Topic: RingWallet - Wearable Hardware Wallet - page 2. (Read 791 times)

I would really buy one as a souvenir

It's a business and their ACE is the code. ColdCard put too much work to create the code that they have right now (they also copied others to be completely honest) and then The Passport wallet was creating using the ColdCard's open-source code. It's a commercial business, so it doesn't surprise me why they are scared.

The society is not ready to flex with Bitcoin wallets. It depends on the country and neighborhood but overall, you are right, it's dangerous to wear this ring and walk outside if many people discover the existence of this ring, as it should be since the company wants to sell as many as possible.

That's how people get fooled.

One reason to avoid open source is to make claims the open code cannot complete.  Closed source is "magic" and you can promise anything.

You obviously don't know anything about licenses like you confirmed publicly, so I would be genuinely concerned purchasing any product from you.
And now all of the sudden you know how to correctly read licenses for list of wallets I posted before...

Note that most of the Common Clause licenses you mentioned don't allow selling of code, but it can still be forked and reproduced, much different than what you plan to do.
Hito is only pre-sale so it can't have code released, and Bitbox changed their github page, I can't follow all the changes and some links might be outdated, but I will update soon.
I don't know why you hate and fear forked code...it's open source, learn more about it.

cypherockx1:
https://walletscrutiny.com/hardware/cypherockx1/

bitbox02 is clearly open source:
https://walletscrutiny.com/hardware/bitBox2/
https://github.com/BitBoxSwiss

i knew that this was a great idea, where one could take their hard wallet anywhere they wanted, and it was stylish and quite compact. but what concerns me here is what happens when criminals start to get to know this product and start linking people with black rings to using this product? that would definitely be quite dangerous. and more, even though this product has a waterproof feature, it still makes me feel anxious. i know that this ringwallet is a good breakthrough innovation in terms of hard wallets, but it just doesn't suit users like me.

Thanks for the answer. I'll answer in parts.

Re Uniswap; I used it as an example so you could understand what I meant. I also don't know who they're supported by and whatnot to be honest.
Re Open source:
1. I genuinely didn't know the difference between open-source and source-available at the time. That's my mistake and I apologise for it.
2. As mentioned in my previous message, you, as well as some other people we are talking to privately have expressed opinions in regards to why go open source vs source-available so we haven't made a final decision as of right now. At the very minimum, the code will be made source-available and we are still debating whether it will be under a trully open source license or a commons clause one. I will update here after we make a final decision.

Re Satoshi & Bitcoin; I don't have such delusions of grandeur. I think ringwallet is a cool nifty product but it will never be even 0.1% of bitcoin, so not sure it's a fair comparison. With that said, I do understand where you're coming from, and just to be clear, the difference between the license we initially planed to use and a commons license is that ours was/is time-limited; meaning anyone would've been able to use the code for whatever commercial purposes they wanted to after a period of 2 years, as opposed to commons clause, which as far as I understand, is permanent.

So back to your theoretical example, if Satoshi published bitcoin under a 2-year limited license, people would've just forked bitcoin 2 years later, so not really the end of the world to be honest. Because again, we didn't want to gatekeep the code forever but rather just have a 2-year headstart. Anyway. I am genuinely considering just publishing it completely as open-source when the time of launch comes, but the launch is still a few months away and until then we are still wrapping up what is left and will be making a final decision in regards to this as well.

Lastly, regarding your list; that's an awesome list and thanks for sharing. I actually went through the list myself, and since you seem to care a lot about open-source, which I appreciate, I just want to make some mentions to you regarding the list. Just to be clear, not trying to be a dickhead, but I genuinely went through the repos, so I figured some of the things I will list below should be of interest to you.

https://github.com/proto-at-block/bitkey -> commons clause license. It's combined with MIT, but it's the same as it being source-available because it also has commons clause license.
https://github.com/Cypherock -> commons clause license. Again, combined with MIT but same as above, it's source-avaialble in reality not open-source.
https://github.com/hito-xyz -> they say open source but as you can see the github is completely empty bar from some documentation; the software you're supposed to download is completely closed-source, not even source-available. Also, apparently they've been in pre-sale mode for about 2 years now and as far as I've been able to see, not much if anything has been shipped out. There's even a thread (and apparently a telegram group) of people complaining about it. Here's the thread: https://bitcointalksearch.org/topic/hito-new-hardware-wallet-open-source-5487572
https://github.com/bithd -> literal complete copy-paste fork of trezor, not sure if it's worth including in such a list, because a lot of the people on that list have actually done real heavy work and should be praised for it. This is just ctrl+c / ctrl+v.
https://github.com/digitalbitbox -> completely empty github so not even source-available
https://github.com/bitlox -> most of it is forked from bitpay, hive and multibit. The repos which are not forked have no discernible license of any kind and have not been updated in 7-8 years at a minimum, so again, not sure it qualifies as open-source or that it deserves to be on that list.

I think that's a really cool list and just wanted to let you know about these because I figured you just didn't have the time to actually check and that's why you haven't removed them yet. Some of those guys on that list have really done an incredible amount of work and I figured they shouldn't be bundled with things like the above. Anyway, thanks for the feedback and the information, I'll give this some proper thought and we will in either case announce our decision here once it's made.

Thank you for this list; I'm going to add it to my site.

I really don't care what Uniswap is doing, especially when knowing who is behind them, how they are getting funded, and how they are doing their business.
Hardware wallet manufacturer should never be compared with uniswap exchange.

It is wrong when you are claiming to have open source code sometimes in future, but in reality this will never happen.
Be honest to yourself, to everyone else, and don't ever mention words ''open source'' in connection with RingWallet.

No problem, you can release it with any code you want, just learn what FOSS and open source really is.
Just imagine if Satoshi was scared that someone will copy and fork his project called Bitcoin...  

List of Hardware wallets with Open Source firmware who are NOT scared of someone forking their code:

• Trezor One; model T; Safe 3
• Bitbox
• Passport
• Jade
• Satochip
• Keepkey
• BitHD*
• Prokey
• OneKey Classic; Mini, Touch
• HyperMate
• Cypherock X1
• Hito (pre-sale)
• Bitlox
• Keystone3
• BitKey
• Portal
• SeedSigner DIY Wallet
• Krux DIY Wallet

IMO you will get a lot of resistance to reproducible source available vs open source. And I think you should do what works for your company.
I don't care so long as I can verify that it's good and even more with a product like this I don't think it matters.

There are 2 parts of the product the ring and the software. The issue is the physical ring can be anything even a cheap EMV card. So that means someone can come in and take your work and make a cheap ass product using your code.

For things where the software is the product (electrum) then I want open source. For products where someone can take your code and create a similar product for a low price and sell it for a lot then reproducible source available is fine for me.

I will also say that this is probably not going to be a popular opinion here, but it is mine :-)

-Dave

1.First of all, again, the only restriction is literally taking the code and using it as-is to launch a for-profit company the next day. Furthermore, it will be time-limited, so something like 2 years from each release. Literally the same as Uniswap v3 did. And to answer the question of why, sure.

I want the code to be public so people can check it themselves and people don't have to trust in us directly.
At the same time, I genuinely don't want someone to just copy-paste the entire codebase on the 2nd day after launch and then do their own. Me and the team have spent more than a year working on this just to date and we haven't even launched, yeah I want some protection from competitors. I don't find anything wrong with that. You want to copy it for-profit? Sure, you can do that too, 2 years after the release. And I genuinely find nothing wrong with that, because besides direct for-profit uses everything else will be permitted and even for-profit use will be permitted after 2 years so where's the issue with that?


2. It will be very similar to Uniswap v3 licensing https://support.uniswap.org/hc/en-us/articles/14569783029645-Uniswap-v3-Licensing / https://github.com/Uniswap/v3-core/blob/main/LICENSE

Is uni v3 not open source just because all the people copying their code for-profit had to wait until April 1st 2023 ? I don't think so, because everyone still copied it in the end, but that gave them time to work on a v4.

I do understand what you are saying in regards to common clause vs open-source and that seems fair. I will consider this further because we haven't taken a final decision in that regards but I am currently tending more towards something like common clause vs open source.

3. If Trezor supports NFC you should be able to restore it on a Trezor. You also have the option of using a seed phrase as opposed to Shamir which means you can restore it anywhere and you will also have the option to save Shamir directly as words if you don't want to use Ace Cards so for anyone who supports SLIP-0039 if you used words on paper you can restore it wherever you want.

Edit: I read some more as well and it seems you are correct, adding a restriction for commercial use cases makes the code not respect open-source rules anymore. I was genuinely not aware of this beforehand. I will give this some more thought and see if we want to go the source available vs fully open source route. My fear is exactly the one described above; i.e. someone forking it the next day and launching a competitor.

Would be honestly really great to hear some opinions of why you think open source is better vs source available.

You are doing something similar like coldcard wallet, and that is NOT Open Source.
Don't make your own restricted code and put open source sticker on it, because you are deceiving customers like this.
It's even worse that you only planning to do that sometime in future, and I really don't understand why some hardware wallet manufacturers are scared of forking and potential contribution to their code.

Again, this is NOT open source, so don't try to deceive people claiming it is.
Best case this can be source viewable license like common clause or something similar.

So short answer is No, I can't restore it currently with any other wallets in the market.
Thank you.

Hey, thanks for the message and sorry for the delay, I had been working on a few things these past few days.

So regarding blank NFC rings, yeah of course I know what you mean, but the rings you're looking at most usually come with what are called NFC Tags (https://www.nxp.com/products/wireless-connectivity/nfc-hf/ntag-for-tags-and-labels:NTAG-TAGS-AND-LABELS) which is essentially NFC chips, but very low-power / low storage type of Chips (think up to 16kB total storage maximum). We use NXP P71D321 (https://www.nxp.com/products/security-and-authentication/security-controllers/smartmx3-p71d321-secure-and-flexible-microcontroller:SMARTMX3-P71D321) which is a microcontroller with a lot of security elements and NFC functionality. It is the same chip used in bank cards, and it runs JCOP on it; JCOP is an operating system for security sensitive systems and runs on smartcards. Furthermore to put it in a ring you have to get the FPC version of it etc; anyway what I'm trying to say is the options you see on Alibaba aren't really similar to this, to give a more good comparison, the Ace Cards (where you store Shamir) have MIFARE chips, or basically one of the best chips you can get on one of these rings from Alibaba; but we only use the cards to store a seed, so those are basically just toys used to store small amount of information and/or do simple access control (like a hotel key access card).

P71 is also one of the best options out there in terms of security and performance (that small chip has up to 344kB of Flash and 12kB of RAM which I know sounds little but it's actually a lot for a chip of this type). It was also necessary for what we're doing because JCOP alone would have occupied more than the largest NTAG offers in storage (16kB), and that's not even taking security into consideration. Just to give a simple example, if someone were to try to send unauthorized instructions to the chip repeatedly, the chip automatically bricks to protect itself etc.

Anyway, let me answer the open-source questions and everything else. First of all, I want to make clear that the code will be open-source. It is not yet open-source and I'm willing to take that criticism so let me explain why. The reason is simple, I want to publish it with a similar license to Uniswap V3; i.e. if you want to use the code for commercial purpose you will have to wait 2-3 years from every release. And free to use for anything personal. So because of that I am in discussions with lawyers to well, basically, make a license for us. In the best case scenario, the code will be made open-source before we ship the first rings, in a worst worst type of scenario it will be open source within 12 months of right now (taking into account that first rings will be shipped sometime in 4 months from now give or take).

Now to answer the other questions. The Shamir implementation we will be using is SLIP-0039, which is industry-standard, open-source and developed by Satoshi Labs (mother company of Trezor) - https://github.com/satoshilabs/slips/blob/master/slip-0039.md

The difference, here, being, the seeds themselves are actually stored on the Ace Cards as opposed to on a piece of paper, so to the question "will you be able to recover it on Trezor etc" that mostly depends on if they will accept restoring from an NFC card, maybe not on day one, but eventually I think they will. The other question is if they are compatible with SLIP-0039; Trezor I know for a fact is, the others I don't know.

I hope that answers the question but I'm happy to clarify if anything is unclear

You reading my PMs now? 

Hey there RingWallet.
I heard about you on twitter few days ago, but you guys are not the first project working on Ring shape hardware wallets.
Last time I checked there are blank NFC rings that can be purchased  cheap from China, and they are not that expensive.
One thing I am looking with hardware wallets is they need to be with Open Source code, and I don't think Ring wallet is going to be open source.
Compatibility with third party wallets is also very important, I don't want to get stuck with only one working app, especially if closed sourced.
I wanted to ask about Shamir backup, can this be used to recover with other hardware wallets that support Shamir like Trezor, Keystone, etc?

PS
Vod you might want to take it easy with your extreme paranoia on members who just registered in forum, they didn't ask for your money.
I am always suspicious with any new projects but you have gone way to far this time. 

Hey, yeah, that was a really good catch. The non-oxides component does contain silicon nitride, but I don't think it's only composed of that, even besides the oxides part of it, I believe it's a mix of multiple oxides and non-oxides.

---

It's definitely good feedback and honestly not something we had considered a lot. For now I believe a good intermeidary solution would be offering an option where you can manually lock the ring from the app for a period of time. I will consider perhaps having 2 version, but realistically, from an operational & stock perspective I'm not sure that is viable for a first version.

Perhaps 2 versions?
1 with an better antenna for the people who leave their tap to pay credit cards in their pocket.
And a version for people like me who have their tap to pay credit card in a RF blocking sleeve in an RF blocking wallet in a RF blocking pocket.

-Dave

I'm intrigued. Having worked in the specialty ceramics industry for decades I have to ask: Is the ring silicon nitride? With the black color and high gloss edges it looks like it.

Ok, that makes more sense. I'm not sure that's very good design though if you plan on using it daily / multiple times a day if you always have to take it off. I had figured it's more of a "lock your ring" type of thing which would've made a bit more sense in my opinion.

---

Hey, so let me answer this in two parts since it might be easier:

1. The case you are describing can only happen if when creating your wallet you choose to back it up with a seed phrase. This, however, is literally how a seed phrase works, it's the same case for your trezor, ledger or any other seed phrase based wallet out there. Also, the seed phrase is a physically written set of words, I don't really understand how a hacker would get a hold of this unless the "hacker" is your family/friends who got into your house, knew where your seed phrase was and then stole it?
2. But most importantly, when you setup your ringwallet initially, you get a choice about how you want to setup your wallet. Sure, you can choose the seed phrase as above, but you have the option to setup your wallet backed by Ace Cards in which case everything you've described cannot happen, because if you back it up with the Ace cards you would indeed have to restore it only through the app on another ring. Perhaps in the future we may try to add the ability of restoring Ace Cards into other places as well, but for now if your ring is set up with this backup method you can only restore it on a new ring through the app, so in this case the hacker or thief or whatever would have to find and steal multiple ace cards to even have a chance of restoring your wallet.

Anyone who would be buying the "ring wallet" will be buying with the intention that it is a hardware wallet. So if the wallet can be accessed with only seed phrases too, without the need of the ring wallet then why spend so much money on the hardware? One can use the desktop wallet like Electrum and it is free too 

Let's suppose someone get hold of the seed phrases, so it does not matter we are having the ring wallet (the hardware device) with us, the hacker can import that seed phrase in any software wallet and get our funds. This just denies the purpose of the ring wallet, except for those who want to try new technologies. Don't you think it is a big security concern that the funds in the wallet can be access without the hardware device too ?

It's just antenna placement and shielding for the NFC. If you get it *just* right you can get it to scan while on your finger. But there is no way you can do it easily. Not so much tech as design.

-Dave

Bitcointalk only allows you to send 2 DMs a day as a newbie and I had already answered to someone previously, so yeah. That's on the forum, not me. I don't really know why it works like that, probably to make you buy the membership I guess? Anyway, I bought a copper membership and replied to your messages.

Edit: that's fine, I understand and will continue to provide anything necessary. who knows, maybe in a few months from now you'll become a supporter after all of our messages so I'm okay with it.