Can your device see your wallet's secret phrase?

19 replies 82 views
moonz944Full Member
Posts: 3 · Reputation: 572
#1Dec 4, 2018, 05:32 AM
Ever think about how Windows, Android, iOS and other OS might capture your secret phrase when you set up a non-custodial wallet? It's a bit concerning, right?
6 Reply Quote Share
Posts: 28 · Reputation: 21
#2Dec 4, 2018, 08:04 AM
That's why we have airgap option, if you are too afraid the device you are using is going to see your seed phrase get a hardware wallet (which is not completely recommended since you will later connect it to the internet) or change one of your old device to an offline wallet, wipe it out by formatting and never connect it to the internet again.
0 Reply Quote Share
dr_nodeNewbie
Posts: 775 · Reputation: 10
#3Dec 4, 2018, 11:10 AM
What kind of question is that??? All os's 'see' everything you input. That's um, kinda how they work.... What happens from there all depends on how good YOUR opsec is.
0 Reply Quote Share
Posts: 296 · Reputation: 29
#4Dec 4, 2018, 05:30 PM
They DO SEE all that. The problem is whether they send that information towards others' eyes or not. Normally they don't (maybe unless you have auto-completion on). That's why you have to generate and store the seed always offline, that's why you have to keep any meaningful funds on cold storage (i.e. on computer that never touches internet) or hardware wallet. That's one important "small bit" many are missing until they notice their funds got stolen and then blame the wallet (the other "small bit" is that the coins are never inside the wallet, hence a seed can recover any number of copies of the wallet).
5 Reply Quote Share
moonz944Full Member
Posts: 3 · Reputation: 572
#5Dec 4, 2018, 08:14 PM
I mean by that Who does guarantee that Microsoft , apple, google.. don't steal our secret phrases???
3 Reply Quote Share
Posts: 158 · Reputation: 53
#6Dec 5, 2018, 12:01 AM
That's why never save your keys or recovery phrases on any devices. Writing it on that card board or tough paper might be traditional but that's wiser than of those. And it's not only these operating systems that usually see what we do but the apps that we use. Remember that 'agree' before using them?
3 Reply Quote Share
Posts: 128 · Reputation: 34
#7Dec 5, 2018, 03:37 AM
We can't really tell. At some point. You just have to be extra careful, trust them blindly and hope they don't have extra access to what they shouldn't, and avoid not using private OS or any software. It's one way to be safe and don't give room to hackers indirectly and when you get hit you blame it on the OS company.
2 Reply Quote Share
moonhq227Member
Posts: 356 · Reputation: 57
#8Dec 5, 2018, 07:28 AM
You know there are times I have explained things that look like a coincidence But the chance of it happening are rare For example today, I was listening to a song Empire of the sun We are the people. And I came across a post online about the song. Not the first time something similar has happened so I'm quite paranoid with saving certain datas. Or inputting certain information on places that requires internet access.
0 Reply Quote Share
chainioMember
Posts: 706 · Reputation: 48
#9Dec 5, 2018, 01:30 PM
If that were true, they would be monitoring you when you create a new wallet and send its information over the internet. There are several tips for creating an airgapped wallet, the most popular of which involves using TailsOS. This is a separate tip from how to securely store seedphrases.
1 Reply Quote Share
Posts: 242 · Reputation: 24
#10Dec 5, 2018, 07:07 PM
No one can guarantee you that.  In fact, this is exactly why software wallets (hot wallets) on your phone or PC are fundamentally insecure for storing large amounts of crypto. If you want an actual guarantee, you have to use an airgapped hardware wallet or some other completely offline storage method option.
0 Reply Quote Share
Posts: 331 · Reputation: 47
#11Dec 6, 2018, 06:46 PM
With what the topic of this post implies, it's safe to see meaning in it and make the assumption that something could be collating data or watching your movements and this prompt the need for better security measures to protect long term capital using offline storage packs like the airgapped wallet and other devices that breaks certain accessible features to everything you do with your online devices.
4 Reply Quote Share
Posts: 85 · Reputation: 18
#12Dec 6, 2018, 09:24 PM
So, why do you think those operating systems display the seed phrase on your smartphone screen? That's because they can read that information and then render it on your device's screen. That's why you need to ensure the security of the device you're using, so that sensitive information isn't exposed to others. Therefore, air-gapped wallets are more recommended for storing your Bitcoin because they operate offline, reducing the chance of your seed phrase being leaked.
4 Reply Quote Share
fox_moonNewbie
Posts: 123 · Reputation: 23
#13Dec 7, 2018, 04:07 AM
Steal it and send it to whom? When if that should be done, it needs a "command(send)'' to permit such action. And such action orchestrated by you not the gadget you have at hand. As we have had it done this way, type and enter the send, not the gadget to do that by itself as a robot.
3 Reply Quote Share
Posts: 249 · Reputation: 46
#14Dec 7, 2018, 08:30 AM
If you are using Windows, it may be time to stop.  Recall does particularly what you are concerned about.  I am not sure yet whether the screenshots it takes have any link to the internet but I am very sure these will be stored SOME WHERE, 'encrypted'. So in the future maybe you could ask Copilot to bring up the Seed you deleted by accident!  Microsoft for the win!  We all win!  By deleting Windows and moving away to Linux of course!
4 Reply Quote Share
Posts: 245 · Reputation: 83
#15Dec 7, 2018, 02:45 PM
Windows sees it through feature called Recall like mentioned by PrivacyG where it snapshot your PC like literally, they stored your snapshot in an on-device NPU and do processing locally but who can guarantee if they don't do something else? Moreover, an AI installed on your PC to control your PC might have seen it all, they can easily access your filesystem. Using desktop or mobile wallet is fundamentally less secure compared to hardware wallet that can initialize wallet on its own without connecting to external PC.
4 Reply Quote Share
chain745Newbie
Posts: 318 · Reputation: 24
#16Dec 7, 2018, 07:29 PM
No one can guarantee that Microsoft, Apple, and Google... will not steal our secret phrases. We are only forced to blindly trust and believe that they will not steal them. The only thing that can be said is that they are capable of stealing them, but they will not risk their reputation. If you do not trust operating systems, the only solution is to not create the seed on any device connected to the Internet and to create the seed on a hardware wallet, using software wallets only as an interface and not as a seed generator.
3 Reply Quote Share
dr_nodeNewbie
Posts: 775 · Reputation: 10
#17Dec 7, 2018, 10:32 PM
As I said in my first post - a persons opsec controls what can be leaked. In the case of windoze, disable and as much as possible remove Copilot and AI helpers. For browsers at least disable all auto fill and auto correct functions as they send data to external servers to do their thing. There are tons of posts/vids on the internet regarding how to harden your phone & pc's. Do a search and learn.
3 Reply Quote Share
bullhq504Member
Posts: 131 · Reputation: 66
#18Dec 10, 2018, 07:39 AM
Well, Bitcoin does not require internet or electronic devices to generate seed/secret phrases. You can generate them entirely offline, by hand, without ever using devices like computer, laptop, phone, hardware wallet, etc. You could generate the secret phrases by rolling a physical dice or flipping a coin many times, then follow some processes to finally convert the side of the dice/coin to Bitcoin secret phrases. After converting to secret phrases, you can go through some process to generate a public keys from the secret phrases and use that to access your bitcoin address online. This are all achieved without the internet . The seedphrase generation can be completely done by hand, without using computer, phone, hardware wallet or any device atall.
4 Reply Quote Share
noncehqNewbie
Posts: 96 · Reputation: 13
#19Dec 10, 2018, 01:46 PM
Except any of this devices is infected with a virus or malware, I do not think there is any way those behind this operating systems can view or see our seed phrase or private keys to our wallet, I can't bring my mind to imagine the possibility of those behind this operating systems being able to view the screen of our device or data stored on it without a malware or virus infecting the device.. I know about this method but my question has always been what if they user at some point in time decided he want to move some of this coins to another wallet or maybe he wants to sell, will he not still connect the same device or wallet to the Internet to enable him move the bitcoins?
2 Reply Quote Share
minerz261Newbie
Posts: 166 · Reputation: 24
#20Dec 10, 2018, 03:20 PM
It's not only like you can generate your wallet offline, but for security, it's recommended to create your wallet offline, and if possible, store your wallets and wallet backups offline too. It's because online has more threats that can compromise your devices, steal your wallet mnemonic seed or private keys, and steal your bitcoin. If possible, use an airgapped device for storing your wallet. Cold wallets are very good and safe for storing your bitcoin a long time. [LIST] Open Source Hardware Wallets. [GUIDE] How to buy a Hardware Wallet the right way. The same rule is applied for using any wallet recovery, you must do it offline. [overview] Recover Bitcoin from any old storage format
0 Reply Quote Share
?Reply
Sign in to reply to this topic

Related topics