0
Everyone in the BTC space seems to suggest that running a full node is the way to go. But Linux has a huge attack surface and I don't want to lose my BTC by having my wallet on an insecure OS. What is everybody else doing? Version 0.16.1 doesn't support HW wallets, so are people really keeping their BTC in an actual satoshi (bitcoin-core) wallet? Or using HW wallets, and the node is just for overall network security (and bragging rights)?
1
As a quick answer, some wallets allow you to specify a node that they will connect to. You can run your own node, and point your wallet at it. Beyond being trustless, this has an added bonus of increasing your financial privacy, especially if your node is connected to the tor network.
Note that many such wallets are ‘light wallet’ mobile applications, but I would trust a mobile wallet over a desktop full node wallet myself. This offers a good solution of maintaining sovereignty for a day-to-day use wallet in my opinion.
For larger amounts, using a HW wallet or other cold storage mechanism is highly recommended!
This! +1! Small amounts can go with any wallet, amounts less than a monthly income should go with a proper wallet on a dedicated (non-Windows, non iOS, non Android) system (probably behind a firewall), and large values beyond that should go through a security assessment, instead of blunt statements about security "in general"... – pebwindkraft – 2018-07-26T19:32:12.013
0
Since this is pretty opinion based, I'll offer my 2 satoshis.
This sort of addresses the root question which is "Why would I run a full node?". There is also a separate question of how should I secure my funds (or what wallet should I use)?
The main thing you need to protect is your private keys (and any access to use them). If you never import them into the full node wallet, you don't need to worry about someone controlling your funds by getting into your box and executing transactions. This goes for any "hot wallet" or online wallet.
If you keep your private keys offline, you can sign transactions with an offline wallet application or a hardware wallet. If you also run a full node, you can then submit the transaction using the node's RPC interface, see: Send Raw Transaction.
There are many libraries and applications to help you with this, here's an example of a list: Awesome-Bitcoin
In the Original Whitepaper the concept of a miner and a full node were generally the same machine. Today, miners are specialized hardware optimized for the sha256 algorithm.
For some, running a full node provides a low-latency interface to the network for submitting blocks (mining), or it provides the same interface for a 3rd party application like a block explorer.
However, in my opinion, the purpose of running a full node is not for the wallet, but rather to participate in the consensus of the network by verifying transactions. If you own and transact bitcoin, don't you care if your transactions are executed properly and that your currency isn't being inflated? If you don't run a full node you are trusting others to validate this for you.
Many people don't feel as strongly in the mission of creating a decentralized, censorship-resistant global digital currency, but if you don't cast your vote by running a full node and validating the blocks, then you can't complain about the current system of currency.
Thanks for the long reply. Ideally I'd have my node just watch my balance using an extended public key, but although @aantonop seems to suggest that this is a good idea, it doesn't appear to be possible yet (see my other question). Without an xpub key, the only ways to watch transactions concerning my wallet that I know of, are 1) putting the private key on the node (horrifying) and 2) putting a public key on the node and reusing the corresponding Bitcoin address (very poor pricacy). – Hare Brained Brian – 2018-07-26T06:20:34.647
Can you outline, what you mean by huge attack surface? Contrary to Windows the kernel is setup modular, and there is a separation layer between kernel and user space. It makes things difficult to answer, if the opening is such a broad statement... – pebwindkraft – 2018-07-25T19:32:50.683
1@pebwindkraft how is it not obvious that any internet connected computer with a full-blown OS has a huge attack surface? – Hare Brained Brian – 2018-07-25T20:34:30.287
No, only if you use/install poor software. Unixoide systems are designed to be secure from the very bottom. See e.g. OpenBSD. But yes, a noob can install anytime software that permits complete access - why not. His use case.But per default, the statement is simply not true... I think this would be a technical discussion in a security forum, and is not necessarily bitcoin related. – pebwindkraft – 2018-07-26T07:21:20.567