Pages:
Author

Topic: separate phone for safety reasons? (Read 343 times)

newbie
Activity: 4
Merit: 0
January 31, 2024, 01:30:41 PM
#31

Saying about getting an airgapped device...
Is one automatically exposed to risk of hack and malware when they are connected to the internet?
I think one needs to visit some malicious sites, click random links or share private information before they could be hacked.
I have a backup phone I use for only my wallets and I have my mobile wallet there. I only go online with it to search information or visit my social media handle. I do not click links and I do not install any other things in the phone.
Am I still at risk?
I believe something points the attention of hackers to my device and if I avoid those things that point their attention to my device I am safe.
Am I getting it totally wrong?

I am not sure but from my experience I think you are wrong.
I don't open weird emails either and it still looks like I was a victim of some sort of hack. You could be browsing on any normal website, click on "play" of any video you wish to see, have a pop up appear and it is already too late.

I keep getting calls from foreign countries. Random people who seem to have my phone nr. This has been happening for a while. Obviously I do not answer.

A few months ago when Roger Federer retired from tennis, I commented on facebook that I would like to attend his last game. I did this with a fake account that is not linked to my real name. Half an hour later I received a phonecall from the UK where that game was played (I do not live there) and the day after I got 2 more. So somehow people on the dark web can even link a fake facebook account to my real name and my real phone number. I'm not an expert but I assume this is based on the IP address being used by both accounts (the real FB account and the fake one)

A month prior to that someone had made a 1000 British pound payment in London with my visa card, that is inside my house and I had used exactly 1 time online. No details were shared with anyone. I was a whole battle with the insurance company to get it back. I had done nothing wrong.
So no I do not feel safe online.

With regards to hackers, I believe that one of the most important safety measures is to make sure that NOBODY knows you invested in BTC or ETH.
Eventually if the word speads, it will catch the attention of bad people. I don't know what they can do to your internet connection, but I believe they have options just by knowing your name and address.

To get a better idea, this website allows you to enter your email address and immediately tells you if there have been security breaches https://haveibeenpwned.com/
Mine has 10 of them, and it also says when and where it happened
Ensuring digital safety is paramount! I recently discovered the importance of a separate phone for added security. Speaking of data protection, I highly recommend checking out Setapp's guide on extracting data from corrupted ZIP files at https://setapp.com/how-to/extract-data-from-corrupted-zip. It's a game-changer for safeguarding valuable information. Kudos to Setapp for empowering users with such invaluable tools!

I can relate to your concerns about online safety. Despite being cautious, I too fell victim to hacks. The incident with a fake Facebook account and subsequent phone calls is chilling.
legendary
Activity: 2268
Merit: 18711
April 18, 2023, 03:13:41 AM
#30
This video https://www.youtube.com/watch?v=nVOlO_24BCo says around 11:25 that we can receive spam inside the ledger live app.
And if we click on it, it will drain our wallet.

I am absolutely baffled to see that this is possible inside the ledger live app. This is totally unsafe for beginners like me.
I feel like I'm going to make a mistake and have my entire wallet drained.

I find it totally unprofessional that a company like ledger can not protect users from receiving life threatening spam in their app.
So, a few things to explain here.

This spam has nothing to do with Ledger, and there isn't anything they can really do to prevent it. On chains like Ethereum, attackers send out worthless tokens to every address they can find, hoping that some people will interact with said worthless tokens and can be fooled in to signing a transaction. It doesn't matter if your Ethereum address is from a Ledger, a Trezor, some other hardware wallet, cold storage, whatever. If your address is public, it will be spammed.

Secondly, excluding some massive as of yet unknown critical vulnerability, you can never have your Ledger drained by simply clicking on something on your computer. Any time you want to make a transaction from your Ledger, you must review it on the screen of the Ledger device and then confirm it using the buttons on your Ledger device. If you click on some malware or malicious site that tries to steal your coins, then you will see a transaction on your Ledger that you didn't ask for and don't recognize. Simply refuse it.

Thirdly, this kind of NFT spam and airdrop nonsense happens to chains like Ethereum. If you are only going to be buying Bitcoin, then it will not happen to you.

In general, I would also caution against using YouTube or other third party guides on setting up your Ledger. The ones you choose might be perfectly legit, but there are also lots of fake ones out there looking to scam you. Stick to the official guides: https://support.ledger.com/hc/en-us/articles/360018784134-Set-up-your-Ledger-Nano-X
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
April 18, 2023, 02:34:06 AM
#29
I am not sure but from my experience I think you are wrong.
I don't open weird emails either and it still looks like I was a victim of some sort of hack. You could be browsing on any normal website, click on "play" of any video you wish to see, have a pop up appear and it is already too late.

I keep getting calls from foreign countries. Random people who seem to have my phone nr. This has been happening for a while. Obviously I do not answer.

A few months ago when Roger Federer retired from tennis, I commented on facebook that I would like to attend his last game. I did this with a fake account that is not linked to my real name. Half an hour later I received a phonecall from the UK where that game was played (I do not live there) and the day after I got 2 more. So somehow people on the dark web can even link a fake facebook account to my real name and my real phone number. I'm not an expert but I assume this is based on the IP address being used by both accounts (the real FB account and the fake one)

A month prior to that someone had made a 1000 British pound payment in London with my visa card, that is inside my house and I had used exactly 1 time online. No details were shared with anyone. I was a whole battle with the insurance company to get it back. I had done nothing wrong.
So no I do not feel safe online.

With regards to hackers, I believe that one of the most important safety measures is to make sure that NOBODY knows you invested in BTC or ETH.
Eventually if the word speads, it will catch the attention of bad people. I don't know what they can do to your internet connection, but I believe they have options just by knowing your name and address.

To get a better idea, this website allows you to enter your email address and immediately tells you if there have been security breaches https://haveibeenpwned.com/
Mine has 10 of them, and it also says when and where it happened

I would suggest not buying bitcoin with any of these compromised devices, emails, or phone numbers. If your crypto gets stolen, insurance won't cover it for you.

I think you're a victim of identity theft. Have you tried changing your phone number, email addresses (A protonmail plan will let you make several dozen emails attached to the same account) your credit card, reset your devices (as in reinstall the OS) and possibly changing whatever is the equivalent of a social security number in your country?

And then check for any suspicious devices and apps and sites that are linked with your online accounts.
member
Activity: 202
Merit: 22
April 17, 2023, 04:28:03 PM
#28
Just getting curious about whether the seed key has a different format or something like that and any compatibility issue with other wallets.
No issues. Ledger devices use a BIP39 seed phrase, as do almost all current hardware and software wallets. You will have no trouble importing it elsewhere if you need to.

Just note that you should only do this in the situation where your hardware wallet is lost, damaged, broken, etc. Importing your seed phrase in to another wallet is risky, and has the potential to negate all the protection your hardware wallet provides.

I have purchased a new laptop and want to get involved before the bull run starts.
So I am educating myself about ledger and the ledger live app.

This video https://www.youtube.com/watch?v=nVOlO_24BCo says around 11:25 that we can receive spam inside the ledger live app.
And if we click on it, it will drain our wallet.

I am absolutely baffled to see that this is possible inside the ledger live app. This is totally unsafe for beginners like me.
I feel like I'm going to make a mistake and have my entire wallet drained.

I find it totally unprofessional that a company like ledger can not protect users from receiving life threatening spam in their app.
hero member
Activity: 1750
Merit: 589
April 16, 2023, 06:48:29 PM
#27
Cold wallets /hardware wallets are tje way to fo if you wanted to be as secure as possible. Plus the fact that they are easily available for purchase on the internet makes them one of the most efficient items you coild buy with your money as a cryptocurrency investor.

I also promote the use of a laptop over smartphones since they have that portability for a PC figured out without the compromise that smartphknes are forced to go through, meaning when you do your crypto things, you can do ut as efficiently as possible. Doesn't have to be just regular crypto tasks, as some high powered laptops could even run mining softwares hut I digress.

Utmost security, hard wallets are the way to go.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
April 16, 2023, 09:16:48 AM
#26
Yeah, you are absolutely right.
Thought I was taking it to be as mine, I have a separate printer in my room were only me uses it but in the case of op just as you said writing it down will be the best option maybe as not to be that exposed to other users, or who knows if op has a separate printer in his or her room.

Anyway I have also taken a good lesson from you.
Thanks for the knowledge. I never had this thinking that some printer do stored last document printed. I have to go check if the last memory of what I printed last is still available there in my printer for me to take note, but I have printed several documents so I m not sure if that information will be there till today so is been a while it happens.
Modern printers are often equipped with wireless or cabled network. You don't and can't know what your printer is calling home to the manufacturer or worse.

Next issue that I'm thinking of: is the computer from which you printed an online computer, it doesn't count if it's only temporarily offline.

For the security of your wallet, you shouldn't ever expose your wallet's mnemonic recovery words or private keys to a digital device that will go online at some point of time in the future. Keep them strictly offline, ever.
sr. member
Activity: 616
Merit: 271
April 16, 2023, 06:15:13 AM
#25


Anyway I have also taken a good lesson from you.
Thanks for the knowledge. I never had this thinking that some printer do stored last document printed. I have to go check if the last memory of what I printed last is still available there in my printer for me to take note, but I have printed several documents so I m not sure if that information will be there till today so is been a while it happens.

I stopped believing the privacy or security of machines or devices directly from the manufacturer even when not used by others. In my college days, there was a newly bought computer numeric control (CNC) machine for practical purposes. That type of machine does not perform work if not pre-programmed.
But we were all surprised when the machine started operation even when there was no inputed data. The scenario threw all the students and even the instructor into a serious confusion.
It was later discovered by a senior instructor that the machine used the last program by the manufacturers to operate even when the manufacturers manual claimed that the memory was a virgin and so.
It resulted to law suits because the instructors finger was actually chucked off because of that error.

This also means that some devices even when brand new are not totally safe.
sr. member
Activity: 1316
Merit: 379
Fully Regulated Crypto Casino
April 16, 2023, 02:48:29 AM
#24
Lastly I think you should also try to print out your see phrase, including your private keys to be at the safer side.
This is poor advice.

Firstly, there is no need for the vast majority of users to handle their raw private keys. Doing so is a security risk, as you expose them unencrypted to your device and therefore risk leaking them. Backing up your seed phrase is more than sufficient, given all your private keys can be derived from that seed phrase via very standardized and well published methods.

Secondly, it is preferable to write the seed phrase by hand and not use a printer. Almost all printers you can buy these days have internal storage and will store a copy of the last x documents that they have printed (even if you cannot access this storage), as well as a variety of wireless connections such as WiFi and Bluetooth. All of this presents a variety of unnecessary attack surfaces to your seed phrase, which can all be easily avoided by just writing it down with pen and paper.

Yeah, you are absolutely right.
Thought I was taking it to be as mine, I have a separate printer in my room were only me uses it but in the case of op just as you said writing it down will be the best option maybe as not to be that exposed to other users, or who knows if op has a separate printer in his or her room.

Anyway I have also taken a good lesson from you.
Thanks for the knowledge. I never had this thinking that some printer do stored last document printed. I have to go check if the last memory of what I printed last is still available there in my printer for me to take note, but I have printed several documents so I m not sure if that information will be there till today so is been a while it happens.
legendary
Activity: 2268
Merit: 18711
April 16, 2023, 02:12:04 AM
#23
Lastly I think you should also try to print out your see phrase, including your private keys to be at the safer side.
This is poor advice.

Firstly, there is no need for the vast majority of users to handle their raw private keys. Doing so is a security risk, as you expose them unencrypted to your device and therefore risk leaking them. Backing up your seed phrase is more than sufficient, given all your private keys can be derived from that seed phrase via very standardized and well published methods.

Secondly, it is preferable to write the seed phrase by hand and not use a printer. Almost all printers you can buy these days have internal storage and will store a copy of the last x documents that they have printed (even if you cannot access this storage), as well as a variety of wireless connections such as WiFi and Bluetooth. All of this presents a variety of unnecessary attack surfaces to your seed phrase, which can all be easily avoided by just writing it down with pen and paper.
sr. member
Activity: 1316
Merit: 379
Fully Regulated Crypto Casino
April 15, 2023, 05:37:05 PM
#22
Quote
Is a laptop better than a smartphone? Does it need to have specific characteristics?
Am I missing some things?
For security purpose i think laptop would be more preferable than smartphone, maybe will be more preserved and secured than just buying a new smartphone because phone may likely got stolen or easily accessed by friends and relatives.

I took everything into consideration and the new laptop is on its way.
The current one (history with malware and even 1x online credit card fraud) is 7 years old anyway.
I will use the new one strictly for purchasing crypto and running ledger live.

I will keep using the old laptop for browsing as long as it lives.
If it breaks down in 2025 and all of my crypto assets are on a coldwallet, I can use the new laptop for browsing (correct me if I am wrong)


Great job mate with this your investment is secure and safe. You don't need to be afraid of any phishing site or malware that may affects your system.
Lastly I think you should also try to print out your see phrase, including your private keys to be at the safer side.
sr. member
Activity: 616
Merit: 271
April 15, 2023, 04:43:14 PM
#21



With regards to hackers, I believe that one of the most important safety measures is to make sure that NOBODY knows you invested in BTC or ETH.
Eventually if the word speads, it will catch the attention of bad people. I don't know what they can do to your internet connection, but I believe they have options just by knowing your name and address.

To get a better idea, this website allows you to enter your email address and immediately tells you if there have been security breaches https://haveibeenpwned.com/
Mine has 10 of them, and it also says when and where it happened

Ok. Sorry about your experience. I trust the insurance believed your side of the story and indemnify you.
With your story I just believe you are too vulnerable online which might be as a result of your past activities online and especially social media which has been linked to your real identity.

I would advise you change your mobile number and try starting a more secured life. I haven't had such experience and it's scary to have.

If you have a good backup, you can decide to reset your devices to factory settings or formating and then try change your emails and stay off social media for a while. Use a strong vpn or use Tor browser to secure your ip. How were you sure those numbers that called you were actually residents of UK?
legendary
Activity: 2268
Merit: 18711
April 15, 2023, 02:46:42 PM
#20
Just getting curious about whether the seed key has a different format or something like that and any compatibility issue with other wallets.
No issues. Ledger devices use a BIP39 seed phrase, as do almost all current hardware and software wallets. You will have no trouble importing it elsewhere if you need to.

Just note that you should only do this in the situation where your hardware wallet is lost, damaged, broken, etc. Importing your seed phrase in to another wallet is risky, and has the potential to negate all the protection your hardware wallet provides.
member
Activity: 202
Merit: 22
April 15, 2023, 02:35:32 PM
#19

Saying about getting an airgapped device...
Is one automatically exposed to risk of hack and malware when they are connected to the internet?
I think one needs to visit some malicious sites, click random links or share private information before they could be hacked.
I have a backup phone I use for only my wallets and I have my mobile wallet there. I only go online with it to search information or visit my social media handle. I do not click links and I do not install any other things in the phone.
Am I still at risk?
I believe something points the attention of hackers to my device and if I avoid those things that point their attention to my device I am safe.
Am I getting it totally wrong?

I am not sure but from my experience I think you are wrong.
I don't open weird emails either and it still looks like I was a victim of some sort of hack. You could be browsing on any normal website, click on "play" of any video you wish to see, have a pop up appear and it is already too late.

I keep getting calls from foreign countries. Random people who seem to have my phone nr. This has been happening for a while. Obviously I do not answer.

A few months ago when Roger Federer retired from tennis, I commented on facebook that I would like to attend his last game. I did this with a fake account that is not linked to my real name. Half an hour later I received a phonecall from the UK where that game was played (I do not live there) and the day after I got 2 more. So somehow people on the dark web can even link a fake facebook account to my real name and my real phone number. I'm not an expert but I assume this is based on the IP address being used by both accounts (the real FB account and the fake one)

A month prior to that someone had made a 1000 British pound payment in London with my visa card, that is inside my house and I had used exactly 1 time online. No details were shared with anyone. I was a whole battle with the insurance company to get it back. I had done nothing wrong.
So no I do not feel safe online.

With regards to hackers, I believe that one of the most important safety measures is to make sure that NOBODY knows you invested in BTC or ETH.
Eventually if the word speads, it will catch the attention of bad people. I don't know what they can do to your internet connection, but I believe they have options just by knowing your name and address.

To get a better idea, this website allows you to enter your email address and immediately tells you if there have been security breaches https://haveibeenpwned.com/
Mine has 10 of them, and it also says when and where it happened
legendary
Activity: 2156
Merit: 2100
Marketing Campaign Manager |Telegram ID- @LT_Mouse
April 15, 2023, 02:18:46 PM
#18
Does this mean that in case of an attack of the banks on crypto, they can take down ledger and therefore my BTC?
No. Taking down ledger doesn't mean they have access to your Bitcoin. You will have a seed key when you will create the wallet and you can import the seed key in Trezor too. You just need to store your seed key secretly and safely. You can access the fund with a lot of other wallet if they support importing wallet from seed key. There's nothing much to worry about this.

No. Even if they take down Ledger the company, the coins on your hardware wallet will remain safe. And even if the Ledger servers all get taken offline and their software no longer works, you can pair your hardware wallet with many different pieces of wallet software, such as Electrum, in order to still access your coins. And if your physical hardware wallet is damaged, broken, lost, etc., then you can recover your bitcoin by recovering from your seed phrase.
You beat me lol. Just getting curious about whether the seed key has a different format or something like that and any compatibility issue with other wallets. If yes, how would we be sure when should we use which wallet?
member
Activity: 202
Merit: 22
April 15, 2023, 02:15:36 PM
#17
Quote
Is a laptop better than a smartphone? Does it need to have specific characteristics?
Am I missing some things?
For security purpose i think laptop would be more preferable than smartphone, maybe will be more preserved and secured than just buying a new smartphone because phone may likely got stolen or easily accessed by friends and relatives.

I took everything into consideration and the new laptop is on its way.
The current one (history with malware and even 1x online credit card fraud) is 7 years old anyway.
I will use the new one strictly for purchasing crypto and running ledger live.

I will keep using the old laptop for browsing as long as it lives.
If it breaks down in 2025 and all of my crypto assets are on a coldwallet, I can use the new laptop for browsing (correct me if I am wrong)

legendary
Activity: 2268
Merit: 18711
April 15, 2023, 02:15:11 PM
#16
Does this mean that in case of an attack of the banks on crypto, they can take down ledger and therefore my BTC?
No. Even if they take down Ledger the company, the coins on your hardware wallet will remain safe. And even if the Ledger servers all get taken offline and their software no longer works, you can pair your hardware wallet with many different pieces of wallet software, such as Electrum, in order to still access your coins. And if your physical hardware wallet is damaged, broken, lost, etc., then you can recover your bitcoin by recovering from your seed phrase.
member
Activity: 202
Merit: 22
April 15, 2023, 02:12:15 PM
#15

Ledger Nano X is fine but the only problem with this wallet it is a close source.

Does this mean that in case of an attack of the banks on crypto, they can take down ledger and therefore my BTC?

I really expect a war of the banks vs the exchanges and I need to secure my crypto in the best possible way
sr. member
Activity: 1316
Merit: 379
Fully Regulated Crypto Casino
April 15, 2023, 01:31:01 PM
#14
Quote
Is a laptop better than a smartphone? Does it need to have specific characteristics?
Am I missing some things?
For security purpose i think laptop would be more preferable than smartphone, maybe will be more preserved and secured than just buying a new smartphone because phone may likely got stolen or easily accessed by friends and relatives. So the best option is to get a new laptop and keep it out of the reach of everyone but strictly for you and anything related investment maybe cryptocurrency at large.
You don't have to store your funds in an exchange due to what happened and you only keep your funds were you could have full control over your asset.
sr. member
Activity: 616
Merit: 271
April 15, 2023, 12:02:45 PM
#13

I have a backup phone I use for only my wallets and I have my mobile wallet there. I only go online with it to search information or visit my social media handle. I do not click links and I do not install any other things in the phone.
Am I still at risk?
Yes.

Your risk is lower if you use the device for nothing except bitcoin, but the risk can only be removed by keeping the device permanently offline. Since you are still using that device to browse social media, use search engines, and visit the random sites that the search engine returns, then your risk is barely reduced, if it all.
Noted! Thank you.

Saying about getting an airgapped device...
[Guide] Secure air-gapped crypto wallet storage method
How to Install Tails OS on USB flash drive for Wallet Purpose

You can set up your multisign wallets to use even on your smartphone with small amount (not your 1 BTC) to use when you are hanging out, travelling but still have your bitcoins to use where you can find stores, services accept it locally.
I do not know how to do this. I want to learn this as I have gotten the theoretical knowledge. I have made a topic for this.

I believe something points the attention of hackers to my device and if I avoid those things that point their attention to my device I am safe.
Am I getting it totally wrong?
Since you plan on holding for long-term anyway, why not make it as secure as possible?
I am not an expert. I am learning how to do this. I trust the people here will help me.
legendary
Activity: 2170
Merit: 1789
April 15, 2023, 07:33:30 AM
#12
I believe something points the attention of hackers to my device and if I avoid those things that point their attention to my device I am safe.
Am I getting it totally wrong?
It is better to be safe than sorry. The price to pay is quite cheap compared to the uncertain risk you're facing if you regularly connect your device to the internet. At the end of the day, you can't guarantee that there won't be a new attack vector other than spamming links, phishing websites, etc. Heck, who knows some hackers could manage to hijack your DNS and use one or two exploits that allow them to control your device remotely without you noticing anything. Since you plan on holding for long-term anyway, why not make it as secure as possible?
Pages:
Jump to: