Topic: Let's talk about security - page 2. (Read 516 times)

Heh. That's what Americans think.

^Here is the big illusion...

Everybody lives under the US law.

Everybody.

Semantics.
If he knew I had all the cryptocurrencies in the world and couldn't touch me, he wouldn't, and the knowledge would be useless to him.


I'm Argentinian, currently living in Buenos Aires. I never said Argentinian hackers are the greatest, I said they're considered to be among the best.
About doing damage, trust me, they're nasty. I can't possibly give you a marginally accurate picture of what living in here means. Let's just say I'd rather be anywhere else.


For what I read (again, remember I'm far from an expert), Tor obfuscates your entry point to the network, but the exit node can still be used to track you. Adding a VPN is said to close the circle.

Yes you are right, but you can be 100% secure if you want to, but someone can not be 100% private and anonymous, but the certain aspect to keep private can still be kept private but this require knowledge and experience.

He'd rob you if he ever found out you own cryptocurrencies. If he didn't, you wouldn't be his prey. So, it's a matter of privacy.

That's why I said it's stereotypical. There's no evidence that Argentina has the greatest hackers in sum neither that the Argentines are used to make damage. Just stereotypes.

So why did you want to add another “layer” of privacy protection (VPN) in front of it? You said it yourself; Tor obfuscates your identity to a high degree.

What I worry about is getting caught with my pants down if I can help it. If a guy tries to mug me on the street, I can defend myself (one did just that a few months ago. He couldn't), but if a guy robs me through my computer I'm helpless. I don't like the feeling.


None taken.
I don't belong to that "group", so I can only go by what I read or hear. 


I just want to be in a case when if I have to defend myself, I can do it. Right now, I can't.



I don't do shady stuff, but others do. I'm trying to make sure (best I can) they don't do it to me.


No such thing as impossible. Tor obfuscates your identity, to the point even US 3-letter agencies have been unable to crack it.


Oh, hell YEAH!!! 
Been using Linux since 2009. Best decision I ever made.
duck-duck go and adblock plus are second and third best.


I don't live under US law, so if the FBI wants my data, they can ask me, no problem.

No need to get paranoid about it unless you do some shady stuff.

It is also impossible to be 100% secure/anonymous. The moment you connect to the internet, your ISP knows that you are connected. You are already visible to them.

I only use linux and an adblocker and It works well so far. Dump windows right away, using windows is the single biggest mistake you can make. It is not open source so can't really know what data Uncle Bill is tracking and collecting from you. (on the top of that, you drive him fucking crazy by using linux and you can't name a price for having that kind of fun)

VPN's are crap too. If they go to NordVPN with an FBI warrant, I am pretty fucking sure they'll give them your data on a silver plate.

What you actually worry is your privacy. If you are somehow found to use bitcoin, you may get robbed and thus, be unsecured. But, you should be aware of how to protect your privacy so that you'll remain secure.

This sounds a bit stereotypical, no offense.

So what you want is to never happen to be in a case where you have to defend yourself. The above recommendations are fine to hide your identity. It depends, though, on how you'll buy and use those cryptocurrencies. For instance, if you use a bank to make the transaction, then your state can know it. Your options are generally limited. Retaining privacy in 2021 is a headache.

As usual, you guys are very informative. Thanks to all.

larry_vw_1955: I'm not really worried about the tax collectors. One of the (very few) good things about living in a lawless country is you don't really have any obligation to pay taxes, and nobody can do anything to you if you don't. The downside is you have to fend for yourself, because the police is just as non-existent as the tax agency.

The reason I'm worried about security is twofold: first, Argentinian hackers are said to be among the best (not surprisingly, considering Argentinians generally have  penchant for doing damage), and second, if you do get hurt (physically or financially or whatever), nobody protects you, you're screwed. The law here is so twisted that if you defend yourself, you go to prison.

ETFbitcoin: I'm setting up to use Binance. Might I have any problems if I use my wallet (I'm intending to use Tails on a pendrive with persistent storage and Coinomi) through Tor with them?
And yes, I am using 2FA authentication.

n0nce: yeah, I'm already setting Tails up, and I intend to never connect it to the internet. I am loving your steel idea though. Stainless steel. that would be one helluva way to store your seeds. 

Typically, if "something" costs USD 50 in the US, it costs about USD 300 to 400 here. To give you an idea, a few years ago I bought a gun. Made in Argentina. I could literally take a bus and be at the factory's doors in less than 40 minutes. That gun doesn't exist in the US, but a similar one (same brand) is about $300. I paid $850 for mine, on sale.

Pmalek: yeah, I'm already doing all that. just thought it'd be nice to add an extra layer  of security, just in case. in the (hopefully near) future I intend to have a dedicated computer for trading, and connect exclusively through Ethernet, but for now I have to use public wi-fi at a Starbucks store, so I'm getting very paranoid on that, especially since Starbucks has already had some "issues" with their network getting hacked in the past.

Charles-Tim: so, no Tor and no VPN. Got it. Thank you.

BlackHatCoiner: that's way over my head already. Guess I have some serious reading to do...

Again, thank you all for the replies. 

Yeah, this is correct but this also goes to while using SPV wallets. Having seperate wallets and changing the relay circuit each time for central server not to link addresses of seperate wallets together.

I know n0nce knows this, but it goes to Berny.

If you look up the balance of your addresses in clearnet, your IP can be traced and make yourself neither private nor anonymous. Visiting the block explorers from Tor won't work either, because the receiver (onion service) will query for different addresses, but from the same sender which can then link them. If you want to protect your privacy you'll have to change your relay circuit every time.

Or a much more private and easy way: Run a node.

For what Tor server are you talking about?

What kind of trading? On centralized exchanges and wallets, not advisable, some even block any VPN or Tor and only allow IP address from service providers to be able to make use of their exchange. On decentralized exchange, VPN is enough while only Tor can maximize the anonymity.

Pmalek has given you enough answers to that just to avoid repetition. Also you can have anti malware and frequently updating it, making use of ads blocker like Ublock in addition. If you avoid malware, your device will not be infected. About keyloggers, even bitcoin address will change to hackers address either when you copy and want to paste and send the address to a sender (someone that want to send you bitcoin) or while about to send to a receiver, checking and rechecking the address before sending can help and bring your notice to it, but avoiding malware generally will make this not even possible.

Why don't he just hold the seed phrase instead of the keys when we are no more in the nondeterministic (random) wallets era and now in deterministic (seeded) wallets era. This can still make this simple by backing up the seed phrase (which can generate the keys and addresses), the seed phrase can easily be backup on laminated paper or on metallic sheet.

There is nothing better than runing own node and have the privacy we need, but due to high ever growing bytes (over 430 gigabytes now) required to download the full blockchain to run full node or the discouraging aspect of a pruned node, some people do not just have option than to make use of the SPV wallets, while still just try all possible means to have privacy, but the way to have privacy starts from running own full node.

This might sound stupid and generic, but don't get phished or keylogged. Pay attention to the sites you are visiting and only download and install the most basic software that you need from the official sources. Don't click on unknown links, don't open emails and attachments from people you don't know, don't torrent, watch porn, and play with patches and cracks and illegal software on a PC you use for your financials. Doesn't matter if it's crypto or fiat-related. Verify and double-check everything you can.   

Why do you think using the TOR version is safer? Couldn't that be a great honeypot as well? Someone creates a TOR-only blockchain explorer that logs addresses. Your IP is protected, that's true. Unless the TOR server you are connected to is also malicious.

If your main goal is to protect the private keys; just keep them on a device that is simply never (really, never never) connected to a network. It can be a computer booted off a Tails Linux USB drive, but also a hardware wallet. You can trade even on a phone if you wanted; just make sure to withdraw funds to a machine / device that is fully offline, then you're good.

Privacy is another thing. But the topic is security; and there it's simplest and safest to have a dedicated device for holding your keys. No matter how paranoid you are, how many blockers, antiviruses, VPNs, etc. that you install; a dedicated device will be better.

If you want to go max level; ditch the 'device' entirely, and generate a secure offline 'paper' wallet using an offline machine and dice rolls & stamp the seed phrase into a piece of steel as well. It's easiest to protect private keys if they never leave the physical 'offline' world

---

On the word of privacy; if you look up your balance via normal blockchain explorers and SPV wallets, the provider of that site can and will link & save your IP address and the Bitcoin address you looked up. There are multiple ways to avoid this and it may deserve its own topic. I personally, since a long time, either look up addresses over the Tor version of blockchain explorers, or just use my own Bitcoin node.
http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion/
http://blkchairbknpn73cfjhevhla7rkp4ed5gg2knctvv7it4lioy22defid.onion/bitcoin/

---

For steel seed backup on a budget (e.g. if your USB drive breaks), I would recommend stamping or engraving any cheap piece of steel that you can find. You don't need the products made 'for Bitcoin' since they're often almost as expensive as a hardware wallet which you mentioned you can't afford right now. (though Trezor One is just around 50-60 bucks.... https://shop.trezor.io/product/trezor-one-white)

This is how I like to do steel backups nowadays: https://bitcointalksearch.org/topic/n0nces-steel-washer-backup-jig-customisable-5363596

Some exchange forbid you from using Tor, VPN or Proxy, it's likely your account will be suspended if you doing it.

---

ClamAV won't help you, here's a statement from their documentation.


Yes, your setup already more secure than most trader. I would advice you not to install unknown closed source app on your Fedora/Tails and enable 2FA on your exchange account, but i'm fairly sure you already do that.

anytime you go through some service provider, assume they log your ip address and any other identifying information like your bitcoin addresses and transactions that way if the government or law enforcement or taxing authority wants it they will give it to them. they all do that. without an exception. that's a safe assumption.

they might not be able to hack your actual seed phrase unless the wallet has a backdoor but they dont need to do that. they being the powers that be.

to be really safe one has to use monero. but that's another story i suppose. and not everyone wants to have to do that. oh and even then at the end of the day, in places like the usa, when it comes to tax evasion issues, one is presumed guilty and has to prove their innocence  that's quite a pickle to be in let me tell you.

Not really. I read many emails on the ledger site (examples of emails users have been getting) from several kinds of criminals (scammers, extortionists, etc). Now, it's not like they're gonna scare me into giving them a single penny, but if I can avoid the issue, I will. Especially if I save money in the process.

My friend told me that Ledger corporates with law enforcement (which countries? I haven't got a clue.) to seize crypto in their hardware wallets. Does your paranoia have anything to do with that?

Thank you all.
Law enforcement in my country is kinda "loose", to put it very mildly (it's a lawless sh1thole, to be honest). that's why I want to be as safe as I can before I mess up. I agree what's important is what people think you have, so I usually don't share my successes (especially when it's about money), which is the reason I want to keep my transactions anonymous if at all possible. Way too many prying eyes...
I also read plenty of horror stories about people getting targeted for using hardware wallets (especially the Ledger), and either way hardware wallets are absolutely unaffordable to me right now, which is why I decided on using Tails on a thumbdrive. Definitely cheaper (I already have the drive), and safe, as long as you don't connect to the internet.

I have a feeling that if you do trading on centralized exchanges with such a setup, sooner or later some may ask you for extensive KYC and such.
At least for VPN, there was this topic just 2 weeks ago: Is it safe to use Binance on VPN

Imho you're overthinking it.
A safe OS is good, hardware wallet is better, using hardware device for 2FA (some of the hardware wallets can do that too) is even better (although I didn't try this yet myself). If you want to be safe, these are some of the checkpoints. Also plausible deniability may be important too, see Necessary reminder: watch out for $5 wrench attacks