On January 3rd 2019 we'll be taking back control!
This is a guide aimed at newcomers or for anyone who has never had their bitcoin under their own control and wishes to stop relying on exchanges or other people keeping their BTC safe.
While it is in some ways safer to leave the security of your precious BTC up to the huge and more reputable companies in the space, having responsibility over your own money is a key principle in Bitcoin – for very good reason.
Not your keys? Not your bitcoin!
You might also be in a position where someone in your family takes care of your bitcoin for you, off exchange but still out of your control. This is the perfect time to become literate about how to store your BTC yourself and take some pressure off that person. What would happen if they were to pass away? If they have left a guide for you explaining what to do in the event of their death, what happens if someone were to find that guide while they are still alive? Conversely what if there is no guide and the coins are just gone forever?
This guide won't go in to high level solutions like Glacier Protocol, which are so extreme as to (in my opinion) actually do a disservice to the overall goal of getting people to keep their funds under their own control by being so intimidatingly, insanely over the top that people become discouraged. You can break free of the custodial norms of money without going to these levels and still be sleeping comfortably at night.
Finally, we're not trying to bank the unbanked, we're trying to unbank everybody!
With that said, let's go over some of the standard ways you can own bitcoin without third party help.
There is still time to get one in time for the event should that be your aim, but I'd also like to stress that you should take as long as necessary to know exactly what you are doing before moving any bitcoin.
Should you choose this option, while not the best it is far from the worst and it is the route that I will be recommending in this guide.
When it arrives, check that it hasn't been messed with. Trezor packages come glued together with a seal that must be in tact. There are risks in using hardware wallets, but remember that there is no such thing as perfect security. The wallet will come with a fairly comprehensive guide but there are a few things to say here.
You will be tasked with writing down 24 words as a seed. Here is where the most caution will be needed.
Write down these words on a piece of paper away from anything with an exposed camera such as a cell phone or laptop webcam, away from any prying eyes or windows and even, for the paranoid, without leaving a mark on the surface underneath the paper that you are writing on.
Do not take a photo of these words. And never, ever, ever write them down on anything electronic. Use. Paper.
These words will be used by the hardware wallet to generate the private keys that ultimately need to be used to to tell the bitcoin network where you want the coins at the addresses they correspond to to go. – Sorry mouthful but that's literally the essence of how all this works.
So if you don't have these words and you lose access to your device, or forget the PIN (see further down) then you can't spend your coins – they're gone, or rather, they are stuck at the same address. Forever. Lost bitcoins don't disappear, they just stay at whatever address they were at.
If you do have these words then you can spend the coins. i.e They are yours. However so can anyone else who finds these words (unless you have a secret extra word which I will go into in just a moment).
In bitcoin, knowledge is possession. This is the truest form of intellectual property that has ever existed.
Once you have written down your 24 words, laminate them. (I can't find the link sadly, but I'll never forget the story of a drunk guy on bitcointalk.org taking his paper wallet out of a safe and spilling his drink on them making them unreadable. Don't be that guy).
Laminated? Definitely not exposed to any cameras, people or windows? Good. Find somewhere safe to store them. Ideally an actual fire-proof safe. But first, put it in an evidence bag. This adds additional security (admittedly not much, but IMO it's worth doing).
Now, once you have followed the instructions on your hardware wallet you should reach the point where it wants a pin. This pin is specific to the device and only protects the device – it does not have anything to do with the bitcoin on the device. It merely protects the device itself, so in the event that it gets stolen, the thief (providing he only has the device, not your 24 words) will not be able to do anything with it. However, if the attacker finds the device and pin, they have your coins they do not need your 24 words. So bare this in mind.
Having the device and the pin means you can spend the bitcoins on this device – even without the 24 words.
Device and nothing else? Useless. Pin and nothing else? Useless. Pin and device even without the 24 words? Control over your bitcoin. Just the 24 words and nothing else? Control over your bitcoin.
Secret extra words
You will be given the option to add a 25th word (or even 26th, 27th…you can add as many as you would like.) This is not the same as a pin. This will cause different private keys to be generated. This is becoming standard practice as a thief will look for 24 words, but it changes the scope of any attack they would pull insisting on trying extra words and checking each wallet that gets generated for any bitcoin.
So standard practice is to generate a 24 word wallet, store a small amount of bitcoin in there, and then add an extra word where you store the bulk of your bitcoin. Then your thief will hopefully be satisfied that you aren't hiding a larger stash, or decide to cut their losses. If your 24 words generate an empty wallet that will likely signal to any bitcoin savvy thief that you have extra words up your sleeve.
Rather than describe all this in detail (as each hardware wallet works differently), I will ask the reader to get familiar with their device, set up a few wallets, transfer tiny amounts of bitcoin each time as a test, firstly with just 24 words, then a secret extra word. Get comfortable doing this and make sure you understand what you are doing at every step before moving your actual stash.
If you break/lose your device
Simple, buy a new one and enter your 24 words. Added an extra word? No problem, enter your 25 (or however many) words. It's as simple as that. If lost and not broken, someone who finds it won't be able to do anything if they don't have the pin. Typing wrong pins in after 32 attempts or so, they'll be waiting until the end of the universe until the device lets them try another guess. (That's how trezor works at least – doubling the time required between wrong password attempts each time).
For those with a smaller amount that don't want to splash out on a hardware wallet, or just want to do this right away, phones are actually pretty decent security wise (I'd use a phone over a laptop as it's easy for laptops to become infected with malware such as Windows 10).
Download a wallet such as GreenAddress and follow the exact same protocol as above. It is exactly the same, except a hardware wallet gains the security of having less functionality than a phone – fewer things can go wrong (but they are more likely to be targeted in transit so….again – no such thing as perfect).
Got an old phone that you don't use any more? It's the perfect use for it. Remember, if it dies on you, you'll still have those 24 words and that's enough to retrieve your coins. (One thing worth mentioning is that secret extra words are not usually possible on phone wallets. They aren't designed for the kind of security that hardware wallets offer).
Cutting up your 24 words and placing them in different locations doesn't do a lot to increase security while it does however massively increasing the chances that you yourself will become unable to access your own coins. Don't go overboard and end up losing everything.
Don't make a 500 character pin on your device – as mentioned above a few wrong attempts locks out any thief pretty much until the end of time.
Keeping your 24 words somewhere other than your primary residence might be a good idea, but another country? That's probably taking it too far.
Don't mention bitcoin on facebook. If you were going on about this 5 years ago, everyone there now knows whatever wealth that you had back then is now a few orders of magnitude greater. And that will continue to happen. Don't become a target.
You can use an airgapped laptop – not recommended if you don't know what you're doing.
You can generate a paper wallet using bitaddress.org – no one does this anymore as far as I can tell, and I'm told by core devs that it is a horrible method, even if done offline using a dumb printer.
You can flip a coin 256 times – seriously not recommended unless you are just curious and want to really see under the hood.
That's pretty much it for this guide. I hope people will tear me to shreds in the comments, thus increasing the overall value of this post.
p.s one thing worth mentioning, "Proof of Keys" is a strange name if you ask me. In Bitcoin, you prove you own coins by signing a message. No one here needs to be doing that. All that January 3rd is about is you, without the aid of any third party, having the full and sole control over your coins.
p.p.s So much of this knowledge comes from Andreas Antonopolous. It has to be said. (when mastering LN btw?)