Topic: Square is considering making a hardware wallet for Bitcoin - page 11. (Read 4002 times)

Looks like they posted an update a few weeks ago which we missed: https://wallet.build/how-the-wallet-works/

Doesn't really say much that we didn't already know. Mainly just expands on how the 2-of-3 multi-sig set up works. Of interest, they have stopped using them term "hardware wallet" though, and instead refer to it as a "hardware device". They still make no mention of seed phrases, though, so it's still not clear if you can actually back up your wallet properly. Here's what they do say about back ups:

So just by installing the mobile app on your new phone, you are somehow able to recover the key lost from your old mobile app. Still no mention of seed phrases. Does this mean you create an account with them and their servers store another one of your keys? Completely unclear.

So if I lose both my phone and the hardware device, then I have lost 2 out of the 3 keys, meaning only the 1 key they claim to hold is still accessible, meaning the coins in the 2-of-3 wallet are lost. Yet, they say that there will still be a way for me to recover my wallet. And still no mention of seed phrases. We will have to wait for this future update to pass judgement, but it is sounding more and more like they will keep more than the one key they say they will.

At least the hardware device will have an option to use a PIN rather than a fingerprint.

If you think about it, this dependence on their server makes it somewhat similar to an online wallet, which is quite scary. Sure, you hold private keys, but you can't do anything with them without Block? Block could literally censor transactions then? That's not even 'not a hardware wallet', I'd argue that this isn't even a real Bitcoin wallet in the first place, if you cannot sign anything on your own (even though you have 2 devices).

Literally anything would then be better than this atrocity. I don't see how they'd implement seed export / seed backup of the hardware device though, if it has no screen honestly. So it must be something like what I described...

I'm sure they will, but that doesn't make them infallible.

Sure, but then think about all the times various exchanges have gone down. Even massive websites like Facebook and Google experience down time. Just because it hasn't happened yet doesn't mean it's a good set up, just as storing your coins on an exchange doesn't become safe just because you haven't been hacked yet. If the whole set up depends on a single point of failure (Block's servers), then that's a set up I don't want to use and a set up which means they can remove your access to your coins at any time.

I think they will do all that is in their power not to allow their servers to go down and have backups ready to replace them in case that happens. If the device is intended for people who don't want to concern themselves with saving their own seeds and private keys, the whole system explodes if a server failure forces their customers to have to deal with multiple seeds/private keys and master keys all of a sudden.

Looking back in history, how often have the servers failed on Ledger and Trezor users, for example? In all my years of using Ledger Live, I honestly don't remember not being able to use the software because the servers were malfunctioning. Sometimes there are sync issues with certain coins, that's true. Of course, that doesn't mean that Square's servers will be equally reliable or unreliable depending how you look at it. 

If Block's servers go down and the app cannot receive an updated balance or transactions, then there must be a way for the user to sign a transaction using the two keys they have in their possession, otherwise the whole set up is completely pointless and no better than holding coins at an exchange. This would rest on the user being able to extract the private keys from their phone and hardware device and import them in to another wallet along with the pubkey from Block, meaning a user setting up this device for the first time needs to back up two seed phrases and a pubkey at the minimum.

But of course, this is far more complicated than a standard hardware wallet which will have you back up a single seed phrase. Which makes me then suspect that this functionality will not be possible given how they are marketing this as a "simple" device, which would mean if Block's servers go down, your coins are essentially stuck in your wallet.

We'll obviously need to wait for full details, but if this is a simple as they say it is then it won't be secure, and for it to be a properly secure multisig then it will obviously be far harder to set up and back up properly than a single sig hardware wallet.

You are right, everything can be learned with the right motivation. Who wants to learn, he will do it. The rest, who have chosen a different path, still "can't be saved" from such products as from Square.

Yes, I understand you. This company abuses HW wording and misleads potential buyers. In this thread, you and everyone else are trying to do a good deed by trying to convey the right information and I'm sure some people, after reading this thread, will refuse to use Square's wallet. But what will be the percentage of all those wishing to acquire a pseudo-HW? Less than 600 have read this thread so far. It's like fighting windmills. But I agree with you that the fight against deception must continue.

I don't condone or endorse their way of doing business, I'm just voicing how I see it. This is a fact that is unpleasant both for those present here and for me. I don't take the side of Square, because at the moment I understand that their actions go against the ideas of bitcoin and the principles established in this forum.

This is not the only and not the last case in the world when the bad is presented under the guise of good. Unfortunately.

Right, I forgot that the phone and hardware device can't create and sign a transaction on their own without interaction with the server.. It feels so unnatural and just.. wrong. I hope this won't gain traction honestly.

Very good questions. If this device and all software accompanying it won't be 1000% open-source (verifiable builds and all that), it would be extremely difficult to verify any responses to these questions anyway, so I'm intrigued to see how this whole thing pans out.

I've never heard of this take before, but it makes a lot of sense! Mind you, where I live, most people drive stick, so you need to work 3 pedals with two feet, steer with one hand, shift with the other and pay attention to all the other little high-speed metal boxes whisking past you, as you said..

Not seeds, but public keys. If they can recover your coins when you can only provide a signature for a 2-of-3 transaction they ask you to sign (since the hardware device has no screen or interface to be able to generate its own transaction), then they must have generated the transaction meaning they must have access to all the public keys.

Whether or not it is more secure than an exchange depends on the details of how it is set up. On paper, a 2-of-3 multisig with them holding one key means they cannot steal your coins. However, users will almost certainly be locked in to using Block's wallet app and obviously locked in to using this device. Do we know the other two seed phrases are generated securely? Do we know that they aren't transmitted to Block? Do we know if the user even gets to see them? Do we know the device doesn't come pre-initialized? Is it all going to be open source? If you lose your phone or hardware device, can you recover your coins without Block's approval? Too many unanswered questions at the moment to be able to say this will be meaningfully safer than an exchange. But we know for a fact it will be significantly less safer than a real hardware wallet. And not only will you have zero privacy as you say, but your data will likely be shared across Block's subsidiaries and various third parties.

I wonder what would happen if the car was invented for the first time today. Turning a wheel and working pedals simultaneously? And turn signals and lights and wipers and washer fluid and a radio? All while other cars zoom around you and you have to pay attention to lanes and traffic signals and stop signs and more? And if you make a mistake you die? Far too risky and complicated. Better to leave it all to the bus driver experts.

Wow, if they hold all three seeds, it's a real scam. I'd give them the benefit of the doubt for now and hope they at least implement the restoring like this:
1) Generate phone key.
2) Create new 2-of-3 multisig wallet: server key, new key from (1), device key.
2) Sign transaction with server & device that sends all funds into that new wallet.

I know.. This whole Square wallet is so anti-Bitcoin.. How does anyone honestly come up with such a system.

On one hand you're right, but on the other hand I find it morally questionable for knowledgeable people such as the developers of this project, who know exactly what they're doing, to sell and even develop this device and call it 'HW wallet' with a straight face. It's so predatory in a way. They try giving people a sense of security and privacy. In a way, it should be more secure than e.g. keeping funds on an exchange, but privacy is completely out of question here - one of the main motivations for cryptocurrencies.

Honestly, this notion of people not being able to do anything themselves anymore seems to me like a disease, like a cancer, spreading through first-world society. People get more lazy and as a reaction, companies try capitalizing on that, taking more and more 'work' off people's shoulders, making them wholly dependent on them. This continues as a vicious circle to the point where young people don't fix their own bikes or cars anymore, can't wire up some appliance, while it was somehow all common knowledge not too long ago.
I don't accept that humanity dumbed down this hard; it must simply be laziness.

I would definitely like to ask Square HW wallet users face-to-face if they honestly believe they can't write 24 words by hand.

I don't disagree with you there, but I strongly disagree with how Block are presenting this device.

Even users who don't own a hardware wallet still know that a hardware wallet offers great security. One of the first things newbies on this forum get told is to buy a hardware wallet. Any time someone admits to keeping their coins on an exchange or a closed source hot wallet, they are told to buy a hardware wallet. Medium, Reddit, Twitter, YouTube, all filled with people telling you to buy a hardware wallet. Even if people don't understand how a hardware wallet works, they still know that it is safe and secure.

This device is not a hardware wallet. It does not protect your seed phrase, your keys, or your coins. Calling it a hardware wallet, when in reality it is simply a signing device for 1 key out of a 2-of-3 multisig is disingenuous at best and outright lying at worst. Plenty of people will read that this is a "hardware wallet" and will therefore believe that it is somehow as secure as something like a Ledger or a Trezor, when it is no such thing.

They can make any device they like, obviously, but they should be open and upfront about what it is and what it can do, and not call it something it isn't to make people think it is more secure than it actually is.

I started out knowing nothing like everyone else and learned the things that interest me. I would certainly not put myself in the same category as many of the more technically advanced users here. I know enough. But I don't accept the notion that it's hard to learn how to generate and secure your seed properly. It's a completely different thing if people don't want to learn it. In that case, they can use whatever they want.

I have no doubt they will and with good marketing, it will become a hit. But hey, Bitconnect was a success as well for some time. Square's device is not a hardware wallet and shouldn't be called one. 

I perfectly understand you and the attitude of people who know Bitcoin essence and the principles of interaction with it. Also, the attitude to HW in this topic that Square offers is not surprising for me. But Square doesn't create these products for you and people like you, that's the catch. They make a device for the masses. So that even a conditional housewife, who of all devices only knows how to use the TV remote control and poke on the touch screen of an iPhone, can use crypto. These are completely different target audiences.

It is a mistake to project your experience onto others. What is easy for you may not be feasible for others. Even such a trifle as to write 12 or 24 words.

This is a business and they are trying to fill their niche by satisfying the needs of people. And their need is very simple: to simplify interaction with crypto as much as possible. Yes, sacrificing all the basic features of bitcoin, but that's just how people are. Between security, reliability, anonymity and convenience, they always choose convenience. Of course, this is not about the participants of bitcointalk: I'm not very sure that housewives drop in here in order to improve their skills with crypto.

We here laugh at the features of the new device from Square, but rest assured, they will find their buyer.

Even more basic than this, if you are using their app you are connecting to their servers to receive updated transaction and balance information, so they will always know all your addresses and transactions. They also say if you lose your phone then you can recover your coins using the hardware device and the key that Block stores, meaning that they must have a copy of your full wallet containing all three public keys to be able to offer this functionality.

Absolutely. As I mentioned earlier in this thread, if you use this device your data will be collected and shared: https://bitcointalksearch.org/topic/m.59309830

Multisig sounds better than it just being a glorified FIDO UF2 device. I still find it highly questionable. For example, Square could have a backdoor in place which allows to sign with server + device, circumventing the user.
In general, any device whose functionality is linked to an online service staying up and running is a bad long-term investment - it will become a paperweight sooner or later. Better spending a little more (I guess this will be super cheap to attract many users) and getting a proper hardware wallet.

I also suspect they will know every single one of your transactions, since the application would ask the server to co-sign every time and only after it declines (in case of larger amounts), it will try connecting to the hardware device. In case of smaller amounts, the server will also know about all your transactions by design.

In general, it seems to go well with their business(es) as a financial institution (instead of it being mostly a hardware manufacturer like other brands). After all, user data, especially payment / financial, is highly valuable.

I've had a bit more of a read around their proposals, and it seems they are planning to use a 2-of-3 multisig. One private key stored on the mobile app, one private key stored on this fingerprint scanning hardware device, and one private key stored on Square's servers. The user then sets a limit to what they want to be able to spend from the mobile app. When they try to make a payment under this limit, the mobile app will sign and Square will sign, giving the two required keys. When they want to make a payment over this limit, Square will refuse to sign it, requiring the user to plug in their fingerprint scanner for the second signature.

So yeah, calling this a hardware wallet is very misleading. The piece of hardware will only contain one of the three necessary private keys, with the other two being stored on a mobile device and on the cloud respectively, which is obviously significantly less secure than an actual hardware wallet.

This might exactly be the reason for it not just being an app. Especially if it's not open-source, it's definitely possible that the biometric data is sent to some server and sold and / or leaked in the future. In case of applications, in theory most phones use their processors' secure elements (similar to what's used in real hardware wallets) to store an encoded version of the fingerprint, with no way for a userspace application to even access that information. All checks are done within the secure coprocessor. However, fingerprint modules do exist that basically just record a 'clear text image' of your actual finger. It's definitely possible for Block to use something like this.

Why aren't they buying any other 'new trending HW wallet' like something from your selection of open-source HW wallets? :/ Probably less advertising would be my guess. Just like Ledger sells millions of actually bad products due to millions of advertisement dollars.

There's no point in a display on this already doomed device. That's because it's most probably just a 2FA device with no seed on it, from what we've seen. So the signature actually happens on the phone. I'm amazed how they can call this a hardware wallet with a straight face..

They mentioned it in their latest March update here.
Check out the latest paragraph where they say: "As part of this approach, we plan to build the hardware without a display.

If there is no display, there is no way to see addresses, seeds, PINs, passphrases, fees, amounts, etc. You will only be able to check all of that in a software environment most probably. 

How else do you think he could sell this devices to 100 million people like they are planning?  
They are obviously targeting dumb people with lower IQ that are buying all the new trending devices for convenience, so they won't have to think about security themselves.
btw how do you know their (new kids on the) Block hardware wallet is not going to have display?
That is probably worse than adding fingerprint scanner, I could live with that if it is optional like they say.

This is shaping up nicely. No display, no seed, no passphrases, only ultra-safe fingerprints. How revolutionary. This isn't innovative at all. This isn't created to make your cryptocurrencies and their private keys safe. It's a device for idiots who can't or don't want to write down 12 or 24 words and keep them safe in one way or the other. Maybe with the next update, Jack will tell us that he will keep our recovery phrases safe and all we have to worry about is the tip of our fingers.

Let me just leave this here:
Breach of Biometrics Database Exposes 28 Million Records Containing Fingerprint and Facial Recognition Data
Major breach found in biometrics system used by banks, UK police and defence firms
Thousands of fingerprint files exposed in unsecured database, research finds

Well, it is more secure having your 2FA require a second device, as then an attack has to compromise two devices (phone and "hardware" wallet) rather than just one device (phone). However, if all the coins are actually stored on the mobile wallet to begin with, with a simple software enforced spending limit, then surely someone compromising the phone would be able to extract the seed phrase or private keys or otherwise override the limit. How else would you restore your wallet if you lost the "hardware" device?

The whole thing leaves a lot of unanswered questions, but it doesn't seem very promising.

They of course say that the fingerprint information will never leave the device, but it will be up to us to try to verify that to be true after the device is released. I also am assuming that this device is not going to be open source.