Topic: Square is considering making a hardware wallet for Bitcoin - page 4. (Read 4002 times)

Exactly. Since there is no screen on the device, you don't know if the displayed address on the app belongs to your wallet or not. That's if you are generating an address and you are supposed to receive BTC.

Like n0nce mentioned, the software could in theory show one thing, but the hardware signs something else. You would only notice a difference if you quickly checked if the transaction data is correct on a blockchain explorer after the broadcast. Depending on if, when, and how full RBF gets implemented with the next Bitcoin Core release, it might be easy to doublespend the transaction back to yourself. But that depends on too many factors out of your control: how many nodes opt-in for Full RBF, how many pools do it, and will the Block app have an option to cancel/doublespend a transaction back to yourself. o_e_l_e_o is a better person to talk to about such scenarios. 

No, if the wrong address is only shown in the app, but the correct transaction is signed by the device, the funds will still reach the intended receiver.
You could end up with a hacked app though, that displays the correct address on your phone screen, but asks the hardware device to sign a transaction which sends all of your funds to an attacker's address. There will be no way of you to check that, if we assume compromised software.

In other words: eliminating the chance of a software attack is the main goal of hardware wallets; so assuming the software to be safe completely removes the need for such a device. We need to work in the 'compromised software' model for hardware wallets to even make sense. Therefore we can't rely on the software to display the right address and only ask for signatures of unmodified transactions.

That won't help you, as the block explorer doesn't display your transaction before it's submitted to the mempool and once you submit it, there's no way of 'taking it back', either.

Yeah, I said it before: a screen is absoutely fundamental. You need a physical 'communication channel' (light entering your eye) to verify what the wallet is actually signing.

I guess any transaction to be broadcasted can be checked and rechecked on the mobile app which is actually the wallet that contains one or more master private key. Or probably there can still be confusion unless the hardware authentication app is manufactured for people to check if it can truly be called hardware wallet or not. Still, on all wallets, while using online wallet with it, best to still check for clipboard malware by double checking the address before sending or passing it to cold storage wallet for signing.

This, of course, will be a disadvantage. If any glitch occurs in the application showing transaction information, such as the wrong recipient address, it will be possible to send to the wrong address and lose cryptocurrencies. What to do in this case? Check each time all transactions in https://blockchair.com/? Which will create another extra action. It seemed to be an insignificant detail at first glance, as the lack of a display (is it possible that the Block will save a lot on this) creates an unnecessary headache for users.

The difference between Block and proper hardware wallets like the ones you mentioned is that their native apps don't hold your seed or private keys. Those never leave the hardware. Based on what we know about Block, it's software app will store one of the multisig keys. Due to the lack of a screen, you won't be able to verify transaction details like with other hardware wallets. You have to rely exclusively on what the app shows. 

Mobile app in this case is used in similar way like you would use apps for any other hardware wallets, including ledger, trezor, passport, etc.
You need to have software wallet that communicates with hardware wallet device, so there is nothing really strange about this.

I am sure they have the biggest budget from all other hardware wallets combined, and that is without any additional investments or funding.
In future we could see many other hardware wallets joining forces if they want to survive and compete with Block.
One positive thing from Block showing up is that it will force Trezor and other hardware wallets to speed up their innovations

Again though; it probably provides near zero benefits over just keeping funds on a centralized exchange, with the added trouble of easily losing it and then having to go through some restore process with Block.
My prediction is that they will sell a lot of these, but people will start either losing them and not buying a second one (just restoring funds to software wallet or exchange wallet) or will just not use them. It's definitely more convenient to leave funds on the exchange if you buy and sell a lot (main usage of Bitcoin for this 'second group').

Do keep in mind, someone even tries selling paper wallets as 'alternatives to hardware wallets'. At least their advertising prompted MrSlattery to post their question in the 'Hardware Wallets' section here.

I agree with Pmalek above. The device isn't even at an alpha testing phase yet, and already Block employees are attending crypto conferences, seminars, and live streams, shilling hard for it and explaining how it is a hundred times better than all existing wallets. Block obviously have an advertising budget well above that of other hardware wallet manufacturers, as well as already having a lot of links and contacts within the crypto ecosystem which allows them to push their narrative. As such, I also expect this device to sell widely, despite being little more than a glorified 2FA code.

They will, because that's how Block are marketing it, and Block's marketing will reach far wider than the community pointing out that this device is not particularly great.

Even if it comes with decagon or any other shape, there is no problem if it is functionally recommendable, but not. Not even a hardware wallet, no screen, having mobile app which makes it an online wallet, but more funds protected by the authentication hardware device (I mean what is referred to as hardware wallet).

I hope people will not compare this authentication device with hardware wallets like those mentioned. If it is the way people commented about the wallet, it means the real wallet is the mobile app. Let us wait and see how it would workout in real life, but this kind of wallet will only exist to make people to have false information about what hardware are, but I hope people should be able to pass it across that the hardware is not a wallet.

Yes, there is no screen and they are going to release Block app for Android and iOS devices, and I think they don't plan to release any desktop app.
I don't know why exactly they choose hexagon shape, maybe because this would be unique shape for hardware wallet device.

Yeah, well they claim this should be open source device, so maybe we could see people forking this and making it work without any server for multisig.
Let's wait and see how everything will work out in real life, but I am sure they have big plans to take over the market of hardware wallets, do legder, trezor and others should watch out for them.
I think they will have premium price, and they will offer some kind of deals for first released devices, but I am personally waiting to see what Trezor will release next with new secure element.

Market is flooded with those old Nokia batteries and they still work perfectly and hold charge for days or weeks.
I am curious to know when is your review of Passport coming out, and how much this battery holds in your device.

Mayne someone (Elon Musk) could ''hack'' it and remove custodian...  for his Doge shitcoin wallet 

I think it's going to become a success. They are going to market the hell out of it, and good marketing eventually pays off.

"Crypto community" is a very broad definition. Someone who uses cold-storage solutions, multisigs, offline signing, and mixes coins is part of the crypto movement. But then again, so is someone who keeps all his coins on a centralized exchange, uses custodial wallets, and has his private information stored digitally on the cloud or his email account. These two groups don't have much in common except they use bitcoin/crypto in one way or the other.

Block won't be targeting the first type. The device (it's not a hardware wallet) isn't going to get any attention amongst them.
But the second group of crypto users is bigger. And that's their target audience. The ordinary people who just want to speculate and make some quick bucks without spending much time on learning how to be in control of your financials because they are not in it for the technology or being in control.

Imagine if this hardware device got ad space during the Super Bowl, for example. It would sell in the millions despite what true Bitcoiners and crypto enthusiasts think of it. 

I'm not saying that it's good that there is no display on Hexagon Square-wallet. I just wanted to understand how approximately it would work. Well, in principle, it became clear to me.

And what does the crypto-community expect from this project in terms of success? Because judging by the reviews, the attitude towards this pseudo-wallet can hardly be called positive.

Ok, I understand you. They shouldn't, but it's better to check it in the code yourself. If you don't know how, wait for results from someone who is capable of it.

It will be difficult to put AAA batteries in this device, but it is quite possible to hide hardware implants. But I don't think that the Block is ready to take risks in this way, especially since they will know everything about their users anyway, because they will provide information about themselves.

With the Square device, Block will sell a sense of security and support, a little more than others. For this, people will gladly buy their devices.

I was half way through typing a reply which was going to argue that this device did have one benefit over a centralized exchange, in that if the centralized exchange goes offline you cannot access your coins, whereas if Block goes offline then you can still access your coins via the two keys which are stored on the app and the hardware device. However, if then occurred to me that this probably isn't the case at all. If Block goes offline, then their app will no longer communicate with their servers and so therefore be useless. And since it seems this wallet does not provide seed phrases or access to your private keys, there will be no way for you to import your wallet elsewhere.

So actually, you seem completely right. This is just a third party custodian with extra (expensive) steps.

We discussed it already, but removing the screen from a hardware wallet is a pretty bad idea.

It probably has something to do with Twitter 'NFT profile pictures'. Are they still a thing? Block probably expected more traction when they first started this project.

They really shouldn't. If the device is open source, you can check that for yourself in the firmware. It should use some type of one-way function computed on a scan of the fingerprint and use that to authenticate you to the device. Fingerprint data should never leave the device and in the best case, an actual full scan (visual representation; think: image) of the fingerprint should not even exist inside of the device at any point in time.
Some manufacturers have been doing fingerprint readers like this for at least 10 years now.

Is there a discussion against built-in batteries? I do know that you can hide hardware implants in there, since battery packs can house little microchips, but it's definitely possible to reduce such risk to a bare minimum.
I like the approach by Foundation Devices, where they chose a commonly used battery that you may even still have at home. That way, you don't need to trust them to give you a non-malicious one. As well as being able to quickly swap it, wherever you are. You may even be able to buy a cheap used phone on the street to take its battery out and put it in your empty Passport..

If they want a simple, non-private way to get someone else to secure their funds, there's a much simpler and cheaper way, though. Exchanges or online wallets. Log into your account and access your coins. Lose your device? Just log back in. Lose your password? Reset through email or customer support. Private? Nope. Your coins? Nope. But basically equal characteristics as the Block device, without upfront cost, without need to recharge and keep the device handy at all times and less steps to perform when using it.

Minor nitpick but the shareholders voted overwhelmingly to do it, Jack probably wanted it to go through so he could get more users for his new 'not twitter but still twitter':
https://www.coindesk.com/web3/2022/10/20/jack-dorsey-backed-decentralized-social-network-bluesky-gets-30000-signups-in-48-hours/

Back to this 2FA device. I think the biggest issue really is that. If it had been marketed as a 2FA thing with some other features we would have all been a lot more accepting of it then it being marketing as a hardware wallet. But, with the lack of privacy, multisig with their servers, and some other things it's not what most people consider a hardware wallet.



At this point, I don't think it matters, as I said above I use cashapp and fully recognize how privacy intrusive it is. There are so many people out there who don't know or don't care and don't want to know or care. This is the product for them. 1 Simple button and things are 'secure'.

-Dave

After not being the Twitter CEO again, It was Jack Dorsey far less decentralized exchange (tbDEX), now to no privacy hardware wallet. I have began to more notice that anything about Jack Dorsey related to planing of invention is just about how to link decentralized system with centralized system, linking privacy to no privacy, which only means a means to make what are privacy and decentralized in the past now to become not private and not decentralized. Already we are knowing also that this hardware wallet is faulty in design.

There is no screen. As I said in my post here, due to the fact this device doesn't have a screen then it cannot be used to verify any address prior to receiving nor any transaction prior to signing, therefore making it is little more than a glorified 2FA key.

As to how the device works, it is all operated through a mobile app (no details on this yet). It is set up in a 2-of-3 multi-sig with one key on the app, one on this device, and one on Block's servers.

The fingerprint scanner, although obviously a bad inclusion since biometrics are not safe, is irrelevant from a privacy perspective. To use this device you must first set up an account with Block and link that account to your mobile app and hardware device. All your balances, transactions, etc., will be routed through your account on Block's servers. Your privacy is exactly zero, with or without the fingerprint scanner.

I didn't see the display on the Block hardware wallet from Square. Will this device work in conjunction with a smartphone and PC?

And why did they choose the shape of a hexagon and not a square?  

A paranoid thought arose about the fingerprint sensor. Square will collect user data (fingerprints) and link identity and transactions\addresses? What do you think about this?

As for the built-in batteries, here are my thoughts. I think the trend in this direction will continue, moreover, develop and most of the device manufacturers will use this. Because users need autonomy and the ability to transfer / receive crypto anywhere, which will have a positive effect on mass adoption.

Jack Dorsey sold Twitter to Elon Musk, but he is certainly not joking with Block hardware wallet, and they are already making bunch of their first prototypes in factory.
Device images are posted below and we know it will have type c connection, battery, fingerprint sensor or PIN, and NFC support.
They performed alpha testing with this devices and they send them to people to find all weaknesses and things that should be fixed and corrected.
Next they plan to release full electrical schematics and detailed design information, and they want to keep Block wallet with open source hardware.

   
https://wallet.build/how-we-design-our-hardware/

You can order their hardware wallets from any place in the world. Probably not to countries that are on US sanction lists like North Korea, for example. I played around with their online shop yesterday just to see what kind of shipping costs would be applied if you had the device shipped to the EU and South America. You can check that out here.