Malware has been found in both Google Play and Apple's App Store that uses optical character recognition to steal cryptocurrency wallet recovery phrases from users' photo galleries.
That's...kind of cool and an interesting attack vector. Don't take screenshots or photos of your wallet's recovery phrases.
Honestly impressive though
another reason to not give apps permission to access your photo gallery. it's insane to me that apps request access to all photos... its completely unnecessary.
On Graphene you can set very good limits and if an app requires access to all photos but you don't want it to have that access, you can turn on a setting that makes the app think it has full access but really only has access to photos you selected.
The latest Android media picker from the Googs has similar outcomes, granting access to just specific photos.
The official implementation is a bastardized version of how Graphene implements it; cool, you let me pick individual images for apps to access.
Give me the ability to pick specific folders.
Yes but on the Google one it tells the app it's limited so it doesn't work for apps that require full permissions to work.
I'm not sure why but I always give permission to all because sometimes it's a pain to try and add a photo then it asks again and you add the photo again
Its weird though because in damus we don’t have to request any permissions yet its easy to pick and choose any photos? When apps ask for everything it makes me suspicious now
That's why I always use a different phone to take pictures of my seed.
😂
You are joking, right?
Genius
Bad practice.
What I meant to say is I take a picture of it using an old phone that is never connected to the internet.
Writing seeds on paper is dumb. I don't even have paper anymore so what am I supposed to do.
At least download openkeychain pgp and encrypt the seed (asymmetric or symmetric encryption), or compress the photo in a 7zip format with a password.
It's too many passwords. The phone already has a password on it. So why do I need to go even farther and put another password on it. I'm not going to remember the password or if I lose it then I'm screwed.
I zipped a seed in the past and then put it in my email and forgot the password then I found a copy of the seed without a password. That saved me.
That was a total of 3 passwords. Computer, email and zip. I did it because people told me. I think that's too much security.
How do people with a lot of Bitcoin keep it safe? Do they really secure it with that many passwords? I'd be stressed out if I had a lot of Bitcoin.
So what happens if your home burns down tomorrow?
Consider working on your opsec.
lol
Wow that’s quite sophisticated
Don’t store any screenshots.
I purge mine from time to time.
It’s a good idea
On my PC I have cron script that deletes files older than 30 days in my download directory. I think it's a great solution to purse digital minimalism and make myself aware of what I save.
That's literally exactly why I'm using a new nsec. Leaked my own key in a screenshot. Thankfully only my Nostr key and not Bitcoin.
I only keep paper copies of my bitcoin keys, though.
The first thing people do is creating screenshots after I've explicitly mentioned that you should never do it. I guesd people think storing stuff in the cloud is safe.
Luckily creating screenshots on your mobile is disabled by some Bitcoin wallets. That should be the standard.
Taking a photo of phrases is a rookie mistake.
Wow, that’s wild. Shouldn’t be surprising considering the crazy things happening with AI these days but still.
Need to send this to all my newbie holder friends.
DDF and your ttyy yyyyy
When they prompted me to "write down your seed phrase" they didn't mean take a screenshot? damn... 😏
😅
There stealing is will not work soon.
Why not just use your hands, grab a pen and paper, write it down…
iOS has per-image access permissions, #GrapheneOS has storage scopes. Please use these features. You shouldn't be saving copies of your seed phrase like this too.
Does anyone actually save their seeds by taking a picture of them?
Step one is not not download random shit from the play and app stores. nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgzqtdq0 is also a good alternative.
We should start making tons of fake seeds
I am surprised that there are people taking screenshots or photos of their recovery phrases.
