Thoughts on including non-KYC bitcoin in a collaborative multi sig setup?
#asknostr #bitcoin
Discussion
Ask this question with more specifics otherwise it's too broad to answer
Are you pretty much KYCing your non-KYC stack as soon as you sign up with a third party for collaborative multisig? I was told companies like Unchained only report to the government for IRA accounts, but obviously it’s a privacy vulnerability. At the same time, the risk of a hostile government going after people through these companies is a small and distant one compared to the benefit of securing your stack with a collaborative multisig now, especially bc they have no control over your funds.
Companies like Unchained and Swan must KYC you because they provide financial services but Nunchuk and Casa don’t so as long as you can’t be identified from the email you use then they are probably your best options to look into. I think both allow you to pay in bitcoin too so there won’t be a credit card on file either.
Casa & nunchuk don't hold the coordinator file for you?
I don’t understand how non KYC collaborative custody could work bc couldn’t anybody who managed to get ahold of one of your seed phrases get the company to sign as well?
I'm assuming there's multiple authorization steps including your email, which should be encrypted - like protonmail,
2FA authenticator like authy or Google authenticator.
Maybe there's a tradeoff without giving up your identity,
Although the benefit doesn't make sense to me - if they're holding your coordinator file and a key then yes your identity matters.
But, if they're holding only a key and no coordinator file, then even if they have your identity they can't tie it to your Bitcoins as the addresses you're using are unknown.
I’d love to see a key only service just as you describe. That would be really cool.
Otherwise, if you're not careful with your IP address they have your information regardless of your KYC.
But yeah that service exists tbh...
You just do it yourself with the same service these MFers use.
https://www.ironmountain.com/services/iron-cloud-data-management
I would also go for their physical backup service.
Nice tip!
They do, but it's easy to import them into Sparrow Wallet. They would have your public info and can see how many bitcoin you have under control of with that wallet. I assume they keep this as private as possible, but I can't verify it.
They do not need to know your
- location
- legal name
- social security addresses.
That information is not required, which is more secure from a $11 wrench attack. Anchor watch is interesting because you can KYC yourself, but still have $11 wrech attack protection for a fee. There are many other things to think about.
Elaborate schemes are often less secure. Even if you're an expert, your spouse may not be. That's why bitcoin cybersecurity is such a deep, never-ending rabbit hole.
Okay got you, you mean using a 3rd party service and not implementing your own collaborative multi sig setup.
The only question bares, are you also giving them your multisig coordinator file?
This is the master xpub file & without it they can't see what Bitcoins you have.
In a 2/3 multisig ; you need either all 3 keys or 2 keys + coordinator file to access your Bitcoins.
I overlooked this response. This makes sense now. I wonder if you have the option to share or not share the xpub at a company like Unchained. Sharing = extra security that you won’t lose anything. Not sharing = maintaining anonymity?
Exactly,
Also remember setting up multisig yourself is better if you know what you're doing.
3/5 always too btw.
3/5 > 2/3
Why? Because one redundancy is none, and two redundancies is one.
Coordinator file in multiple cloud backups & physically stored with each seed.
If you use a 3rd party still try to use a 3/5.
Wow I was 100% going to start with 2/3. Can you elaborate on the one redundancy is none, and two redundancies is one?
2/3 is the most popular setup as hiding 5 secrets requires somemore thinking.
2/3 + Coordinator File:
If you lose 1 key you're okay.
If you lose 1 key & the coordinator file you are fucked.
If you lose 2 keys you're fucked.
The coordinator file should be stored with each key & a couple encrypted cloud backups & maybe even a physical backup.
So we consider the coordinator file to be backed up at least 4-6 times.
Whereas, the key set in this scenario is only backed up 1-time.
3/5 + Coordinator File:
If you lose 1 key you're okay.
If you lose 2 keys you're okay.
If you lose 2 keys & the coordinator file you're fucked.
If you lose 3 keys you're fucked.
Store the coordinator file with each key...etc...
Coordinator File backed up 6-7 times.
Whereas, the key set in this scenario is backed up 2-times.
In backups and security there's a classic saying:
"1 is none, 2 is one".
This mantra helps to consider that losing one backup can happen, and in multisig you might not realize that you lost one...
So if you lost one more you'd be out of your coins.
Awesome thanks so much for the info. Would you say that 2/3 is probably the most common setup that people use? Also, in either scenario, you do not need to know your xpub (same as coordinator file?) so long as you have all of your keys? However, as soon as you don’t have one of the keys, the xpub is required. And, the xpub is not sensitive information as far as cloud backups.
2/3 is the most common.
Yes, if you have 3/3 keys you don't need the coordinator file, but I wouldn't want to be in that scenario obvz.
Xpub/coordinator file is sensitive information but not critical.
If someone gets a hold of this file they can see your entire transaction history.
Encrypted cloud backup is a good way to store it digitally, but that shouldn't be a substitute for storing it in many places physically.
Nunchuk and Casa are no KYC options.