Topic: RingWallet - Wearable Hardware Wallet - page 2. (Read 905 times)

Do I have your permission to post our PMs?   You wrote different things there than you are here.

Hey Vod, the US company should be out next week and I will share it.

As for the other things you mentioned; it's not in design phase, we're currently in production phase. As for funding; yes we are looking to raise VC funds but I don't see anything wrong with that. First of all, with the exception of Trezor most hardware wallet go and raise funding rounds because to be able to run a hardware business you need to be able to manufacture large amounts or price becomes very prohibitive on a per item cost; and making even 20,000 devices is more than $1M so that's the main reason. Beyond that we want to be able to get some proper licenses since the end goal is to allow people to use the ring at a POS which is dependent on that. Second of all, we're not raising money from random people on the internet but from professional investment funds that do due diligence so again I don't really see anything wrong with that.

Anyway, I will share the US company details when it's done.

1. I did some more reading on licenses after our discussion.
2. You gave them as examples, and you seemed to care a lot about open-source so I was curious to see what these guys were doing. When I noticed some of them aren't really that, I figured you'd like to know, genuinely have no idea why you're trying to misconstrue what I said.
3. Common clause license isn't different to what I was saying at all, I even used the specific term in one of my posts. You can go and read my previous posts; I specifically people would be able to see/copy the code for whatever non-commercial purpose they want, the only restriction was not using it commercially for a period of 2 years. Whereas common clause restricts you from using it commercially in a perpetual manner. So not sure why you're against it when I said it but for it when you say it. (By definiton, common clause license is a source-available license and not an open-source license).

Hito has been in presale for 2 years so being open-source is just a claim at this point. But regardless, I'm not even sure why you got so upset about me checking the list. I was genuinely trying to help and you somehow took it as a personal attack.

Agreed!  I am not against open source.   The OP could release a proprietary product with private code, and offer some really cool features to go with it.   But that requires trust that needs to be built up over time.


I called this product vapourware for this exact reason.   Product is still in design phase and they/you are looking for development funding.  


P.S!!

I have a bunch of souvenir-devices collecting dust in old boxes...
Open source alternative ring hardware wallet is around the corner so stay tuned

I can argue that Passport made a much better hardware wallet and their code was totally rewritten in different language.
But I have nothing against people who still prefer coldcard that comes as a package deal with ego-maniac NKV, and list obsolete junk unusable unsafe coldcard devices is getting bigger every day... just sayin.

I would really buy one as a souvenir

It's a business and their ACE is the code. ColdCard put too much work to create the code that they have right now (they also copied others to be completely honest) and then The Passport wallet was creating using the ColdCard's open-source code. It's a commercial business, so it doesn't surprise me why they are scared.

The society is not ready to flex with Bitcoin wallets. It depends on the country and neighborhood but overall, you are right, it's dangerous to wear this ring and walk outside if many people discover the existence of this ring, as it should be since the company wants to sell as many as possible.

That's how people get fooled.

One reason to avoid open source is to make claims the open code cannot complete.  Closed source is "magic" and you can promise anything.

You obviously don't know anything about licenses like you confirmed publicly, so I would be genuinely concerned purchasing any product from you.
And now all of the sudden you know how to correctly read licenses for list of wallets I posted before...

Note that most of the Common Clause licenses you mentioned don't allow selling of code, but it can still be forked and reproduced, much different than what you plan to do.
Hito is only pre-sale so it can't have code released, and Bitbox changed their github page, I can't follow all the changes and some links might be outdated, but I will update soon.
I don't know why you hate and fear forked code...it's open source, learn more about it.

cypherockx1:
https://walletscrutiny.com/hardware/cypherockx1/

bitbox02 is clearly open source:
https://walletscrutiny.com/hardware/bitBox2/
https://github.com/BitBoxSwiss

i knew that this was a great idea, where one could take their hard wallet anywhere they wanted, and it was stylish and quite compact. but what concerns me here is what happens when criminals start to get to know this product and start linking people with black rings to using this product? that would definitely be quite dangerous. and more, even though this product has a waterproof feature, it still makes me feel anxious. i know that this ringwallet is a good breakthrough innovation in terms of hard wallets, but it just doesn't suit users like me.

Thanks for the answer. I'll answer in parts.

Re Uniswap; I used it as an example so you could understand what I meant. I also don't know who they're supported by and whatnot to be honest.
Re Open source:
1. I genuinely didn't know the difference between open-source and source-available at the time. That's my mistake and I apologise for it.
2. As mentioned in my previous message, you, as well as some other people we are talking to privately have expressed opinions in regards to why go open source vs source-available so we haven't made a final decision as of right now. At the very minimum, the code will be made source-available and we are still debating whether it will be under a trully open source license or a commons clause one. I will update here after we make a final decision.

Re Satoshi & Bitcoin; I don't have such delusions of grandeur. I think ringwallet is a cool nifty product but it will never be even 0.1% of bitcoin, so not sure it's a fair comparison. With that said, I do understand where you're coming from, and just to be clear, the difference between the license we initially planed to use and a commons license is that ours was/is time-limited; meaning anyone would've been able to use the code for whatever commercial purposes they wanted to after a period of 2 years, as opposed to commons clause, which as far as I understand, is permanent.

So back to your theoretical example, if Satoshi published bitcoin under a 2-year limited license, people would've just forked bitcoin 2 years later, so not really the end of the world to be honest. Because again, we didn't want to gatekeep the code forever but rather just have a 2-year headstart. Anyway. I am genuinely considering just publishing it completely as open-source when the time of launch comes, but the launch is still a few months away and until then we are still wrapping up what is left and will be making a final decision in regards to this as well.

Lastly, regarding your list; that's an awesome list and thanks for sharing. I actually went through the list myself, and since you seem to care a lot about open-source, which I appreciate, I just want to make some mentions to you regarding the list. Just to be clear, not trying to be a dickhead, but I genuinely went through the repos, so I figured some of the things I will list below should be of interest to you.

https://github.com/proto-at-block/bitkey -> commons clause license. It's combined with MIT, but it's the same as it being source-available because it also has commons clause license.
https://github.com/Cypherock -> commons clause license. Again, combined with MIT but same as above, it's source-avaialble in reality not open-source.
https://github.com/hito-xyz -> they say open source but as you can see the github is completely empty bar from some documentation; the software you're supposed to download is completely closed-source, not even source-available. Also, apparently they've been in pre-sale mode for about 2 years now and as far as I've been able to see, not much if anything has been shipped out. There's even a thread (and apparently a telegram group) of people complaining about it. Here's the thread: https://bitcointalksearch.org/topic/hito-new-hardware-wallet-open-source-5487572
https://github.com/bithd -> literal complete copy-paste fork of trezor, not sure if it's worth including in such a list, because a lot of the people on that list have actually done real heavy work and should be praised for it. This is just ctrl+c / ctrl+v.
https://github.com/digitalbitbox -> completely empty github so not even source-available
https://github.com/bitlox -> most of it is forked from bitpay, hive and multibit. The repos which are not forked have no discernible license of any kind and have not been updated in 7-8 years at a minimum, so again, not sure it qualifies as open-source or that it deserves to be on that list.

I think that's a really cool list and just wanted to let you know about these because I figured you just didn't have the time to actually check and that's why you haven't removed them yet. Some of those guys on that list have really done an incredible amount of work and I figured they shouldn't be bundled with things like the above. Anyway, thanks for the feedback and the information, I'll give this some proper thought and we will in either case announce our decision here once it's made.

Thank you for this list; I'm going to add it to my site.

I really don't care what Uniswap is doing, especially when knowing who is behind them, how they are getting funded, and how they are doing their business.
Hardware wallet manufacturer should never be compared with uniswap exchange.

It is wrong when you are claiming to have open source code sometimes in future, but in reality this will never happen.
Be honest to yourself, to everyone else, and don't ever mention words ''open source'' in connection with RingWallet.

No problem, you can release it with any code you want, just learn what FOSS and open source really is.
Just imagine if Satoshi was scared that someone will copy and fork his project called Bitcoin...  

List of Hardware wallets with Open Source firmware who are NOT scared of someone forking their code:

• Trezor One; model T; Safe 3
• Bitbox
• Passport
• Jade
• Satochip
• Keepkey
• BitHD*
• Prokey
• OneKey Classic; Mini, Touch
• HyperMate
• Cypherock X1
• Hito (pre-sale)
• Bitlox
• Keystone3
• BitKey
• Portal
• SeedSigner DIY Wallet
• Krux DIY Wallet

IMO you will get a lot of resistance to reproducible source available vs open source. And I think you should do what works for your company.
I don't care so long as I can verify that it's good and even more with a product like this I don't think it matters.

There are 2 parts of the product the ring and the software. The issue is the physical ring can be anything even a cheap EMV card. So that means someone can come in and take your work and make a cheap ass product using your code.

For things where the software is the product (electrum) then I want open source. For products where someone can take your code and create a similar product for a low price and sell it for a lot then reproducible source available is fine for me.

I will also say that this is probably not going to be a popular opinion here, but it is mine :-)

-Dave

1.First of all, again, the only restriction is literally taking the code and using it as-is to launch a for-profit company the next day. Furthermore, it will be time-limited, so something like 2 years from each release. Literally the same as Uniswap v3 did. And to answer the question of why, sure.

I want the code to be public so people can check it themselves and people don't have to trust in us directly.
At the same time, I genuinely don't want someone to just copy-paste the entire codebase on the 2nd day after launch and then do their own. Me and the team have spent more than a year working on this just to date and we haven't even launched, yeah I want some protection from competitors. I don't find anything wrong with that. You want to copy it for-profit? Sure, you can do that too, 2 years after the release. And I genuinely find nothing wrong with that, because besides direct for-profit uses everything else will be permitted and even for-profit use will be permitted after 2 years so where's the issue with that?


2. It will be very similar to Uniswap v3 licensing https://support.uniswap.org/hc/en-us/articles/14569783029645-Uniswap-v3-Licensing / https://github.com/Uniswap/v3-core/blob/main/LICENSE

Is uni v3 not open source just because all the people copying their code for-profit had to wait until April 1st 2023 ? I don't think so, because everyone still copied it in the end, but that gave them time to work on a v4.

I do understand what you are saying in regards to common clause vs open-source and that seems fair. I will consider this further because we haven't taken a final decision in that regards but I am currently tending more towards something like common clause vs open source.

3. If Trezor supports NFC you should be able to restore it on a Trezor. You also have the option of using a seed phrase as opposed to Shamir which means you can restore it anywhere and you will also have the option to save Shamir directly as words if you don't want to use Ace Cards so for anyone who supports SLIP-0039 if you used words on paper you can restore it wherever you want.

Edit: I read some more as well and it seems you are correct, adding a restriction for commercial use cases makes the code not respect open-source rules anymore. I was genuinely not aware of this beforehand. I will give this some more thought and see if we want to go the source available vs fully open source route. My fear is exactly the one described above; i.e. someone forking it the next day and launching a competitor.

Would be honestly really great to hear some opinions of why you think open source is better vs source available.

You are doing something similar like coldcard wallet, and that is NOT Open Source.
Don't make your own restricted code and put open source sticker on it, because you are deceiving customers like this.
It's even worse that you only planning to do that sometime in future, and I really don't understand why some hardware wallet manufacturers are scared of forking and potential contribution to their code.

Again, this is NOT open source, so don't try to deceive people claiming it is.
Best case this can be source viewable license like common clause or something similar.

So short answer is No, I can't restore it currently with any other wallets in the market.
Thank you.

Hey, thanks for the message and sorry for the delay, I had been working on a few things these past few days.

So regarding blank NFC rings, yeah of course I know what you mean, but the rings you're looking at most usually come with what are called NFC Tags (https://www.nxp.com/products/wireless-connectivity/nfc-hf/ntag-for-tags-and-labels:NTAG-TAGS-AND-LABELS) which is essentially NFC chips, but very low-power / low storage type of Chips (think up to 16kB total storage maximum). We use NXP P71D321 (https://www.nxp.com/products/security-and-authentication/security-controllers/smartmx3-p71d321-secure-and-flexible-microcontroller:SMARTMX3-P71D321) which is a microcontroller with a lot of security elements and NFC functionality. It is the same chip used in bank cards, and it runs JCOP on it; JCOP is an operating system for security sensitive systems and runs on smartcards. Furthermore to put it in a ring you have to get the FPC version of it etc; anyway what I'm trying to say is the options you see on Alibaba aren't really similar to this, to give a more good comparison, the Ace Cards (where you store Shamir) have MIFARE chips, or basically one of the best chips you can get on one of these rings from Alibaba; but we only use the cards to store a seed, so those are basically just toys used to store small amount of information and/or do simple access control (like a hotel key access card).

P71 is also one of the best options out there in terms of security and performance (that small chip has up to 344kB of Flash and 12kB of RAM which I know sounds little but it's actually a lot for a chip of this type). It was also necessary for what we're doing because JCOP alone would have occupied more than the largest NTAG offers in storage (16kB), and that's not even taking security into consideration. Just to give a simple example, if someone were to try to send unauthorized instructions to the chip repeatedly, the chip automatically bricks to protect itself etc.

Anyway, let me answer the open-source questions and everything else. First of all, I want to make clear that the code will be open-source. It is not yet open-source and I'm willing to take that criticism so let me explain why. The reason is simple, I want to publish it with a similar license to Uniswap V3; i.e. if you want to use the code for commercial purpose you will have to wait 2-3 years from every release. And free to use for anything personal. So because of that I am in discussions with lawyers to well, basically, make a license for us. In the best case scenario, the code will be made open-source before we ship the first rings, in a worst worst type of scenario it will be open source within 12 months of right now (taking into account that first rings will be shipped sometime in 4 months from now give or take).

Now to answer the other questions. The Shamir implementation we will be using is SLIP-0039, which is industry-standard, open-source and developed by Satoshi Labs (mother company of Trezor) - https://github.com/satoshilabs/slips/blob/master/slip-0039.md

The difference, here, being, the seeds themselves are actually stored on the Ace Cards as opposed to on a piece of paper, so to the question "will you be able to recover it on Trezor etc" that mostly depends on if they will accept restoring from an NFC card, maybe not on day one, but eventually I think they will. The other question is if they are compatible with SLIP-0039; Trezor I know for a fact is, the others I don't know.

I hope that answers the question but I'm happy to clarify if anything is unclear

You reading my PMs now? 

Hey there RingWallet.
I heard about you on twitter few days ago, but you guys are not the first project working on Ring shape hardware wallets.
Last time I checked there are blank NFC rings that can be purchased  cheap from China, and they are not that expensive.
One thing I am looking with hardware wallets is they need to be with Open Source code, and I don't think Ring wallet is going to be open source.
Compatibility with third party wallets is also very important, I don't want to get stuck with only one working app, especially if closed sourced.
I wanted to ask about Shamir backup, can this be used to recover with other hardware wallets that support Shamir like Trezor, Keystone, etc?

PS
Vod you might want to take it easy with your extreme paranoia on members who just registered in forum, they didn't ask for your money.
I am always suspicious with any new projects but you have gone way to far this time. 

Hey, yeah, that was a really good catch. The non-oxides component does contain silicon nitride, but I don't think it's only composed of that, even besides the oxides part of it, I believe it's a mix of multiple oxides and non-oxides.

---

It's definitely good feedback and honestly not something we had considered a lot. For now I believe a good intermeidary solution would be offering an option where you can manually lock the ring from the app for a period of time. I will consider perhaps having 2 version, but realistically, from an operational & stock perspective I'm not sure that is viable for a first version.

Perhaps 2 versions?
1 with an better antenna for the people who leave their tap to pay credit cards in their pocket.
And a version for people like me who have their tap to pay credit card in a RF blocking sleeve in an RF blocking wallet in a RF blocking pocket.

-Dave