We take security for granted IRL.
Government, legislature, institutions, and the insurance industry make us feel that our assets are safe (or that we would be made whole if our assets were compromised).
Web 3 is not yet developed in such a way.
We must take our own precautions and security measures. This is - at least in part - what it means to be a (digitally) sovereign individual.
As I have mentioned before, I am not a security expert, but I am an expert communicator.
In this article, I draw from those I believe to have more knowledge and experience with NFT security than me to express what best practice looks and feels like.
This week I’ll focus on getting set up; next week I’ll look more at staying safe whilst operating in Web 3.
My task here was to re-draft, re-organise and re-structure already-existing information.
Please remain alive to human error and further developments - things change quickly in this space, so always ask questions and stay alert to anything which might make any of this information incorrect.
NB. This is a guide, NOT a guarantee. No-one can guarantee your assets except you.
1. Before I even begin, what do I need?
a) Computer(s)
From what I have read, it seems that Macs are preferable to PCs (maybe Linux is better than PC too).
Without being a tech person myself, I think there is a prevailing opinion that Apple products are less prone to viruses.
b) Separate hardware
It seems wise to have more than one computer: one for crypto transactions + one for emails/discord and other activities.
By doing this you can protect your assets because if you click on a malicious link on one computer, your wallet and assets will be on another - thus your assets are not exposed.
(c) Hardware wallets
You must use a hardware wallet. Only ever buy these from the official websites.
The general consensus seems to be that a Ledger or Trezor wallet should serve you well.
2. Before I even begin, what do I need to know?
(a) What is your NFT and where is it?
Your NFT is a token stored on the Ethereum blockchain. The Ethereum blockchain is like a huge database, on which all activity on Ethereum is recorded.
The Ethereum blockchain is verified and secured by nodes around the globe. A copy of your token is held on all of the Ethereum nodes running globally.
So when you sell an NFT, nothing actually moves anywhere. What really happens is that the database that is the Ethereum blockchain updates to reflect the change of ownership.
Your NFT is NOT in your computer, your MetaMask wallet, or your hardware wallet.
So where is the actual JPEG?
Usually, it is either on IPFS (InterPlanetary File System) or Arweave (a global permanent hard drive) which is “decentralized storage”. Or it might be on a centralised server.
Sometimes art can be completely “on-chain”. This means that the art itself is stored on the blockchain, and not elsewhere. This is not common, however, as it is usually an inefficient form of storage.
(b) What are public and private keys?
(i) Public key
A public key is an Ethereum “address” (the long string of numbers/letters that start with “0x….”).
You cannot control what is sent to your Ethereum address. Sort of like email in that respect.
It is not like email in that everyone can see everything that you do inside of your Ethereum address.
(ii) Private key
This is your “password” for your public key. It gives you access to your assets.
NEVER give your private key to anyone.
The holder of your private key can access all of your assets.
(iii) Wallet
You can have a software wallet or a hardware wallet:
You need a wallet so that you can interact with Web 3 applications.
When using a computer, MetaMask often lives in the corner as a browser extension.
(iv) Seed phrase
The seed phrase is the list of words shown to you when you set up your keys.
“If your private key is your password, your seed phrase is your password recovery method.”
@punk6529
If you lose your private keys, you can regenerate them from your seed phrase.
Again, NEVER give your seed phrase to anyone. If you do, they will be able to take all of your assets.
Richerd recommends the following to check and look after your seed phrase:
Test the seed phrase
Keep multiple copies of the seed phrase and do not store them in the same location
Do NOT keep your seed phrase on ANY electronic device in ANY form. (No, do not take a photo of it.)
Practically for you starting out, this probably means you will write it down on a piece of paper then consider some of the precautions above.
3. Now what do I do?
Follow the instructions on the official MetaMask website and the information which came with your hardware wallet.
Final thoughts
This is really important. I’ve spent hours and hours reading and learning about this.
Please spend the time to read and learn before diving in with significant amounts of capital.
Next week I’ll look into more of the practicalities of operating safely and avoiding scams day-to-day.
Have a great day,
B
I have a Ledger that I use for my higher value stuff. Do you know of a way to have mulitple wallets within the one, or would I need multiple Ledgers?
sage advice thank you