Based on your thread about secure elements in hardware wallets, Safepal also has one but you couldn't find the exact model. Have you managed to find any more information on it in the meantime? Maybe they are also using one of the ST3x models.
No I didn't, but they are not using ST3x models for sure. There was some speculation from Kraken security team but nobody could identify secure element with 100% accuracy, it's probably some cheap chinses junk chip. It may be just the hunger for money. They may have been seeing Ledger's crap news and thought "what a wonderful idea, let's do that ourselves and get rich from selling to the idiots monthly subscription on making the seed less secure".
I think it's more stupidity than hunger for money. We can see the clear pattern here, closed source devices collecting bunch of money and than they need to repay that with stupid cloud services like this. There is an argument that hardware wallet companies are not earning as much money as smartphone companies, so they wanted to do some kind of subscription model for regular income, so they want to be like Netflix  I'm pretty much soured on all HW wallets now.
Don't be. I suggest listening to the latest talk between Andreas Antonopoulos and Jameson Lopp (I posted it in different topic), you will hear some good sugesstions. |
|
|
|
It may be possible to clone https://github.com/LedgerHQ/ledger-live and patch out all the connections to Ledger servers, or even just do it through your firewall. Someone may even have done it before, not sure about that. It should be evident that I'm not too knowledgeable or experienced with Ledger products myself.  You didn't miss out much, it's just a regular cheap circus show  I don't think patching ledger live is possible, blocking ledger servers is certainly possible, but than I think device wont work correctly. From my understanding it's not only ledger that are going to receive data from customer wallets, they are only one of 3 companies, other two companies are located in United Kingdom and United States. Now imagine any of this three governments wanting to do mass seizure of coins, they won't have any problem doing that, since user controls nothing if they applied for Recover. Even in case if they didn't apply for anything there is a chance keys could be exposed somehow. Let me look from the bright side of this incident... I think ledger nono X eternal battery problem will not exist anymore  EDIT: I found one interesting ledger commercial driving down the Internet Highway 101   |
|
|
|
After doing that punched both SE and MSU on Ledger board by two strokes of hummer. The final result is simple as that Good move... shame you didn't upload a short video while doing that People don't have to be so brutal with their devices, and if they still have old ledger nono S model, but I will suggest slowly migrating and starting to move coins to different open source devices. Everyone who owns ledger nono X already have some parts of malicious firmware, because they released bits of code in older updates. Don't update newer firmware because you could enable access to your keys, and some government could potentially seize coins from you in future, especially if you live in US, UK and France. Good for everyone to listen and learn something from latest conversation between Andreas Antonopoulos and Jameson Lopp talking about aftermath of ledger Recovery incident: https://odysee.com/@aantonop:8/ledger-recover-what-the-hell-is:8You don't have to listen to me, but this two guys (JL and AA) are one of the biggest bitcoin security experts in the world today. |
|
|
|
EttaWallet is 100% open source and is developed for android and ios devices.
There is no official website I could find, EttaWallet twitter account didn't post anything so far, so only thing we have is a fresh github account. I wouldn't jump right on to use this device for more that testing with few sats, and I don't recommend it is standard LN wallet, but I like they started with open source code. |
|
|
|
Hardware security models aswell as the security design in general of mobile devices is way more secure and battle tested compared to the currently available hardware wallets.
Maybe that is the case but they only have security updates for few years at most, I think apple has 5 years, samsung flagship devices has 4 years, cheap phones 1 or 2 years, and than they become unsecure. Since Airgap wallet is based on older device, that means that most of those devices are generally unsecure. The knox lockdown performed is one step deeper than what is offered to the user through i.e. settings. Also user errors (i.e. accidentally turning on wifi) are taken care of by the lock down.
So is there a way to revert changes to default state with Reset phone function, and remove AigGap later if we changed out minds? |
|
|
|
Tor and open-source code are an absolute must for me. Robosats does have a 'F2F' option, by the way. You can even enter a custom payment option yourself.
Even if Peach may have more features, privacy should always be number 1 priority. But I guess it could be a good alternative to CEX for mobile users who don't own a computer that runs Tor Browser. Yes that is exactly the reason why I like what Peach is doing. There are much more mobile users than computer users today, especially in third world countries, so growth potential is much bigger. If I had the option to choose I would always use desktop solution with Tor, something like Bisq or Robosats is good for that. Why limited? I'm really interested to understand why this needs to be an app. Maybe I will just install it in an emulator and have a look myself. It's limited for The Bitcoin Company (and their cards), and I don't know why, maybe because it's still in early beta phase. I have no idea how thsi would work for Peach Bitcoin. Their Google Play page says they collect the in-app messages, crash logs, diagnostics, and device identifiers. Such an identifier would let them connect your trades, whereas reloading Robosats will give you a completely fresh, unlinked identity.
Well yeah, that is what you get when you install most of the google and iOS apps, but I am not sure if the same happens with direct APK file. It's certainly a good to read Terms & Conditions and Privacy Policy page before using Peach: https://peachbitcoin.com/privacy-policy/https://peachbitcoin.com/terms-and-conditions/ |
|
|
|
Maybe this year we won’t have a proper competition, but I smell a surprise coming!
They are cooking something special on twitter for this year? In case some kind of competition happens I propose to ban all Italians from participating, to make it fair for everyone else Did anyone ever made one of those fat pizzas from Chicago? They are probably blasphemy for all Italians...  |
|
|
|
Now the button is automatically checked. Either way, the person uploading an image accepts the terms of service.
I hope this makes everything easier to use.
I tested it and it works perfectly now, no more clicking for me. It makes perfect sense to accept all the TalkImg terms if you agree to upload images. 2. Destination -> custom -> Import from clipboard -> Put your API key where it says "API-KEY-HERE"
I can't find Import from clipboard option anywhere. Is this under Custom Image Uploader, Customer Uploader settings or somewhere else. I know about Sharex but it was always a bit complex for me since I would use it mostly for uploading forum images. |
|
|
|
|
I missed forum down time, but I am getting a lot of this gateway errors in last few days, and many cloudflare boxes to check in, pages sometimes load very slow so I guess there was another round of ddos attacks towards bitointalk forum.
|
|
|
|
Recent news again warns that if you have a crypto wallet installed on your phone, and the Apple ID is not yours, but you bought it, then you need to transfer your funds from the iPhone, in order to avoid theft.
I don't think this should be called Apple ID Vulnerability, and that is coming from someone who is not a fan of Apple products at all (read - me). It's stupid to buy different ID account from someone else just because you want to install some app, I think using a VPN would be much better alternative. |
|
|
|
My worries if this team provide a rigged cartridge which all the seed phrase in already on their data base. There’s no way for a normal guy like me that doesn’t have enough understanding on code to check if the cartridge is same to generate seed phrase at all. I don't think they are sending any seed phrases with cartridges, that was not my conclusion after reading all material posted by them. This is first news in public and they started working on GameWallet few months ago, but I am sure I saw that use generates seed phrase with a button. I said that I would prefer to import seed phrase generated offline by myself, and I expect them to release everything as open source... I am not messing around with any closed source wallets anymore. The last thing I remember is, I gave my gameboy to my cousin. If he still has it (chances are slim) then I am going to get it back LOL. I never thought I will have a use of it anymore 🤣
I think Gameboy Pocket would be best as hardware wallet, it's smaller than regular version. We better think about all retro pocket devices we have hidden in boxes... but I saw someone is making The idea is interesting, but looking at provided video and reading their video it seems this wallet only can generate mnemonic phrase. I expect all hardware wallet should transaction signing feature, although i doubt it's possible in this case since GameBoy doesn't seem to have HD camera accessory. Without signing feature, i could just run offline Bitcoin wallet on Linux which utilize /dev/urandom.
Just imagine special cartridge addons that includes build in cheap camera and support for miscroSD cards... Frankenstein GameWallet. I think based on what they said it still under develop and they might add some feature since the old gameboy has link cable they maybe use it to transfer signed and unsigned raw transaction they can convert the link cable to USB adapter using Raspberry Pi Pico.
It's possible and I would like to se that. I think they picked a perfect time to ask support from community, but I doubt they will release anything this year. Anyway, I am folloing this project and I will post any updates... unofficially. |
|
|
|
Although I'd like to recommend people not to send back their device - no matter what - since without open-source firmware, there is no way to tell whether a reset fully erases everything.
That is true, but I would move all funds and double check everything before sending anything back to ledger. Most they can get from returned device would than be only history of transactions, and that is if they are hiding something. This option is only if you want to get money back from ledger, I personally prefer optional destruction and total demolition |
|
|
|
Actual BL-5C do fit though, right? I will look for one and reply to this if I'm successful.
Yes it fits perfectly. Original Nokia battery BL-5C have slight variations for mobile phones with different size and power between BL-5C, BL-5C A and BL-5C B. Battery capacity is also different: - BL-5C is 970 mAh - BL-5CA is 700 mAh - BL-5CB is 800 mAh This means that BL-5C that is supported by Passport will give a longer battery time and will fit perfectly. |
|
|
|
Disease is officially spreading After ledger made very unpopular move with their new crap Recover feature, now we have another closed source wallet Safepal planning to do something similar, but they are even worse. In upcoming update they want to connect and backup seed phrase with iCloud and GoogleDrive for waller recovery: In our coming update, we will support the iCloud/GoogleDrive key backup mechanism. If users lose their seed phrase, they can recover the wallet via their cloud-end back-ups. Source: https://medium.com/lysithea-ventures/an-insightful-exchange-recap-of-safepal-ama-with-ceo-veronica-3479ee32b796I will repeat again, Safepal is closed source junk and they are doing exactly the same thing as Ledger. This is really strange and it makes me think that same group of people is controlling or commanding this manufacturers what to do. I mean... they can't be so stupid to release this ''news'' in very similar timing like Ledger circus show. Keeping seed phrase in cloud... what could possibly go wrong? Stay away from Safepal, and stop using it. |
|
|
|
Do you have old Gameboy console collecting dust in some old box of memories? Maybe you like '90s retro gaming items or you are a collector? Thanks to guys from Keyp you will soon be able to turn your own GameBoy into secure offline cold wallet, generate seed phrase and use it to store Bitcoin and Ethereum. There will be no internet connection so we can call this a cheap airgapped device that is going to have Open Source code. Now comes interesting part, there will be NO firmware updates ever, and all updates will be released as a new game with cartridges  Randomness will be generated inside device, and that can be a tricky part, so I would like them to include option of importing our own seed phrase manually. Wondering who the heck is Keyp?They are working with web3 Games and Apps: https://www.usekeyp.com/Do you want to help this project?Upvote on product hunt and retweet on twitter. https://www.producthunt.com/posts/the-game-walletI don't like they will focus this wallet more on ethereum than on bitcoin, but it is what it is, and this is still a cool project. For more details check out GameWallet website:  https://www.gamewallet.gg/ |
|
|
|
Good day, everyone
Sinbad is not hacked, there was a technical problem, which is solved now
I apologize for the late response
Can you please explain what happened with different theme on your website that some members noticed, are you working on some new design or not? |
|
|
|
Right now, I believe Robosats may honestly be a more private option, since you use it through Tor and it receives no 'device information' like a mobile app, doesn't deliver notifications through centralized Google / Apple servers and so on. Yeah but I don't think you can use Robosats for meetups and trading face to face for cash, plus I think there are much more options in Peach compared to Robosats. I think adding support for Tor would be a good idea for Peach, and maybe Robosats and Peach Bitcoin can work together in future. In theory Peach could alter create web app with limited functionality, like The Bitcoin Company did with their no-kyc cards. Well, mobile phone numbers are nowadays often tied to real identities using KYC. So if this communication is not encrypted end-to-end without backdoors or implementation flaws, a three-letter agency could knock at Peach's door, fetch a copy of their data, map phone numbers to identities and end up with a nice list of 'suspicious P2P Bitcoin investors'.
Communication is done within Peach app and I think it's encrypted, so I don't think there is anything connected with phone numbers. My biggest complain to Peach is that source code needs to be released as open source, for code encryption to be inspected for bugs and exploits. |
|
|
|
When uploading, before pressing the upload button, you can edit the size of the image. To do so, just click on the thumbnail image that appears on the screen and a popup will open for editing.
I tested it and it works great, just like I wanted and it speeds up my image uploading process a lot. Now you need to remove that checkbox to agree with terms each time if I am using Tor or other browser with private window. |
|
|
|
Can we ever trust what people from Ledger say anymore?
Only a few months ago, they claimed something completely different.
I never trusted them after many fiascos they had, leaking customer information multiple times, low quality check of their devices, battery issues, short support for older devices, closed source, etc... That being said, we should be very careful with all other hardware wallet manufacturers, they can turn on users and make deals with devil in a same way like ledger. Big red flag should be when manufacturers start to collect millions and billions of dollars from different campanies. I hadn't seen this before, and it makes me wondering: if Bob would get their hands on Alice's Ledger, would it be possible to upgrade the firmware and upload it online? I always thought the whole point of a hardware wallet is to make it impossible for private keys to touch the internet, but now it's starting to look like an expensive hot wallet.
This is what ledger claimed before, but now they are changing tune with different ''song''. They turned impossibility into new feature It strikes me as very unlikely that anything related to this is going to cause widespread losses anytime soon, so I don't think that an Important Announcement is necessary. Probably, but many people could still lose privacy, and mystery sharding encryption was never verified by anyone. I edited Ledger out of my "do not keep your money in online accounts" post. I still want to recommend some hardware wallet which is fairly easy-to-use, so I left Trezor in, even if it may not be perfect.
I think currently best open source wallet could be Passport by Foundation. They are 100% Bitcoin only device with open source code and reasonable price compared to Trezor Model T. No shitcoins liste there (unless someone makes community project support), and it's quality device assembled in US. |
|
|
|
|
Show Posts
