If you can’t trust your hardware, you can’t trust anything
The point of cryptocurrencies is that we don’t need to trust any one entity with our money.
But 99% of people using the blockchain don’t achieve this trustlessness. Why? The way they interact with the blockchain necessitates they trust their devices. Take this example
A Chinese military unit designed and manufactured microchips as tiny as a sharpened pencil tip. Then, microchips were inserted into the motherboards of one of the largest sellers of microchips in the world. Compromised servers made their way inside the data centers of dozens of American companies.
These American companies may have done everything right: they may have used secure operating systems, trustworthy software, had security procedures in place, etc.
But none of that mattered because of one tiny malicious piece of hardware in their computers.
Here is another example:
A private key is extracted from TailsOS - an operating system regarded as one of the most secure in the world. How? The way hardware works on that machine was maliciously altered.
The bottom line is this, even using blockchain, you still have to trust your hardware with your on-chain assets. Or do you?
Trusting the black box
The problem with hardware is that it’s next to impossible to verify. It’s a black box.
Have you ever opened your computer or phone? Probably not.
And even if you did, can you see the components? Can you verify they don’t do anything malicious? No, probably not.
First, some hardware is proprietary - meaning we don’t know what it actually does.
And even with open-source hardware - we know what it should be doing but still have to trust it was manufactured according to specification.
Getting trustworthy devices
Here is how to mindfully source your devices (computers, phones, hardware wallets, etc.):
buy new - you never know what’s modified in a used device
buy from reputable sellers
choose reputable brands
purchase anonymously - especially if you think you could be targeted, for example, if it’s publicly known you own cryptocurrencies
choose smaller devices - hardware in larger devices (like a PC) is much easier to alter than that of smaller (like a laptop or a phone)
In essence, you want to be one of thousands of people using a reputable device that’s coming from a trusted source - like an official distribution chain store.
Note: this only makes a device more trustworthy, not trustless. You still have to trust it.
The only way to become sovereign.
The only way to use blockchain without having to trust any one hardware manufacturer is to use a multi-signature setup (aka. MultiSig).
MultiSig is when multiple signers are required to sign a transaction for it to be executed.
For example:
You sign your transaction using MetaMask on your computer
You sign your transaction using Trezor
You sign your transaction using MetaMask app on your phone,
and only after all three wallets sign the transaction, it’s executed.
Have you noticed how we achieved true trustlessness with MultiSig? The hardware of all 3 devices would need to be compromised for you to be hacked - your computer, your hardware wallet, and your phone.
Meaning you don’t have to trust your hardware wallet manufacturer anymore. You don’t have to trust your computer manufacturer anymore. You’re in complete control. Empowered. Sovereign. Free.
Now, how do you set something like that up?
Bitcoin has MultiSig setup built-in. On Ethereum and all EVM-compatible chains (like BNB Chain), you can use Gnosis Safe - it’s a FOSS (Free and Open Source Software) smart contract that you deploy and configure to achieve a MultiSig setup.
Next week I’ll show you step-by-step how to deploy a multi-sig setup