pull down to refresh

Bitcoin watch-only wallet vs hardware wallet for long-term savings
42 sats \ 11 comments \ @chaum 26 Nov 2024 bitcoin
I tend to go towards a watch-only wallet, because you don't have to update firmware, have no risks of security breaches of your customer info when you bought the hardware wallet or hacks for the hardware wallet's software. You could use e.g. Blue wallet or another FOSS one with your own Bitcoin node to use you watch-only wallet.
How would you rate the 2 options vs convenience, security and privacy?
write
preview
related posts
100 sats \ 10 replies \ @DarthCoin 26 Nov 2024
As I described in this guide and this one an encrypted USB with TailsOS I see it much easier and enough safer for a regular user.
  • Convenience - 8 (not 10 because not any newbie will know how to manage properly a TailsOS, require some training)
  • Security - 8 (not 10 because require some training to know how to distribute copies of the USB in multiple locations and also how to encrypt it and use persistent partition)
  • Privacy - 9 (is almost 10 because nobody will know what you have on that USB, is not so obvious like a well known HWW and also you can have decoy wallets)
For watch-only wallets, yes we have multiple options, many apps now that can handle various scenarios, mobile and desktop. For watch-only I prefer desktop apps.
Let's not forget or ignore the golden rule of stashing on 3 levels:
  1. vault / hold
  2. cache / coin control
  3. spend / LN
I see HWW only for companies and/or scenarios where are more than 1 user involved in managing the funds.
reply
0 sats \ 9 replies \ @chaum OP 27 Nov 2024
Thank you for the very detailed setup. I'm going to try that setup.
When running Electrum from TailsOS, I didn't see connecting to your own Bitcoin node mentioned. Is that not necessary because you only broadcast? It's probably necessary if you want to update your transaction history, label it, etc.?
reply
21 sats \ 8 replies \ @DarthCoin 27 Nov 2024
If you use Electrum on TailsOS offline, why do you want to break that offline part and go online?
Don't you know how to use Electrum offline? You just have to prepare the tx, sign it and then save the whole tx code onto a txt file on a memory stick. Then from any other PC online with a dummy Electrum you just broadcast that tx already signed. There's not even need to connect to your own node.
reply
11 sats \ 1 reply \ @chaum OP 28 Dec 2024
That is really nice. So to recap, when creating your own Bitcoin transaction you don't need to connect to your own node. Does this mean there's also no privacy issue? You're not leaking data?
When using a watch-only wallet, where you've imported your xpub, I assume that you need to connect your own node for that to see your balance among others.
reply
21 sats \ 0 replies \ @DarthCoin 29 Dec 2024
You're not leaking data?
Nothing. You are just sending an encrypted message. LOL you guys did not play enough with your wallets.
reply
0 sats \ 5 replies \ @ChrisS 27 Nov 2024
This is misleading to me. At some point you have to connect to your own node or somebody else’s to verify you received a valid transaction. Yes once you’ve verified that you can create and sign the transaction offline and use whatever node you want to broadcast it.
reply
0 sats \ 4 replies \ @DarthCoin 29 Dec 2024
Why misleading? Is the truth. Yes, the tx is already signe offline, there's no risk whatsoever to broadcast it from whatever wallet app.
A signed tx is just a string. I can paste that string in whatever other wallet app (even that is not my wallet too!) and just broadcast it. Is like sending a message, encrypted.
reply
0 sats \ 3 replies \ @ChrisS 29 Dec 2024
At some point you have to connect to a node to prepare the transaction to sign.
reply
0 sats \ 2 replies \ @DarthCoin 29 Dec 2024
To build a tx and sign you do not need a node. You are already using a confirmed UTXO. You only need a node to broadcast an already built and signed tx and that can be any node and wallet app.
For example, I am offline on a laptop using a TailsOS with Sparrow. I build my own tx and sign it. Copy that raw tx string and pass it to you, over a txt file or SMS. You take it and paste it into your OWN wallet, connected to whatever node and broadcast it. Done.
You cannot steal my sats and you cannot change it, because it contain my encrypted signature. If you change it, any bit of it, is void.
reply
21 sats \ 0 replies \ @chaum OP 29 Dec 2024
Great explanation. I'm going to dive more into how this works and play around with this.
reply on another page
11 sats \ 0 replies \ @ChrisS 29 Dec 2024
I understand all that. My point is you cannot get the confirmed utxo without connecting to a node.
reply on another page