Topic: Square is considering making a hardware wallet for Bitcoin - page 10. (Read 3812 times)

I had no idea what that was until I just looked it up about 60 seconds ago.

But again, I don't see how Block's set up is going to be any easier here. If all my coins are in their multi-sig wallet and I die, then best case scenario my family member can access my phone, knows my unlock code/password/PIN (or can access a written back up), knows my app unlock code/password/PIN (or can access a written back up), can access my hardware device, knows my unlock PIN (or can access a written back up), and can send all the coins out to a different wallet. If they can't physically or digitally access my phone, then it is unclear how they would recover my coins, but would likely involve them sending proof of my death to Block so they can co-sign a transaction. If they can't physically or digitally access my hardware device, or I have used a fingerprint instead of a PIN, then again, it is not clear how they can recover my coins. If they can't access both phone or hardware device, then coins are presumably lost forever.

Compare all this with my family member simply accessing my seed phrase back up and entering in to a wallet of their choice. Not to mention all the security and privacy drawbacks from using Block. I just don't buy the argument they are pushing that their set up is somehow simpler or easier to use.

It would be transactions above the limit, not below it, which are signed with phone + hardware as opposed to phone + server. But given that Block are offering recovery services if you lose either phone or hardware device, then it means they must be storing all three xpubs and therefore your privacy is zero.

Funny thing that Elon Musk is trying so hard to take over Twitter now and maybe we are going to see him making his own wallet version soon, it's ego thing you know.
Maybe we are going to see device war soon, Jack vs Elon, finish him 

Well I don't really care so much what other people are saying, it's just a noise like wind blowing.
I am not going to hide any bad sides or things I don't like for any device I test or write review, and even if they offer me money I will reveal that information.
In the end, people can decide for themselves if they are going to trust me or not.

Okay, I finished it now. NVK does question Block on the technical level which is great; e.g. if they have access to the xpub and notes that if they do, there is no privacy since Block knows every single transaction. Lindsey says they're still working on the implementation and has no direct response to his question. I am highly suspicious that transactions below the 'limit' which don't require interaction with the server, actually are oblivious to Block. I also don't believe that the hardware device is already finished and the basic architecture of the whole system (do they have your xpub or not) isn't...

What's interesting from Lindsey too is that I sense they want to implement the app in a way that reminds me of Muun. 'Customers don't want to think about if this is a QR code for Lightning or a QR code for on-chain'. So it seems it will use a combination of both, maybe also depending on what's cheaper at the time. I honestly don't fully understand how Muun works, but my understanding is that it does something similar, somehow using on-chain or LN depending on mempool, transaction size and such parameters.

There were a couple of parts where she talked about: "What if you die? How do you pass it on to your family?" + they "absolutely have inheritance in mind"...
^{- This may sound like I'm defending their product design, but the issue with the latter part is if one of my family members, somehow manages to get their hands on my seed phrases, there's still no "easy" way for them to use it and I can easily think of various ways that they could lose it.}

I have mixed feelings about it ^{[they look nice, but I think it can easily slip through our fingers]}!

Unfortunately, that's exactly what it is. There will be no mass adoption without the convenience and ease of use of BTC. Square is only trying to give what is the social demand of society. Yes, this is a different, traditional community, using banks, bank accounts, credit cards and so on. This is a completely different society, radically different from crypto community. But with the most important feature for Square - this society is larger, which means it will bring the company a huge number of users, and therefore profit. Both sides win in this scheme: users get what they want (simplicity and ease of use of the device, convenient support and the illusion of a guarantee of the safety of funds), and the company gets clients, money and control of users' finances.

I am not the first day on this forum, so I don’t like this concept at all, but unfortunately, I see that the world will move in this direction: everyone (service and product providers) will adapt to the mass user, who is lazy, stupid and not ready to take responsibility for their finances. And it will set global trends.

It turns out a kind of paradox: crypto community is waiting for BTC mass adoption, but it is precisely the masses that will destroy all ideas and values bitcoin.

Because most people have gotten used to others fixing and doing things for them that they don't want it to change. There is an issue with your credit card, call your bank, they'll fix it. The car won't start, call your auto insurer. The AC isn't cooling like it did last year - don't try to clean it, but call the service personnel. People know what accounts and passwords are. They are familiar with PINs. God forbid we learn new things. Seeds, phrases, private and public keys, and derivation paths... what da hell are those?

Regular people: Can't I just register an account without all that other stuff?
Block: Sure you can, We've got just the thing for you.   

Like freshwater turtles. 

Stop calling it a hardware wallet. The official term is "device".

I would review it, but I also don't feel like giving them money for something I know from the start is fundamentally flawed..
On the other hand, if I get a review unit and I say a single good thing about it, someone will rightfully assume that I say it only because I got it for free or might speculate I got paid for the review. It's such a dilemma!

I've watched a part of it so far and what I find hilarious is how the Arculus guy claims 'if a smartcard is good for securing fiat, it's good for securing BTC'. I mean, if someone finds my credit card, I can block it via a phone call to the bank. If they find my Bitcoin smart card, there is no bank to call and tell 'block this seed'.
So far it seems like everyone is advertising their product and no one's claims are questioned or challenged. Like a big ad block.
I do like the SeedSigner guy; he doesn't even mention his name and doesn't show his eyes.. While NVK brags about 'doing NFC'.

I know you said that about Casa and I would agree with you on that, but I was actually referring to upcoming Block hardware wallet.
More things I discover about that device, less I like it, and it's going to be hard to change my opinion about that, unless they make total remake from start.
However, I would like to test this device or read some review before making my final conclusions
 

What I meant to say was that I am not recommending Casa (Block is completely out of the picture anyway), but it seems much better than Block if you really want to give a third-party one of your keys for the added benefit of helping you restore your wallet in case you mess up. Since Casa seems to be just selling services and encourages & helps people use actual hardware wallets.

Maybe they should consider renaming their hardware wallet from Block to BlackBox, but it reminds me on the model Blockstream is using for their Jade hardware wallet, that is also using server instead of secure element.
This probably means that Block hardware wallet won't have any secure element, that is the reason why they borrowed this idea from Blockstream.
I am not sure have exactlty they plan to sell this crap to millions of customers like they planned, but when I think again it's not that hard when you know they are mostly dealing with brainwashed masses.

We probably have different definitions or meaning for word sexy, because this looks like shit or those cheap fake gemstones you can find on ebay.
It also reminds me on something I would use to put my glass off juice or bottle of beer on...



I will never recommend anyone to buy their hardware wallet if they make it like this, even if they put open source sticker on it and give it away for ''free''.

 

Geometrically, yes, but hell, the shape is a 'Twitter NFT profile pic' reference, isn't it?

Honestly, I wouldn't advocate for any such product and prefer to teach self-custody, but if someone really needs it, from what I've heard, Casa sounds like a way better option. As far as I know they have a multisig setup as well, to help you restore your wallet and stuff, but you definitely can just stop using them or still have access to your funds if they disappear.

The higher plans are not cheap, but I see this as a big plus, because as we all know if you're not paying, you're the product. It doesn't mean your data is not sold when using a paid product, but the business is less incentivized to do so if they already make thousands of $ per year from your subscription, right.

So I found a video of Lindsey Grossman talking at Bitcoin Miami. She is the Business Lead at Block for this new wallet: https://youtu.be/WbjzZQwDozw

No offense to her as a person, and she is good speaker, but everything she says just confirms what we said above. There will be no seed phrases, and there will no privacy. NVK makes an important point that you won't be able to just take your seed phrase and put it in to another wallet if you need to, if something goes wrong, if the company disappears, etc. You buy this wallet, and you are completely tied in to Block and their ecosystem. Yes, I appreciate that I am not their target market here, but I fail to see how a 2-of-3 multi-sig reliant on Block's servers and requiring some form of account, identification, passwords, etc., is "more complex" than just writing down 12 words on a piece of paper.

Although I will concede that the prototypes look sexy as hell: https://nitter.net/JesseDorogusker/status/1511714178326695939

Their intention is to build a device for complete newbies to crypto who don't want to or can't focus on protecting their own data. That includes writing down and storing a set of 24 words. It's supposed to make it easy to use. We know that easy doesn't mean safe, but we are not the target audience. I doubt there will be a seed for the end-user. Maybe they can opt in to get one during the setup process. if not, it will be an account-based app where all operations are confirmed with a PIN, password, fingerprint, and similar.   

Sure, but that's not what I'm getting at here. If I lose 2 of the 3 keys, and Block are claiming to only hold one key, then my wallet should be irrecoverable. And yet, they say that is not true and I will still be able to recover my wallet. For that to be the case, then unless I have seed phrase back ups (which doesn't seem to be possible from what I've read about this wallet), then Block must somehow have access to the other keys. And if that's the case, then everything else they have said about this wallet is meaningless.

We need more details, and the fact they aren't providing any is concerning on its own. Almost as if they are deliberately trying to keep the inner workings of this secret.

Block developing team is making this reports to get more feedback from people.
They can't answer clearly about anything because they are just in early discussion phase, and as far as I know they didn't even start developing device or making early models.
Pin code or fingerprint security protection and recovery is fine with some people but for me, and servers will probably holding this information in some encrypted formats.

Chances for losing both devices are low in reality, it would be similar like losing multiple devices or backups in any other multi-sig setup.
Holding those devices on different places may be a good idea, but it adds complexity if you are using them often or for daily transactions.

Looks like they posted an update a few weeks ago which we missed: https://wallet.build/how-the-wallet-works/

Doesn't really say much that we didn't already know. Mainly just expands on how the 2-of-3 multi-sig set up works. Of interest, they have stopped using them term "hardware wallet" though, and instead refer to it as a "hardware device". They still make no mention of seed phrases, though, so it's still not clear if you can actually back up your wallet properly. Here's what they do say about back ups:

So just by installing the mobile app on your new phone, you are somehow able to recover the key lost from your old mobile app. Still no mention of seed phrases. Does this mean you create an account with them and their servers store another one of your keys? Completely unclear.

So if I lose both my phone and the hardware device, then I have lost 2 out of the 3 keys, meaning only the 1 key they claim to hold is still accessible, meaning the coins in the 2-of-3 wallet are lost. Yet, they say that there will still be a way for me to recover my wallet. And still no mention of seed phrases. We will have to wait for this future update to pass judgement, but it is sounding more and more like they will keep more than the one key they say they will.

At least the hardware device will have an option to use a PIN rather than a fingerprint.

If you think about it, this dependence on their server makes it somewhat similar to an online wallet, which is quite scary. Sure, you hold private keys, but you can't do anything with them without Block? Block could literally censor transactions then? That's not even 'not a hardware wallet', I'd argue that this isn't even a real Bitcoin wallet in the first place, if you cannot sign anything on your own (even though you have 2 devices).

Literally anything would then be better than this atrocity. I don't see how they'd implement seed export / seed backup of the hardware device though, if it has no screen honestly. So it must be something like what I described...

I'm sure they will, but that doesn't make them infallible.

Sure, but then think about all the times various exchanges have gone down. Even massive websites like Facebook and Google experience down time. Just because it hasn't happened yet doesn't mean it's a good set up, just as storing your coins on an exchange doesn't become safe just because you haven't been hacked yet. If the whole set up depends on a single point of failure (Block's servers), then that's a set up I don't want to use and a set up which means they can remove your access to your coins at any time.

I think they will do all that is in their power not to allow their servers to go down and have backups ready to replace them in case that happens. If the device is intended for people who don't want to concern themselves with saving their own seeds and private keys, the whole system explodes if a server failure forces their customers to have to deal with multiple seeds/private keys and master keys all of a sudden.

Looking back in history, how often have the servers failed on Ledger and Trezor users, for example? In all my years of using Ledger Live, I honestly don't remember not being able to use the software because the servers were malfunctioning. Sometimes there are sync issues with certain coins, that's true. Of course, that doesn't mean that Square's servers will be equally reliable or unreliable depending how you look at it. 

If Block's servers go down and the app cannot receive an updated balance or transactions, then there must be a way for the user to sign a transaction using the two keys they have in their possession, otherwise the whole set up is completely pointless and no better than holding coins at an exchange. This would rest on the user being able to extract the private keys from their phone and hardware device and import them in to another wallet along with the pubkey from Block, meaning a user setting up this device for the first time needs to back up two seed phrases and a pubkey at the minimum.

But of course, this is far more complicated than a standard hardware wallet which will have you back up a single seed phrase. Which makes me then suspect that this functionality will not be possible given how they are marketing this as a "simple" device, which would mean if Block's servers go down, your coins are essentially stuck in your wallet.

We'll obviously need to wait for full details, but if this is a simple as they say it is then it won't be secure, and for it to be a properly secure multisig then it will obviously be far harder to set up and back up properly than a single sig hardware wallet.