I'm very interested though if you know of any,
and it will certainly change my ideas on the subject
Discussion
Alright here’s the relevancy. I’ll try to walk you through an example.
I install a RAT (backdoor) using a zero click exploit from a spam text or email. You have no knowledge anything happened and delete the spam. My exploit installs a logger that grabs your key next time you send a transaction and delivers the key back to my server. Suddenly your money is gone and don’t know how.
With a hww what I described above is impossible. When signing a transaction the key is never exposed to the internet connected device. Your model is no better than a hot wallet, because it is by definition a hot wallet. This is the core reason hww are more secure. Signing transactions from cold storage is how many of us have been using bitcoin for years.
Just because nothing bad that you know of hasn’t happened doesn’t make it a good idea to recommend taking the risk. If the vulnerability exists then why bother? Just use the safer option.
Your previous reply highlights a misunderstanding of the term “cold wallet”. It’s defined as a wallet living on a device INCAPABLE of an internet connection. If your keys are on a device that can connect to the internet, in any way, it is by definition a hot wallet.
At this point I’ve led you to the water my friend, it’s up to you to drink. Read up on the history of hww development and I believe you’ll have a better understanding.
And you're just completely ignoring the fact that I was talking about a dedicated device
If you're just going to strawman the conversation I have no interest in continuing it
I don’t see how a dedicated device changes anything we’ve discussed. If it’s a smart phone, it still has wireless antennas. It’s still capable of Internet connection. It’s not a cold wallet.
Because a dedicated device doesn't access email
And your example depends on accessing email
It was just one example. If your device has a wireless antenna, even if you’re not using it, even if your screen tells you it’s off, I am still capable of hacking you.
So you're claiming that an adversary can:
One identify that Bitcoin exists on the device
two figure out when the device is active
three remotely connect to the device
four exploit the device to extract the secure Keys
without user interaction
that is an extremely heavy lift and verges on magical thinking
Yep. Everything you said there is accurate. Welcome to the scary world of cyber security.
Yeah it's all technically possible
But it's never happened
And the people that we're talking about here (signal sig plebs) are unlikely to fall under targeted attack
This is just "internet professional thinks that Internet Security is Lacking because theoretical technical reasons"
Ever wonder why people use faraday bags at tech conventions? If there’s a wireless signal coming to your device and there’s hackers around, they will win.
And nobody's talking about taking your signing device to a hacking convention
come on man
"someone could theoretically gain access" is hand waving
We're talking about a random person having a dedicated phone in their home under their personal control
And *maybe* they turn it on occasionally to sign a transaction
You have not indicated ANY practical way to compromise such a device
Just "insecure because scary reasons"
I can agree that maybe this isn't advice that you want the general newbie to hear
But you're not indicating any actual problems with the advice itself
Security is about removing as many vulnerabilities as possible. So just because you can’t find a person testifying about their hacked device doesn’t mean it isn’t something to be avoided. Especially when it costs far less to buy a hww than a smartphone anyways.
BTC security needs to be easy and clear cut. What you’re advocating for is not. Many of us will never see it as a good idea for people to treat a smartphone as cold storage. But it’s your money.
I’m a little lost with what is your argument at this point. That you’re right and everyone else is wrong?
HWW security is better than smartphones. Smartphones aren’t cold storage by definition. Not sure how I can make it any clearer for you.
I literally said it in the 1st post you replied to
and what Im saying is EXTREME clear-cut.
so far all youve said is
"hww more secure against theoretical attacks nobody has ever heard of"
which is true.
just saying for your average pleb it doesnt matter.
Very short sided man. Security matters for everyone.
The founder of Trezor started HWW’s because his coin was hacked. You apparently think people using graphene is an equal recommendation to a hardware wallet and you’re wrong. Sorry, I know it’s not fun to hear 🤷🏻‍♂️
These attacks aren’t theoretical. Cybersec professionals are building tools to stop very real possibilities to help people like you secure generational wealth and you’re dismissing their work as unnecessary.
I love graphene devices as much as anyone. But they are designed for general purpose privacy. Not long term savings. No computers are designed for such a purpose, which is why the hww industry now exists.
Maybe the real problem here is using the term cold storage. It means something specific and you’re using it to describe a suitable setup for yourself, but it’s not the same. It’s certainly not easy to use cold storage for the average person.
Nothing wrong with using hot wallets. I use them too. But “cold storage” should never be a smartphone-diy recommendation.
I think this is as clearly as I can make my point. So I’m moving on with my Saturday, good luck man.
Im fine if we dont call it "cold storage". i dont particularly care if we call it that or not.
ill also close by pointing out you have not indicated any security vulnerabilities in my suggestion.
although i agree with your point its more vulnerable to 1 in a million type attacks that average plebs are extremely unlikely to be targets for.
https://letmegooglethat.com/?q=Pixel+graphene+cve+vulnerability+history
Graphene is best around. But nobody is invincible.
agreed đź‘Ť