HWs and Airgapped PCs: I'm under doubts. What should I do?

[ABCbits]

This is something that I've been contemplating, honestly.. mostly due to the CoinJoin implementation. If Wasabi can download and run a full node, I'll look more into it. Coin mixing is something I'd definitely want to have as a handy feature.

Their docs explain about full node, https://docs.wasabiwallet.io/using-wasabi/BitcoinFullNode.html

P.S. if you plan to run Bitcoin Core separately, don't forget to allow incoming connection and check firewall for both devices.

Why would Bech32-only support be a con though? I'm using SegWit only anyway, so that's not an issue for me at all.

I assume you have both Legacy and Bech32 address. Some people still use legacy address since few service and exchange (usually crap or local exchange) don't support Bech32 address.

[1715364616]

1715364616

[1715364616]

1715364616

[1715364616]

1715364616

[1715364616]

1715364616

[1715364616]

1715364616

[20kevin20]

A little update: I've managed to get multiple devices set up different ways and so far I've played with small amounts of BTC to test out all of the previously mentioned ideas. Got to run Wasabi with Bitcoin Knots and the Core with Full Node as well (wanted to see how both work). I pretty much fell in love with Wasabi, but Electrum seems to give more user control (probably removed from Wasabi for privacy reasons) so I'll actually end up using both separately, depending on my needs.

One particular thing I'm a bit confused about is about broadcasting txs..: strictly from a privacy perspective, which one is better?
 1. Broadcasting from Wasabi (with Knots) through Tor
 2. Broadcasting from Bitcoin Core full node running through Tor
 3. Broadcasting through Whonix (Live Session, Read-Only Virtual Machine running Tor system-wide) from Electrum*

*I'd use the Whonix session strictly for broadcasting the transaction data, after which the session would close

If I'm running a Full Node (or Knots), I feel like it's not a good idea to broadcast my transactions from the same device but to use a dedicated live session to do so.. however, I wanted to hear someone else's opinion about this as well.

[hatshepsut93]

One particular thing I'm a bit confused about is about broadcasting txs..: strictly from a privacy perspective, which one is better?

If you are only broadcasting a transaction, then simply hiding your IP address through Tor is enough, so there should be no difference between light wallets and full node here. However, light wallets would automatically communicate with servers when they connect to them, requestion information about their addresses, which is where the privacy risk comes, so if you want to use a light wallet, create an empty wallet specifically for pushing transactions.

[20kevin20]

If you are only broadcasting a transaction, then simply hiding your IP address through Tor is enough, so there should be no difference between light wallets and full node here. However, light wallets would automatically communicate with servers when they connect to them, requestion information about their addresses, which is where the privacy risk comes, so if you want to use a light wallet, create an empty wallet specifically for pushing transactions.

That's exactly what I wanted to know but had no idea how to ask more specifically. Thanks for the answer.

Edit: I have one more thing but I don't think it's worth creating a new thread..

Before actually moving my funds into those wallets, I want to make sure (although I did verify the packages with ThomasV's signature, I'd rather be extra-paranoid than be screwed up) that I have installed the legit, non-malicious version of Electrum.

Would creating a new random seed through RNG (using dice and the wordlist) and using that as a test seed on 3 different devices with Electrum installed be enough? I'd use it as a "disposable" seed to check whether all 3 devices show up the same addresses.

[hatshepsut93]

Would creating a new random seed through RNG (using dice and the wordlist) and using that as a test seed on 3 different devices with Electrum installed be enough? I'd use it as a "disposable" seed to check whether all 3 devices show up the same addresses.

Verifying the signature is all you need, because it would mean that this is the version reviewed by the open-source community. If you're paranoid about the developer going rogue, avoid downloading a fresh release, and read discussions about the wallet on multiple places, like this forum, github, reddit, etc. - if there is indeed something malicious in the official releases, someone would notice it and report it.

Your idea with testing for rigged address list is not bad in itself, it won't hurt to do it, but you are just testing against one of many possible attacks, so this alone is not a proof that a wallet is safe. A better way to test a new wallet is just put a small, but not too small, amount of coins into it and wait some time. This way you will cover a lot if not all possible hacking scenarios.

But really, being paranoid about small details isn't really good, it can actually distract you from real security/safety issues, like physical security, that is probably most often overlooked.

[o_e_l_e_o]

so if you want to use a light wallet, create an empty wallet specifically for pushing transactions.

If doing this you must also make sure you use a new Tor circuit. If a node sees you querying a bunch of addresses from a certain IP, and then later sees a transaction being broadcast from the same IP, it is easy to link all these together, regardless of whether you have used an empty wallet or not.

Would creating a new random seed through RNG (using dice and the wordlist) and using that as a test seed on 3 different devices with Electrum installed be enough?

I'm not sure that would tell you very much. Rather I would restore the seed phrase on multiple different pieces of software (such as Electrum and Ian Coleman) and check they both match. Although even then, that tells you nothing about how securely Electrum is generating seed phrases.

If you want to be ultra paranoid, then flip a coin 256 times and make your own seed phrase from scratch.