in principle, every new competitor on the market should be viewed positively. be it in terms of hardware wallets or e.g. mining.
we need more alternatives and more decentralization!
and how the source code may look like, that we can not know at first and only think of different scenarios
Topic: Square is considering making a hardware wallet for Bitcoin - page 2. (Read 3812 times)
My main concern is beta units seem to be going out, but source code is nowhere to be found.
I am sure they are cooking something behind the scenes 
Not that I like anything about Bitkey, except maybe unusual hexagonal shape.
My main concern is that even if we get the source code, we will see that the device is an insecure privacy nightmare, due to the software and hardware architecture they chose: no screen, server-side verification of addresses, and more. There is no way that (open-source or not) code will solve these glaring issues.
Perfect scenario for disaster, but some people probably decided to blindly trust Jack and his team. 
My main concern is beta units seem to be going out, but source code is nowhere to be found.
My main concern is that even if we get the source code, we will see that the device is an insecure privacy nightmare, due to the software and hardware architecture they chose: no screen, server-side verification of addresses, and more. There is no way that (open-source or not) code will solve these glaring issues.
My main concern is beta units seem to be going out, but source code is nowhere to be found.
Jack Dorsey and his company Block have started the first beta units of their new Bitcoin hardware wallet BITKEY.
Teaser image was posted on twitter by one of the beta testers who received this wallet, and we know that fingerprint scanner is optional.
I checked Bitkey website and they still offer only option to Join whitelist.
https://twitter.com/mcshane_writes/status/1709313340991004920
Teaser image was posted on twitter by one of the beta testers who received this wallet, and we know that fingerprint scanner is optional.
I checked Bitkey website and they still offer only option to Join whitelist.
https://twitter.com/mcshane_writes/status/1709313340991004920
...
And since it will come up....
Yes, I will get one of these to play with, because I am a tech & crypto nerd. No I will not use it as a primary or secondary or even 5th HW wallet.
-Dave
And since it will come up....
Yes, I will get one of these to play with, because I am a tech & crypto nerd. No I will not use it as a primary or secondary or even 5th HW wallet.
-Dave
Well I got a we did not choose you for our beta email.
Guess I will just have to wait to get the thing that I will put in the closet and never use that I will then sell years from now never having taken it out of the box.
I'm not an addict to these things I can quit at any time..... https://bitcointalksearch.org/topic/the-why-is-davef-selling-all-this-stuff-all-of-a-sudden-post-5455887
-Dave
Hi all, I just published a pretty in-depth blog post about Bitkey. Would love any feedback.
http://zherbert.com/bitkey/
Good read, nice summary of many of the issues we had brought up here over the months in a way, with some added extra points.http://zherbert.com/bitkey/
I just archived it here, since I started archiving everything I deem important to keep online for a long time: https://archive.is/zj0GI
Hi all, I just published a pretty in-depth blog post about Bitkey. Would love any feedback.
http://zherbert.com/bitkey/
Great article on Bitkey aka Square aka Block wallet!http://zherbert.com/bitkey/
For me this is not a real hardware wallet and adding open source label won't change anything in my opinion.
I can't add more detailed review until I test actual device or read feedback from other security experts, but initially I don't like anything about Bitkey, except maybe it's octagonal shape.
Surveillance Nightmare is the right word from your article, and what else can we expect form billionaire who claims he supports bitcoin... remember what Elon Musk did with his Tesla stunt.
I don't trust Jack Dorsey and his products in same way like I don't trust anything coming from Elon Musk.
Would love any feedback.
I think your article is spot on. I've raised pretty much all of the exact same points you have at various times over the last few years in this thread:The hardware wallet will not have a screen, meaning it cannot generate or display a seed phrase, cannot show transaction details for double checking, and cannot show a receiving address for verification. That's not a hardware wallet; that's a 2FA device.
Just because something doesn't protect against all attack vectors doesn't mean it is pointless.
Basically, every time you want to send or receive coins, your hardware wallet has to sign the sending or receiving address and then transmit that signed message to Block's servers, where they will verify the address has not been tampered with, and then send that address back to the relevant party to be used. The obvious flaws are that Block can spy on literally everything you do and that you have absolutely zero security from a bad actor in Block sending a malicious address. The less obvious flaws are that you now can't make transactions or even generate a new receiving address if Block's servers are down, and it opens a new attack vector for man-in-the-middle attacks if you rely on Block's servers telling you what addresses to use.
I think there are other fairly concerning aspects to this device you didn't touch on, such as their social recovery, which is just as easily fooled or attacked as Ledger's KYC based recovery service. The part of your article that I hadn't considered is the privacy implications for anyone else. As you point out, if I want to send money to a Bitkey user then I have to visit the Bitkey website in order to obtain their address, giving Bitkey the capability to link my transaction to my device identifiers, browser fingerprint, and IP address. That's utterly horrendous.
Guess I won't be transacting with anyone who uses this wallet, just as I don't transact with any merchant who uses BitPay.
Hi all, I just published a pretty in-depth blog post about Bitkey. Would love any feedback.
http://zherbert.com/bitkey/
http://zherbert.com/bitkey/
You know that character from the Simpsons that points the finger and yells, ha-ha?
Nelson Muntz (and no I didn't have to google that)
But, according to them and they really have no reason to lie since they are a public company and can have their records audited.
Coinbase has 56 million registered users, Gemini has 13 million (and I'm sure there is a ton of overlap but still) that puts us in the very small minority.
The main issue are people like me. I did not know better and gave up my privacy years ago, and without a hell of a lot of work there is no way I am getting it back.
So, I preach one things to others while doing something different myself.
Would I change if I could, yes. But as I posted a while ago, I'm over 50, there are a ton of things that can be traced back to me so at this point I put it under lost cause and move on.
And since it will come up....
Yes, I will get one of these to play with, because I am a tech & crypto nerd. No I will not use it as a primary or secondary or even 5th HW wallet.
-Dave
When did we reach the point where a product completely and utterly trashing your privacy was irrelevant to the majority of users? And when did we reach the point where people are actually willing to pay to have their privacy trashed, such as with this or with Wasabi?
You have to realize that the majority of people entering the crypto space care very little about what you just said. You know that character from the Simpsons that points the finger and yells, ha-ha? You are the one they are pointing the finger at. Not your personally, but privacy-advocates. A simple way to make money and ultimately see more of those $ signs will always beat taking the longer route that requires more time and effort.
Hi. I added Bitkey to my website where I compare more than 30 different hardware wallets: https://thebitcoinhole.com/.
There are still lots of questions about the wallet, so the info is not complete. I plan to add the missing info as soon as more official info is released.
There are still lots of questions about the wallet, so the info is not complete. I plan to add the missing info as soon as more official info is released.
They just opened Bitkey beta, so don't apply 
Something is telling me people are going to pay for this ''free'' device with their personal information and addresses, and you will receive it ONLY if you get selected....
Again, we now have notorious Recovery feature confirmed in Bitkey wallet.
Source:
https://bitkey.build/beta/
Archived:
https://web.archive.org/web/20230622202653/https://bitkey.build/beta/
Something is telling me people are going to pay for this ''free'' device with their personal information and addresses, and you will receive it ONLY if you get selected....
Again, we now have notorious Recovery feature confirmed in Bitkey wallet.
Quote
Beta customers will receive a free Bitkey hardware device, mobile app and recovery tools in case they lose their phone or hardware
If selected, you'll be one of the very first customers to try the product - before it's publicly available
If selected, you'll be one of the very first customers to try the product - before it's publicly available
Quote
Fingerprint sensor — unlock and authenticate your hardware device, and authorize spending limits, recovery tools and security settings Yes Yes
PIN authentication — an alternative to the fingerprint to unlock your hardware if you prefer not to use biometrics Yes Yes
Recovery Tools
Mobile recovery — recover your bitcoin if you lose or replace your phone Yes Yes
Hardware recovery — recover your bitcoin if you lose your hardware Yes Yes
Mobile + hardware recovery — recover your bitcoin if you lose both your phone and hardware at the same time No Yes
PIN authentication — an alternative to the fingerprint to unlock your hardware if you prefer not to use biometrics Yes Yes
Recovery Tools
Mobile recovery — recover your bitcoin if you lose or replace your phone Yes Yes
Hardware recovery — recover your bitcoin if you lose your hardware Yes Yes
Mobile + hardware recovery — recover your bitcoin if you lose both your phone and hardware at the same time No Yes
Source:
https://bitkey.build/beta/
Archived:
https://web.archive.org/web/20230622202653/https://bitkey.build/beta/
There is definite push for hardware wallets to start doing stuff like this and work with centralized exchanges.
Almost every major hardware wallet is already doing such things, implementing KYC requiring exchanges, swaps, credit cards, or whatever, in to their wallet software. This general trend is part of the reason I moved away from hardware wallets altogether, and more recent events from the likes of Trezor and Ledger have only solidified my decision over time.I say almost, because there is one notable exception which seems to genuine care about privacy and security - Passport. Here is one of the Passport devs discussing implementing new features in Bisq: https://github.com/bisq-network/bisq/discussions/6726.
Until it affects them on a personal level, than everyone is concerned.
And by then it is too late. I still can't get over how many people were absolutely astounded that the likes of Celsius and Voyager were gambling their money with no safety nets or collateral, despite their Terms of Service saying that this is exactly what they would do and it being pointed out multiple times on every online community. People simply didn't care until it was too late, and now they've lost everything. Just like people will use Ledger Recover or Bitkey's cloud and social recovery, and won't care until they lose everything. Coinbase have already handed over plenty of customer information to various governments and authorities, which will definitely include all customer's withdrawal addresses. The difference now is as you point out - they can very easily get Block to hand over your cloud back ups and seize your coins directly out of your hardware wallet, just like they can do to Ledger Recover.
There is definite push for hardware wallets to start doing stuff like this and work with centralized exchanges.It's not only Block and ledger wallet, in China they are doing the same thing with Safepal wallet and I am sure there will be more manufacturers joining ''the club''.
I just hope they all got a bit scared after people reacting furiously after ledger debacle.
Most other people really don't give a shit. They want to make money or they don't care about privacy and want to do other things with crypto.
Until it affects them on a personal level, than everyone is concerned.For people who want to know what direction Block wallet is going you should check all their investors:
https://investors.block.xyz/overview/default.aspx
....When did we reach the point where a product completely and utterly trashing your privacy was irrelevant to the majority of users? And when did we reach the point where people are actually willing to pay to have their privacy trashed, such as with this or with Wasabi?
About 2 minutes after somebody noticed that you can make money trading BTC and selling BTC hardware and so on.
We (here) discussing privacy are in the minority, we are the people who spend hours thinking about and talking about BTC.
Most other people really don't give a shit. They want to make money or they don't care about privacy and want to do other things with crypto.
While leaving the wallet that shall not be mentioned out of it. People are worried about a lot of things, and those that care about privacy / anonymity will try to preserve theirs. Those that don't will not.
Same way those people who trade in an attempt to make a profit would not even think about doing anything like running their coins through a mixer / anonymization service since there are fees involved with that (however small) and that cuts into profits..... Same way you will NEVER see a real professional gambler drink while gambling. It makes you less sharp, where as those of us that go to casinos for fun....keep bringing me the free drinks till I can't drink no more....
-Dave
I'm reading Bitkey's blog post about this here (https://bitkey.build/coinbase-and-cash-app/), and I can't get over just how terrible this is for your privacy.
You link your Bitkey account to Coinbase and interact with Coinbase via Bitkey. Obviously you need to KYC at Coinbase so they already have all your personal details, and now you are handing them all your wallet addresses on a silver platter. This is the same Coinbase which actively run their own blockchain analysis subsidiary. The same Coinbase which freely hand customer data over the US and other governments. The same Coinbase which admitted selling user data to third parties for their own profits.
When did we reach the point where a product completely and utterly trashing your privacy was irrelevant to the majority of users? And when did we reach the point where people are actually willing to pay to have their privacy trashed, such as with this or with Wasabi?
You link your Bitkey account to Coinbase and interact with Coinbase via Bitkey. Obviously you need to KYC at Coinbase so they already have all your personal details, and now you are handing them all your wallet addresses on a silver platter. This is the same Coinbase which actively run their own blockchain analysis subsidiary. The same Coinbase which freely hand customer data over the US and other governments. The same Coinbase which admitted selling user data to third parties for their own profits.
When did we reach the point where a product completely and utterly trashing your privacy was irrelevant to the majority of users? And when did we reach the point where people are actually willing to pay to have their privacy trashed, such as with this or with Wasabi?
Yo dawg, I heard you like third parties...
Shhhh, you were supposed to keep those parties secret.
Oh, 3rd parties.
Anyway, what I find interesting too is that the 1st post in this thread is over 2 years ago, and they are just starting the open beta.
And to get in it asks a bunch of questions about what wallets you use and what you do with BTC / crypto.
What have they been doing for 2 years other then designing something that looks like a rock. Yeah, it's cool looking I'll give them that. But 2 YEARS?
-Dave
o_e_l_e_o trigger warning below (didn't I tell you in another post to go outside and enjoy the weekend)....
Lol. Consider me triggered. At least everyone knows that Coinbase are a centralized third party, unlike Block lying about being "self custody" or Wasabi lying about being a "privacy" wallet.So you will be able to link your fully KYCd Coinbase coins with your fully linked self custody wallet that links back to Block to have them keep a way of recovering your keys.
Yo dawg, I heard you like third parties...I'll just leave this here:
Now I can only imagine hypothetical scenario with Coinbase getting attacked by US and other governments around the world, and they would have to give all customer information to authorities.
Coinbase have already handed over plenty of customer information to various governments and authorities, which will definitely include all customer's withdrawal addresses. The difference now is as you point out - they can very easily get Block to hand over your cloud back ups and seize your coins directly out of your hardware wallet, just like they can do to Ledger Recover. Jump to: