I am no technical expert, and even though in several ways we are on the same page in regards to several benefits to having open source and not running some the risk of closed source that comes from having a secure element and the extent to which, so far, no secure element has been able to be made completely open source, so if there are any flaws (or back-doors) in the close source-ness then that can you leave you vulnerable in ways that you had not realized to be feasible or possible.....

At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has  physical access to the device with a non-secure element.  Folks with a non-secure element mostly have the protection of not giving up physical access to the device or by creating passphrase wallets, since if some hacker gets physical access to your non-secure element device then they can get your private key (or your seedwords the 12/24 words), but they cannot get your passphrase, so they would be able to take money off of your non-passphrase portion of your wallet, but no wallets that have been created with passphrases, until they brute force into such passphrase, and there is an infinite number of passphrase wallets that you could create that would still be under the same seedwords, but each passphrase creates a new wallet (if you were going to have multiple passphrases under the same seedwords)

I see the trade off being different in terms of who your attack vector would be, since it seems that the attack vector for open source is the physical access to the device, yet your attack vector for closed source could be the company itself or governmental actors or anyone who could attack the vulnerabilities of the closed sourced systems that are not necessarily getting reviewed as much as open sourced systems.  I am also no guru in security practices or assessment of vulnerabilities... I am merely considering that we cannot just presume that a device is more secure because it has a secure element, even though the attack vectors become different.. and part of the reason that bitcoin is open source, is to attempt to show the value of incentivizing the crowd-sourcing of the review of its code, and sure maybe we can trust (and need to trust) some various centralized entities with some things, but maybe not a lot of things, such as all of our bitcoin... which is another reason that people choose multi-signature and multi-device security - which brings another level of complications to potentially lock us out of our coins, too..


If a bad person (who knows something or knows someone who knows something), they can get you private keys (or your seedwords) in a matter of 15 minutes (or something like that), so they can get anything on your non-passphrase wallet, and your pin doesn't do anything.  But they cannot get you passphrase wallets unless they are able to guess them or brute-force them.



Whenever other members are posting sensitive OpSec information, it likely does not hurt to mention it, even if that particular member does not give too many shits.  Some OpSec materials are more  exposing than other materials, too.

We have had some members who have scaled back on some of their revelations over the years too.., deleted old posts and even changed their user names.  There are needs for public personas in the bitcoin space too.


We are still in a public thread, and of course you can do what you want and of course, i can respond how i want in terms of mentioning the issue.