How to make sure hardware wallet I'm buying hasn't been tinkered with?

[Ashh]

Heyo!

I currently live in Russia, and I'm looking to buy something like a Ledger Nano S, and there are a lot of stores here that sell them. I'm quite paranoid when it comes to stuff like this, and I'm considering all option on how to best secure my coins. I'm thinking maybe I should make an older android phone as an offline storage, but I'm scared it can be vulnerable if it will not receive updates and such. Or maybe something like Raspberry pi? I really don't want to show my legal name and credit card information when buying bitcoin hardware storage online.

Any thoughts? I appreciate every response, have a good day

[Chikito]

Buy it on official store https://shop.ledger.com/
as I know they accepting bitcoin payment, don't worry about your credit card.

You can read all about hardware wallet information here: https://bitcointalk.org/index.php?board=261.0
so, I am not recommended you to use an old phone as offline storage when broken you lost at all. better to write your information like private key and seed on paper.

[DdmrDdmr]

<…>

I figure you don’t want it delivered to your home either, in order to keep your personal details from entering a system during the transaction. One option would be to purchase from an official local reseller (see https://shop.ledger.com/pages/retailers). There are eight in Russia, and I figure some of them have physical stores.

Being official resellers doesn’t mean that they can’t have a rough seller. You’ll need to go through the process of checking if the device is genuine (see https://support.ledger.com/hc/en-us/articles/360002481534-Check-if-device-is-genuine).

[mk4]

Only buy them from their official websites like DroomieChikito said. While it's unlikely for you to buy hardware wallets that has been physically altered in some way if you purchased them in your country's local version of eBay and Amazon, it's not worth taking the risk just to save like $10-$30. Remember, you could potentially be holding a fortune in the future. Don't cheap out for the shipping fees.

[Ashh]

I figure you don’t want it delivered to your home either, in order to keep your personal details from entering a system during the transaction. One option would be to purchase from an official local reseller (see https://shop.ledger.com/pages/retailers). There are eight in Russia, and I figure some of them have physical stores.

Being official resellers doesn’t mean that they can’t have a rough seller. You’ll need to go through the process of checking if the device is genuine (see https://support.ledger.com/hc/en-us/articles/360002481534-Check-if-device-is-genuine).

Yes, that would be ideal. I found a few familiar stores that sell them, I will probably go and try to purchase them for cash, and then check if it's genuine.

[Ashh]

There are some "official" suppliers here in Russia that would probably sell it to me in cash. My biggest worry, is that none of them are trustworthy, and I want to buy a secure device and give as little of my information away as possible. I don't know if doing hardware integrity check is enough, maybe I should try to disassemble the device and look for any alterations, not sure if it's even possible or if I have enough technical skills to do it without damaging the device.

[Lucius]

~snip~

I would personally buy from the official site only, even though you have to provide your personal information in this way, I think this is the surest way though. Check with your post office do they offer the service internationally known as Poste restante, and with this you can only give your full name with post office address, and package will be delivered to the post office address where you pick it up with showing your ID.

Check hardware integrity is not something you should do if you have no experience with these things, and you also need to know that by this process you lose all warranty options for that device.

https://support.ledger.com/hc/en-us/articles/115005321449-Check-hardware-integrity

[Ashh]

~snip~

I would personally buy from the official site only, even though you have to provide your personal information in this way, I think this is the surest way though. Check with your post office do they offer the service internationally known as Poste restante, and with this you can only give your full name with post office address, and package will be delivered to the post office address where you pick it up with showing your ID.

Check hardware integrity is not something you should do if you have no experience with these things, and you also need to know that by this process you lose all warranty options for that device.

https://support.ledger.com/hc/en-us/articles/115005321449-Check-hardware-integrity

Thanks for your take on it, but I'm very hesitant on receiving such product even to my local post office in Russia. Everything is being monitored here, so there's no difference if I order it to my own address directly.

Refund warranty is also not something I care about, I'd rather make sure my device is legit, than just have an option of return.

[Lucius]

Ashh, then you have a problem that just doesn't have a simple solution. You want to avoid any possible provision of data when purchasing, but this leaves you with the only option to buy directly from a reseller paying with cash. This option again creates a problem is it the device genuine in terms of hardware, which is not easy to determine.

Do you have a friend you trust, maybe someone else can do shopping for you, and in this way you can remain completely anonymous?

[Ashh]

Ashh, then you have a problem that just doesn't have a simple solution. You want to avoid any possible provision of data when purchasing, but this leaves you with the only option to buy directly from a reseller paying with cash. This option again creates a problem is it the device genuine in terms of hardware, which is not easy to determine.

Do you have a friend you trust, maybe someone else can do shopping for you, and in this way you can remain completely anonymous?

Yeah, I could order to someone else, but I don't know if it's a good solution either. I'm considering running Electrum on Raspberry pi as an offline layer of security, and my main android phone as primary interface. I can probably run Electrum Personal Server too. In my mind it seems to be a good enough security option and I wouldn't have to give away personal information for something as obvious as ledger.

[Zeke_23]

Ashh, then you have a problem that just doesn't have a simple solution. You want to avoid any possible provision of data when purchasing, but this leaves you with the only option to buy directly from a reseller paying with cash. This option again creates a problem is it the device genuine in terms of hardware, which is not easy to determine.

Do you have a friend you trust, maybe someone else can do shopping for you, and in this way you can remain completely anonymous?

Yeah, I could order to someone else, but I don't know if it's a good solution either. I'm considering running Electrum on Raspberry pi as an offline layer of security, and my main android phone as primary interface. I can probably run Electrum Personal Server too. In my mind it seems to be a good enough security option and I wouldn't have to give away personal information for something as obvious as ledger.

You can buy Ledger Nano directly to their website, but, if you really don't want to use your identity, ask someone else.
However, if you don't have someone to trust even with buying it, then you can continue using your current offline wallet, as you said, it seems to be good enough for you.

[mk4]

Yeah, I could order to someone else, but I don't know if it's a good solution either. I'm considering running Electrum on Raspberry pi as an offline layer of security, and my main android phone as primary interface. I can probably run Electrum Personal Server too. In my mind it seems to be a good enough security option and I wouldn't have to give away personal information for something as obvious as ledger.

You seem to be a tech-savvy guy base on your replies. You'd probably do fine by holding your coins using a Bitcoin Core node instead. Electrum would also be fine too though. Just think about the potential points of attack through that setup you're thinking of. Or of course, you could go with the "easier" solution, through a hardware wallet. I'd personally just buy it straight from Ledger though, probably order one and ask to ship it to a friend near you?

[Kakmakr]

I think a lot of the people who replied on your thread, missed the part where you said, "I really don't want to show my legal name and credit card information when buying bitcoin hardware storage online."  

I understand your concerns, because I had those same concerns. I bought my hardware wallet from the official site and took the risk that it might be tracked, but I used a postbox and not my street address for the delivery. <So only the official site and the Post Office know what was contained in the box>  

When you buy with cash from one of these re-sellers, you do not know if someone opened it before you and if they got access to your seed.    <It is easy for those people to shrink wrap it again, after they opened it>

[NeuroticFish]

Buy it on official store https://shop.ledger.com/
as I know they accepting bitcoin payment, don't worry about your credit card.

I also recommend the official website. And they accept card, paypal and bitcoin: https://support.ledger.com/hc/en-us/articles/360006658493-Payment-methods

I really don't want to show my legal name and credit card information when buying bitcoin hardware storage online.

Well, if you want it to be sent to your home, you don't have much of a choice. Maybe Post Box, but I don't know how that works in Russia.

I'm thinking maybe I should make an older android phone as an offline storage, but I'm scared it can be vulnerable if it will not receive updates and such. Or maybe something like Raspberry pi?

An option is an USB stick with a live OS. (e.g Tails OS)
On the stick persistent storage you may have to install a newer version of Electrum, for example, and after that always make sure your internet cable is disconnected when you boot from the stick.
You can find tutorials here or on Electrum website how to work with cold storage. Basically you keep your seed on paper (and may have to enter it on every boot); on the normal PC you run a wallet in view-only mode, but you need it to create and broadcast transactions; the Live Os you keep only to sign transactions.
Imho it's cheaper and safer than hardware wallet, but (much) less convenient.

And as long as you have the seed on paper you can break the USB stick, you can erase it, reinstall, update, ... just I'd start with wiping it and reinstall before attempting an update (wipe doesn't need internet, while update probably needs it).


Edit: if you go for Electrum, before using it, please read the posts about making sure you have the legit version.

[DabsPoorVersion]

You should be able to buy it directly at the center and not until you buy used goods because usually there will be such a problem if you do not buy the appropriate hardware wallet from the official.

However, OP do not want to reveal his identity. Which is needed when buying at the official site.
I dont see any sense on why he does not want to use his unformation wherein his information is secured and will not be posted in any website.
He wanted to buy hardware wallet but he doesnt want to provide the name and address for the location of his delivery.