Bitcoin Forum

I'm considering creating a paper wallet for long time BTC holding. So far, I have known it's risky to generate a paper wallet while I'm connected to internet. Hacker may get access to my private key.
How can I generate a paper wallet in off line, provided that I am using Windows and not thinking of using any other platform like ubunto, I'm not much of a tech guy.
Please suggest me a safe way. I will bury the paper for next 5 years at least, till the 2024 halving.

Sorry if I have posted the topic in wrong section.

Depends on how paranoid you want to be.
You say you are not a tech guy, but are you good enough to remove a drive from a PC and put in a new one.
Or, at least remove and destroy the drive?

You could get a copy of the paper wallet generator on an online PC and put it on a USB stick.
Bring it to a PC that is not online (no wi-fi no wired network connected)

Run the app
Generate wallet.
Print wallet.

Destroy both the usb stick and drive in the PC.

Done.

The above method is overkill, but just about foolproof.

If you have some more ability, then running DBAN to wipe the drive is just about as good.

You can also get some hardware wallets and do it that way.

https://opendime.com/ (https://opendime.com/)

It generates an address. And until you punch the hole nobody in any way get to the private key.

-Dave

I've already written a tutorial about this here:
https://bitcointalk.org/index.php?topic=5190702

only part1 would be relevant for you.

But since you want to keep the BTC on the paper wallet for a longer period of time and in my tutorial the btc don't remain on the paper wallet very long because they are given away immediately,
it is recommended to use a pc that is not connected to the internet or any other computer or network.
A fully air-gapped pc would be physically completely separated from other networks.

If you are not a tech guy...
The easiest way, However not the cheapest, is to use an old computer.

Get this old computerand format it.
Then disable all the network in bios.

Never connect it again in the internet

Download Electrum  in a pen drive and insert it in the computer.

If you want to print, get the oldest printer you can find (without any wireless or whatever)

Too much risks... Much cheaper just to buy a hardware wallet imo

you don't need to be a "tech guy" to use Linux. it is different and you may have a hard time at first but to create a paper wallet, only knowing a handful of basic things would be more than enough to help you achieve a higher security.
do it a couple of times as a test and see how things work. you can even create a testnet paper wallet and receive then spend coins using that for no cost.

additionally if you want to avoid complications and take the easy route then you shouldn't be creating a paper wallet in first place because it is not easy and requires a lot of effort and you to be "tech guy". so as others said buy a hardware wallet instead.

after that you also need to wipe printer cache ;D

I think you're mixing up wallets and addresses. Wallets are clients such as Bitcoin Core and Electrum, while an address can be generated by any wallet. It's not necessarily so that people are recommended to use different wallets to 'store' their coins, but more so that people should spread their coins amongst various addresses.

Important factor is that whenever you download a client, you have to make sure it's from the main source only, and to verify the signatures provided. Unfortunately, most newbies and even some people who've been here for a long time don't verify the signatures, either because they don't know that it's important, or they don't know how to do so.

With all that in mind, it once again points out the importance of hardware wallets as these tools provide easy and safe storage without requiring too much knowledge to use.

As bitmover says, you want to use the oldest printer you can get your hands on, definitely one without WiFi capabilities. Older printers have very limited amounts of RAM, which will be cleared of all data within a few minutes of losing power. Newer printers, however, have their own hard drives which will often store a record of the last x number of documents printed and allow you to print them again, so as you say, if using a newer device you either have to wipe the printer's memory or destroy it.

You could do the whole thing without a printer at all, for example by downloading https://iancoleman.io/bip39/, running it offline, flipping a coin 256 times, entering the entropy, writing down the seed phrase and treating that as your paper wallet, and either (carefully!) copying the address by hand or transferring it on a USB stick to a live device to transfer coins to.

I always thought like this. A seed in a piece of paper is a paper wallet

Imo there is no need to use a printer or even to copy paste addresses. You could just take a picture of the public addresses qr codes . When you want to spend, you just insert your seed in Electrum or any other software.

Is there a "formal" definition? I would call any set up where the means to spend the bitcoin are solely stored on a piece of paper a "paper wallet". Doesn't really make much difference if the information is stored as a seed, a seed phrase, a private key, a QR code - it all leads to the same end result: Import to an electronic wallet and spend the coins.

Of course. I forgot that iancoleman.io will also generate QR codes for you, although I guess you could also have downloaded a second site such as bitaddress.org and plugged the private key you generated from iancoleman.io in there. You are of course right that using QR codes is the best option for avoiding errors and also avoiding accidentally spreading malware via USB drives or other removable media.

Not true. Only those that are generated by programs and wallet software usually have QR codes but many paper wallets are generated by copying the seed or private key. So to say that almost all paper wallets have a QR code would be inaccurate without any statistics to back it up it would be safer to assume that only a small amount of paper wallets have QR codes unless they are commercially developed.

There's no way you can generate a paper wallet offline.
The only way is to use an old computer, generate the paper wallet and print it on an old printer that has no access to Wi-Fi. Or why not get an Hardware wallet and store all your funds there and bury the wallet seeds. Since Y'all trust hardware wallets alot.

Uhh, the next sentence in your post is defined as "offline".

The one you suggested to bury can be used as the paper wallet, you can throw away the hardware wallet after.
The point is, paper wallets can only be used exclusively for cold storage, no outgoing transactions until you decided to.
Hardware wallets are mainly "hot wallet" where you can spend your bitcoins without exposing your keys to the net (some use it for cold storage though).

......

Ok ignoring the second half of your post which clearly explains a offline wallet but it is possible to generate a wallet using Bitcoin core on a offline computer and transfer the private key to a piece of paper. Generating a paper wallet should only be done offline so saying that it cant be generated offline is just false.

My tried and tested way to do this was to buy a old second hand computer and printer and to use that to create loads of paper wallets and then

to physically destroy it after you are done with it. We have a lot of Pawn shops in town, where they sell old second hand computers and printers

and I pick up these computers for just a few dollars. A lot less than what people are paying for hardware wallets. Just copy the scripts from the

Github page and run it offline.  ;)

For the truely paranoid (which is what you should be when creating private keys!), you may want to disconnect your speakers too. See Black Hat Researcher Shows Why Air Gaps Won't Protect Your Data (https://www.pcmag.com/news/363017/black-hat-researcher-shows-why-air-gaps-wont-protect-your-d).

And close your curtains :P

Paper wallet = also other materials like wood, plastic, metal, bricks, stone. The intention being that it is not in any electronic form but it some physical form, either hand written or printed or engraved or stamped.

If you get a sharpie (or other permanent marker) and write legibly on some thick card, I would consider that a "paper wallet".

If you need to print it, I'd recommend a laser printer not an inkjet. Laser printed stuff last longer and don't smear or smudge when exposed to moisture or water.



Depending on how much it cost, I wouldn't go that far. It can still be cleaned and erased. I'd actually reformat the thing first because used computers usually have loads of bloatware installed. If you have the time, I'd erase the drive first, repartition, reformat, install OS offline, probably run full disk encryption too while you're at it.

Dice is a little bit more fun and cheaper. But old hardware is fun to tinker with too.

On a side note. I have used and do use Revlar paper for paper wallets among other things:

https://relyco.com/products/durable-papers/revlar-waterproof-paper/ (https://relyco.com/products/durable-papers/revlar-waterproof-paper/)

From their marketing:


I do have some of their laser printer paper.

If you are US based and want to send me shipping I'll get you 2 or 3 pieces.
 
If you want it in a flat envelope that has a piece of cardboard in it to keep it rigid it's $4.06 to ship
If you want it in a flat envelope that is not rigid I can get it to you for $1.25 but if USPS bends it and leaves a crease don't complain to me.

It's Friday, Monday is a postal holiday so anyone who wants some please get to me before Tuesday.

PM me and I'll get back to you with a payment address.
Not going to fill out customs paperwork so US only.

Just cleaning up and figure some people might want some.
Laser only. You try to use an inkjet it's going to be a blurry mess.

-Dave

I'm thinking it's much better to protect the paper wallet with something else, like those fire and water resistant envelopes. That you then place in a safe, which can be fire resistant as well.

And if the safe is stored in a separate location or surrounded by mud, earth, cement, or ... like you make it's own area...

I think Loyce did say children's books have lasted decades.

So I type fire envelope in amazon:

https://www.amazon.com/s?k=fire+envelope

One of the first results:
https://www.amazon.com/Fireproof-MoKo-Resistant-Valuables-Protection/dp/B076V8C5J9/
https://www.amazon.com/COLCASE-Fireproof-Non-Itchy-Resistant-Documents/dp/B074S2H4H9/





So, my advice, print two or three physical hard copies of your paper wallet and stick them in that fire proof bag. No need for fancy paper, but of course you can also do that.

Here's an example from 1947 (https://vault.fbi.gov/Roswell%20UFO/Roswell%20UFO%20Part%201%20of%201/view), back when manual type writers probably used ink and had much lower quality than a modern laser printer.

I just notices something strange on BitAddress paper wallet generator - I downloaded complete page on my computer desktop and it works fine. No coins were sent to generated addresses - it was just a test in case I need it later to generate some address while off-line. Then I tried to connect my two PC-s via local network - (very complicated in recent Windows 10) and noticed that the BitAddress folder on my desktop was marked as a sharing folder. I did not do this and it is strange and I do not like it.
Maybe somebody could explain this.

Try to make a new folder in the same directory where you created "BitAddress" folder and check if that folder is also marked as sharing folder.
If it is, then it's your desktop or the directory where it is located is the one that's shared ('coz anything in it will be shared too).

I've also downloaded the source (https://github.com/pointbiz/bitaddress.org (https://github.com/pointbiz/bitaddress.org)), extracted the zip but it isn't shared.

Short Version: #windows

Long Version: Most likely, during the network setup/config, you've selected an "innocent looking" option that has had unintended consequences... Things like marking a specific network as "Private" or "Public" can do all sorts of stupid things that you neither wanted nor are informed about :-\

This seems to be the modus operandi of Windows in general... click "allow" on something and have it do that... and other things that you probably weren't notified about ::) :-\

Most likely, it is simply coincidence that your "BitAddress" folder has ended up "shared" and is not the result of anything overtly nefarious.

So this just came out from the ColdCard hardware wallet people More info on the device: https://coldcardwallet.com/ (https://coldcardwallet.com/)

Their latest update allows you to generate paper wallets from their hardware device that are unrelated to your seed words

The entire blurb says:

More info on the update:

https://coldcardwallet.com/docs/upgrade

-Dave

Why do they say that? Paper wallets are almost always offline cold storage. The risk is you can lose it. There is no risk of it getting stolen or hacked unless the actual paper wallet is stolen from you. Or there are risks which you can mitigate.

Below is a step by step way to securely generate your paper wallet...

1. Download BitAddress.org JS code from https://github.com/pointbiz/bitaddress.org.

2. Run it in an offline computer and generate Address + Private Key.

3. Copy the Address in a text file and write down the Private Key by hand in your notebook.

4. Write the Private Key from your notebook to the text file by typing and run it through BitAddress.org JS code to see whether it generates back the same Address in the text file.

5. Now remove all traces of the Private Key, save the text file with Address and wipe out the temporary cache from your browser.

6. Download Coinb.in JS code from https://github.com/OutCast3k/coinbin/ and use it to sweep fund received at the generated Address.

it is probably because they are SELLING an alternative to paper wallets and if they tell people that you can store your bitcoins in a paper wallet in a way that could be just as safe as their product, nobody would buy it anymore!

the fact is, if you create the paper wallet correctly (offline and encrypted) then it is a lot more secure than a hardware wallet since the hardware wallet can still contain bugs that could be exploited whereas to break the encryption of your paper wallet they have to break something like AES256

The "small amounts" thing is stupid, but they are right that paper wallets carry risks, because all wallets carry risks. Some, such as web wallets, carry far more risks and risks which are impossible to mitigate against (the company in question being hacked, scamming, locking your accounts, etc.) Paper wallets carry some risks, but the risks require a fair amount of technical knowledge to mitigate against, as opposed to hardware wallets, which require very little knowledge to mitigate against (keep your PIN/Passphrase/Seed secret, keep your hardware wallet physically secure, etc.)

I don't think anyone would argue that a correctly created paper wallet is insecure. The problem is that an awful lot of people create them incorrectly, and the steps needed to create them securely (clean OS, dumb printer and clearing printer memory, permanently airgapped machine, etc.) require a degree of technical knowledge which isn't required to be able to safely use a hardware wallet, for example.

there is also a fair amount of technical knowledge required to use a hardware wallet correctly. for example the user could simply have one of the most common malwares called "clipboard hijacker" that simply changes the address he copies, in which case it doesn't matter if he uses hardware wallet, he still is going to lose money.
or he could be using a malicious software to communicate with the hardware wallet, like a malicious electrum that shows one thing in GUI but signs something else and sends bitcoins to the attackers wallet as soon as user confirms it. to mitigate that he has to know PGP and verify signature,...

"technical knowledge" is always needed and there is always a lot of ways that naive users could lose funds no matter what type of wallet they use. these were just some examples off the top of my head.

This is mitigated simply by checking the address on the screen with the address on the wallet screen. It requires zero technical knowledge.

As above. No knowledge of PGP, signatures, or the methods behind them is required. Just looking and comparing is enough.

Agreed, and it is impossible to completely protect against user error, but my point is it is far easier to slip up when creating a paper wallet than it is to slip up when using a hardware wallet.

Social engineering still works. User error. Human error. The 8th layer as some would joke. Problem occurs between chair and keyboard. One delta ten tango.

You can't really separate implementing "best security practices" on your local machine and having paper wallets. The paper wallets themselves could be highly secure but when your PC is infected with all kinds of malware listening in, the whole effort is wasted. Because one of these days, you will broadcast a signed transaction using whatever device you have.

At a guess the paper wallets are not secure is their get out of jail free card.
You have a coldcard, you generate a paper wallet that somehow gets compromised (the how really does not matter), they can say so sorry but you were warned.

As for is it better to use their method to do it or the way that CounterEntropy posted or some other way is probably about the same.

Is it easier? That is kind of an interesting question. If you are already using the coldcard to generate transactions offline and moving the SD card from it to your PC, then you probably are somewhat tech savvy. So doing it this way or that way may or may not matter.

It's kind of a loop. If you don't know what you are doing, paper wallets are not good because you stand a larger chance of messing up and generating it online or with some other security issue. If you do know what you are doing then you don't need the coldcard.

I just thought it was a neat feature and figured I would post about it here. Did not think it would generate the discussion it did.

-Dave

Unsure as to the usefulness of this feature... so I'm not sure I'd classify it as "neat"... it is definitely unique tho, I'll give them that! ;) It's also nice to see innovation in a somewhat "same same" space.


Most things posted here regarding hardware wallets or paper wallets will generate a "discussion". There are some very "polarised" views on both... and your post is about BOTH :-X :P

I aim to please :-)

I actually don't like most hardware wallets, but since I am a tech nerd I do know how to keep my systems & funds fairly secure.
I like the cold card and do use one, but mostly to stay on top of their features so I can show others who are not tech savvy.

Same with paper wallets. I do have a few I have on archival paper, in a fire proof safe.
They were generated on a laptop that I installed a new drive in before installing a clean OS, and had a copy of the wallet generator on a CD that I copied it from.
Plugged into an old HP 6 printer that had the stock drivers included in the OS.
When I was done generating the wallets I ran DBAN on the drive.

Full disclosure:
It's just a question of risk. I have funds in 3 separate hot wallets that I use for spending, but they are also unrelated to each other.

I have a full node on a PC at my house the hardware is on is worth more then the amount in the wallet
I have Electrum on my laptop with 2 wallets 1 wallet connected to the coldcard 1 just local
And I know that it's bad but I have Coinomi on my phone. I have a ton of alts on there and it's just about the only thing that does it in one place.

So, as I said above I know what *I* am getting myself into and the risks of each. We should be helping others learn that too.

-Dave

This is probably one of the best attitudes I have seen on this forum in a long time... To often, in too many parts of this forum, people dig their heels in and start arguing about fairly irrelevant stuff. I've even probably been guilty of this on some occasions!

It's a bit like ProgrammingLanguageA vs. ProgrammingLanguageB... there isn't a "one size fits all" approach to this stuff. For some people... blockchain.com or Exodus or Coinomi or Coinbase or Binance wallets make the best fit...

For others, nothing short of a paper wallet crafted using dice and a 486 laptop running a Linux live OS in a Faraday cage will suffice... and then everything else in between.

The first step, is to identify what your needs/goals and use cases are and then find the solution that best matches those, while making sure that you understand the risks of your chosen solution and how to mitigate them. Even hardware wallets and paper wallets can be "useless" if you do something dumb like putting your seed words or private keys in an email draft folder protected by SIM based 2FA (https://bitcointalk.org/index.php?topic=5203321.0) ::) ::)

I think people should spend more time "playing" on TestNet... get a feel for how things work, experiment and learn... play with paper wallets... try manually creating transactions and learn how it all works. Personally, I think it's fun and you're not going to lose anything of value except a little bit of your time. ;)

In any case I wouldn't expect my grandma to do all this Bitcoin protection stuff. This discussion really highlights the need for professional services in protecting the BTC of the non-techie. I think solving this issue for the common man is a mini game-changer and pushes for greater adoption.

That's not how "Be your own bank" works... Asking someone else to "protect your BTC" pretty much goes against the entire ethos of Bitcoin. ::)

It seems that you're basically suggesting "custodial" wallets as a solution for non-techies!!?!

In my mind, the solution is education, but that generally requires someone who wants to learn. Bitcoin has a steep learning curve... but there have been advances away from the complicated process of generating and using paper wallets securely or attempting to setup an air-gapped machine etc. For instance, a hardware wallet offers most of the benefits without the complicated procedures and are generally easy to use.

Likewise, there are desktop wallets available that offer the ease of use and nice GUIs of web wallets... but ensure you maintain control of your private keys/seed mnemonics and don't require full blockchain downloads.

Be your own bank? It looks like "Make your exchange your bank." After four years of "educating" the public about security and countless exchange hacks, the larger portion of the crypto space still keep their BTC in exchanges. Let's face reality here.

..generally requires someone who wants to learn. Bitcoin has a steep learning curve.. - Most don't want to learn.

I agree, hardware wallets are the obvious solutions for many who are inclined to understand the basics.

Why I keep old ancient laptops that people would otherwise throw away. They are still useful for some things. Also don't forget blanket over your head, but I don't do that myself.

Does the browser make a big difference when it comes to using hardware? I’m not very tech savvy and I fear one day I will open the wrong Trezor site or something stupid like that. I’ve been reading more and more about google chromes security flaws and thinking maybe I should switch to FireFox for hardware transactions. Could this make much of a difference, or not really ?  (I don’t trust myself to make paper atm)

If you are using a hardware wallet, in and of itself the browser does not matter.
If you put https://wallet.trezor.io/ as one of your bookmarks then you do not have to worry about going to the wrong site.

Generating paper wallets is a different discussion, but you should not be using a PC that is online and then wiping the drive after so the browser is kind of not important.

-Dave

For reasons I will not get into, I would avoid using Chrome as much as I can and just stick to Firefox. I think it's a personal preference, but something tells me it's better to be safe than sorry.

Tor browser uses Firefox as it's base.

I'll only use Chrome if I have no other choice, like some random website that doesn't work with Firefox, which is rare.

A long time ago, someone made a PiperWallet ... essentially some small device that has a thermal printer and generates paper wallets. I think recently, maybe it's Dave here, tried to do it again with a Raspberry Pi and a cheap printer, and package the thing as a small device.

But if you already have any kind of computer, no matter how old it is, if you can install a fairly recent OS, you can install the latest updated browser, then you can use any of a bunch of different websites OFFLINE to make paper wallets.

There are even apps out there I've managed to collect, some are python scripts, some are executables (but I don't have the source code, I just know it's "safe" since I used to have the source code somewhere), ... but really the easiest would be to use Electrum on an offline device. Then you can delete the app / factory reset / format / DBAN / secure erase ...

I would not do a physical destruction of the device simply because that's kinda wasting it, when a wipe or reset will do the job.

So should I just go back to leaving my coins on Coinbase?? JK  :D The paypal of crypto is the last place I’d do business with at this point. I’m versed on wallets ..hardware , hot, paper etc. I would never even use Trezor if was PC smart enough not to. I have made paper offline on a Virgin pc , no connection , to a wired virgin Printer no connection access etc but I’ve got a couple buddies who understand and work in the the cryptography space that say even then there’s more precautions you should technically be taking. I got lazy on learning how and here I am.

I thought Tor was on Duckducks base ..if that’s not the case why does that browser always pop up on me ( I guess simply answer is my Tor skills match my wallet creating skills).  I plan to roll w ForeFox from now on tho ..I don’t trust google what so ever.

I use Bread, blockchain, Coinomi, Cake, as well as ledger and trezor via Electrum A few times as of just recently. I will spend more time and money (buy new air-gapped pc perhaps) on this all soon.  Piper wallets ..the collector in me has wanted one of those for a while !  So these were totally legit ? 

Yeah, it's me trying to re-create something like it. Ran into a bunch of issues so I am stepping back from it for a week or 2 or 4.

The problem with the original Piper was that it had a setting that it could SAVE every wallet it generated. And without having a monitor hooked up the user pushing the button would never know that it was saving it. So, yeah the quick project is taking a lot more time to do because I am scrapping a lot of the code piper created.....

-Dave

you didn't need "virgin PC", only "virgin OS". in other words running a live Linux would satisfy that need. you can boot it from DVD so there is no way to have persistence, also don't enable networking or hard disk mounting.
as for printing, a simple addition of encryption could solve the printer "remembering it" issue. then you just have to write down the password with pen and paper separately.

Even then, there are better options than run-of-the-mill Chrome. Ungoogled Chromium (https://github.com/Eloston/ungoogled-chromium), for example, which is Chrome but with all the Google spyware removed.

DuckDuckGo only have a browser app for mobile devices - they don't have a desktop browser. DDG is used as the default search engine for Tor browser, but Tor browser is very much built on Firefox ESR.

Agree with Dabs though - if you don't want/need to be using Tor, then Firefox is hands down the best browser to be using. HTTPS Everywhere and uBlock Origin add-ons are a must.

I don't think Brave is a good suggestion for people who are looking for privacy or security.

Brave is an advertising company. They make their money from selling ad slots to third parties. They strip out ads and inject their own, meaning you are giving them full control over many of things your browser downloads and many of the things you see online. CMIIW, but even if you trust Brave 100% (you shouldn't), it's a massive security risk that could be exploited to deliver malware to your browser instead.

They also obviously have business relationships with these third parties they sell ads to, and maintaining and growing of these business relationships will be a consideration in every decision they make. You can never be sure that a decision they are making is 100% for the benefit of the users, because there are third parties pushing in the other direction which they have to pander to or lose their income.

Their KYC requirements seem to be ever worsening, and the fact that they continue to market themselves as the gold standard privacy browser while demanding this KYC is disingenuous at best.

Brave also whitelists several terrible trackers, including those from Twitter and Facebook.

What KYC? ??? I am running Brave and haven't had to complete any KYC? Is it part of the "rewards" thing that I didn't opt into?


That's why you should also run uBlock Origin to take care of that sillyness :P

https://support.brave.com/hc/en-us/articles/360032158891-What-is-KYC-

Initially they enforced KYC for publishers only, but then they enforced it for any user which wanted to use their rewards program. If they want to go down that route, that's fine, but they can't also plaster their landing page with slogans like "unmatched privacy" and "privacy first" whilst also requiring KYC to use their flagship feature. Completely hypocritical.

Same point as above. If they want to whitelist these trackers then they are free to do so, but they should make it perfectly clear to users they are being tracked instead of stating that they block all trackers, which they categorically don't.

Now I have a dilemma... I initially started using Brave as it was being touted as being better for privacy... but it now seems they have slowly become "Evil"™ while I wasn't paying attention :-\

Might have to see if this "Ungoogled Chromium" is a suitable replacement... I'm guessing the issue will be whether or not it works with my workflow/"required" extensions etc.


EDIT: Initial testing shows that it might not be suitable... just trying to install an extension seems very difficult. None of the methods shown seem to work :-\
EDIT2: Seems the newer dev releases (based on Chromium v78) aren't working properly... the Release version (Chromium v67) seems to allow the extensions to be install following some of the various install methods in the FAQ (https://ungoogled-software.github.io/ungoogled-chromium-wiki/faq)

I'm not sure I'd go so far as to say "evil", but I certainly wouldn't recommend Brave. When compared to Google Chrome, for example, Brave is still miles ahead in terms of privacy, but at the same time it's not this perfect solution that they are trying to market themselves as, and there remain better options out there.

If you really want privacy though, then Firefox remains the best choice (short of Tor).

exactly. just remember to install uBlock (the popular script and advertisement blocker extension available for both Firefox and Chrome) on your Firefox and you end up with practically the same thing as Brave browser when "blocking" ads and scripts and privacy is involved.

Careful here. There are two add-ons with the uBlock name - uBlock and uBlock Origin. uBlock Origin is the one you want. uBlock is run by the same guy who makes AdBlock, and is done so mainly for his own profit. uBlock Origin is also more lightweight, better at blocking, and doesn't have any "allowed ads" like the others do.

As an aside (genuine question as I am curious): Are there many sites people are using which don't work properly on Firefox?

There are several sites which are broken by my "hardened" version of Firefox, with my various about:config tweaks and add-ons (such as NoScript), but I also have a "clean" install of Firefox without any of those changes/add-ons, and I've never come across a site which doesn't work on it. There are sites which are "optimized" for Chrome/Chromium, sure, but I don't ever remember finding one that is completely unusable/inaccessible via Firefox. Maybe I'm just visiting the wrong sites. :P

I don't necessarily have a specific site, but for ease of use, for the users, the company I work with right now only recommends two browsers for their own internal applications, IE and Chrome. This is in an enterprise environment so I personally don't use IE, but it's what's required for their own web-based in-house apps.

It's possible they should using another browser, but ... I'm not in charge and they also have a bunch of legacy looking apps (like some that limit usernames to 8 characters).


I think the other app that works only on Chrome will actually work with Firefox, but the userbase does not have it installed by default and would have to call in the admins to have it installed, so they don't.


For general sites, I haven't come across any that doesn't really work with plain Firefox. At one point, Crypto-Bridge was complaining that it prefers Chrome or their own app, but they're dying and closing before the end of the month.

Only happened because I work in IT....
So, lets say this also, DON'T USE A MACHINE THAT IS NOT YOURS. AS IN DON'T GENERATE PAPERWALLETS ON THE LAPTOP YOU GOT FROM WORK.
Even if you are offline when you do it, it can still be recorded.

Just had to do an audit for a client part of which was grab a few laptops from random people and install monitoring software for a few days to see what they were doing.
Many many cat videos, but I could have been hijacking usernames / passwords / private keys etc. if I wanted to.
It's not yours, don't do anything that is not for work, you can be watched.

-Dave

Yeah, my work computer has something called Cisco Recording installed on it. The managers and other call quality people can indeed see it, but it should be fine. They see all the work related credentials anyway. The device itself is secure (since you have access to many different systems and maybe even banks) but the IT people can see a lot of what's going on.

They said it's for those times when someone else calls and says you dropped them or hung up, so the manager can see if that was the case or it was some other system problem.

As far as I know, one of the most secure ways to generate a paper wallet is the use of physical entropy (not computer dependent). The bitcoin private key is a 256 bit number, so you can fip a coin 256 times, or roll 16side dice 64 times, etc. In order to make this process simple, I created a special tool - Bitcoin visual private key generator (available here: https://btckeygen.com) and on Github.

You can download the source (from site or github) and make the genreation process offline on your own PC. The recommended way is to flip a coin 256 times, and fill every bit of the key depending on the coin outcome.
Here is the video tutorial how to make a paper wallet with coin and the tool: https://www.youtube.com/watch?v=WyBdYhwweaE

Formore security you can also create a time lock address where the funds are unspendable until a set date and time has passed based on a safely generated private key (actually for time lock address only public key is neccessary).
Time lock address generation: https://coinb.in/#newTimeLocked (also could be done offline, but not neccessary at this stage, as you share only your public key, not private)

So, the whole process is:
[1] Generate a paper wallet with coin flips
[2] Based on the public key of the address from [1] generate a time lock address (with time specified to lets say 1 Jan 2024).

So you will receive the bitcoin address (starting with 3) and Redeem script, and can release funds from this address not earlier than the specified date.

However only paper wallet from [1] is also enough for security if you do no want to time lock you funds.

Do a test transaction with these time locked addresses for a near future (like a few days from now) so you can verify for yourself how it actually works. You wouldn't want to unintentionally lock up your funds for 100 years, say you added too much time.

After collecting dozens of paper and other offline wallet generators that use all sorts of input and entropy, I think it is still more convenient to use Electrum to generate your seed words and write that down as your paper wallet. 12 words = thousands of addresses, can use the master public key to create a watch-only wallet.

Here (https://bitcointalk.org/index.php?topic=1307443.msg13385155#msg13385155)'s my old guide on how I did it. I'd change a few things now, namely using your own entropy source and generating either multisig or bech32 addresses, but the basics are there.

I also don't actually print anything anymore. I wrote it out, check it many many times and etch it onto something more durable.