@shadders is on PowPing!

PowPing is a place where you can earn Bitcoin simply by socializing, for FREE.
Never tried Bitcoin? It's OK! Just come, socialize, and earn Bitcoin.
Check out shadders's activities
Total Economy: 0.7 USD
Shower thought: All wallets should have a seperate emergency wallet available by default with the seeds stored seperately (perhaps even with a 3rd party service). If you have any reason to believe your wallet is compromised the UI should provide a quick way to sweep into the emergency wallet. It could be a single sweep tx or on tx per UTXO to avoid loss of privacy. @electrumsv What you think?
pete tipped:
cryptofactor tipped:
unwriter tipped:
murphsicles tipped:
freddy78 tipped:
rext tipped:
kraftwerk tipped:
oolee tipped:
I have been working on adapting the work of Ian Coleman to make a coldwallet and recovery tool for different wallets. Still work on progress to make a better UI but it works, use with caution. https://bsv.direct/bip39/
samooth replied:
Simply.Cash is great to scan the private keys from it
I agree with@unwriter. If your wallet is compromised, only the competence of the malware author limits the effect to not also diverting the sweep. So you'd want a second external wallet even on a different device or computer. This is why hardware wallets showing the addresses externally becomes valuable, even if it is not user friendly for normal people with addresses being tedious to compare. Now extend this with dynamic derivation paths and approaches, where valuable keys may not be guessable through linear derivation. That external app needs to keep synchronized in some way that the compromised wallet can't interfere with.
unwriter tipped:
Any kind of sweep will be detrimental to privacy. People need to stop pretending that Bitcoin lends any semblance of privacy. It never has and never will.
For this to work securely, would the emergency wallet need to be always a 3rd party wallet? If the wallet software is compromised, the same issue may apply to every wallet ever generated from the same software.
joebrockhaus tipped:
metal replied:
The only secure way I can think that this would work, is with premade paper wallets made on an offline machine, by the app company you are using (or 3rd party), with full KYC already done. The company makes these paper wallets on an air gapped pc, in a secure location, with the public key transferred into the live system via a usb key (a new usb key is used each time an allotment of new offline public keys are required). When a new user downloads the app and installs it, it gets automatically tied to this additional offline public addy, and a user could send to this addy ('device tied' and 'username tied'), in the event of a possible compromise. In the event of a compromised device, the user would sweep their balance into this offline wallet addy, then they would apply to have the offline paper wallet snail mailed to themselves. This would require full KYC at the point of setting up the wallet app the ability to use this offline wallet, so maybe would only be a long term goal for a company like handcash. But it would be do-able I think. It would also require a full KYC for a recovery of the wallet via snail mail. --- There is an alternative to having to do full KYC by the app company though... (cont)
shadders tipped:
metal replied:
I think what would work really well with this is, having someone make a 'windows live'/'linux live'/'tails' type downloadable usb iso, that a person can load onto a usb key(or cd/dvd), load up on any pc, and that puts a user straight into an offline wallet generation tool. Personally, I use tails on an old laptop, running the github repository of the wallet generator website, to generate offline paper wallets. https://github.com/walletgeneratornet/WalletGenerator.net I can't see why a company couldn't come up with a live usb/cd/dvd just for emergency offline wallet generation, tied to their company's app, and the users device, You get the user to scan a qr code from their device (while in the live cd/usb), and this is used somehow during the generation of the 'single use' offline emergency wallet. Print out, store somewhere, and in the event of a possible compromise, you simply sweep into the emergency offline wallet.
aquamane replied:
Big difference between ‘thinking’ your wallet is compromised, and it actually ‘being’ compromised. If your wallet already /is/ compromised, the point is already moot: _you’ve lost your agency_. In a realistic scenario, I think you’d instead rather build a system that allows for the pre-isolation of UTXOs, by default (+customizeable), leveraging live-MFA for spends. (A single MFA request could be used to sign + unlock multiple pre-isolated targets.) There seems to be a hidden threshold here, ideologically + technically; the boundary between human and digital agency. Real-world laws are in part approximate constructs to help us mitigate the issues of Authenticity + Individual Agency that we already have; the Blockchain cannot know if you have a gun pointed at your head, making you sweep your funds, for instance. Identity is ultimately a _separate factor._ _(Now, maybe someone is working of quantum tokenization; encoding one-time private keys into an entangled photon held suspended in some diamond-nuclear-battery-powered physical device.. but we still have this issue of agency, even and perhaps especially after we have technology like NeuraLink to leverage our ‘wetware’ to jack-into the internet..)_
Sounds too risky