pull down to refresh

If it's truly not connected to the internet, this seems like less of a concern

Okay, so I have 2 offline devices that I never update:

Device 1: Commodity device, OTA updates with frequent release process, has a massive attack surface, now static because we never connect it.
Device 2: For-purpose device, air-gapped driven updates with less frequent release process, with small attack surface, also static because we forgot to install firmware updates.

I'd take device 2 over device 1. (and then update it, haha) Even the shitcoin hardware wallets have far less critical exploits than iPhone/iOS or Pixel/Android.

I can lock it away in a safe or something, but that's like encrypting it

Digital encrypted secrets can be copied and captured with little trace and decrypted elsewhere and later. Physical things like a safe are more obvious when compromised but easier to break. They're not equivalent at all. Treat them as additive.

if my threat model is thieves and petty state officials, I think security through obscurity may suffice.

There are current threats that come from opportunity. All it takes is the wrong data breach and you go from low to high threat, and often you'll not be alerted timely. Don't model your security on subjective, perceived threats only. The bulk should be defined by what's at risk: you don't secure 500k sats with a 300k sats hardware wallet, but you don't hold the keys to your retirement fund on an offline old iPhone in a cabin either.

How do you see this?

I think that it's all about process in the end because the #1 cause is loss. Coldcard does provide a great base for this, given that you have something at stake (whatever the replacement cost of your cold stored sats are for you, measured in years.)

I had to look back at my post, because I do have a distaste for nvk, but the only thing close to an ad hominem in there is that I say he should stop shitting on seed signer (i believe I called it "whining" as well -- in another comment, I suggested that he felt Coinkite was challenged by Seedsigner, but again, I don't think that's an ad hominem).

In the land of bitcoin, the overwhelming message I hear is that "good bitcoiners use hardware signers." I think it's okay to point out that there are flaws in that approach -- just as it is helpful that you are pointing out the flaws in my approach.

I also think that my other criticisms of his article are fair. He doesn't acknowledge the supply chain, evil employee, honeypot, and man in the middle risks of hardware signers. I have tried to point out risks in Bitkey and other hardware signers as well in other posts.

reply
71 sats \ 2 replies \ @k00b 16 Jul
PS: I think crapping on nvk is popular on SN, because of emotional reasons.

I've seen you say this a few times. Do you know where you got that impression?

People crap on many people here (as they do elsewhere), but it sounds like stackers may have a special hate-boner for NVK. The best I can recall is the thread where he was talking trash about SN and folks talked trash back.

reply

my buddy claims to have been defrauded by nvk. I tell him to take his licks and move on.

reply

I do think that it started since the trash talking. Since then, I felt that there's a lot of negative sentiment towards the personality, and that that reflects on how what gets said, even when not only perfectly valid, but standard, gets pulled into doubt. The danger in it is that good security practices can get replaced with mediocre ones - like anti-education. It doesn't help that nvk isn't a broadly liked or easy to interact with figure, of course, but I feel we must take care to separate the merit of the message with the likability of the messenger.

Maybe I am confirming my own bias and I am seeing sentiment that isn't there, though? Always possible. I'll take some time this weekend to go over it and re-assess.

reply