Replying to Avatar 7Bluerabbits

Sparrow -on its own- used as a hot wallet is no safer than any other hot wallet because the Private Keys are stored on a computer connected to the internet.

Hardware wallets are considered safe(er) .The keys are on the hardware wallet cannot leave the device. Or that’s what we thought. Ledger announced it would be offering 3rd party key storage as a service. After previously denying it was even possible to export them.

Ledger live “could” be exporting the keys, or “could” force a firmware up grade that could export the PKs, but as it’s not Fully Open Source nobody can verify this. Unlike Cold card.

What if the government walked into Ledger head office and mandated exposing all Private Keys ?

Well now we don’t have to use Ledger Live - Sparrow (& others) can interact with Ledger hardware wallet without a forcing firmware upgrade.

(Ledger meets Cold card shootout)

What Bitcoin did - Ledger Recover with Pascal Gauthier, NVK, Matt Odell & Harry Sudock

https://youtu.be/M3VjQUcyZSY?feature=shared

Avatar
Chipster 2y ago 💬 1

Let me see if I have this correct regarding Ledger:

I switch from using Ledger Live for my Ledger hardware device to using #sparrow for my Ledger hardware device.

The government kicks down Ledger's corporate office door and says "give me access to this law abiding citizens private keys."

Since I'm now using my Ledger hardware device on #sparrow there is no possible way Ledger's corporate office has my keys?

Reply to this note

Please Login to reply.

Discussion

Avatar
7Bluerabbits 2y ago 💬 1

Mostly yes except last bit.

There is no possible way for Ledger/ government to edit the firmware of the Ledger hardware device to make it export your Private Keys (assuming it can’t do that already, we don’t know because not FOSS)

It could be a genius move on behalf of Ledger cos people don’t trust them selves with private keys or the creation of a huge point of centralised failure. I believe the latter b/c if it can be fucked with it will be fucked with by bad actors/ gov.

Bottom line.

Sparrow & Cold card good b/c both are FOSS

Trust no one

Avatar
Chipster 2y ago 💬 1

So as I read your response (very grateful thank you and zaps coming your way)...

The safest bet for ANY Ledger user that has become increasingly paranoid and is looking to upgrade the security of their long term savings/HODL stack is to:

1. Get a cold card.

2. Create a new seed phrase w said cold card.

3. Download sparrow.

4. Do not use sparrow as a hot wallet.

5. Only use sparrow to move funds on and off your cold card.

And of course there a varying levels of security within the cold card itself (dice roll, etc.) and varying levels of security regarding how you record your seed phrase (multisig, brain wallet, metal plates, etc.)

Avatar
Chipster 2y ago 💬 1

While I have you one last thing since you seem knowledgeable and I'm still a noob:

Do you have any recommendations on a non KYC, non custodial, open source lightning wallet for iPhone?

Currently using wallet of Satoshi but I'm looking to upgrade that too.

Avatar
7Bluerabbits 2y ago 💬 1

WoS is great I use it.

I think 🧐Phoenix is custodial & No KYC

Avatar
7Bluerabbits 2y ago 💬 1

But KYC comes from the trail of breadcrumbs back to where you bought it from.

Avatar
Chipster 2y ago

Unless you acquire non KYC bitcoin via Bisq and/or use coin join?