I have some question about monero. I bought some time ago trezor safe 3 and i know most safe way to store crypto is to have them in cold physical wallet, but im not sure if this case is right with monero and if i want to stay anon. I think i bought it from official site but with card or paypal (dont remember now, anyway not anon way). My question is - can they somehow link which trezor wallet i use from payment or order info, or if they have any backdoors,? Or it still will be more secure to use gui or cli wallets like monero.com or feather or cake wallet (with tor or tails)?
1 Like
can they somehow link which trezor wallet i use from payment or order info
As far as I know, all they can infer is that the owner of the credit/debit card or PayPal account (you) has bought a Trezor device. If you’re worried, you could buy a new one from an authorized reseller, or buy from Trezor again but with a new account and pay by cryptocurrency.
if they have any backdoors
No backdoor was found till this day (some vulnerabilities are found, but they are all physical hack and can be mitigated, they are not intentional backdoors). Trezor is one of the most reputable hardware wallet brands. Everything is open source: the hardware device itself, the firmware, the client. You can literally build the entire Trezor devices yourself. The files for the 3d printable case is on Trezor’s github, along with the schematics for the circuit boards and all of the little electrical parts needed to make your own.
It depends on your threat model, but you might want to check out how to run your own node for your privacy, and how to recover your Monero wallet on other devices (Trezor’s Monero seed phrase is different from other standard Monero wallets)
1 Like
I have my Monero wallet on my TAILS USB only.
I regularly update the ledger, but keep it at zero balance and would create a new address for each transaction.
None of my other devices have Monero associated with them. I use Proton Wallet for Bitcoin, Metamask for Etherium and an accredited exchange account for other token holdings.
Recovery codes are stored on paper, offline in a location known only to me.
I use 50+ character Pass Phrase’s stored in my head for daily access.
I must stress though, that ALL of this is more of a ‘bugout’ strategy than for general trading or investing purposes.