I feel like @Alby could do this.  Channels force close to hot wallet with seed, I'm sure they could map to a cold address or silent address or bolt 12. 

 It’s when they need to add in the time machine that most people just slack off.

https://media1.giphy.com/media/dXFKDUolyLLi8gq6Cl/giphy.gif?cid=9b38fe919h7l7f9w02xiz54uz6ukmss576wx87nhx6nrp4uk&ep=v1_gifs_search&rid=giphy.gif&ct=g 

 Bitkey requires email and phone number to purchase and doesn't accept Bitcoin for payment..... 

 I think they are referring to the key design not anything about the service specifically. It’s a man obscured multisig with the intent of making it easy and safer for casual users. 

 I'm sure it works technically, but I'm not buying from a company that doesn't accept Bitcoin for a Bitcoin wallet 

 True-ish, except taproot. 

 Are there assisted MS solutions that have taproot support? 

 Nunchuk will soon I think. @c301f133 

 UGH I'm tired of soon™, I need NOW

😂 

 - Did you generate the seed on a single device?
- Can you prevent hurricanes, floods, fires, ...?
- Can governments prevent you to access the location in cases of (indefinitely long) emergencies? 

 Everything has tradeoffs. For long term storage, your first two points aren't applicable. 

1. You can do it offline and bring your own entropy
2. Most weather can't get through a block of concrete
3. This is valid risk and needs to be mitigated.  

 Fair point with the key generation.

With the single location, I wouldn't be comfy when I need to be.

Think about being in 1900 in Europe and trying to find a single secure location where your kids would always be able to access it in time of need for just a next 100 years...

Probably more than 95% of land mass or fakilies had some heavy access restrictions put place on them at least for some period during that time. Usually in the most crucial period. 

 I do not argue against that 

 Holding a smaller amount wouldn’t be about distributed multisig, it would be about service based multisig. 

I’m not saying there is one size or one setup, I’m saying that the various levels of security and self custody should be met with different kinds of multisig.

In the case of someone who just bought 100k sats, maybe it’s a 2/3 with their phone, their spouse (or another device), and the wallet provider? 

——

I just think the design mentality should be “so what multisig would be best for this user’s situation and skill level?” 🤔 

 This is the correct take.

Multisig everything, but solve for the difficulty on the design side.

As a non-dev, I often overlook the "just make it better" solution. Lol. 

 That's why bitkey is great for newbs, especially if they're stacking in size 

 I think when someone just bought their first 100k sats is the best time to teach "ultimately, you're responsible for protecting your keys". Conversely, "Don't worry.  If you screw up, your spouse might be able to bail you out." seems like the beginning of forming bad habits. 

 I think that's a little like saying that using training wheels is setting people up for not being able to ride a bike. 

I think making the presumption that learning and taking responsibility aren't incremental processes (when i think there's ample evidence that it is like any other learning process) is a great way to just get a lot of people to be too afraid to take the first step, imo. 

 Hmmm.. I'm not sure that relying on shared custody does much to teach self custody.  Using training wheels does in fact teach balance to ride a bike.

Regardless, if I don't want people too afraid to take the first step, I'm suggesting something like a singlesig wallet app on the phone they likely already own; not purchasing at least a 2nd signing device (either for themself and/or their spouse) in addition to having to sign up for some sort of assisted custody wallet service.  Remember, the premise here is that we're only talking about a mere 100k sats at first.  I think most newbies on the fence about dabbling in so little would be completely turned off by any relatively significant additional investment and enrollment process just to do so.

Learning can certainly be an incremental process.  That process ought to be learn singlesig; then you can learn multisig, imo. 

 Of course. 

 Setups should be thought as as varying levels of multisig in complexity and sovereignty.

As I mentioned with @bitcoinpup, let’s say you have someone who’s buying their first bitcoin. You just onboarded your friend basically.

Well then maybe the setup should be that you have a key, your friend has a key, and the wallet provider has a key. That way this person can come back to you and still recover funds in case anything goes wrong.

It leverages local trust, instead of some huge, distant corporate (or scam wallet) trust model. 

Then this can have all sorts of default variations based on the level of user skill and knowledge. 3/7 for someone who really needs help, but has a ton of funds, and has a spouse/friend they trust with a device also. Use tapsigners for main keys because they are super easy and have no input or UI complexity. They always work and you just keep them in your wallet. Multiple options for recovery, and to them it’ll look like just “tap to sign” because their phones auto sign with a local key too. 

This way if they lose their phone, tapsigner, and additional key, it can still be recovered through their group. The UX challenge for something like that is mostly in the setup process.

But then there’s all sorts of options in between. As well as timelocks in the case of too many keys lost, let recovery still be possible on one key, with a 3 month delay, etc.

Just lots to explore and it could be hidden for the user behind, “just have these devices” or “just have this person confirm,” or “just tap this card,” etc. 

 Got it that all makes sense.

I like the idea of popularizing tapsigners, from a UX perspective it’s the most familiar which is a boon for onboarding.

I think assisted 2/3 multisig would be a good setup for most people, but that would probably require a subscription fee or some other funding mechanism to keep the provider’s lights on. Which may turn some people off of it altogether. 

 This would be more for people who want to use their bitcoin or are on a bitcoin standard. 

 Anything that improves how you use taproot would be a big help. And just implementing naive multisig setups and making it the norm would build the pressure for things like FROST to get adopted. 

 Only if you do assisted MS. You can control all the keys if you want. And as long as you hold the minimum signer threshold (2 keys in a 2/3) you're only sacrificing privacy to the 3rd key holder (which is obviously a big consideration). 

 Not really; but it depends on implementation.  Most I've seen suggest that you should retain possession of 2 of the 3 keys in a 2-of-3 multisig, for example... There is no counterparty risk if a) your authorization is required to move funds; and b) you don't require anyone else's authorization to move funds.

The real risk multisig introduces is complication risk: simply more keys to keep track of. 

 This would be part of the benefit of multisig. A single set of seed words don't threaten your bitcoin and so you can still move them if a key has gotten compromised. 

 Seeds plus passphrase is a good poor mans multisig. Keep the seed and passphrase separate.  

 It will suffice from a security standpoint if you know how to maintain it, secure it, and not lose it. 

I think most people discount just how unprepared and "tech security illiterate" the average person is. Yet many have decent amounts of money and want to get into #Bitcoin. In this case the "simple" solution is highly likely to result in disaster.

Example, someone I've been talking to who  have been buying bitcoin just lost his phone twice in 2 months, got tricked into buying rallycoin by coinbase jsut before they delisted it so he can't get rid of it, and now thinks he sent bitcoin to his green wallet but it never showed up (i still ahve to investigate this one).

The guy wants to put his savings into bitcoin but his life is pretty crazy and I honesly don't feel safe telling him to do this unless I can make him a setup that's easy to understand and recover from WHEN those things happen. I think the best option is to distribute among many devices. 

 Exposing your entire UTXO set to a KYC third party is a bigger risk IMO and there is no guarantee they won’t “lose” they key or get hacked and can’t retrieve it 
If they want to save in bitcoin, learn proper OpSec, it is not hard. They just have to put in the time 
And never advise someone to put their entire stack on one type or model of HWW. 
Distribute the risk with different companies 

 > just how unprepared and "tech security illiterate" the average person is. 
Yes an I don't know anyone besides myself that cares. They can't be bothered because things mostly work okay.