I wanted to investigate something I ran into while reading around. I use Trezors with Electrum but I did initialize my hardware wallet(s) using mytrezor's site. I will link one of the sites below and simply paste my area of concern. You won't gain much if any knowledge beyond what I am pasting below by reading the article. It is a reference to show where my thinking started.
https://www.buybitcoinworldwide.com/wallets/trezor/PRIVACY
Data can be leaked upon setup if using TREZOR’s myWallet. For a more private initialization, use the Chrome extension or the python tools to setup your device on an offline computer.
end quote.
The subject of anything regarding leaks gets my attention. With that in mind I wanted to discuss with specificity the leaks mentioned/quoted above. First off, I am very advanced with internet connectivity so I have zero concerns that the mytrezor site has any traceable IP's due to my consistent vpn/tor combo useage. I never use a raw connection so that avenue of "leak" means nothing to me in this case. As I examine the process whereby a Trezor generates the "seed words" it is apparent that NO computer will ever see those words. Of course they are personally hand written for MY backup purposes, but no leak of "seed" during initialization. That means that a leak would be down to a PIN, but even that process is engineered to confound the attached computer since the visualized keypad is always rotating the numeric placement of the digits. I use many different passphrases to generate numerous wallets, but those don't relate to the other wallets, and they were added after initialization of the device. I have subsequently learned to use the Trezor app (Chrome extension) OFFLINE and configure the device that way. At this point I have changed the PIN(s) and device "name(s)" offline. I have NOT wiped/re-initialized the device because as mentioned already that would require me to move many wallet contents to other new wallets. Of course doing things offline has security benefits, but I missed learning all this stuff before I initialized my hardware wallet(s).
1. Can anyone specifically demonstrate to me/us what the potential leaks are that were mentioned in that article? Hopefully there is nothing sinister "leak-wise" that goes on with the mytrezor handshake.
2. I am asking for opinions as to whether it is warranted to re-initialize my Trezor(s) since I did not do them offline out of the gate? At this point I have changed the PINs and device "names" offline, but that is it.
I want to learn as much as I can here. Any information or links to some reading will be pursued. Leave the devices alone or re-do them?
