update hosted tradeoffs

Author: Michael Flaxman

.wordlist.txt

@@ -137,6 +137,7 @@ cryptographic
 cryptographically
 da
 disablewallet
+diy
 dmg
 dropdown
 electrum

README.md

@@ -11,7 +11,7 @@ $ bundle exec jekyll serve
 
 Then visit: <http://127.0.0.1:4000>
 
-To spell check:
+To spell check (takes ~3s):
 ```bash
 $ pyspelling -c .spellcheck.yml 
 Spelling check passed :)

_includes/hosted/benefits.md

@@ -6,3 +6,4 @@ No setup is 100% secure.
 
 Hosted multisig providers make multisig much more accessible/easier for less technically savvy HODLers.
 They will likely continue to improve over time and have an incentive to push best practices onto their users.
+When performed correctly, the hosting provider is unable to censor/steal funds and can only assist you in recovering your own funds.

_includes/hosted/limited_hw.md

@@ -0,0 +1,3 @@
+#### Only Supports Older Hardware Wallets
+The lack of PSBT support means that modern hardware wallets with high quality airgaps such as [Cobo Vault](/known-issues/hardware/cobo) and [Specter-DIY](/known-issues/hardware/specter-diy) are not yet supported.
+**Properly verifying a receive address is only possible for advanced users** and also requires plugging your hardware wallet into your computer, adding another potential attack vector.

_includes/hosted/spof.md

@@ -1,8 +1,8 @@
 #### Could Reintroduce Single Points of Failure
-While proper multisig allows you to have no single points of failure (see section title [Why Multisig](/why-multisig)), it still requires that you take some control of your financial sovereignty.
+Proper multisig allows you to have no single points of failure (see section title [Why Multisig](/why-multisig)), but it still requires you take some control of your financial sovereignty.
 Users who rely on third-party services may accidentally reintroduce a single points of failure.
 For example, if a `2-of-3` service holds 1 of your keys and mails you 1 (malicious) hardware wallet they are in a trusted position as they could control a majority of your keys!
 
-More realistically, were a multisig service provider to be hacked they might be able to exploit the trust users have for it.
+More realistically, were a multisig service provider to be hacked they might be able to exploit the trust users have in them.
 We've seen [similar attacks](https://cointelegraph.com/news/electrum-bitcoin-wallet-still-plagued-by-known-crypto-phishing-attack) on the popular Electrum Client for many years.
-This might might take the form of an invalid receive address (if using a stateless hardware wallet with limited defenses) or an invalid change address (if using a hardware wallet that can't detect it).
+This might might take the form of an invalid receive address (if using a stateless hardware wallet with limited defenses) or an invalid change address (if using a hardware wallet that can't detect change attacks).

_includes/hosted/utxo_privacy.md

@@ -1,5 +1,4 @@
-
-#### Privacy Alert!
+#### Privacy Alert
 Any third party service that can participate/coordinate multisig transactions will have access to your balance and transaction history.
 They may be forced to share your records with multiple government agencies, and often be legally unable to disclose their compliance with requests.
 Of course most bitcoiners buy their coins on exchanges that follow KYC/AML procedures, so this may or may not be a factor for your use-case.

_pages/known-issues/hosted/casa.md

@@ -2,16 +2,8 @@
 title: Casa
 ---
 
-{% include hosted/utxo_privacy.md %}
-Casa is unique in that they do not perform traditional KYC, and it is even possible to signup without sharing your name.
-Customers can pay anonymous with bitcoin or prepaid cards.
-[Their privacy policy](https://blog.keys.casa/casa-privacy-and-data-protection-policy/) is intentionally very customer-friendly.
-
-{% include hosted/spof.md %}
-
-#### No Cobo Vault Support
-This means that **properly verifying a receive address is only possible for advanced users** (instructions [here](https://blog.keys.casa/watch-only-wallet-guide/) or [here](https://support.keys.casa/hc/en-us/articles/360045032452-Creating-Watch-Only-Wallets)).
-This will hopefully change soon.
+{% include hosted/limited_hw.md %}
+Casa has complex instructions [here](https://blog.keys.casa/watch-only-wallet-guide/) and [here](https://support.keys.casa/hc/en-us/articles/360045032452-Creating-Watch-Only-Wallets) on how to validate a receive address.
 
 #### Coldcard Implementation Doesn't Verify Cosigner Wallets
 [Casa recommends you trust PSBTs of your cosigner wallets](https://support.keys.casa/hc/en-us/articles/360044798911-Coldcard-Setup) (meaning don't verify them).
@@ -21,17 +13,24 @@ In the event Casa were compromised, this leaves you at risk of loss when transac
 Software hot wallets are inherently less secure but they have a better UX and offer one less device to buy/configure/update.
 You can export your mobile key from the app for sovereign recovery purposes (instructions [here](https://walletsrecovery.org/recovery-docs/casa-recovery)).
 
-#### Seedless
-Casa is [Seedless](https://blog.keys.casa/casa-seedless-security-model/), meaning that by default there are no seed backups from your hardware wallets (the mobile and Casa keys are backed up automatically).
-This has some UX benefits that may improve security, but can also increases the risk of loss.
-
 #### Outdated Firmware
 Casa [recommends users don't update their firmware](https://support.keys.casa/hc/en-us/articles/360045411571-Hardware-Wallet-Firmware-Upgrades).
 This is likely to prevent hardware wallet vendors from being able to make breaking changes like [this one](https://github.com/trezor/trezor-firmware/issues/1044).
 This will hopefully be resolved naturally in the future as hardware wallet vendors have strong incentives not to jeopardize access to user funds.
 
 #### Sovereign Recovery Is Very Hard
-While you can leave their service (or recover your coins if they go out of business), [the process](https://walletsrecovery.org/recovery-docs/casa-recovery) is likely only possible for expert users.
+While you can leave their service (or recover your coins if they go out of business), [the process](https://walletsrecovery.org/recovery-docs/casa-recovery) is likely only possible for advanced users.
+
+{% include hosted/spof.md %}
+
+{% include hosted/utxo_privacy.md %}
+Casa is unique in that they do not perform traditional KYC, and it is even possible to signup without sharing your name.
+Customers can pay anonymous with bitcoin or prepaid cards.
+[Their privacy policy](https://blog.keys.casa/casa-privacy-and-data-protection-policy/) is intentionally very customer-friendly.
+
+#### Seedless
+Casa is [Seedless](https://blog.keys.casa/casa-seedless-security-model/), meaning that by default there are no seed backups from your hardware wallets (the mobile and Casa keys are backed up automatically).
+This has some UX benefits that may improve security, but can also increases the risk of loss.
 
 {% include hosted/benefits.md %}
 Some noteworthy benefits of using Casa:

_pages/known-issues/hosted/unchained.md

@@ -3,19 +3,15 @@ title: Unchained Capital
 ---
 
 
-#### Limited Hardware Wallet Support
-Unchained doesn't support Coldcard nor Cobo Vault, although they have [plans](https://unchained-capital.com/blog/gearing-up-the-caravan/) to add Coldcard in the future.
-This means that **properly verifying a receive address is only possible for advanced users**.
+{% include hosted/limited_hw.md %}
+Unchained has complex instructions [here](https://medium.com/coinmonks/address-verification-when-changing-keys-for-unchained-capital-vaults-268005e7563e) on how to validate a receive address.
+While they [recently added limited address verification functionality to Trezor](https://unchained-capital.com/blog/trezor-and-unchained-make-multisignature-safer/), this doesn't fundamentally fix [Trezor's many known issues](/known-issues/hardware/trezor).
+As Trezor is stateless, these steps will only confirm that `1` of your keys is part of the quorum, you must repeat these steps on [*at least* `m` (and preferably `n`) of your devices](/known-issues/verify-receive-address).
 
-Unchained [recently added some address verification functionality to Trezor](https://unchained-capital.com/blog/trezor-and-unchained-make-multisignature-safer/).
-However, this improvement doesn't fundamentally fix [Trezor's many known issues](/known-issues/hardware/trezor).
-As Trezor is stateless, these steps will only confirm that `1` of your keys is part of the quorum (not `m` of your keys are part of your `m-of-n`).
-You must repeat these steps on [*at least* `m` of your devices](/known-issues/verify-receive-address).
+{% include hosted/spof.md %}
 
 {% include hosted/utxo_privacy.md %}
 
-{% include hosted/spof.md %}
-
 #### Only Option is 2-of-3
  [`3-of-5` would be better](/quorum-advanced), especially when using a hosted service that already:
 * Abstracts away a lot of multisig's complexity