0 sats \ 9 replies \ @jp305 1 Aug \ parent \ on: You probably don't need a hardware wallet bitcoin
It is a great security to know your private key never leaves the security element of the device.
Depends on your threat model...
Most people don't have 24/7 attackers trying to get unauthorized access using a vulnerability in their laptop's bluetooth radio in order to read the memory address that represents their private key.
Commodity computer hardware and FOSS software like Tails are already relied on for life/death situations where security is critical, its PROBABLY also good enough for pre-signing transactions too.
You don't need an artisan calculator to keep a secret.
reply
I think you should not be telling people what they "need". Especially if you are talking to so called "normal" people, because they have a tendency to greatly underestimate the danger of low probability high impact events.
I don't get why you try to insult cold card, by calling it a "calculator".
Cold card is obviously for advanced users, but that doesn't change the fact that if you want to hold your own bitcoin you SHOULD use a hardware wallet.
reply
Every hardware wallet advertisement tries to tell you that you NEED this level of security. I'm just saying, "you probably don't". And nobody is paying me to say that.
People are grown ups and can decide how to allocate their sats however they want. I don't give a fuck.
If you hold your own sats, you probably don't need to buy expensive ewaste to do it "good enough". Did I mention any hardware wallet by name? They're all ewaste (expensive calculators) IMO
reply
"I don't give a fuck."
I kind of do and that's why I am telling people here that relying on software wallets is not sufficient.
reply
How do you know what is "sufficient" for someone else?
I'd prefer that people learn how to keep a secret the old fashioned way (without relying on expensive hardware).
How did people keep secrets for thousands of years before the transistor was even invented? My point is that its not strictly necessary to use hardware.
Elon Musk likes to use the term "Idiot Index" to describe hardware/materials that cost substantially more than the raw materials that comprise them. Most hardware wallets sell for 60-90% margins. Very high idiot index.
reply
Running a software wallet on a mainstream operating system is a security risk.
"How did people keep secrets for thousands of years before the transistor was even invented? My point is that its not strictly necessary to use hardware."
WTF, man? What kind of analogy is this? Compromising a mainstream computer is not difficult (1) and happens all the time (2) and can be done and has been done en masse.
Also keep in mind that the current technology is way to complex for people to "learn to keep a secret". That's why a dedicated device (with proper user interface of course) is needed for proper security.
Also I think you are missing some very important thing here. It is entirely feasible that the following happens: 1. people store their money in software wallets, 2. for years nothing happens until bitcoin has very widespread adoption 3. somebody creates a malware using some OS exploit that steals money from many people's software wallets simultaneously.
So I would advice more people to use hardware wallets if possible.
And since "you don't give a fuck" I am not sure you really thought about the danger that this may pose.
reply
You're really good at pretending I said things that I never said...
I suggest you read this to understand what I'm actually advocating for: #569901
Running a software wallet on a mainstream operating system is a security risk.
I didn't say anyone should use software wallets on a "mainstream operating system". I'm just trying to make the point that it's probably fine to NOT use a hardware wallet (assuming you take the necessary precautions and don't rely on a secure element to protect your secrets while you sign transactions on your virus-infested windows PC)
Compromising a mainstream computer is not difficult and happens all the time
Then go ahead and hack me :)
What about a computer running FOSS software that was PGP-verified, has no internet connection, and runs completely in memory with no disk access? It's at least a bit HARDER to compromise that computer, right?
- people store their money in software wallets,
People do this. But I'm not suggesting it. Store your secrets in cold wallets "offline" like our ancestors used to keep secrets -- ciphered messages on paper, or bars of gold stashed away (a.k.a. steel plates)
I recognize that using a HWW offers some security features that you can't get anywhere else. But owning a HWW can also bring unwanted attention (like the Ledger leak). For how I use bitcoin, those extra features offered by HWW aren't compelling enough for me to buy one.
I'd argue that very few people actually NEED a HWW and that's why HWW companies spend so much on advertising (propaganda). If their product was actually necessary, it would cost 1/4 the price and they wouldn't have to advertise so much.
reply
I have the feeling that you just like to argue. I have already said want i need to say. The only thing that I will add is that it is entirely unrealistic to expect normal people to use PGP signed FOSS software. Their functionality and UX is way below paid software. And I have met way too many arrogant linux users. I still remember back in the day asking "how do I make 3D acceleration work on my radeon GPU" and linux guys were condescendingly answering "You don't need that". Yeah, good luck with that attitude.