Hardware wallets - are they really necessary? \ stacker news ~bitcoin

pull down to refresh

Hardware wallets - are they really necessary?

3360 sats \ 30 comments \ @Signal312 5h bitcoin

This is going to be a little bit of a ramble, because I'm not sure I have all my ducks in a row, in terms of the points I want to make. But I'll just start anyway.

I'm starting to be more and more skeptical of hardware wallets. A lot of reasons. Here's my thoughts.

Hardware wallets are very heavily advertised products. Most of the big bitcoin podcasters promote a hardware wallet. That makes the podcasters inherently less skeptical about wallets. It's just like big pharma spending billions, advertising on mainstream media outlets. Those dollars are spent mainly to encourage mainstream media to be pharma-friendly. After all, you don't bite the hand that feeds you. It's the same with hardware wallets. You rarely hear an opinion like mine.
What about actually acquiring a wallet? I've heard plenty of people advising that you do NOT have it mailed to your address. And that makes perfect sense to me, what with all the data leaks that have happened (Ledger, etc). Do you really want your name and address out there, associated with purchasing a hardware wallet? But the alternative that they recommend - "just get a Post Office box" is an expensive, bueaurocratic hassle. Are people really going to do that?
The one hardware wallet that I do like is Seedsigner (https://seedsigner.com/). It's a DIY, open source, bitoin only air-gapped hardware wallet, built on the Raspberry Pi. I've found it a great product, and really in line with the bitcoin ethos. Is it too hard for people? Maybe, I don't know. But they don't have a marketing budget, and so they don't even show up on people's radar, mostly. It's only people who've been down the rabbit hole for quite some time who hear about them.
Some of the hardware wallet manufacturers (I'm thinking ColdCard in particular) are very antagonistic to SeedSigner, and anything else other than a purchased hardware wallet (see this site https://airgapcomputer.com/). It makes me not trust them.
The alternatives to having a hardware wallet are not well-explored and publicised, AT ALL. Yes, you'll get some OG bitcoiners who talk about it. But mostly all the money is behind hardware wallets, and so that's ALL you hear about. People don't even know there's another way.
Hardware wallets are damn expensive! You practically can't get anything now that's not more than 100 USD. And many are much, much more.
Bitcoiners hope for worldwide adoptions, and especially for poor people in poor countries to be able to adopt bitcoin. But that's not really feasible with current hardware wallets.
MOST of the most popular hardware wallets out there support shitcoins as well. Needing to have that support gives them a whole additional attack surface, because of the complexity involved.
When you consider ALL the potential risks of regular hardware wallets (data leak of purchaser info, doing stuff like what Ledger did with the Recover feature, etc) it seems like the other options might be preferable.

What are the other options?

Seedsigner. Of course, it IS actually a hardware wallet, but it's an open source project, and you make it yourself (though you can buy them ready-made as well (https://seedsigner.com/hardware/, at the very bottom)
Tails OS setup, running Sparrow or Electrum. As explained in this stacker news post How to MAKE your own Cold Wallet, and also this one (https://darth-coin.github.io/wallets/tails-hodl-cold-wallet-en.html)
Air gapped computer, running sparrow. I tried this out, it works, a little bit clunky, but it works and isn't too hard. Seems fine for cold vault.
What about just using Blue Wallet and the like? Yes, maybe not ideal. But I was just listening to a podcast, a round-robin type interview with Craig Raw (developer of Sparrow) and NVK (the ColdCard guy, very antagonistic to SeedSigner). The question came up from Craig Raw, about how he's never heard of big problems with using wallets such as Blue Wallet. NVK immediately comes back and says that he's heard of lots of problems, and people shouldn't even consider it. Well, that kind of response just makes me suspicious.

If anyone is interested, the seedsigner telegram (https://t.me/joinchat/GHNuc_nhNQjLPWsS) really has the highest calibre of folks there, all very helpful and responsive.

I'm really interested in hearing other people's perspective on this.

view all related items

588 sats \ 3 replies \ @elvismercury 5h

My take is that many things can work, and the best thing to do is to be really detailed about your threat model. Almost nobody does this, but it's the most important thing.

What happens if your house burns down?
What happens if there's a tornado or flood and the whole area is fucked?
What happens if a burglar who knows you have btc breaks into your place while you're away for the weekend?
What if you need to bug out with no notice?
What happens if your partner turns evil?
What happens if you die?
What happens when there are cameras everywhere?
What happens if person X (pick someone useful -- NVK; Craig Raw; Trump; the Postmaster General) is trying to steal your btc?
What if someone breaks into your safe deposit box?
What if you get a keylogger installed on your computer?

I don't think asking these questions points to any particular answer, but it should at least clarify the various ways things could fall out and what the outcomes and precautions could / should be in response to, or in an attempt to prevent, that fallout.

100 sats \ 2 replies \ @Signal312 OP 4h

Useful list, thanks.

I would add...what happens if you have a somewhat complex setup, and you just don't remember the details? Or seed phrase with a passphrase attached, and you know you'll always remember the passphrase, and then...you don't. Apparently that's one of THE most common ways to lose bitcoin.

But mostly I want to talk about the hardware wallet arguments here. Like...why specifically a purchased HARDWARE WALLET as opposed to a DIY version?

34 sats \ 1 reply \ @elvismercury 4h

what happens if you have a somewhat complex setup, and you just don't remember the details? Or seed phrase with a passphrase attached, and you know you'll always remember the passphrase, and then...you don't.

Probably the most important one and I didn't even list it. Yes.

But mostly I want to talk about the hardware wallet arguments here.

That's why I listed the threat model questions. The argument about HW wallet depends on what you think might happen. Busted secure element? NVK selling your shipping info to the CIA?

Vs Seed Signer -- having a piece of paper where, to simply look at the paper for one second compromises your entire stash, seems like a tradeoff I don't want personally.

0 sats \ 0 replies \ @Signal312 OP 3h

Regarding the Seed Signer...even if you have some other signing device (regular hardware wallet like ColdCard, Ledger, etc), you'll always have a seed phrase backup, right?

And the backup would be stored/hidden in whatever way you think is best for your situation. So, I don't see that backing up a Seed Signer seed phrase is necessarily any different from backing up a ColdCard seed phrase. Am I missing something?

I do agree that, especially as bitcoin becomes more valuable and people start understanding what it is, having a list of 12 words anywhere that's remotely available/visible is a horrible idea. Obfuscating them somehow seems critical.

Here's a like with a list of potential concerns/considerations for using SeedSigner: https://github.com/SeedSigner/independent_custody_guide?tab=readme-ov-file#alright-but-theres-got-to-be-a-catch-right

172 sats \ 1 reply \ @freetx 5h

Some things to consider:

Buying a hardware wallet will put your name on list somewhere (ask Ledger buyers)
Anyone seeing your hardware wallet could out you
Hardware wallets are easier than home grown to use
Hardware wallets may be easier for heirs to navigate
Air-gapped computer / tails probably has the best longevity for multi-decade storage

I know thats a jumbled list of contradictory items, but thats because it is. The issue is fraught with different uncertainties.

The number 1 problem with all of this is inheritance planning. Whether its a hardware wallet or simple air-gapped computer, the problem remains: Will your heirs be able to manage it?

0 sats \ 0 replies \ @Solomonsatoshi 1h

'Hardware wallets may be easier for heirs to navigate'

Disagree ~ All they need is the seed phrase of your cold wallet.

Anyone handling the estate should be skilled enough to access via seed phrase otherwise they should not be doing it.

Appoint someone with such skill to that role via your will.

134 sats \ 8 replies \ @justin_shocknet 4h

I think they're retarded, but don't talk about it much because then people expect you to lay out an alternative for them. And reality is the alternative is effort and people hate putting in effort.

They're a cash grab by their sellers, no value is created by them, just the illusion of peace of mind.

Combined with seed phrases, HWWs loose people more coin than anything else. Seed phrases are a horrible idea thats never been used in Bitcoin Core for good reason.

Phrases get lost, entered into phish sites, screen-shotted, saved in email drafts.. etc etc etc... and every HWW rely on them. Disaster.

HWW's themselves introduce new supply chain risks, dox risk, can't hide in plain sight, and each one is different enough its hard to get/provide generalized support.

Self-custody needs a lot better tooling, period. Geo-redundancy solutions with multi-layer encrypted dead-man switches, family riddles, etc...

Maybe once those tools start to drop HWW's (and seed phrases) will finally die like the ought to.

92 sats \ 2 replies \ @elvismercury 3h

And reality is the alternative is effort and people hate putting in effort.

I don't disagree with this quote, and I know you disclaimed giving an alternative already, but given the logic you've introduced (it's hard, seed phrases are imperfect, people don't put in effort) what do you tell your cousin, right now, when he finds you at the xmas family party and asks you how to get hold of some btc?

Do you tell him not to bother until he's willing to either become a security engineer, or until the ecosystem solves custody, which they have not yet done to your satisfaction after fifteen years? So just chill till then?

Or do you pinch your nose and recommend something else?

228 sats \ 1 reply \ @justin_shocknet 3h

I have no qualms sending people to a custodian like River or an ETF depending on their goals, and do that often. I'd rather that than have them lose what they've bought. I've never recommended a HWW, I have several in a foot locker that have been given to me at conferences etc and don't think I've even unboxed any of them.

Bitcoin to me is about ending central banks and the societal issues that come from it, that's different than rampant holier than though virtue signaling about ending all financial services entirely. Self-custodial optionality is the real virtue pillar to keep things in check, and that doesn't make self-custody a must for absolutely everyone.

My goal with Lightning.Pub is to bring those custodial relationships closest to home as possible, using the velocity of means-of-exchange to incentivize that.

17 sats \ 0 replies \ @elvismercury 3h

Ah, cool. That's basically identical to my approach and mindset - for the Xmas cousin, River is way less risky (despite real risks, which life is full of) then the cousin fucking things up somehow.

0 sats \ 4 replies \ @Signal312 OP 4h

Interesting, I haven't heard about the negatives of seed phrases in particular. Could you elaborate?

34 sats \ 3 replies \ @justin_shocknet 4h

However many stories you've heard of people losing coin, a seed phrase was the most likely contributing factor for some of the reasons mentioned already.

The problem with seed phrases is they're meant to make self-custody easier for ignorant people but don't solve for the fact that people are ignorant:

People screenshot them, which then they get leaked
They write them down, either losing what they wrote down or having that get stolen
Infinite cases of HWW's pin resets combined with lost write-downs
Save them in unencrypted files, then get swept (phrases easily detected pattern)
Phishing sites ask for them
Phishing phone calls ask for them
Other dumb shit like this:

(thread goes on discussing expectations Core has and why this is much better)

Seed phrases, by attempting to make things quick and simple, does not force the user to be deliberate... yet storing what is potentially your life savings needs to be done very slowly and deliberately.

This being such a critical issue and now spreading into Lightning nodes has forced me to start thinking about it from a product standpoint. How does your family get your sats if you die while running a routing node? Riddles, dead-man-switches, multi-layer encryption, geo-replication... lots to consider to make this stuff mainstream and safe.

17 sats \ 0 replies \ @Signal312 OP 4h

Thanks for the write up.

0 sats \ 1 reply \ @standardcrypto 1h

write everything down.

keep it somewhere safe.

tell someone you trust.

if you can't follow these steps or trust yourself to not fuck it up, use a custodian.

1 sat \ 0 replies \ @justin_shocknet 1h

Indeed, the problem is most people will fuck up those 3 things even if they knew to do them.

These are intuitive things to you and me, and why its so difficult to put ourselves in others shoes. It's taken years for me to look at what your otherwise good list this in way this way:

write everything down

The masses need everything to be thoroughly defined, but also that definition can't be too long to read because they won't bother reading it.

keep it somewhere safe

Needs an exhaustive list of examples of things to be safe from, and what constitutes safe in each context. +DR action plan.

tell someone you trust

Trust to do what exactly? Trust not to do? Action plan a scenario where trust is broken...

It's painful to think about how many layers of clarification are needed when zero knowledge is assumed, and then how to not turn that into a full operators manual nobody wants to look at.

34 sats \ 2 replies \ @john_doe 3h

I have seen many conversations about hardware wallets, it always ends up IMHO as use what you are confortable with. If you are poor, then try to save money with Wallet of Satoshi or Blink. Good custodial wallet,s compatible with games such as Tetro Tiles where you can easily stack $0.1 per day. If you are middle-class, use whatever hardware wallet is available in your location. Any hardware wallet which is not connected to the Internet is good enough, the rest is marketing. If you are rich and a public person I would go with a third-party like Casa to help in case of kidnapping or physical attacks.

That being said, I personally use Seedsigner in stateless mode so the evil maid attack mentioned doesn't work. And although I am not entirely sure, I think not saving data on the SD card was the default setting as it always says we can remove the SD card at runtime. I guess NVK didn't really try it. All the fud also around ledger most of the time is just another marketing trick, as I never registered for their custodial service. It just asks by default. So bottom line, use any hardware wallet you are confortable with, someone will always argue something else but you will be most likely ok with any choice you made.

21 sats \ 1 reply \ @Artilektt 3h

If you are rich and a public person I would go with a third-party like Casa to help in case of kidnapping or physical attacks.

You can also do your own multisig it is not that hard these days

0 sats \ 0 replies \ @john_doe 3h

I totally agree. With Specter even the order of the keys doesn't matter during recovery, very easy to use. There is also Liana, which makes it simple. The first time I received bitcoins it was by email, I had to check the address manually to make sure there was no mistake. It was error prone, not anymore.

0 sats \ 0 replies \ @itsMoro 33m

i think to learn that hardware wallets aren't really necessary, you need to learn that a hardware wallet exists and what it is in the first place. So...i believe the answer is yes and no hahah. can't walk before you crawl and all

0 sats \ 0 replies \ @bren 1h

https://www.borderwallets.com

0 sats \ 0 replies \ @Solomonsatoshi 2h

HWs are highly touted third party gadgets for the lazy and gullible.

Don't get dependent upon them..

Learn how to cold store for life for free and enjoy higher security and self sovereignty-

https://itsfoss.com/intsall-ubuntu-on-usb/

https://electrum.readthedocs.io/en/latest/coldstorage.html

0 sats \ 5 replies \ @flat24 3h

Looking forward to reading @DarthCoin's opinion on this topic.

I personally think they are somewhat useful, but I think they ultimately make us dependent on hardware. I think that perhaps the best solutions are hidden in cryptography techniques that allow us to store keys in an immutable way, and that you can access them at any time and from anywhere, whenever you need them.

28 sats \ 1 reply \ @DarthCoin 3h

For me are totally useless, but for people that do not feel comfortable with using software is just fine to use those toys.

Also a HW will bring attention onto you. If somebody see or know you have one, it might think you will hold a lot of BTC so ... bingo appear the opportunity to attack you. On the other side, just using a simple regular USB it is not so "attractive".

Also I really do not understand people wandering around with these HW. A HW it suppose to be a cold wallet. You setup and hide it. Done, You are not making payments from it. For payments you use a LN wallet.

HW = useless toys for me

0 sats \ 0 replies \ @flat24 1h

HW = useless toys

That's why I was saying I was waiting for your opinion on this subject.

On the other side, just using a simple regular USB it is not so "attractive".

That happens because most people want to brag about how much BTC they have, so a simple USB is not worthy of their status. 😅 obviously the real game is won by the one who goes unnoticed.

0 sats \ 2 replies \ @Signal312 OP 3h

What are these cryptographic techniques? Sounds like I should learn about them.

0 sats \ 0 replies \ @flat24 1h

This is what @DarthCoin mentions, it is a technique.

hiding text inside another text is another technique.

changing characters is another technique.

and others that will exist.

I mean that it is about encrypting your private key (12 words) in some way that does not depend on the device and you can somehow secure it on the internet.

0 sats \ 0 replies \ @DarthCoin 3h

I think he refers to steganography https://www.openstego.com/ You can embed text into an image like this:

0 sats \ 2 replies \ @Aardvark 3h

I think you can definitely get around the use of them, as you've demonstrated, but there's always going to be people like me.

I need something that's easy to use and fairly self explanatory, maybe I'll get better at all this stuff in the future, but it's a very easy way to on board new people into self custody.

0 sats \ 1 reply \ @anon 2h

Hww are cool. This guy is on one. Debating from the point of IQ being barrier to entry during a dysogenic crisis. 🤣🤣 Talk about virtue signaling.

0 sats \ 0 replies \ @Scroogey 1h

Dysgenic?