Trust No One

[whitefeather]

It's  not so much about trust, rather about managing risk.

Agreed. Well put.

[eddyfitz]

Thank you for the advice!

[lilac718]

What's the point of bitcoin if you have to be so paranoid?

[quality_armbands]

Wow

[quality_armbands]

Do not trust anyone

[shanonism]

Good Info, Thanks!

[davider]

Be critic about all opinion!

[CypressXM]

I'm looking into how to do a paper wallet for this reason. There is no safer place than offline. Print and hide in a corner of a filing cabinet or something.

Also for doing transactions a good idea might be to setup OpenBSD virtual machine. (FreeBSD also good, and Linux better than nothing). Or better yet a physical OpenBSD machine used only for online banking and BTC transactions. (OpenBSD is widely regarded as the worlds most secure operating system)

I also run a custom pfsense router because so many commercial routers have outrageous security vulnerabilities. Windows 8 introduced 'refresh' which allows you to reset your operating system to a clean install which makes it much easier to revert to a known good state with all the stealth malware out there.

It really is dangerous. This is the golden age of hacking. In addition to all the criminal groups and hacker/hacktivists out there, around the world there are probably 200+ government intelligence agencies, 150 military organizations, hundreds of national policing organizations, and perhaps thousands of state and local level law enforcement organizations who are all actively developing and deploying malware and would love to add your network to their botnet. Everyone wants cyber warfare capabilities and everyone wants the ability to spy on as many people as possible.

It's hard to stay safe. At a bare minimum everyone here should be running their web browser inside a linux virtual machine. So if you are hit with an attack then:

1. They have to have a payload capable of taking root on linux
2. They have to have a way to break out of your virtual machine

Much more secure.

Stay safe people.

[saldoom]

  I'm glad I came up on this thread.

[thekidcoin]

I only use Linux for sending coins, or storing wallets.  I have backups of wallets in multiple location on multiple USB drives.  On those devices i also have the public/private keys.  The linux laptop I use for coins is off at all times, and the wi-fi is only enabled to update the blockchain (when needed).

I never keep coins or USD in an exchange for more than a few hours (send coins in, convert to other coins, or sometimes sell a decline and buy back lower).

The wallets I use to send mined coins are on Windows machines - and they are only used to receive coins from mining activities, then immediately send to the offline wallet stored on the laptop etc.

[dcc]

Seriously. Don't trust the exchanges, don't trust online wallet services, don't trust your anti-virus software, and don't trust anybody online.

If you absolutely must trust someone with your bitcoins, for the love, choose carefully!

• Do you know their full name?
• Do you know where they are located?
• Have they demonstrated trustworthiness in the past?
• Are they asking you to trust them? (red flag)
• Do they have insurance?

Insurance? Impossible, you say. Not so!

When I needed people to trust me to hold bitcoins for a contest, I deposited 50 bitcoins as a bond with a well-respected forum member, so that even if I did something stupid and lost people's money, they would still be reimbursed. You can read about it here: http://bitcointalk.org/index.php?topic=10008.0

Consider carefully who you will trust. With bitcoins, elaborate scams may be profitable. For instance, someone may develop trust for their user name over many months with small transactions on this forum, then take advantage of that trust to make off with a lot of money. Such a scam would only be worth doing on this forum. No other forum in the world would be worth the effort.

If you want someone to hold your bitcoins for you, there are NO online services that have the transparency and security to make me comfortable using them for storing bitcoins for more than a short time in small amounts. The only way to do it is like I did - choose someone whom you believe to be trustworthy, and approach them. If they approach you, or in any way say or insinuate that they are a trustworthy person to hold your coins, STAY AWAY.

If you are thinking that I might not be trustworthy, since I am writing this post about the issue, you are approaching the appropriate level of paranoia.

If you want to store your bitcoins with maximum security, there are lots of resources about how to do it, such as this: https://en.bitcoin.it/wiki/Securing_your_wallet

Here's my summary:

1. Put all your coins in a new wallet that has never connected to the network
2. Encrypt that wallet with the maximum security you can find, using the most secure password you can keep track of
3. Delete the plaintext wallet, and distribute the encrypted wallet to every piece of physical media you own, store it online, and send it to several people you trust

Don't think you can generate and remember a secure enough password? Create a super-long password, and store clues to help you remember it. For instance, your password clue file might say:

My standard password + My throwaway password (backwards, all caps) + &#$%@ + First two sentences of first paragraph of page 19 of my favorite book (include all capitalization and punctuation) + My wife's mother's middle name + My son's favorite superhero + My favorite number times 8734 + food my wife hates (backwards, all caps) + 9-digit number stored with my paper will + 10-character password stored in my safety deposit box + . . . .

You can go on in this way to create as long a password as you want. Store this password clue file with your encrypted wallet, and optionally encrypt both with a simple standard password to keep out snoopers.

In this way, not only can you recover your coins from your "savings account" at a later date, if you get hit by a chicken truck tomorrow and die, your loved ones can probably piece together your password and recover the coins too (better make sure you trust them, and that between them they have or can get the answers to those clues).

I recommend that you practice your wallet encryption and recovery a few times with a small number of coins, until you are very comfortable with the process before you try it with the bulk of your savings.

And remember, this is how most bitcoins services get started:

https://lh3.googleusercontent.com/-lgm4poF3JWE/TgsHwby-BlI/AAAAAAAADwQ/twan94HT6p4/020.jpg

Comic from: http://bitcointalk.org/index.php?topic=13903.0

I just don't put real money on it, my only spend was eletricity

[CypressXM]

Seriously. Don't trust the exchanges, don't trust online wallet services, don't trust your anti-virus software, and don't trust anybody online.

If you absolutely must trust someone with your bitcoins, for the love, choose carefully!

• Do you know their full name?
• Do you know where they are located?
• Have they demonstrated trustworthiness in the past?
• Are they asking you to trust them? (red flag)
• Do they have insurance?

Insurance? Impossible, you say. Not so!

When I needed people to trust me to hold bitcoins for a contest, I deposited 50 bitcoins as a bond with a well-respected forum member, so that even if I did something stupid and lost people's money, they would still be reimbursed. You can read about it here: http://bitcointalk.org/index.php?topic=10008.0

Consider carefully who you will trust. With bitcoins, elaborate scams may be profitable. For instance, someone may develop trust for their user name over many months with small transactions on this forum, then take advantage of that trust to make off with a lot of money. Such a scam would only be worth doing on this forum. No other forum in the world would be worth the effort.

If you want someone to hold your bitcoins for you, there are NO online services that have the transparency and security to make me comfortable using them for storing bitcoins for more than a short time in small amounts. The only way to do it is like I did - choose someone whom you believe to be trustworthy, and approach them. If they approach you, or in any way say or insinuate that they are a trustworthy person to hold your coins, STAY AWAY.

If you are thinking that I might not be trustworthy, since I am writing this post about the issue, you are approaching the appropriate level of paranoia.

If you want to store your bitcoins with maximum security, there are lots of resources about how to do it, such as this: https://en.bitcoin.it/wiki/Securing_your_wallet

Here's my summary:

1. Put all your coins in a new wallet that has never connected to the network
2. Encrypt that wallet with the maximum security you can find, using the most secure password you can keep track of
3. Delete the plaintext wallet, and distribute the encrypted wallet to every piece of physical media you own, store it online, and send it to several people you trust

Don't think you can generate and remember a secure enough password? Create a super-long password, and store clues to help you remember it. For instance, your password clue file might say:

My standard password + My throwaway password (backwards, all caps) + &#$%@ + First two sentences of first paragraph of page 19 of my favorite book (include all capitalization and punctuation) + My wife's mother's middle name + My son's favorite superhero + My favorite number times 8734 + food my wife hates (backwards, all caps) + 9-digit number stored with my paper will + 10-character password stored in my safety deposit box + . . . .

You can go on in this way to create as long a password as you want. Store this password clue file with your encrypted wallet, and optionally encrypt both with a simple standard password to keep out snoopers.

In this way, not only can you recover your coins from your "savings account" at a later date, if you get hit by a chicken truck tomorrow and die, your loved ones can probably piece together your password and recover the coins too (better make sure you trust them, and that between them they have or can get the answers to those clues).

I recommend that you practice your wallet encryption and recovery a few times with a small number of coins, until you are very comfortable with the process before you try it with the bulk of your savings.

And remember, this is how most bitcoins services get started:

https://lh3.googleusercontent.com/-lgm4poF3JWE/TgsHwby-BlI/AAAAAAAADwQ/twan94HT6p4/020.jpg

Comic from: http://bitcointalk.org/index.php?topic=13903.0

I just don't put real money on it, my only spend was eletricity

Well if you're paying for the electricity then you're still spending money. But if it makes you feel better than more power to you.

[Endlessa]

This is exactly why I will never touch a single share of AsicMiner . . ..sure friedcat seems nice. . . .and I don't doubt he is.  But we don't have any idea of who, when or where?

[WeissJT]

Interesting

[susan32]

Great advice!

[Surprise]

"Don't be an idiot" is a better rule than "trust no one", I think.

[Orianna]

I only use Linux for sending coins, or storing wallets.  I have backups of wallets in multiple location on multiple USB drives.  On those devices i also have the public/private keys.  The linux laptop I use for coins is off at all times, and the wi-fi is only enabled to update the blockchain (when needed).

I never keep coins or USD in an exchange for more than a few hours (send coins in, convert to other coins, or sometimes sell a decline and buy back lower).

The wallets I use to send mined coins are on Windows machines - and they are only used to receive coins from mining activities, then immediately send to the offline wallet stored on the laptop etc.

Would the use of a Thumb Drive to store the wallet be an acceptable alternative?

Would prefer NOT to have to learn a new (to me)  OS.

Agreed, although I hear that Linux has come a long way from their earlier days and from what I read seems to be the go to for mining alt coins.
I too am curious to know if use of an encrypted thumb drive to store a 'savings' wallet is considered to be an acceptable alternative.

-bump-

[r3wt]

we should make a list of all the scammers including user name, ip, and email address....

[cryptostore07]

But if any new coins not hit any exchange and I want to buy?

[joakof2]

I use to trust in people, i had some surprises, but basically most of "us" we are to be trusted.

IMHO.

Regards