Pages:
Author

Topic: Square is considering making a hardware wallet for Bitcoin - page 4. (Read 4017 times)

legendary
Activity: 2730
Merit: 7065
No, if the wrong address is only shown in the app, but the correct transaction is signed by the device, the funds will still reach the intended receiver.
You could end up with a hacked app though, that displays the correct address on your phone screen, but asks the hardware device to sign a transaction which sends all of your funds to an attacker's address. There will be no way of you to check that, if we assume compromised software.
Exactly. Since there is no screen on the device, you don't know if the displayed address on the app belongs to your wallet or not. That's if you are generating an address and you are supposed to receive BTC.

Like n0nce mentioned, the software could in theory show one thing, but the hardware signs something else. You would only notice a difference if you quickly checked if the transaction data is correct on a blockchain explorer after the broadcast. Depending on if, when, and how full RBF gets implemented with the next Bitcoin Core release, it might be easy to doublespend the transaction back to yourself. But that depends on too many factors out of your control: how many nodes opt-in for Full RBF, how many pools do it, and will the Block app have an option to cancel/doublespend a transaction back to yourself. o_e_l_e_o is a better person to talk to about such scenarios. 
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
Mobile app in this case is used in similar way like you would use apps for any other hardware wallets, including ledger, trezor, passport, etc.
You need to have software wallet that communicates with hardware wallet device, so there is nothing really strange about this.
The difference between Block and proper hardware wallets like the ones you mentioned is that their native apps don't hold your seed or private keys. Those never leave the hardware. Based on what we know about Block, it's software app will store one of the multisig keys. Due to the lack of a screen, you won't be able to verify transaction details like with other hardware wallets. You have to rely exclusively on what the app shows. 
This, of course, will be a disadvantage. If any glitch occurs in the application showing transaction information, such as the wrong recipient address, it will be possible to send to the wrong address and lose cryptocurrencies.
No, if the wrong address is only shown in the app, but the correct transaction is signed by the device, the funds will still reach the intended receiver.
You could end up with a hacked app though, that displays the correct address on your phone screen, but asks the hardware device to sign a transaction which sends all of your funds to an attacker's address. There will be no way of you to check that, if we assume compromised software.

In other words: eliminating the chance of a software attack is the main goal of hardware wallets; so assuming the software to be safe completely removes the need for such a device. We need to work in the 'compromised software' model for hardware wallets to even make sense. Therefore we can't rely on the software to display the right address and only ask for signatures of unmodified transactions.

What to do in this case? Check each time all transactions in https://blockchair.com/? Which will create another extra action.
That won't help you, as the block explorer doesn't display your transaction before it's submitted to the mempool and once you submit it, there's no way of 'taking it back', either.

It seemed to be an insignificant detail at first glance, as the lack of a display (is it possible that the Block will save a lot on this) creates an unnecessary headache for users.
Yeah, I said it before: a screen is absoutely fundamental. You need a physical 'communication channel' (light entering your eye) to verify what the wallet is actually signing.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
This, of course, will be a disadvantage. If any glitch occurs in the application showing transaction information, such as the wrong recipient address, it will be possible to send to the wrong address and lose cryptocurrencies. What to do in this case? Check each time all transactions in https://blockchair.com/? Which will create another extra action. It seemed to be an insignificant detail at first glance, as the lack of a display (is it possible that the Block will save a lot on this) creates an unnecessary headache for users.
I guess any transaction to be broadcasted can be checked and rechecked on the mobile app which is actually the wallet that contains one or more master private key. Or probably there can still be confusion unless the hardware authentication app is manufactured for people to check if it can truly be called hardware wallet or not. Still, on all wallets, while using online wallet with it, best to still check for clipboard malware by double checking the address before sending or passing it to cold storage wallet for signing.
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
Mobile app in this case is used in similar way like you would use apps for any other hardware wallets, including ledger, trezor, passport, etc.
You need to have software wallet that communicates with hardware wallet device, so there is nothing really strange about this.
The difference between Block and proper hardware wallets like the ones you mentioned is that their native apps don't hold your seed or private keys. Those never leave the hardware. Based on what we know about Block, it's software app will store one of the multisig keys. Due to the lack of a screen, you won't be able to verify transaction details like with other hardware wallets. You have to rely exclusively on what the app shows. 
This, of course, will be a disadvantage. If any glitch occurs in the application showing transaction information, such as the wrong recipient address, it will be possible to send to the wrong address and lose cryptocurrencies. What to do in this case? Check each time all transactions in https://blockchair.com/? Which will create another extra action. It seemed to be an insignificant detail at first glance, as the lack of a display (is it possible that the Block will save a lot on this) creates an unnecessary headache for users.
legendary
Activity: 2730
Merit: 7065
Mobile app in this case is used in similar way like you would use apps for any other hardware wallets, including ledger, trezor, passport, etc.
You need to have software wallet that communicates with hardware wallet device, so there is nothing really strange about this.
The difference between Block and proper hardware wallets like the ones you mentioned is that their native apps don't hold your seed or private keys. Those never leave the hardware. Based on what we know about Block, it's software app will store one of the multisig keys. Due to the lack of a screen, you won't be able to verify transaction details like with other hardware wallets. You have to rely exclusively on what the app shows. 
legendary
Activity: 2212
Merit: 7064
Even if it comes with decagon or any other shape, there is no problem if it is functionally recommendable, but not. Not even a hardware wallet, no screen, having mobile app which makes it an online wallet, but more funds protected by the authentication hardware device (I mean what is referred to as hardware wallet).
Mobile app in this case is used in similar way like you would use apps for any other hardware wallets, including ledger, trezor, passport, etc.
You need to have software wallet that communicates with hardware wallet device, so there is nothing really strange about this.

They will, because that's how Block are marketing it, and Block's marketing will reach far wider than the community pointing out that this device is not particularly great.
I am sure they have the biggest budget from all other hardware wallets combined, and that is without any additional investments or funding.
In future we could see many other hardware wallets joining forces if they want to survive and compete with Block.
One positive thing from Block showing up is that it will force Trezor and other hardware wallets to speed up their innovations Wink
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
And what does the crypto-community expect from this project in terms of success? Because judging by the reviews, the attitude towards this pseudo-wallet can hardly be called positive.
I think it's going to become a success. They are going to market the hell out of it, and good marketing eventually pays off.
[...]
Imagine if this hardware device got ad space during the Super Bowl, for example. It would sell in the millions despite what true Bitcoiners and crypto enthusiasts think of it. 
Again though; it probably provides near zero benefits over just keeping funds on a centralized exchange, with the added trouble of easily losing it and then having to go through some restore process with Block.
My prediction is that they will sell a lot of these, but people will start either losing them and not buying a second one (just restoring funds to software wallet or exchange wallet) or will just not use them. It's definitely more convenient to leave funds on the exchange if you buy and sell a lot (main usage of Bitcoin for this 'second group').

I hope people will not compare this authentication device with hardware wallets like those mentioned.
They will, because that's how Block are marketing it, and Block's marketing will reach far wider than the community pointing out that this device is not particularly great.
Do keep in mind, someone even tries selling paper wallets as 'alternatives to hardware wallets'. At least their advertising prompted MrSlattery to post their question in the 'Hardware Wallets' section here.

~
Is it this product? https://www.ballet.com/en/whatisballet/

If so, this is not even a hardware wallet in the first place! It only holds a single private key, which you can only view by peeling off the sticker.
[...]
legendary
Activity: 2268
Merit: 18771
And what does the crypto-community expect from this project in terms of success? Because judging by the reviews, the attitude towards this pseudo-wallet can hardly be called positive.
I agree with Pmalek above. The device isn't even at an alpha testing phase yet, and already Block employees are attending crypto conferences, seminars, and live streams, shilling hard for it and explaining how it is a hundred times better than all existing wallets. Block obviously have an advertising budget well above that of other hardware wallet manufacturers, as well as already having a lot of links and contacts within the crypto ecosystem which allows them to push their narrative. As such, I also expect this device to sell widely, despite being little more than a glorified 2FA code.

I hope people will not compare this authentication device with hardware wallets like those mentioned.
They will, because that's how Block are marketing it, and Block's marketing will reach far wider than the community pointing out that this device is not particularly great.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
I don't know why exactly they choose hexagon shape, maybe because this would be unique shape for hardware wallet device.
Even if it comes with decagon or any other shape, there is no problem if it is functionally recommendable, but not. Not even a hardware wallet, no screen, having mobile app which makes it an online wallet, but more funds protected by the authentication hardware device (I mean what is referred to as hardware wallet).

Let's wait and see how everything will work out in real life, but I am sure they have big plans to take over the market of hardware wallets, do legder, trezor and others should watch out for them.
I hope people will not compare this authentication device with hardware wallets like those mentioned. If it is the way people commented about the wallet, it means the real wallet is the mobile app. Let us wait and see how it would workout in real life, but this kind of wallet will only exist to make people to have false information about what hardware are, but I hope people should be able to pass it across that the hardware is not a wallet.
legendary
Activity: 2212
Merit: 7064
I didn't see the display on the Block hardware wallet from Square. Will this device work in conjunction with a smartphone and PC?
Yes, there is no screen and they are going to release Block app for Android and iOS devices, and I think they don't plan to release any desktop app.
I don't know why exactly they choose hexagon shape, maybe because this would be unique shape for hardware wallet device.

Back to this 2FA device. I think the biggest issue really is that. If it had been marketed as a 2FA thing with some other features we would have all been a lot more accepting of it then it being marketing as a hardware wallet. But, with the lack of privacy, multisig with their servers, and some other things it's not what most people consider a hardware wallet.
Yeah, well they claim this should be open source device, so maybe we could see people forking this and making it work without any server for multisig.
Let's wait and see how everything will work out in real life, but I am sure they have big plans to take over the market of hardware wallets, do legder, trezor and others should watch out for them.
I think they will have premium price, and they will offer some kind of deals for first released devices, but I am personally waiting to see what Trezor will release next with new secure element.

I like the approach by Foundation Devices, where they chose a commonly used battery that you may even still have at home. That way, you don't need to trust them to give you a non-malicious one. As well as being able to quickly swap it, wherever you are. You may even be able to buy a cheap used phone on the street to take its battery out and put it in your empty Passport.. Cheesy
Market is flooded with those old Nokia batteries and they still work perfectly and hold charge for days or weeks.
I am curious to know when is your review of Passport coming out, and how much this battery holds in your device.

So actually, you seem completely right. This is just a third party custodian with extra (expensive) steps.
Mayne someone (Elon Musk) could ''hack'' it and remove custodian...  for his Doge shitcoin wallet  Cheesy
legendary
Activity: 2730
Merit: 7065
And what does the crypto-community expect from this project in terms of success? Because judging by the reviews, the attitude towards this pseudo-wallet can hardly be called positive.
I think it's going to become a success. They are going to market the hell out of it, and good marketing eventually pays off.

"Crypto community" is a very broad definition. Someone who uses cold-storage solutions, multisigs, offline signing, and mixes coins is part of the crypto movement. But then again, so is someone who keeps all his coins on a centralized exchange, uses custodial wallets, and has his private information stored digitally on the cloud or his email account. These two groups don't have much in common except they use bitcoin/crypto in one way or the other.

Block won't be targeting the first type. The device (it's not a hardware wallet) isn't going to get any attention amongst them.
But the second group of crypto users is bigger. And that's their target audience. The ordinary people who just want to speculate and make some quick bucks without spending much time on learning how to be in control of your financials because they are not in it for the technology or being in control.

Imagine if this hardware device got ad space during the Super Bowl, for example. It would sell in the millions despite what true Bitcoiners and crypto enthusiasts think of it. 
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
~snip
I didn't see the display on the Block hardware wallet from Square. Will this device work in conjunction with a smartphone and PC?
We discussed it already, but removing the screen from a hardware wallet is a pretty bad idea.
I'm not saying that it's good that there is no display on Hexagon Square-wallet. I just wanted to understand how approximately it would work. Well, in principle, it became clear to me.

And why did they choose the shape of a hexagon and not a square?  Grin
It probably has something to do with Twitter 'NFT profile pictures'. Are they still a thing? Block probably expected more traction when they first started this project.
And what does the crypto-community expect from this project in terms of success? Because judging by the reviews, the attitude towards this pseudo-wallet can hardly be called positive.

A paranoid thought arose about the fingerprint sensor. Square will collect user data (fingerprints) and link identity and transactions\addresses? What do you think about this?
They really shouldn't. If the device is open source, you can check that for yourself in the firmware. It should use some type of one-way function computed on a scan of the fingerprint and use that to authenticate you to the device. Fingerprint data should never leave the device and in the best case, an actual full scan (visual representation; think: image) of the fingerprint should not even exist inside of the device at any point in time.
Some manufacturers have been doing fingerprint readers like this for at least 10 years now.
Ok, I understand you. They shouldn't, but it's better to check it in the code yourself. If you don't know how, wait for results from someone who is capable of it.

As for the built-in batteries, here are my thoughts. I think the trend in this direction will continue, moreover, develop and most of the device manufacturers will use this. Because users need autonomy and the ability to transfer / receive crypto anywhere, which will have a positive effect on mass adoption.
Is there a discussion against built-in batteries? I do know that you can hide hardware implants in there, since battery packs can house little microchips, but it's definitely possible to reduce such risk to a bare minimum.
I like the approach by Foundation Devices, where they chose a commonly used battery that you may even still have at home. That way, you don't need to trust them to give you a non-malicious one. As well as being able to quickly swap it, wherever you are. You may even be able to buy a cheap used phone on the street to take its battery out and put it in your empty Passport.. Cheesy
It will be difficult to put AAA batteries in this device, but it is quite possible to hide hardware implants. But I don't think that the Block is ready to take risks in this way, especially since they will know everything about their users anyway, because they will provide information about themselves.

At this point, I don't think it matters, as I said above I use cashapp and fully recognize how privacy intrusive it is. There are so many people out there who don't know or don't care and don't want to know or care. This is the product for them. 1 Simple button and things are 'secure'.
If they want a simple, non-private way to get someone else to secure their funds, there's a much simpler and cheaper way, though. Exchanges or online wallets. Log into your account and access your coins. Lose your device? Just log back in. Lose your password? Reset through email or customer support. Private? Nope. Your coins? Nope. But basically equal characteristics as the Block device, without upfront cost, without need to recharge and keep the device handy at all times and less steps to perform when using it.
With the Square device, Block will sell a sense of security and support, a little more than others. For this, people will gladly buy their devices.
legendary
Activity: 2268
Merit: 18771
But basically equal characteristics as the Block device, without upfront cost, without need to recharge and keep the device handy at all times and less steps to perform when using it.
I was half way through typing a reply which was going to argue that this device did have one benefit over a centralized exchange, in that if the centralized exchange goes offline you cannot access your coins, whereas if Block goes offline then you can still access your coins via the two keys which are stored on the app and the hardware device. However, if then occurred to me that this probably isn't the case at all. If Block goes offline, then their app will no longer communicate with their servers and so therefore be useless. And since it seems this wallet does not provide seed phrases or access to your private keys, there will be no way for you to import your wallet elsewhere.

So actually, you seem completely right. This is just a third party custodian with extra (expensive) steps.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
~snip
I didn't see the display on the Block hardware wallet from Square. Will this device work in conjunction with a smartphone and PC?
We discussed it already, but removing the screen from a hardware wallet is a pretty bad idea.

And why did they choose the shape of a hexagon and not a square?  Grin
It probably has something to do with Twitter 'NFT profile pictures'. Are they still a thing? Block probably expected more traction when they first started this project.

A paranoid thought arose about the fingerprint sensor. Square will collect user data (fingerprints) and link identity and transactions\addresses? What do you think about this?
They really shouldn't. If the device is open source, you can check that for yourself in the firmware. It should use some type of one-way function computed on a scan of the fingerprint and use that to authenticate you to the device. Fingerprint data should never leave the device and in the best case, an actual full scan (visual representation; think: image) of the fingerprint should not even exist inside of the device at any point in time.
Some manufacturers have been doing fingerprint readers like this for at least 10 years now.

As for the built-in batteries, here are my thoughts. I think the trend in this direction will continue, moreover, develop and most of the device manufacturers will use this. Because users need autonomy and the ability to transfer / receive crypto anywhere, which will have a positive effect on mass adoption.
Is there a discussion against built-in batteries? I do know that you can hide hardware implants in there, since battery packs can house little microchips, but it's definitely possible to reduce such risk to a bare minimum.
I like the approach by Foundation Devices, where they chose a commonly used battery that you may even still have at home. That way, you don't need to trust them to give you a non-malicious one. As well as being able to quickly swap it, wherever you are. You may even be able to buy a cheap used phone on the street to take its battery out and put it in your empty Passport.. Cheesy

At this point, I don't think it matters, as I said above I use cashapp and fully recognize how privacy intrusive it is. There are so many people out there who don't know or don't care and don't want to know or care. This is the product for them. 1 Simple button and things are 'secure'.
If they want a simple, non-private way to get someone else to secure their funds, there's a much simpler and cheaper way, though. Exchanges or online wallets. Log into your account and access your coins. Lose your device? Just log back in. Lose your password? Reset through email or customer support. Private? Nope. Your coins? Nope. But basically equal characteristics as the Block device, without upfront cost, without need to recharge and keep the device handy at all times and less steps to perform when using it.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Jack Dorsey sold Twitter to Elon Musk, but he is certainly not joking with Block hardware wallet, and they are already making bunch of their first prototypes in factory.
Device images are posted below and we know it will have type c connection, battery, fingerprint sensor or PIN, and NFC support.
They performed alpha testing with this devices and they send them to people to find all weaknesses and things that should be fixed and corrected.
Next they plan to release full electrical schematics and detailed design information, and they want to keep Block wallet with open source hardware.

Minor nitpick but the shareholders voted overwhelmingly to do it, Jack probably wanted it to go through so he could get more users for his new 'not twitter but still twitter':
https://www.coindesk.com/web3/2022/10/20/jack-dorsey-backed-decentralized-social-network-bluesky-gets-30000-signups-in-48-hours/

Back to this 2FA device. I think the biggest issue really is that. If it had been marketed as a 2FA thing with some other features we would have all been a lot more accepting of it then it being marketing as a hardware wallet. But, with the lack of privacy, multisig with their servers, and some other things it's not what most people consider a hardware wallet.



At this point, I don't think it matters, as I said above I use cashapp and fully recognize how privacy intrusive it is. There are so many people out there who don't know or don't care and don't want to know or care. This is the product for them. 1 Simple button and things are 'secure'.

-Dave
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
The fingerprint scanner, although obviously a bad inclusion since biometrics are not safe, is irrelevant from a privacy perspective. To use this device you must first set up an account with Block and link that account to your mobile app and hardware device. All your balances, transactions, etc., will be routed through your account on Block's servers. Your privacy is exactly zero, with or without the fingerprint scanner.
After not being the Twitter CEO again, It was Jack Dorsey far less decentralized exchange (tbDEX), now to no privacy hardware wallet. I have began to more notice that anything about Jack Dorsey related to planing of invention is just about how to link decentralized system with centralized system, linking privacy to no privacy, which only means a means to make what are privacy and decentralized in the past now to become not private and not decentralized. Already we are knowing also that this hardware wallet is faulty in design.
legendary
Activity: 2268
Merit: 18771
I didn't see the display on the Block hardware wallet from Square. Will this device work in conjunction with a smartphone and PC?
There is no screen. As I said in my post here, due to the fact this device doesn't have a screen then it cannot be used to verify any address prior to receiving nor any transaction prior to signing, therefore making it is little more than a glorified 2FA key.

As to how the device works, it is all operated through a mobile app (no details on this yet). It is set up in a 2-of-3 multi-sig with one key on the app, one on this device, and one on Block's servers.

A paranoid thought arose about the fingerprint sensor. Square will collect user data (fingerprints) and link identity and transactions\addresses? What do you think about this?
The fingerprint scanner, although obviously a bad inclusion since biometrics are not safe, is irrelevant from a privacy perspective. To use this device you must first set up an account with Block and link that account to your mobile app and hardware device. All your balances, transactions, etc., will be routed through your account on Block's servers. Your privacy is exactly zero, with or without the fingerprint scanner.
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
~snip
I didn't see the display on the Block hardware wallet from Square. Will this device work in conjunction with a smartphone and PC?

And why did they choose the shape of a hexagon and not a square?  Grin

A paranoid thought arose about the fingerprint sensor. Square will collect user data (fingerprints) and link identity and transactions\addresses? What do you think about this?

As for the built-in batteries, here are my thoughts. I think the trend in this direction will continue, moreover, develop and most of the device manufacturers will use this. Because users need autonomy and the ability to transfer / receive crypto anywhere, which will have a positive effect on mass adoption.
legendary
Activity: 2212
Merit: 7064
Jack Dorsey sold Twitter to Elon Musk, but he is certainly not joking with Block hardware wallet, and they are already making bunch of their first prototypes in factory.
Device images are posted below and we know it will have type c connection, battery, fingerprint sensor or PIN, and NFC support.
They performed alpha testing with this devices and they send them to people to find all weaknesses and things that should be fixed and corrected.
Next they plan to release full electrical schematics and detailed design information, and they want to keep Block wallet with open source hardware.

   
https://wallet.build/how-we-design-our-hardware/
legendary
Activity: 2730
Merit: 7065
Does Foundation not serve customer's outside of the USA directly?  That seems odd.  I don't see any reason whey they wouldn't be able to ship their product directly over-seas.
You can order their hardware wallets from any place in the world. Probably not to countries that are on US sanction lists like North Korea, for example. I played around with their online shop yesterday just to see what kind of shipping costs would be applied if you had the device shipped to the EU and South America. You can check that out here.
Pages:
Jump to: