Stop buying hardware wallets. The $0 Paranoiac OpSec Setup.

[CryptoVoyager24]

Buying a $200 titanium hw wallet with bluetooth and a color screen isnt security. Its paying for an expanded attack surface. Marketing brainwashed everyone into thinking isolation costs money. It doesnt. It just takes discipline.

The golden rule is simple. If the operating system has network drivers enabled and touches the internet, your private keys do not go on it. Period.

Heres the actual $0 cypherpunk baseline. Grab a cheap blank usb stick and flash tails os on it. Tails runs purely in ram and gets wiped the second u pull the plug. Take an old beater laptop and literally physically remove the wifi card from the motherboard. Boot tails completely offline. Open up electrum which comes preinstalled, generate your seed, and stamp it in metal. Your cold storage is done.

How to actually use it without ruining the setup? psbt (partially signed bitcoin transactions).
U export the zpub master public key from that offline machine to your daily phone or pc. That creates a watch-only wallet. U can see your balance and generate fresh receiving addresses, but no keys exist on the phone. Hackers cant steal what isnt there.

When u actually need to move coins, u create the raw tx on the online phone. Pass the psbt file via qr code or a second usb to the offline tails laptop. Sign the tx on the offline machine. Move the signed file back to the online device and broadcast it to the network.

Your keys stay offline forever. The os burns itself down on shutdown. U trust open source math verified by thousands of devs instead of a closed source chip from a corporation that probably leaks customer databases anyway. Stop throwing money at shiny gadgets to patch your lazy habits. Physical isolation is the only real opsec.

[hd49728]

Heres the actual $0 cypherpunk baseline. Grab a cheap blank usb stick and flash tails os on it. Tails runs purely in ram and gets wiped the second u pull the plug. Take an old beater laptop and literally physically remove the wifi card from the motherboard. Boot tails completely offline. Open up electrum which comes preinstalled, generate your seed, and stamp it in metal. Your cold storage is done.

USB stick is one of things can be used for your wallet backups, and using Tails OS is good too, but remember that USB stick can have technical problems and might be dead anytime so you must have multiple USB sticks for your wallet backups and perhaps other backup methods too.

With wallet backups, it's always recommended to do multiple wallet backups.
How to Install Tails OS on USB flash drive for Wallet Purpose.

[aiying715]

Be mindful of version synchronization: Regularly (e.g., every six months) create a new Tails boot drive to ensure that Electrum's version doesn't fall behind the network consensus.

[aoluain]

Why not just get a hardware wallet like Trezor? tens of thousands have been sold and this
combined with stamping the seed phrase into metal is a proven strategy?
I agree that there is no need to buy a titanium, colour screen wallet, a sub $100 Trezor
will suffice.

Buying an old laptop and removing the wifi card is way to technical for a lot of people.

[Lontor]

I wonder what type of a hardware wallet comes with Bluetooth  .
Isn't that stupid and unnecessary?

Tails OS running on a USB stick isn't for everyone, if you are tech savvy you can do this.
I would rather advise newbies to go with hardware wallet.

Airgapped hardware wallet exactly.
No Bluetooth, No internet connection, fully airgapped.

Tails OS thus works but it can be very complicated for many beginners and some of them don't want to go through this process at all.
For such people, airgapped hardware wallet is best.

You making it sound like all hardware wallet has Bluetooth is misleading, even if the hardware wallet is titanium and cost $200 like you've said, they will never have Bluetooth, you are free to prof this wrong.

Also Trezor and few other $60 hardware wallets will get the job done, no need to complicate things.

[NotATether]

USB stick is one of things can be used for your wallet backups

No, it's not used for wallet backups.

You didn't read the OP clearly.

The USB is only for launching Tails OS, not for storing your wallet.

Your wallet backup is just the metal seed phrase.

One of the disadvantages of this method though is that you can't airgap altcoins like this, so if you're holding altcoins, then a Ledger Nano X is basically the industry standard for all the mobile and web3 wallets. Despite all of Ledger's faults.

[Outhue]

One of the disadvantages of running a crypto wallet in Tails OS is the complexity, the setup isn't something that many newbies can handle unless they have technical knowledge, forcing on a newbie can come with some mistakes.

Other disadvantages are as follow.

1. Slower Performance

Tails routes internet connection through Tor right?, it's surely going to be slower compared to a regular OS.

2. Limited Compatibility

You can't run Tails OS on all available hardwares without small hiccups here and there, it has limited compatibility with certain software and hardware.

Anything else is sleek with Tails OS.

[pawanjain]

Heres the actual $0 cypherpunk baseline. Grab a cheap blank usb stick and flash tails os on it. Tails runs purely in ram and gets wiped the second u pull the plug. Take an old beater laptop and literally physically remove the wifi card from the motherboard. Boot tails completely offline. Open up electrum which comes preinstalled, generate your seed, and stamp it in metal. Your cold storage is done.

USB stick is one of things can be used for your wallet backups, and using Tails OS is good too, but remember that USB stick can have technical problems and might be dead anytime so you must have multiple USB sticks for your wallet backups and perhaps other backup methods too.

With wallet backups, it's always recommended to do multiple wallet backups.
How to Install Tails OS on USB flash drive for Wallet Purpose.

OP has already mentioned to stamp the seed phrase on metal plate and the USB sticks are only for booting Tails OS.
I consider this as a good technique to stay secure from hackers stealing your keys.
Having a backup on a metal plate will make it secure for a long time and Tails OS is perfect for crypto as it gets wiped out in every run.
It surely is not a very convenient way to access and make transactions from your wallet but convenience is risky and has a price.

[bitmover]

Buying a $200 titanium hw wallet with bluetooth and a color screen isnt security. Its paying for an expanded attack surface. Marketing brainwashed everyone into thinking isolation costs money. It doesnt. It just takes discipline.

The golden rule is simple. If the operating system has network drivers enabled and touches the internet, your private keys do not go on it. Period.

Heres the actual $0 cypherpunk baseline. Grab a cheap blank usb stick and flash tails os on it. Tails runs purely in ram and gets wiped the second u pull the plug. Take an old beater laptop and literally physically remove the wifi card from the motherboard. Boot tails completely offline. Open up electrum which comes preinstalled, generate your seed, and stamp it in metal. Your cold storage is done.

This is just misinformation.

99.99% of people losing funds are using this advice. It is not easy or safe to handle your own cyber security. Buy a professional hardware that will do that for you.

Hardware wallets are safe. Trezor is the best one. Pay $100 and have security for decades. They are cheap and safe.

[hd49728]

99.99% of people losing funds are using this advice. It is not easy or safe to handle your own cyber security. Buy a professional hardware that will do that for you.

Hardware wallets are safe. Trezor is the best one. Pay $100 and have security for decades. They are cheap and safe.

There are many hardware wallets from open source to close source. Even open source, hardware wallets are different in quality too, so let's choose best one to buy and use for long term storage.

People sometimes try to save money but they don't put safety of their fund as a highest priority that deserves to be assigned a budget for purchasing a hardware wallet to use. They want to save small money, then lose a big fund eventually.

[GUIDE] How to buy a Hardware Wallet the right way
[LIST] Open Source Hardware Wallets

[Outhue]

Buying a $200 titanium hw wallet with bluetooth and a color screen isnt security. Its paying for an expanded attack surface. Marketing brainwashed everyone into thinking isolation costs money. It doesnt. It just takes discipline.

The golden rule is simple. If the operating system has network drivers enabled and touches the internet, your private keys do not go on it. Period.

Heres the actual $0 cypherpunk baseline. Grab a cheap blank usb stick and flash tails os on it. Tails runs purely in ram and gets wiped the second u pull the plug. Take an old beater laptop and literally physically remove the wifi card from the motherboard. Boot tails completely offline. Open up electrum which comes preinstalled, generate your seed, and stamp it in metal. Your cold storage is done.

This is just misinformation.

99.99% of people losing funds are using this advice. It is not easy or safe to handle your own cyber security. Buy a professional hardware that will do that for you.

Hardware wallets are safe. Trezor is the best one. Pay $100 and have security for decades. They are cheap and safe.

$60 would even do the magic, the result is all over the internet, as there are cheap hardware wallets that costs less than $100, this is a new year also, many promo sales will occur again this year, so if anyone has a bigger plan in mind to go for the higher end hardware wallet they can wait for those sales to happen again.

Many beginners can't do the Tail OS thing themselves, I guess OP have no beginners close to them for once, if not he should be able to figure out that they always have no clue and they easily fumble with everything they touch, Tails OS / Crypto wallet is best for people who are good with tech normally, there is no better recommendation than a hardware wallet.

[PrivacyG]

Pass the psbt file via qr code or a second usb to the offline tails laptop.

Passing files through a secondary USB stick in between online and offline devices is not what I would consider OpSec.  Any device you plug that interacted with the external world is a risk.  QR codes are fine.  Better, I would argue.

-----

One of the disadvantages of running a crypto wallet in Tails OS is the complexity, the setup isn't something that many newbies can handle unless they have technical knowledge, forcing on a newbie can come with some mistakes.

Using Tails OS with a Bitcoin wallet is as simple as booting up the system and searching for Electrum.  I would argue it is in fact much more simple than Windows, Linux et cetera considering it runs live and does not need any setup.

Other disadvantages are as follow.

1. Slower Performance

Tails routes internet connection through Tor right?, it's surely going to be slower compared to a regular OS.

I never found Tails to be slower than Windows or Ubuntu.  There definitely is a difference due to it running the connection through Tor but it is unnoticeable.  Moreover, if one is interested in a 'Paranoiac OpSec Setup' then Tor is pretty much a necessity anyway.

[Lucius]

I wonder what type of a hardware wallet comes with Bluetooth  .
Isn't that stupid and unnecessary?
~snip~

The same one that allows you to store your seed with third parties for $10 a month


The OP actually wrote a good post, even though the topic has been covered hundreds of times on the forum. I completely agree that the safest way to store private keys is by creating an air-gapped wallet on a computer, before which we physically remove all hardware that can enable wireless communication. It may sound complicated, but I'm sure you can find a few videos that will guide you step by step.

Of course, there are also air-gapped wallets that we can buy, which is an easy way for maximum security that you can achieve today when storing your private keys.

[CryptoVoyager24]

lmao the amount of cope in here from hw wallet owners is crazy.
U guys shill trezor like its magic. Go read the kraken labs report. Voltage glitching the stm32 chip. Seed extracted in 15 mins flat. Or ledger literally pushing an update to send ur encrypted keys to the cloud. You dont own the hardware, u own a corporate promise.

privacyG is the only one making sense about qr codes. Swapping usb sticks between online and offline machines is a joke. Badusb firmware jumps the gap instantly. Optical airgaps fix this. A webcam reading base64 text cannot execute malware. U can literally decode the raw hex manually.

Crying about a 5 min boot time for tails is wild. If u need bluetooth 1-click signing so u can trade from the toilet, u deserve to get drained. Convenience kills bags.