Why all this hype with Hardware Wallets when Bitcoin Core is all you need?

[LoyceV]

Using a Hardware Wallet is more convenient.  And since almost everyone is a lazy butt choosing convenience over utility, there we go.

I find using a hardware wallet much more work than using a software wallet.

My order of convenience (from easiest to most work):
-software wallet without password (for very small amounts, like a few wallets with a few dollars each)
-software wallet with password (the most common option I guess)
-hardware wallet (getting it, connecting the cable and typing numbers on small buttons make it inconvenient)
-cold storage setup (a proper setup including figuring out which wallet versions to use takes me a long time)

I literally use all four of those:

I use different wallets for different purposes. I know the shortcomings (and I'm aware I might not even know everything), but it's enough to reduce the risk to an acceptable level without being inconvenient.

Seriously now.  I can not imagine myself carrying an old airgapped computer with me on a trip.  I can not imagine myself doing the signing and all of that using two separate computers in a hotel.  I would rather carry around a Hardware Wallet instead and use that one safely.  This is why I think they are worth the cost.

I can't imagine traveling with a hardware wallet. I'd very much prefer to use a software wallet, funded with just enough for the trip.

I could pop up Electrum on a Tails and sign a single transaction without the server knowing all the UTXO's I own.

If you bring Tails, you don't need 2 separate computers. Just your normal laptop, reboot, and sign the transaction offline.

But if you are in a huge hurry to move your coins, you better not have your funds on an old offline computer as you may end up throwing all of that through the window.  Been in a hurry before with an old airgapped computer and it was pure hell.

It prevents panic selling

[PrivacyG]

I find using a hardware wallet much more work than using a software wallet.

My order of convenience (from easiest to most work):
-software wallet without password (for very small amounts, like a few wallets with a few dollars each)
-software wallet with password (the most common option I guess)
-hardware wallet (getting it, connecting the cable and typing numbers on small buttons make it inconvenient)
-cold storage setup (a proper setup including figuring out which wallet versions to use takes me a long time)

Debatable.  Software wallet is great, I admit it.  Most convenient too.  But there are some security issues I can not ignore.

Software wallets are great for me and you who I guess do not have TikTok, YooToob3000xyz Downloader, Free APK Downloader and all of that crap installed on our devices and do not click on all of these 'Claim Your $100,000 Check NOW!' ads or install this random malware out of the 'ALERT! ALERT! VIRUS DETECTED' annoying pop-up ads.

Also, the regular person does not choose a secure password but an easy to remember one.  Would you say the average person's phone or laptop is safe enough for a Software wallet, even protected by password?

I can't imagine traveling with a hardware wallet. I'd very much prefer to use a software wallet, funded with just enough for the trip.

I can see why and I can not contradict you.

-
Regards,
PrivacyG

[LoyceV]

Would you say the average person's phone or laptop is safe enough for a Software wallet, even protected by password?

Probably not. And yet, they use it for banking all the time.
I still think unrooted phones are more secure than Windows computers. I trust my Android more than I'd trust Windows (which I don't use anyway), and I would never use any Windows computer to even check my email.

[nullama]

Would you say the average person's phone or laptop is safe enough for a Software wallet, even protected by password?

Probably not. And yet, they use it for banking all the time.
I still think unrooted phones are more secure than Windows computers. I trust my Android more than I'd trust Windows (which I don't use anyway), and I would never use any Windows computer to even check my email.

I have some privacy issues with Android. Google can track you so much with Android. There's a log of even what apps you have opened and at what times. Plus all the location data, etc. It's incredible the amount of data that Google (or Apple) has these days on most of the people in the world.

A device with some kind of open OS like Linux or OpenBSD, etc, is kinda the best bet these days.

Although there's even risk at the CPU level. For the paranoid, RISC-V is getting a lot of traction these days (it's an open source set of instructions to build CPUs).

[n0nce]

This is where something like Ledger is actually doing a really good job, since they literally look like USB drives

Of course, none of that helps if Ledger leaks millions of addresses where their hardware wallet can be found.... And that's really the biggest concern I have buying anything dedicated to Bitcoin: it can make you a target.

For the record, I don't like Ledger as a company and their closed-source, low-quality products, I just think the USB-thumb drive form factor is quite smart.
I totally agree on the topic of buying from a Bitcoin company / buying a specialized product. On one hand, it's nice to see for instance Foundation Devices pushing self-hosting, on the other hand it's quite shocking that this is apparently not the industry standard so far for Bitcoin companies.

PSA to Bitcoin companies concerned with trusted 3rd parties: you can self-host most things!

At @FOUNDATIONdvcs we run our own @WordPress, @WooCommerce, Followups email marketing tool, @matomo_org analytics, @jitsinews for meetings, FreeScout customer support desk, @BtcpayServer.

This means we do not run Shopify, Mailchimp, Google Analytics, Zoom, Zendesk, Coinbase/OpenNode, or other similar centralized services.

We are also constantly improving and figuring out how to better safeguard customer data and self-host critical systems.

~

In the default configuration, the software accompanying hardware wallet usually does connect to a central server and does link addresses by pulling their balances at once. However, that doesn't have to be the case.
It's the specific reason why I show how to install electrum server on a Bitcoin full node, even before the Lightning installation instructions.

It would still be cool to have some mechanism that makes the whole system more privacy-friendly, as I reckon there are surely many altruistic Electrum servers. Unfortunately, so far my ideas about using PIR for this weren't very fruitful, but I'm happy to discuss more about that topic!

Would you say the average person's phone or laptop is safe enough for a Software wallet, even protected by password?

Probably not. And yet, they use it for banking all the time.
I still think unrooted phones are more secure than Windows computers. I trust my Android more than I'd trust Windows (which I don't use anyway), and I would never use any Windows computer to even check my email.

I think it's clear that using a non-rooted Android or iOS device is the most secure platform to be on at the moment; while definitely not being great for privacy. Windows would be something like the 'worst of both worlds' due to telemetry and being an old OS not designed around security, while Linux would be a trade-off giving much more privacy but with reduced security.
From experience, no OS has as good sandboxing, secure boot with a hardware trust anchor like iOS.

I'd normally recommend partitioning (separate devices for different purposes), but this means having to choose whether to do Bitcoin payments on the 'privacy device' (Linux box) or on the 'secure device' (mobile device). It's a tough question.

[darkv0rt3x]

I also only use Bitcoin Core and an offline VM for the more sensitive info. And of course, I have the VM encrypted and all sensitive info inside this VM also encrypted. And the VM file itself is also encrypted, so, I think I have the thing more or less protected! So I hope. The only thing I can remember that can defeat that is hardware error. But, any hardware is susceptible of hardware failure...

[nc50lc]

-snip- The only thing I can remember that can defeat that is hardware error.

That's not a problem if you have a backup of the wallet.dat file; I suppose you already have a backup, because who doesn't.

[LoyceV]

Additionally, Android smartphone company (such as Samsung and Xiaomi) add lots of bloat software which also perform lots of data collection and tracking.

Now that you mention it: it is indeed amazing how a problem that started on Microsoft Windows has now reached Android phones. And even hardware wallets are doing that shit nowadays, spamming all kinds of "services" within their software.
I especially dislike that you can't buy a product and be done with it. They use the product you paid for to try and earn more from you. That's one of the reasons I try to stay away from IoT-devices. And it's one of the reasons I like Bitcoin Core: it doesn't advertise anything. Unlike Electrum, Mycelium and Coinomi (and probably many more wallets) that all try to sell me crap.

[RickDeckard]

Additionally, Android smartphone company (such as Samsung and Xiaomi) add lots of bloat software which also perform lots of data collection and tracking.

Now that you mention it: it is indeed amazing how a problem that started on Microsoft Windows has now reached Android phones. And even hardware wallets are doing that shit nowadays, spamming all kinds of "services" within their software.
I especially dislike that you can't buy a product and be done with it. They use the product you paid for to try and earn more from you. That's one of the reasons I try to stay away from IoT-devices.

Now that you mention the conundrum where OEM push their services thought their mobile platforms, I've got something to add to this discussion that (many) are not aware - Xiaomi, a company that is mostly know to the public by selling smartphone devices (up until 2020 Xiaomi smartphones accounted for around 11.4 percent of the global smartphone market[1]), air purifiers, earphones, portable battery chargers and robot vacuum cleaners, define themselves as an "internet company" straight into their IPO documents[2] (page 6) instead of a company focused on producing hardware products for the overall public (as opposed to Apple definition on their 1980 IPO documents[3] for example).

The profit that they have per (smarthphone) unit sold is also very low - according to Investopedia we are talking about $2 per smarpthone sold (which still encompasses 65% of their total revenue). Why so low? Because they aim to have a lot of users using their smarthphones and don't mind even doing it at a loss because - despise the low profit generated - they will have a huge audience that will allow them to sell their services that they offer in their pre-installed apps (Music, Data, Photo Storage for example). According to Investopedia[4]:

Xiaomi's Internet Services Business

Preloaded apps and services accounted for about 9.1% of revenues, or about $2.3 billion, in 2018. Xiaomi's Internet Services segment also includes advertisements and other services as well.

The difference between hardware and services profits? They squeeze a lot more of revenue per user since the service is all set up and they just need to charge a user for it. This tactic allows them to have a tremendous profit because the service is already established, they just have to manage it and keep pushing it to new clients (While maintaining the current users) vs having all the hassle (and costs) in all the supply chain starting from sourcing materials up until having the smartphone on stores.

I'll stop with the OF now (sorry). If anyone is interested in this business model I highly recommend seeing this video from TechAltar[5] that shines more light into this kind of model (it's very interesting!).

Unlike Electrum, Mycelium and Coinomi (and probably many more wallets) that all try to sell me crap.

I'm aware that Mycelium and Coinomi do sell other services within their "main" one, but I wasn't aware that Electrum does it as well. What kind of "crap" are we talking about?
[1]https://www.statista.com/topics/5136/xiaomi/#dossierKeyfigures
[2]https://www1.hkexnews.hk/listedco/listconews/sehk/2018/0625/ltn20180625033.pdf
[3]https://www.sec.gov/files/18-02062-FOIA.pdf
[4]https://www.investopedia.com/news/how-xiaomi-makes-money/
[5]https://www.youtube.com/watch?v=esUOQpKNLsE

[LoyceV]

I'm aware that Mycelium and Coinomi do sell other services within their "main" one, but I wasn't aware that Electrum does it as well. What kind of "crap" are we talking about?

Electrum isn't nearly as "bad" as the others, it's only 2FA. And although they show a Disclaimer ("a small fee will be charged on each transaction"), I've seen many topics from users who are surprised they suddenly have to pay $20 or more on their first transaction.

[Cricktor]

I'm kinda missing in this thread the benefit of a hardware wallet to secure the wallet seed and transaction signing from a possibly malicious computer. And I see this as the main benefit of those devices. Topics like how you secure your mnemonic seed words and other mandatory wallet secrets apply to all sort of wallets and are not valid to distinguish them from each other.

Software wallets like Bitcoin Core or others are basically unprotected if the computer used to run them got compromised. A keylogger can grab your wallet securing passphrase, active malware can exfiltrate your wallet and/or steal/transfer your funds away. Active malware should be able to steal any main secret of your software wallet on a compromised device.

As far as I'm aware of a hardware wallet should protect you from losing your wallet seed and/or funds by malicious transaction(s) if you're careful to always check your transaction details before you get them signed by your hardware wallet. AFAIK no malware can manipulate your hardware wallet unnoticed by a careful user.

An air-gapped (encrypted) computer should provide similar security with far less convenience as already discussed here. Taking into account physical access, breaking into your space, physical threats and whatnot is another thing I won't go into detail. From my view it all depends on which usage scenarios you have and what kind of threats you want or need to be protected from.

[n0nce]

I'm kinda missing in this thread the benefit of a hardware wallet to secure the wallet seed and transaction signing from a possibly malicious computer. And I see this as the main benefit of those devices. Topics like how you secure your mnemonic seed words and other mandatory wallet secrets apply to all sort of wallets and are not valid to distinguish them from each other.

I believe because the main argument was that an airgapped Bitcoin Core install should be all you need. I am pretty sure most would agree here that a hot wallet is always less secure than a semi-hot / cold wallet such as in a hardware wallet. Even if the PC is airgapped, not only is it much more hassle to use in everyday scenarios, also it's simply less secure to physical attacks as described above.

Taking into account physical access, breaking into your space, physical threats and whatnot is another thing I won't go into detail. From my view it all depends on which usage scenarios you have and what kind of threats you want or need to be protected from.

This is exactly right. As so often, the answer seems to be again 'it depends'. The best solution varies from person to person, based on circumstances, preferences, technical abilities and threat model.