Your comparison is inaccurate, because a wallet file on a USB drive is just as easy to steal as a wallet file on a hard drive, if it's plugged in. Trezor isolates the private keys from the computer, which is the whole point. The host computer sends the Trezor the transaction, the Trezor signs it and sends it back, then the computer broadcasts it to the network. The private keys are never accessible by the host machine.
A Trezor acts as firewall between "the wallet that can be easily stolen from an USB stick" and your host.
It's less secure than paper wallets in the sense that there could be some sort of bug that would expose your seed, or individual private keys somehow.
Given that a Trezor and a pure offline machine are pretty similar, I tend to disagree here. Pro argument for Trezor: a pure offline machine is still a much more complex machine than a tiny single purpose device, even though, in reality, it's actually not a single purpose device, but a mini version of the complex machine, further restricted by some software as per default.
Assuming both Trezor as well as offline machine are never ever exposed, then they are even. Exposing one of them adds risk, that is without any doubt. A Trezor is likely more secure in an exposed context.
But the initial question was: is an exposed Trezor more secure than annever exposed offline wallet, right?
It's extremely safer than paper, especially when spending
You can't get total isolation and also be able to use the private keys (if you know how that could be done, I'd be very interested in hearing about it).
Well, just keep the offline machine isolated. Create your keys offline, sign your transactions offline. There is no need to connect the offline machine to an online machine or any other machine, ever. Moving data between devices via USB is by no means required, assuming you move data by hand or some other air gapped mechanism.
Start here, if you want to use Bitcoin Core, but I'm pretty sure Electrum and especially Armory provide a way to handle offline transactions as well. Think of it this way: where you act as connection between the offline machine and the online machine by moving data around by hand, the Trezor basically does the same, whereby the firmware of the device fulfills your role of moving only the data that is considered as accepted. I think the key difference and the lack of comparsion in the whole discussion is rather based on the assumption that a Trezor is usually connected more frequently, because that it's purpose, while a pure offline wallet is usually used very rarely.
Trezor is, right now, the best of both worlds between hot and cold wallets.
Fully agree. Trezor is a great device and adds a nice layer of protection.
Nevertheless and by the way, it sucks to see some of you guys actually flame gweedo. You may argue about the way his problem was presented, but this doesn't magically solve any problem, which is, without a doubt, exisiting. That said, one of my first experiments with my Trezor was the attempt to feed it with data it probably doesn't understand, namely m-of-n multisig transactions. Guess what: the result was a never ending loop of errors which resulted in a complete browser freeze which I was only able to tame after unplugging the device. That being said, if this wasn't done intentionally and if real coins were involved - which I still could not access (for whatever reason that might be) several days later.. oh well.
My experience with the support was actually fine, with a response in probably less than 6 hours, assuring me that this problem is "known and taken care of by the devs".
