Notes and References
[1] each device involved in your Bitcoin setup should have a non-zero amount of Bitcoin to serve as proof your device is not compromised.
[2] Amazon link to Pamela Morgan book: https://www.amazon.com/Cryptoasset-Inheritance-Planning-Simple-Owners/dp/1947910116/ref=sr_1_1
[3] Bluewallet allows you to set a custom Electrum server. This gives additional privacy if it's a server you own. Running your own server will not complicate inheritance because if your server is down then Bluewallet will prompt the user to switch back to the default server run by Bluewallet.
[4] bluewallet.io or Bluewallet Services S. R. L. on the Play store or App store.
[5] They must be brand new and not an old used phone because old phones could have malware or viruses.
[6] Cryptosteel capsules can be purchased here: https://cryptosteel.com/product/cryptosteel-capsule/
It's important to use a capsule with a pre-stamped alphabet. Other steel backup products that use punches or rows of tiles are not reliable. See Jameson Lopp blog post: https://jlopp.github.io/metal-bitcoin-storage-reviews/
[7] These two physical addresses should be places you access on a daily basis like your home and a locker/safe at your work/office.
[8] These two physical addresses should be places that require you to interact with another human (who can call the police if needed). If possible it's better if the human you have to interact with doesn't have knowledge that a Bitcoin seed is hidden at the location.
[9] the two brand new phones are cold storage and should be stored powered down. They can be stored in a faraday bag to protect from any remote signals.
[10] S4E7 Bitcoin Takeover Podcast featuring Peter Todd. https://open.spotify.com/episode/4bVzMzF90M0v56jwsAHM0S
[11] Paul Storcz tweet against HWW. https://twitter.com/Truthcoin/status/1334553492980162563
[12] Fenton Tests.
Test 1 - tell your next of kin to retrieve the coins with the info they have now
Test 2 - pretend your phone and everything in your house is destroyed - could you get your coins?
Test 3 - you are attacked and held hostage in your home, they will find a safe and anything you have, what can they get?
Test 4 - you suddenly have amnesia or dementia - how do your loved ones find the coins?
Test 5 - government search of your private premises (and bank safety deposit box), will they find a key / seed?
Test 6 - you have 24 hours to pack and leave your Country never to return and all banks / safe deposit boxes are inaccessible.
https://twitter.com/brucefenton/status/1593069948523646978
[13] BIP39 passphrase lengths are not consistent between wallet implementations. Some wallets truncate the passphrase to a short length when you need to use a long (12-word) passphrase to get 2 of 2 security. Also, HWW vendors suggest you memorize the passphrase or create it from your head. If you follow that advise you risk forgetting the passphrase or revealing it under duress. A true second factor must be something you cannot acquire at home or from memory.
[14] HWW vendors out of business: https://twitter.com/BtcCuracao/status/1739489191820476818
[16] HWW vendor doesn't make companion software.
https://twitter.com/COLDCARDwallet/status/1733879811439792155
https://twitter.com/COLDCARDwallet/status/1735303894547198397
https://github.com/spesmilo/electrum/issues/4968
https://cointelegraph.com/news/phishing-attack-on-electrum-wallet-nets-hacker-almost-1-million-in-hours-report
https://techcrunch.com/2023/12/14/supply-chain-attack-targeting-ledger-crypto-wallet-leaves-users-hacked/
[17] HWW companion software that puts the user at undue risk.
https://cointelegraph.com/news/newly-discovered-vulnerability-in-all-ledger-hardware-wallets-puts-user-funds-at-risk
https://decrypt.co/37651/ledger-exploit-makes-you-spend-bitcoin-instead-of-altcoins
[18] https://support.ledger.com/hc/en-us/articles/360007534774--Ledger-Chrome-apps-deactivated?docs=true
[19] It costs $2M for a zero day iPhone exploit. Joe Rogan Podcast #2076.
[20] Satoshi created the first multisig format now known as raw multisig and each public key would be visible on the chain when you receive your initial Bitcoin into the multisig address. In modern Bitcoin the public keys don't show up onchain when you receive your initial Bitcoin into your multisig.
[22] https://seedhammer.com/article/multisig-does-not-protect-against-weak-entropy