<e​ndor00:matrix.org> Also: looking at their website, they say that you get multiple cards, which "establish a secure connection with each other and transfer your encrypted private keys" between eachother.

<e​ndor00:matrix.org> That sounds like a setup vulnerability waiting to happen

<e​ndor00:matrix.org> tangem.com/en/help_center/security/#a5727744364445

<e​ndor00:matrix.org> "If Tangem Note is stolen, can a third party gain access to the wallet?

<e​ndor00:matrix.org> Tangem Note cards have no backup option or access code protection. For this reason, the cards can be compared to traditional banknotes: whoever owns the card can access the wallet. Like traditional banknotes, therefore, these cards must be physically secure at all times."

<e​ndor00:matrix.org> LMAO

<g​fdshygti53:monero.social> omg lol

<g​fdshygti53:monero.social> and you need the card each time you use the device 😂

<g​fdshygti53:monero.social> I think I ear about them before

<e​ndor00:matrix.org> Oh wait, that's Notes, not Wallet

<o​rion_midast:matrix.org> How so? When you create your wallet you basically scan 2 or 3 cards. either card can be used to sign a transaction. so they are like backup cards in case you lose your original. You also create a password for the card so even if the card is stolen no one can use it

<g​fdshygti53:monero.social> "If Tangem Note is stolen, can a third party gain access to the wallet?

<g​fdshygti53:monero.social> Tangem Note cards have no backup option or access code protection. For this reason, the cards can be compared to traditional banknotes: whoever owns the card can access the wallet. Like traditional banknotes, therefore, these cards must be physically secure at all times."

<g​fdshygti53:monero.social> No access code protection...

<o​rion_midast:matrix.org> wait wtf

<o​rion_midast:matrix.org> if they have no code protection thats wild

<o​rion_midast:matrix.org> pickpockets are gonna be rich

<e​ndor00:matrix.org> So they're supposed to be like crypto banknotes - but you have no actual way of verifying that there are no duplicates

<g​fdshygti53:monero.social> There marketing pitch is "treat it like "cash"

<g​fdshygti53:monero.social> If someone else get your 20000VND bill, well, he got your 20000VND bill

<o​rion_midast:matrix.org> matrix.monero.social/_matrix/media/…matrix.org/bGmgArKiDOEPLIKyDCxrDwDy

<g​fdshygti53:monero.social> wait, they have another contradicting thing

<e​ndor00:matrix.org> You trust the manufacturer *and* the person giving it to you that there actually exists no duplicate of that same private key. The only safe way to use them is to immediately redeem them

<g​fdshygti53:monero.social> "If the Tangem Wallet card is stolen, can a third party gain access to the wallet?

<g​fdshygti53:monero.social> A third party will only be able to access your wallet if your cards are not linked (you have not backed them up). In this case, access code protection is not available: it is activated only when you link two or three cards to one wallet."

<o​rion_midast:matrix.org> I did research it and there is a pin I saw someone who bought them make a video about it

<g​fdshygti53:monero.social> So you have to make a backup to protect them, but you can use it without making a backup and so they are not locked

<g​fdshygti53:monero.social> but you can set a PIN when you create a backup or something like that.

<e​ndor00:matrix.org> That's the Wallet, not the Cards (banknotes)

<o​rion_midast:matrix.org> They sell the wallet in pair of 2 cards minimum, its impossible to create a wallet with only 1 card

<g​fdshygti53:monero.social> "If the Tangem Wallet card is stolen, can a third party gain access to the wallet?"

<g​fdshygti53:monero.social> Oh, it just said "card" so I was wondering lol

<e​ndor00:matrix.org> A Wallet = 2 or 3 "credit cards"

<g​fdshygti53:monero.social> "That's why we recommend that you make backups before funding your wallet, ensuring that your funds are protected by the access code."

<o​rion_midast:matrix.org> So the only issue I see here is that my phone can be compromised and then I sign wrong tx

<o​rion_midast:matrix.org> chatgpt says "you can compare tx from phone" but if the phone is rigged then it can show correct details for a malicious transactions

<g​fdshygti53:monero.social> "This isn’t supported. Once a backup has been created, all cards in the set have a single private key and become equal, so there is no technical way to identify which card has been lost.

<g​fdshygti53:monero.social> When you activate a card and create a backup, you protect each card with its user password. Moreover, the card is protected against brute-force attacks. After the sixth incorrect attempt to enter the code, the delay time for the next attempt is increased by 1 second. The maximum delay time is 45 seconds. The delay is only reset after the access code has been successfully entered."

<o​rion_midast:matrix.org> I hope they have a solid explanation for this

<o​rion_midast:matrix.org> because them cards look cool af

<g​fdshygti53:monero.social> So yeah, look like the main flaw would be the phone

<e​ndor00:matrix.org> Chatgpt has no clue what it's talking about, don't use it as a source when you need reliable information. Like, in general

<o​rion_midast:matrix.org> I wish they would allow a pin of words rather than numbers lol. I would put the monero whitepaper in it or something

<o​rion_midast:matrix.org> it has bing search which checks the faq section of the tangem website

<o​rion_midast:matrix.org> but yeah always cautious when using AI

<o​rion_midast:matrix.org> it has bing search which checks the faq section of the tangem website and provides source links for all claims

<e​ndor00:matrix.org> Doesn't matter. It's a text generator. It doesn't "understand" what it's actually talking about - in spite of its ability to mimick human writing very convincingly

<o​rion_midast:matrix.org> oh yeah I agree, its like people who think AI can have feeling. I swear on my life in college I had a course about AI and ethics and a solid part of the class material was about whether or not AI should have rights

<o​rion_midast:matrix.org> because they were like "Can AI be sentient? It is just like us, it consumes electricity, it is made of different materials but still have same composition" other retarded shit

<o​rion_midast:matrix.org> I was losing my mind that some retards were arguing that AI should have rights because they can become sentient

<o​rion_midast:matrix.org> but anyways, ill let you guys know what tangem replies

<g​fdshygti53:monero.social> I see one use for there tandem thing actually

<g​fdshygti53:monero.social> It can import other seed when you initialize the cards.

<g​fdshygti53:monero.social> So instead of keeping text hidden in some form, you can just use the tandem thing as backup for you other hardware wallet seed.

<g​fdshygti53:monero.social> Never use the tandem card except if you need to access the backup, in that case you will have to buy a new set as you will be able to recover the money, not the seed.

<g​fdshygti53:monero.social> And unlike paper or steal plates, you need a password to access it (once you bruteforce the safe it's in or something)

<g​fdshygti53:monero.social> Kind of 2FA :p

<o​rion_midast:matrix.org> True, that can definitely be one way to do it. They are also making a ring that looks normal

<o​rion_midast:matrix.org> so the ring can act as a card

<o​rion_midast:matrix.org> I thought it would be useful since I need to pledge and invest at random times in the VC I am in for seed rounds

<g​fdshygti53:monero.social> Create the wallet on a freshly wiped phone that never saw internet (sideload the app)

<o​rion_midast:matrix.org> Dont we need internet to use blockchain?

<e​ndor00:matrix.org> Can it actually import a seed? 🤔 I read in the wallet description that "Tangem Wallet doesn't use a BIP-39 seed because we consider it insecure", and they generate a single private key during initalization instead

<o​rion_midast:matrix.org> its a recent update. its new. Now you can import seeds

<g​fdshygti53:monero.social> matrix.monero.social/_matrix/media/…ero.social/pbBmTNRBXcwdfqmgeLYjoZWK

<e​ndor00:matrix.org> I see

<o​rion_midast:matrix.org> Is there any way the app can be anti tamperment or something?

<o​frnxmr:monero.social> coinspeaker.com/ledger-484k-fresh-hack

<o​frnxmr:monero.social> coindesk.com/business/2023/12/14/de…ushis-cto-warns-of-possible-exploit

<o​rion_midast:matrix.org> Yeah bunch of fuckers. The hackers put some code in the API that is used to connect Ledger to dapps

<o​rion_midast:matrix.org> at least thats what I think I understood

<o​rion_midast:matrix.org> I just read some tweets

<o​rion_midast:matrix.org> so when users connect to a dapp the transaction displayed are not the real ones

<o​rion_midast:matrix.org> or something of the sort I dont know didnt read

<o​rion_midast:matrix.org> matrix.monero.social/_matrix/media/…matrix.org/mbUSoFyGdHdznsfSfPPGodRt

<o​rion_midast:matrix.org> matrix.monero.social/_matrix/media/…matrix.org/SOPxfKdloQbOLBqtIkESYgyP

<o​rion_midast:matrix.org> This is a joke really. All it takes for the most popular ledger to get fucked is one employee getting caught in a phishing attack

<o​rion_midast:matrix.org> Ledger really fell off, and honestly its never been at the top, its only the most popular because it supports the most chains

<o​rion_midast:matrix.org> Ledger really fell off, and honestly its never been at the top (closed source), its only the most popular because it supports the most chains

only $484k pffft

<o​rion_midast:matrix.org> the announcement of hack spread super fast on twitter so most users were aware of it before they fell victim to it

<o​rion_midast:matrix.org> every single crypto twitter account and every single crypto project tweeted about it

i haz no tweeter

<o​rion_midast:matrix.org> you were about to be part of that 484k

how, I haz no ledger

<r​ecanman:agoradesk.com> Thanks plowsof

<o​frnxmr:monero.social> twitter.com/NewEnglandNews8/status/1737232463502426613

what account is that?

<1​23bob123:matrix.org> Caught the disease

<g​fdshygti53:monero.social> Wait, theses Tandem cards, you can't even buy them with crypto.

<g​fdshygti53:monero.social> It lost all the credibility instantly

<o​rion_midast:matrix.org> they used to have crypto payment they removed them for some reason due to some problem

<g​fdshygti53:monero.social> lol

<o​rion_midast:matrix.org> they just said it is removed for now no ETA on when its back they will bring them back once issue is fixed or whatever

<g​fdshygti53:monero.social> 😂

<o​rion_midast:matrix.org> I am also waiting on that, not buying with FIAT

<g​fdshygti53:monero.social> They loas a sale (mine)

<g​fdshygti53:monero.social> it's 2023 and it's a crypto wallet designer / store, and they can't manage simple crypto payment?

<o​rion_midast:matrix.org> "we listen to our customers" is like a good part of their marketing, so if we harass them enough theyll bring it back lol

<o​rion_midast:matrix.org> thats their answer: When using the official app, the risk of compromise is removed. We advise users to prioritize their digital hygiene by maintaining a secure device environment, running the most up-to-date version of their mobile device's OS, and downloading apps only from official sources.

<o​rion_midast:matrix.org> Additionally, we're actively working on redesigning the token sending page, and will soon introduce it.

<o​rion_midast:matrix.org> so basically the CIA can fuck you up

<o​rion_midast:matrix.org> matrix.monero.social/_matrix/media/…matrix.org/DIqbiRPWQgzODjgzxRfftvha

<o​rion_midast:matrix.org> customer support is probably thinking I am fucking with them

<o​frnxmr:monero.social> Smh

<o​frnxmr:monero.social> I think _youre_ fkn w us 🙃

<o​frnxmr:monero.social> Hey everyone

<o​frnxmr:monero.social> Lets get freewallet to support xmr

<o​frnxmr:monero.social> Nobody has ever used them

<o​rion_midast:matrix.org> whats freewallet

<o​frnxmr:monero.social> And nor heard of them, aside from me

<o​frnxmr:monero.social> Its the best

<o​rion_midast:matrix.org> link?

<o​frnxmr:monero.social> they actually already have xmr deposit support

someone recently used freewallet and lost some montero

<o​frnxmr:monero.social> Well, they don't have _withdrawal_ support..

freewallet is a long running scam

and goo goo playstore keeps recommending it

<o​frnxmr:monero.social> Tandem is new - dont discriminate

<o​frnxmr:monero.social> Is it really a "scam" if they never claim to offer support for withdrawing?

<o​frnxmr:monero.social> Tldr: i dont think its beneficial at all to come to this room to shill stuff you havent DYOR on

<o​rion_midast:matrix.org> Legally speaking they are not guilty

<o​frnxmr:monero.social> If all you know about tandem is "they are too good to be true but dont support xmr"

<o​frnxmr:monero.social> Well then you need to do more research

<o​frnxmr:monero.social> Or -offtopic it

<o​frnxmr:monero.social> Foundation devices

<o​frnxmr:monero.social> Now there is an open source hardware wallet that can be recommended

<o​rion_midast:matrix.org> I did do my research I just didnt think of the vulnerability point that was mentioned here

<o​frnxmr:monero.social> Research != reading their promotional materials

<o​rion_midast:matrix.org> right lol

<o​frnxmr:monero.social> have you seen their source code for yourself? (are you sure it exists?)

<o​rion_midast:matrix.org> yes iz on github

<o​frnxmr:monero.social> signal and session claim to be open source - doesnt mean they always post their source code for the binaries they ship

<o​rion_midast:matrix.org> Whats a binary that is shipped

<o​frnxmr:monero.social> Btw

<o​frnxmr:monero.social> This is possible on monero

<o​frnxmr:monero.social> plowsof: wrote a script for it

<o​frnxmr:monero.social> A proof on concept

<o​frnxmr:monero.social> Of*

<o​frnxmr:monero.social> Its just an encrypted monero URI

<o​frnxmr:monero.social> On an nfc card

<o​frnxmr:monero.social> 1 direction loads it with private keys or specific txids, other direction sweeps [an amount] the card to another address. Could use a view key etc

<o​frnxmr:monero.social> maybe tandem wants to do it if you tellem to buy dan some xmr

<o​rion_midast:matrix.org> they said this: Within the token sending window, you have the ability to observe and verify the address to which you are sending the funds. An attack that involves falsifying an address is only feasible on devices that have rooting capabilities enabled. If you are concerned about potential compromise, it is advisable to refrain from enabling rooting on your device.

<o​rion_midast:matrix.org> I think we should move this conversation to #monero-offtopic:monero.social though

<o​rion_midast:matrix.org> they said this, not sure what it means: Within the token sending window, you have the ability to observe and verify the address to which you are sending the funds. An attack that involves falsifying an address is only feasible on devices that have rooting capabilities enabled. If you are concerned about potential compromise, it is advisable to refrain from enabling rooting on your device.

<o​rion_midast:matrix.org> I think we should move this conversation to #monero-offtopic:monero.social though

<o​rion_midast:matrix.org> they said this, not sure what it means: Within the token sending window, you have the ability to observe and verify the address to which you are sending the funds. An attack that involves falsifying an address is only feasible on devices that have rooting capabilities enabled. If you are concerned about potential compromise, it is advisable to refrain from enabling rooting on your device.

<o​rion_midast:matrix.org> Rooting: wikiless.org/wiki/Rooting_(Android)?lang=en#Disadvantages

<o​rion_midast:matrix.org> I think we should move this conversation to #monero-offtopic:monero.social though

<o​rion_midast:matrix.org> why does everyone keep saying tandem instead of tangem?

<o​frnxmr:monero.social> Bcuz i dont have a clue what it is

<g​fdshygti53:monero.social> because tandem is a word probably

<g​fdshygti53:monero.social> so I dont have that red line under it when I write it

<o​frnxmr:monero.social> I blame my non-existent auto-correct

<o​frnxmr:monero.social> Agree with offtopic

<r​ecanman:agoradesk.com> You would not want a mobile phone

<r​ecanman:agoradesk.com> You would not want a mobile phone for cryptocurrency

<r​ecanman:agoradesk.com> If it still has the modem, then all defenses are useless

<1​23bob123:matrix.org> I use 5110

<r​ecanman:agoradesk.com> What is 5110?

<1​23bob123:matrix.org> matrix.monero.social/_matrix/media/…matrix.org/krmbTKBIZYHDIrTTHYMxhlCX

41hzbgqgkrYijnRVBLzr1KHsYc1iUBBCJYeeT9d3eiYE2PhbohxxwJLZCNVbTzvAMkhtYGF3RQcr2Ea187AJn8af149UG1G plz search for numerology

<r​ecanman:agoradesk.com> Ah, ok

<r​ecanman:agoradesk.com> I still don't trust them. Same reason why you wouldn't trust an airgapped computer with an 802.11 card

<1​23bob123:matrix.org> isnt really airgapped is it

<1​23bob123:matrix.org> new ccs wallet is in faraday cage?

I microwaved it

<g​fdshygti53:monero.social> Just remove the wifi/bt card

<1​23bob123:matrix.org> but how will i use my bluetooth mouse!

<1​23bob123:matrix.org> back to ps/2

<g​fdshygti53:monero.social> Use a mouse for adult.

<g​fdshygti53:monero.social> They have cables..

<g​fdshygti53:monero.social> But if we talk about a laptop, I assume it's a Lenovo and it have a trackpoint so mouse not needed

<1​23bob123:matrix.org> but i will use X11 for tracking

<o​frnxmr:monero.social> On a serious note, luigi1111 - no bluetooth keyboard

<o​frnxmr:monero.social> yewtu.be/watch?v=actbJx7oEZU

Bt disabled in bios

<1​23bob123:matrix.org> de solder it

Dont forget soundproofing (AI can guess your password if someone records you typing it)

<u​nkn8wn69:matrix.org> Only use in vacuum pls luigi

<u​nkn8wn69:matrix.org> Vibration sensors can guess your pass from cpu vibrations

<n​aphtha:kyun.host> guess my password

<n​aphtha:kyun.host> fluffychat wont send the voice msg fuaark

<1​23bob123:matrix.org> 1234

<f​atcontroller:tchncs.de> Etherium network fees are outrageous. Cost me $15 US in total to buy USDC on an exchange and transfer it to a non-custodial USDC wallet on the ETH chain. Which platform has the cheapest fees for a USDC to XMR swap?

<g​fdshygti53:monero.social> You get one order of magnitude more fee just by **sending** the USDC via ETH, extra fees on exchanges are probably irrelevant at that point.

<g​fdshygti53:monero.social> Next time use TRX USDC if you want USDC, TX fees way lower.

<g​fdshygti53:monero.social> For swap, you can look at trocador.app and set it up, it will compare rates

<g​fdshygti53:monero.social> fatcontroller:

<o​rion_midast:matrix.org> do these trocador prepaid card work with any site?

<o​rion_midast:matrix.org> would it work for protonmail?

<g​fdshygti53:monero.social> Check the FAQ. I did not test them myself.

<o​rion_midast:matrix.org> they dont answer that question in faq

<g​fdshygti53:monero.social> They should work everywhere not requiring 3DS, I think

<o​rion_midast:matrix.org> whats 3DS

<g​fdshygti53:monero.social> CC 2FA scam I think

<g​fdshygti53:monero.social> And you can't use them in OFAC sanctioned countries

I hate to say it but TRX is popular for stablecoins for a reason

also ProtonMail takes BTC so why bother with a prepaid card?