Looking for a way to add extra security

[o_e_l_e_o]

gmail has ways to recover an account if you forgot your pw. they are called backup recovery methods. you should check it out.

Gmail? My god. The same service which openly reads all your emails and attachments? And now your back up is duplicated on hundreds of servers around the world which are accessible by thousands of individuals, with unknown physical or digital security.

that guy that has his bitcoins stored on a hard drive. the whole world knows where the hard drive is located. he does too. problem is, he can't get access to the hard drive because they won't let him go near the garbage dump and he probably has anxiety knowing that maybe someone else has a plan to try and dig up his hdd out of that trash dump. seems to me, if he would have just used gmail to store his btc private keys, he would be good to go. but he wanted to store them offline to keep them safe. they're safe alright. safe from his reach.

One person throwing out a hard drive does not mean offline back ups are unsafe. Shall we compare how many people have thrown away a hard drive to how many online accounts have been hacked or how many people have lost their passwords? The later is orders of magnitude larger than the former.

I don't waste time with live OS's.

In which case, your seed phrase likely still exists in plain text somewhere on your hard drive, unless you have overwritten the relevant sector of your hard drive with junk data, either manually or with a dedicated program, which most people don't do.

[ABCbits]

Said every single person who has ever lost their coins.

that guy that has his bitcoins stored on a hard drive. the whole world knows where the hard drive is located. he does too. problem is, he can't get access to the hard drive because they won't let him go near the garbage dump and he probably has anxiety knowing that maybe someone else has a plan to try and dig up his hdd out of that trash dump. seems to me, if he would have just used gmail to store his btc private keys, he would be good to go. but he wanted to store them offline to keep them safe. they're safe alright. safe from his reach.

I'd like to mention that Google also could forbid access to "your" data. Usually either don't give the reason or mention vague ToS. And the appeal process isn't easy since usually you'll get robot response.

Check these articles,
https://www.businessinsider.com/google-users-locked-out-after-years-2020-10
https://medium.com/@sixacegames/how-google-destroyed-our-startup-by-terminating-our-google-play-developer-account-6a8cca09ea88
https://arstechnica.com/gadgets/2021/01/googles-bots-decide-ass-subtitle-support-is-too-risque-for-the-play-store/

[larry_vw_1955]

Gmail? My god. The same service which openly reads all your emails and attachments?

says who?

One person throwing out a hard drive does not mean offline back ups are unsafe. Shall we compare how many people have thrown away a hard drive to how many online accounts have been hacked or how many people have lost their passwords? The later is orders of magnitude larger than the former.

the word hard drive in this context could encompass any form of offline storage. so i'm not sure i would agree with your assessment. hardware goes bad all the time, flash drives, smartphones, ssds, etc, etc. landfills are filled with the stuff i'm sure. some of it has peoples' data on it that they wish they didn't lose.

I don't waste time with live OS's.

In which case, your seed phrase likely still exists in plain text somewhere on your hard drive, unless you have overwritten the relevant sector of your hard drive with junk data, either manually or with a dedicated program, which most people don't do.

that's an unlikely attack vector but i suppose it could happen but not in all cases. for example say I am using electrum. i'll just encrypt the wallet. no seed phrase is stored on the hard drive "in the clear". as well, hard drives do overwrite unused sectors all the time so it's not like it's going to sit there forever.

There is literally no system in the word which is invulnerable to being attacked. Pretty much every email provider in existence has been hacked at some point. Google were caught storing passwords in plain text for 14 years without any of their security team noticing. Plenty of encryption software have had flawed implementations or critical bugs, including very popular ones like TrueCrypt.If you upload something to the internet, then it is at risk.

Therefore, no one should ever store sensitive data online. It's a necessary thing. And I think almost everyone does it. They just don't want to admit to it. But yet when it comes to crypto that's somehow different and it shouldn't be stored online along with their pictures of their family, house, dog, car, credit cards, bank account details etc.....

I'd like to mention that Google also could forbid access to "your" data. Usually either don't give the reason or mention vague ToS. And the appeal process isn't easy since usually you'll get robot response.

Check these articles,

Game developers, google play developers, those arent' your typical user. Not surprising at all that this might have happened to them. Not sure they deserved it but they shoudl have realized the risk...

Yahoo mail lost a huge amount of peoples' emails a long time ago. Stuff happens like that. you just have to roll with the punches.

[o_e_l_e_o]

says who?

Says Google:

We also collect the content you create, upload, or receive from others when using our services. This includes things like email you write and receive, photos and videos you save, docs and spreadsheets you create, and comments you make on YouTube videos.

hardware goes bad all the time, flash drives, smartphones, ssds, etc, etc. landfills are filled with the stuff i'm sure. some of it has peoples' data on it that they wish they didn't lose.

Which is why every good wallet tells you to write down your seed phrase on paper.

hard drives do overwrite unused sectors all the time so it's not like it's going to sit there forever.

Depends on how much data your write to the hard drive. And if it's an SSD, then it might deliberately not write to that sector due to wear leveling.

Therefore, no one should ever store sensitive data online. It's a necessary thing.

It's a necessary thing for some types of sensitive data, such as an online fiat bank account. It is absolutely not necessary for anything to do with a bitcoin wallet.

But yet when it comes to crypto that's somehow different and it shouldn't be stored online along with their pictures of their family, house, dog, car, credit cards, bank account details etc.....

Why on Earth are you storing pictures of your credit card online?

Game developers, google play developers, those arent' your typical user.

Google ban accounts all the time. Just Google it (heh). Even something as simple as the credit card linked to your account expiring has been enough for accounts to get shutdown.

Not sure they deserved it but they shoudl have realized the risk...

Much like you are dismissing all the significant risks you are taking?

[ABCbits]

Gmail? My god. The same service which openly reads all your emails and attachments?

says who?

Few random article,
https://www.theguardian.com/technology/2014/apr/15/gmail-scans-all-emails-new-google-terms-clarify
https://easydns.com/blog/2019/06/03/googles-gmail-scans-parses-analyzes-and-catalogs-your-email/

I'd like to mention that Google also could forbid access to "your" data. Usually either don't give the reason or mention vague ToS. And the appeal process isn't easy since usually you'll get robot response.

Check these articles,

Game developers, google play developers, those arent' your typical user. Not surprising at all that this might have happened to them. Not sure they deserved it but they shoudl have realized the risk...

Yahoo mail lost a huge amount of peoples' emails a long time ago. Stuff happens like that. you just have to roll with the punches.

If you're looking for case where regular user is blocked/banned, there are many such posts on twitter, reddit or facebook. Few random example from reddit (since twitter/facebook won't let you search without login),

https://www.reddit.com/r/google/comments/2qhjf5/my_google_drive_account_was_randomly_suspended/
https://www.reddit.com/r/GooglePixel/comments/7nrx07/google_permanently_banned_my_account_because/

Besides, the risk is applicable to all kinds of Google users.

[pooya87]

At the end of the day using cloud services (includes email) to store your private keys is still relying on third parties which is something you should never do when it comes to bitcoin, whether it is usage or storage. They may some day decide that they don't like bitcoin (maybe because google creates their own centralized shitcoin) and ban all accounts that had some activity that related to bitcoin!

[larry_vw_1955]

Few random article,
https://www.theguardian.com/technology/2014/apr/15/gmail-scans-all-emails-new-google-terms-clarify
https://easydns.com/blog/2019/06/03/googles-gmail-scans-parses-analyzes-and-catalogs-your-email/

it's automated. there's no person reading the emails. that doesn't affect me at all as far as something i store there that is encrypted because nothing can read that.

If you're looking for case where regular user is blocked/banned, there are many such posts on twitter, reddit or facebook. Few random example from reddit (since twitter/facebook won't let you search without login),

https://www.reddit.com/r/google/comments/2qhjf5/my_google_drive_account_was_randomly_suspended/

his account was reinstated. nothing was lost. but yeah he did have to jump through some hoops and google had him by the balls for a while...

https://www.reddit.com/r/GooglePixel/comments/7nrx07/google_permanently_banned_my_account_because/

Yeah, it says:
...Google banned my payments account because I returned some RMA pixel phones to them and their system didn't recognize the return. When I did a credit card charge back, they banned me. There was no appeal process

Seems like he flew off the handle and did a charge back. so none of what happened after that is surprising at all.

Besides, the risk is applicable to all kinds of Google users.

thats why you have to replicate your most important data to other places than just google. easier said than done but that's what you have to do. that's what I do. and i had planned to replicate it to some offline storage too but haven't gotten around to it due to being more inconveinent. but i will.

At the end of the day using cloud services (includes email) to store your private keys is still relying on third parties which is something you should never do when it comes to bitcoin, whether it is usage or storage.They may some day decide that they don't like bitcoin (maybe because google creates their own centralized shitcoin) and ban all accounts that had some activity that related to bitcoin!

i'll let you have the last word on this pooya. suffice it to say that some of this discussion made me realize i need to "beef up" my data storage protocol to make it a bit more robust. thanks guys!