Interacting with bitcoin privately

Bitcoin Privacy

One of the first things most people hear about Bitcoin is that it’s “Private internet money” or “Untraceable Cash for criminals.” But spend more than 5 minutes to understand how the network functions and you’ll quickly see that these assertions are incorrect and can often lead newcomers into a false sense of security when interacting with Bitcoin.

We spoke in our recent coinjoin article about how Bitcoin has a completely transparent record of all transactions ever made, known as the blockchain. This transparent nature makes it trivial to verify the total circulating supply of Bitcoin at any moment, an incredibly important feature. However, Bitcoin’s transparent nature also makes it easier for chain surveillance firms, or indeed anyone using a block explorer, to attempt to track the flow of funds across the network. Not great for privacy!

At a transactional level, Bitcoin offers less than perfect default privacy guarantees, which can be combated with tools like coinjoin, but transacting is just one of the many ways in which we interact and expose ourselves to Bitcoin and the ecosystem surrounding it. A holistic approach is a great way to attack most things in life; Bitcoin privacy is no different.

So what steps can average Bitcoiners take to preserve their privacy whilst leveraging the power of the world’s hardest money? What follows are some tools and techniques anyone can deploy when looking to improve or protect their Bitcoin privacy. You might be surprised at how simple some of them are!

#1 – SHhh

This might seem blatantly obvious, but the fewer people you talk to about owning Bitcoin, the fewer people know you own Bitcoin. Aside from the obvious privacy benefits, this one also improves your Bitcoin security too. Attackers cannot attempt to steal something they have zero knowledge about.

Of course you’ll want to try and ‘orange pill’ your friends and family and you’ll also need to ensure you have the necessary things in place for inheritance planning should anything happen to you, both of which involve you exposing a certain level of information about your Bitcoin. Just be selective with the info you share and who you share it with – it’s a fine balance to strike.

#2 – Use a Pseudonym

This one goes hand in hand with #1, but is geared more towards getting involved in the vibrant online Bitcoin community. A pseudonym is a great way to make new Bitcoin friends from all over the world without the need to share any of your personal information with a group of strangers on the internet.

Signing up to Twitter or Telegram with a username like @JohnDoe makes it easy for anyone to search your name and find out significant amounts of information about you in just a few clicks. Now that they know you’re a Bitcoiner, they may choose to use this information against you at any point in the future.

Ultimately you have no idea who the real people are behind the usernames you interact with online, so it makes perfect sense to guard yourself with a pseudonym whilst building those relationships. From there you can choose to selectively reveal as little or as much information about yourself as you’d like over time.

#3 Use Tor or a vpn

Any time you connect to the internet you leak information about yourself. The two usual suspects are your IP address, which shares your approximate location with every website you connect to, and your browsing activity with your Internet Service Provider (ISP).

Visiting a Bitcoin related website? That website knows roughly where you live, and your ISP sees every page you view. Querying your Bitcoin balance using the default node back-end in a wallet like BlueWallet or Blockstream Green? That company knows roughly where you live and how much Bitcoin you have, and the ISP also see’s you connecting to them.

By carrying out those activities over the Tor network or whilst using a VPN service, you gain differing levels of protection against these sorts of privacy leaks. These tools work by hiding your browsing activity from your ISP and masking your IP address from the websites or nodes you connect to.

Where possible, try to use Bitcoin wallets like Envoy or Samourai Wallet that default to Tor connections. When using tools like public blockchain explorers or any Bitcoin related websites, use the Tor network or have a VPN service like Mullvad active to mask your true IP address. It’s worth noting here that whilst a VPN will hide your browsing activity from your ISP and your IP address from the services you connect to, the VPN provider can still see this information.

Tor Browser Window

#4 Obtain via no-KYC methods

When purchasing Bitcoin from a regulated exchange like Cash App or River, you’ll need to provide personal information to satisfy the ‘Know your Customer’ (KYC) regulations imposed upon them. Usually this information will be your name, address, drivers license, or passport and in some cases, might even be a selfie or video asking you to turn your head and say some specific words. Any Bitcoin you then purchase from that entity is tied to your personal identity.

Your public information is stored by these companies (sometimes poorly) and likely shared with the government upon request. Unfortunately, this information is often leaked onto the internet by hackers, resulting in anyone with eyes on the leaked list learning your name, where you live, what you look like and potentially how much Bitcoin you own.

This information could make you a target to a local thief who might take the opportunity to pay you a visit and try to persuade you to hand over your hard earned sats. Although the more likely outcome is that you’ll become the target of phishing attacks where an attacker will send a bogus email asking you to login to a malicious website in an attempt to steal your Bitcoin.

Fortunately you can combat this by obtaining Bitcoin via methods that do not require you to share such excessive amounts of personally identifying information. These methods take many forms, below is a list of just a few of them. You can learn more at kycnot.me and nokyconly.com.

Bisq Decentralized Exchange

#5 Run your own node

In #3 we spoke about the risks of network level privacy leaks when querying public block explorers or when using the default node option of some wallets. Another way you can combat these privacy leaks is to run your own Bitcoin node. A node is the way in which all Bitcoin wallets communicate with the Bitcoin network to send transactions and query balances. If you are not using your own node, you are trusting someone else’s node with your privacy and to serve you the correct information.

Thankfully today we have a wealth of different node options available to suit all requirements and skill levels. Some are as simple as downloading Bitcoin Core onto an old laptop to connect your hardware wallet to, and some come packed with more advanced features like personal block explorers, coinjoin implementations, Electrum servers, and Lightning Network features.

Which one you choose will depend entirely on your budget, requirements, available hardware, and skill levels. Just remember, to leverage the power of your own personal node, you must use it as the back end for your Bitcoin wallets! “Don’t trust, verify.”

RoninDojo Tanto Plug + Play Node

#6 Address reuse

We have the legacy financial system to thank for this one! We are used to having a single account number which we re-use for years on end to receive money. That single number is the ‘place’ where we store our fiat wealth. Bitcoin is slightly different. In Bitcoin we have our wallet, which is typically backed up by a 12 or 24 word seed, and from that seed we can derive an unlimited amount of individual addresses.

Typically a Bitcoin address will look something like this bc1qrkgefmxzn6v3kuhkgxlf6lkul9y50ahf4ckrq8, although some older address standards can start with ‘1‘ or ‘3‘. Re-using the same address for multiple transactions tells anyone looking at the blockchain that all funds within those transactions belong to the same entity.

When receiving Bitcoin it’s good practice to use a new address with every transaction. This might sound like a logistical nightmare, but almost all modern wallets will automatically serve you a new one every time you receive, the only thing you need to do is not share the same one with different people. The wallet will automatically watch all of those addresses and show you your wallet’s total balance.

#7 coin control and labeling

The Bitcoin balance you see in your wallet is the sum of all of the smaller pieces of Bitcoin contained within. These pieces of Bitcoin are known as Unspent Transaction Outputs (UTXOs) and each will have a history, some of which belongs to you, some of which does not. If you use a wallet that automatically selects which UTXOs are used when making each transaction, you may be sharing unwanted transactional information with the recipient of the transaction or anyone surveilling the blockchain.

Additionally, if your wallet enables you to view and select UTXOs to transact with, but you do not know the source of each, how will you know which ones are best to use for the different transactional situations you find yourself in? By using a wallet that allows UTXO labeling and the selection of which UTXOs are used to construct each transaction (known as Coin Control), you are able to share the minimal amount of information when transacting.

A good practical example of this would be a wallet that contains both KYC and no-KYC Bitcoin. Ideally, you should not combine these two sources in a single transaction, because it will tie the no-KYC Bitcoin to the KYC Bitcoin that is linked your true identity provided when you purchased from the regulated exchange. If your coins are clearly labelled ‘KYC‘ and ‘no-KYC‘ then you can make an educated decision when spending those sats in the future.

Sparrow Wallet showing labeling

#8 Use coinjoin

Those of you that read our coinjoin article will already have a flavor of what coinjoin is and why it’s important. Here is a snippet from the opening paragraph. ‘Coinjoin is a form of collaborative Bitcoin transaction where two or more users create a transaction that provides ambiguity about the ownership of the transaction outputs. This takes place without a user needing to trust any other user participating in the transaction.’

Coinjoin aims to combat the transparent nature of the Bitcoin blockchain by making it difficult for anyone surveilling the chain to track the flow of funds. There are many times of coinjoins a user can take part in to improve their ‘on-chain’ privacy. There are centrally coordinated solutions such as Whirlpool and peer-to-peer solutions like JoinMarket, Stonewall X2 and Stowaway.

A combination of some or all of these tools can be used to improve on-chain privacy, and with the exception of JoinMarket, all of the aforementioned tools can be accessed via Samourai or Sparrow wallets.

Whirlpool coinjoin from KYCP.org

Final thoughts

Bitcoin privacy is an constantly evolving phenomenon. For every new wallet feature or protocol upgrade, there is a shift in regulation or surveillance technology to attempt to combat it. The steps outlined above may seem daunting or lengthy, but in our opinion, are a small price to pay to achieve true financial sovereignty. Privacy in Bitcoin is not easy, but is attainable for those that seek it.

If you’d like to learn more about the practical application of some of these tools and techniques, check out bitcoiner.guide/privacy from our very own Bitcoin QnA and Jameson Lopp’s privacy resource page.

purchase PASSPORT

Order Passport Batch 2 today, limited to 2400 units!

$259.00Add to cart

Buying Passport privately USING Coinjoin

What is coinjoin?

Coinjoin is a form of collaborative Bitcoin transaction where two or more users create a transaction that provides ambiguity about the ownership of the transaction outputs. This takes place without a user needing to trust any other user participating in the transaction.

Imagine you and nine friends all throw a $10 note into a box, shake the box around, and then each pick out a note at random. Nobody would know who ended up with whose original $10 bill!

Coinjoins can take many different shapes and sizes but are always performed in a non-custodial fashion, meaning that you never lose control of your bitcoin when participating. Anytime you’re participating in a ‘coinjoin’ that asks you to send all your Bitcoin to an address not under your control, beware. So called ‘Mixers‘ like this operate in a custodial fashion and have been known to steal people’s bitcoin. Tread extremely carefully and only use tools that are well vetted.

The most common type of Coinjoin is known as an ‘Centrally Coordinated’ one, where there are often many participants in each transaction. An example of this is the Samourai Wallet Whirlpool implementation. In this type of setup, multiple users connect to a central coordinator which acts as a the central authority between all participants. The coordinator never gains control of any funds or learns anything about the participants. Its main functions are to coordinate the transaction (which becomes difficult to do purely in a peer-to-peer fashion as more participants are added) and collect a fee for maintaining the service.

Whirlpool coinjoin example with 5 participants

Why coinjoin?

Traditional finance offers fairly good levels of privacy from certain parties. For example, your employer doesn’t get to see how you spend your paycheck, and the Barista at Starbucks doesn’t get to see how you spend the change from the $20 bill you used for your morning latte.

Due to Bitcoin’s completely transparent ledger, it’s more challenging to maintain your privacy in the above examples – unless you embrace basic privacy practices when interacting with Bitcoin! In addition to being transparent, the Bitcoin blockchain is also permanent. Every transaction you make is copied to thousands of nodes (or computers) around the world to be stored indefinitely.

These two properties of Bitcoin (transparency and permanency) make it trivial for even semi-sophisticated actors with time and resources to track the flow of funds across the blockchain, at any time they like. The mistakes you make today could easily be used against you in the coming years by anyone with the ability and desire to interpret this public information.

Coinjoins provide Bitcoiners with a way to prevent against such attacks and regain some privacy. Coinjoins allow you to prevent your employer, Starbucks Barista, or even worse – a chain surveillance firm (whose job it is to track entities on the blockchain) – from tracking your spending habits. This gives you the ability to spend or save in the same way you would with physical cash, without fear of retribution at some arbitrary point in the future.

what is a payjoin?

Aside from the commonly used ‘centrally coordinated’ coinjoins, consisting of a larger number of users that each receive back the same amount they put in (less any fees), there is also Payjoin. Payjoins are peer-to-peer coinjoins, generally between just two parties. Payjoins are more commonly used when transferring value from one person to another, like buying a new hardware wallet!

Payjoins enable Bitcoin value transfer between two parties, whilst breaking something called the ‘Common Input Ownership Heuristic’ (CIOH). This heuristic used by chain surveillance firms to try and interpret the flow of funds across the blockchain. These firms do this by assuming that all of the inputs to a transaction belong to the same entity, which is true of most typical Bitcoin spends, but not with Payjoin!

As with any normal bitcoin transaction where value is being transferred from one person to another, during a Payjoin transaction the recipient gains the desired amount of Bitcoin from the sender, receiving at least one transaction output (the payment). Where a Payjoin differs is that the recipient also provides an input to the transaction, completely undermining the CIOH and casting doubt over the true flow of funds. The resulting transaction looks no different to any other typical spend, with only the two participants knowing they just completed a coinjoin whilst also transferring value from one to the other.

The other beautiful part about Payjoin is that due to the nature of how these transactions are constructed, the actual value transacted between the two parties is not visible to anyone looking at the blockchain. We’ll demonstrate this in the steps that follow.

buying passport with a payjoin

Currently there are only a few wallets able to send and receive Payjoins that adhere to the BIP78 standard. Sparrow Wallet is a great example, and will be used to demonstrate how you can purchase a Passport with a Payjoin. The receiver side of this transaction will be the Payjoin compatible BTCPay Server, which operates as our in-house Bitcoin payment processor.

First off: head to our website, add Passport to your cart, and then head to the checkout to provide contact and shipping information. Once that’s complete, choose Bitcoin as your payment option and click ‘Proceed To BTCPay’.

Passport order ready to be place

Next you’ll be greeted with an invoice which you can choose to pay using the Lightning Network, or in this case, regular ‘on-chain’ Bitcoin. The QR code shown is an encoded version of the receive address for sending using a standard transaction. For Payjoin, navigate to the ‘Copy’ tab and copy the Payment Link provided.

Invoice QR
Invoice ‘copy’ field

Using a hot wallet in Sparrow, open the Send tab and paste the payment link into the ‘Pay to’ field. Sparrow will then populate the recipient address and amount, and will store the remaining info for a following step in the process. Give the transaction a label, adjust your miner fee and click Create Transaction.

Transaction built

On the next screen you can review the transaction details. Note the blank ‘Payjoin input’? We’ll get to that next.

Transaction Summary

Click ‘Sign’ to authorize the first part of the transaction.

Transaction ready for signing

Now we have the option to Get Payjoin Transaction. This uses the information provided from the payment link copied earlier to contact the Foundation Devices BTCPay Server to obtain the details of the UTXO to be used as the missing input in our Payjoin.

Payjoin coordination ready

Recipient Payjoin input obtained and the final transaction is ready to sign.

Payjoin input obtained

Payjoin signed and ready to be broadcast to the network.

Final transaction for broadcast

The BTCPay Server will automatically detect the incoming payment and mark your order as confirmed!

Order complete

transaction analysis

This image is a block explorer view of the transaction demonstrated above, with added annotations to explain the makeup of the transaction. Some key things to note:

  • Both sender and recipient have one input and one output each
  • The actual value transferred for the purchase during the transaction was 0.00511928 BTC (see the invoice above), this amount is not visible
  • The transaction has cast doubt over the true flow of funds and improved the privacy of both participants
Click to open transaction in a blockchain explorer

The receiver has contributed a UTXO of 0.00583881 BTC to the transaction and finished up with a UTXO of 0.01095809 BTC. Subtract one from the other and you get the exact value of the invoice 0.00511928 BTC.

other privacy considerations

Spending via Payjoins or by using the outputs from larger coordinated coinjoins is a fantastic way to preserve your privacy at the Bitcoin network level. It’s also worth noting that those two options can be combined for even greater effect – Coinjoin with Whirlpool, then use those mixed outputs to create a Payjoin spend!

There are unfortunately many other things to consider when attempting to spend Bitcoin privately, or when ordering Bitcoin related items online. We plan to cover these in future articles, but will summarize them below for awareness.

(1) Purchasing using Bitcoin directly from an exchange

Are you comfortable with the exchange (or trading partner if using a peer-to-peer method) knowing you’re spending to a Bitcoin related company? If not, make use of the Coinjoin tools outlined in this article.

(2) Purchasing using a credit card

Are you comfortable with your bank knowing you’re spending to a Bitcoin related company? If not, purchase using Bitcoin that has been obtained in a private manner or has been coinjoined.

(3) Getting items shipped to your home address

Are you comfortable with the company you’re purchasing from knowing your home address? Are you aware of their data retention policies? How about a curious courier that might see a Bitcoin logo on one of your packages? If not, opt to get the items delivered to a PO box, re-mailer or similar service. The options available to you will depend on your jurisdiction.

(4) Getting items shipped using your real name and telephone number

Once again, are you aware of the company’s data retention policies? Do they have a good track record for keeping customer data secure? You could use a pseudonym and a phone number that is not tied to your personal identity.

The holistic approach

Bitcoin privacy is a multifaceted beast with many things to consider, nobody gets it perfect first time. The key thing to remember is that there’s never a bad time to start improving your privacy. Pick one aspect, make a change, then move on to the next to ensure you don’t get overwhelmed. Stay tuned for more articles on the subject, and if you need personalized support consider checking out our Concierge service.

purchase PASSPORT

Order Passport Batch 2 today, limited to 2400 units!

$259.00Add to cart

New support Tools

support, where + when you need it

At Foundation Devices, we strive to make tools that are powerful, elegant, and easy to use. Judging from the results of our recent customer survey, we’re off to a good start – but we can always do more!

Bitcoin attracts users from different backgrounds and skill sets, from complete beginners purchasing their very first hardware wallet, to expert users buying an additional signing device to compliment their geographically distributed multisig quorum.

Expert users are unlikely to need the same level of hand holding as those just starting their Bitcoin journey, but we want to ensure that no sovereign individual gets left behind. Because of this, we’ve been working hard to improve our content and support options so that everyone can use Passport to its fullest potential.

In the recent weeks we have migrated our user documentation from GitBook to our own self hosted docs site thanks to the great Free and Open Source (FOSS) tool Wiki.js. We think the new layout and improved structure is easier and quicker to navigate. If videos are your thing, we have you covered with a growing collection of ~20 videos on everything from setting up Passport to creating your first sovereign multisig setup with tools like Specter and Sparrow Wallet.

Behind the scenes we’ve also migrated to our own self hosted help desk software thanks to another great FOSS tool, FreeScout. Whilst this shift might seem trivial, the move has allowed us to implement some really cool features to better support you while keeping your data safe. They include:

live chat

Got a burning question that you can’t find an answer to via our docs? You can now message us during business hours for a quick reply from one of our team members. The live chat is present on both our documentation and our main website; just click the small blue chat icon.

telegram bot

Are you an avid Telegram user? Yeah, us too! We have a vibrant and growing community chat which you can find here. However, sometimes you may have a question that you don’t want to ask in front of hundreds of other users. To fix this, we now have our very own Telegram Bot, waiting to help you – in private – with any questions or issues. Messages sent to our Telegram bot will be picked up by the same expert support team that answers our online live chat.

Looking ahead

Over the coming weeks and months we’ll be implementing more FreeScout tools such as:

Knowledge base

FreeScout offers an embedded Knowledge Base feature which we plan to build out with everything from Bitcoin fundamentals to Passport specific information. Our hope is that this will become the one stop shop for all your Bitcoin knowledge needs. Keep your eyes peeled and if you have any content suggestions, feel free to reach out to us.

pgp protected emails

PGP provides the ultimate way in which to communicate via even the most insecure mediums. We are really excited that our more privacy conscious users will soon be able to communicate with us in a fully encrypted fashion. This will make asking even the most sensitive of questions, completely secure and private, even in the extremely unlikely event that our email server were to be compromised.

We hope you find our continued efforts to cater to all of your support requirements (using as many FOSS tools as possible) helpful. As always, please reach out to us if you have any additional requirements or suggestions that we have not yet covered. 

purchase PASSPORT

Order Passport Batch 2 today, limited to 2400 units!

$259.00Add to cart

multisig – is it for me?

bitcoin Key storage

The Bitcoin network dictates that, to create a valid spend transaction, you must provide proof of ownership of the bitcoin being used in the transaction. This is done via the use of a private key to create a digital signature (or proof) that the person creating the transaction is spending the coins belonging to them. Anyone in the network can look at the provided signature and corresponding address being spent from to verify the authenticity of the transaction, without needing to know the private key of person creating the spend. Anyone with access to your private key can spend from your wallet. Now that we understand the importance of private keys, we should probably understand how to secure them properly!

A typical Bitcoin wallet, such as those found on a mobile phone or desktop applications, protects your sats with a single master secret or ‘key’. To sign off on any spend from such a wallet requires a signature from this single key. These types of wallets are colloquially referred to as ‘single-sig’, short for ‘single signature’, referring to the authentication level required to create a valid spend. Used in a setting such as a mobile phone, single-sig wallet setups provide great convenience for those on the go spends that are typically on the lower end of the value scale.

Single-sig wallets can of course be used in more secure setups, such as with an air-gapped hardware wallet like Passport. Used in this context, the key, which is required to authorize transactions, never leaves the offline device. When paired with wallet software like BlueWallet, the software manages incoming transactions and constructs outgoing spends for the offline device to read and sign using its stored key. This extra step, where the authority to spend has been removed from the ‘online’ wallet software, provides an extra security layer against potentially compromised internet connected devices.

With this simplicity comes a theoretical single point of failure. If your wallet and/or seed backup gets compromised, so does your bitcoin! Sure, you could deploy a Passphrase, but what if we wanted to take things a step further and protect ourselves against even more attack vectors?

What is multisig?

Much like single-sig, multisig (short for ‘multi signature’), derives its name from the level of authentication or ‘proof’ required to create a spend transaction. Generally speaking, a multisig wallet requires sign-off from more than one key for any spend. With multisig, you have the freedom to fine tune your wallet configuration to suit your personal circumstances. Two of the most common approaches taken today look like this:

A 2-of-3 setup where 3 keys are used to create the wallet and protect the bitcoin, but only 2 of those keys are required to authorize a spend

A 3-of-5 setup where 5 keys are used to create the wallet and protect the bitcoin, but only 3 of those keys are required to authorize a spend

The number of different Multisig configurations is almost limitless and can be tailored for almost any scenario. A company holding bitcoin on their balance sheet might opt to create an 7-of-12 setup where all board members hold a key and a majority (7) of them are required to authorize spends, whereas individuals would likely not require this level of complexity and would opt for a simpler setup with fewer keys to manage.

multisig benefits

So why might a sovereign individual want to consider a multisig setup? What extra benefits will be gained to offset the increased complexity?

  1. Removal of a single points of failure – In a single-sig setup, if the device holding your private keys, or the corresponding mnemonic seed backup is compromised, so is your bitcoin. With multisig, an attacker would need access to the multisig wallet (or backup file) AND the minimum number of keys required to make a spend.
  2. Redundancy – With a multisig wallet, you can afford to lose at least one key and its corresponding offline backup and still be able to spend your bitcoin. In a 2-of-3 setup, for example, loss of a single key would not result in a catastrophic loss of funds. Likewise, in a 3-of-5 setup, loss of two keys would not result in a loss of funds.
  3. Protection against a compromised manufacturer – In the unlikely event that the hardware wallet used in a single-sig setup turns out to contain a malicious back door, the wallet manufacturer could wait until funds are deposited and then drain the wallet at any point in the future. In this scenario, the manufacturer may not even be at fault; the device could be intercepted in-transit and swapped with a compromised device before arriving at its final destination. When a multisig wallet is configured with devices from multiple vendors, this attack is mitigated.

multisig considerations

While multisig offers exponentially improved protection from single points of failure and improved redundancy from key loss when compared to single-sig, it does also pose some new problems that must be considered before diving in head-first.

  1. More seeds to backup – Every device or key has its own mnemonic seed backup. Storing any of these at the same location negates the some of the benefits we outlined above. Do you have enough secure locations to store all of these seeds?
  2. More devices to secure – As outlined above, storing these devices in the same location is an attack vector. More devices = more secure locations required.
  3. Wallet configuration backup – In a doomsday scenario where a single key (and its backup) in a 2-of-3 setup is lost and the computer holding the wallet software is also not accessible, the remaining two keys, on their own, are not sufficient to recreate the wallet. To mitigate this, it is advisable to keep a copy of the wallet backup file with every key backup. Fortunately, modern multisig coordinator software like Sparrow or Specter Desktop offer this in a single file that can be printed or stored on a USB or microSD card. This file alone does not have the ability to spend; think of it as the ‘framework’ from which you can recreate the wallet.
  4. Inheritance – You might be an avid Bitcoiner, keen on leveling up your Bitcoin security but is your next of kin? You might have the most secure setup the world has ever witnessed, but if only you know how to access it, your bitcoin disappears when you do! The obvious thought is to leave some detailed instructions in case of emergency, but what if those instructions were to fall into the wrong hands?
  5. Spending inconvenience – If you need two keys to spend from your wallet, with one in your home and another a 90 minute drive away at a relative’s house, it could become a real chore if this is a wallet you’re planning to use on a regular basis.

multisig with passport

So, you’ve weighed up the pros and cons and decided to protect your bitcoin using a multisig wallet. Here’s one of the many ways you can do that easily using Passport and one of our favorite desktop wallets, Sparrow . Be sure to check out our other multisig tutorials covering BlueWallet and Specter Desktop.

Once set up, signing multisig transactions with Passport is very similar to single-sig and can be done via QR or microSD. Passport also allows you to view all of the multisig wallets it is a part of by heading to Settings > Multisig. Within the multisig menu you can also import new configurations via QR code or microSD as well as set the device’s ‘Multisig Policy‘. This setting dictates the way in which the device behaves when importing new configurations.

Multisig is an extremely powerful tool in the right hands, capable of protecting your wallet from almost all perceivable attack vectors – but it’s not without potential pitfalls! We suggest weighing the options discussed here and making up your own mind based on your own personal circumstances.

If you would like to leverage the power of a multisig with Passport as at least one of the signers, you can now preorder a device from our second batch at a new, reduced price.

purchase PASSPORT

Order Passport Batch 2 today, limited to 2400 units!

$259.00Add to cart

Passphrases – What/Why/How?

bitcoin backups

The default backup for a typical Bitcoin wallet today consists of a mnemonic seed which is typically 12, 18 or 24 words in length and chosen from a universally agreed upon list of 2048 words. With this mnemonic seed you can move or recover your bitcoin into any other BIP39 compatible wallet (hint – they pretty much all are!).

Thankfully it is now common practice for Bitcoiners to store their mnemonic seed using a robust metal backup method to ensure their bitcoin is not lost in the case of disaster. But these storage methods pose a new problem to solve, what happens if someone were to find the metal backup? Your mnemonic seed, in clear text, ripe for picking to the first person that lays their eyes on it!

Sure, you could opt to use a multisig solution where a single mnemonic seed phrase does not give access to your bitcoin, but that poses many other considerations (to be covered in a future article), first amongst which is drastically increased complexity. You could also opt to use an encrypted backup which is perfectly resistant to physical attacks but does not offer the same assurances against fire or water.

Enter passphrases…


What are Passphrases

A passphrase is an additional word or combination of words that can be added to your mnemonic seed as an additional layer of security against physical attacks. A passphrase can be as short or as long as you like and can contain any combination of letters (upper and lower case), numbers or special characters. Passphrases are case and order sensitive, for example Passphrase123, 123passphrase, passphrase123 and 123Passphrase will all result in completely different wallets, each with their own unique list of addresses.

A passphrase is never stored on your signing device and will need to be entered every time you want to manage the passphrase protected wallet – fortunately Passport makes long passphrase entry simple thanks to its keypad design. Your passphrase does not replace your mnemonic seed; it is used in addition to it. If you decide to use a passphrase to protect your bitcoin, you need both your seed and your passphrase to recover funds.


should you use a passphrase?

There are two main benefits for users that choose to implement a passphrase, plus an optional third that comes with a little extra complexity.

1. Physical Attack Protection – If using a passphrase protected wallet and an attacker were to find your mnemonic seed backup, the attacker does not gain access to your bitcoin.

2. Plausible deniability – If using a passphrase protected wallet and an attacker were to hold you hostage until you gave up your bitcoin, you could have previously loaded a small amount onto the wallet without the passphrase (i.e. just your seed words). Telling the attacker where the mnemonic backup is, and allowing them to find this small amount may be enough to stop any further attack whilst the majority of your bitcoin is held safely within the passphrase protected wallet the attacker doesn’t know exists.

3. Separate Wallets – Some more advanced users may also use multiple different passphrases as a method of separating out their different pots of bitcoin. This could be for short/long term savings or for ensuring that separating KYC and noKYC funds never get merged together to protect the users privacy. It’s worth noting that the same effect can be achieved using the accounts feature on Passport.


passphrase considerations

Whilst passphrases offer many great benefits, particularly from a security standpoint, users must be aware of the considerations and pitfalls of using a wallet with passphrase protection.

1. Short Passphrases – Short 1 or 2 word passphrases from the BIP39 list or the dictionary are next to useless and can be brute forced by even modest attackers. Ensure you use a minimum of four words with numbers and/or characters being an additional bonus.

Estimated time taken to brute force different length passphrases chosen from the BIP39 word list. By Coldbit.

2. Long Passphrases – Longer passphrases are exponentially more secure, but remember, you need to enter this into your signing device every time you want to manage or spend from that wallet. If your signing device makes text entry a chore, the likelihood is you just won’t use it, or even worse, you might enter it incorrectly and cause yourself hours of confusion trying to work out why the addresses being generated don’t match those expected.

3. Storing a Passphrase – Your passphrase is part of your bitcoin backup. No passphrase, no bitcoin recovery. For obvious reasons the passphrase should not be stored in the same location as the mnemonic seed, so consideration must be made to a separate, secure storage location and medium. Imagine your metal seed backup survives a flood but the passphrase you jotted down on paper doesn’t!  No passphrase, no bitcoin recovery!

4. Inheritance – Extra security is great, but will your loved ones know what to do with your passphrase in the event that you are no longer around? Would they even be able to find it?


using a passphrase with passport

So, you’ve weighed up the pros and cons and decided to protect your wallet with a passphrase, smart move! Here’s how you can do that easily using Passport.

To apply a passphrase simply head to Settings > Advanced > Passphrase. Here you can opt to set a passphrase or enable the device to prompt you to enter one each time it boots (useful for users that always use passphrase protected wallets) or you can press ‘Set Passphrase’.

Next, enter your desired passphrase carefully then press continue and double check you have entered the passphrase correctly.

Any time a passphrase protected wallet is active on Passport, it will be denoted by a small ‘P’ in the top left corner.

DO NOT USE THE PASSPHRASE SHOWN

This applied passphrase will be active until Passport is turned off or the user manually clears the passphrase using the exact same method as above. If after reading this post you decide you want to add passphrase protection to your bitcoin storage setup, you will need to activate the new wallet using the process detailed above then export that new wallet to your chosen software wallet. From there you can clear the passphrase and send from your old (non passphrase) wallet across to the addresses controlled by your new passphrase protected wallet.

Decided you want to leverage the power of a passphrase protected wallet? You can get your hands on one of the few remaining Founders Edition Passport devices below.

purchase PASSPORT

Order Passport Batch 2 today, limited to 2400 units!

$259.00Add to cart