Search content
Sort by
Showing 5 of 5 results by awavewalia
Hello all, I am the poster, and I read your comments.
ISSUE ONE
I can conclude I did indeed make some mistakes in my creation process even though some would call my actions superfluous with above average security.
I simply could not resist entering my seed (in a trusted program but on an Windows, an OS you all hate) to verify that if I recover using this seed, that I can access and use my own Bitcoin. This might be a sin to you, but it was a necessary security step to me and I couldn't see any way around it. This doesn't justify using a system that both had lots of old data on it that can also connect to the internet. I am unconvinced that using a system without any such old data that can connect to the internet is a security risk, so please explain why that might be a problem.
I will not be telling you the exact names of my wallets. I can only tell you what my wallets are not. I did not use software from MetaMask, Ledger, Trust, or Robinhood's new self-custody thingy.
I know these details isn't a seed phrase, but guess what, your own comments are telling me that I committed some mistakes. That means by your own logic my keys/seed were malware-vulnerable or vulnerable to some kind of network attack beyond my comprehension before I deleted the wallet file. Therefore, if I announce the names of the programs I used, I make it so any malware would target any leftover data I might have in my RAM or whatever.
Regardless, now that we are here today, it has been almost 30 days since my very first test transaction and over 7 days since my wallet last received a tiny amount of BTC. The BTC (over 0.012) is still there, unswiped. I'm still buying.
If the seed has not been used despite my failure to be internet-free entirely for this many days, should I assume it is not compromised and lying in wait to be used after the hacker believes the funding will stop? (There is an online paper wallet generator hosted in China or Russia where they wait one year to swipe your stuff because they assume you won't fund it any further or lost the private keys, but my concern is strictly compromised keys/seed or malware, not the program that generated my seed and test seeds prior.)
ISSUE TWO
I will create a second wallet on Linux on another device after a full format and wipe. Unless it's explained to me why I shouldn't, I plan to just download trusted wallet programs, play around with them, log in on my email and on my exchange on a browser (and no other websites), and, even if on Wi-Fi, create another seed and verify that it works for receive/send. I will then write the seed, delete the wallets and all dummy wallets, and format this other device a second time. Thoughts?
ISSUE ONE
I can conclude I did indeed make some mistakes in my creation process even though some would call my actions superfluous with above average security.
I simply could not resist entering my seed (in a trusted program but on an Windows, an OS you all hate) to verify that if I recover using this seed, that I can access and use my own Bitcoin. This might be a sin to you, but it was a necessary security step to me and I couldn't see any way around it. This doesn't justify using a system that both had lots of old data on it that can also connect to the internet. I am unconvinced that using a system without any such old data that can connect to the internet is a security risk, so please explain why that might be a problem.
I will not be telling you the exact names of my wallets. I can only tell you what my wallets are not. I did not use software from MetaMask, Ledger, Trust, or Robinhood's new self-custody thingy.
I know these details isn't a seed phrase, but guess what, your own comments are telling me that I committed some mistakes. That means by your own logic my keys/seed were malware-vulnerable or vulnerable to some kind of network attack beyond my comprehension before I deleted the wallet file. Therefore, if I announce the names of the programs I used, I make it so any malware would target any leftover data I might have in my RAM or whatever.
Regardless, now that we are here today, it has been almost 30 days since my very first test transaction and over 7 days since my wallet last received a tiny amount of BTC. The BTC (over 0.012) is still there, unswiped. I'm still buying.
If the seed has not been used despite my failure to be internet-free entirely for this many days, should I assume it is not compromised and lying in wait to be used after the hacker believes the funding will stop? (There is an online paper wallet generator hosted in China or Russia where they wait one year to swipe your stuff because they assume you won't fund it any further or lost the private keys, but my concern is strictly compromised keys/seed or malware, not the program that generated my seed and test seeds prior.)
ISSUE TWO
I will create a second wallet on Linux on another device after a full format and wipe. Unless it's explained to me why I shouldn't, I plan to just download trusted wallet programs, play around with them, log in on my email and on my exchange on a browser (and no other websites), and, even if on Wi-Fi, create another seed and verify that it works for receive/send. I will then write the seed, delete the wallets and all dummy wallets, and format this other device a second time. Thoughts?
I tried very hard to find a seller to sell me their BTC but man, if they have it, they want to hold it! They don't want to sell, they just wanna buy. I was forced to start with an exchange, one that almost everyone in the U.S. knows the name of, and then patiently wait to send it to self custody. I'm still sending some over to my wallet.
Let's evaluate how I created my Bitcoin wallet. I changed minor details from reality, but I want you to judge my actions as if everything I wrote here is true, and I want you to judge me critically and more harshly than usual:
My Lenovo Windows laptop was purchased around 2 years ago. Even then, I barely used it. It is essentially a glorified hard drive that I use to answer stupid emails.
This laptop contains data I have had for over 10 years. Family photos, bank statements, executable files that are for old games, emulated game file save files...I moved so many over. 10 years of files without checking where they're from. Let's fast forward to last month:
1) I ran a simple anti-virus scan. Free trial. It says I have no viruses but said I have bank statements exposed and unsafe. This did not instill confidence, as the point of anti-virus is to protect my files even if I have a bank statement or several saved as a PDF file. It also stated it did not run network scans. This is on Windows 11. Remember that it is on Windows 11 for your judgment
2) I used a wallet program {Program 1} to generate a seed offline. I wrote down the derivation pathway it said it used, and BIP seed it generated. After writing this down, I never had it in view of a camera or another person. Any time I practiced the seed, I destroyed the torn scrap paper from my practice runs.
3) I QR-scanned a master public key. My camera saw nothing else. On a mobile device (I never created any serious wallets on my mobile devices), I created a watch-only wallet. I matched the receiving addresses to the addresses in {Program 1}.
4) I closed {Program 1} but it was still installed. Connected to wi-fi for a minute, disconnected, then I deleted the wallet inside {Program 1}
5) I downloaded another program for a wallet {Program 2}.
6) I started sending funds to the BTC wallet. My watch-only cell phone wallet showed that funds are filling up the wallet. Multiple people at this point knew I was buying on an exchange, but they probably still think I have funds on the exchange or have been trading for shitcoins.
7) I connected to Wi-Fi on two different occasions and would stay online for over 24 hours each time. I used my mental seed to recover my wallet in {Program 2}, and confirmed that even there, BTCBitcoinBTC is being received live while on Wi-Fi.
I deleted the wallet file from {Program 2} offline. I uninstalled {Program 1} entirely.
9) {Program 2} remains installed. I still send funds to the wallet, now only visible from the seed in my head and the master public on my cell phone.
Could my BTC be swiped or have you managed to hold all your BTC with worse security practices than mine? I think I've been pretty thorough, but imperfect. Most losses are due to public wifi or fools screen-sharing. I did not cross $10000.00, I probably never will except by BTC itself going up by itself,
Do not leave comments saying that I might spit out some part of the seed phrase while I'm asleep. I carry around four hints for four words in the seed, even though I remember all of them. Now that I've mentioned this detail, I'm going to shred into fragments even that hint for those four in the next 2 days.
I was unaware of Bitcoin Core and Bitcoin Knots throughout this entire process so I did not use them to generate a seed. I still don't know if I need them or no.
Here's what I didn't do:
I never used one of many, many, many Chrome web extension wallets, because I don't get how that could possibly be more secure than a solo wallet program in a window(s) meant only for itself.
I never entered my real storage seed into Exodus, Wasabi, or Phantom and did not use them for creation. I might have had them installed at some point, but generated or entered dummy seeds to see what the addresses would look like while learning about Bitcoin.
I did not use the Coleman io generator offline, as it, if I understand would run in a browser. That means it would allow any browser to display the seed AND every single private key, meaning a browser could save that info as if it was a manual field entry, username, etc...
I also wanted to be able to connect to the internet at least twice just because it proves that if I wanted to, the seed works and so I can spend the BTC some day or simply pass it back to an exchange 20 years from now.
Bonus question:
Do you think it's a good idea to create a second wallet and seed with a different method, and I keep a minority of my BTC on that? It forces me to remember 24 words, but considering how wonderfully I did with just 12 holy words and how well I can keep the secret, I feel like I can do this over and over again with my practice methods and immunity of the few hints to my words online to dictionary attacks.
It feels really good to hold BTC no one but me can handle.
Let's evaluate how I created my Bitcoin wallet. I changed minor details from reality, but I want you to judge my actions as if everything I wrote here is true, and I want you to judge me critically and more harshly than usual:
My Lenovo Windows laptop was purchased around 2 years ago. Even then, I barely used it. It is essentially a glorified hard drive that I use to answer stupid emails.
This laptop contains data I have had for over 10 years. Family photos, bank statements, executable files that are for old games, emulated game file save files...I moved so many over. 10 years of files without checking where they're from. Let's fast forward to last month:
1) I ran a simple anti-virus scan. Free trial. It says I have no viruses but said I have bank statements exposed and unsafe. This did not instill confidence, as the point of anti-virus is to protect my files even if I have a bank statement or several saved as a PDF file. It also stated it did not run network scans. This is on Windows 11. Remember that it is on Windows 11 for your judgment
2) I used a wallet program {Program 1} to generate a seed offline. I wrote down the derivation pathway it said it used, and BIP seed it generated. After writing this down, I never had it in view of a camera or another person. Any time I practiced the seed, I destroyed the torn scrap paper from my practice runs.
3) I QR-scanned a master public key. My camera saw nothing else. On a mobile device (I never created any serious wallets on my mobile devices), I created a watch-only wallet. I matched the receiving addresses to the addresses in {Program 1}.
4) I closed {Program 1} but it was still installed. Connected to wi-fi for a minute, disconnected, then I deleted the wallet inside {Program 1}
5) I downloaded another program for a wallet {Program 2}.
6) I started sending funds to the BTC wallet. My watch-only cell phone wallet showed that funds are filling up the wallet. Multiple people at this point knew I was buying on an exchange, but they probably still think I have funds on the exchange or have been trading for shitcoins.
7) I connected to Wi-Fi on two different occasions and would stay online for over 24 hours each time. I used my mental seed to recover my wallet in {Program 2}, and confirmed that even there, BTCBitcoinBTC is being received live while on Wi-Fi.
I deleted the wallet file from {Program 2} offline. I uninstalled {Program 1} entirely.9) {Program 2} remains installed. I still send funds to the wallet, now only visible from the seed in my head and the master public on my cell phone.
Could my BTC be swiped or have you managed to hold all your BTC with worse security practices than mine? I think I've been pretty thorough, but imperfect. Most losses are due to public wifi or fools screen-sharing. I did not cross $10000.00, I probably never will except by BTC itself going up by itself,
Do not leave comments saying that I might spit out some part of the seed phrase while I'm asleep. I carry around four hints for four words in the seed, even though I remember all of them. Now that I've mentioned this detail, I'm going to shred into fragments even that hint for those four in the next 2 days.
I was unaware of Bitcoin Core and Bitcoin Knots throughout this entire process so I did not use them to generate a seed. I still don't know if I need them or no.
Here's what I didn't do:
I never used one of many, many, many Chrome web extension wallets, because I don't get how that could possibly be more secure than a solo wallet program in a window(s) meant only for itself.
I never entered my real storage seed into Exodus, Wasabi, or Phantom and did not use them for creation. I might have had them installed at some point, but generated or entered dummy seeds to see what the addresses would look like while learning about Bitcoin.
I did not use the Coleman io generator offline, as it, if I understand would run in a browser. That means it would allow any browser to display the seed AND every single private key, meaning a browser could save that info as if it was a manual field entry, username, etc...
I also wanted to be able to connect to the internet at least twice just because it proves that if I wanted to, the seed works and so I can spend the BTC some day or simply pass it back to an exchange 20 years from now.
Bonus question:
Do you think it's a good idea to create a second wallet and seed with a different method, and I keep a minority of my BTC on that? It forces me to remember 24 words, but considering how wonderfully I did with just 12 holy words and how well I can keep the secret, I feel like I can do this over and over again with my practice methods and immunity of the few hints to my words online to dictionary attacks.
It feels really good to hold BTC no one but me can handle.
Just asking out of curiosity, have you tried to look through any deals in the different P2P exchanges available for your payment method and location?
There are quite a number of them with adverts from different users.
Alternatively, you can use the same p2p platforms to create your advert and wait for orders from your potential counterparties who may agree to your terms
There are quite a number of them with adverts from different users.
Alternatively, you can use the same p2p platforms to create your advert and wait for orders from your potential counterparties who may agree to your terms
I have already tried everything including calling random businesses who used BTC or use it and they don't want to sell. Everyone wants to hold their BTC. No one wants to sell to me. They don't get that if they buy more and sell to me or just share, btc adoption goes up and that's good for everyone. On Bisq, it sounds easy to do something stupid and lose one's security deposit, as even if you just want to buy person to person, you still need a security deposit. That isn't worth it if there's any part of Bisq you don't understand. No other p2p platform worked for finding someone in NYC, they are only in other cities. I also looked into pubkey but the owner(s) do not appear to be sane people so I don't think I want to do any transaction in there. I could instead meet a customer of pubkey at a suitable place that isn't pubkey.
So I still need a seller in NYC.
In Queens or Midtown Manhattan. Physical cash no other payment methods. I can get more if our first meeting goes well.
Paying 3.75%. e.g. I buy $900 at fair market rate and you receive a separate 3.75% cash payment ($33.75) to do this. If you require more just comment or message the demand and I'll say No or Yes. If you cover your face in glasses or a mask as we meet, the deal is off immediately.
We're not this doing inside anyone's apartment or on a street anyone can just run from. I know some places where criminal activity just isn't possible. I've been trying to find a seller but no one's buying or selling or they change their minds when I get ready. In at least one case, I scared someone off even though I wasn't covering any part of my face.
Paying 3.75%. e.g. I buy $900 at fair market rate and you receive a separate 3.75% cash payment ($33.75) to do this. If you require more just comment or message the demand and I'll say No or Yes. If you cover your face in glasses or a mask as we meet, the deal is off immediately.
We're not this doing inside anyone's apartment or on a street anyone can just run from. I know some places where criminal activity just isn't possible. I've been trying to find a seller but no one's buying or selling or they change their minds when I get ready. In at least one case, I scared someone off even though I wasn't covering any part of my face.