Author

Topic: Having a wallet on both Windows and Android (Read 217 times)

legendary
Activity: 2268
Merit: 18748
August 26, 2021, 12:26:35 PM
#20
I think it will be the next step towards greater privacy
Linux Mint is a very easy step from Windows, along with a huge community to help with any troubleshooting you might have. You can always partition off a portion of your hard drive and dual boot so you have Windows to fall back on if you need to. The privacy and security improvements are worth it on their own, not to mention how much faster and lighter on resources it is.

Indeed, Ledger shop hack was a huge blow. And being careful how you buy is very useful nowadays.
Yeah, I would be pissed if my details had leaked in the Ledger hack, as I'm sure plenty of forum users are. It's another reason I think airgapped wallets have the edge over hardware wallets, if you are able to set them up and use them correctly. Buying a hardware wallet? Obviously you own crypto. Buying a Raspberry Pi or second hand laptop? Reveals nothing.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
I also used to advise others to buy a hardware wallet, but after everything that happened with Ledger, the only way to properly buy such a device is directly in a physical store at authorized dealers or by using a PO box without disclosing personal information. We have come to the conclusion that it is no longer just what you buy and how you use it, but also the way you buy something.

Indeed, Ledger shop hack was a huge blow. And being careful how you buy is very useful nowadays.
Still, even with the address leaked, the funds are most probably safer with a HW than without. Especially if the daily use means Windows and Android.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
This is one of the reasons I own and I keep suggesting people get a hardware wallet. (The other reason is that I feel that Android is even worse.)

I also used to advise others to buy a hardware wallet, but after everything that happened with Ledger, the only way to properly buy such a device is directly in a physical store at authorized dealers or by using a PO box without disclosing personal information. We have come to the conclusion that it is no longer just what you buy and how you use it, but also the way you buy something.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Just switch to a Linux distro which is constantly updated. Wink

I think it will be the next step towards greater privacy, although for now, I work quite well with W10 which is far from a perfect OS, but they have regular updates which with the addition of paid AV and firewall + MB Premium give me a very good sense of security.

While I also use win10 on the daily basis, I won't be fooling myself about its security.
0day exploits have a good chance to reach you/me before the update is installed.
The AV specialists have to meet a malware in order to get its signature, hence it may be late for you/me.
A good AV doesn't allow install/modify of various specific parts (install, registry, ...) which you may disable by hand for being too annoying or, at least temporarily to run something (new) you want.

There are plenty of cases Windows can get into trouble, even if it's win10.
This is one of the reasons I own and I keep suggesting people get a hardware wallet. (The other reason is that I feel that Android is even worse.)
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Everything you download or install is a potential security risk.

I'm fully aware of that, so I only use proven apps that have millions of downloads and have been around for a long time - I'm not one to like to experiment too much, and I honestly find most apps in the Play Store completely unnecessary. We cannot completely avoid risks, but we can minimize them

Also take a look at what all your browser extensions are doing, since everyone seems to install dozens of unnecessary ones.

Apart from uBlock and Privacy Badger I don't need anything else, I think I'm pretty sure from that side.

Just switch to a Linux distro which is constantly updated. Wink

I think it will be the next step towards greater privacy, although for now, I work quite well with W10 which is far from a perfect OS, but they have regular updates which with the addition of paid AV and firewall + MB Premium give me a very good sense of security.
legendary
Activity: 2268
Merit: 18748
some just install a lot of apps without checking what exactly it is, others like me are pretty careful with each new app.
Everything you download or install is a potential security risk. I remember reading about someone who downloaded an emoji pack for their phone, it asked for permission to access their keyboard which they obviously granted since it was required to work, and it ended up being a keylogger in disguise. I would encourage everyone to go in the app permission settings on their phone and have a look at just what apps have what permissions. You'll be surprised by the security risk of having so many apps accessing your keyboard and data, and the privacy risk of have so many apps unnecessarily accessing your location, microphone, camera, etc. Also take a look at what all your browser extensions are doing, since everyone seems to install dozens of unnecessary ones.

because most did the same thing when Microsoft stopped supporting Windows 7, I used it until the very end.
Just switch to a Linux distro which is constantly updated. Wink

Why do you buy a hardware wallet to use it as a cold storage? I don't get that. If you just want to create a seed phrase and deposit your coins for future usage, why don't you do it with the airgap way?
As much as I prefer using airgapped encrypted cold storage, you have to appreciate that it is harder to do, and much harder to do well, than using a hardware wallet. Not everyone has an old device lying around they can dedicate to be an airgapped device. Not everyone is comfortable using a different OS, or live booting, or really knows how to airgap a device in the first place. Whereas everyone can plug in a hardware wallet and follow the instructions.
HCP
legendary
Activity: 2086
Merit: 4361
I don't know how the hackers use their own server and connected to the Electrum users at that time.
They didn't connect to the Electrum users... the Electrum users connected to the "bad" servers. The hackers spun up literally thousands of "bad" servers using AWS and other VPS providers to try and dominate the network of Electrum servers. This increased the chances of users with the "select server automatically" option (it's the default) connecting to a "bad" server and getting the phishing message when attempting to send a transaction.


Lesson to learn, always use an official website and verify first before hitting the download button.
And then verify digital signatures after the application is downloaded.

Just because it's the official website, doesn't mean it hasn't been hacked! Tongue  I remember with one of the Bitcoin forks (BTG Gold from memory), that their "official" Github got hacked, and the hackers put up fake versions, which were linked to from the official website.
legendary
Activity: 2492
Merit: 1232
However, I have used Electrum for how many years both PC and mobile and I don't have any problem.  I store only a small amount and I confidently recommend it's safe as long as your device isn't compromised or infected by malware.

If anyone knows how to use Electrum in a safe way, then even a hot wallet can be a relatively safe option - but we all know that few verify the file before installation, and that many have fallen victim to what happened in late 2018. I’m not claiming that something similar will happen again, but I’m sure hackers aren’t resting knowing it’s one of the most popular crypto wallets and I’m sure they’re looking for any new vulnerabilities.
Yeah, it's still fresh to remember that time that I even almost fall to them, a good thing I always head up to the official site upon updating an Electrum app on my device.  IIRC, it was a huge Bitcoin that has been a steal at that time, and most commonly newbies are the victims, it seems to be true, in your app there's a pop-up message and looks like an official message of Electrum says, update you Electrum to the new version and the URL link leads you to the phishing link.  I don't know how the hackers use their own server and connected to the Electrum users at that time.

Lesson to learn, always use an official website and verify first before hitting the download button.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Yes, I have just ordered a Trezor cold wallet and will put the bulk there.
Why do you buy a hardware wallet to use it as a cold storage? I don't get that. If you just want to create a seed phrase and deposit your coins for future usage, why don't you do it with the airgap way? You'll have to simply install an OS temporarily (preferably an open source one like Linux) and once you write down your seed phrase and your master public key, and you've left no keys or OSes anywhere, you've succeeded on having a cold storage.

People usually buy hardware wallets to feel more secure in their everyday purchases. If you just want a cold storage and buy a hardware wallet for such purpose, you'll have to destroy it afterwards. You should find it more beneficial and practical to use Electrum as a cold storage.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
However, I have used Electrum for how many years both PC and mobile and I don't have any problem.  I store only a small amount and I confidently recommend it's safe as long as your device isn't compromised or infected by malware.

If anyone knows how to use Electrum in a safe way, then even a hot wallet can be a relatively safe option - but we all know that few verify the file before installation, and that many have fallen victim to what happened in late 2018. I’m not claiming that something similar will happen again, but I’m sure hackers aren’t resting knowing it’s one of the most popular crypto wallets and I’m sure they’re looking for any new vulnerabilities.



Good points and good information--I didn't realize smartphones had that many security problems, and you're right about most people thinking they don't need as much protection on their phones.  I'm one of those, and I appreciate your post.

The risk is always there, it's just not the same for everyone as @Pmalek says - some just install a lot of apps without checking what exactly it is, others like me are pretty careful with each new app. Also, when my smartphone stops receiving updates, I'll look for a new one - because most did the same thing when Microsoft stopped supporting Windows 7, I used it until the very end.

The point is that protection should not be directed to just one device, because smartphones and Internet modems are also vectors of attack, but probably all other devices that have access to the Internet.
legendary
Activity: 2730
Merit: 7065
I didn't realize smartphones had that many security problems, and you're right about most people thinking they don't need as much protection on their phones.  I'm one of those, and I appreciate your post.
It basically comes down to what you use your phone for. Don't poke the bear if you don't want to get attacked. If you aren't someone who needs 40 different apps, games, widgets, or add-ons, a mobile wallet is a decent solution to work as your hot wallet. Each of those unknown apps is a new potential threat to your security and privacy anyways. Just keep it to a minimum and apply the same logic you use on your home PC to your phone as well. That includes not visiting weird websites, opening email attachments, etc. Phones also have anti-virus software and ad blockers.   

...you never know who's going to gain access to your phone, whether it's a thief, a snooper, or law enforcement.
Chances of something like that to happen are of course higher if you carry that device with you all the time like you do with a phone. But a thief can also rob your home and turn your life in a nightmare   

And given how risky it is to store coins on your phone (as Lucius has pointed out), why risk it?
Lucius is right when he talks about certain brands stop receiving new security and system upgrades. I am stuck on Android 9 for example and haven't had an update since October 2020.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Yes, I have just ordered a Trezor cold wallet and will put the bulk there. But I still prefer Electrum over my other warm wallets, which I only trust for things like chasing up forked coins.

As pointed out, all that touches the internet is not 100% safe.
I would suggest another setup based on your Trezor:
1. Generate a new seed on Trezor, write it down (keep it super safe!!) and send the bulk to that wallet.
2. Reset the Trezor to a new seed/wallet and put the rest of the money there.

This will allow you have a good enough security for your daily funds, while the bulk will be safe in something pretty close to what a paper wallet is.
And for the bulk of the funds you know the address where you've sent to those funds, you can check them on a block explorer.
legendary
Activity: 2492
Merit: 1232
Yes, I have just ordered a Trezor cold wallet and will put the bulk there.

Don’t be fooled by the idea that Trezor is a cold wallet, because any crypto wallet that connects to the internet at some point can’t be in that category. If you want a real cold wallet, then get yourself a computer just for that purpose, make sure that there is no way to access the Internet and if you do everything right, such a wallet will be safer than any hardware wallet.
I tend to agree and that should a hardware wallet must be air-gapped for the security purpose, the device or the system that you use for example your personal computer, laptop, and netbook should be fully disconnected from the internet or any networks, or any connected devices that could protect your wallet from any possible hacking.  It's always prone to hack a device that is exposed always on the internet.

However, I have used Electrum for how many years both PC and mobile and I don't have any problem.  I store only a small amount and I confidently recommend it's safe as long as your device isn't compromised or infected by malware.  And follow the suggestion above, create a watch-only wallet for the monitoring of your Bitcoin weekly or monthly.
legendary
Activity: 3528
Merit: 7005
Top Crypto Casino

Good points and good information--I didn't realize smartphones had that many security problems, and you're right about most people thinking they don't need as much protection on their phones.  I'm one of those, and I appreciate your post.

OP, you got your answer already but I just wanted to chime in and say that I think storing crypto on a smartphone (or even having a wallet on one) is a bad idea in general.  I know a lot of people might disagree with me, but you never know who's going to gain access to your phone, whether it's a thief, a snooper, or law enforcement.  Do you really want anyone to know that you own bitcoin or even have an interest in it?  I'd rather keep that information to myself, personally.

And given how risky it is to store coins on your phone (as Lucius has pointed out), why risk it?
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Yes, I have just ordered a Trezor cold wallet and will put the bulk there.

Don’t be fooled by the idea that Trezor is a cold wallet, because any crypto wallet that connects to the internet at some point can’t be in that category. If you want a real cold wallet, then get yourself a computer just for that purpose, make sure that there is no way to access the Internet and if you do everything right, such a wallet will be safer than any hardware wallet.

See more here _ https://electrum.readthedocs.io/en/latest/coldstorage.html

If unfamiliar, read before using Trezor _ https://donjon.ledger.com/Unfixable-Key-Extraction-Attack-on-Trezor/

Quote
From our understanding, there’s no way to patch it, there is only one mitigation: the use of a long passphrase.  In this context, as the seed itself can be considered as public, the passphrase should be long enough to prevent brute-force or dictionary attacks.
member
Activity: 60
Merit: 13
Fees are now low for Bitcoin so you can easily split your coins in multiple wallets for your safety, and use cold wallets for larger amount of coins that are just for holding.

Yes, I have just ordered a Trezor cold wallet and will put the bulk there. But I still prefer Electrum over my other warm wallets, which I only trust for things like chasing up forked coins.
legendary
Activity: 2212
Merit: 7064
I wanted to ask, because I have also got a smartphone now with Android, which I know is better with security issues.
You should have strong and different passwords for your phone, computer and for Electrum wallet, in case you lost access for any of them it may slow down other people from stealing your data.

If I were to also download an Electrum wallet set-up on my phone, could I access the same wallet without any problems? So it would be like internet banking, say, when you can view the same account through the web or on the app?
Coins are actually stored on blockchain, not on your phone or computer, so you can use both wallets with same keys, but I would not suggest that you keep any significant amount of coins on hot wallets like this.

Fees are now low for Bitcoin so you can easily split your coins in multiple wallets for your safety, and use cold wallets for larger amount of coins that are just for holding.

legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I wanted to ask, because I have also got a smartphone now with Android, which I know is better with security issues.

The issue of security of these two operating systems is debatable, but I find Android to be much more vulnerable than Windows 10. The reason I think so is that people still pay more attention to the security of their personal computers (at least some) than to the security of their smartphones.

By that I mean a good part of the computer has at least some kind of antivirus/firewall, and regular updates - while most smartphones don't have that kind of protection because people think they don't need it - which means the malware infection is much higher. In addition, smartphones after a while lose customer support and stop receiving security updates, which is just an added risk for anyone who has crypto wallets on such a device.

I agree with @ETFbitcoin, two different devices with the same seed/private keys are a double risk - it is much better to have a new crypto wallet on a smartphone, and in case you need some coins to spend on the go, just transfer them from the main wallet.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
If I were to also download an Electrum wallet set-up on my phone, could I access the same wallet without any problems? So it would be like internet banking, say, when you can view the same account through the web or on the app?

Yes and yes. But if you just want to see your wallet status (current balance, transactiion history, etc.), you could just create watch-only wallet by importing your current wallet's master public key (xpub). That way there's no security risk if your Android is compromised.
member
Activity: 60
Merit: 13
Hello. I have an Electrum wallet which I use on Windows 10 on my PC. I know the security issues, but I just prefer the larger screen for seeing what I do and not making mistakes. I have been careful so far. I only have one default wallet and have the keys.

I wanted to ask, because I have also got a smartphone now with Android, which I know is better with security issues.

If I were to also download an Electrum wallet set-up on my phone, could I access the same wallet without any problems? So it would be like internet banking, say, when you can view the same account through the web or on the app?
Jump to: