This guide covers:
Before diving into the project, understanding the context for self-custody is a critical aspect of mitigating some of the most pervasive risks involved with Bitcoin, as the saying goes: "Not your keys, not your coins". Trusting third parties like exchanges with your bitcoin introduces several risks that have the potential to leave you vulnerable to theft, seizure, and unrealized capital gains tax.
Additionally, most custodians, if not all of them, are required to comply with Know-Your-Customer (KYC) regulations that introduce you to even more risks associated with data breaches that leak your Personally Identifiable Information (PII) to the wide open internet. All Bitcoin transactions are public and if your PII is tied to on-chain data then you are left with no privacy against the trusted custodian who knows your identity and your on-chain balances. In the hands of a hacker, that information can put your life at risk. Also, since these custodians prioritize their relationship with law enforcement and will always make decisions that do not have your best interest in mind; in the hands of your government, this information can put your freedoms at risk.
If you are interested in learning more about catastrophic events involving trusted third parties, check out these resources:
Many of these risks can be mitigated by taking self-custody. The trade off is that you are taking the personal responsibility of securing your bitcoin. You and you alone are responsible for your bitcoin. There are no "1-800" help lines to reverse your transaction and nobody can help you recover a lost or forgotten seed phrase. Luckily there are many tools available to help you achieve safe and private self-custody.
SeedSigner is one such tool that combines general-purpose, inexpensive hardware with free and open source software to provide you with a DIY signing device so you maintain unrestricted, permissionless access to your bitcoin. Customers of Bitcoin hardware wallet manufacturers face certain risks that users should be aware of. There is risk of a supply chain attack where the hardware is intercepted en route and modified in some compromising way prior to final delivery. There is also a risk introduced by exposing personal information to such manufacturers, for example, the Ledger data breach exposed the PII of over one million customers which led to sophisticated phishing attacks and potentially aiding in physical assault and armed robbery. There is also the risk of a "sunset" attack where the hardware wallet manufacturer could try different nonces until they guess your master private key based on information obtained by watching your transactions on the public blockchain.
One helpful feature of SeedSigner is that the required components are widely available, inexpensive, and general purpose. This means that these parts can be procured in such a way that no indication of using them for Bitcoin is revealed. SeedSigner is sold in a kit from various vendors, so if you purchase the complete kit then it is obvious what the intended use is. However, throughout this guide you will find links to several vendors for the individual components so that you have the resources you need to procure them individually if you prefer.
This video demonstrates a high-level overview of the content within this guide. The video is not meant as a replacement for the information in this guide, only as a supplemental visual assistant that demonstrates testing, assembly, generating a seed, entering a passphrase, backing up a seed via QR code, and fire-testing the steel plate.
No solution is without its tradeoffs, here are a few things to consider with the SeedSigner. A full list of acknowledged criticisms and vulnerabilities is maintained by SeedSigner here. To mention a few: