Topic: Square is considering making a hardware wallet for Bitcoin - page 12. (Read 3812 times)

I'm going to need you to start trigger warning posts like this!

But yeah, it's no real surprise. Companies which own many subsidiaries almost always share data fully and completely between their subsidiaries. It'll be in the terms of service which no one reads. For example, both Square and CashApp say the same thing about your who they share you data with:

If you are going to buy a hardware wallet from a company which also runs CashApp and Square, then your data will be shared across all their subsidiaries.

So, for those who do not know, Square (now block) is big into credit card processing and they also own CashApp
I use cashapp. I also have their debit card.

I was at a local restaurant the other day ( https://www.buffalogrilleli.com/ ) and they are using square for CC processing.
I put in my card to pay (Citibank Sears MC running a 15% bonus cash back on restaurants more on this in another post https://bitcointalksearch.org/topic/using-btc-vs-using-credit-debit-cards-and-purchase-tracking-and-privacy-5386484 ) and the terminal popped up with an enter your phone # for rewards at this restaurant.

OK, I put in a Google Voice number I use for stuff like this.

Got a text message on my phone about the points being added to my account, and poof the CashApp app saw the text and added it to it's list of bonuses and points with no interaction from me. The app wants to read text messages since there is nothing relevant on that phone I let it.

So with all this going on, if you are really concerned with privacy would you want a hardware wallet from a company like this?

Now I am saying the following, I don't give a shit at this point for me. *IF* I could go back in time I would have changed my habits about BTC & privacy and a bunch of other things 10 years ago. But I didn't, I'm known, and I am far to lazy to spend the time to put my privacy and anonymity back. I am on the old side of 50 and really have better things to do with my time.

But, if you are using one of their hardware wallets and they can get that 1st breadcrumb of tracking data from something you did, they can probably track a lot more then you think.

I can hear @o_e_l_e_o crying about the lack of privacy with all of this.

-Dave

This one sounds good; what I saw so far in experimental setups was a bit different, but there seem to be multiple solutions to extending NFC range. Anything that can be used to extend any other RF-device's range should work on NFC just as well.
What is interesting though is that it starts making financial sense to develop and improve these further, the more financial transactions are made through NFC, while it has been a more academic and theoretical subject until now.

I found a relatively old thread on Stack Exchange about a guy who wanted to track customers entering his dentist office via NFC technology. He wanted to extend the range to read NFC tags of his customers at a distance of 30-60 cm.

This is the answer of a person who claims that range can be extended and he wrote how to do it.

   
Source: https://electronics.stackexchange.com/questions/107811/diy-nfc-boosting-antenna-for-a-mobile-device

To paint a better picture, everyone should imagine that NFC is just a small antenna.
It's my opinion that having antenna in hardware wallet is not secure, but that is just my opinion, what do I know


In theory some kind of universal NFC reader could be used for all devices including desktop computers, but question is if this will be compatible with one used in Square wallet.
I was reading that Apple had worse support for NFC from all other smartphones, but maybe something changed in last few models.

I found some interesting articles about alleged ''secure'' NFC techology that everyone is trying to push down out throat recently.
One of them say that malware can be planted using NFC beaming, but bug was android related:
https://www.zdnet.com/article/android-bug-lets-hackers-plant-malware-via-nfc-beaming/

This one is from last year, NFC Flaws Let Researchers Hack ATMs by Waving a Phone!
https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/

After reading all this I am really having trouble to believe how they say that adding NFC in hardware wallets in more secure than other methods.
If ATM can get hacked with NFC than I rest my case, or maybe we should buy this new hardware wallets and use them for hacking 

While I don't expect gsmarena have info about really all makers and models, I'd expect that the even cheaper ones (ie those that may be missing) will just increase the numbers of models without NFC.

You are free to click onto the bottom-right button and see the results = the actual phones for which you'll see the specs if clicked.
Unfortunately you may have to fiddle more with the settings and get subsets, since not all are shown if the number of results is that big.
And unfortunately they don't have search for "no NFC" (either All, either with NFC).

Even more, there are results with the specs telling "NFC    Yes (market/region dependent)"
These are included in the list with NFC, hence giving a certain extra advantage to "that side".


TL;DR; I was actually "nice" to tell 50%, and the real percent of no-NFC phones for 2021 may be even bigger.

I never really dived that deep into it, until you mentioned it and I immediately fell in love with how they designed those batteries.
^{- Block should follow that design, as opposed to integrating both of them at the same time.}

I have limited knowledge about its security but in regards to the simplicity of its approach, it means little to nothing if it's going to work occasionally.
^{- My previous phone had fewer connection issues with NFC-enabled devices than the one I'm currently using [not sure why].}

I really hope they ditch the NFC and that they only go for Alkaline if they know they have to keep the current draw very very low. Otherwise it will eat through them like Passport v1.

Yeah, that's about right. All the close-range mumbo jumbo is not implemented as a security measure; you can circumvent it with a tunneling attack, stronger antennas and similar. On hardware level, it is not protected against that. You can 'patch up the holes' by adding time of flight checks in higher layers or additional confirmation for larger amounts (like in credit cards) but it's not very confidence-inspiring that you'll constantly need to fix the holes of your underlying technology.

I think that Keystone wallet is the only one that offers some kind of hybrid battery solution in their Keystone pro version.
They have standard lithium slim battery and in the same package everyone receives fat empty container for regular AAA batteries that can work in emergency cases.
Most hardware wallets are using cable connection for power, and others are using only one type of battery.

I would like to see QR codes more than NFC, but some people are claiming that NFC is relatively safer and more simple option.
Simple is not always better, and NFC means that there is one more chip that could be exploited, and there is one source for most NFC chips.

I don't follow anything about smartphones so I can't confirm anything from wiki or any other websites.
Some guys from our local forum say that all phones now have NFC, and they are obviously wrong if data from gsmarena is true.

Sure, but if I steal your NFC supported credit card, I can make contactless payments up to a certain amount (I think it's not more than €20-€50) without entering any PIN. I can do that multiple times in various stores without anyone suspecting anything. Surely Square will have countermeasures in place, but I am still not delighted about their choice.   

On the latter part of the PDF link, they also mentioned the possibility of having "hybrid solutions"... Does anybody know if currently, we have a hardware wallet with such configuration?
^{- I do know it has its own risks, but I think it'd be cool to finally have a hardware wallet with multiple battery options.}

Hopefully, they could back it up by "showing" the results from various tests!

That's easier said than done ^{[unfortunately, but I hope I'm wrong]}.

On another article that was linked in the one that you posted yesterday, they mentioned there'll be QR code support in their mobile app:

• Quote from: https://squareselfcustody.substack.com/p/building-self-custody-hardware
  and people will still be able to use QR codes for payment applications via the mobile application that makes up part of the product.

Yeah, quite sad.


It would have been probably better than NFC.


Not everybody is buying expensive phones.
I went to gsmarena and:
1. I've done a search with all phones released last year. 602 results. https://www.gsmarena.com/search.php3?nYearMin=2021
2. I've done a search with all phones released last year having NFC. 297 results. https://www.gsmarena.com/search.php3?nYearMin=2021&chkNFC=selected

So about half of them don't have it. And I took only the phones made last year! I find it more relevant than that wiki, sorry.


No, but I can turn it off in my phone¹. I expect the wallet be a tad smarter than an un-powered plastic card, really. Hence (while I understand your point) I think that the comparison doesn't stand.


NFC (Near field communication) works only very near. I don't know if attack vectors are so scary in this. Keep in mind that millions pay on a daily basis with NFC cards, phones, bracelets..


----
¹ Actually I could (and did) in my previous phone which had NFC. My current one doesn't have it.

This will probably be the only way of communicating judging by document they released, the reason is because they are focusing only on mobile and not desktop users.
I much more prefer QR codes and camera, but industry is apparently going in this direction.

I don't know exactly what phones support NFC but I am sure that all phones in future will have that options, or Jack wouldn't go planning something so big.
They want to sell this hardware wallets to 100 million users and more.
Here is one recently updated list of most NFC enabled mobile devices:
https://en.wikipedia.org/wiki/List_of_NFC-enabled_mobile_devices

Can you also turn off NFC on your credit an debit cards or in your passport and id cards?  

Hopefully, it wont be there at all. Not sure why people prefer Bluetooth or NFC in this case instead of a cable.
 
NFC only works if two devices are in close proximity one to the other, but maybe there are certain gadgets that can widen this grid!? In that case, it  becomes a new attack vector. I remember reading an article some time ago on NFCs where it said that the protocol can't be considered secure because it was created to be a convenient and fast solution, not one that is security-oriented. NFC connections also don't require a password or pin. I am not sure if and how one can abuse the system to access someone's data, but if there is a way, someone somewhere will probably find it.   

Will it be the only way to communicate?
Because if so, they'll lose quite a big segment of potential buyers, just because many smartphones don't have NFC (yes, even today).
And if there's also another way, I certainly hope that NFC can also be turned off, just in case.
(And yeah, I would have been preferring wired communication, like my Nano S does.)

Jack Dorsey and his Blocks team are making some decisions about upcoming hardware wallet and they are asking community for help and feedback.
They released a public document calling it Hardware Wallet Power Architecture SPADE, and they want feedback about best battery for this device, as well as other things.

What we learned so far after reading this 8 page long document?
- they decided to add wireless NFC feature for communication with smartphones.
- they want to add power source, replaceable or rechargeable battery (Coin Cell, Rechargeable LiPo or Alkaline AAA).
- multisig will be supported and very important feature.
- device will be reliable and able to survive shocks, stresses, drops, etc.
- device will have to last for years.
- device will be smaller, lighter with industrial design.

Full document:
https://block.xyz/wallet/battery.pdf

I am following all hardware wallet market condition and so many of them popped up (and still popping up) that are claiming they are open source and coming from China that I would not be surprised to see something like this.
Some of them are mostly based on Trezor code BitHD, Prokey, OneKey, or Keystone (ex Cobo), HyperMate... but note that open source doesn't mean that something is automatically good.
Chinese population is over 1,4 Billion people, that is more than enough for Jack's dream of 100 Million HW owners, and if something like this happens to Trezor, imagine what will happen with Square 平方 HW  

Hmm that makes sense. But I guess whether they make it open-source or not some Chinese businessmen are going to probably copy it anyway if it gets mainstream enough. Just like how we have fake iPhones despite Apple not being open source. Tech startups and tech businesses in general probably start businesses already expecting China to copy them at some point in the future.

I was not thinking at hobbyists as a threat for the business.
I was thinking to another business - maybe in China, for example - that can copy this and sell at less than half the price the same product, just branded with Ca5h App (based on your example).
But maybe I'm thinking too far. I don't know...

Yes, but I think the open-source everything move from them is for them to win both the masses, and as well as the current Bitcoiners. They could simply brand the hardware wallet as something that's affiliated to the ever-so-famous Cash App, and that could easily easily offset the lost sales from those huge minority that's going to build everything from scratch.