casa.io - Do you use it? Let's talk about it.

[apogio]

I was reading the Comparing Inheritance Services thread and I 'd like to focus on Casa for some questions.

Disclaimer: I don't use a collaborative custody service. I am doing my own custody. I am just focusing on Casa because I was listening to a podcase lately and it was about this service, but the other ones may be similar.

So, Casa has 3 plans: Standard, Premium and Private Client.

The differences are outlined in the following screenshot:



For the Standard and Premium tiers, Casa suggests a 2-of-3 and a 3-of-5 respectively. In both tiers, Casa holds a single key, meaning that in the 2-of-3 you need to store 2 keys on your own and in the 3-of-5 you need to store 4 keys.

They suggest having a phone key in both setups. So from the 3 keys in the 2-of-3, one key is a hot key, one is owned by Casa and the last one can be a hardware airgapped key.

Question:
What I find awkward is:
1. The hot key, even though it's just one of the 3 (or 5) keys and losing it can't cause you any damage, I consider it to be a bad idea.
2. The hot key is encrypted and backed-up in the cloud (icloud, google cloud etc). I consider this a very bad idea as well. The counter-argument is that it's getting almost impossible to lose, but anyways, I dislike it.

What are your thoughts? Am I paranoid for thinking the above strategy is bad?

I consider Jameson Lopp a very reputable Bitcoiner and a good security guy, so I am certain he's scrutinized all aspects of their products, but again... something doesn't feel ok with it.

[Charles-Tim]

Which means if the other key with the wallet owner is lost, the hot key can be used to recover the coins while the key with Casa is not online?

I do not like the idea of services with inheritance purposes. Bitcoin developers have made everything possible by holders but they just need to read and learn about them and choose their own choice. Inheritance purpose services are not necessary.

[apogio]

Which means if the other key with the wallet owner is lost, the hot key can be used to recover the coins while the key with Casa is not online?

I do not like the idea of services with inheritance purposes. Bitcoin developers have made everything possible by holders but they just need to read and learn about them and choose their own choice. Inheritance purpose services are not necessary.

If any of the keys you hold (as an owner) gets lost, then you need to use your other key and casa's key to unlock your funds. There is a waiting period however, to make sure that you 're not abducted or in danger or that nobody tries to imitate you to steal your funds from casa.

[drwhobox]

Which means if the other key with the wallet owner is lost, the hot key can be used to recover the coins while the key with Casa is not online?

I do not like the idea of services with inheritance purposes. Bitcoin developers have made everything possible by holders but they just need to read and learn about them and choose their own choice. Inheritance purpose services are not necessary.

If any of the keys you hold (as an owner) gets lost, then you need to use your other key and casa's key to unlock your funds. There is a waiting period however, to make sure that you 're not abducted or in danger or that nobody tries to imitate you to steal your funds from casa.

How is this service useful if I lose 2 key? It is an unnecessary service only looking to get paid from subscription fees which is giving a false hope of security.

[apogio]

How is this service useful if I lose 2 key? It is an unnecessary service only looking to get paid from subscription fees which is giving a false hope of security.

I don't understand what you mean. If you have a 2-of-3 multisig vault and you lose 2 of the 3 keys then obviously your money is gone.
I am not saying this sevice is good or bad, although I posted that there is something I dislike that they do.

[drwhobox]

I don't understand what you mean. If you have a 2-of-3 multisig vault and you lose 2 of the 3 keys then obviously your money is gone.
I am not saying this sevice is good or bad, although I posted that there is something I dislike that they do.

From 2 of 3 wallet if I lose 2 keys and from 3 of 5 if I lose 4 keys or even 3 keys then casa can not help me at all. Can they ?

[apogio]

From 2 of 3 wallet if I lose 2 keys and from 3 of 5 if I lose 4 keys or even 3 keys then casa can not help me at all. Can they ?

No but this shouldn’t be their fault. In general the way Bitcoin works is that it requires an unlocking script to be constructed to unlock the coins from an address. In order for this to happen, you need a specific amount of private keys in order to generate the necessary signatures to unlock the coins.

So, if you lose more keys than the minimum required to unlock the coins, then the coins are definitely lost. On the opposite hand, if Casa could help with that, it would mean that they would be able to generate the necessary signatures on their own. This means they could just steal your coins.

So the fact that they can’t help if you lose more coins than the ones you are allowed to lose is actually good for them. Not bad.

[drwhobox]

No but this shouldn’t be their fault. In general the way Bitcoin works is that it requires an unlocking script to be constructed to unlock the coins from an address. In order for this to happen, you need a specific amount of private keys in order to generate the necessary signatures to unlock the coins.

So, if you lose more keys than the minimum required to unlock the coins, then the coins are definitely lost. On the opposite hand, if Casa could help with that, it would mean that they would be able to generate the necessary signatures on their own. This means they could just steal your coins.

So the fact that they can’t help if you lose more coins than the ones you are allowed to lose is actually good for them. Not bad.

I know how wallet and things work. My point is casa is giving a fake sense of security. If I can keep 2 keys safe of a 2 of 3 wallet or 3 keys of a 3 of 5 key wallet then why can't I keep all the keys safe?  I can.

[apogio]

I know how wallet and things work. My point is casa is giving a fake sense of security. If I can keep 2 keys safe of a 2 of 3 wallet or 3 keys of a 3 of 5 key wallet then why can't I keep all the keys safe?  I can.

Definitely.


Let’s focus on another aspect though. Supposing you wanted to create a 2-of-3 or a 3-of-5 on your own, which is basically a solid system, would you choose to make one of the keys a hot key which is backed up on the cloud? On any cloud.

[drwhobox]

Let’s focus on another aspect though. Supposing you wanted to create a 2-of-3 or a 3-of-5 on your own, which is basically a solid system, would you choose to make one of the keys a hot key which is backed up on the cloud? On any cloud.

No! Why would I even need that?

[apogio]

No! Why would I even need that?

I am asking everyone actually.

 Even though your answer is clear and I get your point, I am certain that newbies who read this response won’t acquire sufficient knowledge on why it’s a bad idea, so it should be better to elaborate!

 Because a very simple argument is that you won’t lose funds on if this key gets compromised and at the same time it’s super difficult to lose this key if you do it this way.

 I always disagree with backing up anything in the cloud since it shows that you have sensitive items and it’s a matter of privacy. It’s also a matter of security even if the key is encrypted, because it’s easy to mess things up. So I would always go against this option of an online backup of a hot wallet, even when used in a multisig setup.

[Charles-Tim]

I always disagree with backing up anything in the cloud since it shows that you have sensitive items and it’s a matter of privacy. It’s also a matter of security even if the key is encrypted, because it’s easy to mess things up. So I would always go against this option of an online backup of a hot wallet, even when used in a multisig setup.

Just like I have posted before, I also do not like it. But not only that, I also do not like any third-party services when it is about bitcoin. The best solution for me is multisig setup which is enough for inheritance purpose. Also another is time lock. There are other means you can easily make your hires inherit your coins than relying on those services.

[BenCodie]

The service is taking advantage of uneducated people, ripping them off by getting them to think that multi signature setup and security is a service that needs to be paid for. It costs nothing to setup a multi signature wallet and yet they charge these kinds of fees that no where near justify the cost. I think it should be scrutinized.

[apogio]

I think it should be scrutinized.

Yeah, that's what we 're doing in this thread. We 're scrutinizing one of their tactics.

Just like I have posted before, I also do not like it. But not only that, I also do not like any third-party services when it is about bitcoin. The best solution for me is multisig setup which is enough for inheritance purpose. Also another is time lock. There are other means you can easily make your hires inherit your coins than relying on those services.

Sure, the way I would go about it would be to have 3 air-gapped devices that are fully independent from one another.


Again, in my original post, the major question I have is about one of the cosigners being a hot wallet and its backup being on the cloud. For me this is a huge red flag, and my question remains... does anyone think it's a good practice? I am talking about custom setups (not casa's) right here.

[drwhobox]

Having any part of your wallet information on the could is not a good practice.

People who are not aware about wallet security, they can invest a few hours to write a post, get answers from members from this forum and can save monthly thousands of dollars subscription fees.

[The Cryptovator]

I am just wondering why I should trust a third-party service and pay them to store my own Bitcoin. Why a hardware wallet can't be used to store our Bitcoin. Even I don't like Ledger's third-party 2FA system when we can control the wallet by ourselves. A Bitcoin wallet must be non-custodial; either it's a hardware or software wallet. But we always prefer open-source hardware wallets.

However, I don't see any point of view as a Bitcoin user; why should we use their service? And there is a big amount we have to pay them as well monthly. Rather use a hardware wallet and secure our keys in multiple places. So if one gets damaged along with the device, we can recover from another seed.

[BenCodie]

I am just wondering why I should trust a third-party service and pay them to store my own Bitcoin. Why a hardware wallet can't be used to store our Bitcoin. Even I don't like Ledger's third-party 2FA system when we can control the wallet by ourselves. A Bitcoin wallet must be non-custodial; either it's a hardware or software wallet. But we always prefer open-source hardware wallets.

However, I don't see any point of view as a Bitcoin user; why should we use their service? And there is a big amount we have to pay them as well monthly. Rather use a hardware wallet and secure our keys in multiple places. So if one gets damaged along with the device, we can recover from another seed.

This was part of my point here

The service is taking advantage of uneducated people, ripping them off by getting them to think that multi signature setup and security is a service that needs to be paid for. It costs nothing to setup a multi signature wallet and yet they charge these kinds of fees that no where near justify the cost. I think it should be scrutinized.

No one would take advantage of this service if it was free, as the risk would be that the service no longer exists in some years (and miraculously so will the access to the Bitcoin). Not only does this risk still exist with this service but because a high price tag on it, it makes it seem unachievable to the normal person who might not realize that they can setup something long term without paying a company this much.

[apogio]

However, I don't see any point of view as a Bitcoin user; why should we use their service? And there is a big amount we have to pay them as well monthly. Rather use a hardware wallet and secure our keys in multiple places. So if one gets damaged along with the device, we can recover from another seed.

No one would take advantage of this service if it was free, as the risk would be that the service no longer exists in some years (and miraculously so will the access to the Bitcoin). Not only does this risk still exist with this service but because a high price tag on it, it makes it seem unachievable to the normal person who might not realize that they can setup something long term without paying a company this much.

I don't know, but perhaps people like to feel secure and basically they buy the "sense of security" that these services provide.
But with Bitcoin, there is always self-custody. Even if you use custodial services, essentially you use their self-custody instead of your self-custody.
It's not strange that people prefer to rely on others for financial services. That's how we 've been used to living all these years. Bitcoin is the first system that helps us change mindset, but it will take time.

If you don't believe me or don't get it, I don't have time to try to convince you, sorry.

[BenCodie]

However, I don't see any point of view as a Bitcoin user; why should we use their service? And there is a big amount we have to pay them as well monthly. Rather use a hardware wallet and secure our keys in multiple places. So if one gets damaged along with the device, we can recover from another seed.

No one would take advantage of this service if it was free, as the risk would be that the service no longer exists in some years (and miraculously so will the access to the Bitcoin). Not only does this risk still exist with this service but because a high price tag on it, it makes it seem unachievable to the normal person who might not realize that they can setup something long term without paying a company this much.

I don't know, but perhaps people like to feel secure and basically they buy the "sense of security" that these services provide.
But with Bitcoin, there is always self-custody. Even if you use custodial services, essentially you use their self-custody instead of your self-custody.
It's not strange that people prefer to rely on others for financial services. That's how we 've been used to living all these years. Bitcoin is the first system that helps us change mindset, but it will take time.

If you don't believe me or don't get it, I don't have time to try to convince you, sorry.

I understand that (lazy and uneducated) people prefer custody solutions over self-custody. Though I believe this is more to do with lack of knowing than it is preference. I doubt there are many who know how to self-custody properly and choose something like this. While it's not strange for people to rely on others for financial services, a part of Bitcoin's purpose is to alleviate this, not to create services that do the same thing but for Bitcoin. You are right that it will take time, more efforts need to go toward teaching one how to achieve the same thing that casa offer except by themselves.

[Pmalek]

I wouldn't mind having one private key of a multisig setup in a hot wallet. It's more convenient and allows for quicker signing. At the same time, I would make sure that the other keys are generated in more secure environments, like hardware wallets and/or airgapped computers. Like you said, that one (hot) key isn't enough to broadcast transactions but I would personally not be ok to have it backed up on the cloud. Is that a must? Do they have an option to not have it backed up in the cloud? it would be better if the user had a say and could opt in or out of cloud backups.