> I'm not cocky enough to assume I won't get hacked.

And I'm not going to my faith in the state to guarantee my assets because between my bank and bitcoin, I can (and have) read the source, the implementation, and the algorithms behind the security, whereas with my bank, I have no access to the software they use, to the procedures they use to secure my funds, or have any reason to trust the people in positions of power in the bank regarding my money. I'd much rather put faith in the mathematics I can observe and reason about than the behavior of an entity who wont' tell me squat about how they operate.

That, and the fact they are using terribly implemented mass produced web sites and apps to access critical bank details do not give me any faith in their actions. Individual bank entities are mingling in software intimately on the consumer facing front in ways they have been for decades on the backend but never have they been software companies and from my engagements with banks (I've talked to several local credit unions and regional banks about security and potentially working on contract to fix their broken web portals when I find loopholes) the decision makers are not computer literate or competent in the slightest. They deal in effectively informational data without any desire to invest or put effort into actually knowing what they are doing, and it is incredibly dangerous.

Given the long history of computer security, there doesn't seem to be a very strong correlation between "smart person believes code X is secure" and "code X is secure".

Of course, you can inspect the code that keeps your bank account safe. It's not source code, it's legal code. In particular the FDIC is a pretty well understood institution. It has been around 81 years this point, and despite many bank failures, it has never failed to make good on its guarantees. Consumer finance regulations are also publicly available and well tested.

Banks have terrible security, it's true.

But you don't lose your dollars when they get hacked.

You do lose bitcoins in a hack.

>faith in the mathematics

All the mathematics do is keep your money from disappearing in the situation where there are no security breaches. I'm confident enough in the bank+FDIC to do that.

So how exactly do you steal bitcoin out of a password protected wallet, when I have never written the password anywhere, it is "reasonably secure" (no dictionary, mixed notation, 16+ characters) and it is encrypted AES-256, which has not been cracked yet? I'm not talking about online wallets which are just as untrustworthy as banks unless they FOSS their implementation, and even then you are trusting their system administration, especially if they keep backups of your password and thus have access to the contents on their end.

Virus on your computer as you type in that password.

I'm wondering how I'm going to get a virus on a curated Arch installation without usb autoexecute, also considering its on my office and usually locked, behind two firewalls without any inbound ports default open. They would need to get an executable on my system - shell or not - somehow give it executable permissions (which reminds me, there really should be some mechanism in almost any file transfer protocol to deny-execute on downloaded files so users need to manually allow it), run it somehow, and have it running when I'm accessing my wallet, via somehow injecting itself into an autorun mechanism. And I have PAX disabled access to xinitrc, bashrc, bash_profile, ~/.config/systemd, ~/.pam_environment, and ~/.config/autostart.

I'll take my chances. If I heard of wallets getting keylogged, I'd just access my wallet via a TTY without my desktop running without any user autostart configuration. It is also a partial advantage that X is horribly implemented and since the window manager grabs the keyboard, you need to exploit the window manager to listen to keystrokes like that, if you deny /dev access to keystroke polling. I think it gets even better in Wayland where the system compositor controls keyboard access, so you can stay diligent in only passing keystrokes to the actually selected application, and take steps to avoid situations like false frames over the GUI login prompt that passthrough keystrokes from an invisible keylogger (I'm not aware of if thats even possible on X or Wayland, though, should look into that).

What program are you using to make the actual transaction? It needs knowledge of the blockchain, is that coming from another computer or is it connecting to the network? A firewall isn't going to protect you in the latter case.

I would want a nearly completely airgapped machine before I would be comfortable using it to self-manage significant quantities of bitcoin. Maybe feed blockchain info over a one-way serial cable. Definitely no disk sharing.

With a bank I know that a hack might happen but nothing is irrevocable. If they want to use bad security it only hurts their insurance premiums.

>I control the security, and it is all mathematically provable >> The parts that are provable won't keep you safe. And control is a feel-good measure, not a safety measure. Consider the people scared of air travel despite how safe it is compared to automobile.

Exactly. Why would I think _I'm_ better at security than professionals who have spent years getting good at it? The past year has shown us that even the professionsl who have spent years getting good at it make major mistakes -- but that doesn't mean I'll make fewer myself!

To me, it means I'd never trust a significant portion of my wealth to computer security, with no recourse if the computer security fails. What's different about my money in a bank isn't just that it's professionals doing security (I dont' think bank IT is very good), it's that if it gets hacked, that's not the end of the story I'll probably be made good for it.