Security is about removing as many vulnerabilities as possible. So just because you can’t find a person testifying about their hacked device doesn’t mean it isn’t something to be avoided. Especially when it costs far less to buy a hww than a smartphone anyways.

BTC security needs to be easy and clear cut. What you’re advocating for is not. Many of us will never see it as a good idea for people to treat a smartphone as cold storage. But it’s your money.

I’m a little lost with what is your argument at this point. That you’re right and everyone else is wrong?

HWW security is better than smartphones. Smartphones aren’t cold storage by definition. Not sure how I can make it any clearer for you.

Ever wonder why people use faraday bags at tech conventions? If there’s a wireless signal coming to your device and there’s hackers around, they will win.

Yep. Everything you said there is accurate. Welcome to the scary world of cyber security.

It was just one example. If your device has a wireless antenna, even if you’re not using it, even if your screen tells you it’s off, I am still capable of hacking you.

I don’t see how a dedicated device changes anything we’ve discussed. If it’s a smart phone, it still has wireless antennas. It’s still capable of Internet connection. It’s not a cold wallet.

Alright here’s the relevancy. I’ll try to walk you through an example.

I install a RAT (backdoor) using a zero click exploit from a spam text or email. You have no knowledge anything happened and delete the spam. My exploit installs a logger that grabs your key next time you send a transaction and delivers the key back to my server. Suddenly your money is gone and don’t know how.

With a hww what I described above is impossible. When signing a transaction the key is never exposed to the internet connected device. Your model is no better than a hot wallet, because it is by definition a hot wallet. This is the core reason hww are more secure. Signing transactions from cold storage is how many of us have been using bitcoin for years.

Just because nothing bad that you know of hasn’t happened doesn’t make it a good idea to recommend taking the risk. If the vulnerability exists then why bother? Just use the safer option.

Your previous reply highlights a misunderstanding of the term “cold wallet”. It’s defined as a wallet living on a device INCAPABLE of an internet connection. If your keys are on a device that can connect to the internet, in any way, it is by definition a hot wallet.

At this point I’ve led you to the water my friend, it’s up to you to drink. Read up on the history of hww development and I believe you’ll have a better understanding.

Nope. Many breaches happen without user error.

There’s a whole lot you aren’t considering. Remote data extraction exists. Code injection without user interaction exists. Zero click exploits exist. Supply chain attacks exist. Not magic, computer science.

If you sign a transaction on an internet connected device, you expose the keys every time.

If you store your keys on metal plates, you cant sign transactions.

Stop trying to push away the tools, we built them for a reason.

Many instances of remote attacks, for example the Pegasus spyware targeting journalists using iPhones a while back.

Snowden did an interview demonstrating why he removes hardware from his phones and only uses wired headphones. If it has a wireless radio, it can be compromised.

Not to mention supply chain attacks where your smartphone could be compromised before purchase. This is why the community recommends open source hardware/software in an airgapped device as the only secure option long term.

If you’re comfortable with that thinking good luck, but I’ve been around for a while and witnessed people get burned that way. Thats why we started building dedicated key signers in the first place.

I strongly disagree here. Most people will be using single sig and there are many use cases for a hww beyond multisig. There’s no reason to compromise on security for savings that could last a lifetime.

Sorry pal, but I’ll continue to call out bad bitcoin advice to save the newbies.

Keys stored on an internet connected device should not be trusted for savings. Spending amounts only.

Focus on the last few words in your note and you’ll see the flaw in your thinking.

Hardware wallets are purpose built devices. Smartphones are general purpose devices.

A smartphone isn’t “cold storage” and shouldn’t be recommended as such. Unless you are opening the device to remove all wireless antennas it can still be compromised without your knowledge.

Put simply, if it’s capable of an Internet connection it’s not cold storage.

Smartphone ≠ Hardware Wallet

Local cybersec guru here.

If your argument is smartphones are easier to use than a CC, yes you are correct.

If your goal is high security with easy UX for parents and kids, look into Passport or even Bitkey.

If you’re trying to make the point that hardware wallets can be equated with smartphones, you’re wrong and we need to keep that advice from spreading to newcomers.

No smartphone, even using graphene, will ever match the security prospects of a CC or any other airgapped hardware wallet.

Smartphones are not secure computing environments. Regardless of os, storing life savings on a device CAPABLE of internet connection is foolish. There’s a reason hardware wallets were invented.

If it’s capable of an Internet connection, it can be remotely attacked, and your funds can be stolen. 

Hey! Sorry I missed your response, thanks for walking me through. I’m not surprised others have had this idea, just feels like combining the coordinator into the network would solve a lot of problems.

My mind is imagining something like this,

A new module operates in tandem with the mempool searching for transactions that users have flagged to optionally include in a CJ.

Every ~10mins to align with new blocks the “CJ bot” groups tx’s and post the CJ using a combination of RBF and schnorr sig’s.

This could be mostly jibberish, I know enough to cause trouble 😂

But I like sharing ideas

Sorry NVK, but many of us don’t see this as a knockoff.

A cheaper, diy option of what you built for sure. But can you think of any product, in any category, that doesn’t have cheaper options made by competitors?

“Good artists copy, great artists steal”

I’d appreciate nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 or anyone from nostr:npub12ctjk5lhxp6sks8x83gpk9sx3hvk5fz70uz4ze6uplkfs9lwjmsq2rc5ky to explain the motivation for this.

First it was Foundation now it’s Btclock, seems like a trend.

We are a community built on open source products and ethos. If you have issues with others using your work to build something of their own, I question why you’re even here

#bitcoin #nostr #opensource #foss

nostr:note1t47qhnq6wevg4z7ycg3ekt68q82d2a4h2avwjsx996efux9g6jyq6xymd9

Implementing lightning over Meshtastic is unlikely as each transaction has to be updated in the graph of channel balances, needing an internet link somewhere. 

Ecash however is perfect for Meshtastic since it’s more akin to transferring a static file like a pdf. Then the receiver can “redeem” the ecash token if they choose.

So in short, no. But we’re getting close.

nostr:npub1aftmyhm62lrp6lwsha3yzyjy5kqdvuy7g23qg28a8q0cnmudv0ds0sdcke really knows her audience 🤣

#bitcoin pitch I’ve been contemplating for Thanksgiving conversations. Trying to make sure people can understand without discussing #technology

“Ignore the computer aspect for a moment. What’s happened is a new bank has been invented, the Bank of Bitcoin. This bank is global because it doesn’t ask your name or where you are, allowing it to work for everyone at all times. Because it works everywhere, it cannot be limited to a national currency, so it uses its own currency called Sats.

The best part is this bank has no CEO, no board of directors. It’s owned and operated by volunteers. Banking for the people by the people, nobody at the top looking for ways to rip off customers.”

Under the hood is fascinating to all of us but unnecessary for most people to understand. Like how very few can explain email but everyone benefits from knowing what it is, and how it’s used

#nostr #wisdom #sats #family #finance #education

Brilliant editing. Time to jam