How We Evaluate

How We Evaluate Hardware Wallets

The standards Bitcoin Plaster uses to evaluate hardware wallets for Bitcoin self-custody, including recovery safety, security model, software path, usability, privacy, and affiliate restraint.

  • Visible standard
  • Evidence first
  • Affiliate restraint
Warm editorial illustration of hardware wallet evaluation methodology with checklist, magnifying glass, scales, and standards cards.

Evaluation standard

The product page should never be the first place the standard appears.

A hardware wallet is evaluated by how well it helps a specific Bitcoin holder control keys, protect recovery, verify actions, and maintain the setup without hiding tradeoffs.

This page explains the standard Bitcoin Plaster uses before any individual hardware-wallet evaluation asks for reader trust.

A hardware wallet is not better because it has more features, a higher price, a louder reputation, or an affiliate program. Fit depends on realistic self-custody risk and reader state.

The goal is to make the judgment process visible enough that a reader can decide whether a later product evaluation deserves weight.

1

Standard before product

Product pages should connect back to a visible evaluation method, not stand alone as isolated opinions.

2

Evidence before judgment

A page should state what evidence supports its evaluation and avoid implying testing or technical review that was not performed.

3

Affiliate restraint

Affiliate availability is a commercial fact, not editorial approval. The evaluation standard comes first.

Methodology boundary

This page explains the standard. It does not sell the device.

A methodology page should make the trust layer visible before any product page asks for a decision.

What this page does

It makes the evaluation method visible

  • Explains the criteria used across hardware-wallet evaluations.
  • Separates editorial judgment from affiliate availability.
  • Shows which tradeoffs matter before a reader reaches a product page.

What this page does not do

It does not rank, push, or monetize a product

  • It does not order products by preference or name one device as the answer.
  • It does not include sales modules, price-code claims, or monetized redirect routes.
  • It does not claim direct product use or specialized review unless that evidence is documented.

Principles

The evaluation starts with self-custody risk, not gadget features.

The same hardware-wallet feature can be helpful, irrelevant, or harmful depending on the reader, the recovery model, and the operational burden.

  • Self-custody fit before feature count

    A device is evaluated by whether it helps a Bitcoin holder control keys, verify transactions, protect recovery information, and maintain the setup over time.

  • Recovery safety before aesthetics

    A device that protects keys well but makes recovery confusing has not solved the most important self-custody problem.

  • Usability is part of security

    If a reader cannot operate a workflow under stress, the feature can become a liability even when it sounds strong on paper.

  • Reader-state fit changes the answer

    A first device, a spare device, a multisig device, and a privacy-focused workflow should not be judged with one universal scoreboard.

Evaluation checklist

The criteria we look at before asking for reader trust.

No single criterion decides the answer. The standard is the combined picture: custody fit, recovery safety, security assumptions, software path, authenticity, and long-term maintenance.

Bitcoin-only fit

  • The device supports a clear Bitcoin custody workflow.
  • The app does not push unrelated coins, token behavior, trading, or account complexity into the main path.
  • Bitcoin self-custody stays focused on key control, backup, recovery, verification, and maintenance.

Key control

  • Private keys are generated and used on the device.
  • Signing happens on the device rather than in ordinary connected software.
  • Critical transaction details can be verified before approval.

Recovery safety

  • Recovery phrase creation is understandable.
  • The backup model is clear enough for later recovery.
  • Passphrase use is treated as optional and high consequence, not a default upgrade.

Security assumptions

  • The page explains which risks the device meaningfully reduces.
  • The page states which risks remain with the user.
  • Tradeoffs such as secure element, open design, air-gap, or connected workflow are not treated as universal wins.

Software path

  • Official companion software is clear and accessible.
  • Firmware and app update paths are understandable.
  • The companion app does not blur the boundary between what the phone shows and what the device verifies.

Maintenance burden

  • The setup remains understandable after months of non-use.
  • Documentation and software remain current enough for safe operation.
  • Maintenance preserves confidence instead of creating constant tinkering pressure.
Editorial illustration representing Bitcoin-only hardware wallet evaluation criteria.

Bitcoin-only fit

Bitcoin-only fit is a clarity filter, not a tribal slogan.

Bitcoin Plaster evaluates hardware wallets through a Bitcoin-only lens. That does not mean every non-Bitcoin feature is automatically unsafe. It means unrelated asset support is not rewarded for a Bitcoin holder.

For a Bitcoin holder, simplicity reduces mental load and keeps attention on the parts that matter: key control, backup, recovery, verification, and maintenance.

  • Does the device support a clear Bitcoin-only workflow?
  • Does the setup avoid pushing unrelated coins, tokens, trading, or account behavior?
  • Does the device make Bitcoin custody easier to understand, or does it add avoidable complexity?
Editorial illustration representing security-model tradeoffs in hardware wallet evaluation.

Security model

Security is a set of assumptions, not one feature label.

A device’s security model includes hardware design, firmware design, signing workflow, update process, recovery model, companion app assumptions, and the threats it is actually designed to reduce.

Some tradeoffs are real tradeoffs, not contests. Secure elements, open designs, air-gapped workflows, and connected workflows all come with assumptions that need to be stated clearly.

  • What risks does the device meaningfully reduce?
  • What risks remain with the user?
  • What has to be trusted, and what can be independently checked?
Editorial illustration representing software, privacy, and maintenance criteria for hardware wallets.

Operational fit

Software, privacy, and maintenance decide whether the setup stays usable.

The device is the signing tool. The companion app is the interface. Both matter because the reader still needs official software, clear firmware paths, on-device verification habits, and a setup that remains understandable after months of non-use.

Privacy tradeoffs should also be visible. Not every reader needs the strictest privacy setup, but account requirements, infrastructure exposure, purchase records, and support data can matter later.

  • Can normal use happen without confusing the security boundary?
  • Can the reader maintain the setup without constant tinkering?
  • Are privacy and data-exposure tradeoffs explained rather than hidden?

Evidence standard

A product evaluation should say what the judgment is based on.

The public page should not make the reader guess whether the evaluation came from direct use, documentation review, public specs, technical research, or editorial synthesis.

  1. What is the evaluation based on?

    A product page should distinguish direct product use, manufacturer documentation, public specifications, security disclosures, specialized technical review, and ordinary editorial synthesis.

  2. What should not be implied?

    Bitcoin Plaster should not imply hands-on testing, ownership, long-term use, or technical audit work unless that evidence exists and is stated on the page.

  3. What would change the judgment?

    A strong evaluation names the kinds of evidence that would trigger reassessment, including security disclosures, software changes, recovery changes, product replacement, or incomplete prior evidence.

Commercial restraint

Affiliate availability is not editorial approval.

A hardware-wallet page can be commercially relevant without letting the commercial layer decide the product judgment.

Editorial layer

The evaluation standard comes first

  • Product judgment must be supported by visible reasoning on the page.
  • Limitations should remain visible even when a product has commercial value.
  • No single device should be implied as correct for every reader state.

Commercial layer

A link is not a recommendation by itself

  • A product having an affiliate program does not mean it passes editorial review.
  • A product lacking an affiliate program does not mean it is excluded from evaluation.
  • Any endorsement must be stated openly, not implied by quiet link placement.

Review triggers

What would make us change an evaluation.

Changing an evaluation is not a failure. Refusing to update it when material evidence changes would be the failure.

Material security disclosure

  • A vulnerability, mitigation, or security finding can change how a device should be framed for a Bitcoin holder.

Firmware or companion-app change

  • Changes to setup, signing, recovery, platform support, update flow, or account requirements may affect the reader’s risk.

Bitcoin-only scope change

  • If Bitcoin-only support or product focus changes, the fit for Bitcoin holders may need to be re-evaluated.

Recovery or backup guidance change

  • Any change that affects seed generation, backup instructions, passphrase handling, or recovery documentation matters.

Supply-chain or authenticity issue

  • Purchase path, authenticity process, packaging claims, seller status, or pre-initialized-device reports can alter the risk picture.

Product availability or replacement

  • If a product is discontinued, replaced, materially revised, or unavailable, the evaluation should not continue as if nothing changed.

FAQ

Common questions about hardware wallet evaluation standards.

These answers explain how Bitcoin Plaster separates editorial judgment, commercial availability, and reader fit.

Yes. It explains how Bitcoin Plaster evaluates hardware wallets before individual product pages ask for reader trust.