Avatar
hugomofn 1y ago

People who say “don’t use phones for your main Bitcoin savings” never make sense to me.

1/ Security matters: Phones have a much smaller attack surface and are designed with security in mind, unlike desktops burdened with legacy software and hardware. What's easier to crack—a Windows machine or an iPhone?

2/ Dedicated devices: If you're concerned about your main phone being out and about too much, get a second, dedicated phone for your savings. You should also use a dedicated desktop if you're truly serious about security. Avoiding phones but using a non-dedicated desktop filled with software means you don’t care about security as much as you think you do.

3/ Use multisig: If you set your wallet up properly, the phone should hold no private keys—only a watch-only interface. The wallet interface should be the *least* of your worries. Distributed multisig keys are your main defense. Focus your energy on securing the actual keys.

4/ Use a decoy wallet: If you can’t get a second phone, use a decoy wallet. You can use a decoy wallet even if you have a dedicated phone.

So don’t take bad advice, even from Bitcoiners. Think from first principles.

Don’t be stuck in the 20th century. DO use phones for your main Bitcoin savings.

Reply to this note

Please Login to reply.

Discussion

Avatar
hugomofn 1y ago

P.S. Nunchuk ships both mobile and desktop apps, but IMO mobile is the future of Bitcoin self-custody.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

imo mobile is gonna be dead in the water after we get one good global wireless network outage from an X20 solar flare

Avatar
utxo the webmaster 🧑‍💻 1y ago

I don't think your key material should ever be on a device connected to the Internet

Avatar
hugomofn 1y ago

That’s what I said. The phone (or desktop) should be a watch-only interface.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

i wish there was a proper USB detached signer device... some of the yubikeys support storing a secret and signing hashes with them but not the ones we need

just usb-a/usb-c interface on it would be enough for now, an NFC interface would be a nice extra... all it does is sign a hash, and keep the secret and execute a BIP-340 signature

an extra neat feature would be if you could have it store like 16 secrets on it and sign on any of them with the protocol specifying the signing pubkey...

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

absolutely not

main savings account should be on a separate device from teh one you carry around... 5$ wrench attack, at least put fucking locked doors in front of the access to the device, and be careful with its network security

cold storage is a separate thing, daily spending, sure, put that on a hot system, my personal recommendation is have something like an alby hub, which is moderately secure and hard to access where you have the bigger hot LN balance, and then you can zap easily to your mobile and browser (alby extension makes this pretty much seamless)

multisig is not going to help for hot storage, at all, you only want that for long term and cold storage, with cold storage the inconvenience is a feature

Avatar
hugomofn 1y ago

> main savings account should be on a separate device from teh one you carry around

That’s exactly what I said. Reread point 2. Not sure what you’re disagreeing about.

> multisig is not going to help for hot storage

I’m NOT discussing hot spending wallets, I’m talking about main savings. (So your LN example also isn’t relevant here).