Becoming financially self-sovereign by storing your own Bitcoin brings many advantages. Your wealth cannot be inflated away, taken from you with arbitrary regulations, or restricted to certain jurisdictions. However, it is also a responsibility that needs to be taken seriously.
The best way to do this is to educate yourself. By investing time in understanding the tradeoffs of different approaches, you can greatly reduce your risk and improve your financial freedom. This guide is designed to help you consider not only how to use Sparrow safely, but also evaluate other wallets and approaches depending on your needs.
The best place to begin is to understand where you are on your Bitcoin journey. Generally, this is a matter of time and the size of your investment. As your conviction in Bitcoin grows over time, so will the amount of money you invest. It’s important for the security of your Bitcoin storage to improve as well.
The following sections describe 3 common stages in a Bitcoiners journey. You should be able to recognise where you are on your own journey, and consider your approach accordingly.
Here is a quick summary of the 3 stages:
|Server Type||Public Electrum
||Private Bitcoin Core
|Private To*||None||Passive Listeners||Active Attackers|
* No security is perfect, but these general descriptions apply.
It’s normal for beginners to start with small, non-life-changing amounts - perhaps a monthly salary. It’s unrealistic to expect this kind of usage to have the highest level of security - after all, you are a beginner.
But, it’s still important to take your coins off the exchange and use a hardware wallet or dedicated computer to store your private keys. You will likely be using a Single Signature (singlesig) wallet with Sparrow, with the hardware wallet communicating with your computer through USB or perhaps QR codes. The hardware wallet should be stored securely along with a backup of the seed words (the latter ideally in a different location).
At this level, it’s not necessary to run your own Bitcoin Core node. You will likely be using a public server, or if you’re lucky, the node/server of a family member or friend. Follow the Quick Start guide to configure Sparrow for this stage. While privacy is less important at these amounts, it’s a good time to start thinking about the implications of Bitcoin being a public ledger, and your balance being visible to the server you are connected to.
Over time, the value of your Bitcoin investment will likely grow through additional purchases and price appreciation. As this happens, you should be aware that sharing your balance with public servers may be making you a target. The point at which that happens will vary depending on the jurisdiction you live in, but consider that you are sharing your balance and location via your IP address.
If this thought makes you uncomfortable, it’s time to consider running a Bitcoin Core node (or using one run by a person that you trust). You can download the software from bitcoin.org and install it using the Running a Full Node guide. Once installed, go to the Sparrow Connect to Bitcoin Core guide to configure Sparrow to connect to it. Generally, the disk space requirement is the biggest hurdle, but be aware that you can run Bitcoin Core in pruned mode - see the guide for details.
Running your own node is a big step forward. Not only are you keeping your transactions private, but you are validating them yourself. And, you are contributing to the health and decentralization of the Bitcoin network. Congratulations!
However, while you are now transacting privately, you are not yet at the stage of true cold storage.
At this stage, you are storing a appreciable percentage of your wealth in Bitcoin, where losing it might have a considerable impact on your future.
This is the stage where you need true cold storage.
Although you have eliminated some privacy concerns by running your own node (or connecting to someone’s that you trust), others remain. If your wallet software is connecting directly to Bitcoin Core, you are using Bitcoin Core’s wallet internally. This is true not only for Sparrow in this configuration, but always true for Specter, FullyNoded, and of course the Bitcoin Qt wallet itself. Unfortunately, Bitcoin Core stores your public keys and balance unencrypted on the computer it is running on. If this computer is regularly connected to the internet, it is at risk to hackers - which will make you a target once your balance is discovered.
If this is a concern to you, consider running an Electrum server, which does not keep any record of your balance, but indexes all Bitcoin transactions equally. There are both prebuilt options, and you can install yourself on inexpensive hardware like a Raspberry Pi. Running an Electrum server is no longer difficult, and the investment to set one up is well worth it at this stage of your journey.
By connecting Sparrow to an Electrum server, you also get a private blockchain explorer, making you even safer.
The Quick Start guide explains how to connect Sparrow to an Electrum server - just replace the server URL with your own.
You can also connect via Tor if your server provides a
.onion address, which means you can connect privately from anywhere.
With respect to wallet type, if you are not using a Multi Signature (multisig) wallet at this stage, you should be educating yourself on the benefits. Multisig wallets require more investment in time and resource, requiring you to purchase multiple hardware wallets and ensure they (and their backups) are stored safely and ideally in different locations. However, this setup offers greatly improved security.
You should be using hardware wallets from multiple vendors, ensuring that a vulnerability in one vendor does not completely compromise the setup. If you have located the hardware wallets at different secure locations, you are much less vulnerable to physical attacks - particularly if the travel to these different locations is time-consuming or subject to security checks.
For true cold storage on Sparrow, you need to:
- Connect to a private Electrum server
- Use a good, unique password on your wallet
- Employ at least a 2-of-3 multisig setup
- Require hardware wallets from different vendors for a quorum
- Secure the hardware wallets (and backups) in different locations
- Minimize the time your cold storage wallet is open in Sparrow
If you are doing all of these things, congratulations! While there is no such thing as perfect security, you are now following generally accepted best practice and can rest assured that your Bitcoin is relatively safe.