It's a great place but when you need to cash out you need fresh linux system with fresh wallet software connected to the internet only when you make the transaction. Not an app for your phone. Everybody will have malicious keylogger on their phone eventually if they install apps and sometimes even if they don't.
Not necessarily, for instance 3rd party keyboards like Grammarly are keyloggers by their very nature. They grab your input, process it, and give output in terms of grammar corrections. And a rogue app update can absolutely do the same.
> And how do you make sure that that doesn’t come with a keylogger
The same way you verify anything is what you want and stays that way, MD5/SHA256 hashes and airgaps.
It's possible to disable third party keyboards for sensitive data entry at least on iOS. Not sure if the same is possible on Android – worst case, a wallet could just provide their own keyboard/passphrase entry method.
> The same way you verify anything is what you want and stays that way, MD5/SHA256 hashes and airgaps.
How do you determine a given hash to be trustworthy? And how do you know you can trust your `sha256sum` implementation?
You're always trusting someone. Any security analysis pretending otherwise is worthless.
If it's not a bank and not state backed/insured, it might as well be crypto. With crypto, at least in cold storage, there is a lot less chance of losing your money and no chance of getting a dreaded 'your account was indefinitely suspended' from the 'AI' at Paypal. And having no recourse whatsoever.
Still, personally, I distribute over all kinds of banks (where I get E100k per bank when they fall, so I make sure I'm under that amount per bank) and assets so the fallout is minimal if something falls. Well, unless it's a 1929 event of course; then it remains to be seen what is left after. But then crypto is wiped out too; people gotta live, so they will mass sell off.
From my understanding, as what’s essentially a layperson in crypto, is hardware over any form of software. Same as with fiat in say PayPal, you don’t own it unless you can physically hold it. And physically holding it in this case is via FOSS hardware wallets such as Trezor.
That hardware will ultimately also be running software, and you need to be trusting the vendor/supply chain of both.
This is not at all to say that there is no point in hardened/secure execution environments like smartcards, Yubikeys, hardware wallets etc., but the important point is that the statement "hardware is more secure than software" by itself is dangerously misleading.
And there is no such thing as (fully) "FOSS hardware". Somebody needs to build a physical thing in the end, and you can't verify every single step of that process. Openness/transparency has its advantages and reduces the chance of nefarious things happening in your supply chain, but this is lightyears away from "trustlessness".
> When this happens with big bank, you could try going to the court.
Great. So not only I lost my money but now I'm getting an assignment as well. Which will last many years and at best will result in recovering a fraction of what I lost and the most likely outcome us not getting anything back and possibly paying more.
I had the California State Board of Equalization empty one of my bank accounts without warning because they thought I owned them back taxes. I had moved out of the country and wasn't filing California taxes, which was a mistake. You still have to file a 0 tax.
Dude, there are whole countries where the Goverment just stopped everyone from getting their money out of the Bank. Greek for example, just a few years ago. It's not something very rare nor do you have to be in a third world country.