Replying to Avatar Laser

A dedicated #GrapheneOS device with nostr:npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n Green installed directly via Obtanium and verified with AppVerifier is a great way to interface with the new #Jade Plus.

Avatar
Laser 9mo ago

This setup will avoid the problem of authorities being able to "prove" you have #Bitcoin in your possession.

1. A powered off #GrapheneOS device is completely E2EE encrypted at rest with nothing in memory. Plausible deniability: I forgot the password/PIN.

2. Green can be set not to remember previously accessed wallets, leaving no trace behind on the device. This allows you to grant access to the device if need being, and it will look pretty bare bones.

3. This leaves the Jade, which either has some state (if using PIN server) or none, if using #SeedQR. In both cases, ample plausibility exists in either "I forgot the pin", or "I've never set it up or truly used it".

This level of plausible deniability is critical as the State becomes more agressive with seizure.

This is one of the biggest reasons I've stopped having IRL friends and family use and maintain a dedicated laptop: too much risk of seizure if they don't know what they're doing.

#Bitcoin

nostr:nevent1qqsdf8sehrjq3xnevslrvl3qsvf4vsn9el7avvsg6e3dfa4rzhtqzvszyq6ksa0l6u5mqmhtfswh5u9p7agqghgxwa6dy8q04lly4u4lj63wsqcyqqqqqqgp6zd93

Reply to this note

Please Login to reply.

Discussion

Avatar
cryptowolf 9mo ago

This would be great if only Green actually worked. Does not connect to own node over tor. Gave up on green months ago after years of it not working.

Avatar
Skipper 9mo ago

Green Wallet is terrible.

Avatar
Azz 8mo ago

It all adds to the plausible deniability

Avatar
Skipper 9mo ago

All right boys...

If you bought Jade with kyc OR if it was sent to your home address, it's over—the state already knows you had(have) corn.

If you have Jade(or any other hardware wallet, including SeedSigner) in your possesion when you travel, or in an obvious place at your house, it's over aswell.

For maximum #privacy, you can't have hardware wallets, so skip the Jade. The phone is all you need.

An always offline Pixel phone with #GrapheneOS installed and BlueWallet on a Guest Profile that gets wiped after every session.

No one will suspect of a phone, specially if you slap a cute case on it.

Even if it gets confiscated or lost no one will be able to decrypt it, and even if they could, all they would find was BlueWallet app installed with nothing on it. The seed should be in your head—the safest place to store it. If you are going to use SeedQRs you must add a strong passphrase.

Normies using Laptops = NGMI.

Avatar
Hanshan 9mo ago

good advice penguin

until the end.

a laptop with Veracrypt installed is superior to all of that.

you can run an encrypted VM and stick your wallet on a encrypted drive inside thet and it's not accessible to anyone.

it cant even access the internet if you don't want it to.

and you have a dummy drive with a separate password to decrypt if pressured by the authorities.

Avatar
Anon 9mo ago

This is the correct solution!

Avatar
Skipper 9mo ago

Laptops are insecure. You are missing years of security patches and you won't have any hardware protections for example a secure element like you have on Pixel devices (Titan M2). This why a 6-digit PIN on Pixels is impossible to bruteforce but your 20+ character Veracrypts passwords can easily be.

Most people using Veracrypt containers/disks are not using a password with high entropy, and even if they are, they can be cracked in the future ("Harvest now, decrypt later", look it up). You won't fool authorities with your 'dummy drives', Veracrypts and TailOS setups, they are so obvious, this is why i mentioned to simply have a Phone—it's the most secure hardware, with the most secure operating system, and is much smaller, portable and less suspicious than a laptop with a TailsOS USB next to it.

Avatar
Hanshan 9mo ago

for starters

it would take something like,

100000000000000000000 years

to brute force a good 20 character password.

theres nothing inherently insecure about laptops.

otherwise you're not really wrong.

but you are strawmanning and context switching.

your "duh I forgot my PIN" is MUCH more obvious than a Veracrypt volume.

because you can decrypt the Veracrypt volume and show them.

it comes back to plausible deniability.

if your threat model is

"the govt knows about my coins and they will use the entire resources of the NSA to get them"

and they come to your residence to arrest you

then you have a good argument that a current model Pixel in a box somewhere acting as (warm) storage is a better solution.

but you're also going to jail when you don't give them the PIN.

so theres that.

if the threat model is "they *suspect* i have coins and I need to show reasonable proof I dont"

like you're crossing a border somewhere, get tagged for the secondary and they start pressing you,

or you bought KYCed coins and the IRS comes for their share,

then having a phone and claiming you cant access it isn't going to work if they intend to do a full search of your devices.

it will likely make it worse.

but if you show them the hidden partition with the embarrassing videos of you and the wife, you've established plausible deniability.

and your "harvest now decrypt later" isn't impressive.

there are new attacks developed against hardware all the time.

so you think they're going to develop quantum computing, still have access to the device and care enough?

to break a Veracrypt volume they arent even sure exists?

but the TitanM2 key derivation process is still going to be unassailable?

its is a BIG stretch.

Avatar
SuiGenerisJohn 9mo ago

For long term storage, I don't see why you'd ever have a signing device loaded with your private key for any meaningful length of time anyway.

Avatar
Hanshan 9mo ago

oh

I'm wrong about the length of time to crack a 20 character password.

depends how many GPUs they're willing to use

ie, how many millions theyre willing to spend

but its doable within not too many years.

Avatar
Hanshan 9mo ago

ok looking at current GPU technology 😂

a 128 bit password has

3.4×10^38 possible keys

(a 20 character password with upper, lower, numbers and 10 specials is technically 123 bits, but because Veracrypt and Luks and others use PBKDF2, it's functionally at least 128 bits)

we'll say a NVIDIA H100 GPU can guess 10^12 keys per second

I make that

1.07x10^19 years to go through all combinations.

and unless I'm mistaken

10^6 modern, state of the art GPUs would only reduce the time to

1.07x10^13 years.

so i was right the first time.

cracking strong passwords isnt a thing.

Avatar
Chuck Langstrumpf 9mo ago

is this the future of finance? asking for a friend

Avatar
Skipper 9mo ago

This is the future of "being your own bank" instead of depending on Big Daddy Banks/Gov to protect your money.

Avatar
Chuck Langstrumpf 9mo ago

looks very user friendly 😉

Avatar
Skipper 9mo ago

ok shitcoiner

Avatar
ManyKeys 9mo ago

What if you have them with small amounts as decoy?

Avatar
Skipper 9mo ago

Always have decoys.

Avatar
ValderDama 9mo ago

But, but... What if they can read your mind? 💭

Avatar
Bitcoiners Quotes 8mo ago

A dedicated laptop my guy, not a everyday laptop you use for day to day browsing

Avatar
Skipper 8mo ago

Too big to carry or hide, not pratical. A million times less secure too.

Avatar
Bitcoiners Quotes 8mo ago

A laptop is too big too carry or hide 😭

Avatar
Laser 9mo ago

Provable physical possession of a public/private keypair, even when the private key is not granted to authorities, is sufficient for a judge to keep a person in jail for failing to cooperate with seizure of #Bitcoin, lawful or not.

Your setup *must* make it difficult or impossible to prove that you possess a public/private keypair to any #Bitcoin.

It's not enough to just make private keys hard to access. The entire setup needs to provide plausible deniability.

nostr:nevent1qqsyfmkgwcg553gnc2kvn6wylxlyngfzj6stszjjq7lu3rzwaft9d4qpzemhxue69uhky6t5vdhkjmn9wgh8xmmrd9skcq3qx458tl7h9xcxa66vr4a8pg0h2qz96pnhwnfpcra0le9090uk5t5qxpqqqqqqzctj5fn