add plebes
· 1 year ago
8a202b446c10b2b79201fa7570cb9d0dc74ba4b5
Parent:
64dd7fbbb
1 file changed +321 −216
- bitcoin-self-custody-guide.html +321 −216
Diff
--- a/bitcoin-self-custody-guide.html +++ b/bitcoin-self-custody-guide.html @@ -3,26 +3,26 @@ <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> - <title>Bitcoin Fortress: HNW Self-Custody Protocol (Lopp-Inspired)</title> - <meta name="description" content="Advanced self-custody security for HNW Bitcoin holders, incorporating Jameson Lopp's principles. Protect against physical threats, loss, and ensure recoverability."> - <meta name="keywords" content="bitcoin security, self custody, hnw crypto, $5 wrench attack, Jameson Lopp, bitcoin inheritance, hardware wallet security, multisig, opsec, physical security, bitcoin fortress"> - <link rel="canonical" href="https://cheatsheets.davidveksler.com/bitcoin-hnw-security-lopp-edition.html"> + <title>Bitcoin Self-Custody Fortress: A Scalable Security Guide</title> + <meta name="description" content="A scalable Bitcoin self-custody guide for all users, from everyday holders to HNW individuals. Secure your Bitcoin against loss, theft, and ensure recoverability with recommended tools and services."> + <meta name="keywords" content="bitcoin security, self custody, crypto security, hardware wallet, multisig, bitcoin inheritance, opsec, physical security, seed backup, bitcoin guide, crypto tools, privacy services"> + <link rel="canonical" href="https://cheatsheets.davidveksler.com/bitcoin-scalable-security-guide.html"> <!-- Favicon --> - <link rel="icon" href="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'><text x='0' y='14' font-size='14'>🔐</text></svg>"> + <link rel="icon" href="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'><text x='0' y='14' font-size='14'>🛡️</text></svg>"> <!-- Open Graph --> - <meta property="og:title" content="Bitcoin Fortress: HNW Self-Custody Protocol (Lopp-Inspired)"> - <meta property="og:description" content="Advanced self-custody for HNW Bitcoin holders, incorporating Jameson Lopp's principles."> + <meta property="og:title" content="Bitcoin Self-Custody Fortress: A Scalable Security Guide"> + <meta property="og:description" content="Scalable Bitcoin self-custody for all users. Secure your assets effectively with recommended tools."> <meta property="og:type" content="article"> - <meta property="og:url" content="https://cheatsheets.davidveksler.com/bitcoin-hnw-security-lopp-edition.html"> - <meta property="og:image" content="https://cheatsheets.davidveksler.com/images/bitcoin-lopp-fortress.png"> + <meta property="og:url" content="https://cheatsheets.davidveksler.com/bitcoin-scalable-security-guide.html"> + <meta property="og:image" content="https://cheatsheets.davidveksler.com/images/bitcoin-scalable-fortress.png"> <!-- Twitter Card --> <meta name="twitter:card" content="summary_large_image"> - <meta name="twitter:title" content="Bitcoin Fortress: HNW Self-Custody Protocol (Lopp-Inspired)"> - <meta name="twitter:description" content="Protect your Bitcoin: HNW guide with insights from Jameson Lopp."> - <meta name="twitter:image" content="https://cheatsheets.davidveksler.com/images/bitcoin-lopp-fortress.png"> + <meta name="twitter:title" content="Bitcoin Self-Custody Fortress: A Scalable Security Guide"> + <meta name="twitter:description" content="Scalable Bitcoin self-custody for all users. Protect your crypto with recommended tools."> + <meta name="twitter:image" content="https://cheatsheets.davidveksler.com/images/bitcoin-scalable-fortress.png"> <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/font/bootstrap-icons.css"> @@ -35,13 +35,16 @@ --warning-color: #ffc107; --success-color: #28a745; --info-color: #17a2b8; + --light-blue-bg: #e7f6f8; + --light-blue-border: #b6dde2; --dark-bg: #0a0a0a; --card-bg: #141414; --text-primary: #ffffff; --text-secondary: #b0b0b0; --border-color: #333; --highlight-color: var(--primary-color); - --lopp-highlight-bg: rgba(247, 147, 26, 0.1); + --expert-highlight-bg: rgba(23, 162, 184, 0.07); + --info-color-rgb: 23, 162, 184; } body { background-color: var(--dark-bg); color: var(--text-primary); font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif; line-height: 1.6; } @@ -51,9 +54,9 @@ .lead { font-size: 1.25rem; color: var(--text-secondary); max-width: 800px; margin: 0 auto 1rem auto; } .last-updated { color: var(--text-secondary); font-size: 0.9rem; margin-top: 1rem; } - .lopp-principle-banner { background-color: var(--card-bg); border: 1px solid var(--border-color); border-left: 5px solid var(--primary-color); padding: 1.5rem; margin-bottom: 2.5rem; border-radius: 8px; } - .lopp-principle-banner h4 { color: var(--primary-color); margin-bottom: 0.5rem; } - .lopp-principle-banner p { color: var(--text-secondary); margin-bottom: 0; } + .scaling-banner { background-color: var(--card-bg); border: 1px solid var(--border-color); border-left: 5px solid var(--info-color); padding: 1.5rem; margin-bottom: 2.5rem; border-radius: 8px; } + .scaling-banner h4 { color: var(--info-color); margin-bottom: 0.5rem; } + .scaling-banner p { color: var(--text-secondary); margin-bottom: 0; } .threat-level { display: inline-block; padding: 0.3rem 0.8rem; border-radius: 20px; font-size: 0.8rem; font-weight: 600; margin-left: 0.5rem; border: 1px solid transparent; text-transform: uppercase; letter-spacing: 0.5px; } .threat-critical { background-color: var(--danger-color); color: var(--text-primary); border-color: #ff4d4d;} @@ -70,14 +73,15 @@ .security-card h5 { color: var(--text-primary); margin-bottom: 1rem; display: flex; align-items: center; justify-content: space-between; font-size: 1.2rem; font-weight: 600; } .security-card h5 > span:first-child i { margin-right: 0.5rem; color: var(--primary-color); } - .security-term, .lopp-term { color: var(--highlight-color); font-weight: 600; background-color: var(--lopp-highlight-bg); padding: 0.1em 0.3em; border-radius: 3px; } + .security-term, .expert-term { color: var(--highlight-color); font-weight: 600; background-color: rgba(247, 147, 26, 0.1); padding: 0.1em 0.3em; border-radius: 3px; } .rule-box { background-color: rgba(247, 147, 26, 0.05); border-left: 4px solid var(--primary-color); padding: 1rem; margin: 1.5rem 0; border-radius: 4px; } .rule-box.critical { background-color: rgba(220, 53, 69, 0.05); border-left-color: var(--danger-color); } .rule-box.critical strong { color: var(--danger-color); } - .rule-box.lopp-insight { background-color: rgba(23, 162, 184, 0.05); border-left-color: var(--info-color); } - .rule-box.lopp-insight strong { color: var(--info-color); } - + .rule-box.expert-insight { background-color: var(--expert-highlight-bg); border-left-color: var(--info-color); } + .rule-box.expert-insight strong { color: var(--info-color); } + .rule-box.pleb-friendly { background-color: rgba(var(--info-color-rgb), 0.08); border-left-color: var(--info-color); color: var(--text-secondary); } + .rule-box.pleb-friendly strong { color: var(--info-color); } .summary { color: var(--text-secondary); margin-bottom: 1rem; font-size: 0.95rem; } .details-toggle { background-color: var(--primary-color); color: #000; border: none; padding: 0.6rem 1.5rem; border-radius: 4px; font-weight: 600; transition: all 0.3s ease; display: inline-flex; align-items: center; } @@ -89,6 +93,8 @@ .collapse-content li { margin-bottom: 0.6rem; color: var(--text-secondary); } .collapse-content li strong { color: var(--text-primary); } .collapse-content h6 { color: var(--primary-color); margin-top: 1rem; margin-bottom: 0.5rem; font-weight: 600; } + .collapse-content a, .tier-advice a, .resource-list a { color: var(--info-color); text-decoration: none; } + .collapse-content a:hover, .tier-advice a:hover, .resource-list a:hover { text-decoration: underline; color: #29cae4; } .protection-matrix { background-color: var(--card-bg); border: 1px solid var(--border-color); border-radius: 8px; padding: 2rem; margin: 2rem 0 3rem 0; } .matrix-header { text-align: center; margin-bottom: 1.5rem; } @@ -113,8 +119,16 @@ #checklist .security-card input[type="checkbox"]:checked + label { text-decoration: line-through; color: var(--success-color); } #checklist .security-card h6 { color: var(--primary-color); margin-top: 1.5rem; margin-bottom: 1rem; font-weight: bold; } - .lopp-ref { font-size: 0.8em; color: var(--text-secondary); font-style: italic; } - .lopp-ref a { color: var(--info-color); } + .tier-advice { padding: 1rem; margin-top: 1.5rem; border-radius: 6px; } + .tier-advice h6 { margin-top: 0; font-weight: bold; } + .pleb-advice { background-color: #2a2a2e; border: 1px solid #444; color: var(--text-secondary); } + .pleb-advice h6 { color: var(--info-color); } + .pleb-advice strong { color: var(--text-primary); } + .whale-advice h6 { color: var(--primary-color); } + + .resource-list ul { list-style-type: none; padding-left: 0; } + .resource-list li { margin-bottom: 0.5rem; } + .resource-list li i { margin-right: 0.5rem; color: var(--primary-color); } @media print { body { background-color: white; color: black; font-size: 10pt; } @@ -122,15 +136,22 @@ .page-header { background: none; border-bottom: 2px solid black; padding: 1rem 0; margin-bottom: 1.5rem; } .page-header h1 { color: black; font-size: 2rem; } .page-header .sub-title { display: none; } .lead, .last-updated { color: #333; font-size: 1rem; } - .lopp-principle-banner, .warning-banner { background-color: #fff3cd !important; border-color: #ffeeba !important; color: #664d03 !important; border-left-width: 3px; } - .lopp-principle-banner h4, .warning-banner h4 { color: #664d03 !important; } .lopp-principle-banner p, .warning-banner p { color: #664d03 !important; } - .warning-banner i, .lopp-principle-banner i { display: none; } + .scaling-banner, .warning-banner { background-color: #fff3cd !important; border-color: #ffeeba !important; color: #664d03 !important; border-left-width: 3px; } + .scaling-banner h4, .warning-banner h4 { color: #664d03 !important; } .scaling-banner p, .warning-banner p { color: #664d03 !important; } + .warning-banner i, .scaling-banner i { display: none; } .section-title { color: black; font-size: 1.5rem; border-bottom-color: #999; } .section-title i { display: none; } .security-card { border: 1px solid #999; box-shadow: none; padding: 1rem; margin-bottom: 1rem; background-color: #f9f9f9; } .security-card h5 { color: black; font-size: 1.2rem; } .security-card h5 .threat-level { border: 1px solid black; color: black !important; background-color: white !important; padding: 0.1rem 0.4rem; font-size: 0.7rem; } .details-toggle { display: none !important; } .collapse { display: block !important; } .collapse-content { border-top: 1px solid #ccc; padding-top: 1rem; margin-top: 1rem; } + .collapse-content a, .tier-advice a, .resource-list a { color: #555; text-decoration: none; } + .collapse-content a::after, .tier-advice a::after, .resource-list a::after { content: " (" attr(href) ")"; font-size: 0.8em; } + + + .tier-advice, .pleb-advice { background-color: #f0f0f0; border: 1px solid #ddd; color: #333; } + .pleb-advice h6, .whale-advice h6 { color: #000; } + .threat-indicator { border: 1px solid black; } .rule-box { border-left-color: black; background-color: #eee; } .rule-box.critical { border-left-color: black; } .code-block { background-color: #f0f0f0; color: black; border: 1px solid #ccc; } @@ -140,52 +161,51 @@ footer { background: none; border-top: 1px solid #ccc; color: #555; padding: 1rem 0;} footer a { color: #D2691E; } .col-md-3, .col-md-6, .col-lg-6, .col-lg-12 { flex: 0 0 100%; max-width: 100%; } .row > * { padding-right: 0; padding-left: 0; } .container { max-width: none !important; padding: 0 !important; margin: 0 !important; } - .lopp-ref { display: none; } /* Hide Lopp references in print to save space */ } </style> </head> <body> <header class="page-header"> <div class="container"> - <h1><i class="bi bi-shield-lock-fill"></i> Bitcoin Fortress: HNW Self-Custody Protocol</h1> - <p class="sub-title">Inspired by Jameson Lopp's Principles for Real-World Threat Mitigation</p> - <p class="lead">A comprehensive security framework for high net worth Bitcoin holders focused on layered, geographically-diverse controls to deter attackers and ensure recovery.</p> - <div class="last-updated">Last Updated: January 2025 | Target: Significant Bitcoin Holdings</div> + <h1><i class="bi bi-shield-check"></i> Bitcoin Self-Custody Fortress: A Scalable Security Guide</h1> + <p class="sub-title">Tailored Protection for All Levels of Bitcoin Holders</p> + <p class="lead">A comprehensive, expert-informed guide to Bitcoin self-custody, offering scalable security measures whether you're just starting or managing significant wealth. Learn to protect your assets against loss, theft, and ensure long-term recoverability.</p> + <div class="last-updated">Last Updated: May 2025</div> </div> </header> <main class="container"> - <div class="lopp-principle-banner"> - <h4><i class="bi bi-signpost-split-fill"></i> Guiding Philosophy (Lopp-Inspired)</h4> - <p>Security is about layered, geographically-diverse controls making you an unattractive, time-consuming target. Controls must be robust AND simple enough to execute under duress. Avoid over-engineering; prioritize recoverability by you or your heirs.</p> + <div class="scaling-banner"> + <h4><i class="bi bi-arrows-angle-expand"></i> Scaling Your Security: One Size Doesn't Fit All</h4> + <p>This guide provides recommendations for various levels of Bitcoin holdings. "<strong>Everyday Holder / Plebe</strong>" suggestions focus on essential, cost-effective security for smaller amounts. "<strong>Significant Holdings / Whale</strong>" advice details advanced measures for substantial wealth, where targeted threats are more likely. Assess your holdings and risk profile to choose the appropriate layers.</p> </div> <div class="warning-banner"> - <h4><i class="bi bi-exclamation-triangle-fill"></i> Critical Reality Check</h4> - <p>Your Bitcoin is worthless if you're dead, kidnapped, or lose access. This guide prioritizes <strong>survival, access, and recoverability</strong> over theoretical perfection.</p> + <h4><i class="bi bi-exclamation-triangle-fill"></i> Fundamental Truth</h4> + <p>Regardless of holding size, your Bitcoin is worthless if you lose access or fall victim to theft. Prioritize <strong>understanding your setup, robust backups, and practicing recovery</strong>.</p> </div> <section class="protection-matrix"> <div class="matrix-header"> - <h3>Threat Tiering for HNW Individuals</h3> - <p class="text-secondary">Consider threats from opportunistic to targeted, including physical coercion and state-level actors for large holdings.</p> + <h3>General Threat Landscape & Priorities</h3> + <p class="text-secondary">While specific threat actors vary, core vulnerabilities often remain similar. Adapt your focus based on your holdings.</p> </div> <div class="row text-center"> <div class="col-md-3 col-6 mb-3"> <div class="threat-indicator" style="background-color: var(--danger-color);"></div> - <strong>Critical:</strong> Self-inflicted loss / Bad Backups + <strong>Critical for ALL:</strong> Accidental Loss / Seed Mismanagement / Bad Backups </div> <div class="col-md-3 col-6 mb-3"> <div class="threat-indicator" style="background-color: #d65d3e;"></div> - <strong>High:</strong> Targeted Physical Coercion / Robbery + <strong>High for ALL:</strong> Malware / Phishing / Social Engineering </div> <div class="col-md-3 col-6 mb-3"> <div class="threat-indicator" style="background-color: var(--warning-color);"></div> - <strong>Medium:</strong> Sophisticated Remote Attacks / Sim Swaps + <strong>Medium (escalates with holdings):</strong> Device Theft / Sim Swaps / Basic Remote Hacks </div> <div class="col-md-3 col-6 mb-3"> <div class="threat-indicator" style="background-color: var(--info-color);"></div> - <strong>Low:</strong> Opportunistic Malware / Phishing + <strong>Low (escalates to CRITICAL for Whales):</strong> Targeted Physical Coercion / Advanced Persistent Threats / State Actors </div> </div> </section> @@ -196,25 +216,33 @@ <div class="col-lg-6"> <div class="security-card"> <h5> - <span><i class="bi bi-mic-mute-fill"></i> Silence is Armor</span> - <span class="threat-level threat-critical">CRITICAL</span> + <span><i class="bi bi-mic-mute-fill"></i> The Shield of Silence</span> + <span class="threat-level threat-critical">CRITICAL FOR ALL</span> </h5> - <p class="summary">Never discuss balances, signing locations, or travel plans publicly. Most violent attacks start with <span class="security-term">doxxing or bragging</span>.</p> + <p class="summary">Do not publicly discuss your Bitcoin holdings, especially specific amounts. Bragging or unnecessary disclosure makes you a target for <span class="security-term">scammers, hackers, and physical threats</span>.</p> <button class="btn details-toggle" type="button" data-bs-toggle="collapse" data-bs-target="#opsec-silence" aria-expanded="false" aria-controls="opsec-silence"> <i class="bi bi-chevron-down"></i> Details </button> <div class="collapse collapse-content" id="opsec-silence"> - <div class="rule-box critical"> - <strong>Zero public clues:</strong> No talk of holdings, security posture, or crypto wealth. + <div class="tier-advice pleb-advice"> + <h6><i class="bi bi-person-fill"></i> Everyday Holder / Plebe:</h6> + <ul> + <li>Avoid posting about crypto buys/sells on public social media.</li> + <li>Don't share wallet screenshots or transaction details online.</li> + <li>Be cautious discussing crypto with strangers or casual acquaintances.</li> + </ul> + </div> + <div class="tier-advice whale-advice mt-3"> + <h6><i class="bi bi-gem"></i> Significant Holdings / Whale:</h6> + <p>All the above, plus:</p> + <ul> + <li>Implement strict policies about discussing crypto, even with close family/friends if they are not part of your security plan.</li> + <li>Use pseudonyms for all online crypto activity. Maintain separate "crypto" and "normie" digital identities (e.g., encrypted email like <a href="https://proton.me/mail" target="_blank" rel="noopener noreferrer">ProtonMail</a> or <a href="https://tutanota.com/" target="_blank" rel="noopener noreferrer">Tutanota</a>; social profiles).</li> + <li>Never reveal your total holdings or security setup details to anyone not essential to your plan.</li> + <li>Use E2E encrypted communication (e.g., <a href="https://signal.org/" target="_blank" rel="noopener noreferrer">Signal</a>) for any sensitive discussions.</li> + <li>Practice UTXO hygiene (coin control, avoid address reuse) to obscure total wealth on-chain. Software like <a href="https://sparrowwallet.com/" target="_blank" rel="noopener noreferrer">Sparrow Wallet</a> can help.</li> + </ul> </div> - <h6>Implementation:</h6> - <ul> - <li>Segregate identities: Use pseudonyms, burner phones/emails for KYC if possible, separate addresses for node traffic.</li> - <li>Use P.O. Boxes or business addresses for hardware deliveries.</li> - <li>Communicate sensitive information ONLY via E2E encrypted messengers (e.g., Signal).</li> - <li>Tell persistent questioners you "sold," "lost it," or "only dabble."</li> - </ul> - <p class="lopp-ref">Ref: Lopp on OpSec, Casa Blog</p> </div> </div> </div> @@ -222,22 +250,35 @@ <div class="col-lg-6"> <div class="security-card"> <h5> - <span><i class="bi bi-house-slash-fill"></i> Address & Lifestyle Privacy</span> - <span class="threat-level threat-high">HIGH</span> + <span><i class="bi bi-shield-slash-fill"></i> Minimizing Your Digital & Physical Footprint</span> + <span class="threat-level threat-high">HIGH (Scales with Holdings)</span> </h5> - <p class="summary">Minimize links between your identity, physical address, and Bitcoin. <span class="security-term">Reduce your attack surface</span>.</p> - <button class="btn details-toggle" type="button" data-bs-toggle="collapse" data-bs-target="#opsec-address" aria-expanded="false" aria-controls="opsec-address"> + <p class="summary">Reduce links between your real-world identity, locations, and Bitcoin activities. Each link is a potential <span class="security-term">vulnerability point</span>.</p> + <button class="btn details-toggle" type="button" data-bs-toggle="collapse" data-bs-target="#opsec-footprint" aria-expanded="false" aria-controls="opsec-footprint"> <i class="bi bi-chevron-down"></i> Details </button> - <div class="collapse collapse-content" id="opsec-address"> - <h6>Protection Layers:</h6> - <ul> - <li>LLC + registered agent for property.</li> - <li>Secure mail forwarding for crypto mail.</li> - <li>Remove PII from data brokers (DeleteMe, Optery).</li> - <li>Vary hardware wallet delivery addresses.</li> - <li>Avoid overt displays of wealth.</li> - </ul> + <div class="collapse collapse-content" id="opsec-footprint"> + <div class="tier-advice pleb-advice"> + <h6><i class="bi bi-person-fill"></i> Everyday Holder / Plebe:</h6> + <ul> + <li>Use strong, unique passwords for all crypto-related accounts and a reputable password manager (e.g., <a href="https://bitwarden.com/" target="_blank" rel="noopener noreferrer">Bitwarden</a> (Open Source), <a href="https://1password.com/" target="_blank" rel="noopener noreferrer">1Password</a>).</li> + <li>Enable 2-Factor Authentication (2FA - authenticator app preferred over SMS) on exchanges.</li> + <li>Be wary of public Wi-Fi for crypto transactions. Use a VPN (e.g., <a href="https://protonvpn.com/" target="_blank" rel="noopener noreferrer">ProtonVPN</a>, <a href="https://mullvad.net/" target="_blank" rel="noopener noreferrer">Mullvad</a>) if you must.</li> + <li>When ordering hardware wallets, consider if home delivery is safe or if an alternative (office, P.O. Box) is better.</li> + </ul> + </div> + <div class="tier-advice whale-advice mt-3"> + <h6><i class="bi bi-gem"></i> Significant Holdings / Whale:</h6> + <p>All the above, plus:</p> + <ul> + <li>Utilize P.O. Boxes or secure mail forwarding services (e.g., <a href="https://www.travelingmailbox.com/" target="_blank" rel="noopener noreferrer">Traveling Mailbox</a>, <a href="https://physicaladdress.com/" target="_blank" rel="noopener noreferrer">PhysicalAddress.com</a>) for all crypto-related mail and hardware deliveries.</li> + <li>Actively remove Personal Identifiable Information (PII) from data broker sites (e.g., <a href="https://joindeleteme.com/" target="_blank" rel="noopener noreferrer">DeleteMe</a>, <a href="https://optery.com/" target="_blank" rel="noopener noreferrer">Optery</a>).</li> + <li>Consider dedicated, hardened devices (e.g., a specific laptop only for crypto) with minimal software.</li> + <li>Use legal structures (LLCs, trusts) to obscure ownership of assets where appropriate and legal.</li> + <li>Avoid ostentatious displays of wealth that could mark you.</li> + <li>Consider pseudonymous phone numbers/SIMs for sensitive registrations.</li> + </ul> + </div> </div> </div> </div> @@ -245,55 +286,73 @@ </section> <section class="section-container" id="physical" data-section-id="physical"> - <h2 class="section-title"><i class="bi bi-shield-fill-check"></i> Physical Security & "$5 Wrench" Mitigation</h2> + <h2 class="section-title"><i class="bi bi-shield-fill-check"></i> Physical Security: Protecting Your Keys & Yourself</h2> <div class="row"> <div class="col-lg-6"> <div class="security-card"> <h5> - <span><i class="bi bi-clock-history"></i> Time-Delay Deterrence</span> - <span class="threat-level threat-high">HIGH</span> + <span><i class="bi bi-safe"></i> Securing Seed Phrases & Devices</span> + <span class="threat-level threat-high">HIGH FOR ALL</span> </h5> - <p class="summary">Core principle: If no single site holds enough keys for quorum, an attacker <span class="security-term">cannot get what they want quickly</span>. This is your primary defense against coercion.</p> - <button class="btn details-toggle" type="button" data-bs-toggle="collapse" data-bs-target="#physical-time-delay" aria-expanded="false" aria-controls="physical-time-delay"> + <p class="summary">Your seed phrases and hardware wallets are prime targets. Protect them from theft, damage, and unauthorized access. <span class="security-term">Geographic separation of backups is key.</span></p> + <button class="btn details-toggle" type="button" data-bs-toggle="collapse" data-bs-target="#physical-seeds" aria-expanded="false" aria-controls="physical-seeds"> <i class="bi bi-chevron-down"></i> Details </button> - <div class="collapse collapse-content" id="physical-time-delay"> - <div class="rule-box lopp-insight"> - <strong>Lopp's Insight:</strong> The goal is to make extraction so slow and complex that attackers move to softer targets. + <div class="collapse collapse-content" id="physical-seeds"> + <div class="tier-advice pleb-advice"> + <h6><i class="bi bi-person-fill"></i> Everyday Holder / Plebe:</h6> + <ul> + <li>Store hardware wallets out of sight when not in use.</li> + <li>Keep your primary metal seed backup (see <a href="#tools-services" class="details-link">Tools section</a> for examples) in a secure, fire-resistant location at home (e.g., quality home safe).</li> + <li>Have at least one additional backup of your seed phrase stored off-site (e.g., with a trusted family member, very secure bank SDB - weigh risks).</li> + <li>Ensure backups are protected from casual discovery and environmental damage (water, fire).</li> + </ul> + </div> + <div class="tier-advice whale-advice mt-3"> + <h6><i class="bi bi-gem"></i> Significant Holdings / Whale:</h6> + <p>All the above, plus:</p> + <ul> + <li>Utilize high-security safes (e.g., TL-15, TL-30 rated from brands like Liberty, Fort Knox, etc.) bolted down.</li> + <li>Distribute key materials (seeds, hardware devices for multisig) across multiple highly secure, geographically diverse locations (different cities/states/countries).</li> + <li>Employ tamper-evident bags/seals for stored devices or seed backups.</li> + <li>Consider decoy safes or stashes with minimal value to mislead attackers.</li> + <li>If using bank SDBs, understand the risks (limited access, potential seizure, not insured for this purpose) and use them as only one part of a distributed strategy.</li> + </ul> </div> - <h6>Implementation:</h6> - <ul> - <li>Geographically distribute multisig keys/seed shares (see Technical Security).</li> - <li>Use bank SDBs, trusted custodians in different jurisdictions.</li> - <li>Consider time-locks on a portion of funds if appropriate (advanced).</li> - <li>Have a duress wallet/PIN that reveals a small, believable amount.</li> - </ul> - <p class="lopp-ref">Ref: Lopp on Time-Delay, Casa Blog</p> </div> </div> </div> <div class="col-lg-6"> <div class="security-card"> <h5> - <span><i class="bi bi-house-door-fill"></i> Home Fortress Protocol</span> - <span class="threat-level threat-high">HIGH</span> + <span><i class="bi bi-house-heart-fill"></i> Home & Personal Security</span> + <span class="threat-level threat-medium">MEDIUM (Escalates for Whales)</span> </h5> - <p class="summary">Harden your perimeter like a small bank. Make breaking in <span class="security-term">noisy, slow, and highly visible</span>.</p> - <button class="btn details-toggle" type="button" data-bs-toggle="collapse" data-bs-target="#physical-home" aria-expanded="false" aria-controls="physical-home"> + <p class="summary">Basic home security is prudent for everyone. For those with significant holdings, a <span class="security-term">"Home Fortress" protocol and duress planning</span> become vital.</p> + <button class="btn details-toggle" type="button" data-bs-toggle="collapse" data-bs-target="#physical-home-defense" aria-expanded="false" aria-controls="physical-home-defense"> <i class="bi bi-chevron-down"></i> Details </button> - <div class="collapse collapse-content" id="physical-home"> - <h6>Minimum Setup:</h6> - <ul> - <li>Reinforced doors, shatter-proof window film, robust locks.</li> - <li>Monitored alarm system with cellular backup.</li> - <li>Visible and hidden cameras (PoE, NVR + cloud).</li> - <li>Safe room or reinforced master bedroom.</li> - </ul> - <div class="rule-box"> - <strong>Study Real Attacks:</strong> Lopp curates an archive of 200+ physical attacks. Learn from them. (<a href="https://github.com/jlopp/physical-bitcoin-attacks" target="_blank" rel="noopener noreferrer" class="lopp-ref">Lopp's GitHub</a>) + <div class="collapse collapse-content" id="physical-home-defense"> + <div class="tier-advice pleb-advice"> + <h6><i class="bi bi-person-fill"></i> Everyday Holder / Plebe:</h6> + <ul> + <li>Ensure good quality locks on doors and windows.</li> + <li>Consider a basic monitored alarm system (e.g., <a href="https://simplisafe.com/" target="_blank" rel="noopener noreferrer">SimpliSafe</a>, <a href="https://goabode.com/" target="_blank" rel="noopener noreferrer">Abode</a>) and/or security cameras (e.g., <a href="https://reolink.com/" target="_blank" rel="noopener noreferrer">Reolink</a>, Wyze) if you have noticeable assets.</li> + <li>Be aware of your surroundings. Avoid making yourself an obvious target.</li> + </ul> + </div> + <div class="tier-advice whale-advice mt-3"> + <h6><i class="bi bi-gem"></i> Significant Holdings / Whale:</h6> + <p>All the above, plus "Home Fortress Protocol":</p> + <ul> + <li>Reinforced doors/frames, security film on windows, advanced locks.</li> + <li>Comprehensive, professionally monitored alarm (e.g., ADT, local firms) with cellular backup, multiple sensor types.</li> + <li>Extensive camera coverage (PoE systems like <a href="https://ui.com/camera-security" target="_blank" rel="noopener noreferrer">Ubiquiti Protect</a> or commercial NVRs), cloud backup.</li> + <li>Consider a safe room or reinforced area.</li> + <li><strong>Duress Plan:</strong> Have a decoy wallet, duress PINs, and a believable story about time-locked/dispersed funds. Prioritize life over Bitcoin.</li> + <li>Personal defense training focusing on situational awareness and de-escalation.</li> + </ul> </div> - <p class="lopp-ref">Ref: Casa Guide to Physical Security, WSJ on crypto attacks</p> </div> </div> </div> @@ -301,30 +360,37 @@ </section> <section class="section-container" id="technical" data-section-id="technical"> - <h2 class="section-title"><i class="bi bi-diagram-3-fill"></i> Technical Security: Custody Architecture</h2> + <h2 class="section-title"><i class="bi bi-diagram-3-fill"></i> Technical Security: Wallets & Backups</h2> <div class="row"> <div class="col-lg-6"> <div class="security-card"> <h5> - <span><i class="bi bi-safe2-fill"></i> Multi-Signature (Multisig) Dominance</span> - <span class="threat-level threat-critical">CRITICAL</span> + <span><i class="bi bi-shield-lock"></i> Choosing Your Wallet Setup</span> + <span class="threat-level threat-critical">CRITICAL FOR ALL</span> </h5> - <p class="summary">For HNW: <span class="lopp-term">3-of-5 or 5-of-7 multisig</span> is default. No single person (including you) can unilaterally spend. Keys must be geographically diverse.</p> - <button class="btn details-toggle" type="button" data-bs-toggle="collapse" data-bs-target="#tech-multisig" aria-expanded="false" aria-controls="tech-multisig"> + <p class="summary">The right wallet setup depends on your technical skills, the amount you're securing, and your risk tolerance. <span class="expert-term">Hardware wallets are strongly recommended over software/mobile wallets for most users.</span></p> + <button class="btn details-toggle" type="button" data-bs-toggle="collapse" data-bs-target="#tech-wallet-choice" aria-expanded="false" aria-controls="tech-wallet-choice"> <i class="bi bi-chevron-down"></i> Details </button> - <div class="collapse collapse-content" id="tech-multisig"> - <div class="rule-box lopp-insight"> - <strong>Lopp's Preference:</strong> Multisig over Shamir Secret Sharing (SSS) for better operational usability and auditability. + <div class="collapse collapse-content" id="tech-wallet-choice"> + <div class="tier-advice pleb-advice"> + <h6><i class="bi bi-person-fill"></i> Everyday Holder / Plebe: Single Signature</h6> + <ul> + <li><strong>Recommendation:</strong> A reputable single-signature hardware wallet. Purchase directly from the manufacturer. (See <a href="#tools-services" class="details-link">Tools section</a> for examples like Coldcard, Trezor, etc.).</li> + <li>This keeps your private keys offline. Focus on understanding its backup/recovery.</li> + <li>Avoid keeping significant amounts on exchange hot wallets or software wallets on your primary phone/computer.</li> + </ul> + </div> + <div class="tier-advice whale-advice mt-3"> + <h6><i class="bi bi-gem"></i> Significant Holdings / Whale: Multi-Signature (Multisig)</h6> + <p>Single-signature wallets become a single point of failure for large sums. Multisig is essential.</p> + <ul> + <li><strong>Recommendation:</strong> 2-of-3 or 3-of-5 multisig setup using diverse hardware wallets.</li> + <li>Requires multiple keys to authorize a transaction. Keys/seeds must be geographically diverse.</li> + <li>Use robust multisig coordinator software (e.g., <a href="https://sparrowwallet.com/" target="_blank" rel="noopener noreferrer">Sparrow Wallet</a>, <a href="https://specter.solutions/" target="_blank" rel="noopener noreferrer">Specter Desktop</a>, <a href="https://nunchuk.io/" target="_blank" rel="noopener noreferrer">Nunchuk</a>).</li> + <li><strong>Collaborative Custody:</strong> For very large sums, consider services (e.g., <a href="https://unchained.com/" target="_blank" rel="noopener noreferrer">Unchained Capital</a>, <a href="https://casa.io/" target="_blank" rel="noopener noreferrer">Casa</a>, <a href="https://www.swanbitcoin.com/vault/" target="_blank" rel="noopener noreferrer">Swan Vault</a>) as one co-signer.</li> + </ul> </div> - <h6>Key Principles:</h6> - <ul> - <li><strong>Heterogeneous Hardware:</strong> Use different brands of hardware wallets (Coldcard, Trezor, Seedsigner, etc.) for different keys to avoid single-vendor risk.</li> - <li><strong>Geographic Distribution:</strong> Keys/seeds stored in different cities, states, or even countries with varying legal/political risk profiles.</li> - <li><strong>DIY or Managed:</strong> Consider services like Casa (co-founded by Lopp) for a managed solution or model your DIY setup on their Wealth Security Protocol (emergency lockdown, health checks).</li> - <li>Test recovery processes rigorously and regularly.</li> - </ul> - <p class="lopp-ref">Ref: Lopp's Cypherpunk Cogitations, Casa Wealth Security Protocol</p> </div> </div> </div> @@ -332,73 +398,125 @@ <div class="col-lg-6"> <div class="security-card"> <h5> - <span><i class="bi bi-shield-shaded"></i> Seed Backup Resilience: Metal & Depth</span> - <span class="threat-level threat-critical">CRITICAL</span> + <span><i class="bi bi-safe2"></i> Seed Phrase & Passphrase Management</span> + <span class="threat-level threat-critical">CRITICAL FOR ALL</span> </h5> - <p class="summary">Use <span class="lopp-term">stainless 316L or titanium plates (min 5mm thick, one-piece)</span>. Paper/thin aluminum fail fire/flood/crush tests.</p> - <button class="btn details-toggle" type="button" data-bs-toggle="collapse" data-bs-target="#tech-backup" aria-expanded="false" aria-controls="tech-backup"> + <p class="summary">Your 12/24-word seed phrase IS your Bitcoin. Secure it meticulously. <span class="expert-term">Metal backups are essential for durability</span>. BIP39 passphrases ("25th word") add security but also risk if forgotten.</p> + <button class="btn details-toggle" type="button" data-bs-toggle="collapse" data-bs-target="#tech-seed-backup" aria-expanded="false" aria-controls="tech-seed-backup"> <i class="bi bi-chevron-down"></i> Details </button> - <div class="collapse collapse-content" id="tech-backup"> - <h6>Backup Strategy:</h6> - <ul> - <li><strong>Multiple Copies, Diverse Hazards:</strong> At least two offline, tamper-evident metal backups in different hazard zones (e.g., one fire-proof safe at home, another buried or in a bank SDB far away).</li> - <li><strong>Shamir Shares on Metal:</strong> If using SSS (despite Lopp's preference for multisig usability), each share must be on robust metal.</li> - <li><strong>Burial Cache (Extreme):</strong> For ultimate resilience, Lopp demonstrated PVC-encapsulated burial. - <ul> - <li>Use clear landmark-based navigation for retrieval.</li> - <li>Bury >30cm deep to evade casual metal detectors.</li> - <li>Leave written retrieval instructions for heirs.</li> - </ul> - </li> - </ul> + <div class="collapse collapse-content" id="tech-seed-backup"> <div class="rule-box critical"> - <strong>Test Your Backups:</strong> Annually verify accessibility and integrity of all backup copies. + <strong>For All Users:</strong> Never store your seed phrase digitally. Avoid typing it into any internet-connected device if possible. </div> - <p class="lopp-ref">Ref: Lopp's Treatise on Seed Backup Design, How to Bury a Seed</p> + <h6>Seed Backup Essentials:</h6> + <ul> + <li><strong>Metal Backups:</strong> Stamp or engrave your seed phrase onto robust metal plates. (See <a href="#tools-services" class="details-link">Tools section</a> for examples like CryptoSteel, Blockplate). Paper is NOT for long-term primary backup.</li> + <li><strong>Multiple Copies & Off-site Storage:</strong> At least two metal copies, one securely off-site.</li> + </ul> + <h6>BIP39 Passphrase (Optional "25th Word"):</h6> + <ul> + <li>Adds security if physical seed is compromised, but GONE FOREVER if passphrase is forgotten.</li> + <li><strong>Plebes:</strong> Generally NOT recommended due to risk of forgetting.</li> + <li><strong>Whales:</strong> Can be part of a multi-layered strategy if managed with extreme discipline (passphrase also on metal, stored separately).</li> + </ul> </div> </div> </div> </div> </section> + + <section class="section-container" id="tools-services" data-section-id="tools"> + <h2 class="section-title"><i class="bi bi-tools"></i> Recommended Tools, Services & Resources</h2> + <div class="security-card"> + <p class="summary">This is not an exhaustive list, and inclusion does not equal endorsement. <strong>Always Do Your Own Research (DYOR)</strong> before trusting any product or service with your Bitcoin or personal information.</p> + <div class="row resource-list"> + <div class="col-md-6"> + <h6><i class="bi bi-key-fill"></i> Hardware Wallets (Single & Multisig)</h6> + <ul> + <li><i class="bi bi-shield-check"></i> <a href="https://coldcard.com/" target="_blank" rel="noopener noreferrer">Coldcard</a> (Bitcoin-only, airgapped focus)</li> + <li><i class="bi bi-shield-check"></i> <a href="https://blockstream.com/jade/" target="_blank" rel="noopener noreferrer">Blockstream Jade</a> (Bitcoin-only, good value)</li> + <li><i class="bi bi-shield-check"></i> <a href="https://trezor.io/" target="_blank" rel="noopener noreferrer">Trezor</a> (Established, supports multiple coins)</li> + <li><i class="bi bi-shield-check"></i> <a href="https://www.ledger.com/" target="_blank" rel="noopener noreferrer">Ledger</a> (Popular, supports multiple coins - research recent events)</li> + <li><i class="bi bi-shield-check"></i> <a href="https://foundationdevices.com/" target="_blank" rel="noopener noreferrer">Passport by Foundation</a> (Bitcoin-only, airgapped)</li> + <li><i class="bi bi-shield-check"></i> <a href="https://seedsigner.com/" target="_blank" rel="noopener noreferrer">SeedSigner</a> (DIY airgapped signing device)</li> + </ul> + + <h6><i class="bi bi-journal-album"></i> Metal Seed Storage</h6> + <ul> + <li><i class="bi bi-shield-check"></i> <a href="https://cryptosteel.com/" target="_blank" rel="noopener noreferrer">CryptoSteel</a> (Capsule & Cassette)</li> + <li><i class="bi bi-shield-check"></i> <a href="https://blockplate.com/" target="_blank" rel="noopener noreferrer">Blockplate</a> (Stainless steel plates)</li> + <li><i class="bi bi-shield-check"></i> <a href="https://seedplate.com/" target="_blank" rel="noopener noreferrer">Seedplate</a> (Punch-hole or engraved plates)</li> + <li><i class="bi bi-shield-check"></i> <a href="http://coldbit.com/" target="_blank" rel="noopener noreferrer">Coldbit Steel</a> (Various steel backup solutions)</li> + <li><i class="bi bi-shield-check"></i> <a href="https://stampseed.com/" target="_blank" rel="noopener noreferrer">StampSeed</a> (DIY stamping kits)</li> + </ul> + + <h6><i class="bi bi-diagram-3"></i> Multisig Coordinator Software</h6> + <ul> + <li><i class="bi bi-shield-check"></i> <a href="https://sparrowwallet.com/" target="_blank" rel="noopener noreferrer">Sparrow Wallet</a> (Desktop, feature-rich)</li> + <li><i class="bi bi-shield-check"></i> <a href="https://specter.solutions/" target="_blank" rel="noopener noreferrer">Specter Desktop</a> (Desktop, hardware wallet focused)</li> + <li><i class="bi bi-shield-check"></i> <a href="https://bluewallet.io/" target="_blank" rel="noopener noreferrer">BlueWallet</a> (Mobile, good for smaller multisig)</li> + <li><i class="bi bi-shield-check"></i> <a href="https://nunchuk.io/" target="_blank" rel="noopener noreferrer">Nunchuk</a> (Mobile & Desktop, collaborative focus)</li> + <li><i class="bi bi-shield-check"></i> <a href="https://electrum.org/" target="_blank" rel="noopener noreferrer">Electrum</a> (Desktop, versatile, advanced users)</li> + </ul> + </div> + <div class="col-md-6"> + <h6><i class="bi bi-building-shield"></i> Collaborative Custody & Inheritance Services</h6> + <ul> + <li><i class="bi bi-shield-check"></i> <a href="https://unchained.com/" target="_blank" rel="noopener noreferrer">Unchained Capital</a> (Multisig vaults, inheritance)</li> + <li><i class="bi bi-shield-check"></i> <a href="https://casa.io/" target="_blank" rel="noopener noreferrer">Casa</a> (Multisig key management, inheritance)</li> + <li><i class="bi bi-shield-check"></i> <a href="https://www.swanbitcoin.com/vault/" target="_blank" rel="noopener noreferrer">Swan Vault by Swan Bitcoin</a> (Guided multisig setup)</li> + </ul> + + <h6><i class="bi bi-incognito"></i> Privacy Tools</h6> + <ul> + <li><i class="bi bi-shield-check"></i> Password Managers: <a href="https://bitwarden.com/" target="_blank" rel="noopener noreferrer">Bitwarden</a>, <a href="https://1password.com/" target="_blank" rel="noopener noreferrer">1Password</a></li> + <li><i class="bi bi-shield-check"></i> VPN Services: <a href="https://protonvpn.com/" target="_blank" rel="noopener noreferrer">ProtonVPN</a>, <a href="https://mullvad.net/" target="_blank" rel="noopener noreferrer">Mullvad</a></li> + <li><i class="bi bi-shield-check"></i> Encrypted Email: <a href="https://proton.me/mail" target="_blank" rel="noopener noreferrer">ProtonMail</a>, <a href="https://tutanota.com/" target="_blank" rel="noopener noreferrer">Tutanota</a></li> + <li><i class="bi bi-shield-check"></i> Data Broker Removal: <a href="https://joindeleteme.com/" target="_blank" rel="noopener noreferrer">DeleteMe</a>, <a href="https://optery.com/" target="_blank" rel="noopener noreferrer">Optery</a></li> + <li><i class="bi bi-shield-check"></i> Secure Mail Forwarding: <a href="https://www.travelingmailbox.com/" target="_blank" rel="noopener noreferrer">Traveling Mailbox</a></li> + </ul> + <h6><i class="bi bi-book-half"></i> Educational Resources</h6> + <ul> + <li><i class="bi bi-shield-check"></i> <a href="https://bitcoin.org/en/secure-your-wallet" target="_blank" rel="noopener noreferrer">Bitcoin.org - Secure Your Wallet</a></li> + <li><i class="bi bi-shield-check"></i> <a href="https://jamesonlopp.com/bitcoin-information/" target="_blank" rel="noopener noreferrer">Jameson Lopp's Bitcoin Resources</a></li> + <li><i class="bi bi-shield-check"></i> Search for local Bitcoin meetups for community support.</li> + </ul> + </div> + </div> + </div> + </section> <section class="section-container" id="inheritance" data-section-id="inheritance"> - <h2 class="section-title"><i class="bi bi-people-fill"></i> Inheritance & Succession: Plan To Die</h2> + <h2 class="section-title"><i class="bi bi-people-fill"></i> Inheritance & Succession Planning</h2> <div class="row"> <div class="col-lg-12"> <div class="security-card"> <h5> - <span><i class="bi bi-journal-richtext"></i> Heirs Protocol: Clarity & Practice</span> - <span class="threat-level threat-critical">CRITICAL</span> + <span><i class="bi bi-journal-richtext"></i> Ensuring Your Bitcoin Passes On</span> + <span class="threat-level threat-critical">CRITICAL (Complexity Scales)</span> </h5> - <p class="summary">Your Bitcoin is lost if heirs can't recover it. <span class="lopp-term">Heirs' unfamiliarity with hardware wallets is the #1 failure mode</span>. Document, rehearse, simplify.</p> + <p class="summary">Without a plan, your Bitcoin could be lost forever upon your death or incapacitation. <span class="expert-term">Heir unfamiliarity is a major risk factor.</span></p> <button class="btn details-toggle" type="button" data-bs-toggle="collapse" data-bs-target="#inheritance-plan" aria-expanded="false" aria-controls="inheritance-plan"> <i class="bi bi-chevron-down"></i> Details </button> <div class="collapse collapse-content" id="inheritance-plan"> - <h6>Multi-Layered Inheritance (Lopp-Inspired):</h6> - <ol> - <li><strong>Legal Layer:</strong> Trust documents naming successor trustees, specific digital asset instructions. Consult crypto-aware estate attorney.</li> - <li><strong>Technical Access for Heirs:</strong> - <ul> - <li>Detailed, plain-language signing procedures.</li> - <li>Rehearsal video demonstrating recovery (use a test wallet).</li> - <li>Distribute instructions/video to trusted executors/attorney in sealed, tamper-evident envelopes or encrypted files.</li> - <li>Consider models like Casa's Inheritance vault: heir holds one key, trusted third-party (like Casa or attorney) holds another, potential time-delay for release.</li> - </ul> - </li> - <li><strong>Practical Training & Support:</strong> - <ul> - <li>Annual "fire drill" with primary heir(s)/trustee.</li> - <li>Embed an expert recovery service or trusted, Bitcoin-literate advisor in the plan.</li> - <li>Clear "First Call" instructions for heirs.</li> - </ul> - </li> - </ol> - <div class="rule-box critical"> - <strong>Lopp's Warning:</strong> "I'll teach them someday" means heirs likely get nothing. Action today is paramount. + <div class="tier-advice pleb-advice"> + <h6><i class="bi bi-person-fill"></i> Everyday Holder / Plebe:</h6> + <ul> + <li>Write a simple, clear letter of instruction. Include location of seed backup(s), hardware wallet, and basic access instructions or who to contact for trusted help.</li> + <li>Store this letter securely with your will. Inform your executor or a trusted heir of its existence and location.</li> + </ul> + </div> + <div class="tier-advice whale-advice mt-3"> + <h6><i class="bi bi-gem"></i> Significant Holdings / Whale: Comprehensive Protocol</h6> + <p>All the above, plus a multi-layered strategy:</p> + <ol> + <li><strong>Legal Framework:</strong> Work with a crypto-aware estate attorney.</li> + <li><strong>Detailed Technical Instructions:</strong> Create "idiot-proof" documentation and potentially video walkthroughs.</li> + <li><strong>Guided Recovery / "Coach":</strong> Designate a trusted, crypto-literate individual, recovery service, or collaborative custody partner (some listed in <a href="#tools-services" class="details-link">Tools section</a>) to assist heirs.</li> + </ol> </div> - <p class="lopp-ref">Ref: Casa Inheritance Product, Lopp on Heir Unfamiliarity</p> </div> </div> </div> @@ -406,49 +524,28 @@ </section> <section class="section-container" id="maintenance" data-section-id="maintenance"> - <h2 class="section-title"><i class="bi bi-arrow-repeat"></i> Continuous Verification & Drills</h2> + <h2 class="section-title"><i class="bi bi-arrow-repeat"></i> Continuous Verification, Drills & Adaptation</h2> <div class="row"> <div class="col-lg-12"> <div class="security-card"> <h5> - <span><i class="bi bi-calendar-check-fill"></i> Routine Practice & Adaptation</span> - <span class="threat-level threat-medium">MEDIUM</span> + <span><i class="bi bi-calendar3-event-fill"></i> Security is a Process, Not a Destination</span> + <span class="threat-level threat-medium">MEDIUM FOR ALL</span> </h5> - <p class="summary">Security is not static. <span class="lopp-term">Schedule quarterly sign-and-verify drills</span>. Health-check devices, rotate batteries, confirm backup accessibility. Re-evaluate your threat model after major life events.</p> + <p class="summary">Regularly test your setup, from signing transactions to full backup recovery. <span class="expert-term">Stay informed and adapt your strategy</span> to new threats, software updates, and changes in your life.</p> <button class="btn details-toggle" type="button" data-bs-toggle="collapse" data-bs-target="#maintenance-drills" aria-expanded="false" aria-controls="maintenance-drills"> <i class="bi bi-chevron-down"></i> Details </button> <div class="collapse collapse-content" id="maintenance-drills"> + <div class="rule-box expert-insight"> + <strong>Universal Best Practice:</strong> Before committing any significant funds to a new wallet or backup method, send a small, trivial amount of Bitcoin through the *entire* lifecycle: setup, deposit, securing the seed, signing a test transaction, and then *fully recovering the wallet from your seed backup* on a separate or wiped device. This catches most user errors early. + </div> <h6>Key Maintenance Activities:</h6> <ul> - <li><strong>Quarterly Drills:</strong> - <ul> - <li>Perform a small transaction requiring your multisig quorum.</li> - <li>Verify each hardware wallet powers on and is functional.</li> - <li>Check firmware versions; update on an airgapped machine if necessary, after verifying update authenticity.</li> - <li>Inspect physical condition of metal backups.</li> - </ul> - </li> - <li><strong>Annual Full Review:</strong> - <ul> - <li>Attempt a full seed recovery on a test device for at least one key.</li> - <li>Review all documentation for clarity and accuracy.</li> - <li>Re-assess counterparty risk if using custodians for any keys.</li> - </ul> - </li> - <li><strong>Life Event Triggers:</strong> - <ul> - <li>Marriage, divorce, birth of children.</li> - <li>Moving to a new home, city, or country.</li> - <li>Significant changes in tax law or regulations in your jurisdictions.</li> - <li>New known attack vectors or vulnerabilities discussed in the Bitcoin community.</li> - </ul> - </li> + <li><strong>Scheduled Drills & Full Recovery Tests:</strong> Annually for Plebes, more frequently for Whales.</li> + <li><strong>Stay Updated:</strong> Follow reputable Bitcoin security news. Update software/firmware *cautiously*.</li> + <li><strong>Adapt to Change:</strong> Re-evaluate security after life events or changes in holdings/risk.</li> </ul> - <div class="rule-box lopp-insight"> - <strong>Lopp's Principle:</strong> Routine drills keep entropy (and heirs' confusion) on your side. Automation (like Casa's health checks) is good; calendared DIY checks are essential. - </div> - <p class="lopp-ref">Ref: Casa Health Checks, Lopp on Threat Model Re-evaluation</p> </div> </div> </div> @@ -456,40 +553,48 @@ </section> <section class="section-container" id="checklist" data-section-id="checklist"> - <h2 class="section-title"><i class="bi bi-check2-square"></i> Lopp-Inspired HNW Implementation Checklist</h2> + <h2 class="section-title"><i class="bi bi-check2-square"></i> Scalable Self-Custody Checklist</h2> <div class="security-card"> - <h5><i class="bi bi-list-task"></i> Key Actions (Iterative & Ongoing)</h5> + <h5><i class="bi bi-list-task"></i> Key Actions (Tailor to Your Holdings & Risk)</h5> + <p class="text-secondary">Review and implement applicable steps. <i class="bi bi-person-fill"></i> = Core for Everyone. <i class="bi bi-gem"></i> = Enhanced/Essential for Significant Holdings.</p> <div class="row"> <div class="col-md-6"> - <h6>Phase 1: Foundational OpSec & Physical Security</h6> + <h6>Foundational Security (OPSEC & Physical)</h6> <ul> - <li><input type="checkbox" id="chk-lopp-opsec"><label for="chk-lopp-opsec">Implement strict "Silence is Armor" OPSEC.</label></li> - <li><input type="checkbox" id="chk-lopp-identities"><label for="chk-lopp-identities">Segregate crypto identities (comms, deliveries).</label></li> - <li><input type="checkbox" id="chk-lopp-home-harden"><label for="chk-lopp-home-harden">Begin home hardening (doors, windows, alarm, cameras).</label></li> - <li><input type="checkbox" id="chk-lopp-pii-removal"><label for="chk-lopp-pii-removal">Initiate PII removal from data brokers.</label></li> + <li><input type="checkbox" id="chk-s-opsec-silence"><label for="chk-s-opsec-silence"><i class="bi bi-person-fill"></i> Practice "Shield of Silence" regarding holdings.</label></li> + <li><input type="checkbox" id="chk-s-secure-accounts"><label for="chk-s-secure-accounts"><i class="bi bi-person-fill"></i> Secure online accounts (strong unique passwords, 2FA).</label></li> + <li><input type="checkbox" id="chk-s-safe-hw-delivery"><label for="chk-s-safe-hw-delivery"><i class="bi bi-person-fill"></i> Ensure safe delivery of hardware wallets.</label></li> + <li><input type="checkbox" id="chk-s-basic-home-sec"><label for="chk-s-basic-home-sec"><i class="bi bi-person-fill"></i> Implement basic home physical security for backups.</label></li> + <li><input type="checkbox" id="chk-s-whale-opsec"><label for="chk-s-whale-opsec"><i class="bi bi-gem"></i> Advanced OPSEC: pseudonyms, PII scrubbing, separate digital identities.</label></li> + <li><input type="checkbox" id="chk-s-whale-home-fortress"><label for="chk-s-whale-home-fortress"><i class="bi bi-gem"></i> Develop "Home Fortress" & duress protocols.</label></li> </ul> - <h6>Phase 2: Robust Multisig Architecture</h6> + <h6>Wallet & Backup Architecture</h6> <ul> - <li><input type="checkbox" id="chk-lopp-multisig"><label for="chk-lopp-multisig">Design 3-of-5 or 5-of-7 multisig with heterogeneous hardware.</label></li> - <li><input type="checkbox" id="chk-lopp-metal-seeds"><label for="chk-lopp-metal-seeds">Acquire/create robust metal seed backups (steel/titanium).</label></li> - <li><input type="checkbox" id="chk-lopp-geo-distro"><label for="chk-lopp-geo-distro">Geographically distribute keys/seeds across varied hazard zones/jurisdictions.</label></li> - <li><input type="checkbox" id="chk-lopp-decoy"><label for="chk-lopp-decoy">Setup decoy wallet & duress protocols (emphasize time-delay).</label></li> + <li><input type="checkbox" id="chk-s-hw-wallet"><label for="chk-s-hw-wallet"><i class="bi bi-person-fill"></i> Use a reputable hardware wallet (single-sig for smaller amounts).</label></li> + <li><input type="checkbox" id="chk-s-metal-backup"><label for="chk-s-metal-backup"><i class="bi bi-person-fill"></i> Create metal seed backups (minimum 2 copies).</label></li> + <li><input type="checkbox" id="chk-s-offsite-backup"><label for="chk-s-offsite-backup"><i class="bi bi-person-fill"></i> Store at least one seed backup securely off-site.</label></li> + <li><input type="checkbox" id="chk-s-test-full-workflow"><label for="chk-s-test-full-workflow"><i class="bi bi-person-fill"></i> Test entire wallet setup & recovery with small amount first.</label></li> + <li><input type="checkbox" id="chk-s-bip39-careful"><label for="chk-s-bip39-careful"><i class="bi bi-person-fill"></i> Understand BIP39 passphrase risks thoroughly if considering use.</label></li> + <li><input type="checkbox" id="chk-s-whale-multisig"><label for="chk-s-whale-multisig"><i class="bi bi-gem"></i> Implement multisig (e.g., 2-of-3, 3-of-5) with diverse hardware.</label></li> + <li><input type="checkbox" id="chk-s-whale-geo-distro"><label for="chk-s-whale-geo-distro"><i class="bi bi-gem"></i> Geographically distribute all multisig key material.</label></li> </ul> </div> <div class="col-md-6"> - <h6>Phase 3: Inheritance & Disaster Resilience</h6> + <h6>Inheritance & Long-Term Planning</h6> <ul> - <li><input type="checkbox" id="chk-lopp-estate-plan"><label for="chk-lopp-estate-plan">Consult crypto-aware estate attorney for trust/will.</label></li> - <li><input type="checkbox" id="chk-lopp-heir-docs"><label for="chk-lopp-heir-docs">Create plain-language heir recovery docs & rehearsal video.</label></li> - <li><input type="checkbox" id="chk-lopp-heir-expert"><label for="chk-lopp-heir-expert">Train heirs OR embed expert recovery service in plan.</label></li> - <li><input type="checkbox" id="chk-lopp-burial-cache"><label for="chk-lopp-burial-cache">(Optional Extreme) Plan/execute secure burial cache for one seed/share.</label></li> + <li><input type="checkbox" id="chk-s-simple-heir-letter"><label for="chk-s-simple-heir-letter"><i class="bi bi-person-fill"></i> Create a basic letter of instruction for heirs.</label></li> + <li><input type="checkbox" id="chk-s-inform-executor"><label for="chk-s-inform-executor"><i class="bi bi-person-fill"></i> Inform executor/trusted heir of instruction letter's existence/location.</label></li> + <li><input type="checkbox" id="chk-s-whale-estate-plan"><label for="chk-s-whale-estate-plan"><i class="bi bi-gem"></i> Engage crypto-aware estate attorney for will/trust.</label></li> + <li><input type="checkbox" id="chk-s-whale-heir-coach"><label for="chk-s-whale-heir-coach"><i class="bi bi-gem"></i> Arrange for a "coach" or detailed guided recovery for heirs.</label></li> + <li><input type="checkbox" id="chk-s-whale-detailed-heir-docs"><label for="chk-s-whale-detailed-heir-docs"><i class="bi bi-gem"></i> Prepare comprehensive technical documentation for heirs.</label></li> </ul> - <h6>Ongoing: Vigilance & Practice (Lopp's Emphasis)</h6> + <h6>Ongoing Maintenance & Vigilance</h6> <ul> - <li><input type="checkbox" id="chk-lopp-quarterly-drill"><label for="chk-lopp-quarterly-drill">Quarterly sign-and-verify drills & device health checks.</label></li> - <li><input type="checkbox" id="chk-lopp-annual-audit"><label for="chk-lopp-annual-audit">Annual full security audit & backup recovery test.</label></li> - <li><input type="checkbox" id="chk-lopp-threat-reval"><label for="chk-lopp-threat-reval">Re-evaluate threat model after life events / new intel.</label></li> - <li><input type="checkbox" id="chk-lopp-attack-study"><label for="chk-lopp-attack-study">Periodically review Lopp's Physical Attack Database.</label></li> + <li><input type="checkbox" id="chk-s-annual-recovery-drill"><label for="chk-s-annual-recovery-drill"><i class="bi bi-person-fill"></i> Conduct annual full backup recovery drill.</label></li> + <li><input type="checkbox" id="chk-s-stay-informed"><label for="chk-s-stay-informed"><i class="bi bi-person-fill"></i> Stay informed on security best practices & new threats.</label></li> + <li><input type="checkbox" id="chk-s-cautious-updates"><label for="chk-s-cautious-updates"><i class="bi bi-person-fill"></i> Update software/firmware cautiously after verification.</label></li> + <li><input type="checkbox" id="chk-s-whale-regular-drills"><label for="chk-s-whale-regular-drills"><i class="bi bi-gem"></i> Conduct regular (e.g., quarterly) signing drills & device health checks.</label></li> + <li><input type="checkbox" id="chk-s-whale-threat-reval"><label for="chk-s-whale-threat-reval"><i class="bi bi-gem"></i> Re-evaluate threat model and update protocols after significant life/holding changes.</label></li> </ul> </div> </div> @@ -499,10 +604,10 @@ <footer> <div class="container"> - <p>© <span id="currentYear"></span> David Veksler | Inspired by the work of Jameson Lopp and others in the Bitcoin security community.</p> - <p><a href="https://walletrecovery.info" target="_blank" rel="noopener noreferrer">WalletRecovery.info</a> | <a href="https://davidveksler.substack.com" target="_blank" rel="noopener noreferrer">Substack</a> | <a href="https://github.com/jlopp/" target="_blank" rel="noopener noreferrer">Jameson Lopp on GitHub</a></p> - <p class="text-secondary">This guide is for informational purposes and not financial/legal advice. Your security is your responsibility. Layer your defenses.</p> - <p><strong>Lopp's Key Takeaway: Distribute authority, delay attackers, ensure hard-copy resilience, maintain silence, plan to die, and practice routinely.</strong></p> + <p>© <span id="currentYear"></span> David Veksler | This guide synthesizes principles from numerous Bitcoin security experts and resources for a scalable approach.</p> + <p><a href="https://walletrecovery.info" target="_blank" rel="noopener noreferrer">WalletRecovery.info</a> | <a href="https://davidveksler.substack.com" target="_blank" rel="noopener noreferrer">Substack</a></p> + <p class="text-secondary">This guide is for informational purposes. It is not financial, legal, or specific security advice. Your security is your ultimate responsibility. Always Do Your Own Research (DYOR) and consult qualified professionals where needed. Product and service links are for illustrative purposes and not endorsements.</p> + <p><strong>Core Principles for All: Robust Backups | Practice Recovery | Maintain OPSEC | Stay Vigilant. Scale complexity with holdings and risk.</strong></p> </div> </footer>