Topic: Privacy issues when purchasing hardware wallets (Read 228 times)

Hardware wallets that fully support partially signed transactions are Passport (by Foundation) that is forked from ColdCard, Keystone and I think Jade should be able to do that with recent firmware updates, but I am not 100% sure.
All hardware wallets I mentioned can be used offline as airgapped devices, and they are communicating with camera and QR codes, that is much better than what Coldcard wallet is doing.
All other hardware wallets also support PSBT maybe not natively, but you should not care much about that.

Of all the methods you posted, is there one that allows for partially signed transactions (like ColdCard)? Not being able to sign transactions offline is a major issue for me.

The reason why you're buying a hardware wallet is because you had cherished your priva with utmost concern and on the same line be more cautioned that kyc may git introduced into the whole thing if care is not taken through the acquisition of one, anything that will subject you to forms or giving details about yourself is a means to track you, some have through this totally misunderstood the means in which they acquire their hardware wallet being not privacy and security conscious at the course along the line.

It was in my list when it was open source wallet, then they decided to change source code to common clause + mit, that is not allowing anyone to use their code.
EVerything started after Foundation Passport wallet came out that used thier code, but it is superior device in every way, with open source hardware and software.
ColdCard is still ok hardware wallet to use, but I just don't like direction it is going and their owner NVK  is ego freak and hypocrite.

I was wondering why ColdCard didn't make your list as I've heard many good things about it, and then I ended up slam-bang in the middle of your debate with nvK on licensing lol. Objectively-speaking (completely disregarding any licensing issues), what do you think of the Mk4?

I definitely would never recommend this. Buying from an official reseller is the absolute limit of what I consider acceptable, and even then I still have reservations when compared to buying direct from the manufacturer. Buying from a random third party is just asking for trouble. You have absolutely no idea how many people have had their hands on that device or what they might have managed to do to it. Yes, good hardware wallets have built in verification process and cryptographic checks, but for every vulnerability or way to bypass these checks that is found someone has to be the first person to do so.

Probably worth point out that this was only possible because the Trezor device in question was running old firmware which contained a specific vulnerability. This was patched years ago and so this is no longer an issue.

Because Trezor has no secure element. Which leads to this: https://www.youtube.com/watch?v=dT9y-KQbqi4

edit: though this might be a good thing because they tend to be proprietary (eg. ColdCard, Ledger, etc.)

I don't know why these people giving sensitive information to the ledger if you can able to buy from a local distributor or trusted seller near your area.
If you don't know check the list of distributors here https://www.ledger.com/reseller

And actually, when I buy a product online I can use any name I want if the distributor or reseller is selling online you can use a different name or give a different address like what o_e_l_e_o said.
Or you can buy from someone p2p just make sure to check the device if it's authentic follow the guide here below.

- https://support.ledger.com/hc/en-us/articles/4404389367057-Is-my-Ledger-device-genuine-?docs=true

Or else make a paper wallet or cold storage if you are planning to hold them for a long time.

You can always buy hardware wallet in your local area and pay with cash, some devices are even sold in Best Buy, but there is always alternative of ordering online to PO boxes and using alternative personal information, temp email and phone number.
But if you are going down this path than you should do this for every other purchase you are doing online, not just for hardware wallets.
You can also make your own open source DIY signing device like SeedSigner (using Raspberry Pi) or using ESP32 devices to do something similar.
Here is one list of devices you can check out:

• Trezor DIY Wallet
• PiTrezor DIY Wallet
• Specter DIY Wallet
• SeedSigner DIY Wallet
• Krux DIY Wallet

There is nothing wrong with that option, you just need dedicated laptop and you use it only for crypto, and flash drive can be used for TailsOS.
Only advantage of hardware wallets and signing devices is smaller size and easy portability.[/list]

There are ways to buy a hardware wallet without giving away your personal information. You can find an official reseller in your country and buy from a physical store using cash. You can have it posted to a PO Box or using general delivery, so you do not have to give away your address. You can also buy it using a pseudonym with delivery to a different address (if you have one you can use). And of course if buying online pay using well anonymized bitcoin and not a fiat method which is traceable to your real name.

If you are planning to hold for a long period of time and transact very rarely, then a paper wallet can be a good choice. However, setting one up securely is significantly more difficult and has significantly more risks than using a hardware wallet, as does when you come to actually spend from the paper wallet. I would not recommend that your first attempt at making a paper wallet is then used to store the majority of your funds.

The site linked to in the thread you have linked (bitcoinpaperwallet) is a known scam. Do not use it! Please also edit your post to remove the link to this scam.

This is not correct. A properly set up Electrum cold storage wallet is just as safe, if not safer, than a hardware wallet. You download Electrum on a separate device, verify it, and then transfer it to your airgapped device using a USB drive. Your airgapped device remains permanently airgapped and the wallet on it never connects to anything, but simply signs transactions created elsewhere and imported using a QR code or USB drive.

Creating cold storage using Electrum is not secure as hardware wallet since you're still connecting to internet to download Electrum or you're connect it with your insecure device. The device either Android and IOS aren't secure too since we don't know what's the other applications will do, you can't delete all of the applications that installed on your device. The @OP himself is care with his privacy, using Electrum that connecting to centralized server will leak your privacy, you must need to run full node.

The safest and secure way to create cold storage is this tutorial, but it's really complicated to done [Guide] Secure air-gapped crypto wallet storage method.

This guide is not about creating paper wallets. It merely describes one of the several ways how you can generate your own randomness and convert it to meaningful words from BIP39 without relying on any hardware or software tools that do the same job but better and faster. If you're not experienced enough and don't understand precisely how the generation algorithm works and why it works this way, it is not recommended to do things manually because there is a high probability of you losing all your money due to stupid mistakes. Even worse, if you decide to generate addresses manually from your manually generated seed phrase, the chances of you messing things up are almost hundred percent because doing sha-256 or ripemd160 calculations requires hundreds of hours of intense and incredibly complex math manipulations, which is infeasible for a normal person. I'd say just buy a reputable hardware wallet like Trezor, and don't complicate your life by reinventing the wheels.

Electrum wallet is a SPV wallet. Simplified Payment Verification wallet is a wallet that does not need to run a full node to receive and send bitcoins. It is light enough to use on USB stick.

Electrum: https://electrum.org/#download. You can use Portable versions but must read Security Advice.
Warning about portable versions

[Guide] How to Safely Download and Verify Electrum

Mobile-phone Electrum cold wallet

If you use Electrum wallet, have questions, you can ask in Wallet software (Electrum).

Using Tail OS is good too. How to Install Tails OS on USB flash drive for Wallet Purpose

There are services out there that will buy the hardware wallet on behalf of you, but expect an additional fee for that.
Also, as what mentioned above, Trezor seems more reliable when it comes to privacy, but of course you need to trust them for that. Here's a guide on how to buy a hardware wallet^[1].

This is hassle and looks like just experimental and probably not secure. I would prefer to use an existing way, how to create paper wallets or wallets from open source software and generate in an offline device or simply using an air gapped device.

Creating cold storage using electrum is one of the secured and easiest way to create one.

[1] https://bitcointalksearch.org/topic/--5288201

---

Edit: my bad, removed the linked thread.

Why do you go from dismissing Ledger to considering a paper wallet? Trezor has not had Ledger's problems, they delete data after a certain time and they are open source, so they are a better option. In general, to set up a paper wallet you have to know what you are doing.

See this thread: Andreas Antonopoulos says to stop using paper wallets, do you agree?

The Ledger debacle that caused the leak of customer information (down to their home addresses) is making me hesitant in purchasing a hardware wallet. There is ColdCard that claims they only hold customer information for tax reasons and then they delete it, but I'm not convinced. It only takes a bad actor within the company. Should I go for a paper wallet instead? What is the proper procedure in creating one? For what it's worth, I'm not going to transact at all except stack sats when I can and hold them for the long-run, maybe for the day I'll be able to purchase my morning coffee with it. 

I've found this resource, is this proper procedure? The guide is incomplete though as it doesn't say how to generate the address from the mnemonic. Could someone fill in the rest?
https://bitcoinmagazine.com/culture/diy-bitcoin-private-key-project

Or is Tails OS/Electrum preferred?
https://www.youtube.com/watch?v=yzJ9bRFkwmo