He is symmetrically encrypting the keys. So he must have a strong password to decrypt them. I don't know how he stores the password though. I didn't ask for obvious reasons.

I am not in favour of digital storage either. I am afraid of disk failures.

As far as BIP39 is concerned, he actually said "I don't use seed phrases, especially BIP39". So I am assuming he must dislike Electrum as well.
Personally I mostly use electrum instead of BIP39, but I understand that BIP39 is the most widespread, software agnostic, backup protocol.

Yesterday, I had a conversation (in real life) with a person who I really think is very knowledgeable in Bitcoin.

I will not provide more details about his setup, because I value his privacy. I asked him to join the forum and open a thread to discuss about it. The forum would have a lot to learn from him. He will not...

He provided me with some important arguments against BIP39, but most importantly, he described a backup system that he finds superior.

But this system was (and still is) a red flag for me.

He said that he prefers to GPG encrypt private keys in WIF format and store them digitally.

So... What are your thoughts?  I am aware that this system caused Luke Dashjr losing a lot of funds, so I can't believe he literally suggested it.

_{I won't be very active this weekend, but I will be back to read and discuss with you next week.}

Especially since the founder has invented the core mining mechanism of bitcoin 

Seriously though, nice catch and nice study. You have provided us with some knowledge.

You are both correct. And since I have been asked the question a lot, about why I keep trusting the device and why I still use it, I want to make something clear.

1. I can read and understand C, so I feel confident reading the code. Which is important for me.
2. My usage is pretty limited. Once a month, I scan a private key QR code, I sign a transaction (usually a pretty small one), I erase the memory of the device (using temporary signer option).
3. Blockstream doesn't know my address, nor my name, since I received the product elsewhere, where I don't have the ability to access now, so if I request a change, or buy a new one, I will need to use my real name and address.
4. I own other devices that I use for more frequent transactions.
5. I always know that my backups are safe.
6. I always use QR codes, which is safer than USB cables. Still, QR codes are not a panacea, but, you know, I feel more confident.
7. The Jade is a reputable device.

Warning:
Finally, always be very cautious when it comes to using browser-based products (software & updates). Always verify what you download. Always think twice before downloading something.

It is a realistic scenario, but not a likely to happen scenario. I mean, bugs can be found in the code, but the address generation process is a core process, which, I hope, has been tested by both software unit tests and human tests. I can't believe that there will be a flaw in such an important aspect of the software.

What can happen though, is that someone can use a fake website to update their firmware and that the installed software can be malicious. This is a huge problem if it happens... I hope that the device won't work with the fake website, but since I am a developer and not a security person, I don't know how easy this scenario is.

Oh my god. Normally I am the unluckiest person in the room, but today was my lucky day. Thanks paid2. Thanks everyone! Good luck in the next one!

The following warning is a day late and a dollar short.

Let me share my point of view, having written some similar script myself: Don't! Don't! Don't use scripts that are not properly tested, qualified and used.

Open source is fantastic because it allows many pairs of eyes to review the same code. However, it's not a panacea. Most of the time, these pairs of eyes distinguish corner cases and issues. In your particular occasion, as DaveF said above, there was an open issue in the code. So, when using open source, we should at least check:
1. the open issues.
2. the number of forks / stars.
3. the number and quality of open merge requests.
4. the number of contributors.

TOR will allow you to have inbound connections without doing any network adjustments.

It is important to clarify the difference between an incoming and an outgoing connection though. An incoming connection doesn't mean that you don't receive anything from other nodes. It just means that the node that will initiate the connection process will always be yours. Once the connection between two nodes is established, it doesn't matter who initiated it or not. The transferring process will be the same.

Finally, TOR is often slow. This is just a side-note.

Thanks Mia Chloe! I am very happy about it.

Congrats to the winners.

Congrats to you Rick for managing this wonderful contest.

Thank you for managing my funds for this donation! You have been absolutely trustworthy.

Yes true. The only problem is that this leaves a narrow space for new members to join campaigns.

But that's why I suggested different payments. So that a user can be paid upon unmerited posts as they used to, but they also have a chance to educate themselves more and to write more constructive posts to earn the extra merit and therefore, the extra bucks.


That's indeed an issue... But I guess it good work on a monthly basis. So, if a user had posted X posts in a month, then they could get paid monthly using the scheme I suggested above. I know it's not a great pattern, based on the argument you have mentioned. It needs some tweaking but we could find a way.
Anyway... Just a thought.

There are solutions. The easiest one is to use text comparator. But if you want to go a step further, you can also read the whole discussion and use it to judge whether a post deserves to get paid or whether it doesn't.

However, this solution is not possible, because the most reputable campaign managers, manage a bunch of campaigns each. And each campaign has several members, so reading all the posts is a very time consuming task.

What I would do, if I were a campaign manager, would be to pay differently depending on if the post is merited or not. And to avoid merit exchanging I would put a requirement of being merited by at least 3 different members.

Imagine something like this:

Each post will be paid with X dollars.
Each post merited by at least 3 different accounts will be paid with Y dollars.
Each post merited by more than 10 people will be paid Z dollars.

I 'd like to get 22, but if not available, then I 'd like 89, and then 39.

If more than one available, please include any of them you wish.

No, I am not blaming anyone, but I can't close my eyes when I see people posting with the obvious purpose of making some quick bucks by copy-pasting other peoples' posts. Am I wrong? Haven't you spotted this behaviour in the past?

You aren't. I don't care very much to be honest, but I understand fillippone's concern, because it's a natural behaviour to be concerned when things like this happen and especially when they happen to devices that are used to hold secrets of any type. Could be private keys, gpg keys, passwords, anything like that.

It can't happen. There is no way on earth, especially considering that we should check our backups every now and then. Bugs and mice will never eat a backup seed phrase.

BTW: I just noticed the "professional shitposter" 

Wow, what's that? Sounds intriguing, my knowledge in physics sucks haha

As far a the backups are concerned. Yeah, obviously nothing bad happened. In fact, as I have said, my Jade is amnesiac. Every time I turn it off it erases its memory. So I always need to scan a QR code to load my wallet. Nothing is persisted once it's shut down.

It's funny but I kinda liked this system. 

Looks promising, I need to study it a bit more. Does it work only with encrypting single private keys? Or does it also work with seeds (HD wallets)?