Regarding the scratched screen. Does Passport have any recommendations on how to protect the device from further scratches? In the OP you mentioned that the curved screen makes it difficult to stick on a screen protector. I haven't really played with those things, so I don't know why that would be a problem.
I don't think they have any recommendation for this.
I can try to ask them Zach, any recommendations? But it doesn't seem to scratch easily from normal usage. Do you know how sometimes when you look at a piece of plastic on a product and you
immediately know: 'this is gonna scratch fast'? This material is not that. In contrast, BitBox02 does look like it (and it does scratch this fast).
With this gentle curve, it might be possible, to be honest. Might try giving this site a shot:
https://www.protectionfilms24.com/custom-sizes.htmlWe can see from the
source files that the screen is 1.092"x1.416" or around 27.73mmx35.96mm.
For a single one it's pretty expensive, but if you get 10, it's just 2 bucks per screen protector.
A big no go to me is the batteries. The wallet itself is rather expensive + you are going to need a new set of batteries quite often. You only got 4 hours out of the ones that came with it? That's really bad performance-wise. The money you will spend on purchasing new batteries will be more than what you paid for the HW.
Well, it depends on the usage. Turning it on, performing a transaction and turning it off again takes probably 1-5 minutes tops, so 4h would be 50 transactions in worst case. I drained mine in a day since I played around with it a bunch and then stood for 2h in the shop stamping seed words off the device directly. Probably better to write it onto paper and turning it off, then copying from the paper.
Regarding costs, you can get a 4-pack of compatible rechargeables for 25 bucks, so you get 2 to use for other stuff. And I did really like the concepts of standard AAA's (or AA's, wouldn't mind) since I know I can find these in 20 years time pretty surely. (worst case hook up a 3V power supply to battery terminals)
They are also worried about security of Li-Ion batteries, but I'm honestly not. Never seen an attack through a battery so far (correct me if I'm wrong).
I see from your post that the second version will be shipped with Li-Ion batteries. Hopefully that can improve the stand-by time.
If they can fix the insufficient battery life, lower the price, and manage to create a HW that won't suffer major security issues and vulnerabilities in the future, this would be something I would consider purchasing for long-term storage. At the moment, it isn't.
I mean they did lower the price by 33% which is a large jump and the Li-Ion will definitely hold longer. These things are common (which I really like for longevity / what if Foundation fails & I need new batteries etc.) and hold around 1000mAh, I believe. However, they discharge better, if it makes sense. So it will be similar battery life to the Lithium batteries (multiple hours on a charge), but you can recharge and also carry a second battery. I really loved when phones could do this (e.g. bring a few charged spare batteries on a trip and not mess with charging all the time).
I didn't expect someone would review $299 device (excluding possible import tax and shipping cost). But with such high cost, i'm really annoyed they don't bother include rechargeable lithium AAA when they include industrial class microSD.
Hehe, you know me - I'm not 'someone'
Oh yes that would have been a cool idea, to simply include rechargeable AAA's, but I think those then would also have a closed-source chip which is something they wanted to avoid and thus chose to use standard 'dumb' batteries. I still like the idea of 'dumb batteries', but maybe the circuit could have been designed around Alkalines instead of around Lithium cells in a way. Though if the current draw is too high, there's no way around Alkalines or Ni-MH (but then you have to take into account these operate at 1.2V).
IMHO, if people choose FE rather than other hardware wallet (such as Ledger and Trezor) which is cheaper and easier to use, it's more likely they have better secure practice. I wouldn't worry about malicious application which replace PBST file if you perform good security practice and verify the transaction before sign/broadcast process.
Oh, for sure, but maybe it would be worth adding to the guide or something. Like, especially with airgap, people may expect to be able to use it on fully infected machines and shit and rely too much on perceived security. On the other hand, the large screen makes it very easy to confirm the receiver address and if that matches, you're obviously good.
If they can fix the insufficient battery life, lower the price, and manage to create a HW that won't suffer major security issues and vulnerabilities in the future, this would be something I would consider purchasing for long-term storage. At the moment, it isn't.
I doubt it's easy to lower the price when it's still assembled in U.S which have high wage cost.
In my opinion, the new price of $199 is substantially lower and well priced. I would probably recommend even FE for $199 (without the planned improvements). Just found $299 too high, but that's probably due to economy of scale and being start-up.
I know we discussed the battery life or lack of it in another thread. Did you ever trace down what might have been pulling all that power? I think that they are powering the camera when not in use due to what I saw on the power feed when I had one in pieces but I only had it for a few minutes to test before it had to be handed back. It was not mine and they were shipping it back so I could not be sure and did not want to really bring it up till someone else was testing one.
Yup! I knew I missed something.
I wanted to better explain in the review but forgot. From what I see, there are two issues.
1) If you draw an even moderately high current from Alkaline batteries, their capacity cripples. You cannot draw 1.2A (1200mA) for an hour straight from a 1200mAh Alkaline, for example. You can draw a tenth of it for 10h though. Since the Passport runs a normal microprocessor, I expect it to pull anywhere from 500mA to 1A for sure, which is simply too high for Alkalines, they're not made for it.
2) The circuit just can't work with anything below like 1.3V... A battery is not dead at 1.3V, so I would have expected some circuitry to meaningfully 'boost' it up to 1.5V in the device (even though there are losses when doing this) so it can continue working until really fully drained. This can't defeat physics / chemistry (1) though.
I don't think the camera is active while not actually in use or anything like that, to be honest. But if yes, these kinds of issues would be easy to fix via software update.
Will check the code and add a few more lines to the original post about this battery stuff.
It's the first time I saw this hardware wallet and it does look interesting. The wallet where looks like a mobile phone and you could have codes to bring you to a secret menu. That's amazing that you can play games on it but I don't get the idea of screenshots though.
Can you use the microSD as a key to using it as well? Not just having a Pin or code?
Well, let's say you're doing a workshop about Passport setup and usage for example, then you could have screenshots to insert into your presentation or something like that, I guess. Or maybe for Snake highscore simply.
No, you can't use the microSD as a key, you need to use the PIN code. I also didn't talk about this since it can be found in the setup guide, but when you enter the first 4 PIN digits, it shows two words. If you don't recognize these words (should always be the same 2), you know this is not actually your device and you shall stop entering further numbers. It's then a trap designed to steal your PIN, right. If you were to just insert a microSD with the key, this mechanism wouldn't work and you could risk giving away your key to an attacker.
First, thank you (truly) for taking the time to write such a thorough review, and researching everything, and reading our support material and Github documentation. Not everyone does that.
Thank you for taking the time to reply and speak openly / acknowledging issues and explain reasoning behind decisions!
To be honest, I would have liked to research a bit more, also test multisig implementation and delve more into the code, but I only have so much time at the moment. Also I saw already a bunch of people successfully use multisig with the Passport, so didn't feel the need to test it just for the review.
In this case, we made some fairly hardcore security considerations that I think lessoned the overall quality and user experience. It's a balance, and I think we leaned too much on the security side for the Founder's Edition batch.
This is pretty on point, to be honest.
Like, I see how you went security over anything else in almost all aspects, and I generally commend it if a product has like a straight objective e.g. usability first, longevity first, or security (or another objective) 'first' and follows through. I still don't get the inclusion of the extras menu since everything else, especially the hardware, is so 'laser-focused' on security, even trading screen quality and battery life for security.
For the batteries, we chose AAA's very early on for a few reasons. We liked the security profile (they are 100% "dumb" with no chip inside), they are readily available across the world, and they allow for the device to operate in an airgapped manner.
What we didn't realize, though, is how bad normal AAA's are at holding their voltage. If the voltage dips too much, then Passport simply can't operate. So normal AAA's used with Passport aren't fully drained – they can be used in devices like remote controls – but they are too drained for Passport to handle.
Definitely agree, it was one of the main selling points for me. Wasn't it possible to make the circuit work at lower voltages like 1.3V (around the time when it shuts down) by boosting voltage or otherwise?
In hindsight, I think our AAA decision was a mistake, and we are rectifying this for Batch 2.
I don't think you necessarily had to move to Li-Ion though, if it was maybe somehow possible to design the circuit around Alkalines. You now have the added benefit of less thickness, but not sure that's so important.
We likewise made the screen decision primary for security reasons. The screen is a Sharp Memory LCD, the same type that is used by bunnie in his betrusted/Precursor project. The screen does not have an embedded chip, and instead has circuitry etched into the glass itself. This would, theoretically, make tampering more difficult. We consider this to be a "tamper evident" display.
Right, I see. I mean, now I see more why some choices were made (even though explanation about screen choice was given before buying & was actually a selling point). Basically, you went all-in on security on every hardware element, even if that meant a sacrifice in another aspect. I guess one can't have everything!
I think we leaned too much on the security considerations of the screen, and did not fully consider the quality/UX tradeoffs. A brighter LCD display would have made for a better QR code experience with computer webcams, and would have exuded quality.
In hindsight, I think our screen decision was a mistake, and we are rectifying this for Batch 2.
Honestly, same screen but with backlight and no scratches would have been fine as well - retaining security & improving the finish. But glass top of course is the best option. Not sure if that would have been possible on top of SHARP tamper-evident LCD.
We are deeply upset that this happened, and can assure you that next batches will have higher quality plastic.
Additionally, for Batch 2, we have moved to glass. As you mentioned in your review, that means it could shatter. But we are using glass with 6H hardness, which is on par with some versions of
Gorilla Glass. I've taken a razorblade to it and it hasn't scratched. So hopefully it will be a big improvement and a good tradeoff.
Sounds good!
Overall, I think Passport Batch 2 should address all of your concerns. We’ll be unveiling it in February.
It will offer a different set of tradeoffs between security and UX/quality. Hopefully most people will be comfortable with these tradeoffs. I know some will be upset about the new Lithium Ion battery, or the new screen, or the cover glass instead of plastic. (And we refund preorders in full if anyone is unhappy when we do the unveiling).
Exciting - February is not long from now. I understand; this time you are going more 'traditional' in a way with recessed, presumably non-tamper-evident screen and Li-Ion battery with proprietary chip.
I'm now wondering if you're considering re-releasing FE with maybe better plastic QC on the screen and other back cover colour (to distinguish from FE since it was limited to 1000 units) as the 'more secure' option while the new version would be the 'more usable' option for instance. So customers could have a choice to simply buy what they prefer.
I do think some people here would prefer getting the Passport with AAA's if the screen wasn't scratched from the factory over getting one with Li-Ions. Just an idea. I think Keystone / formerly Cobo Vault had choice options between AAA or Li-Ion.
Me personally, would choose v2 probably (though not seen yet), since this device seems like a 'daily driver' to me, only issue with that being the battery choice and perceived delicateness due to pre-scratched screen (though it doesn't seem too delicate while using). Also just this 'phone form factor' makes one want to put it into the pocket and carry it with you.
Just a suggestion: Can we have a 'phone case' for FE and / or Version 2? Pretty please?
Would prefer without clear part, just all fabric - since that's what I last used many years ago... (can't find images)
Actually, something like this is what I'm envisioning:
In general, a few accessories such as screen protectors, cases, kind of typical 'phone stuff' would somehow make sense for these devices, in my opinion! Maybe even replaceable back covers for customization.
Again, truly appreciate this review, as someone who has been lurking on-and-off on this site for a very long time it's humbling to see a post about our product.
I'm really surprised and excited you guys are lurking around here! If you check
Hardware Wallets subforum from time to time, maybe there will be some ideas for future Foundation devices!
PS: One more question; will both devices run the same firmware? If not, will new and old device's firmwares be developed and maintained in parallel?
GitHub has no repository for the new firmware, which makes me hope they run the same one; thus reducing codebase to maintain + elongating FE update support.
You're right, it does seem like something from the Transformers movies. 
