My point is that you should only only only keep substantial amounts on phone wallet if you REALLY know what you are doing because attack surface is virtually infinite and that is almost nobody. And you should just not keep savings on mobile cause that’s just straight stupid.
Discussion
its not "virtually infinite"
if you have a dedicated pixel
running Graphene OS
that is only used for storing private keys
ie, only trusted wallet software is installed ,
then the attack surface is TINY
and there's virtually no way to get those keys off the device
hackers arent sorcerers who can just magically steal stuff.
there are reasons to maybe have a CC
but its NOT because you cant securely store keys on a phone
Local cybersec guru here.
If your argument is smartphones are easier to use than a CC, yes you are correct.
If your goal is high security with easy UX for parents and kids, look into Passport or even Bitkey.
If you’re trying to make the point that hardware wallets can be equated with smartphones, you’re wrong and we need to keep that advice from spreading to newcomers.
No smartphone, even using graphene, will ever match the security prospects of a CC or any other airgapped hardware wallet.
i agree with that, technically anyway.
but nowhere have i said that hww can be equated with smartphones.
what I'm AM saying is that having a *dedicated* Graphene phone (ie with ONLY trusted and confirmed wallet software installed) as cold storage is good enough for most people.
Focus on the last few words in your note and you’ll see the flaw in your thinking.
Hardware wallets are purpose built devices. Smartphones are general purpose devices.
A smartphone isn’t “cold storage” and shouldn’t be recommended as such. Unless you are opening the device to remove all wireless antennas it can still be compromised without your knowledge.
Put simply, if it’s capable of an Internet connection it’s not cold storage.
Smartphone ≠ Hardware Wallet
i didnt say they were.
and as an security guru
im sure you know that virtually all security breaches come from the user installing compromised software.
not becasue hackers can magically compromise any random device through the internet
so I repeat
if you're a random pleb
protecting your non-KYC utxos in a single sig setup
your DO NOT need a hww.
hell
you could just have a watch only wallet and your seed on steel.
but nobody is going to identify your old Pixel as a signing device (or be able to access it even if they have it physically)
and no hacker is going to magically steal your corn if you connect to sign a tx.
Nope. Many breaches happen without user error.
There’s a whole lot you aren’t considering. Remote data extraction exists. Code injection without user interaction exists. Zero click exploits exist. Supply chain attacks exist. Not magic, computer science.
If you sign a transaction on an internet connected device, you expose the keys every time.
If you store your keys on metal plates, you cant sign transactions.
Stop trying to push away the tools, we built them for a reason.
Yeah those kind of exploits exist but show me how they're relevant to the conversation that we're having
I.e that the tools I'm suggesting are vulnerable to them.
It is true that theoretically a vulnerability *could* exist
There just isn't anything you can point to that shows that there is one.
also,
if you can sign transactions
it's not cold storage
I'm not trying to put you in the position of trying to prove a negative here
I'm just pointing out that
in the space that we're talking about here ( Graphene OS, trusted FOSS wallet software)
there have been none of those variety of exploits (that I'm aware of of course)
I'm very interested though if you know of any,
and it will certainly change my ideas on the subject
Alright here’s the relevancy. I’ll try to walk you through an example.
I install a RAT (backdoor) using a zero click exploit from a spam text or email. You have no knowledge anything happened and delete the spam. My exploit installs a logger that grabs your key next time you send a transaction and delivers the key back to my server. Suddenly your money is gone and don’t know how.
With a hww what I described above is impossible. When signing a transaction the key is never exposed to the internet connected device. Your model is no better than a hot wallet, because it is by definition a hot wallet. This is the core reason hww are more secure. Signing transactions from cold storage is how many of us have been using bitcoin for years.
Just because nothing bad that you know of hasn’t happened doesn’t make it a good idea to recommend taking the risk. If the vulnerability exists then why bother? Just use the safer option.
Your previous reply highlights a misunderstanding of the term “cold wallet”. It’s defined as a wallet living on a device INCAPABLE of an internet connection. If your keys are on a device that can connect to the internet, in any way, it is by definition a hot wallet.
At this point I’ve led you to the water my friend, it’s up to you to drink. Read up on the history of hww development and I believe you’ll have a better understanding.
And you're just completely ignoring the fact that I was talking about a dedicated device
If you're just going to strawman the conversation I have no interest in continuing it
I don’t see how a dedicated device changes anything we’ve discussed. If it’s a smart phone, it still has wireless antennas. It’s still capable of Internet connection. It’s not a cold wallet.
Because a dedicated device doesn't access email
And your example depends on accessing email
It was just one example. If your device has a wireless antenna, even if you’re not using it, even if your screen tells you it’s off, I am still capable of hacking you.
So you're claiming that an adversary can:
One identify that Bitcoin exists on the device
two figure out when the device is active
three remotely connect to the device
four exploit the device to extract the secure Keys
without user interaction
that is an extremely heavy lift and verges on magical thinking
Yep. Everything you said there is accurate. Welcome to the scary world of cyber security.
Yeah it's all technically possible
But it's never happened
And the people that we're talking about here (signal sig plebs) are unlikely to fall under targeted attack
This is just "internet professional thinks that Internet Security is Lacking because theoretical technical reasons"
Ever wonder why people use faraday bags at tech conventions? If there’s a wireless signal coming to your device and there’s hackers around, they will win.
And nobody's talking about taking your signing device to a hacking convention
come on man
"someone could theoretically gain access" is hand waving
We're talking about a random person having a dedicated phone in their home under their personal control
And *maybe* they turn it on occasionally to sign a transaction
You have not indicated ANY practical way to compromise such a device
Just "insecure because scary reasons"
I can agree that maybe this isn't advice that you want the general newbie to hear
But you're not indicating any actual problems with the advice itself
Security is about removing as many vulnerabilities as possible. So just because you can’t find a person testifying about their hacked device doesn’t mean it isn’t something to be avoided. Especially when it costs far less to buy a hww than a smartphone anyways.
BTC security needs to be easy and clear cut. What you’re advocating for is not. Many of us will never see it as a good idea for people to treat a smartphone as cold storage. But it’s your money.
I’m a little lost with what is your argument at this point. That you’re right and everyone else is wrong?
HWW security is better than smartphones. Smartphones aren’t cold storage by definition. Not sure how I can make it any clearer for you.
I literally said it in the 1st post you replied to
and what Im saying is EXTREME clear-cut.
so far all youve said is
"hww more secure against theoretical attacks nobody has ever heard of"
which is true.
just saying for your average pleb it doesnt matter.
Very short sided man. Security matters for everyone.
The founder of Trezor started HWW’s because his coin was hacked. You apparently think people using graphene is an equal recommendation to a hardware wallet and you’re wrong. Sorry, I know it’s not fun to hear 🤷🏻♂️
These attacks aren’t theoretical. Cybersec professionals are building tools to stop very real possibilities to help people like you secure generational wealth and you’re dismissing their work as unnecessary.
I love graphene devices as much as anyone. But they are designed for general purpose privacy. Not long term savings. No computers are designed for such a purpose, which is why the hww industry now exists.
Maybe the real problem here is using the term cold storage. It means something specific and you’re using it to describe a suitable setup for yourself, but it’s not the same. It’s certainly not easy to use cold storage for the average person.
Nothing wrong with using hot wallets. I use them too. But “cold storage” should never be a smartphone-diy recommendation.
I think this is as clearly as I can make my point. So I’m moving on with my Saturday, good luck man.
Im fine if we dont call it "cold storage". i dont particularly care if we call it that or not.
ill also close by pointing out you have not indicated any security vulnerabilities in my suggestion.
although i agree with your point its more vulnerable to 1 in a million type attacks that average plebs are extremely unlikely to be targets for.
https://letmegooglethat.com/?q=Pixel+graphene+cve+vulnerability+history
Graphene is best around. But nobody is invincible.
agreed 👍
in short if your threat model is that single sig is good enough
you don't need a HWW
(in theory anyway, obv YMMV)
if you're a known hodler (influencer or whatever. you worry about a targeted attack)
then you need multisig anyway
and hww makes sense.
If you’re comfortable with that thinking good luck, but I’ve been around for a while and witnessed people get burned that way. Thats why we started building dedicated key signers in the first place.
I strongly disagree here. Most people will be using single sig and there are many use cases for a hww beyond multisig. There’s no reason to compromise on security for savings that could last a lifetime.
Sorry pal, but I’ll continue to call out bad bitcoin advice to save the newbies.
Keys stored on an internet connected device should not be trusted for savings. Spending amounts only.
What I'm proposing eliminates 99.99% of the attack service of a hot wallet
what you're proposing eliminates 99.9999% of the attack service of hot wallet
Users can decide what their threat model requires.