Pages:
Author

Topic: Do Hardware wallet Manufacturers Ship to PO Boxes or Not? (Read 636 times)

legendary
Activity: 2730
Merit: 7065
Can you please add Cypherock wallet?
Sorry, but I don't know anything about your product. I have seen your posts in the last couple of days advertising your wallet in various discussion threads all over the Hardware Wallet section. This thread has information on a a few selected brands that most people have heard about. There are many others that are missing, and I have no plans to add them. At least not for now.
jr. member
Activity: 59
Merit: 30
Can you please add Cypherock wallet?

We ship to PO boxes and we accept BTC through Coinbase Commerce.
legendary
Activity: 2730
Merit: 7065
Thanks for your feedback. Everything that I wrote in the table was correct at the time of writing. Maybe there were changes in the meantime or the information you see in your location is different from what I see on my end. I will go through the suggestions you made, double-check myself, and correct if needed.
member
Activity: 115
Merit: 314
I have a website (https://thebitcoinhole.com/) where I compare 37 different hardware wallets. It displays all the payment methods supported by each official store. I verified them myself by going checkout by checkout.

Some corrections to the list in this post:
- Bitbox also supports BTCPay Server
- Keepkey is not supporting pay with crypto
- Keystone also supports Open Node
- Ledger is supporting BitPay or Crypto.com Pay, but not in all the countries they ship.
- OneKey also supports MixPay
- Satochip is integrated with Coinbase Commerce, not CoinGate.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
So since I had the spiffy 35% off coupon [ https://bitcointalksearch.org/topic/35-off-keystone-hardware-wallets-code-5421345 ] for a keystone I ordered one.
Was correct in my assumption that at least in the US they use Amazon for fulfillment. So at least here, you can probably get it delivered anyplace.



As always YMMV and based on what country you are in it will probably vary a lot.

-Dave
legendary
Activity: 2730
Merit: 7065
I remember reading that reply some time ago. 60 days is certainly better than 1 year or 10 years. It would be interesting to learn more about their offline solution and how they deal with security. Who has access to the data, and decryption keys for example? If I was a pissed off Foundation employee and a scumbag looking to profit anyway possible, could I easily gain access to the offline system and copy what I need from it? 
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
I guess I am dreaming now...   
You can live the dream today! Tongue

Regarding our privacy policy – we currently have our Wordpress + WooCommerce instance set to automatically clear personal data from orders 60 days after shipping. For cancelled orders, those clear automatically after 30 days.

We do download, encrypt, and store data offline for sales tax reporting (typically need the zip code for each order) and for warranty/repair requests. If someone contacts us 6 months after ordering, for example, we need to be able to look up the order details and confirm they are a customer in order to send a replacement device. I hope this is reasonable, as it is necessary to store some information when operating a business where customers are buying a physical product.

We are working on an internal "vault" tool that will allow us to automatically encrypt all customer data and rate limit + audit internal requests to view that data. That will be live internally sometime next year, and will allow us to more aggressively purge data from Wordpress + WooCommerce.

There will always be legal limitations, but companies can definitely do a lot to improve customer data security.
legendary
Activity: 2730
Merit: 7065
But hear me out: The most secure way to store data is not to store it. Or to store it for a very limited amount of time.
With all the shortcomings of self-hosting mentioned above, it is also much easier (and verifiable) to completely delete customer data when you host it yourself.
It would be great if it worked that way. But due to regulations and local laws, businesses are required to keep records of their customers for X period of time. Unfortunately, the X seems to be different from company to company and depending on the territory. Some businesses anonymize private data after a while. Even that's better than storing it in their computers for 10 years. I think Ledger stores them that long. Would be even better if that anonymized data was taken offline and stored on paper in a company office space somewhere and then simply destroyed once the law allows it. I guess I am dreaming now...   
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Some want more info then others. But keeping it internal by running something like BTCPay is still better.
I can't help but to think of Ledger in this situation. All it takes is one unknowledgeable or malicious employee to destroy your reputation forever. Ledger wasn't just affected by the Shopify breach. Their employees caused a similar incident themselves. Self-hosted or not, your data is still sitting on a server somewhere that could get hacked with enough motive and incentive. I agree that it's surely more rewarding attacking and breeching the defenses of a 3rd-party company, which handles such data by millions of customers than to attack one individual business.   
There is one more nuance to this.
Sure; an individual business hosting everything themselves, may not notice a data breach quickly, may not communicate it to customers or if they do, customers may not read about it. These are the downsides. And I'd argue that it's more likely for a small business to fuck up some server configuration or have less tight security training of employees in non-technical fields like accounting and customer support (social engineering vector).

But hear me out: The most secure way to store data is not to store it. Or to store it for a very limited amount of time.
With all the shortcomings of self-hosting mentioned above, it is also much easier (and verifiable) to completely delete customer data when you host it yourself.
legendary
Activity: 2730
Merit: 7065
Places that use shopping cart software that is hosted / run by someone else.

A store can run WooCommerce or PrestaShop or Open Cart or Zen Cart or many others and the cart information never leaves their server. Name / address and what I bought stays local to them. Picking on Keystone since they are the ones we have been talking about they send all that info to a 3rd party to handle the cart.
Unless that information is clearly mentioned somewhere, I am not sure where I could get it. This is surely not something that a regular support rep could help with. To be honest, I don't know which shopping cart software brands are self-hosted and which ones are operated by a 3rd-party myself. I will have to take your word for it and trust you gave me the correct info.

Some want more info then others. But keeping it internal by running something like BTCPay is still better.
I can't help but to think of Ledger in this situation. All it takes is one unknowledgeable or malicious employee to destroy your reputation forever. Ledger wasn't just affected by the Shopify breach. Their employees caused a similar incident themselves. Self-hosted or not, your data is still sitting on a server somewhere that could get hacked with enough motive and incentive. I agree that it's surely more rewarding attacking and breeching the defenses of a 3rd-party company, which handles such data by millions of customers than to attack one individual business.   
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Still I think there should be a discussion about 3rd party checkouts
What do you consider 3rd-party checkouts? Ordering through Coinbase Commerce would be a 3rd-party checkout, for example, right? Paying the company directly from my wallet to theirs isn't in that case. Most HW do the former. 

Places that use shopping cart software that is hosted / run by someone else.

A store can run WooCommerce or PrestaShop or Open Cart or Zen Cart or many others and the cart information never leaves their server. Name / address and what I bought stays local to them. Picking on Keystone since they are the ones we have been talking about they send all that info to a 3rd party to handle the cart.

Coinbase Commerce is a payment processor. Some want more info then others. But keeping it internal by running something like BTCPay is still better.

Just thinking that since this is about privacy and data leaks it is worth a mention.


The counterpoint is that if Shopify does get hacked (again) it makes the news, due to the size and nature of who they are and what they do. If some business is hosting it themselves and there is a data breach, if they don't find out about it or tell people about it we may never know that our info is out there.

-Dave
legendary
Activity: 2730
Merit: 7065
If you order from there will it let you ship to a PO box?
I tried with a PO Box address in Germany (also known as Postfach) and the site didn't report any errors. But who knows what would actually happen if you ordered a parcel, it arrived at the designated address, and it was time to pick it up. Would it even be delivered or would the courier call you and ask for an alternative?     

Still I think there should be a discussion about 3rd party checkouts
What do you consider 3rd-party checkouts? Ordering through Coinbase Commerce would be a 3rd-party checkout, for example, right? Paying the company directly from my wallet to theirs isn't in that case. Most HW do the former. 
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
It went through with no issues. Since they do sell through Amazon here in the US I wonder if they are just using them for fulfillment here. Would cut down on a lot of work for them in terms of logistics.
That previous picture you posted, which shows delivery information to a PO BOX, is that an image taken from their official online store or from the Amazon link below?

Their store. The issue is, that Amazon does, or at least did give you the option of blind shipping. The return address will be a generic facility that 1000s of shippers use. Sometimes it's easy to spot since it's a known local Amazon warehouse. But, I have gotten packages from addresses that are just massive USPS facilities that I KNOW came from an Amazon warehouse.

 
Yeah, it works. I can see different Keystone products on the page.

If you order from there will it let you ship to a PO box?


Still I think there should be a discussion about 3rd party checkouts

Several hardware wallet manufacturers have suffered hacks and data leaks in the past. This trend might not stop, and I think we will also read similar stories in the future.

If like Keystone they are using a 3rd party cart. If they are doing enough with cookies and browser fingerprints they can easily know that DaveF who ordered the hardware wallet and paid with crypto and shipped to a PO box is the same DaveF that ordered the replacement battery for his motorcycle paid with Visa and shipped it to his house. At that point it does not matter if Keystone got hacked, you are now worrying about the 3rd party cart provider and when they get hacked.


-Dave
legendary
Activity: 2730
Merit: 7065
It went through with no issues. Since they do sell through Amazon here in the US I wonder if they are just using them for fulfillment here. Would cut down on a lot of work for them in terms of logistics.
That previous picture you posted, which shows delivery information to a PO BOX, is that an image taken from their official online store or from the Amazon link below?
 
Yeah, it works. I can see different Keystone products on the page.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
At least in the US Keystone does allow shipping to PO Boxes.
The data in the OP is based on what info I got from the customer support of all those companies. Does their online shop allow you to complete the purchase after selecting a PO box or is there an error or other type of notification that hinders it? Do you know what carrier they work with in the US? The information I got off the Ledger support team was that their packages in the USA are shipped via DHL, and they don't deliver to PO boxes. So it's a restriction set by the carrier company and not the device manufacturer.  

It went through with no issues. Since they do sell through Amazon here in the US I wonder if they are just using them for fulfillment here. Would cut down on a lot of work for them in terms of logistics.

Does this link work for you? https://www.amazon.com/stores/page/0360EBE5-E20C-45DC-836C-59573EAE62F5
 

Also, they use opennode.com for BTC payments and Coinbase Commerce for altcoins and also BTC.
I got redirected to Coinbase Commerce when I imitated a fake purchase just to see where it would take me. It's the first time I hear payments are also processed by opennode.com. Are those Lightning payments maybe or is it a geographical thing that determines which payment processor a customer is redirected to?

Lightning or onchain.
When I go to pay this is what I see, you have one option for Coinbase Commerce and one for BTC:




When I click through the BTC option it takes me to an opennode link, to pay a shopify cart.




So it could be they are using different providers depending on where the customer is coming from, could be they changed the day after you spoke to them. Or, it could be their customer service person who you were dealing with was wrong.

Shipping to a PO Box is drobably not that big a deal in terms of security / privacy now since they are using a 3rd party cart we don't know what else is being captured. So assume that they know what you purchased, what IP you came from for geo location and a ton of other stuff. What information is shopify getting and keeping? We may never know.

That should probably be another column in the chart, self hosted cart or 3rd party.

-Dave
legendary
Activity: 2730
Merit: 7065
At least in the US Keystone does allow shipping to PO Boxes.
The data in the OP is based on what info I got from the customer support of all those companies. Does their online shop allow you to complete the purchase after selecting a PO box or is there an error or other type of notification that hinders it? Do you know what carrier they work with in the US? The information I got off the Ledger support team was that their packages in the USA are shipped via DHL, and they don't deliver to PO boxes. So it's a restriction set by the carrier company and not the device manufacturer. 

Also, they use opennode.com for BTC payments and Coinbase Commerce for altcoins and also BTC.
I got redirected to Coinbase Commerce when I imitated a fake purchase just to see where it would take me. It's the first time I hear payments are also processed by opennode.com. Are those Lightning payments maybe or is it a geographical thing that determines which payment processor a customer is redirected to?
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
At least in the US Keystone does allow shipping to PO Boxes:



If you are paying by credit card you will probably have to have the PO box listed as a shipping possibility.
And they are still at Amazon ($10 more) but you can have it shipped to an Amazon locker if there is one that you can get to.

Also, they use opennode.com for BTC payments and Coinbase Commerce for altcoins and also BTC.


-Dave
legendary
Activity: 2730
Merit: 7065
Using a PO Box would make you anonymous to hardware wallet manufacturer, but the post office or the service you use will have information on file about you. If that data is stored digitally, we are back to the same problem. But this time it's not a hardware wallet manufacturer that stores your data, but the US Post Office or any other post office of the world. Can they be hacked or suffer a leak? Of course.

PO Boxes aren't available worldwide, many curriers require that you sign for the package upon delivery, and some couriers don't ship electronic devices to PO boxes. So there are different problems with using them. If you are not worried about supply chain attacks, you can always buy a HW by physically going into one of the shops they are sold at and purchase it there with cash.   
legendary
Activity: 1792
Merit: 1296
Crypto Casino and Sportsbook
It would be great if someone has experience in buying a hardware wallet and delivering it to the  PO Boxes, and is also willing to share information about the nuances of this. This could be useful (not only for me personally, because I have an interest in this), because the delivery of parcels to the  PO Boxes may differ due to the specifics of each country. I don'tt think that for the sake of this it is necessary to create a separate topic, because, in principle, the discussion of this fits into the concept of this topic. Are there people here who ordered hardware wallet for a PO Boxes?
legendary
Activity: 2730
Merit: 7065
Crypto payment processor information was missing for a few brands, so I did another check and added the ones I left out.

- Blockstream uses BTCPay Server.
- Coldcard doesn't seem to be using a payment processor judging by their store.
- Foundation Devices uses BTCPay Server.
- There is an issue with KeepKey when it comes to crypto payments. The system is currently not functional. I think they are using Coinbase Commerce.
- Trezor uses Confirmo.net.
Pages:
Jump to: