Topic: RingWallet - Wearable Hardware Wallet (Read 286 times)

Hey, so let me answer this in two parts since it might be easier:

1. The case you are describing can only happen if when creating your wallet you choose to back it up with a seed phrase. This, however, is literally how a seed phrase works, it's the same case for your trezor, ledger or any other seed phrase based wallet out there. Also, the seed phrase is a physically written set of words, I don't really understand how a hacker would get a hold of this unless the "hacker" is your family/friends who got into your house, knew where your seed phrase was and then stole it?
2. But most importantly, when you setup your ringwallet initially, you get a choice about how you want to setup your wallet. Sure, you can choose the seed phrase as above, but you have the option to setup your wallet backed by Ace Cards in which case everything you've described cannot happen, because if you back it up with the Ace cards you would indeed have to restore it only through the app on another ring. Perhaps in the future we may try to add the ability of restoring Ace Cards into other places as well, but for now if your ring is set up with this backup method you can only restore it on a new ring through the app, so in this case the hacker or thief or whatever would have to find and steal multiple ace cards to even have a chance of restoring your wallet.

Ok, that makes more sense. I'm not sure that's very good design though if you plan on using it daily / multiple times a day if you always have to take it off. I had figured it's more of a "lock your ring" type of thing which would've made a bit more sense in my opinion.

Anyone who would be buying the "ring wallet" will be buying with the intention that it is a hardware wallet. So if the wallet can be accessed with only seed phrases too, without the need of the ring wallet then why spend so much money on the hardware? One can use the desktop wallet like Electrum and it is free too 

Let's suppose someone get hold of the seed phrases, so it does not matter we are having the ring wallet (the hardware device) with us, the hacker can import that seed phrase in any software wallet and get our funds. This just denies the purpose of the ring wallet, except for those who want to try new technologies. Don't you think it is a big security concern that the funds in the wallet can be access without the hardware device too ?

It's just antenna placement and shielding for the NFC. If you get it *just* right you can get it to scan while on your finger. But there is no way you can do it easily. Not so much tech as design.

-Dave

Bitcointalk only allows you to send 2 DMs a day as a newbie and I had already answered to someone previously, so yeah. That's on the forum, not me. I don't really know why it works like that, probably to make you buy the membership I guess? Anyway, I bought a copper membership and replied to your messages.

Edit: that's fine, I understand and will continue to provide anything necessary. who knows, maybe in a few months from now you'll become a supporter after all of our messages so I'm okay with it.

Why do you have to pay a fee if you are replying to my PM?  

I hope you can verify yourself or your product quickly.   You will learn the reason I am the longest running member on default trust is that I am honest.   If I write something that I later find out is not true, I do not write it again - to do so could open myself to civil liability and with bitcoin prices as high as they are now, the punitive damages could be in the hundreds of millions.  

In your case I will also give you a glowing review on Trustpilot for fighting my paranoia.      But, much like the Israelis' using a $10,000,000 missile to shoot down a $10,000 drone, I wasted a lot of time on this.   I hope it can be resolved with more than claims.

Edit:  After some brief PMs I will be waiting to see proof of the product.

I read it, but I will reply in a few minutes because need to buy a copper membership to be able to reply. I already paid for it just waiting for it to process and will answer.

My trust will not make or break this revolutionary product.  It will be removed when you can prove it exists.  

Edit:  Sent you a PM.

What do you mean he said he was going to assure you and then ignored you? I literally answered everything you asked and provided you the company details as you requested; how were you ignored? Is it because I answered instead of Christian; how does that even matter? I specifically offered, to provide anything necessary to prove we're legit, including inviting you or somebody you send to our physical office, do a video call etc.

You asked for answers to the questions in the thread (all sent)
You asked for company details (already sent; if you're going to mention US entity, again, it's the exact same thing and as mentioned in my first post, before you even asked, it's not yet out, when it is I'll share those too)
And finally you said we should provide partners instead of a waitlist, but we launched less than 30 days ago so naturally we don't have some big name partners to publish yet, even though we are having discussions with some companies who could be a good fit.


In regards to "why I keep using the mailing list a a defense"

First of all, you accused us of potentially scamming people of their money, and I specifically mentioned there is literally no way for anyone to send us any kind of money. So this was in response to that.

Second of all, you are free to sign up to the mailing list with a temp mail. It's a newsletter man. What did you think it is? Because you're asking me if it's harder to scam someone after they're on the mailing list but I genuinely don't get it. We came here to get feedback and the best a user could do right now to interact with the company is just sign up for the newsletter / waitlist; we've currently only sent a welcome email and that's it.

My only problem with this entire rhetoric is twofold:
1. You accuse of potentially scamming people but there's literally no way for anyone to pay us in any form.
2. You keep changing the goalposts.

You said answer the questions -> they were answered. Then you said provide me company details -> we did. Then you said now provide me US details (when I specifically mentioned it's not out yet). Then you said we are trying to steal money -> there's no way for people to send any money. Now you're saying it's easier to scam people with the waitlist/newsletter; but what would we be even scamming them with? Also, again, you can just sign up to it with a free temp-mail online, in case we actually do send anything that can be considered a scam you can screenshot it and prove this, no? I literally have no problem with skepticism, I'm just upset because you keep accusing of things even though we repeatedly tried to offer you the different things you asked for.

You then said we lied; and even said so in the trustpilot review. When I asked you how we lied, you now said you "feel" you were lied to because the OP said he would assure you and then ignored you, but that's objectively not true, I've been answering your questions non-stop. What, is it just because I'm answering the questions instead of Christian? Because that makes no sense.

So look, just listen to me for a second. We're open to criticism and feedback, that's what we came here for in the first place. I genuinely wish to get true customer insight and understand what we can do better. I'm open to providing details, information or whatever else is necessary to prove we're just trying to build something. Sure, we're not some big corporation, but I don't think that's a crime; what, is building startups exclusive to rich people? I don't think so.

Literally all that I'm asking you is to just stop throwing accusations. If you want to know something, just tell me what, and I will do my best to answer. But I don't see the point of continuing to insinuate we're scammers at every point when I've genuinely done my best to answer all your concerns to date.


Edit: I'll resume my point.

First, I don't think you were lied to, and if you feel that way please explain to me why so I can do something about it.
Second, I will provide the US entity details as soon as they are out. Until then, at least try to assume we're just normal people, because we're not going to be selling anything before then either way. I can assure you of that.
Third, if you feel that there's other information I can provide you in the meantime to prove we're genuinely just trying to build something, then please let me know, and I'll do my best to provide it.

I feel I was lied to.  The OP said he was going to assure me, and when I asked for it, he ignored me.  I have an issue with people who do that.

Do you think it's harder to scam someone once they are on a mailing list?  Why do you keep using that as a defense?


That would be the mature thing to do.

The ring is rated as IP68 so that means you can wash your hands with it or go swim in the pool in fresh water but you shouldn't use it for dives or anything related to the sea. It also gives it dust resistance because of how it is enclosed.

It depends on multiple things to be honest, the most important of which being the specific phone type you are using and how thick the case actually is. If it's a normal case on a normal phone, then it should work well, but if the phone doesn't have a great NFC reader, is maybe a bit old as well and you also have a very thick case on it then yes you might have some problems getting the phone reader to see it; this is somewhat normal and expected behaviour to be honest, however the worst that can happen is you just have to move it around and hold it there for a bit longer so the reader can recognise it so it shouldn't be the end of the world.

Based on other smart rings that have been made from premium ceramics, they only provide protection up to a certain degree... RingWallet's website mentions having a "water-resistant build" without an official rating!

@Ringwallet
Does it work well with tough/thick rugged phone cases?
^{- Another hardware wallet provider with a similar product to yours has issues with such things.}

I will provide the US entity details as soon as they are out. But I do expect an apology afterwards.

We have no prior history on Trustpilot because, we've only started publishing anything about ringwallet for less than a month.

I'm just upset because you keep saying things like "you lied" or "you make promises" etc; when we haven't lied about anything, we haven't made promises and there is nothing for people to buy/spend money on. The absolute best they can do is sign up for a waitlist with an email. That's literally it.

We just wanted some feedback. And it's a bit disheartening to get constantly accused for it. That's all.

Later edit: Again, I understand skepticisim, but try to put yourself in my shoes as well. We've done 12-hour days 6-days a week for the better part of a year now trying to build something that we personally find cool and useful for people so it's not exactly the greatest feeling to be accused like that for what, asking people to sign up for a waitlist with an email and giving us feedback? I understand your point and I will provide the US entity details as soon as they are out, I also understand you've probably seen a lot of scams; I'm just asking you to try to think of it the other way as well: assume you're wrong and we're just a group of people who spent a good amount of time building something and wanted to get some feedback and initial opinions, how do you think it feels? Anyway, that's all I have to say.

I will continue to answer questions in the thread and provide any information that is requested. Will update after US entity is out.

I'm sorry, but it's up to you to provide proof, not me.  I am not the one making promises. 

When I left that "ragebit review", I checked the box to notify you.  You had no prior history.

Do you think I am a teenager looking to prove myself?  I do not make accusations blindly - you are the one offering nothing but words.

Post your US corporation documents and I will remove the trust.  Or, you can attempt to discredit my intentions.  I warn you though, I've already been through much worse than you can dish out, unless you are protected by the forum administrator.

Just to quote your answer as well. I've responded to all of these, and instead you just decided to leave a trustpilot review accusing us of lying and asking more info about the US entity, which I'm happy to provide when finished, but you know for a fact that it's not finished because I had already mentioned in my initial comment that the US entity is not yet out.

I just don't get you. I understand skepticism, but this is just ill will at this point.


Lastly, you say "I have been here long enough to see people convince naive others to do almost anything." But what are you even accusing us of? Again, there is literally nothing you can buy on the website or anything else at this point. So what would we be convincing people of? Giving feedback? Seriously man.

I genuinely look forward to your apology after we also send you the details of the US entity, because you know nothing about us or the project, there is literally 0 ask and nothing for sale at all, and yet you choose to call it vapourware and leave ragebait reviews to "defend" naive people in regards to what exactly?

Where did I say I'm concerned about what you know? I just said if you want me to provide you with my actual ID to prove I am who I say then obviously I'd want to know my ID won't end up on some marketplace. That's all.

Yes, the entire team is doxxed if that's what you're asking. I am not the same person as OP, Christian is a team member and the one taking care of marketing. I'm also a team member and the one who initially came up with the product.  How did he lie to you? I read through all the messages in this thread and don't see how or where he lied to you?

I've already shared what exists, which is the Romanian entity for Europe. When the US entity is finished I will also share that here, no problem. When you say "provide the documentation" what do you mean specifically just so we can avoid any other contradictory discussions.

Lastly, I understand and respect your right to be careful about newly posted things, my only requests were not to make unfounded accusations and claims. I didn't even know you made a trustpilot review before but just to be clear, I'm quoting it here: "This is vapourware. The developer has lied in his announcement thread on bitcointalk. Topic 5495902.0"

Again, what is the lie? Because this is simply disingenous. I replied to all of the things you requested above and you just went on demanding new things, which again, I'm fine with and I'll publish the details of the US entity as well when it's finished but 1. It's probably 1 or 2 weeks away and 2. How is it any different from the Romanian comapny? The US entity is specifically made for the US market like the Romanian entity is made for the European market. 

Again, I've provided all you asked and was willing to provide even more than what you asked; i.e. come to our office, do a video call etc and you just accuse us of lying about what exactly, calling it vapourware and leaving unsubsustantied reviews.

The OP said you have already been doxxed.  Why are you concerned about what I know?  Are you the same person as the OP?  He lied to me and said he would assure my fears.  :/

When you incorporate as a US entity and provide the documentation, I will remove the Trustpilot report and the negative trust.   You must understand that all you have right now are words.  I have been here long enough to see people convince naive others to do almost anything.

Hey guys, I'm one of the founders and I can see there's quite a few questions; some of them have been left unanswered. I'll do my best to answer them all. For simplicity I will just quote insert the different comments. First off, before I get into it; I understand that the website and/or the initial post was a bit "salesy" and I apologise for that. Regarding both, they were made by the marketing team.. so yeah. It's good feedback though and I'll have a closer look at this; I was honestly mostly focused on the product and fundraising.


1. Yes, Tangem is releasing a ring as well. The main differences being theirs is more expensive (announced retail price on their blog of $200+) and they don't have a Shamir implementation like we do with Ace cards. Other than that, it should mostly be the same, though I'm just guessing here since it's not released.
2. The chip we use is NXP P71; it's a bank-level chip and has EAL6+ securit as tested by NXP. I believe none of the NXP chips are open source. I also don't think there's many, if any open-source chips at all right now. Satoshi Labs recently funded a company working on an open-source chip for hardware wallets but I haven't seen anything clear on it for a while now. If they do release and it supports our needs we'd be more than happy to switch over. We're also exploring other chip alternatives but for now we stuck with NXP.
3. That's a fair point, I'll address a few of those, however:

• The ring has absolutely no markings on the outside, just a very simple logo on the inside of the ring
• You have to understand, the purpose of this product is not necessarily for you to store 100BTC on it. The purpose is much simpler in nature; a) we want people to be able to have some crypto with them and use it easily in case they want to; i.e. small amounts and b) we want to onboard existing users who don't use a hardware wallet due to their complexity. There's around ±500M crypto users worldwide and yet lifetime wallet sales are less than 20M units across all wallet companies combined; less than 4%. Which is crazy, but it makes sense, because the process is too complicated for casual users. 
• Stealing the ring alone does nothing. There's 2 viable ways to steal the money: a) someone steals the ring, the phone it was paired with, the phone password as well as the app password and b) someone steals either your seed-phrase or your ace cards depending on how you set it up initially.
• There's actually quite a lot of security into it even when you compare it to a traditional hardware wallet for 3 main reasons: a) the chip actually has a self-destruct in case something malicious actually ends up being transmitted to it, in addition to its base security (feel free to check this out on NXP website yourself as this isn't as a result of our work but their work since this is a bank-grade chip) b) there's fewer attack vectors; no battery, no ports, no internet, no bluetooth etc. There's only one mode of communication; NFC. and c) if you set up your ace-cards, since they use Shamir, they are realistically safer than a simple seed phrase

1. IF the product does become as popular as in this theoretical example, a wannabe wrench attacker would probably know the ring is useless even if he gets it. Furthermore, it's not much different than somebody knowing you have crypto because of your instagram posts or etc and then attacking you with a wrench, so I get your point, but there's a lot of what ifs involved.
2. Nothing comes pre-configured. The user gets a choice; write down a seed phrase or use Ace Cards, which in essence means using Shamir's Secret Sharing we generate multiple sets of seeds based on how many cards you want to set up (with the default being 4, and 2/4 for restoring the wallet) and then you simply store the multiple seed on these cards instead of writing them down. We will be using the Trezor implementation of Shamir for this since it's the current industry standard. The only difference being, Trezor asks you to write it down on a piece of paper and we store it on the cards. Lastly, you have to understand that the mechanism is specifically built to help onboard either existing crypto users who mostly use software wallets into using something hardware and/or new crypto users; which is why we've built it to be as easy to setup and use as possible.


1. Yes, I've explained above the two possible ways of stealing the actual contents.
2. I understand your point on price but you have to understand we are still an early stage startup. First off, that price includes both shipping and VAT, second of all as more time passes and we ramp up production to a larger scale my wish is for us to eventually be able to reduce the cost, but currently, that is the best we can do. Lastly, Tangem has an announced retail price of $200+ so we honestly already did our best in reducing the cost as much as possible, especially since every order also comes with 4 Ace Cards included. Hopefully though, people won't lose their ring that often. At the end of the day, everyone wears engagement rings and wedding bands all day and no one loses them on a monthly basis.


1. Sure, you can get attacked on the street but again: a) this is a far-fetched theoretical and b) you can get attacked for dozens of reasons, including much more mundane things that require much less effort. For your example to be a success, you would have to be physically coerced for a minimum of several minutes if not a quarter of an hour. Someone threatens you, you have to pull up your phone, put in the phone password, then the app password, then you have to actually *send* the money to the attacker. I mean this is not a walk in the park and quite unlikely to happen. Lastly, again, our main wish is for this to be an on-the-go wallet (1) and mostly serve the large population of crypto users who only use software wallets (2), in which case they would be safer either way
2. That is correct, if you set it up with a seed phrase you can naturally restore it on any other wallet.


Hey Vod, that feels a bit personal, but I'll answer your questions.
1. You can't even buy anything on the website right now, so not sure I see how we can grab *any* currency at all. Second, it's a bit disingenuous to call this vapourware, or at least it feels like it for someone that spent the last year working on it. Anyway, moving on.
2. I will provide you answer to the questions we asked but just so we're clear a) you could've found the company by just googling the name and b) again, it feels a bit personal for you to threaten to remove the post if we don't provide KYC.

Whatever, the company is Ringwallet SRL, registered in Bucharest, Romania (https://www.romanian-companies.eu/ringwallet-srl-49560507/). I'm also more than happy to actually do KYC, but I'm more curious about how you'll be storing my ID/Passport in case I do the KYC with you? We're also incorporating a US entity, I'll share the info of that as well when it's finished.

3. We don't have a list of public partners yet; we made the project public for the first time less than a month ago. I also don't understand how that subtracts from the work we've done on this? Just fyi, I'm actually happy for you to even visit our phyisical office in Bucharest. Or whoever you want to send in your place. Any time Monday - Friday 9am-9pm. I can share the office address in dm; I genuinely don't want to post that on a public forum because then everyone can just show up doing all sorts of crazy things.
4. I am already working on doing both some fundraising and getting a more official list of partners to build legitimacy, I'm just a bit disheartened because at the end of the day, bitcointalk was and still is a forum where all sorts of crazy ideas were tried and the reason why I specifically wanted this posted here. Sure, I'll admit the post was way too "salesy" and I apologise for that; we're honestly a relatively small team and I don't have time to individually check every post the team makes. Still, it's a legit project, and we're not even asking for anything. You cannot buy anything, you cannot invest or anything like that. We mostly just wanted feedback and to hear people's thoughts.


Yeah. Hopefully, this is just the first of multiple wearables to come; in different shapes and forms. For now the base MSRP is going to be 99$ with VAT and shipping included, and for the pre-orders (which are not open) it will be 84$. In terms of software wallets the one I like the most is Rabby.


I haven't seen more about this to be honest, I'll do some more research and find out what you mean exactly but I find it a bit hard to understand how the ring can "know" if it's on your hand? Unless there's a specific lock you can turn on from within the app. I don't think it's a good feature for it not to work while on your hand though; it kind of defeats the purpose? Just to be clear, neither of what you said can happen.
a) for the ring to communicate in any meaningful way, the counterpart has to pass authentication; these chips are bank-grade so that means whenever you want to interact with it you have to pass a cryptogram to it, for eg a VISA POS would be able to pass the cryptogram and communicate with it, your paired phone would as well, but some random third party would just get locked behind the cryptogram. Now let's assume this is a bad actor with good technical knowledge and it somehow tries to fool the program by either bruteforcing or injecting x thing into it => the chip gets burned.
b) for someone to grab your phone while you sleep, they also have to take your ring, know your phone password and your app password. Now, considering they do this while you sleep and know all of the above, they have to be someone close, i.e. wife, kids, family etc. If you're on a plane, I doubt anyone would know your passwords, and that's not even discussing the fact that probably no one would let that fly, starting with the flight attendants.
c) it's not enough to just I don't know, put somebody's phone next to your ring; it's like a normal hardware wallet, you have to confirm the transaction inside the app. And sure the way you do that is by putting the ring next to *your* phone, but that's after all the passwords.

Lastly, even IF the ring doesn't work while on your finger, like Tangem; how does that prevent someone from doing the things you've mentioned if they can grab your phone and know your passwords?


Shared above. Again, happy for you or somebody else to come visit our actual physical office. Also, again, happy to actually do a real KYC with you, but I genuinely want to know how you'll be storing my actual ID/Passport and if you'll be KYCing in return or will you be asking me to share my ID with you while you remain anon; because that doesn't sound fair. Happy to do it either way just so we can end this discussion about vapourware but I genuinely don't want my ID to end up on some online marketplace so I want to have some safety in that sense if I have to share it with you.


I can understand your point of view. For now the ring is not built to work like that; it works on the finger. But you bring an interesting conundrum and I think that we can add this as an optional for people to decide whether they want to left their rings unlocked or lock them. I still don't understand how the tangem ring would *know* it's not on your finger unless you have an actual information being transmitted, i.e. locking the ring, but we can probably implement a locking mechanism that you can activate from within the app. I'm not 100% sure if we will be able to include this in the absolute first release but I'll have a deeper look at it.


Again, I really don't get it. Why are you so against this and calling it imaginary? I'm happy to do a video call with you, invite you to the office, meet the rest of the team, or even personally do KYC with you, I also shared the company details (even though it was 1 word on google away) so can you please just stop with this rhetoric?

As for people getting their wrist cut off, I genuinely don't know where you live, but this is something that probably only happens in some of the worst regions in some of the worst countries on earth. That's not a casual thing like wtf.

People have been robbing others of expensive jewelry for decades simply by cutting off their wrist if they hang it out the window.   

If you are sleeping somewhere that you worry about theft, I would say don't use this imaginary product.

Once again IMO, it's a security thing. You have to preform the deliberate action of taking the ring off to use it. People can't say grab your phone while you are sleeping and then use a fingerprint to unlock it and do something with the ring. You could probably get my phone and finger while I sleep but there is no way you are getting a ring off without waking me up. That is obviously a worst case scenario.

Or how about you are doing a TX but since the ring is on the finger of the hand that you are using to hold the phone a TX is sent before you are 100% ready. Having to take the ring off is just a security thing.

Kind of like Tangem cards. Mine never leave their rfid shields until I am ready to do something.

Everyone has a different view. This is just mine.

-Dave