? My lawyer says that you cannot be refunded for your device just because the free service from the same company does not work for you.

I'd vote for either that or back up your security questions with code, exploits, real life scenarios, anything. It's all fun to come up with theories when (almost) all code is here for everyone to see, but doesn't really serve any purpose in my opinion.


I haven't seen anyone else mentioning his lawyer in this thread. Or perhaps he's working for free and like answering your questions, then it could be nice to share his contact, as I always wanted to meet that kind of lawyer 


so, problem solved, and people already gave you multiple options to recover your funds, either with or without Trezor (and yeah, the double spend is not an issue - given the time you had to push it yourself)

 

LMAO it isn't my preferred anything. They told me the device costed 3 BTCs, I paid 3 BTCs. Do you even know how courts work? I love these monday morning legal teams. We technically bartered I was promised a device that I can use, I can't use that device due to their service not working properly and then refusing to fix it, which is actually quite well documented on the forum.

But I am not taking legal action, I just want a refund, and to use escrow so I don't get swindled again. But I doubt I will get it, and I will just hold on to the device and sell in 5 yrs for a profit since it is a collectors item now.

I understand that that is your preferred interpretation, but I bet that the courts would not agree.   In the US bitcoins are not currency but merchandise; I do not know in Czechia but I bet that the court would take that view.    Courts usually do not count as "loss" a profit that you could have made if you did not give something to the merchant  (in this case, the money that you could have made if you had saved those BTC and sold them today). 

On the other hand you may be able to get damages, if you convince the judge that you lost money because of their fault.   I wonder how you could prove that, though.

But, sincerely, I would not feel sorry for Satoshilabs if they are forced to refund you 3 BTC.  It would teach them not to quote prices in BTC (and, more generally, that business and religion do not mix). 

(Sorry for being cynical.  Maybe I need to take a long break  from this forum.)

They weren't priced in euros or usd when I purchased mine, they were priced 3 BTC for mine and 1 BTC for the plastic.

Seems I did, sorry. 

But I stand for the first point (about the refund).  If the 3 BTC that you send them were worth X euros when you send them, you paid X euros, and you are entitled to a refund of X euros.

You are combining like three different threads. I paid 3 BTC and looking for a refund of 3 BTCs. He made an offer on my device and I told him what I thought about his offer. I never said refund me what I think the device is worth. Please read and understand what I write, not that hard.

The refund is usually what you paid, not what you dream that the device is worth.  If you paid in BTC, the amount to be refunded is the (amount of BTC you paid) x (BTC price at the time you paid).

Besides, if the Trezor it is worth more than 330$, then you should pay the difference to satoshilabs. 

That said, a company that sets prices and does its accounting in BTC knows nothing about marketing and even less about accounting.