Wall Observer BTC/USD - Bitcoin price movement tracking & discussion

[Voodah]

The part in question is the STM32F205RET6 ARM processor which is easy enough to order up at the usual sources.

Unfortunately, counterfeit parts are epidemic in the components industry today, and the incentive to spin up a "special" one of these is...rather large

Can't you trust the usual places to source you clean parts? Where do SatoshiLabs order their parts?

Now you are starting to think.  THAT is a very good question.  One would hope that they have a secure delivery arrangement with the manufacturer...one would hope...their website is mute on the subject.

You guys had convinced me to get one until I read this post.

Is there any evidence to raise the minimum glimpse of suspicion? #doyouknowsomethingwedont?

I'd like to know how much damage one of these counterfeit parts can do? How nefarious can they possibly act in this context? Given the amount of dough other people have at stake, I suspect there's already been a lot of digging. I'm personally willing to risk being weirded by technology more than I'm prepared to have someone walk away with a paper wallet. But just barely.

It'd be big, specially for Trezor as a company; but I don't think it would be that big or even profitable in terms of money if you think about it. Being offline devices, the damage would be considerably mitigated by time alone. You'd (hopefully) get an email from Trezor an hour after the first few cases confirm a trend warning you to not plug and power your hw anywhere.

Going through the long con of modifying a chip design, going into production, distributing to retailers/waiting for the chips to be used by a company, and then sold and used; only to then choose a date when enough are in circulation to trigger the 0day, and only get as bounty the first random few wallets that come online that day... There are probably easier less involved ways to be a criminal.

They could try to simply sneak out a couple packets with key data every so often, and just acumulate them for the future; but that would get easily found out by people using them in secure networks.

[Arriemoller]

So, let's see if I got it all right.

I go to the library, (with my clothes on), download the "make your paper wallet" site from the library computer (so the computer can't be traced to me) onto a USB stick. Buy a refurbished poo computer from Ebay, Get naked, take a shower just to be sure, put on a balaclava thats been in the microwave to kill the microcameras that might have been put there by the Chinese who made it, get an enema, make the wallets, preferably in a dark room with loud music, print them on a virgin printer, pour petrol on the printer and computer and burn them, put the wallets in an envelope seal it with wax and my coat of arms, and put it in my box in the bank.

Did I miss anything?

But seriously, thank you all for your input, I know OPSEC is important, and I do get more and more paranoid as the price goes up.

Seems like if you put it in the bank, then you still need one other location, in case the bank burns down or something.  Whether your second location is your home or another bank, it is not so likely that your catastrophic failure is going to happen at both of your locations at the same time, no?

I am, seriously, going to bury a laminated copy somewhere on my land. And have smaller amounts also in my hidden home safe. (I have a visible decoy safe bought very cheap from Cina with some crap in it).

First off, you people seem to have an inordinate amount of trust in banks.  'Safe deposit boxes'  Belong to the bank, just like your deposits.  Access is controlled...Not by You.

As for burying laminated paper... Maybe if you live in a desert.  Test your lamination in a bucket of water for double your minimum expected burial time, with many test subjects.  Plastic is water resistant.  For a time.  Not for all time. Better to bury stamped stainless, or even stamped plastic if you worry about metal detectors, or if heat is a zero concern (house fire, wild fire, etc.)

Maybe that applies to the US, but in Sweden The deposit boxes content belongs to me.

Until it doesn't.  Used to be that way everywhere.  If you are correct, Sweden is one of the few remaining western states where this is the case.  I suppose you don't have bail-in laws either then.  Canada got those in 2013.  Depositors are 3rd tier creditors.

I think the EU has bail in laws, but they do not apply to deposit boxes.

[Rosewater Foundation]

The part in question is the STM32F205RET6 ARM processor which is easy enough to order up at the usual sources.

Unfortunately, counterfeit parts are epidemic in the components industry today, and the incentive to spin up a "special" one of these is...rather large

Can't you trust the usual places to source you clean parts? Where do SatoshiLabs order their parts?

Now you are starting to think.  THAT is a very good question.  One would hope that they have a secure delivery arrangement with the manufacturer...one would hope...their website is mute on the subject.

You guys had convinced me to get one until I read this post.

Is there any evidence to raise the minimum glimpse of suspicion? #doyouknowsomethingwedont?

I'd like to know how much damage one of these counterfeit parts can do? How nefarious can they possibly act in this context? Given the amount of dough other people have at stake, I suspect there's already been a lot of digging. I'm personally willing to risk being weirded by technology more than I'm prepared to have someone walk away with a paper wallet. But just barely.

It'd be big, specially for Trezor as a company; but I don't think it would be that big or even profitable in terms of money if you think about it. Being offline devices, the damage would be considerably mitigated by time alone. You'd (hopefully) get an email from Trezor an hour after the first few cases confirm a trend warning you to not plug and power your hw anywhere.

Going through the long con of modifying a chip design, going into production, distributing to retailers/waiting for the chips to be used by a company, and then sold and used; only to then choose a date when enough are in circulation to trigger the 0day, and only get as bounty the first random few wallets that come online that day... There are probably easier less involved ways to be a criminal.

They could try to simply sneak out a couple packets with key data every so often, and just acumulate them for the future; but that would get easily found out by people using them in secure networks.

That's exactly what I was thinking but in good words and infos. Thank you.

[explorer]

You rent the box and it can't be opened without a court order.

OK... so you trust your banks and government and legal system, in a vastly socialist state.   My condolences. 

[TERA2]

It's really easy to make a bitcoin key and keep it secure if you dont have to account for brain injuries. You dont need a hardware wallet. You dont need any software. You dont need a bank.

[Phil_S]

I wouldn't trust paper, laminated or not.

I don't like 'electronic gizmos' because it's like 'I have bitcoins' advertisement.

For long-term storage, you can put your wallet.dat into encrypted container, now you just have a small file, very easy to store, very easy to hide. Copy it to a dozen old flash drives, even diskettes, bury them in a dozen different places.

New you have deniability and it's pretty safe from loss/theft.

[jojo69]

It'd be big, specially for Trezor as a company; but I don't think it would be that big or even profitable in terms of money if you think about it. Being offline devices, the damage would be considerably mitigated by time alone. You'd (hopefully) get an email from Trezor an hour after the first few cases confirm a trend warning you to not plug and power your hw anywhere.

Going through the long con of modifying a chip design, going into production, distributing to retailers/waiting for the chips to be used by a company, and then sold and used; only to then choose a date when enough are in circulation to trigger the 0day, and only get as bounty the first random few wallets that come online that day... There are probably easier less involved ways to be a criminal.

They could try to simply sneak out a couple packets with key data every so often, and just acumulate them for the future; but that would get easily found out by people using them in secure networks.

I agree that it is pretty unlikely, but I would point out that the knock off chip fabs are already technically criminals, and the tainted parts would operate normally in non trezor applications and would be sold at a profit.

[JayJuanGee]

I am, seriously, going to bury a laminated copy somewhere on my land. And have smaller amounts also in my hidden home safe. (I have a visible decoy safe bought very cheap from Cina with some crap in it).

and now the internet knows all these things

Hahahahahaha...   I can see it now.


Criminal:  "Hey Arriemoller, your valuables or your life."

Arriemoller:  "Please, please, no, no, no.. don't take my life... .. o.k.  I will take you to my safe.  Here it is ... it is be called safe."

Criminal:  "Is this the "decoy safe" or the real one?"

Arriemoller:  "Of course this is the real safe.  I want you to have all my valuables and not my life."

Criminal:  "O.k.  i thought that I read somewhere...... "

Arriemoller interrupts criminal, and:  "you probably getting me mixed up with someone else, and you know peeps say all kinds of shit on the interwebs... Of course that is the real safe with real bitcoins and other cryptos available and even title to my yacht that I acquired from the appreciation of my many ETHs.  Surely, I have no other safes in any of these places nor on my yacht.. and you can take the yacht, too."

Criminal:  "O.k.  Your story seems quite plausible, and I have a high level of confidence that you are disclosing everything, and for that reason, I am even gonna leave you with your yacht and I will just take the total value of your crypto that is in this safe, which happens to be .003146BTC and 25.384 ETH, and that should be enough for me anyhow, since I am a modest kind of criminal, and I have modest material needs, too.  Thank you very much, Arriemoller, you have been amongst the most cooperative of my crypto targets, and I thank you for making this whole robbing process easier for me."

Arriemoller and Criminal do a "man hug" because no gay here, and then each goes their separate ways, which means the criminal leaves.   

[JimboToronto]

WO page 19k and no parity?

[Voodah]

It'd be big, specially for Trezor as a company; but I don't think it would be that big or even profitable in terms of money if you think about it. Being offline devices, the damage would be considerably mitigated by time alone. You'd (hopefully) get an email from Trezor an hour after the first few cases confirm a trend warning you to not plug and power your hw anywhere.

Going through the long con of modifying a chip design, going into production, distributing to retailers/waiting for the chips to be used by a company, and then sold and used; only to then choose a date when enough are in circulation to trigger the 0day, and only get as bounty the first random few wallets that come online that day... There are probably easier less involved ways to be a criminal.

They could try to simply sneak out a couple packets with key data every so often, and just acumulate them for the future; but that would get easily found out by people using them in secure networks.

I agree that it is pretty unlikely, but I would point out that the knock off chip fabs are already technically criminals, and the tainted parts would operate normally in non trezor applications and would be sold at a profit.

You're right.

I imagine it could also act as an "added bonus" set in there for the future, the chip's "retirement plan". When the chip becomes obsolete due to a newer version or competition, there'll still be plenty of wallets lying around in hidden spots. Great time to strike.

EDIT: I will never get a hw wallet now.

[Arriemoller]

So, let's see if I got it all right.

I go to the library, (with my clothes on), download the "make your paper wallet" site from the library computer (so the computer can't be traced to me) onto a USB stick. Buy a refurbished poo computer from Ebay, Get naked, take a shower just to be sure, put on a balaclava thats been in the microwave to kill the microcameras that might have been put there by the Chinese who made it, get an enema, make the wallets, preferably in a dark room with loud music, print them on a virgin printer, pour petrol on the printer and computer and burn them, put the wallets in an envelope seal it with wax and my coat of arms, and put it in my box in the bank.

Did I miss anything?

But seriously, thank you all for your input, I know OPSEC is important, and I do get more and more paranoid as the price goes up.

Do yourself a favour. Get a TREZOR. Seriously. I don't think you want to expose yourself to the risks of owning and maintaining a paper wallet. Write your 24-word seed on 2-3 small pieces or paper, laminate them, and store/hide them safely in 2-3 separate places. Also, use an additional 25th word/phrase (passphrase), so that even if someone finds your seed, it will be useless without the passphrase.

All done! You can sleep peacefully at night. Definitely worth the 100-something € to buy the TREZOR.

^^^ THIS

I really can't understand guys having a "fortune" in crypto and not owning some hardware wallets. You don't even need to put everything you own into it. Just buy it, play with it and, when you are confident enough, decide how much you want to manage with a hardware wallet, how much in paperwallets, how much in exchanges, in software wallets, etc....

I don't trust those electronic gizmo's. Paper and ink is after all paper and ink, and can't be tampered with. Keeping it in a safe place is the least of my worries.

Fair concern. But then you must also take into account that if you are using paperwallets, you:

- Are trusting that the algo they are using to generate them is completely foolproof.

- When you go to redeem them... I supposse you will be using a completely safe, isolated computer, sign the transaction and broadcast it from a connected one.

That process is cumbersome and it seems you just come up with an equivalent security of a hardware wallet.

I am more into DIVERSIFY investments and DIVERSIFY risks. Never put all egg into the same basket....

That said, I have to recognise that most of my "eggs" are on hardware wallets (two ledgers and 1 trezor).

If you are gonna go the paperwallet route... just make sure each one is of small amount, so that when you go "redeem" it, you will notice if anything "went wrong" before redeeming the next one.

I would only claim them to use the money, and I would simply sweep them to my Coinimi wallet.

[Rosewater Foundation]

See now I'm confused. We blinked and it came back down. It's almost as though _nothing_ we do or say here has any impact on the market. Just puzzling.

[Arriemoller]

You rent the box and it can't be opened without a court order.

OK... so you trust your banks and government and legal system, in a vastly socialist state.   My condolences. 

Socialist?

Sweden has always been a capitalist democratic country with due process and all that.

[Rosewater Foundation]

I don't mean to split hairs, but is there any reason to trust a hw wallet less than Coinomi?

[explorer]

I would only claim them to use the money, and I would simply sweep them to my Coinimi wallet.

I had heard bad things about Coinomi, but decided to try it, to sweep some clonewebs  from the corners of a paper wallet.  Favorably impressed on all fronts, other than the fees proposed by the embeded Changelly & worse yet Shapeshaft.

[Arriemoller]

I am, seriously, going to bury a laminated copy somewhere on my land. And have smaller amounts also in my hidden home safe. (I have a visible decoy safe bought very cheap from Cina with some crap in it).

and now the internet knows all these things

Hahahahahaha...   I can see it now.


Criminal:  "Hey Arriemoller, your valuables or your life."

Arriemoller:  "Please, please, no, no, no.. don't take my life... .. o.k.  I will take you to my safe.  Here it is ... it is be called safe."

Criminal:  "Is this the "decoy safe" or the real one?"

Arriemoller:  "Of course this is the real safe.  I want you to have all my valuables and not my life."

Criminal:  "O.k.  i thought that I read somewhere...... "

Arriemoller interrupts criminal, and:  "you probably getting me mixed up with someone else, and you know peeps say all kinds of shit on the interwebs... Of course that is the real safe with real bitcoins and other cryptos available and even title to my yacht that I acquired from the appreciation of my many ETHs.  Surely, I have no other safes in any of these places nor on my yacht.. and you can take the yacht, too."

Criminal:  "O.k.  Your story seems quite plausible, and I have a high level of confidence that you are disclosing everything, and for that reason, I am even gonna leave you with your yacht and I will just take the total value of your crypto that is in this safe, which happens to be .003146BTC and 25.384 ETH, and that should be enough for me anyhow, since I am a modest kind of criminal, and I have modest material needs, too.  Thank you very much, Arriemoller, you have been amongst the most cooperative of my crypto targets, and I thank you for making this whole robbing process easier for me."

Arriemoller and Criminal do a "man hug" because no gay here, and then each goes their separate ways, which means the criminal leaves.   

I do NOT have ETH, but I do have a loaded pistol in a safe. Please let the robbers make me open that safe.

[Asrael999]

You rent the box and it can't be opened without a court order.

OK... so you trust your banks and government and legal system, in a vastly socialist state.   My condolences. 

Socialist?

Sweden has always been a capitalist democratic country with due process and all that.

With a routine like this you should become a professional comedian, you're killing it.

[NiceSoft12]

I really think now is the time to just completely get out of Bitcoin.

The fact that the 1st two bubbles were engineered by MTGOX, and this last bubble has some authenticity, but is also the result of Tether$....

I think regulation will keep BTC honest. The bitcoin bubbles were truly counterfeits imo, because of unregulated businesses. It's human nature to freely take if the opportunity arises. All these bitcoin businesses and exchanges have been doing that pretty much; ie stealing.

There is no way Bitcoin will function as a currency, and as a commodity it will just function the same as other commodities.

[Rosewater Foundation]

I really think now is the time to just completely get out of Bitcoin.

Comedy gold.

[Arriemoller]

I don't mean to split hairs, but is there any reason to trust a hw wallet less than Coinomi?

Coinomi would just be short stop on the way to the exchange.
And I already own a phone.

And to be clear, I'm not trying to hide my stash from any authorities or agencies, just keeping them out of reach of robbers, burglers and hackers.

If I were it would't be announced to the world.