Author

Topic: Privacy issues when purchasing hardware wallets (Read 228 times)

legendary
Activity: 2212
Merit: 7064
December 26, 2022, 11:40:23 AM
#16
Of all the methods you posted, is there one that allows for partially signed transactions (like ColdCard)? Not being able to sign transactions offline is a major issue for me.
Hardware wallets that fully support partially signed transactions are Passport (by Foundation) that is forked from ColdCard, Keystone and I think Jade should be able to do that with recent firmware updates, but I am not 100% sure.
All hardware wallets I mentioned can be used offline as airgapped devices, and they are communicating with camera and QR codes, that is much better than what Coldcard wallet is doing.
All other hardware wallets also support PSBT maybe not natively, but you should not care much about that.
newbie
Activity: 9
Merit: 1
I was wondering why ColdCard didn't make your list as I've heard many good things about it, and then I ended up slam-bang in the middle of your debate with nvK on licensing lol. Objectively-speaking (completely disregarding any licensing issues), what do you think of the Mk4?
It was in my list when it was open source wallet, then they decided to change source code to common clause + mit, that is not allowing anyone to use their code.
EVerything started after Foundation Passport wallet came out that used thier code, but it is superior device in every way, with open source hardware and software.
ColdCard is still ok hardware wallet to use, but I just don't like direction it is going and their owner NVK  is ego freak and hypocrite.
Of all the methods you posted, is there one that allows for partially signed transactions (like ColdCard)? Not being able to sign transactions offline is a major issue for me.
hero member
Activity: 952
Merit: 555
20BET - Premium Casino & Sportsbook
The reason why you're buying a hardware wallet is because you had cherished your priva with utmost concern and on the same line be more cautioned that kyc may git introduced into the whole thing if care is not taken through the acquisition of one, anything that will subject you to forms or giving details about yourself is a means to track you, some have through this totally misunderstood the means in which they acquire their hardware wallet being not privacy and security conscious at the course along the line.
legendary
Activity: 2212
Merit: 7064
I was wondering why ColdCard didn't make your list as I've heard many good things about it, and then I ended up slam-bang in the middle of your debate with nvK on licensing lol. Objectively-speaking (completely disregarding any licensing issues), what do you think of the Mk4?
It was in my list when it was open source wallet, then they decided to change source code to common clause + mit, that is not allowing anyone to use their code.
EVerything started after Foundation Passport wallet came out that used thier code, but it is superior device in every way, with open source hardware and software.
ColdCard is still ok hardware wallet to use, but I just don't like direction it is going and their owner NVK  is ego freak and hypocrite.
newbie
Activity: 9
Merit: 1
    The Ledger debacle that caused the leak of customer information (down to their home addresses) is making me hesitant in purchasing a hardware wallet. There is ColdCard that claims they only hold customer information for tax reasons and then they delete it, but I'm not convinced.
    You can always buy hardware wallet in your local area and pay with cash, some devices are even sold in Best Buy, but there is always alternative of ordering online to PO boxes and using alternative personal information, temp email and phone number.
    But if you are going down this path than you should do this for every other purchase you are doing online, not just for hardware wallets.
    You can also make your own open source DIY signing device like SeedSigner (using Raspberry Pi) or using ESP32 devices to do something similar.
    Here is one list of devices you can check out:


    I've found this resource, is this proper procedure? The guide is incomplete though as it doesn't say how to generate the address from the mnemonic. Could someone fill in the rest?
    There is nothing wrong with that option, you just need dedicated laptop and you use it only for crypto, and flash drive can be used for TailsOS.
    Only advantage of hardware wallets and signing devices is smaller size and easy portability.[/list]
    I was wondering why ColdCard didn't make your list as I've heard many good things about it, and then I ended up slam-bang in the middle of your debate with nvK on licensing lol. Objectively-speaking (completely disregarding any licensing issues), what do you think of the Mk4?
    legendary
    Activity: 2268
    Merit: 18771
    Or you can buy from someone p2p just make sure to check the device if it's authentic follow the guide here below.
    I definitely would never recommend this. Buying from an official reseller is the absolute limit of what I consider acceptable, and even then I still have reservations when compared to buying direct from the manufacturer. Buying from a random third party is just asking for trouble. You have absolutely no idea how many people have had their hands on that device or what they might have managed to do to it. Yes, good hardware wallets have built in verification process and cryptographic checks, but for every vulnerability or way to bypass these checks that is found someone has to be the first person to do so.

    Because Trezor has no secure element. Which leads to this: https://www.youtube.com/watch?v=dT9y-KQbqi4
    Probably worth point out that this was only possible because the Trezor device in question was running old firmware which contained a specific vulnerability. This was patched years ago and so this is no longer an issue.
    newbie
    Activity: 9
    Merit: 1
    Why do you go from dismissing Ledger to considering a paper wallet? Trezor has not had Ledger's problems, they delete data after a certain time and they are open source, so they are a better option.[/url]
    Because Trezor has no secure element. Which leads to this: https://www.youtube.com/watch?v=dT9y-KQbqi4

    edit: though this might be a good thing because they tend to be proprietary (eg. ColdCard, Ledger, etc.)
    legendary
    Activity: 3472
    Merit: 3217
    Playbet.io - Crypto Casino and Sportsbook
    I don't know why these people giving sensitive information to the ledger if you can able to buy from a local distributor or trusted seller near your area.
    If you don't know check the list of distributors here https://www.ledger.com/reseller

    And actually, when I buy a product online I can use any name I want if the distributor or reseller is selling online you can use a different name or give a different address like what o_e_l_e_o said.
    Or you can buy from someone p2p just make sure to check the device if it's authentic follow the guide here below.

    - https://support.ledger.com/hc/en-us/articles/4404389367057-Is-my-Ledger-device-genuine-?docs=true

    Or else make a paper wallet or cold storage if you are planning to hold them for a long time.
    legendary
    Activity: 2212
    Merit: 7064
      The Ledger debacle that caused the leak of customer information (down to their home addresses) is making me hesitant in purchasing a hardware wallet. There is ColdCard that claims they only hold customer information for tax reasons and then they delete it, but I'm not convinced.
      You can always buy hardware wallet in your local area and pay with cash, some devices are even sold in Best Buy, but there is always alternative of ordering online to PO boxes and using alternative personal information, temp email and phone number.
      But if you are going down this path than you should do this for every other purchase you are doing online, not just for hardware wallets.
      You can also make your own open source DIY signing device like SeedSigner (using Raspberry Pi) or using ESP32 devices to do something similar.
      Here is one list of devices you can check out:


      I've found this resource, is this proper procedure? The guide is incomplete though as it doesn't say how to generate the address from the mnemonic. Could someone fill in the rest?
      There is nothing wrong with that option, you just need dedicated laptop and you use it only for crypto, and flash drive can be used for TailsOS.
      Only advantage of hardware wallets and signing devices is smaller size and easy portability.[/list]
      legendary
      Activity: 2268
      Merit: 18771
      The Ledger debacle that caused the leak of customer information (down to their home addresses) is making me hesitant in purchasing a hardware wallet.
      There are ways to buy a hardware wallet without giving away your personal information. You can find an official reseller in your country and buy from a physical store using cash. You can have it posted to a PO Box or using general delivery, so you do not have to give away your address. You can also buy it using a pseudonym with delivery to a different address (if you have one you can use). And of course if buying online pay using well anonymized bitcoin and not a fiat method which is traceable to your real name.

      Should I go for a paper wallet instead?
      If you are planning to hold for a long period of time and transact very rarely, then a paper wallet can be a good choice. However, setting one up securely is significantly more difficult and has significantly more risks than using a hardware wallet, as does when you come to actually spend from the paper wallet. I would not recommend that your first attempt at making a paper wallet is then used to store the majority of your funds.

      I would prefer to use an existing way[2] how to create paper wallets
      The site linked to in the thread you have linked (bitcoinpaperwallet) is a known scam. Do not use it! Please also edit your post to remove the link to this scam.

      Creating cold storage using Electrum is not secure as hardware wallet since you're still connecting to internet to download Electrum or you're connect it with your insecure device.
      This is not correct. A properly set up Electrum cold storage wallet is just as safe, if not safer, than a hardware wallet. You download Electrum on a separate device, verify it, and then transfer it to your airgapped device using a USB drive. Your airgapped device remains permanently airgapped and the wallet on it never connects to anything, but simply signs transactions created elsewhere and imported using a QR code or USB drive.
      hero member
      Activity: 1064
      Merit: 843
      Electrum wallet is a SPV wallet. Simplified Payment Verification wallet is a wallet that does not need to run a full node to receive and send bitcoins. It is light enough to use on USB stick.

      Mobile-phone Electrum cold wallet
      Creating cold storage using Electrum is not secure as hardware wallet since you're still connecting to internet to download Electrum or you're connect it with your insecure device. The device either Android and IOS aren't secure too since we don't know what's the other applications will do, you can't delete all of the applications that installed on your device. The @OP himself is care with his privacy, using Electrum that connecting to centralized server will leak your privacy, you must need to run full node.

      The safest and secure way to create cold storage is this tutorial, but it's really complicated to done [Guide] Secure air-gapped crypto wallet storage method.
      legendary
      Activity: 2464
      Merit: 4415
      🔐BitcoinMessage.Tools🔑
      <…>
      I've found this resource, is this proper procedure? The guide is incomplete though as it doesn't say how to generate the address from the mnemonic. Could someone fill in the rest?
      https://bitcoinmagazine.com/culture/diy-bitcoin-private-key-project
      <…>
      This guide is not about creating paper wallets. It merely describes one of the several ways how you can generate your own randomness and convert it to meaningful words from BIP39 without relying on any hardware or software tools that do the same job but better and faster. If you're not experienced enough and don't understand precisely how the generation algorithm works and why it works this way, it is not recommended to do things manually because there is a high probability of you losing all your money due to stupid mistakes. Even worse, if you decide to generate addresses manually from your manually generated seed phrase, the chances of you messing things up are almost hundred percent because doing sha-256 or ripemd160 calculations requires hundreds of hours of intense and incredibly complex math manipulations, which is infeasible for a normal person. I'd say just buy a reputable hardware wallet like Trezor, and don't complicate your life by reinventing the wheels.
      sr. member
      Activity: 602
      Merit: 387
      Rollbit is for you. Take $RLB token!
      Or is Tails OS/Electrum preferred?
      Electrum wallet is a SPV wallet. Simplified Payment Verification wallet is a wallet that does not need to run a full node to receive and send bitcoins. It is light enough to use on USB stick.

      Electrum: https://electrum.org/#download. You can use Portable versions but must read Security Advice.
      Warning about portable versions

      [Guide] How to Safely Download and Verify Electrum

      Mobile-phone Electrum cold wallet

      If you use Electrum wallet, have questions, you can ask in Wallet software (Electrum).

      Using Tail OS is good too. How to Install Tails OS on USB flash drive for Wallet Purpose
      hero member
      Activity: 1554
      Merit: 880
      Notify wallet transaction @txnNotifierBot
      The Ledger debacle that caused the leak of customer information (down to their home addresses) is making me hesitant in purchasing a hardware wallet.
      There are services out there that will buy the hardware wallet on behalf of you, but expect an additional fee for that.
      Also, as what mentioned above, Trezor seems more reliable when it comes to privacy, but of course you need to trust them for that. Here's a guide on how to buy a hardware wallet[1].

      I've found this resource, is this proper procedure? The guide is incomplete though as it doesn't say how to generate the address from the mnemonic. Could someone fill in the rest?
      This is hassle and looks like just experimental and probably not secure. I would prefer to use an existing way, how to create paper wallets or wallets from open source software and generate in an offline device or simply using an air gapped device.

      Or is Tails OS/Electrum preferred?
      Creating cold storage using electrum is one of the secured and easiest way to create one.

      [1] https://bitcointalksearch.org/topic/--5288201


      Edit: my bad, removed the linked thread.
      legendary
      Activity: 1358
      Merit: 1565
      The first decentralized crypto betting platform
      Why do you go from dismissing Ledger to considering a paper wallet? Trezor has not had Ledger's problems, they delete data after a certain time and they are open source, so they are a better option. In general, to set up a paper wallet you have to know what you are doing.

      See this thread: Andreas Antonopoulos says to stop using paper wallets, do you agree?
      newbie
      Activity: 9
      Merit: 1
      The Ledger debacle that caused the leak of customer information (down to their home addresses) is making me hesitant in purchasing a hardware wallet. There is ColdCard that claims they only hold customer information for tax reasons and then they delete it, but I'm not convinced. It only takes a bad actor within the company. Should I go for a paper wallet instead? What is the proper procedure in creating one? For what it's worth, I'm not going to transact at all except stack sats when I can and hold them for the long-run, maybe for the day I'll be able to purchase my morning coffee with it.  Smiley

      I've found this resource, is this proper procedure? The guide is incomplete though as it doesn't say how to generate the address from the mnemonic. Could someone fill in the rest?
      https://bitcoinmagazine.com/culture/diy-bitcoin-private-key-project

      Or is Tails OS/Electrum preferred?
      https://www.youtube.com/watch?v=yzJ9bRFkwmo
      Jump to: