Crypto User’s Security Tips
People and especially new comers to crypto have no idea how much data about their crypto they are leaking. As crypto is being bought into mainstream, all the paranoia about privacy is slowly fading out and people are neglecting how much info they actually are leaking.
Well you may think your info is worth nothing..well take a look. Your data especially I believe crypto data will be more valuable than ever. If enough care is not taken, the cycle of companies selling your spending/buying data to banks and insurance companies will repeat again and satoshi wouldn’t approve this.
So here are some ways you are leaking your crypto data….
Portfolio Apps :
This is the place where everyone crypto user will be storing their crypto data. It’s a honeypot for the hackers/data farmers. Just imagine, instead of cracking the blockchain and linking your KYC and stuff to your blockchain address…simply they can hack coinmarketcap. If the portfolio website you use has your conventional gmail/outlook/yahoo email account…then consider it compromised.
Heck, instead of the whole hacking possibility, Coinmarketcap might themselves be selling the data..we won’t have an idea whatsoever.
The fix? : Either don’t link your email account to the service or…make a secure email like protonmail and then use it.
Wallet Addresses :
This is not a new concept. There are companies like messari, chainalysis whose whole revenue model is to “analyse” blockchain data? Well what do they do with analysis?….Well one option is to offer “insights” to companies about your spending data of crypto.
The fix? : Use a different address whenever possible. Many wallets offer “subaddresses” where you can generate new addresses every time. Use them as much as possible.
Your IP Addresses :
While crypto is considered secure, it is “pseudo-anonymous”. Bitcoin org website itself says that some malicious node “might” log IP addresses.
The fix? : Simply, use Tor.
Two factor authentication :
Many exchanges implement 2FA but here comes the thing. Personally I have an experience..I’ve set my phone number for 2FA on binance. The next day, I have messages on my phone with chinese text citing BTC giveaways and what not.
The fix? : Use apps like Google Authenticator or Authy
Online ordering history :
This might be overkill but I feel it is never overkill to maintain privacy. Websites like amazon note down in bold ink that you ordered that hardware wallet. Many websites too have “tags” on what a customer is inclined to purchase. Always try to maintain a low profile atleast. Even the educational books on bitcoin or any crypto will make those analytics bots eyes turn.
The fix? : Order books from original sellers. For example, monero books can be ordered on monero org website with monero itself as payment.(Just a usecase, not shilling). Buy hardware wallets on first party websites preferably with crypto as payment. No choice but amazon?..Make a new profile/address and order the item with cash as payment. Prefer hidden packaging..you don’t want any one in the delivery chain to see you are holding crypto. I also prefer gift packaging as it conceals stuff from many people in the delivery chain.
Never flex your gains :
This is a mistake I often do too..never reveal your gains/portfolio to anyone. There’s already enough people trying to get the data from you..don’t add to that cause.
More Quick Security Tips by thorthur22
2FA is must. But it’s not enough to just have it enabled. This is meant to be simple and quick, obviously you should learn more about each point.
Down and dirty security:
1- Get a google voice number. VOIP numbers can’t be SIM jacked. Free for U.S. use. VOIP numbers can be ported but GVoice numbers are locked by default so you can’t port it unless you first unlock it.
2- Get LastPass Authenticator or Authy. Don’t use Google Authenticator unless you understand the consequences, i.e. losing the device with your google auth loses those 2FA OTP codes(unless you manually back it up). If you do understand the consequences then you should be using a YubiKey.
3- Remove your cell number from your google account security, replace with google voice number or nothing. Best case is having 2FA via a properly used YubiKey.
4- If you use a password manager and you should, remove SMS 2FA from this or change to GVoice. Set PW manager to use YubiKey or TOTP Authenticator for 2FA.
5- Over the next month, cycle that dumb password you keep using on all your accounts with minor variations to something psuedo randomly generated via a password manager. BtC2DaM00n$ is not special.
6- Log into your cellphone providers website and set a telephone passcode. This will ensure no changes to your wireless account can be made over the phone without that code. Randomize the pin number and store it as a note or additional field in your password manager.
We can keep going and get more granular but this is a good 90% solution for most entry level crypto users, especially ones that were exposed in the Ledger leak.
Remember your entire online identify can be comprised by resusing the same password, and then someone taking your email.