Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
ethereum_social_custody [2023-03-18 12:58] – nik | ethereum_social_custody [2023-03-18 13:00] (current) – nik | ||
---|---|---|---|
Line 12: | Line 12: | ||
Two key questions in using multisig wallets and social recovery wallets securely are: (i) whom do you choose as guardians, and (ii) what instructions do you give them? This post will outline how I think about this issue. The ideas here should mostly apply equally to multisig and social recovery wallets being used to secure funds for individuals and for organizations. | Two key questions in using multisig wallets and social recovery wallets securely are: (i) whom do you choose as guardians, and (ii) what instructions do you give them? This post will outline how I think about this issue. The ideas here should mostly apply equally to multisig and social recovery wallets being used to secure funds for individuals and for organizations. | ||
- | What do we want out of guardians? | + | |
+ | ====What do we want out of guardians?==== | ||
* Minimize the chance that they lose their keys | * Minimize the chance that they lose their keys | ||
Line 19: | Line 20: | ||
This answer is simple and short, but it guides all of the choices that I make with regard to guardians. | This answer is simple and short, but it guides all of the choices that I make with regard to guardians. | ||
- | It's okay for some of the guardians to be your own devices, but not too many | + | |
+ | ====It's okay for some of the guardians to be your own devices, but not too many==== | ||
It makes natural sense to have at least one guardian be a wallet on one of your own devices - it doesn' | It makes natural sense to have at least one guardian be a wallet on one of your own devices - it doesn' | ||
My rule of thumb is that enough guardians should be controlled by other people that if you disappear there are enough other guardians left to recover your funds. That is, you should control at least 1 guardian, and at most N-M guardians. Also, each guardian should be on a separate device (laptop, phone, old phone, etc). | My rule of thumb is that enough guardians should be controlled by other people that if you disappear there are enough other guardians left to recover your funds. That is, you should control at least 1 guardian, and at most N-M guardians. Also, each guardian should be on a separate device (laptop, phone, old phone, etc). | ||
- | Choose guardians who do not often talk to each other or ideally do not know each other | + | |
+ | ====Choose guardians who do not often talk to each other or ideally do not know each other==== | ||
Ideally, the guardians should not know who each other are. This greatly reduces the risk that they collude, and furthermore there is no good reason for them to know each other. If something happens to you, they will still be able to find each other, because there are obvious standard protocols that naturally come to people' | Ideally, the guardians should not know who each other are. This greatly reduces the risk that they collude, and furthermore there is no good reason for them to know each other. If something happens to you, they will still be able to find each other, because there are obvious standard protocols that naturally come to people' | ||
Line 30: | Line 33: | ||
Also, you want to minimize correlations between your guardians as much as possible: don't choose two guardians who live in the same city (or ideally even the same country), or two guardians who use the same type of wallet, and have a balance between different operating systems. | Also, you want to minimize correlations between your guardians as much as possible: don't choose two guardians who live in the same city (or ideally even the same country), or two guardians who use the same type of wallet, and have a balance between different operating systems. | ||
- | Guardians should ask a security question before approving an operation | + | ====Guardians should ask a security question before approving an operation==== |
When you ask a guardian to approve an operation for you (in a multisig, this would be any transaction, | When you ask a guardian to approve an operation for you (in a multisig, this would be any transaction, | ||
My preferred protocol to avoid this is to instruct guardians to ask a security question. That is, when you ask for a confirmation on your operation, the guardian should ask you something that only the two of you and very few other people know (eg. "the last time we met, what kind of food did we have?" | My preferred protocol to avoid this is to instruct guardians to ask a security question. That is, when you ask for a confirmation on your operation, the guardian should ask you something that only the two of you and very few other people know (eg. "the last time we met, what kind of food did we have?" | ||
- | If you're doing " | + | |
+ | ====If you're doing " | ||
If you're doing degen stuff with on-chain contracts, you may need to act quickly: pull money out if a contract gets a vulnerability, | If you're doing degen stuff with on-chain contracts, you may need to act quickly: pull money out if a contract gets a vulnerability, | ||
- | Test each guardian at least once a year | + | |
+ | ====Test each guardian at least once a year==== | ||
Make a test operation at least once a year. Ideally, make two test operations each year, using half your guardians for one and the other half of your guardians for the other. This makes sure that your guardians haven' | Make a test operation at least once a year. Ideally, make two test operations each year, using half your guardians for one and the other half of your guardians for the other. This makes sure that your guardians haven' | ||
- | Advanced: privacy | + | |
+ | ====Advanced: privacy==== | ||
One of the challenges with guardians today is that the tech does not yet exist to make it possible to protect your financial privacy from your guardians. However, this is a technical problem that can be solved technically: | One of the challenges with guardians today is that the tech does not yet exist to make it possible to protect your financial privacy from your guardians. However, this is a technical problem that can be solved technically: |