Pages:
Author

Topic: Question about privacy of Blockchain.com wallet (Read 298 times)

hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
September 26, 2021, 08:00:30 PM
#29
That's my point indeed: I can carry an encrypted piece of paper around for many years, without any risk. I don't expect to use it any time soon, it's just for whenever an opportunity arises. I don't want to carry a hardware wallet with me.
I'm struggling to foresee a situation where I am out and about suddenly want to make a significant and completely unplanned purchase using bitcoin where such a paper wallet would be useful. Any time I want to spend a large amount of bitcoin in person (larger than I would be comfortable storing on a mobile wallet), then I have planned it in advance and have taken my hardware wallet with me.
I like to be prepared for that rare event, say a hotel with a "Bitcoin accepted" sign when I'm on vacation.
But you're right, chances are pretty small. That's why I haven't used it yet.
I think that Loyce's encrypted paper wallet makes sense for an 'emergency money' kind of scenario. It allows you to carry around enough money to save you in a very bad situation, like, you're in a different country and your cash is stolen & cards are blocked or something like that. While not having millions of sats in mobile wallets for years on end. For that scenario, I understand it. There was a story recently here of someone in that exact position, but I can't find it right now. It was titled 'How Bitcoin saved me' or something like that.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I'm not really a fan of that method. To spend from that encrypted paper wallet while on the go without any additional hardware on you (airgapped laptop, hardware wallet, etc.) then you are going to have to import it in to your hot mobile wallet. If you don't think a mobile wallet is secure enough for storing that amount of bitcoin long term, then you shouldn't really think it's secure enough to import that amount of bitcoin in to either.
I've had larger amounts on my mobile without problems (short-term), so I'm not directly worried about it. The paper wallet is already older than my current phone, which means I prevented exposure to one additional device by keeping it on paper instead of a hot wallet.

Quote
I'm struggling to foresee a situation where I am out and about suddenly want to make a significant and completely unplanned purchase using bitcoin where such a paper wallet would be useful.
I like to be prepared for that rare event, say a hotel with a "Bitcoin accepted" sign when I'm on vacation.
But you're right, chances are pretty small. That's why I haven't used it yet.
legendary
Activity: 2268
Merit: 18748
I didn't know that it includes Electrum and has this other feature as well, that's really great! I should set one up.. Smiley
The only downside is that since it is all pre-bundled, they don't use the latest version. Last I checked, they are still on version 4.0.2. If you really want the latest version, then you can run it using the AppImage from electrum.com and saving it to your persistent storage. There are instructions here: https://electrum.readthedocs.io/en/latest/tails.html

That's my point indeed: I can carry an encrypted piece of paper around for many years, without any risk. I don't expect to use it any time soon, it's just for whenever an opportunity arises. I don't want to carry a hardware wallet with me.
I'm not really a fan of that method. To spend from that encrypted paper wallet while on the go without any additional hardware on you (airgapped laptop, hardware wallet, etc.) then you are going to have to import it in to your hot mobile wallet. If you don't think a mobile wallet is secure enough for storing that amount of bitcoin long term, then you shouldn't really think it's secure enough to import that amount of bitcoin in to either.

I'm struggling to foresee a situation where I am out and about suddenly want to make a significant and completely unplanned purchase using bitcoin where such a paper wallet would be useful. Any time I want to spend a large amount of bitcoin in person (larger than I would be comfortable storing on a mobile wallet), then I have planned it in advance and have taken my hardware wallet with me.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
You have to import it into a hot wallet to use it though; then I prefer a hardware wallet or just using a mobile wallet in the first place Cheesy On the other hand, if it's not yet sure whether you'll actually need to use that wallet on-the-go, then your method is more secure!
That's my point indeed: I can carry an encrypted piece of paper around for many years, without any risk. I don't expect to use it any time soon, it's just for whenever an opportunity arises. I don't want to carry a hardware wallet with me.

Quote
I was arguing for 'convenient & secure' method though, and my point still stands that it's not more convenient to use an online wallet instead of just using a mobile, custodial wallet.
For convenience, I also have a small (non-custodial) mobile wallet that I use whenever I can.

Apart from the security, I can think of another reason not to use a webwallet: I'd have to remember another password, or store it on my phone. Both options I don't like.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Nobody carries a seed around.
My personal favourite, apart from a small mobile hot wallet, is an encrypted paper wallet. I keep a backup at home, and the encryption won't easily be brute-forced if someone gets their hands on it.
You have to import it into a hot wallet to use it though; then I prefer a hardware wallet or just using a mobile wallet in the first place Cheesy On the other hand, if it's not yet sure whether you'll actually need to use that wallet on-the-go, then your method is more secure!
I was arguing for 'convenient & secure' method though, and my point still stands that it's not more convenient to use an online wallet instead of just using a mobile, custodial wallet.

Quote
This is actually great; your solution requires 2 USB sticks, but it might even be possible with a single one (like 2 partitions, one encrypted with seed and downloaded copy of Electrum and another with the live OS for example).
One is enough: Electrum is included in Tails by default, and Tails can create an encrypted partition on the same USB stick.
I didn't know that it includes Electrum and has this other feature as well, that's really great! I should set one up.. Smiley I think last time I used Tails, it didn't have these features or I didn't know about it, otherwise I'd probably have done it already.. Grin
legendary
Activity: 2268
Merit: 18748
Nobody carries a seed around.
No, but I'd still rather do that than use a web wallet. Hell, I'd rather memorize a seed phrase for use on the go (obviously knowing that the back up is written down and stored securely at home) than use a web wallet.

Just write the seed words (or not, if you don't care about an amount of max 50 USD), and you're ready to go.
You don't have to carry the seed phrase around with you, but you should definitely write it down. You don't want to be in the situation of needing to receive a large transaction while you are on the go and only have an unbacked-up mobile wallet on you.

This is actually great; your solution requires 2 USB sticks, but it might even be possible with a single one
Yeah, as Loyce says, Tails will create a persistent storage on the same USB stick it boots from: https://tails.boum.org/doc/first_steps/persistence/index.en.html
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Nobody carries a seed around.
My personal favourite, apart from a small mobile hot wallet, is an encrypted paper wallet. I keep a backup at home, and the encryption won't easily be brute-forced if someone gets their hands on it.

Quote
This is actually great; your solution requires 2 USB sticks, but it might even be possible with a single one (like 2 partitions, one encrypted with seed and downloaded copy of Electrum and another with the live OS for example).
One is enough: Electrum is included in Tails by default, and Tails can create an encrypted partition on the same USB stick.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!

To be honest, I don't think it's more convenient to create an account at a exchange to use as a wallet instead of just downloading a non-custodial App or PC software. It's faster and easier to set up and has more features. I don't see any added 'convenience' in an online BTC wallet.

It is more convenient because you can access your wallet everywhere , just like an email.
You just need to remember your login and password to log into your wallet in any device. (You don't need to carry a seed around)

If you need to access your bitcoin in another device, such as a computer at work or in another kind of device,  they offer some nice convenience.

I used blockchain.info in the past in that situation and it was nice.

Of cource the security is much lower, but you can add just a few bucks to it (like 50 usd). I consider them similar to a physical fiat wallet.. you can carry a few bucks of cash in your pockets, if you lose it that's not a big deal.
Nobody carries a seed around. To access Bitcoin everywhere (especially small amounts, like you mentioned), the best solution by far would be a non-custodial mobile wallet, like BlueWallet which I already mentioned. It's even more convenient to set up, because there is no account. No email. No password. No verification.... Just write the seed words (or not, if you don't care about an amount of max 50 USD), and you're ready to go.

An even better solution would be to carry around a USB stick with Tails on it, so you can boot the computer you have been provided in to a clean, live OS, and then either load your wallet from the encrypted persistent storage, or recover it from scratch using your seed phrase.
This is actually great; your solution requires 2 USB sticks, but it might even be possible with a single one (like 2 partitions, one encrypted with seed and downloaded copy of Electrum and another with the live OS for example).
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Well, there might be situations where you have don't have the choice to use your own device.

Let's suppose you work on a submarine. Or that you are a military and on the location you are the only way to access internet is in a computer that you received by your employer.
Chances are you won't have any communication with the outside world for months from that submarine. The more common scenario is an employer's computer, and indeed, I never enter my own passwords there. When convenient, I've used corporate email for personal stuff ("hey, will you buy potatoes or should I?"), but that's where it ends.

An even better solution would be to carry around a USB stick with Tails on it, so you can boot the computer you have been provided in to a clean, live OS, and then either load your wallet from the encrypted persistent storage, or recover it from scratch using your seed phrase.
legendary
Activity: 2268
Merit: 18748
I faced similar situations a few years ago (which I don't want to specify here for privacy purposes), where i didn't have wifi in my mobile device and I had to use a computer provided by my employer to use internet.  and blockchain.info was handy.
I would still prefer to either carry around an encrypted USB stick with my wallet file on it, or carry around a seed phrase written down on paper which I could restore my wallet from using some open source software such as Electrum. Again, both are far better from both a privacy and security view point than using a web wallet.

An even better solution would be to carry around a USB stick with Tails on it, so you can boot the computer you have been provided in to a clean, live OS, and then either load your wallet from the encrypted persistent storage, or recover it from scratch using your seed phrase.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
That's terrible for security! I never enter any passwords on devices that aren't mine.

Quote
Of cource the security is much lower, but you can add just a few bucks to it (like 50 usd).
Wait, if you know that already, why not use a mobile wallet instead?

Well, there might be situations where you have don't have the choice to use your own device.

Let's suppose you work on a submarine. Or that you are a military and on the location you are the only way to access internet is in a computer that you received by your employer.

I faced similar situations a few years ago (which I don't want to specify here for privacy purposes), where i didn't have wifi in my mobile device and I had to use a computer provided by my employer to use internet.  and blockchain.info was handy.

 I know these situations are becoming very unlikely in recent years and they will be more unlikely in the future, specially in developed countries.
legendary
Activity: 2268
Merit: 18748
That's easy to go around: pay a "weird" amount, and make sure you get a round amount as change Smiley
Absolutely. Or split your change between multiple addresses to make it seem as if you are paying multiple people. Or manually choose to send your change to a different address type to obfuscate that it is going to a change address. Or even better, leave no change at all. It's entirely possible to hide what is a change address (or even manipulate the heuristics in to actively identifying the payment address as the change address), but the vast majority of wallets don't do this and the vast majority of users don't know how to do this. If OP is using Electrum or Blockchain.com, and just makes a bunch of standard transactions which chain together all his change addresses, then it is trivial to identify them all and link all the transactions as originating from the same user/wallet.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
If I pay make a transaction from Address A, and I send something like 0.05 BTC to one address and 0.15820351 BTC to another address, then it is completely obvious to everyone that the latter address is my change address.
That's easy to go around: pay a "weird" amount, and make sure you get a round amount as change Smiley

It is more convenient because you can access your wallet everywhere , just like an email.
You just need to remember your login and password to log into your wallet in any device. (You don't need to carry a seed around)
That's terrible for security! I never enter any passwords on devices that aren't mine.

Quote
Of cource the security is much lower, but you can add just a few bucks to it (like 50 usd).
Wait, if you know that already, why not use a mobile wallet instead?
legendary
Activity: 2268
Merit: 18748
-snip-
I use a mobile wallet for small amounts which I need to carry around with me and spend on a daily basis. The security isn't great (although far better than that of a web wallet), but I've never been hacked and it is only small amounts that I can afford to lose. For anything larger I need to carry around with me and access anywhere, then I can take a very small hardware wallet which will link up with my phone. Both easily fit in pockets, bags, etc.

This is a far preferable option to using a web wallet if "accessing anywhere" is the goal. Your security is much better, your privacy is much better, the fees are much better, and you can still use advanced options like coin control or RBF which most Web wallets don't offer.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science

To be honest, I don't think it's more convenient to create an account at a exchange to use as a wallet instead of just downloading a non-custodial App or PC software. It's faster and easier to set up and has more features. I don't see any added 'convenience' in an online BTC wallet.

It is more convenient because you can access your wallet everywhere , just like an email.
You just need to remember your login and password to log into your wallet in any device. (You don't need to carry a seed around)

If you need to access your bitcoin in another device, such as a computer at work or in another kind of device,  they offer some nice convenience.

I used blockchain.info in the past in that situation and it was nice.

Of cource the security is much lower, but you can add just a few bucks to it (like 50 usd). I consider them similar to a physical fiat wallet.. you can carry a few bucks of cash in your pockets, if you lose it that's not a big deal.

legendary
Activity: 2268
Merit: 18748
Also, if you e.g. pay person A first, then the change arrives into a new address (change address), from which you'll pay person B, so they will absolutely not see the funds coming from the same address.
Correct, but in many cases it will still be trivial to link the two payments.

If I pay make a transaction from Address A, and I send something like 0.05 BTC to one address and 0.15820351 BTC to another address, then it is completely obvious to everyone that the latter address is my change address. If I then pay someone else from my change address, then they can easily link the two transactions as having come from the same person. The same is true for anything else which identifies the change address, such as one output being to a different address type from the input while the change output is the same address type as the input.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
Coinbase (Wallet/Exchange) is different, it' a "custodial service", withdrawals came from different addresses because those are Coinbase's "Hot Wallet" used for withdrawals.
Just to add to the conversation, Coinbase has a non-custodial wallet as well.

They offer 2 kind of wallets: custodial and non-custodial.

You can see it here:
https://wallet.coinbase.com/faq/
Yes, "Conbase Wallet" is non-custodial and "Coinbase" is custodial.
But OP's description of the withdrawal doesn't fit 'Coinbase Wallet' so I find it not necessary to mention here.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
This coinbase wallet has a similar degree of security compared to Blockchain.com wallet. Both are  online wallets, they are convenient but they vulnerable to many kind of attacks.
To be honest, I don't think it's more convenient to create an account at a exchange to use as a wallet instead of just downloading a non-custodial App or PC software. It's faster and easier to set up and has more features. I don't see any added 'convenience' in an online BTC wallet.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Coinbase (Wallet/Exchange) is different, it' a "custodial service", withdrawals came from different addresses because those are Coinbase's "Hot Wallet" used for withdrawals.

Just to add to the conversation, Coinbase has a non-custodial wallet as well.

They offer 2 kind of wallets: custodial and non-custodial.

You can see it here:
https://wallet.coinbase.com/faq/
Quote
How do I protect against losing access to my funds?
Coinbase Wallet is a user-controlled, non-custodial product. The app generates a 12 word recovery phrase which is what gives you, and only you, access to your account to move received funds. Coinbase will never have access to this seed, meaning that we cannot move funds on your behalf even if you lose access to your recovery phrase.

I am not recommending it and I think Electrum is a much better option.

This coinbase wallet has a similar degree of security compared to Blockchain.com wallet. Both are  online wallets, they are convenient but they vulnerable to many kind of attacks.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
It's nice that I can create a new address for every incoming transaction to keep my privacy high.
This is a normal feature that every good wallet has. Nothing to do with custodial or non-custodial.
From your seed words, unlimited private keys can be derived and from each of those private keys you can calculate a public key and an address where you can receive funds. A good hardware or software wallet displays you a new address every time you click 'receive' by default.

Also, if you e.g. pay person A first, then the change arrives into a new address (change address), from which you'll pay person B, so they will absolutely not see the funds coming from the same address.

If you're looking for something free and quick & easy to setup, as you alluded to in your replies, I'd recommend to start with BlueWallet.

What I like about it is that it's open source and allows to have multiple separate non-custodial Bitcoin on-chain wallets as well as play around with Lightning (however the LN functionality is custodial, so just don't keep too many funds on there). You can also import xpubs to keep track of activities on all of your hardware or offline wallets as well.
Pages:
Jump to: