Bitcoin backups page - feedback and possible improvements

[danielnordh]

Regarding the Bitcoin backups page in the design guide
From discussion and feedback in Discord, how can this page be update and improved?

Page purpose

This page is meant to help users of bitcoin products to learn about good backup practices, and show solutions that are PRACTICAL for a broad group of people. It is concerned equally with SELF INFLICTED LOSS and DELIBERATE THEFT.
It is not specifically about creating wallets from scratch (entropy generation etc).

The target audience includes:

• Casual beginners, that have just installed their first bitcoin wallet app on their mobile phone and hold very little bitcoin
• Medium experience, have some holdings on mobile wallets, considering levelling up their security

It is not meant to be the ultimate authority on setups for life savings. But it would be good to link to good sources for that for those who seek more advance setups and details.

Feedback and critique

Distilled from Discord message:

1. Overly focused on backing up recovery phrase, not enough information about other sometimes necessary details
2. Level 0 (Encrypted Cloud) and Level 1 (Paper) are not good advice
3. No mention of multisig
4. No mention of backup drills
5. Wallet setups are not 'best practice'
6. Lightning wallet backups (my addition)

I've tried to summarise my take on what we can do to address this below, with action points if applicable.

Improvements and additions

How can we improve the page in light of the feedback?

Backup information
It's fair to say the page mostly mentions recovery phrases over other information. This has a lot to do with that being the most common, sometimes only information that wallet apps share with their users. We can expand on what else might be needed, and what the downsides of only saving the recovery phrase is. Also investigate which wallets provide what, and perhaps update elsewhere in the guide what other information should be shared with users so that they CAN backup more information.

Actions

• Expand on other types of information
• Explain downsides of only saving recovery phrase

Encrypted Cloud and Paper backups
The inclusion of these should not be seen as the BEST advice, compared to more advanced alternatives. It is primarily meant to protect agains SELF INCLICTED LOSS, which anecdotally is the most common for beginners. The step up to Metal backups is in most cases too large for casual users to bother with. So some scheme with less requirements (monetary, time) is advisable.
The main question for the target audience (casual beginners, mobile devices, low holdings) of these schemes is:

Is it better to have no backup, or A backup saved either in encrypted cloud or on paper?

I believe the answer is yes, mostly because we know that people lose funds by having NO backups.

Nonetheless, since the page was written we have seen breaches of security both with Lastpass and One Password (via Okta) that have exposed saved information to malicious actors. The only commonly used option we don't yet know has been breached is iCloud Keychain. It is fair to say it is now LESS good advice to use encrypted cloud backups in general than before.

Whether the advice should be encrypted cloud or paper may depend on the situation the user is in at that moment (secluded home or out and about) and what encrypted cloud services they have available.

Actions

• Highlight and WARN that encrypted cloud options have been breached and carry high risks
• Make more explicit that Level 0 and Level 1 are WEAK and not advisable for anything other than casual wallet use
• Make clear that any information that has been stored in cloud solutions are tainted, funds should be moved to new wallets if funds increase

Multisig
This page is primarily about backups. Multisig is not a form of backup, although the various keys involved require backups.
This is not the place to teach people how to set up multisig wallets, but we could potentially mention it as an advanced option and what the backup of such a setup requires.

Actions

• Could mention multisig backup requirements or link to further information

Backup drills
This would be a good and valuable addition. No backup is good unless the person (or persons) know how to use it.

Actions

• Add information about backup drills, can also link to more elaborate information

Wallet setups are not 'best practice'
Whether BIP39 is the right approach for best practice security for wallet products and user needs is a wider issue than this page tackles. It's a worthy discussion, but let's keep that in a separate issue. The reality is that most consumer facing wallet products expose recovery phrases (and not much else) to people. This page mostly tries to handle what to do with that information.

Lightning wallet backups
This feedback was not specifically mentioned on Discord, but since the page was written before started covering lightning content it is also lacking any information on the complexities backing up the needed information we should address this.

Actions

• Add lightning backup information

Feedback on the above action points welcome.

[MrRGnome]

Thank you so much for distilling my discord ranting into this PR. I wasn't sure that proposing these as a github issue was appropriate without at least having a back and forth discussion with peers first. I finally found some time today and am so pleased this is what you've transformed my rambling into. I am in strong agreement about the need for lightning backup related information including SCB files that is an excellent addition.

While I'm still somewhat onboarding and new to this project, I'd love to be the change I seek. I'm not sure it's appropriate for me to dive in and build the page I'd like to see as a first move, but I would like to help build things instead of being a critic. In the short term I'm going to follow your example and start making some issues and PR's on specific pages to gauge whether there is any appetite for these kinds of changes and start a discussion.

[moneyball]

If we cover backups we should be sure to cover VSS too (VSS provides full LN state backup and doesn't depend on peers to cooperate on recovery unlike SCB)

[GBKS]

Good idea to review this page. A few notes.

1. On data included in backups, we also have some info on the Backup & recovery page in the daily spending wallet. It includes onchain, lightning and user data, and there's a note about omitted data.
2. For encrypted cloud backups, isn't the point of encryption that there's no loss of funds if the provider gets hacked?
3. For backup drills, we have something about reminders in the security page of the daily spending wallet. If users don't have a wallet that reminds them, they could just set up calendar events every 6 months or so. Maybe we could provide .ics calendar files on the page that people can click and add to their calendars?
4. Had to look up what VSS is, here's an intro.

Regarding lightning, descriptors, etc, I think it's important to keep the purpose of this page in mind. As Daniel wrote, it's meant to be practical for a broad group of people. More like a general user guide. Some of the ideas brought up here might be better to add on other pages, like some of the ones I linked to above.