Topic: RingWallet - Wearable Hardware Wallet - page 3. (Read 1225 times)

Thank you for this list; I'm going to add it to my site.

I really don't care what Uniswap is doing, especially when knowing who is behind them, how they are getting funded, and how they are doing their business.
Hardware wallet manufacturer should never be compared with uniswap exchange.

It is wrong when you are claiming to have open source code sometimes in future, but in reality this will never happen.
Be honest to yourself, to everyone else, and don't ever mention words ''open source'' in connection with RingWallet.

No problem, you can release it with any code you want, just learn what FOSS and open source really is.
Just imagine if Satoshi was scared that someone will copy and fork his project called Bitcoin...  

List of Hardware wallets with Open Source firmware who are NOT scared of someone forking their code:

• Trezor One; model T; Safe 3
• Bitbox
• Passport
• Jade
• Satochip
• Keepkey
• BitHD*
• Prokey
• OneKey Classic; Mini, Touch
• HyperMate
• Cypherock X1
• Hito (pre-sale)
• Bitlox
• Keystone3
• BitKey
• Portal
• SeedSigner DIY Wallet
• Krux DIY Wallet

IMO you will get a lot of resistance to reproducible source available vs open source. And I think you should do what works for your company.
I don't care so long as I can verify that it's good and even more with a product like this I don't think it matters.

There are 2 parts of the product the ring and the software. The issue is the physical ring can be anything even a cheap EMV card. So that means someone can come in and take your work and make a cheap ass product using your code.

For things where the software is the product (electrum) then I want open source. For products where someone can take your code and create a similar product for a low price and sell it for a lot then reproducible source available is fine for me.

I will also say that this is probably not going to be a popular opinion here, but it is mine :-)

-Dave

1.First of all, again, the only restriction is literally taking the code and using it as-is to launch a for-profit company the next day. Furthermore, it will be time-limited, so something like 2 years from each release. Literally the same as Uniswap v3 did. And to answer the question of why, sure.

I want the code to be public so people can check it themselves and people don't have to trust in us directly.
At the same time, I genuinely don't want someone to just copy-paste the entire codebase on the 2nd day after launch and then do their own. Me and the team have spent more than a year working on this just to date and we haven't even launched, yeah I want some protection from competitors. I don't find anything wrong with that. You want to copy it for-profit? Sure, you can do that too, 2 years after the release. And I genuinely find nothing wrong with that, because besides direct for-profit uses everything else will be permitted and even for-profit use will be permitted after 2 years so where's the issue with that?


2. It will be very similar to Uniswap v3 licensing https://support.uniswap.org/hc/en-us/articles/14569783029645-Uniswap-v3-Licensing / https://github.com/Uniswap/v3-core/blob/main/LICENSE

Is uni v3 not open source just because all the people copying their code for-profit had to wait until April 1st 2023 ? I don't think so, because everyone still copied it in the end, but that gave them time to work on a v4.

I do understand what you are saying in regards to common clause vs open-source and that seems fair. I will consider this further because we haven't taken a final decision in that regards but I am currently tending more towards something like common clause vs open source.

3. If Trezor supports NFC you should be able to restore it on a Trezor. You also have the option of using a seed phrase as opposed to Shamir which means you can restore it anywhere and you will also have the option to save Shamir directly as words if you don't want to use Ace Cards so for anyone who supports SLIP-0039 if you used words on paper you can restore it wherever you want.

Edit: I read some more as well and it seems you are correct, adding a restriction for commercial use cases makes the code not respect open-source rules anymore. I was genuinely not aware of this beforehand. I will give this some more thought and see if we want to go the source available vs fully open source route. My fear is exactly the one described above; i.e. someone forking it the next day and launching a competitor.

Would be honestly really great to hear some opinions of why you think open source is better vs source available.

You are doing something similar like coldcard wallet, and that is NOT Open Source.
Don't make your own restricted code and put open source sticker on it, because you are deceiving customers like this.
It's even worse that you only planning to do that sometime in future, and I really don't understand why some hardware wallet manufacturers are scared of forking and potential contribution to their code.

Again, this is NOT open source, so don't try to deceive people claiming it is.
Best case this can be source viewable license like common clause or something similar.

So short answer is No, I can't restore it currently with any other wallets in the market.
Thank you.

Hey, thanks for the message and sorry for the delay, I had been working on a few things these past few days.

So regarding blank NFC rings, yeah of course I know what you mean, but the rings you're looking at most usually come with what are called NFC Tags (https://www.nxp.com/products/wireless-connectivity/nfc-hf/ntag-for-tags-and-labels:NTAG-TAGS-AND-LABELS) which is essentially NFC chips, but very low-power / low storage type of Chips (think up to 16kB total storage maximum). We use NXP P71D321 (https://www.nxp.com/products/security-and-authentication/security-controllers/smartmx3-p71d321-secure-and-flexible-microcontroller:SMARTMX3-P71D321) which is a microcontroller with a lot of security elements and NFC functionality. It is the same chip used in bank cards, and it runs JCOP on it; JCOP is an operating system for security sensitive systems and runs on smartcards. Furthermore to put it in a ring you have to get the FPC version of it etc; anyway what I'm trying to say is the options you see on Alibaba aren't really similar to this, to give a more good comparison, the Ace Cards (where you store Shamir) have MIFARE chips, or basically one of the best chips you can get on one of these rings from Alibaba; but we only use the cards to store a seed, so those are basically just toys used to store small amount of information and/or do simple access control (like a hotel key access card).

P71 is also one of the best options out there in terms of security and performance (that small chip has up to 344kB of Flash and 12kB of RAM which I know sounds little but it's actually a lot for a chip of this type). It was also necessary for what we're doing because JCOP alone would have occupied more than the largest NTAG offers in storage (16kB), and that's not even taking security into consideration. Just to give a simple example, if someone were to try to send unauthorized instructions to the chip repeatedly, the chip automatically bricks to protect itself etc.

Anyway, let me answer the open-source questions and everything else. First of all, I want to make clear that the code will be open-source. It is not yet open-source and I'm willing to take that criticism so let me explain why. The reason is simple, I want to publish it with a similar license to Uniswap V3; i.e. if you want to use the code for commercial purpose you will have to wait 2-3 years from every release. And free to use for anything personal. So because of that I am in discussions with lawyers to well, basically, make a license for us. In the best case scenario, the code will be made open-source before we ship the first rings, in a worst worst type of scenario it will be open source within 12 months of right now (taking into account that first rings will be shipped sometime in 4 months from now give or take).

Now to answer the other questions. The Shamir implementation we will be using is SLIP-0039, which is industry-standard, open-source and developed by Satoshi Labs (mother company of Trezor) - https://github.com/satoshilabs/slips/blob/master/slip-0039.md

The difference, here, being, the seeds themselves are actually stored on the Ace Cards as opposed to on a piece of paper, so to the question "will you be able to recover it on Trezor etc" that mostly depends on if they will accept restoring from an NFC card, maybe not on day one, but eventually I think they will. The other question is if they are compatible with SLIP-0039; Trezor I know for a fact is, the others I don't know.

I hope that answers the question but I'm happy to clarify if anything is unclear

You reading my PMs now? 

Hey there RingWallet.
I heard about you on twitter few days ago, but you guys are not the first project working on Ring shape hardware wallets.
Last time I checked there are blank NFC rings that can be purchased  cheap from China, and they are not that expensive.
One thing I am looking with hardware wallets is they need to be with Open Source code, and I don't think Ring wallet is going to be open source.
Compatibility with third party wallets is also very important, I don't want to get stuck with only one working app, especially if closed sourced.
I wanted to ask about Shamir backup, can this be used to recover with other hardware wallets that support Shamir like Trezor, Keystone, etc?

PS
Vod you might want to take it easy with your extreme paranoia on members who just registered in forum, they didn't ask for your money.
I am always suspicious with any new projects but you have gone way to far this time. 

Hey, yeah, that was a really good catch. The non-oxides component does contain silicon nitride, but I don't think it's only composed of that, even besides the oxides part of it, I believe it's a mix of multiple oxides and non-oxides.

---

It's definitely good feedback and honestly not something we had considered a lot. For now I believe a good intermeidary solution would be offering an option where you can manually lock the ring from the app for a period of time. I will consider perhaps having 2 version, but realistically, from an operational & stock perspective I'm not sure that is viable for a first version.

Perhaps 2 versions?
1 with an better antenna for the people who leave their tap to pay credit cards in their pocket.
And a version for people like me who have their tap to pay credit card in a RF blocking sleeve in an RF blocking wallet in a RF blocking pocket.

-Dave

I'm intrigued. Having worked in the specialty ceramics industry for decades I have to ask: Is the ring silicon nitride? With the black color and high gloss edges it looks like it.

Ok, that makes more sense. I'm not sure that's very good design though if you plan on using it daily / multiple times a day if you always have to take it off. I had figured it's more of a "lock your ring" type of thing which would've made a bit more sense in my opinion.

---

Hey, so let me answer this in two parts since it might be easier:

1. The case you are describing can only happen if when creating your wallet you choose to back it up with a seed phrase. This, however, is literally how a seed phrase works, it's the same case for your trezor, ledger or any other seed phrase based wallet out there. Also, the seed phrase is a physically written set of words, I don't really understand how a hacker would get a hold of this unless the "hacker" is your family/friends who got into your house, knew where your seed phrase was and then stole it?
2. But most importantly, when you setup your ringwallet initially, you get a choice about how you want to setup your wallet. Sure, you can choose the seed phrase as above, but you have the option to setup your wallet backed by Ace Cards in which case everything you've described cannot happen, because if you back it up with the Ace cards you would indeed have to restore it only through the app on another ring. Perhaps in the future we may try to add the ability of restoring Ace Cards into other places as well, but for now if your ring is set up with this backup method you can only restore it on a new ring through the app, so in this case the hacker or thief or whatever would have to find and steal multiple ace cards to even have a chance of restoring your wallet.

Anyone who would be buying the "ring wallet" will be buying with the intention that it is a hardware wallet. So if the wallet can be accessed with only seed phrases too, without the need of the ring wallet then why spend so much money on the hardware? One can use the desktop wallet like Electrum and it is free too 

Let's suppose someone get hold of the seed phrases, so it does not matter we are having the ring wallet (the hardware device) with us, the hacker can import that seed phrase in any software wallet and get our funds. This just denies the purpose of the ring wallet, except for those who want to try new technologies. Don't you think it is a big security concern that the funds in the wallet can be access without the hardware device too ?

It's just antenna placement and shielding for the NFC. If you get it *just* right you can get it to scan while on your finger. But there is no way you can do it easily. Not so much tech as design.

-Dave

Bitcointalk only allows you to send 2 DMs a day as a newbie and I had already answered to someone previously, so yeah. That's on the forum, not me. I don't really know why it works like that, probably to make you buy the membership I guess? Anyway, I bought a copper membership and replied to your messages.

Edit: that's fine, I understand and will continue to provide anything necessary. who knows, maybe in a few months from now you'll become a supporter after all of our messages so I'm okay with it.

Why do you have to pay a fee if you are replying to my PM?  

I hope you can verify yourself or your product quickly.   You will learn the reason I am the longest running member on default trust is that I am honest.   If I write something that I later find out is not true, I do not write it again - to do so could open myself to civil liability and with bitcoin prices as high as they are now, the punitive damages could be in the hundreds of millions.  

In your case I will also give you a glowing review on Trustpilot for fighting my paranoia.      But, much like the Israelis' using a $10,000,000 missile to shoot down a $10,000 drone, I wasted a lot of time on this.   I hope it can be resolved with more than claims.

Edit:  After some brief PMs I will be waiting to see proof of the product.

I read it, but I will reply in a few minutes because need to buy a copper membership to be able to reply. I already paid for it just waiting for it to process and will answer.

My trust will not make or break this revolutionary product.  It will be removed when you can prove it exists.  

Edit:  Sent you a PM.

What do you mean he said he was going to assure you and then ignored you? I literally answered everything you asked and provided you the company details as you requested; how were you ignored? Is it because I answered instead of Christian; how does that even matter? I specifically offered, to provide anything necessary to prove we're legit, including inviting you or somebody you send to our physical office, do a video call etc.

You asked for answers to the questions in the thread (all sent)
You asked for company details (already sent; if you're going to mention US entity, again, it's the exact same thing and as mentioned in my first post, before you even asked, it's not yet out, when it is I'll share those too)
And finally you said we should provide partners instead of a waitlist, but we launched less than 30 days ago so naturally we don't have some big name partners to publish yet, even though we are having discussions with some companies who could be a good fit.


In regards to "why I keep using the mailing list a a defense"

First of all, you accused us of potentially scamming people of their money, and I specifically mentioned there is literally no way for anyone to send us any kind of money. So this was in response to that.

Second of all, you are free to sign up to the mailing list with a temp mail. It's a newsletter man. What did you think it is? Because you're asking me if it's harder to scam someone after they're on the mailing list but I genuinely don't get it. We came here to get feedback and the best a user could do right now to interact with the company is just sign up for the newsletter / waitlist; we've currently only sent a welcome email and that's it.

My only problem with this entire rhetoric is twofold:
1. You accuse of potentially scamming people but there's literally no way for anyone to pay us in any form.
2. You keep changing the goalposts.

You said answer the questions -> they were answered. Then you said provide me company details -> we did. Then you said now provide me US details (when I specifically mentioned it's not out yet). Then you said we are trying to steal money -> there's no way for people to send any money. Now you're saying it's easier to scam people with the waitlist/newsletter; but what would we be even scamming them with? Also, again, you can just sign up to it with a free temp-mail online, in case we actually do send anything that can be considered a scam you can screenshot it and prove this, no? I literally have no problem with skepticism, I'm just upset because you keep accusing of things even though we repeatedly tried to offer you the different things you asked for.

You then said we lied; and even said so in the trustpilot review. When I asked you how we lied, you now said you "feel" you were lied to because the OP said he would assure you and then ignored you, but that's objectively not true, I've been answering your questions non-stop. What, is it just because I'm answering the questions instead of Christian? Because that makes no sense.

So look, just listen to me for a second. We're open to criticism and feedback, that's what we came here for in the first place. I genuinely wish to get true customer insight and understand what we can do better. I'm open to providing details, information or whatever else is necessary to prove we're just trying to build something. Sure, we're not some big corporation, but I don't think that's a crime; what, is building startups exclusive to rich people? I don't think so.

Literally all that I'm asking you is to just stop throwing accusations. If you want to know something, just tell me what, and I will do my best to answer. But I don't see the point of continuing to insinuate we're scammers at every point when I've genuinely done my best to answer all your concerns to date.


Edit: I'll resume my point.

First, I don't think you were lied to, and if you feel that way please explain to me why so I can do something about it.
Second, I will provide the US entity details as soon as they are out. Until then, at least try to assume we're just normal people, because we're not going to be selling anything before then either way. I can assure you of that.
Third, if you feel that there's other information I can provide you in the meantime to prove we're genuinely just trying to build something, then please let me know, and I'll do my best to provide it.

I feel I was lied to.  The OP said he was going to assure me, and when I asked for it, he ignored me.  I have an issue with people who do that.

Do you think it's harder to scam someone once they are on a mailing list?  Why do you keep using that as a defense?


That would be the mature thing to do.