Is this setup actually secure?

19 replies 325 views
chain777Member
Posts: 16 · Reputation: 148
#1Oct 15, 2025, 11:46 AM
Let’s talk about a guy named Joe who's into Bitcoin and his setup: - Joe's using a Linux machine. - This is his personal computer where he does everything, from binge-watching shows to handling online banking. - He’s the only one who uses this machine, so there’s no one else with access. - All his activities are done under his Linux user account, called `joe94`. - The `joe94` account has sudo privileges. - Joe installed Bitcoin Core and runs it using the standard `bitcoin.conf` settings. - He also operates the Electrs Electrum server. - Joe owns a Trezor hardware wallet. - He makes use of the Trezor Suite application. - Instead of connecting to Trezor nodes, he points the Trezor app to his local Electrum server. - Joe sticks to all the recommended practices for Trezor, like keeping his seed phrase on paper only, and double-checking the receiving and sending addresses for transactions. - Since Joe's using a laptop, he can take it anywhere and hop on any random Wi-Fi network he encounters. So, do you think Joe is putting himself at risk?
5 Reply Quote Share
humbleledgerLegendary
Posts: 1027 · Reputation: 6554
#2Oct 15, 2025, 01:12 PM
Why not use Electrum as a wallet instead of Trezor Suite? At risk of what? Does Joe bring his Trezor hardware wallet with him? I wouldn't run a server on public Wi-Fi. It just doesn't feel right.
0 Reply Quote Share
byte_protoFull Member
Posts: 84 · Reputation: 625
#3Oct 17, 2025, 09:39 AM
This is pretty much risky. Connecting to random Wi-Fi is susceptible to man in the middle attacks. Taking your pc around will increase the risks of it falling into hands of theft. Using such pc to  run every activity online increase risks of malware. While Joe coins are not directly at risks, his privacy and general security are.
4 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#4Oct 17, 2025, 10:47 AM
While malware designed for linux is rare, the risk is exist if watching movie involve pirated/cracked stuff. Aside from MITM, evil twin attack (fake wifi hotspot with similar name with real one) can be risky if E-Banking is involved. Although using VPN you can trust supposed to solve this issue.
2 Reply Quote Share
sat_2011Full Member
Posts: 119 · Reputation: 334
#5Oct 17, 2025, 11:53 AM
Yes, I consider Joe to be at risk for using random/public WiFi networks because one of the strategies used by hackers to attack and also steal private data is to use public WiFi. Besides, some online thieves usually create their own public WiFi and disguise it as a genuine WiFi network. There's no benefit in using public WiFi, and the price to pay is always a big one.
2 Reply Quote Share
humbleledgerLegendary
Posts: 1027 · Reputation: 6554
#6Oct 17, 2025, 12:51 PM
Not everyone has unlimited mobile data.
3 Reply Quote Share
sat_2011Full Member
Posts: 119 · Reputation: 334
#7Oct 17, 2025, 04:59 PM
You have a point, but if we think about the consequences and the level of how hacker use the man in the middle attack through the creation of fake Wi-Fi hotspots to read their target emails, steal personal information, and check the websites they are visiting, it is always better to always seek safety first, not some minutes of free public WiFi internet service.
2 Reply Quote Share
humbleledgerLegendary
Posts: 1027 · Reputation: 6554
#8Oct 17, 2025, 07:25 PM
That's what encryption is for: once my browser knows the security certificate for a website, no man in the middle can read the data.
0 Reply Quote Share
byte_protoFull Member
Posts: 84 · Reputation: 625
#9Oct 18, 2025, 12:30 AM
Yes except from the evil twin attack, if the user is not using a VPN.
2 Reply Quote Share
im_lynxHero Member
Posts: 515 · Reputation: 2161
#10Oct 19, 2025, 04:38 PM
Does this Linux laptop setup have a full disk encryption? I would recommend to use this for devices that are carried around and could easily be stolen. I don't really like the random wifi networks usage but this can be mitigated. It's imperative to carefully check certificates used in browsers to avoid MITM attacks. Still not a big fan to use such a network "promiscuous" device for crypto wallets and e-banking. I wouldn't want to use my daily driver for my crypto wallet stuff, but this depends strongly on what is done with the device and how security educated someone is and if the user does "risky" stuff on the internet. Some people install all the time some software they want to try out and whatnotelse. This could be a recipe for later desaster, especially when having all under one user account which is in the sudoers group. Priviledge escalation is only a step away... Using a hardware wallet to secure private keys is good for Joe and mitigates a few problems that could arise with a daily driver device.
0 Reply Quote Share
yield_moonFull Member
Posts: 102 · Reputation: 297
#11Oct 19, 2025, 06:46 PM
Joe’s problems are the bolded. He really should be using a separate device for Bitcoin only. If he is dealing with large amounts of money then he needs a different device to do every day online activities. All it takes is one suspect torrent or file containing malware and Joe will be eating ramen.
4 Reply Quote Share
im_lynxHero Member
Posts: 515 · Reputation: 2161
#12Oct 21, 2025, 07:21 AM
I think you're painting a bit too harsh consequences for Joe, because Joe uses a hardware wallet which shields his wallet's private keys from malware, in theory and likely in practice too from what I've learned and experienced myself with Trezor and another hardware wallet. I say this also because OP said, that Joe follows good practices with usage of his hardware wallet. An important thing is, to verify all details of a transaction BEFORE you sign it with your hardware wallet, check thoroughly every time amounts to be sent and most importantly the output addresses. This prevents stealing of coins when malware could manipulate the watch-only software wallet to assemble a transaction with outputs that aren't chosen by the user before the transaction is sent to the hardware wallet for signing. I agree that it's not the best idea to use just one device for all your internet shit and e-banking and crypto wallet stuff. That kinda calls for desaster and using every wifi Joe might encounter has been criticized already here. I highly recommend to setup mobile devices like a laptop with encrypted filesystem(s), simply because mobile devices are carried around, can be lost or stolen. Going to be pretty bad when unauthorized people gain access to your data on that device. The evil guys might find reasons to re-visit you with a few 5$ wrenches or even a heftier 25$ wrench with significantly more persuasive momentum. Don't get me wrong, there's no easy rule, it depends how much someone knows about computer security, safe browsing practices and so on.
2 Reply Quote Share
yield_forkFull Member
Posts: 162 · Reputation: 728
#13Oct 21, 2025, 01:39 PM
Ideally, Joe would only use this device for Bitcoin. However, if Joe only uses this laptop at home and doesn't connect to public Wi-Fi networks, I don't see the need to buy a new laptop for another purpose. It all depends on Joe's threat model. If Joe really needs to use this same laptop to connect to public Wi-Fi, he can download and use TaisOS on a bootable flash drive to browse the internet. TaisOS is an amnesic system that doesn't store anything in permanent memory when the equipment is turned off. I have a laptop with dual boot: Windows 11 and Ubuntu 24.04. I only use Ubuntu to access forums, Reddit and my Bitcoin wallet. For more routine tasks, I boot into Windows and only connect to Wifi with a VPN enabled or at trusted relatives' homes. In reality, I rarely open my laptop in public places. You should be concerned about your phone, which is much more likely to connect to public Wifi, and depending on your personal information, it could be much more valuable than your BTC balance, as it could be used as a way to extort money from you.
3 Reply Quote Share
humbleledgerLegendary
Posts: 1027 · Reputation: 6554
#14Oct 21, 2025, 06:19 PM
I would never trust Windows to have access to my Linux drives.
3 Reply Quote Share
hodler2019Legendary
Posts: 2182 · Reputation: 12913
#15Oct 21, 2025, 08:34 PM
Yeah it is a case of " stupid cheap " Or to be polite " pennywise and pound foolish " I HAVE A STAND ALONE 2TB ssd 16GB LAPTOP FOR LINUX. If you live in the USA buying a used laptop dropping in ram and a 2tb is cheap enough.
0 Reply Quote Share
yield_forkFull Member
Posts: 162 · Reputation: 728
#16Oct 23, 2025, 04:53 PM
Unfortunately, I don't live in the USA. Here where I live, a laptop costs the same as a popular car, it's very difficult to find someone with a top-tier laptop from the latest year. I have two laptops with great configurations, this one also has a dual boot with Ubuntu. I'm thinking of formatting this second laptop and leaving it with only some Linux distro.
0 Reply Quote Share
humbleledgerLegendary
Posts: 1027 · Reputation: 6554
#17Oct 24, 2025, 08:25 PM
How is that possible? Are you comparing brand new top of the line laptops to very old cars? That's rare here too, most people spend more money on their phone than on their laptop nowadays. But second hand business laptops are abundant and cheap, and those are great for running Linux. You mention a dual boot, but only mention one OS. That's an interesting way of describing your configuration, I take it you take Windows as the de facto standard. I wouldn't even know what to do with Windows.
3 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#18Oct 25, 2025, 01:23 AM
Aside from security concern, it's known that windows update occasionally break your dual boot system where you can't boot into linux. Out of curiosity, do you mind tell of you example of the laptop and popular car? You don't need to disclose where you live. And when you say top-tier laptop, do you mean something like Apple laptop with most expensive option that cost $7000+?
3 Reply Quote Share
jake.chainSenior Member
Posts: 280 · Reputation: 1307
#19Oct 25, 2025, 06:28 AM
Good start. Better than windows or macos. Lot more secure and stable. Runs smoothly and not crash prone compared to windows. Generally not recommended to use your PC or what to do everything in especially if you are storing sensitive information related to money. (I am aware money is not the only possible risk of data leakage, there are lots of sensitive data that can be used against you in a PC or what device). But usually when you are holding bitcoin in the same device where you might encounter viruses or malware then that is when it gets a little sideways. But since you have trezor anyway then you only need to worry about your fiat in the bank. But I know many users who use their device with linux for gaming, editing and streaming and they have not caught challenges. Good security measure but malware can still infiltrate your device. I have been mentioning malware across this post, and this is exactly how you will be getting that. Someone could tamper the software and download malware in your device without you even knowing. DO NOT CONNECT TO PUBLIC WIFIS. They are exposing you to many dangers.
3 Reply Quote Share
im_lynxHero Member
Posts: 515 · Reputation: 2161
#20Oct 25, 2025, 05:19 PM
Care to enlighten us how this could happen actually, given the premises that the target is a Linux box and assuming that it shouldn't be configured to be discoverable in a public wifi? I'm not saying that public wifi is harmless, but from my own IT experience, I think you're painting a bit too much scary colors to the wall, aren't you. Of course, it depends how you configure your Linux box to act in a public network environment. If you allow stupid things, you're calling for trouble. So, what's the actually working attack vectors in a public wifi. Genuinely curious!
1 Reply Quote Share

Related topics