Topic: Square is considering making a hardware wallet for Bitcoin - page 11. (Read 3812 times)

You are right, everything can be learned with the right motivation. Who wants to learn, he will do it. The rest, who have chosen a different path, still "can't be saved" from such products as from Square.

Yes, I understand you. This company abuses HW wording and misleads potential buyers. In this thread, you and everyone else are trying to do a good deed by trying to convey the right information and I'm sure some people, after reading this thread, will refuse to use Square's wallet. But what will be the percentage of all those wishing to acquire a pseudo-HW? Less than 600 have read this thread so far. It's like fighting windmills. But I agree with you that the fight against deception must continue.

I don't condone or endorse their way of doing business, I'm just voicing how I see it. This is a fact that is unpleasant both for those present here and for me. I don't take the side of Square, because at the moment I understand that their actions go against the ideas of bitcoin and the principles established in this forum.

This is not the only and not the last case in the world when the bad is presented under the guise of good. Unfortunately.

Right, I forgot that the phone and hardware device can't create and sign a transaction on their own without interaction with the server.. It feels so unnatural and just.. wrong. I hope this won't gain traction honestly.

Very good questions. If this device and all software accompanying it won't be 1000% open-source (verifiable builds and all that), it would be extremely difficult to verify any responses to these questions anyway, so I'm intrigued to see how this whole thing pans out.

I've never heard of this take before, but it makes a lot of sense! Mind you, where I live, most people drive stick, so you need to work 3 pedals with two feet, steer with one hand, shift with the other and pay attention to all the other little high-speed metal boxes whisking past you, as you said..

Not seeds, but public keys. If they can recover your coins when you can only provide a signature for a 2-of-3 transaction they ask you to sign (since the hardware device has no screen or interface to be able to generate its own transaction), then they must have generated the transaction meaning they must have access to all the public keys.

Whether or not it is more secure than an exchange depends on the details of how it is set up. On paper, a 2-of-3 multisig with them holding one key means they cannot steal your coins. However, users will almost certainly be locked in to using Block's wallet app and obviously locked in to using this device. Do we know the other two seed phrases are generated securely? Do we know that they aren't transmitted to Block? Do we know if the user even gets to see them? Do we know the device doesn't come pre-initialized? Is it all going to be open source? If you lose your phone or hardware device, can you recover your coins without Block's approval? Too many unanswered questions at the moment to be able to say this will be meaningfully safer than an exchange. But we know for a fact it will be significantly less safer than a real hardware wallet. And not only will you have zero privacy as you say, but your data will likely be shared across Block's subsidiaries and various third parties.

I wonder what would happen if the car was invented for the first time today. Turning a wheel and working pedals simultaneously? And turn signals and lights and wipers and washer fluid and a radio? All while other cars zoom around you and you have to pay attention to lanes and traffic signals and stop signs and more? And if you make a mistake you die? Far too risky and complicated. Better to leave it all to the bus driver experts.

Wow, if they hold all three seeds, it's a real scam. I'd give them the benefit of the doubt for now and hope they at least implement the restoring like this:
1) Generate phone key.
2) Create new 2-of-3 multisig wallet: server key, new key from (1), device key.
2) Sign transaction with server & device that sends all funds into that new wallet.

I know.. This whole Square wallet is so anti-Bitcoin.. How does anyone honestly come up with such a system.

On one hand you're right, but on the other hand I find it morally questionable for knowledgeable people such as the developers of this project, who know exactly what they're doing, to sell and even develop this device and call it 'HW wallet' with a straight face. It's so predatory in a way. They try giving people a sense of security and privacy. In a way, it should be more secure than e.g. keeping funds on an exchange, but privacy is completely out of question here - one of the main motivations for cryptocurrencies.

Honestly, this notion of people not being able to do anything themselves anymore seems to me like a disease, like a cancer, spreading through first-world society. People get more lazy and as a reaction, companies try capitalizing on that, taking more and more 'work' off people's shoulders, making them wholly dependent on them. This continues as a vicious circle to the point where young people don't fix their own bikes or cars anymore, can't wire up some appliance, while it was somehow all common knowledge not too long ago.
I don't accept that humanity dumbed down this hard; it must simply be laziness.

I would definitely like to ask Square HW wallet users face-to-face if they honestly believe they can't write 24 words by hand.

I don't disagree with you there, but I strongly disagree with how Block are presenting this device.

Even users who don't own a hardware wallet still know that a hardware wallet offers great security. One of the first things newbies on this forum get told is to buy a hardware wallet. Any time someone admits to keeping their coins on an exchange or a closed source hot wallet, they are told to buy a hardware wallet. Medium, Reddit, Twitter, YouTube, all filled with people telling you to buy a hardware wallet. Even if people don't understand how a hardware wallet works, they still know that it is safe and secure.

This device is not a hardware wallet. It does not protect your seed phrase, your keys, or your coins. Calling it a hardware wallet, when in reality it is simply a signing device for 1 key out of a 2-of-3 multisig is disingenuous at best and outright lying at worst. Plenty of people will read that this is a "hardware wallet" and will therefore believe that it is somehow as secure as something like a Ledger or a Trezor, when it is no such thing.

They can make any device they like, obviously, but they should be open and upfront about what it is and what it can do, and not call it something it isn't to make people think it is more secure than it actually is.

I started out knowing nothing like everyone else and learned the things that interest me. I would certainly not put myself in the same category as many of the more technically advanced users here. I know enough. But I don't accept the notion that it's hard to learn how to generate and secure your seed properly. It's a completely different thing if people don't want to learn it. In that case, they can use whatever they want.

I have no doubt they will and with good marketing, it will become a hit. But hey, Bitconnect was a success as well for some time. Square's device is not a hardware wallet and shouldn't be called one. 

I perfectly understand you and the attitude of people who know Bitcoin essence and the principles of interaction with it. Also, the attitude to HW in this topic that Square offers is not surprising for me. But Square doesn't create these products for you and people like you, that's the catch. They make a device for the masses. So that even a conditional housewife, who of all devices only knows how to use the TV remote control and poke on the touch screen of an iPhone, can use crypto. These are completely different target audiences.

It is a mistake to project your experience onto others. What is easy for you may not be feasible for others. Even such a trifle as to write 12 or 24 words.

This is a business and they are trying to fill their niche by satisfying the needs of people. And their need is very simple: to simplify interaction with crypto as much as possible. Yes, sacrificing all the basic features of bitcoin, but that's just how people are. Between security, reliability, anonymity and convenience, they always choose convenience. Of course, this is not about the participants of bitcointalk: I'm not very sure that housewives drop in here in order to improve their skills with crypto.

We here laugh at the features of the new device from Square, but rest assured, they will find their buyer.

Even more basic than this, if you are using their app you are connecting to their servers to receive updated transaction and balance information, so they will always know all your addresses and transactions. They also say if you lose your phone then you can recover your coins using the hardware device and the key that Block stores, meaning that they must have a copy of your full wallet containing all three public keys to be able to offer this functionality.

Absolutely. As I mentioned earlier in this thread, if you use this device your data will be collected and shared: https://bitcointalksearch.org/topic/m.59309830

Multisig sounds better than it just being a glorified FIDO UF2 device. I still find it highly questionable. For example, Square could have a backdoor in place which allows to sign with server + device, circumventing the user.
In general, any device whose functionality is linked to an online service staying up and running is a bad long-term investment - it will become a paperweight sooner or later. Better spending a little more (I guess this will be super cheap to attract many users) and getting a proper hardware wallet.

I also suspect they will know every single one of your transactions, since the application would ask the server to co-sign every time and only after it declines (in case of larger amounts), it will try connecting to the hardware device. In case of smaller amounts, the server will also know about all your transactions by design.

In general, it seems to go well with their business(es) as a financial institution (instead of it being mostly a hardware manufacturer like other brands). After all, user data, especially payment / financial, is highly valuable.

I've had a bit more of a read around their proposals, and it seems they are planning to use a 2-of-3 multisig. One private key stored on the mobile app, one private key stored on this fingerprint scanning hardware device, and one private key stored on Square's servers. The user then sets a limit to what they want to be able to spend from the mobile app. When they try to make a payment under this limit, the mobile app will sign and Square will sign, giving the two required keys. When they want to make a payment over this limit, Square will refuse to sign it, requiring the user to plug in their fingerprint scanner for the second signature.

So yeah, calling this a hardware wallet is very misleading. The piece of hardware will only contain one of the three necessary private keys, with the other two being stored on a mobile device and on the cloud respectively, which is obviously significantly less secure than an actual hardware wallet.

This might exactly be the reason for it not just being an app. Especially if it's not open-source, it's definitely possible that the biometric data is sent to some server and sold and / or leaked in the future. In case of applications, in theory most phones use their processors' secure elements (similar to what's used in real hardware wallets) to store an encoded version of the fingerprint, with no way for a userspace application to even access that information. All checks are done within the secure coprocessor. However, fingerprint modules do exist that basically just record a 'clear text image' of your actual finger. It's definitely possible for Block to use something like this.

Why aren't they buying any other 'new trending HW wallet' like something from your selection of open-source HW wallets? :/ Probably less advertising would be my guess. Just like Ledger sells millions of actually bad products due to millions of advertisement dollars.

There's no point in a display on this already doomed device. That's because it's most probably just a 2FA device with no seed on it, from what we've seen. So the signature actually happens on the phone. I'm amazed how they can call this a hardware wallet with a straight face..

They mentioned it in their latest March update here.
Check out the latest paragraph where they say: "As part of this approach, we plan to build the hardware without a display.

If there is no display, there is no way to see addresses, seeds, PINs, passphrases, fees, amounts, etc. You will only be able to check all of that in a software environment most probably. 

How else do you think he could sell this devices to 100 million people like they are planning?  
They are obviously targeting dumb people with lower IQ that are buying all the new trending devices for convenience, so they won't have to think about security themselves.
btw how do you know their (new kids on the) Block hardware wallet is not going to have display?
That is probably worse than adding fingerprint scanner, I could live with that if it is optional like they say.

This is shaping up nicely. No display, no seed, no passphrases, only ultra-safe fingerprints. How revolutionary. This isn't innovative at all. This isn't created to make your cryptocurrencies and their private keys safe. It's a device for idiots who can't or don't want to write down 12 or 24 words and keep them safe in one way or the other. Maybe with the next update, Jack will tell us that he will keep our recovery phrases safe and all we have to worry about is the tip of our fingers.

Let me just leave this here:
Breach of Biometrics Database Exposes 28 Million Records Containing Fingerprint and Facial Recognition Data
Major breach found in biometrics system used by banks, UK police and defence firms
Thousands of fingerprint files exposed in unsecured database, research finds

Well, it is more secure having your 2FA require a second device, as then an attack has to compromise two devices (phone and "hardware" wallet) rather than just one device (phone). However, if all the coins are actually stored on the mobile wallet to begin with, with a simple software enforced spending limit, then surely someone compromising the phone would be able to extract the seed phrase or private keys or otherwise override the limit. How else would you restore your wallet if you lost the "hardware" device?

The whole thing leaves a lot of unanswered questions, but it doesn't seem very promising.

They of course say that the fingerprint information will never leave the device, but it will be up to us to try to verify that to be true after the device is released. I also am assuming that this device is not going to be open source.

The funny thing about all that is that you don't even need Block's 2FA device to approve spending above a certain limit because all cheap smartphones nowadays already have an in-built fingerprint scanner. You can just create a software wallet in which it would be required to touch the scanner to send a transaction. In fact, there are tons of mobile software wallets that already have such a feature implemented. Why would I even buy additional hardware to achieve exactly the same security that I can achieve with only one device? I don't understand this VC thinking: they put their money into a project, but it seems they don't care if it really serves the purpose. The only thing they seem to care about is how to multiply their initial investments selling outright garbage to naive users.


Traditionally, the question about security and privacy... Can Jack Dorsey or someone else get the information about fingerprints from these devices, collect it, and link to the addresses? Imagine having a database where all the addresses on the blockchain have a corresponding fingerprint of real users. Isn't it a good approach to prevent crimes and money laundering?

I saw this news posted few days ago but I forget to post something about that.
If looks like Block developers want's to replace everything in their hardware wallet including seed words, passwords and seed phrases with a single fingerprint  
This have disaster label written all over it, and from what I read most of the people don't like this idea, including me.
Fingerprint is one of the easiest thing you can copy, it can be taken from anything you touch and it's easy to duplicate it with cheap silicone.
There is no ''peace of mind'' in that, like Block Wallet team is saying in their document, so it's better to evaluate alternative options for people who don't want to be fingerprinted.

I never expected anything revolutionary to come from this project, but things are sure getting in wrong direction.
Whats next on the line? Iris scanner, maybe dna from blood or urine sample for using Block wallet 

Honestly, I'm quite disappointed at how this so-called hardware wallet is shaping up... Based on the @o_e_l_e_o's post, it seems that there are no preventive measures for anything that's below the chosen limit, and considering that there are various ways of cloning the fingerprints ^{[and other ways of acquiring it (e.g. by force)]}, this just introduces a lot of other risks to the equation.

If you look at the actual blog post from Block, it doesn't even sound like a hardware wallet at all anymore, but more like a YubiKey or other hardware 2FA device. See here: https://wallet.build/march-update/. Interesting quotes below.


So your funds are stored on the mobile wallet, you set a limit that the wallet is allowed to spend, and any transactions over that limit you have to connect the "hardware wallet" and use it to scan your fingerprint. The hardware wallet will not have a screen, meaning it cannot generate or display a seed phrase, cannot show transaction details for double checking, and cannot show a receiving address for verification. That's not a hardware wallet; that's a 2FA device.

I've just seen that Block's hardware wallet will also have fingerprint sensor. There is a bitcointalk topic too about this.
The talk on Twitter is: https://twitter.com/jack/status/1502358737981521925


A funny answer, but actually very thoughtful was this:



I fear that this HW is designed more for hype than security...