Topic: Coinkite ColdCard Mk4 Review (Read 307 times)

There is no reason for me to be angry for exposing constant lies of  hypocritical egoistic guy who thinks he invented wheel all over again
I sure won't use CC, thank you for your smart suggestion, and I see you know very well how to rename repos and do git trickery cloning  

I've further talked to him and he understood that CC was not a clone, which he thought was at that time.

You seem very angry, just don't use CC.

I am really sick of hearing you bitch all the time, but since you want to go this road I promise to dig deep and release everything about this.
First thing I am posting one of Coldcard tweets from 2018 when you released firmware as open source... but you used Trezor GPLv3 code, that you didn't acknowledged.
It's ok to say that I don't know what I am saying (because I am just an amateur) but you claim that Trezor main dev PavolRusnak is lying.






https://nitter.privacydev.net/coldcardwallet/status/1022097582649008128

There was not Trezor "clonning", you maybe unware that we also contributed to mod-crypto. That was the only lib shared with trezor, many share that lib few years back. It is the norm in any industry to share the same crypto libs, we have since moved to libsec256k1 maintained by core.

You cloned and used parts of original Trezor open source code, and that is ok because they are the first original hardware wallet, and now you are bitching that someone else used and changed your open source code.
I found that extremely egoistic and hypocritical, but you can do whatever you want, it's your product.
Passport released everything including hardware as open source, and they used totally different hardware than Coldcard, so you are obviously going in totally different directions.
Good luck to both of you.

Lots of git trickery to confuse the diffs, removal of comments, etc... heck their Ad image is all the code we wrote 

Anyways, waste of time. Good luck to them.

Would you care to elaborate about that cloned product?
I heard rumors about a wallet that I really like, so looked into that, compared code bases and didn't find them to be identical or similar at all.
Also lots of changes and features that ColdCard doesn't even have, so that can't be it. I'm intrigued to see who actually made a CC clone.

When altcoins started popping up, there were no thousands of contributors yet, though.

That wouldn't be possible there are thousands of contributors, all would have to agree. CC is largely single source (us), the very few external contributors had no objection.  

The cloners were very careful with their github tricks, but regardless think what you want.


We have a ton of FOSS work done, funded and contributed, under many different licenses.

Regarding the SeedXOR, XOR is standard computer operation not much to license not license. Within 2 minutes I was able to find implementations on github https://github.com/Marcaday/SeedXOR (did not review or recommend)

All the instructions for you to implement are here https://raw.githubusercontent.com/Coldcard/firmware/master/docs/seed-xor.md

You and I are free to choose our licenses for our project.

Imagine Bitcoin developers started changing BTC open source code to CC after first shitcoin forks showed up  
Lame excuse from you nvK and I don't agree with you that nothing or little was changed in Passport wallet, but it's not very hard to compare two github repositories to see the difference, so I don't have to trust your words.
Someone could correct me if I am wrong, but I think that you also didn't release your Seed XOR (version of Shamir Secret Sharing) as open source, just showing how wrong your thinking is.
But hey, do whatever you think is best for your product, if you are selling better than ever like you say, you have nothing to complain about.

We found a balance with MIT+CC, you can indeed fork, change it, sell it, the intention is Commercial Limitation; ie cloning the whole code base and starting a competing product as it was done. Funny enough little on the hard stuff we built that was clone has changed on the fork.



If that came to be (which I don't), we would seek a different license or write a new one with strong user rights and creators protections against fiat maxis.

I don't presume to speak for Nvk, but I doubt he would get bent out of shape over forking for personal use or in an attempt to improve the code; i.e. add features or enhance security.  Sure, there's no financial incentive to do so, but that doesn't stop people from donating their time for open-source projects that also don't offer incentives.  I'm not a coder, but if someone were to fork the firmware to include support for XMR, I'd be all over that.  



I've been reading up on Common Clause licensing, and it seems many knowledgeable folks are predicting it's days are numbered.  I still don't know how it differs from Creative Commons, but one article suggested that'll be the preferred licensing in the near future for developers that want to be transparent, but restrict the competition from monetizing their work.

Let's fork the damn thing and see what happens.
I remember someone was saying last year that NVK and his legal team has lawsuits ready for anyone that tries to fork coldcard again, so good luck with that.
Common Clause license is not allowing to sell software, but you wouldn't do that anyway, you would just sell device that uses this software, same thing like I could sell you smartphone that uses open source vanilla Android OS.
Funny thing they didn't mind forking Trezor wallet when they first started making ColdCard  

For Coldcard it's not Creative Commons, it's Common Clause license, there is a difference, and I don't see anything good about that, except ego of single developer being blown up.

Yes you can, I can, DireWolfM14 can anyone can fork it, clone it and do just about whatever you want with it.
You just can't do it for commercial reasons.

With that being said, it still goes back to what I mentioned earlier this week.


Evey time you add a coin, a feature, anything it's one more point of failure and vulnerability.
Adding XMR fine, do it yourself. Want to add another feature go ahead. But don't have it in there out of the box (plastic bag)
I still plan on getting a mk4 if my mk3 ever gives me any issues, no real point in replacing something that works.


The 1st web server my company put together had a massive 4GB drive back in 1998. Now I have a magnitude more of RAM just on the caching controller that the drives are hooked up to.

-Dave

Side note, over the last 6 months or so I am really starting to see a greater use for the CreativeCommons license. Dealing with some things I have seen some pretty good pieces of open source software being run on shit sub standard hardware. And because this piece of shit CNC machine is running (not the real name) UltraMill 4 software. Then UltraMill CNC machines must all suck. To the extent that the UltraMill company is actually changing it name and all the new machines are running closed source dongle locked code.
Not saying that this is the case here, but I am starting to see why it's needed now and then.

The VirtDisk is actually a pretty cool feature.  It automates signing PSBTs to some extent, i.e. as soon as you save a PSBT onto the VirtDisk the ColdCard automatically recognizes it and asks if you want to sign the transaction.  With the VirtDisk feature enabled you don't need a mSD card at all.  The other neat thing about it is that it's volatile memory, so once you log off the ColdCard or disconnect it from power the memory is purged.  It's only 4MB of memory, but that's plenty for PSBT or wallet files.  And, it's a whole 10% of the HUGE hard drive I bought back in 1989.

@DireWolfM14 and everyone else who owns ColdCard mk4 hardware wallet should update asap to the latest firmware version 5.0.6, that should fix recent Virtual Disk bug.
They explain more about this fix in their new blog article released today, but I am starting to think they could made all this fuss and fix just to promote this new Virtual Disk feature, because they are very excited about this.

https://blog.coinkite.com/5.0.6-released/

Coldcard firmware is NOT open source, because there is a clear definition what Open Source software is, and Commons Clause is NOT Open Source.
Speaking about hardware parts of device, they have two secure elements that are closed source I believe, but most hardware wallets have similar license for their secure elements.
To be fair, ATECC608B is probably most open secure element so far, and it is part of Coldcadrd Mk4 along with Maxim DS28C36B.

Note that Coldcard just releases new firmware v5.0.5 with some bug fixes and improvements, so you might want to update your device DireWolfM14:

https://coldcard.com/docs/upgrade

It's hard for me to comment on that. I am not a software developer, so I can't imagine what it means creating and releasing a software or piece of code without making any profit from it. Making it a proprietary piece of software would mean that it does not fulfill all the conditions to be called open-source, but I was only referring to the publicly or not publicly available code. I think it's morally wrong to take an already open-source codebase, change it, perfect it, and then make it proprietary and call it your own. It can't be your own if someone else already laid the foundations. If ColdCard did that, then it's a pretty shitty thing to do. But that's just an opinion not based on any knowledge of what it takes to create a piece of software. 

License used by Mk4 firmware ("Commons Clause") is quite controversial. Few people/group say it's harmful for open source ecosystem[1-2]. The creator also agree it's not really open source either[3]. I'm not fan of this license either since AFAIK it's quite restrictive on practice.

[1] https://drewdevault.com/2018/08/22/Commons-clause-will-destroy-open-source.html
[2] https://www.gnu.org/licenses/license-list.html#comclause
[3] https://commonsclause.com/

Oh, I get it. So the code is publicly available and you can inspect and verify it if you want. But you are not allowed to use their code for your own software needs and forks. That's OK. It still means it's open-source then. It's an unorthodox way to go about things, but that's their decision.

WalletScrutiny has tagged all other ColdCard Mks as unreproducible, but the Mk4 has not been reviewed yet. I am looking forward to what they have to say.

I'm no technical guru, but as far as I know dkbit98 is correct, the difference is in the licensing; i.e. whether it can be reproduced and distributed, or not.  

The firmware and the hardware are open for review:
Firmware: https://github.com/coldcard/firmware
Hardware: https://github.com/Coldcard/firmware/tree/master/hardware

99% of people around the world have no idea what mk4 or mk3 even means, so it's not a bad idea and you can always use some case to cover transparent cover.
This is not meant to be used as real calculator or as ultimate protection for your hardware wallet, so that is no problem for me.
Much more people know about ledger wallet but this is still a small percentage of total population.

It's not open source, but to be fair you can still inspect and verify their code, only thing you can't do is fork it.
You could use some of their old open source code and make changes if you know what you are doing, but their old code has some known security flaws.

This is a well-thought out move by them. The uglier and less conspicuous the box is, the better. I never liked the fact that my Ledger came in a box clearly stating it's a cryptocurrency wallet and mentioning Bitcoin and Ethereum in the process.    

This is a pretty weird thing to do. You would expect that it has everything required for normal operation without forcing you to go out and buy your own cables.

It's interesting that they are still claiming on their website that the source code is verifiable and open-source. Is it just the firmware that is closed-source or is everything else close-source?

I think the only way to get NFC working in a way that I would use it, is if there was an companion app from ColdCard, and if that app was open-source.  Otherwise, the feature might as well not be included.  I'm usually reluctant to install apps on my mobile devices unless they're absolutely necessary, so even if there was a third-party app to use with the feature I would probably opt-out.

---

Meh, I wouldn't count them out just yet.  Competition has a way of coercing companies to adapt to their clients' desires.

---

There is a way to generate individual keys that are indeed backed up by the master seed, but I believe the "Paper Wallet" generator is decoupled from that on purpose.  There are indeed use cases where you want to generate a key that isn't recoverable; keys for physical coins or Paper Wallet gifts for example.

---

If you travel with your device and find yourself in a compromised position you may find the ability to brick your device rather handy.  Again, there specific use cases for this feature, and it's not enabled by default.

---

That's always the concern with closed-source code.  Obviously there are risks, and everybody needs to assess those risk for themselves.  Since the original intent is for ColdCard the to remain as an air-gapped device, many of the risks are mitigated if you use the Mk4 in that way.

Thank you for your review and all details you wrote about. I never owned or used a ColdCard, just like to add my opinion to this device.

Printing "ColdCard" on the PCB doesn't quite disguise this device from a cheap calculator. I wouldn't count on that, likely nobody does or should.

I don't like closed-source firmware. This cuts you and others off to check and verify what the firmware does at sensitive points of wallet "procedures". For me this is kind of security by obscurity and clearly not a policy I want to support with my money.

While I like a lot of the features you mentioned, there's one or two in particular I dislike a lot: first the ability to create paper wallet data which is unrelated to the main ColdCard seed. There might be use cases for that, but I simply find it a dangerous features, because you can't recreate such paper wallets if you loose any details or documentation of it. The second feature I don't like is the ability to have a special PIN which completely bricks the device. As far as I understood it, it's optional and I don't have to use it, still doesn't feel comfortable for me personally.

Some interesting features which are also new for the Mk4 incarnation of the ColdCard device set this Mk4 apart from predecessors. How do we know that Coinkite did it "right" with those new features? With closed-source firmware you'll have to put too much trust into them for my personal security taste and comfort.

My personal conclusion is: as long as I have more open-source alternatives and no unique feature that this device offers and which I need, I'd stay away from ColdCard Mk4.

Thank your for your in-depth review. I have also a MK4 and I think basically the same about the wallet. Maybe we can get some news about NFC sooner or later, especially since the CEO of Coinkite is reading in this forum 


To me the bitcoin only solution is also the only downside. I understand that they don't want to include every shitcoin and tell people to simply buy another hardware wallet, but in my opinion this is like telling people we sell you a car only in color black because we like only the color black. You can go to another brand if you want a red car. This is their right to do, but it is just a stupid decision.

I have other options, like an air-gapped laptop, and I also have a Trezor Model T, which I do use for monero.  I don't hodl XMR, so it's not my biggest issue, but it does feel weird to have thousands of dollars in a desktop wallet, even if it is for a short time while I wait for a Bisq offer to get a bite.  I know most bitcoin maximalists appreciate monero's privacy features, which is why I think ColdCard should support it.


I just looked up my old invoices; I paid $149 for my Model T in January of 2019, and in May of the same year I purchase a bundle from Ledger that included the Nano X and Nano S.  The bundle price was also $149.  It's insane how much things have gone up in the last three years.  Although the Trezor T is my favorite HW wallet, I too would have a hard time justifying $280 for one, especially since the Foundation Passport has been released.


The hardware wallet did arrive in a sealed, tamper-evident bag, as Coinkite demonstrates on their Quick Start page.   I did not photograph the bag because it has identifying information on it.  As a supply-chain security feature the bag and hardware wallet are numbered to match.  It was obvious that the device was new, I don't think any effort was made to skirt customs, tariffs, or taxes.


Thank you, I'm glad you find it helpful.  As for the closed-source vs. open-source debate, everyone is going to have an opinion and I wasn't expecting to change anyone's mind.  As I've said I believe the firmware should be open source, but I understand why it isn't.  I also feel the features of the ColdCard are worth the extra effort I have to take ensure my safety due to it's closed-source nature.

You will never have this for ColdCard wallet now after they changed their source code license so you can only view it and not fork it.
I think that only Trezor model T and ledger wallets support Monero for now, but someone started to work on fork of open source project SeedSigner that is called MoneroSigner.
It's easy to make this signing device on your own with RaspberryPi zero and printing your own 3d case.

To be fair, there was a time few months ago when you could buy ColdCard for around $120 on presale, and some other hardware wallets also offered lower prices like Foundation Passport.
I would never give $280 for Trezor T or $157 for ledger model X.

This is really interesting and I didn't know they are sending their hardware wallet like this.
Is returned address or anything else mentioning Coldcard hardware wallet or not?
I wonder if this could trick customs and that could avoid paying extra import taxes in some countries, even if I am not a fan of their cheap calculator look.

Very good review and I think it could help someone who ios thinking of buying their new Mk4 device, but if you ask me would I buy it, I would say No
However, I do think new Coldcard wallet is still better and more secure than other hardware wallets like ledger, so it's middle ground between open and closed source devices.
I don't think they solved anything with two secure elements, and I bet this will create some issues down the road.

It's been a little over a month since I received my ColdCard Mk4, and I'd like to share my thoughts, opinions and observations here.  I purchased the ColdCard Mk4 with my own money, I was not offered a discount nor did I receive any promotional pricing of any type.  I have no affiliation with Coinkite, I have had no communication with them since my purchase, nor have they offered any incentive for making this post.

---

tl;dr

If you can get over the fact that the firmware is not open-source, this is the most feature filled and among the most secure hardware wallet I've ever used.  It's not the most user-friendly or newbie-friendly wallet I've used, but for the experienced bitcoin maximalist, I do recommend it.

I am a bitcoin maximalist and the ColdCard is a Bitcoin Only hardware wallet, but I do wish they would integrate support for Monero's official wallet.

---

Price

The price of the ColdCard as compared to the competition:

• Trezor Model One:   $77
• Ledger Nano S+:   $83
• Ledger Nano X:   $157
• ColdCard:   $158
• Foundation Passport:   $249
• Trezor Model T:   $280

At the time of writing this review the ColdCard costs $158, which puts it in the bracket of moderately priced competitor models, and nearly identical to the Ledger Nano X.  Despite it's price being roughly twice that of a Trezor One, I think it's still a good value given it's many features which I'll touch on below.

---

Purchase

The purchasing process directly from Coinkite was easy, and secure.  When I ordered the Mk4 it was on backorder, but I received it within three weeks of reserving mine.  The wallet arrived in a non-descript cardboard box, with no indication that it had anything to do with cryptocurrency, other than the return address.  There were no accessories included with the wallet, other than a couple of stickers, and a card for a mnemonic seed phrase.  A USB-C cable is required to power up the device, which again is not included.

 

---

Form

The wallet it's self is a very simple design, intentionally meant to look like a 90's vintage calculator that you got for free when opening your first checking account.  An uneducated thief looking for items of value wouldn't give it a second look.  The clear plastic housing is a cool look in my opinion; however I do believe a flat black option would further the intent of making it look like a cheap calculator.

The injection molded plastic housing is upgraded from the Mk3 in that it includes a protective cover for the keypad and screen.  The fit of the cover is secure, both on the front and the back where it stows away neatly during use.  The overall quality and feel of the device seems solid and practical.

 

---

Function and Quality

Functionally, the wallet has some minor issues that are more annoyances rather than issues.  The keypad buttons are deeply set within the housing and my fat fingers have trouble getting in there at times.  Another observation is that as I scroll through some of the function pages if I start pressing a bit too quickly the scroll function doesn't keep up.  Again, I find these to be relatively minor observations.  It's worth noting, however that the only other wallet within my realm of consideration that has a physical keypad is the Passport which costs $90 more.  With the even more expensive Trezor Model T's touchscreen I tend to be prone to mistakes.  Again I blame my fat fingers.  So, even with the minor observations regarding the keypad, in contrast with the competition a full number pad of real buttons is a welcome feature.

The other hardware functionality seems pretty solid.  The USB-C connection is solid feeling, and so is the slot for the micro-SD card.  The screen is on the small side, but the font is bright, clear, and large enough for me to see without issues.

---

Security

Now if it's one thing I've learned about trusted vendors and services within the crypto world, it's easily summed up by a Russian proverb that was made famous in the US by Ronald Reagan in 1987; doveryay, no proveryay (trust, but verify.)  So I'll take this opportunity to note again that the ColdCard is bult with source code for firmware that is licensed as common clause, not open-source.  The firmware is open for peer review, but cannot be forked or distributed.  Of course verification is possible, and verifying your transactions is always recommended.  Any bitcoin transaction can and should be verified prior to signing, and again prior to broadcasting.

Discounting the the controversies around common-clause licensed firmware, the wallet strikes me as a brick house in terms of security.  It includes the typical features one would expect; 24-word seeds, complex passphrases with full keyboard of special characters, and control over derivation paths for multiple, less prominent wallets. It also has a special configuration for entering PINs which I find to be more secure than the more common methods.  It can also create a fake pin to use when under "duress," and even allows a special configuration of the duress PIN which, when entered will result in the device being bricked.

As would be expected, the Bip39 passphrases (extensions) are entered on the device, and only stored while the device remains powered up and logged in.  An automatic logoff timer can be set, so if you must step away from the device for a few minutes it'll automatically log itself off.

---

Privacy

This category is where I believe the ColdCard sets itself apart from the competition.  Due to the simplicity with which it can generate new, unaffiliated addresses, multiple HD wallets, and integration with Bitcoin Core the device makes it very simple to prioritize your privacy, and give you tools to make it easy.  I will discuss these features more in the next section.

---

Features

The ColdCard is full of neat features that help the use remain safe and private.  Here are some of the ones I find useful:

• Bip85 sub-seed generator
• Paper Wallet generator
• Optional USB connectivity
• Wallet file generator for popular desktop clients
• Multiple user accounts
• Simplified backups

Most of the items I've listed above are, as far as I know, unique to the ColdCard.  Most are also self-explanatory, but I will touch on the Bip85 feature here because knowledge of its existence is new to me, and it's super cool.  With this feature you can generate any number of mnemonic seed phrases, WIF HD seeds, and standard single-address private keys.  These keys are derived from your master seed, so as long as you've backed up your master seed phrase, you'll always have the ability to restore any of the derived seeds and keys.  For example, you can generate a 12 or 24-word seed phrase that's derived from your master seed to use for a hot wallet and if you choose to not write it down, no big deal.  You can always use the ColdCard with the same master seed to retrieve the hot wallet seed.

The Bip85 feature along with the single key generator can help improve privacy by creating wallets that are unaffiliated with your main wallet but can be recovered later if needed.  It is worth noting that the "Paper Wallet" generator creates random keys that are not backed up by your master seed.

The other feature I want to touch on is the optional USB connectivity.  ColdCard models prior to the Mk4 did not include this feature, they had no method of connecting to a host device (PC or phone) through the USB port.  They relied on transferring data through the use of the micro SD card.  The Mk4 can be used the same way, but it also provides the option to use USB connectivity so the wallet can work similar to other, more typical hardware wallets, i.e., it can be paired to a desktop client to sign transactions directly.  

Another feature it includes is the option to enable 4 megabytes of integral volatile storage.  This can be used to transfer wallet files generated by the ColdCard or save PSBTs generated on the host.  This storage is non-persistent and is lost once the device is logged off or powered off.

---

Conclusion

The bottom line about the ColdCard, or just about any purchase can be summed up with one question; would I buy it again?  The answer is a resounding "Yes!"

I am of the opinion that all crypto currency wallets, hardware or otherwise should be open-source primarily for trust and transparency purposes.  I do find the ColdCard to be secure and practical hardware wallet.  All in all, I think it is a great tool for any bitcoin maximalist.

---