At HODLR, we take the question of customer data security very seriously. We would like to share with you our views on different points of failures potentially affecting interactions with our customers
POINT OF FAILURE 1 - E-COMMERCE
Today, our website hodlr.swiss relies on a third-party for our store and database security.
We are too small to have our own security team and we are much more secured with it being managed by a larger third-party.
For those willing to remove their info from our website, you can ask to be deleted today and your info will be deleted 6 months after your last order. This delay is required for credit card chargebacks.
We are in the process of setting up an automated customer info deletion, after a shorter period of time, and we’ll keep you updated when that milestone is reached.
POINT OF FAILURE 2 - PERSONAL INFORMATION
It’s already possible to order your HODLR Disks directly through encrypted e-mails, just share your PGP Key with us and we’ll take your encrypted order.
In such cases, our warehouse and the courier companies would be the only ones to have your data, but they wouldn’t know what you bought.
In any case, it is important to bear in mind that breaches can occur to any existing company or database. Keep in mind that as long as it’s connected, it’s hackable.
In that perspective, your best line of defense would be to avoid giving any real data, but it’s not that easy and requires a large set of precautions.
Temporary e-mail addresses, “pickup points” physical addresses, fake names, dedicated phone numbers, Tor or VPN when ordering and paying in privacy oriented crypto, just to name a few… Even with all that arsenal in place, you could still be revealed. It’s just much less likely to happen.
POINT OF FAILURE 3 - PAYMENT
In most cases, when paying online with a credit card, personal information has to transit on the network. On hodlr.swiss the security of this data is managed by large payment processors and we rely on them to secure the data.
Paying with crypto is more likely to offer greater security, as long as you control your keys.
For now we are relying on a third-party to process our crypto payments. However, we are planning to switch to our own node and use BTCPay server soon, we’ll keep you updated.
POINT OF FAILURE 4 - YOUR CRYPTO SECURITY SETUP
Access point: Hardware wallets
Now let’s say your first line of defense has fallen, a breach has occurred and your personal details have been revealed. Your physical address is at risk and therefore your crypto.
In such cases, a physically distributed security setup offers a higher resilience against physical attacks. You could have a very well hidden hardware wallet with access to your main stash and one or two others with much less funds, but much easier to find. They would act as an additional line of defense. Some hardware wallets even open dummy addresses when you enter a specific PIN.
Security foundation: The recovery seed
Concerning your seed security, using a Shamir Secret Sharing security setup made of multiple shares or splitting a 24 words seed in 3 shares and then storing each share in different locations is a good protection against physical attacks. Threatening someone face to face is very different from a kidnapping and traveling to multiple different locations to recover the shares.
For what concerns us, we choose to build our security foundation from the ground up. That’s why we created HODLR Disks in the first place.
The responsibility to remain safe is shared between your personal practices and the security quality of the environment in which you evolve.
The balance between your convenience and your security is always a hard one to find. Many tools exist to help you find that equilibrium and remain safe online and offline.