I am not a fan of hardware wallets, as I believe that personally to me they can do more harm than good.
I do not encourage everyone to abandon them, because I understand that for beginners they are some sort of salvation from malware on their Windows.
That's my personal conviction.
@TheFuzzStone what is your bare metal distro on your computer, what are you using on the vms?
What wallets do you use for that?
@techit, I use Manjaro KDE on the host. Linux Mint XFCE on the VM.
All my wallets are #opensource.
I don't use proprietary wallets as a matter of principle.
@techit, To be ready to make a purchase at any time.
For example, I've paid my dentist with Bitcoin. Next time I'll try to pay him with Monero.
@techit, unofficially - yes.
I helped him install #Mycelium on his Android, explained the importance of the mnemonic phrase, and explained how to use the wallet.
He made a backup of the mnemonic phrase on a piece of paper, and then I paid for his work using Bitcoin.
Did ya see the recent #CakeWallet Mother's Day contest where they asked their users to #doxx themselves by publicly posting their #XMR addresses on #Twitter? It's both sad & strange that any #Monero project would ever encourage this behavior as it's such #BadPractice & bad #OPSec.
I now suggest #Monerujo to Android users instead of the above as I do not ever see them encouraging this type of crap.
This behavior is what you would expect from a possible #honeypot. It's terrible to ever encourage anyone to do this. If you are using any #privacy coin, it is good practice to not publicly link any of your addresses with any form of social media. Otherwise, you might as well not be using a #PrivacyCoin & can just go use BTC or some other #SurveillanceCoin.
@TheFuzzStone Do you use Qubes? Because if you run your wallets in a VM and do everything else on the host, your host can get compromised and then virtualization won't help a lot 😉
@gandalf86, No, I don't use Qubes. I use the virtual machine's encrypted images when I need to perform some transaction.
I keep small amounts on Android. I have a couple of wallets that I use on Android that I don't use anywhere else.
I even have a mnemonic phrase generated in 2016 on Android in Mycelium wallet. This kind of test with a couple of bucks in it, but I keep importing that phrase every time I buy a new phone.
@TheFuzzStone Ok that's fine, then you have data encryption at rest. I was just commenting on the "separate your wallets from the host" part ... because, if your host gets compromised, in the sense that an attacker can copy arbitrary data and sniff keyboard strokes, then having a VM running on that host won't help because the attacker will see the password when you type it in.
@gandalf86, with only my wallet password the attacker cannot steal my crypto. He needs to steal either the wallet file or the mnemonic phrase or private keys.
The mnemonic phrase/private keys are inserted only once into your wallet to restore it.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.