Question about privacy of Blockchain.com wallet

n0nce

hero member

Activity: 882

Merit: 5818

not your keys, not your coins!

Quote from: LoyceV on September 26, 2021, 03:47:16 AM

That's my point indeed: I can carry an encrypted piece of paper around for many years, without any risk. I don't expect to use it any time soon, it's just for whenever an opportunity arises. I don't want to carry a hardware wallet with me.

Quote from: o_e_l_e_o on September 26, 2021, 04:20:59 AM

I'm struggling to foresee a situation where I am out and about suddenly want to make a significant and completely unplanned purchase using bitcoin where such a paper wallet would be useful. Any time I want to spend a large amount of bitcoin in person (larger than I would be comfortable storing on a mobile wallet), then I have planned it in advance and have taken my hardware wallet with me.

Quote from: LoyceV on September 26, 2021, 04:42:33 AM

I like to be prepared for that rare event, say a hotel with a "Bitcoin accepted" sign when I'm on vacation.
But you're right, chances are pretty small. That's why I haven't used it yet.

I think that Loyce's encrypted paper wallet makes sense for an 'emergency money' kind of scenario. It allows you to carry around enough money to save you in a very bad situation, like, you're in a different country and your cash is stolen & cards are blocked or something like that. While not having millions of sats in mobile wallets for years on end. For that scenario, I understand it. There was a story recently here of someone in that exact position, but I can't find it right now. It was titled 'How Bitcoin saved me' or something like that.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: o_e_l_e_o on September 26, 2021, 04:20:59 AM

I'm not really a fan of that method. To spend from that encrypted paper wallet while on the go without any additional hardware on you (airgapped laptop, hardware wallet, etc.) then you are going to have to import it in to your hot mobile wallet. If you don't think a mobile wallet is secure enough for storing that amount of bitcoin long term, then you shouldn't really think it's secure enough to import that amount of bitcoin in to either.

I've had larger amounts on my mobile without problems (short-term), so I'm not directly worried about it. The paper wallet is already older than my current phone, which means I prevented exposure to one additional device by keeping it on paper instead of a hot wallet.

Quote

I'm struggling to foresee a situation where I am out and about suddenly want to make a significant and completely unplanned purchase using bitcoin where such a paper wallet would be useful.

I like to be prepared for that rare event, say a hotel with a "Bitcoin accepted" sign when I'm on vacation.
But you're right, chances are pretty small. That's why I haven't used it yet.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: n0nce on September 25, 2021, 05:06:37 PM

I didn't know that it includes Electrum and has this other feature as well, that's really great! I should set one up..

The only downside is that since it is all pre-bundled, they don't use the latest version. Last I checked, they are still on version 4.0.2. If you really want the latest version, then you can run it using the AppImage from electrum.com and saving it to your persistent storage. There are instructions here: https://electrum.readthedocs.io/en/latest/tails.html

Quote from: LoyceV on September 26, 2021, 03:47:16 AM

That's my point indeed: I can carry an encrypted piece of paper around for many years, without any risk. I don't expect to use it any time soon, it's just for whenever an opportunity arises. I don't want to carry a hardware wallet with me.

I'm not really a fan of that method. To spend from that encrypted paper wallet while on the go without any additional hardware on you (airgapped laptop, hardware wallet, etc.) then you are going to have to import it in to your hot mobile wallet. If you don't think a mobile wallet is secure enough for storing that amount of bitcoin long term, then you shouldn't really think it's secure enough to import that amount of bitcoin in to either.

I'm struggling to foresee a situation where I am out and about suddenly want to make a significant and completely unplanned purchase using bitcoin where such a paper wallet would be useful. Any time I want to spend a large amount of bitcoin in person (larger than I would be comfortable storing on a mobile wallet), then I have planned it in advance and have taken my hardware wallet with me.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: n0nce on September 25, 2021, 05:06:37 PM

You have to import it into a hot wallet to use it though; then I prefer a hardware wallet or just using a mobile wallet in the first place Cheesy

On the other hand, if it's not yet sure whether you'll actually need to use that wallet on-the-go, then your method is more secure!

That's my point indeed: I can carry an encrypted piece of paper around for many years, without any risk. I don't expect to use it any time soon, it's just for whenever an opportunity arises. I don't want to carry a hardware wallet with me.

Quote

I was arguing for 'convenient & secure' method though, and my point still stands that it's not more convenient to use an online wallet instead of just using a mobile, custodial wallet.

For convenience, I also have a small (non-custodial) mobile wallet that I use whenever I can.

Apart from the security, I can think of another reason not to use a webwallet: I'd have to remember another password, or store it on my phone. Both options I don't like.

n0nce

hero member

Activity: 882

Merit: 5818

not your keys, not your coins!

Quote from: LoyceV on September 25, 2021, 02:10:27 PM

Quote from: n0nce on September 25, 2021, 01:08:37 PM

Nobody carries a seed around.

My personal favourite, apart from a small mobile hot wallet, is an encrypted paper wallet. I keep a backup at home, and the encryption won't easily be brute-forced if someone gets their hands on it.

You have to import it into a hot wallet to use it though; then I prefer a hardware wallet or just using a mobile wallet in the first place Cheesy

On the other hand, if it's not yet sure whether you'll actually need to use that wallet on-the-go, then your method is more secure!
I was arguing for 'convenient & secure' method though, and my point still stands that it's not more convenient to use an online wallet instead of just using a mobile, custodial wallet.

Quote from: LoyceV on September 25, 2021, 02:10:27 PM

Quote

This is actually great; your solution requires 2 USB sticks, but it might even be possible with a single one (like 2 partitions, one encrypted with seed and downloaded copy of Electrum and another with the live OS for example).

One is enough: Electrum is included in Tails by default, and Tails can create an encrypted partition on the same USB stick.

I didn't know that it includes Electrum and has this other feature as well, that's really great! I should set one up..

I think last time I used Tails, it didn't have these features or I didn't know about it, otherwise I'd probably have done it already.. Grin

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: n0nce on September 25, 2021, 01:08:37 PM

Nobody carries a seed around.

No, but I'd still rather do that than use a web wallet. Hell, I'd rather memorize a seed phrase for use on the go (obviously knowing that the back up is written down and stored securely at home) than use a web wallet.

Quote from: n0nce on September 25, 2021, 01:08:37 PM

Just write the seed words (or not, if you don't care about an amount of max 50 USD), and you're ready to go.

You don't have to carry the seed phrase around with you, but you should definitely write it down. You don't want to be in the situation of needing to receive a large transaction while you are on the go and only have an unbacked-up mobile wallet on you.

Quote from: n0nce on September 25, 2021, 01:08:37 PM

This is actually great; your solution requires 2 USB sticks, but it might even be possible with a single one

Yeah, as Loyce says, Tails will create a persistent storage on the same USB stick it boots from: https://tails.boum.org/doc/first_steps/persistence/index.en.html

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: n0nce on September 25, 2021, 01:08:37 PM

Nobody carries a seed around.

My personal favourite, apart from a small mobile hot wallet, is an encrypted paper wallet. I keep a backup at home, and the encryption won't easily be brute-forced if someone gets their hands on it.

Quote

This is actually great; your solution requires 2 USB sticks, but it might even be possible with a single one (like 2 partitions, one encrypted with seed and downloaded copy of Electrum and another with the live OS for example).

One is enough: Electrum is included in Tails by default, and Tails can create an encrypted partition on the same USB stick.

n0nce

hero member

Activity: 882

Merit: 5818

not your keys, not your coins!

Quote from: bitmover on September 25, 2021, 06:04:18 AM

Quote from: n0nce on September 24, 2021, 10:22:12 PM

To be honest, I don't think it's more convenient to create an account at a exchange to use as a wallet instead of just downloading a non-custodial App or PC software. It's faster and easier to set up and has more features. I don't see any added 'convenience' in an online BTC wallet.

It is more convenient because you can access your wallet everywhere , just like an email.
You just need to remember your login and password to log into your wallet in any device. (You don't need to carry a seed around)

If you need to access your bitcoin in another device, such as a computer at work or in another kind of device, they offer some nice convenience.

I used blockchain.info in the past in that situation and it was nice.

Of cource the security is much lower, but you can add just a few bucks to it (like 50 usd). I consider them similar to a physical fiat wallet.. you can carry a few bucks of cash in your pockets, if you lose it that's not a big deal.

Nobody carries a seed around. To access Bitcoin everywhere (especially small amounts, like you mentioned), the best solution by far would be a non-custodial mobile wallet, like BlueWallet which I already mentioned. It's even more convenient to set up, because there is no account. No email. No password. No verification.... Just write the seed words (or not, if you don't care about an amount of max 50 USD), and you're ready to go.

Quote from: o_e_l_e_o on September 25, 2021, 09:35:51 AM

An even better solution would be to carry around a USB stick with Tails on it, so you can boot the computer you have been provided in to a clean, live OS, and then either load your wallet from the encrypted persistent storage, or recover it from scratch using your seed phrase.

This is actually great; your solution requires 2 USB sticks, but it might even be possible with a single one (like 2 partitions, one encrypted with seed and downloaded copy of Electrum and another with the live OS for example).

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: bitmover on September 25, 2021, 09:27:17 AM

Well, there might be situations where you have don't have the choice to use your own device.

Let's suppose you work on a submarine. Or that you are a military and on the location you are the only way to access internet is in a computer that you received by your employer.

Chances are you won't have any communication with the outside world for months from that submarine. The more common scenario is an employer's computer, and indeed, I never enter my own passwords there. When convenient, I've used corporate email for personal stuff ("hey, will you buy potatoes or should I?"), but that's where it ends.

Quote from: o_e_l_e_o on September 25, 2021, 09:35:51 AM

An even better solution would be to carry around a USB stick with Tails on it, so you can boot the computer you have been provided in to a clean, live OS, and then either load your wallet from the encrypted persistent storage, or recover it from scratch using your seed phrase.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: bitmover on September 25, 2021, 09:27:17 AM

I faced similar situations a few years ago (which I don't want to specify here for privacy purposes), where i didn't have wifi in my mobile device and I had to use a computer provided by my employer to use internet. and blockchain.info was handy.

I would still prefer to either carry around an encrypted USB stick with my wallet file on it, or carry around a seed phrase written down on paper which I could restore my wallet from using some open source software such as Electrum. Again, both are far better from both a privacy and security view point than using a web wallet.

An even better solution would be to carry around a USB stick with Tails on it, so you can boot the computer you have been provided in to a clean, live OS, and then either load your wallet from the encrypted persistent storage, or recover it from scratch using your seed phrase.

bitmover

legendary

Activity: 2212

Merit: 5622

Non-custodial BTC Wallet

Quote from: LoyceV on September 25, 2021, 06:21:41 AM

That's terrible for security! I never enter any passwords on devices that aren't mine.

Quote

Of cource the security is much lower, but you can add just a few bucks to it (like 50 usd).

Wait, if you know that already, why not use a mobile wallet instead?

Well, there might be situations where you have don't have the choice to use your own device.

Let's suppose you work on a submarine. Or that you are a military and on the location you are the only way to access internet is in a computer that you received by your employer.

I faced similar situations a few years ago (which I don't want to specify here for privacy purposes), where i didn't have wifi in my mobile device and I had to use a computer provided by my employer to use internet. and blockchain.info was handy.

I know these situations are becoming very unlikely in recent years and they will be more unlikely in the future, specially in developed countries.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: LoyceV on September 25, 2021, 06:21:41 AM

That's easy to go around: pay a "weird" amount, and make sure you get a round amount as change

Absolutely. Or split your change between multiple addresses to make it seem as if you are paying multiple people. Or manually choose to send your change to a different address type to obfuscate that it is going to a change address. Or even better, leave no change at all. It's entirely possible to hide what is a change address (or even manipulate the heuristics in to actively identifying the payment address as the change address), but the vast majority of wallets don't do this and the vast majority of users don't know how to do this. If OP is using Electrum or Blockchain.com, and just makes a bunch of standard transactions which chain together all his change addresses, then it is trivial to identify them all and link all the transactions as originating from the same user/wallet.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: o_e_l_e_o on September 25, 2021, 03:48:33 AM

If I pay make a transaction from Address A, and I send something like 0.05 BTC to one address and 0.15820351 BTC to another address, then it is completely obvious to everyone that the latter address is my change address.

That's easy to go around: pay a "weird" amount, and make sure you get a round amount as change

Quote from: bitmover on September 25, 2021, 06:04:18 AM

It is more convenient because you can access your wallet everywhere , just like an email.
You just need to remember your login and password to log into your wallet in any device. (You don't need to carry a seed around)

That's terrible for security! I never enter any passwords on devices that aren't mine.

Quote

Of cource the security is much lower, but you can add just a few bucks to it (like 50 usd).

Wait, if you know that already, why not use a mobile wallet instead?

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: bitmover on September 25, 2021, 06:04:18 AM

-snip-

I use a mobile wallet for small amounts which I need to carry around with me and spend on a daily basis. The security isn't great (although far better than that of a web wallet), but I've never been hacked and it is only small amounts that I can afford to lose. For anything larger I need to carry around with me and access anywhere, then I can take a very small hardware wallet which will link up with my phone. Both easily fit in pockets, bags, etc.

This is a far preferable option to using a web wallet if "accessing anywhere" is the goal. Your security is much better, your privacy is much better, the fees are much better, and you can still use advanced options like coin control or RBF which most Web wallets don't offer.

bitmover

legendary

Activity: 2212

Merit: 5622

Non-custodial BTC Wallet

Quote from: n0nce on September 24, 2021, 10:22:12 PM

To be honest, I don't think it's more convenient to create an account at a exchange to use as a wallet instead of just downloading a non-custodial App or PC software. It's faster and easier to set up and has more features. I don't see any added 'convenience' in an online BTC wallet.

It is more convenient because you can access your wallet everywhere , just like an email.
You just need to remember your login and password to log into your wallet in any device. (You don't need to carry a seed around)

If you need to access your bitcoin in another device, such as a computer at work or in another kind of device, they offer some nice convenience.

I used blockchain.info in the past in that situation and it was nice.

Of cource the security is much lower, but you can add just a few bucks to it (like 50 usd). I consider them similar to a physical fiat wallet.. you can carry a few bucks of cash in your pockets, if you lose it that's not a big deal.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: n0nce on September 24, 2021, 09:28:10 PM

Also, if you e.g. pay person A first, then the change arrives into a new address (change address), from which you'll pay person B, so they will absolutely not see the funds coming from the same address.

Correct, but in many cases it will still be trivial to link the two payments.

If I pay make a transaction from Address A, and I send something like 0.05 BTC to one address and 0.15820351 BTC to another address, then it is completely obvious to everyone that the latter address is my change address. If I then pay someone else from my change address, then they can easily link the two transactions as having come from the same person. The same is true for anything else which identifies the change address, such as one output being to a different address type from the input while the change output is the same address type as the input.

nc50lc

legendary

Activity: 2394

Merit: 5531

Self-proclaimed Genius

Quote from: bitmover on September 24, 2021, 10:09:08 PM

Quote from: nc50lc on September 23, 2021, 03:27:13 AM

Coinbase (Wallet/Exchange) is different, it' a "custodial service", withdrawals came from different addresses because those are Coinbase's "Hot Wallet" used for withdrawals.

Just to add to the conversation, Coinbase has a non-custodial wallet as well.

They offer 2 kind of wallets: custodial and non-custodial.

You can see it here:
https://wallet.coinbase.com/faq/

Yes, "Conbase Wallet" is non-custodial and "Coinbase" is custodial.
But OP's description of the withdrawal doesn't fit 'Coinbase Wallet' so I find it not necessary to mention here.

n0nce

hero member

Activity: 882

Merit: 5818

not your keys, not your coins!

Quote from: bitmover on September 24, 2021, 10:09:08 PM

This coinbase wallet has a similar degree of security compared to Blockchain.com wallet. Both are online wallets, they are convenient but they vulnerable to many kind of attacks.

To be honest, I don't think it's more convenient to create an account at a exchange to use as a wallet instead of just downloading a non-custodial App or PC software. It's faster and easier to set up and has more features. I don't see any added 'convenience' in an online BTC wallet.

bitmover

legendary

Activity: 2212

Merit: 5622

Non-custodial BTC Wallet

Quote from: nc50lc on September 23, 2021, 03:27:13 AM

Coinbase (Wallet/Exchange) is different, it' a "custodial service", withdrawals came from different addresses because those are Coinbase's "Hot Wallet" used for withdrawals.

Just to add to the conversation, Coinbase has a non-custodial wallet as well.

They offer 2 kind of wallets: custodial and non-custodial.

You can see it here:
https://wallet.coinbase.com/faq/

Quote

How do I protect against losing access to my funds?
Coinbase Wallet is a user-controlled, non-custodial product. The app generates a 12 word recovery phrase which is what gives you, and only you, access to your account to move received funds. Coinbase will never have access to this seed, meaning that we cannot move funds on your behalf even if you lose access to your recovery phrase.

I am not recommending it and I think Electrum is a much better option.

This coinbase wallet has a similar degree of security compared to Blockchain.com wallet. Both are online wallets, they are convenient but they vulnerable to many kind of attacks.

n0nce

hero member

Activity: 882

Merit: 5818

not your keys, not your coins!

Quote from: GekkeBelg on September 23, 2021, 02:48:28 AM

It's nice that I can create a new address for every incoming transaction to keep my privacy high.

This is a normal feature that every good wallet has. Nothing to do with custodial or non-custodial.
From your seed words, unlimited private keys can be derived and from each of those private keys you can calculate a public key and an address where you can receive funds. A good hardware or software wallet displays you a new address every time you click 'receive' by default.

Also, if you e.g. pay person A first, then the change arrives into a new address (change address), from which you'll pay person B, so they will absolutely not see the funds coming from the same address.

If you're looking for something free and quick & easy to setup, as you alluded to in your replies, I'd recommend to start with BlueWallet.

What I like about it is that it's open source and allows to have multiple separate non-custodial Bitcoin on-chain wallets as well as play around with Lightning (however the LN functionality is custodial, so just don't keep too many funds on there). You can also import xpubs to keep track of activities on all of your hardware or offline wallets as well.

Topic: Question about privacy of Blockchain.com wallet (Read 244 times)