COLD PHONE: a rough hack for enhanced privacy

Jacob · 1 June 2020 11:42

On today’s AMA call, the topic of “what if i don’t trust my phone” came up with regards to key generation.

Here’s a very rough hack to ensure your key stays protected on a mobile device:

Get an old mobile phone that can run the incognito wallet. (Shout out to Google pixel/Nexus devices for having good software updates.)
Do the software updates
Install incognito
Disable wifi (on some phones you could even remove the wifi antenna)
Disable 4g and remove the SIM card
send funds to your public key using the recieve screen

Screenshot_20200401-190210

All you should need is that QR code.

Downside: if I understand how incognito works, you’d be unable to check your balances using that QR code / address from a connected device.

Upside: this method eliminates most of the ways your phone could betray you, and when you need to view your balance, you could always connect your cold phone to a very secure WiFi network that is only allowed to talk to incognito.

There are probably other variations on this theme I haven’t considered, also.

Cheers! It was a fun call today, thanks.

Peter · 3 April 2020 11:58

Thanks, Jacob. We will look into this and get back to you soon.

Jamie · 4 April 2020 11:14

I was present at the AMA and remember this being brought up.
Just wonder if it works.

What part are we trying to prevent “knowing about our account”?
You can’t open the app without having a wifi or other connection.
Can’t create a new account either.

Can you explain a little more? Maybe I am setting it up the wrong way.

Jacob · 6 April 2020 07:06

Ok so, I haven’t tried this with incognito, only other currencies.

Why isn’t it possible to generate a keypair without being online?

Andogen · 2 May 2020 05:15

That’s an interesting idea Jacob. I am playing around with android on a pi to see if I can get wallet to run and the system is stable!
Probably an older isolated android phone may be the better option! Will think about this.

Thanks

Jamie · 2 May 2020 13:05

The generation of a keypair can be done without being online.
The Wallet app however also contacts the network to get a shard number, in that same action. This makes the described approach not work.

Andogen · 3 May 2020 06:54

Are you saying, Android 9 running on a raspberry pi, with the wallet will not work?

Cheers

Jamie · 3 May 2020 08:29

No, I am saying, you can’t access the Wallet app, nor generate new accounts, without an internet connection.

Andogen · 4 May 2020 08:05

No worries Jamie, just wan’t sure you were still talking about the cold phone option!
All good.

Kelsomatic · 13 May 2020 18:28

Since key generation is not an option currently on a cold phone since you can’t open the app without internet will there be a workaround in the future. Ie hardware wallet integration or ability to open to open app without internet?