As a Bitcoin Core only user, how im supposed to pay someone in person?

[BlackHatCoiner]

Im going to look at the Fairphone thing. Im familiar with Purism, their prices are a scam

That's exactly why I'm not buying any of those phones. They're overcharging; probably their targeted audience is privacy concerned users who aren't competent with phones. If you dig it up a little bit, you can buy yourself a 300 EUR worth of Pixel, with Graphene installed, and it'll be both more secure and private than any of those.

It is quite difficult to lug around everywhere (unless it's a macbook air or something else that's light), requires a WiFi access point, is inconvenient for scanning QR codes and is overall quite cumbersome to use for making payments when you're on the street.

• Or just a small laptop.
• You can use mobile data.
• I guess they can send you the address over some communication channel if QR is not a practical option. In the worst, type the address.

[1714202368]

1714202368

[NotATether]

It is quite difficult to lug around everywhere (unless it's a macbook air or something else that's light), requires a WiFi access point, is inconvenient for scanning QR codes and is overall quite cumbersome to use for making payments when you're on the street.

• Or just a small laptop.
• You can use mobile data.
• I guess they can send you the address over some communication channel if QR is not a practical option. In the worst, type the address.

Yeah, those will work, but here's the thing: We are moving into a world where everyone has a mobile phone. The same cannot be said about computers. Therefore, it in the future when Bitcoin becomes more adopted, it is more likely that you will encounter a bitcoin-dealing merchant who utilizes a smartphone than someone who has a computer with them, and the technology has to be ready by then to accommodate both usages.

And one of them is already supported: Typing in the address and amount and click Pay/Broadcast/whatever. But we are not there yet in terms of QR Code and/or NFC methods of payment.

I mean in theory, there should already be a strong support for QR codes in particular, on mobile wallets, but for whatever reason, nobody can agree on a number one wallet app to use, which would make this process significantly easier for average bitcoin users to give instructions about to customers (because it is easier to remember how 1 wallet works than 10). Unstoppable Wallet for example looks very good for this sort of thing and has a good reputation, but most people are using crappy exchanges or closed-source wallets instead.

[LoyceV]

Im not familiar with phones.

I strongly dislike phones: they're annoyingly small to type, the screen is 5% of what I'm used to, they need daily recharging, and they're fragile. But: it's a necessary evil nowadays.

Btw, what I meant with this thread, wasn't to say, I want to use Bitcoin Core on a phone, I can reasonably compromise, I just want to do it properly. I will mix at home, get the amount to use ready, and put it into mobile Electrum or whatever. Im not going to know the address until I arrive, so I cannot sign it at home. Then I also need to sort out how to transfer this through Tor from the phone. What I don't like is the traces that this would leave in terms of, imagine you lose your phone somewhere or something. Since im not familiar with phones, I don't know what to expect if that happens. Could some experienced phone users comment on this whole process?

First: I've never lost my phone, but I always assume that can happen at any moment. That means I don't do banking on my phone, I use a separate email account, I backup my data, and for Bitcointalk I use my not-to-be-trusted Mobile account.
For small, "daily" transactions, I keep some crypto on Unstoppable wallet on my phone. I set it up to use "From Blockchain" instead of "API" for privacy, and to use Tor. That makes it slower, but more private. If I lose my phone, I'll sweep my wallet. The wallet has a PIN, the phone has it's own security. And the amount on there is low.

[o_e_l_e_o]

Then I also need to sort out how to transfer this through Tor from the phone.

If not connecting to your node, then I would also use Orbot as ETFbitcoin has suggested.

What I don't like is the traces that this would leave in terms of, imagine you lose your phone somewhere or something. Since im not familiar with phones, I don't know what to expect if that happens. Could some experienced phone users comment on this whole process?

Install the wallet app inside some kind of encrypted folder or partition on your phone. If a thief manages to steal your phone, even if they bypass your lock screen they won't even be able to see you have wallet app installed without breaking the encryption first.

[shield132]

Suppose you only use Bitcoin Core on a Linux distro because you don't trust anything else

Then you have to change your mind. I use Electrum in my smartphone for years, have stored up to 1 bitcoin and never ever got it stolen. I don't suggest you to use your smartphone as a cold wallet but it can be a good hot wallet for hundreds of dollars or some thousands for a quick pay.

Is there any handheld device that would make sense to use to do this transaction that doesn't stand out? Like one of these hardware wallets, that screams "punch this guy to get free BTC".

Oh, so you changed your mind and don't stick with Linux distro.
If I were you, I would buy The Passport Foundation wallet and would watch this tutorial - https://www.youtube.com/watch?v=Ri1ZBZZdQb0
By using The Passport wallet and your smartphone, you will feel secure.

I don't get your point. laptop can be brought anywhere you want so why not bring it and only deal with someone in a safe place like a mall?

Laptop may attract attention, someone accidentally may hit you with shoulder and you may drop your laptop, everything can happen, I wouldn't use laptop either. I think that chances of damagin laptop or getting it stolen is way higher compared to smartphone because everyone has smartphone today in the street and outside, just my two cents.

[LoyceV]

Laptop may attract attention, someone accidentally may hit you with shoulder and you may drop your laptop, everything can happen, I wouldn't use laptop either. I think that chances of damagin laptop or getting it stolen is way higher compared to smartphone because everyone has smartphone today in the street and outside, just my two cents.

A quick Google search shows that both laptops and cell phones have a 1-in-10 chance of being stolen. I trust laptops a lot more though, since I can install my own software and easily encrypt a user directory. Pick one up from Craigslist (for $50) and you don't have to worry about losing your expensive laptop.

[o_e_l_e_o]

An added bonus of using a laptop rather than a phone is you can install and run Bisq on it. Before arranging your face to face trade you can place any bitcoin you are selling in Bisq's multi-sig escrow, and then release them from escrow after the buyer hands you the cash. If someone steals your laptop, they can't steal the bitcoin out of the escrow.

[LoyceV]

FWIW, Android have built-in encryption

But it sucks
My phone for instance gives me the option to encrypt my MicroSD card. But if I do, I can no longer read the card in another phone, and if I reset my phone to factory settings, I also lose the data on my MicroSD card. On a (Linux) laptop, at least I'm allowed to keep my decryption key. I don't want to tie decryption to one specific device.

[o_e_l_e_o]

FWIW, Android have built-in encryption[1] which AFAIK used by default these days.

But how good is it? If the phone is off then maybe, but if the phone is on and simply locked? There have been various methods to bypass the lock screen, such as this one: https://www.androidpolice.com/one-minute-hack-allowed-lock-screen-bypass-on-android-current-pixels-are-safe/. And once the lock screen is bypassed, everything can be accessed.

I'd rather have an entirely separate encrypted container which I know cannot be accessed without my decryption key.

[LoyceV]

There have been various methods to bypass the lock screen, such as this one: https://www.androidpolice.com/one-minute-hack-allowed-lock-screen-bypass-on-android-current-pixels-are-safe/.

That's like: "you've replaced my bicycle lock, now you can take my car".
Android always feels like a dumbed-down version of Linux. On a slow old tablet, after switching users, the lock screen takes many seconds to load. During that time you can view the entire screen, and even starts apps (including Authenticator).

So setting the phone to perform auto reboot every few hours would help a lot in this case.

That removes basic functionality from your phone: you'll need to unlock it every few hours to be able to receive phone calls again.

[NotATether]

Android always feels like a dumbed-down version of Linux.

That's because it is a dumbed-down version of Linux with an extremely old kernel, no daemons, no way to compile stuff from scratch and overall, is more designed to be a Google product than anything that has anything to do with Linux

That is not to say that Linux ports to mobile phones have been particularly successful yet (Ubuntu Touch I think and there are some others who have also failed).

[o_e_l_e_o]

Unfortunately that's true. It happened to me few times, so i switch it to every few days instead.

Forgive me if I'm missing something, but what does this actually achieve?

When the phone is off, all data is encrypted. Great. When you turn it on, it remains encrypted until you unlock it for the first time. But you need to unlock it for the first time before you can actually use it as a phone. It will not receive calls, notifications, etc., until you have done so, at which point it isn't encrypted anymore. It is only protected by your lock screen, of which I have serious doubts about the security.

So if you reboot your phone every few hours or every day but are going to unlock it immediately after reboot so you can actually use it as a phone again, then what difference does that make to just having it turned on all the time?

This is why my suggestion was to have a dedicated folder on your phone which is separately encrypted and contains your bitcoin wallets, which you would only unlock when interacting with those wallets. Then at least you can still use the rest of the phone as a phone without having your bitcoin wallets unencrypted all the time. I do this on computers as well - I use full disk encryption on all my devices, but still have further separately encrypted files and folders which I will only decrypt when in use.

[NotATether]

This is why my suggestion was to have a dedicated folder on your phone which is separately encrypted and contains your bitcoin wallets, which you would only unlock when interacting with those wallets. Then at least you can still use the rest of the phone as a phone without having your bitcoin wallets unencrypted all the time. I do this on computers as well - I use full disk encryption on all my devices, but still have further separately encrypted files and folders which I will only decrypt when in use.

Very easy to do with GPG, you don't need any system software to do this except for a PGP client.

First, zip the folder into a .tar.gz or a .zip or something, Then encrypt and delete the folder.

When you want to decrypt, then you can unzip the decrypted contents.

Of course, this does have one flaw in that somebody can just extract your hard disk and look for unencrypted sectors, since deletion does not overwrite file data in-place[1] (this is the case for journaled filesystems like ext4 used in Android).


[1]: https://www.gnu.org/software/coreutils/manual/html_node/shred-invocation.html

[LoyceV]

Very easy to do with GPG, you don't need any system software to do this except for a PGP client.

First, zip the folder into a .tar.gz or a .zip or something, Then encrypt and delete the folder.

Am I the only one who doesn't find any of this easy to do on a phone?

My approach is much simpler: my phone itself is worth more than any crypto in my mobile wallet. I'm careful with it anyway.

[ABCbits]

Unfortunately that's true. It happened to me few times, so i switch it to every few days instead.

Forgive me if I'm missing something, but what does this actually achieve?

I initially mention encryption since OP said about phone getting stolen or other scenario. If the delay between attempt to crack the device and next reboot is very short, the attacker would have much hard time to crack the device.

When the phone is off, all data is encrypted. Great. When you turn it on, it remains encrypted until you unlock it for the first time. But you need to unlock it for the first time before you can actually use it as a phone. It will not receive calls, notifications, etc., until you have done so, at which point it isn't encrypted anymore. It is only protected by your lock screen, of which I have serious doubts about the security.

Before first unlock, basic functionality already enabled. IIRC that include WiFi/internet connection and receive SMS/call.

[shield132]

Laptop may attract attention, someone accidentally may hit you with shoulder and you may drop your laptop, everything can happen, I wouldn't use laptop either. I think that chances of damagin laptop or getting it stolen is way higher compared to smartphone because everyone has smartphone today in the street and outside, just my two cents.

A quick Google search shows that both laptops and cell phones have a 1-in-10 chance of being stolen. I trust laptops a lot more though, since I can install my own software and easily encrypt a user directory. Pick one up from Craigslist (for $50) and you don't have to worry about losing your expensive laptop.

I did a quick Google search right now after your comment and I have to admit that you are right, some .gov and .edu websites say that 1 in 10 individuals will have their laptop or smartphone stolen at some point. Okay, I am not going to argue with you over this but I think this person has to make his choice by considering his location. I can say this from personal experience that laptops are stolen more often than smartphones because almost everyone moves with iPhones or with expensive smartphones but you'll rarely see someone with laptop. By the way, it's easier to hide smartphone or put it in a safe pocket quickly if you notice any threat. Okay, I am not arguing here, it's very individual but aren't laptops more likely to get victim of cyber attacks?

Android always feels like a dumbed-down version of Linux.

That's because it is a dumbed-down version of Linux with an extremely old kernel, no daemons, no way to compile stuff from scratch and overall, is more designed to be a Google product than anything that has anything to do with Linux

That is not to say that Linux ports to mobile phones have been particularly successful yet (Ubuntu Touch I think and there are some others who have also failed).

Android itself is a dumbed-down version of Linux but it's even more dumbed-down when companies like Samsung, Xiaomi, Oppo and Sony make plenty of modifications to Android.

[LoyceV]

it's easier to hide smartphone or put it in a safe pocket quickly if you notice any threat.

Phones are also easier to get stolen from the same pocket. Nobody can steal my laptop from the laptop backpack on my back without me noticing.

aren't laptops more likely to get victim of cyber attacks?

I'm assuming you don't run your Bitcoin Core on Windows, and don't install malware on your laptop.

[o_e_l_e_o]

I initially mention encryption since OP said about phone getting stolen or other scenario. If the delay between attempt to crack the device and next reboot is very short, the attacker would have much hard time to crack the device.

Ahh ok, that makes sense. Still, I would prefer really sensitive data (like a bitcoin wallet) to be encrypted at all times except for the few minutes I am actively using it.

Am I the only one who doesn't find any of this easy to do on a phone?

There are much easier ways to do it. On GrapheneOS for example, you can create multiple user profiles which are encrypted when not in use. Simply create a profile simply for bitcoin related things and install your wallets there. When you are in your main profile for calls, messaging, etc., the other profile is shut down and completely encrypted, and so an attacker wouldn't even be able to see you had a bitcoin wallet app installed. Just log in to that profile for the few minutes you need to use it, and then log out of that profile when done to re-encrypt it.

[DaveF]

I'm also going to put this out there. While the question that the OP asked is a legitimate question. It does bring up another issue of how many one off situations are there that can happen.
Most people are fine with an insecure hot wallet on their phone and the bit of loss of privacy that comes with it.

There are ways to get around the privacy issue by running your own node and electrum server and connecting to that.

There are ways of using https://tapsigner.com/ or some similar product for more security. You can even have a large amount of funds in an encrypted paper wallet that you import & sweep & then pay the person.

There are 100s of different scenarios / options and each person will have to figure out what will work for them.

We can go down the rabbit hole of what works for the OP, but for the next person it may not be a good answer. There is not a one size fits all for things like this.

So....how do we as a group come up with a general framework that can be more tailored to people, or is it not worth it and we treat every one as an individual thing.

-Dave

[takuma sato]

I'm also going to put this out there. While the question that the OP asked is a legitimate question. It does bring up another issue of how many one off situations are there that can happen.
Most people are fine with an insecure hot wallet on their phone and the bit of loss of privacy that comes with it.

There are ways to get around the privacy issue by running your own node and electrum server and connecting to that.

There are ways of using https://tapsigner.com/ or some similar product for more security. You can even have a large amount of funds in an encrypted paper wallet that you import & sweep & then pay the person.

There are 100s of different scenarios / options and each person will have to figure out what will work for them.

We can go down the rabbit hole of what works for the OP, but for the next person it may not be a good answer. There is not a one size fits all for things like this.

So....how do we as a group come up with a general framework that can be more tailored to people, or is it not worth it and we treat every one as an individual thing.

-Dave

The thing with these devices is, they stand out. It looks like some sort of odd thing you are doing, you don't blend in with the average Joe. This to me is a thing to avoid. The way I see it is that when it comes to mobile transactions, you want to use a device that is not flashy, like a very common looking phone, and do not carry more than you could afford to lose carrying on your physical wallet, in terms of cash. This way, you don't make yourself a target, and if you lose the phone, you wouldn't lose some crazy amount, and you would still have a backup at home anyway. By the time they cracked access to the phone, you just would transact these funds into another address you own.

What I want to do now is to find a new phone, because I have some Galaxy phone from 10 years ago, so im assuming this Android version it's using is not updated and thus dangerous to use. And also look at what to do in terms of configuring it to find some reasonable amount of privacy. I've read on Orbot to use Tor on Android phones. I've seen Graphene but that is limited to Google phones. There are no other alternatives?

I would then basically use Electrum, and transact through Tor. I would need to consider if I would even need to transact through my node or just use some of the reasonable to use servers through Tor. Since the amounts aren't even big, it should be enough. And I don't want to connect my phone back to my node which is sitting at home physically anyway, I would rather compromise using someone else's server and send through there.