Pages:
Author

Topic: Square is considering making a hardware wallet for Bitcoin - page 5. (Read 4002 times)

hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
To Mallers' credit, he's talking about Strike's future as a product that largely resembles a brick and mortar bank, i.e. competing with Chase and BofA in their arena, while also allowing LN transactions to seamlessly work like typical debit cards work today.  Such a product could be a tremendous help to the bitcoin ecosystem, on-board more bitcoin users, and possibly even force the legacy financial institutions to adopt similar features.  In today's world, that kind of financial convenience means absolutely no privacy, and I'm afraid the majority won't care.  Hopefully the "self-sovereign" mentality will come later.  Baby steps...
Yeah; I don't see how integrating my Bitcoin and Lightning wallets, as well as my BTC trades with my fiat bank account can be achieved in a privacy-sensible manner.
Except perhaps, if we can somehow get L1 privacy into Bitcoin...

Does Foundation not serve customer's outside of the USA directly?  That seems odd.  I don't see any reason whey they wouldn't be able to ship their product directly over-seas.  Being that it's open source hardware and software, there're no ITAR restrictions that I see as obstacles, and if I'm not mistaken, no other restrictions to shipping items over-seas exists in the US.
They do, but then you need to provide your home address, pay import taxes and if you're unlucky, the customs office might even open your parcel.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!

To Mallers' credit, he's talking about Strike's future as a product that largely resembles a brick and mortar bank, i.e. competing with Chase and BofA in their arena, while also allowing LN transactions to seamlessly work like typical debit cards work today.  Such a product could be a tremendous help to the bitcoin ecosystem, on-board more bitcoin users, and possibly even force the legacy financial institutions to adopt similar features.  In today's world, that kind of financial convenience means absolutely no privacy, and I'm afraid the majority won't care.  Hopefully the "self-sovereign" mentality will come later.  Baby steps...

To further separate the two Jacks; at least Mallers isn't trying to shill the idea of "shared self-custody!"   Roll Eyes


If you've got the budget for a Model T, you should probably look at Passport, instead.. Lips sealed

I'm anxiously awaiting your review of the second batch of the FPW.  It does indeed check a lot of my "essentials" boxes, and quite a few "nice to have."  I bought a Trezor T when they were around $150 USD, which is a great deal in my opinion, but I agree that the current price is not a great value at all.  I suspect that Trezor is low on inventory on the Model T, and rather than make more, they're priming their followers for the release of a new unit with a secure element.  I wouldn't be surprised to see it before Black Friday 2023, and priced similarly to the current price of the Model T.


Too bad it doesn't have a wider distribution network in Europe. Last time I checked, you could only get it from resellers in the UK, Netherlands, and Belgium when we are talking about the EU zone.
True; though I find ordering within the EU to be a fairly effortless task in 99% of cases. In theory, even one good distributor would suffice.

Does Foundation not serve customer's outside of the USA directly?  That seems odd.  I don't see any reason whey they wouldn't be able to ship their product directly over-seas.  Being that it's open source hardware and software, there're no ITAR restrictions that I see as obstacles, and if I'm not mistaken, no other restrictions to shipping items over-seas exists in the US.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
I am curious why only Trezor One is on this list and not also Trezor Model T. Am I missing something? Is it just an oversight on your end or is there something you don't like with the Model T? It's quite expensive if you ask me, but then again, so is Foundation Passport.
Sorry, it's an oversight! I just forget its existence from time to time, as I believe the One to be much better value. If you've got the budget for a Model T, you should probably look at Passport, instead.. Lips sealed

Too bad it doesn't have a wider distribution network in Europe. Last time I checked, you could only get it from resellers in the UK, Netherlands, and Belgium when we are talking about the EU zone.
True; though I find ordering within the EU to be a fairly effortless task in 99% of cases. In theory, even one good distributor would suffice.
legendary
Activity: 2730
Merit: 7065
First criterion would be Bitcoin-only (at very least the option to get a Bitcoin-only firmware); that already eliminates a lot of hardware wallets.
My list after that criterion would be:
  • Foundation Passport
  • Trezor One
  • Keystone Pro
  • BitBox02 Bitcoin-only
  • Coinkite ColdCard

Then, Bitcoin for me is synonymous with open-source and verifiability - hardware and software. This removes a few again, leaving us with the following (to the best of my knowledge).
  • Foundation Passport
  • Trezor One
  • BitBox02 Bitcoin-only
I am curious why only Trezor One is on this list and not also Trezor Model T. Am I missing something? Is it just an oversight on your end or is there something you don't like with the Model T? It's quite expensive if you ask me, but then again, so is Foundation Passport.

I know I really sound like a Passport shill in threads, but I encourage anyone to read my honest, unsponsored review in which I point out all of its flaws and issues and I think I'm vocal enough about them. It's just that for me, as of now, it's the only device that ticks all the 'essential' boxes, even though it does have its flaws.
Too bad it doesn't have a wider distribution network in Europe. Last time I checked, you could only get it from resellers in the UK, Netherlands, and Belgium when we are talking about the EU zone.
legendary
Activity: 2212
Merit: 7064
Of course! Even though just adding Snake is far from it, I had thought about a full-on 'alibi mode' that makes it look and function like an actual mobile phone (e.g. for border controls and whatnot). That could have actually been a useful feature for some users, however I do prefer simplifying the device to its essentials, instead.
I don't think this is hard to create, it doesn't have to be fully functional with signal strength and everything else, but this can be something like screensaver mode switch or lock screen.
New Passport batch already have exact same battery like old Nokia phones, so it would be very hard for anyone to say this is not a phone, until he tries to call someone.
One feature I would like to see in Passport is ability to reboot it to default clean state if it was not unlocked in specific amount of time.

Back to Block/Square hardware wallet, I bet they will have battery that can't be replaced easily, same like it is with most modern smartphones (except Fairphone or Pine phone maybe).
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
I confused the Jacks. My bad.  Lips sealed
Shit happens!

Still uncomfortable to hear something like this from a somewhat popular figure.
I'm not sure about the whole context, but somehow CoinDebit was able to offer a no-KYC debit card.
And Mallers did speak out in favor of privacy as one of the reasons why he's so involved with Lightning. Now he turns around and shits on it? Again: context may be necessary.

The context is:
The government not giving you privacy = bad
The other company not giving you privacy = bad
My company not giving you privacy so we can sell your data = good

See it's simple.  Grin Grin Grin

Makes you wonder how far you would have to keep businesses separate to have the hardware part of the wallet with one, the software part of the wallet with another and any other apps / features with another so you could sell the HW portion as 100% not involved with the others so people who REALLY wanted as much privacy as they can get could then deal with the other aspects only if they wanted to.

I mean, I know you can do it. But at what point can you really legally say hardware business "A" has nothing to do with software business "B".

-Dave

hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
I confused the Jacks. My bad.  Lips sealed
Shit happens!

Still uncomfortable to hear something like this from a somewhat popular figure.
I'm not sure about the whole context, but somehow CoinDebit was able to offer a no-KYC debit card.
And Mallers did speak out in favor of privacy as one of the reasons why he's so involved with Lightning. Now he turns around and shits on it? Again: context may be necessary.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I confused the Jacks. My bad.  Lips sealed
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
"If you want privacy, don't use my fucking app". - Straight from the source: https://open.spotify.com/episode/2kaFrG64SP7EzcCA0EEJEB - at 08:28.

If you don't have Spotify: https://nitter.net/GadSaad/status/1567149412043919360
That's from Jack Mallers, though. And I thought he's not involved with Square / Block, but instead Strike. I don't get how it relates to this thread.
legendary
Activity: 2268
Merit: 18711
-snip-
Your picture there made me go and check out the Foundation site again to learn about version 2 of the Passport. I've got to say, it looks great. The physical design looks much better than the original, the color screen looks great, and they've fixed the battery issue. Couple all that with them getting rid of the bloat in the software, and if I was in the market for a hardware wallet then I'd probably be picking a Passport. I've got a couple of other questions, but I'll take them over to the thread you linked to stop derailing this one any further.

I can see how in a less critical scenario, where they just quickly glance over the stuff you carry, even the current-gen Passports pass as phones without questions.
A quick glance over most hardware wallets to someone unfamiliar with hardware wallets and they would pass as a USB drive, a key fob, or maybe some kind of smart watch or other device. It's the targeted searches you need to be worried about.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
"If you want privacy, don't use my fucking app". - Straight from the source: https://open.spotify.com/episode/2kaFrG64SP7EzcCA0EEJEB - at 08:28.

If you don't have Spotify: https://nitter.net/GadSaad/status/1567149412043919360
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Even though just adding Snake is far from it, I had thought about a full-on 'alibi mode' that makes it look and function like an actual mobile phone (e.g. for border controls and whatnot).
Now that's an interesting idea. It would be difficult to pull off in such a way to either A) not be almost immediately obvious on closer inspection or B) not compromise the integrity of the hardware wallet. For example, a "phone" without any network or data connection whatsoever is highly suspect, but as soon as you add in any kind of network receiver then you put the hardware wallet at risk. A Passport device would certainly be the device to try this on, since it already looks very similar to old Nokia phones, but at the same time there is no phone in existence which runs on 2x AAA batteries.
Regarding 'putting the hardware wallet at risk', I guess something like multiplexing the (already as simple / dumb as possible) I/O and interfacing it by two completely separate PCBs, would probably be needed.
One PCB (half) with all the existing hardware wallet circuitry and another one with typical feature phone hardware.

Triple-A's have already been replaced by Nokia (yes, Nokia actually used or still uses them) Li-Ion rechargeable batteries.



If I was crossing a border with a lot of bitcoin and was highly suspicious that I would be stopped and searched, then I think some method which includes plausible deniability is better. If such a device was inspected and discovered to be a hidden hardware wallet, then there is no way you can deny that. If you have a seed phrase encoded/hidden in pages of academic notes (for example), then you can easily just pass them off as notes.
That's a good point. There are lots of good methods, like bringing an encrypted a file, highlighting (seed) words in a book, etc.
You can also append an encrypted wallet file to the end of a JPEG, so if they go open it, it opens normally. Possibilities are endless and have all sorts of up- and downsides.

I can see how in a less critical scenario, where they just quickly glance over the stuff you carry, even the current-gen Passports pass as phones without questions.
legendary
Activity: 1792
Merit: 1296
Crypto Casino and Sportsbook
Even though just adding Snake is far from it, I had thought about a full-on 'alibi mode' that makes it look and function like an actual mobile phone (e.g. for border controls and whatnot).
Now that's an interesting idea. It would be difficult to pull off in such a way to either A) not be almost immediately obvious on closer inspection or B) not compromise the integrity of the hardware wallet. For example, a "phone" without any network or data connection whatsoever is highly suspect, but as soon as you add in any kind of network receiver then you put the hardware wallet at risk. A Passport device would certainly be the device to try this on, since it already looks very similar to old Nokia phones, but at the same time there is no phone in existence which runs on 2x AAA batteries.

If I was crossing a border with a lot of bitcoin and was highly suspicious that I would be stopped and searched, then I think some method which includes plausible deniability is better. If such a device was inspected and discovered to be a hidden hardware wallet, then there is no way you can deny that. If you have a seed phrase encoded/hidden in pages of academic notes (for example), then you can easily just pass them off as notes.
It is not necessary to disguise hardware wallet as a phone. Although the idea of ​​making the HW look and function like a full-fledged phone seems like a good idea to me. It would be better than just HW. Not necessarily for crossing the border, but for everyday storage and use in the immediate vicinity. Let's say for everyday tasks. The more ordinary the HW device looks, the calmer the soul. Smiley In fact, there is a wide field for creativity and can mask HW under any device. For example, an audio player that is fully functional. In this case, the risk of being identified due to the lack of a network and data transmission is eliminated.
legendary
Activity: 2268
Merit: 18711
Even though just adding Snake is far from it, I had thought about a full-on 'alibi mode' that makes it look and function like an actual mobile phone (e.g. for border controls and whatnot).
Now that's an interesting idea. It would be difficult to pull off in such a way to either A) not be almost immediately obvious on closer inspection or B) not compromise the integrity of the hardware wallet. For example, a "phone" without any network or data connection whatsoever is highly suspect, but as soon as you add in any kind of network receiver then you put the hardware wallet at risk. A Passport device would certainly be the device to try this on, since it already looks very similar to old Nokia phones, but at the same time there is no phone in existence which runs on 2x AAA batteries.

If I was crossing a border with a lot of bitcoin and was highly suspicious that I would be stopped and searched, then I think some method which includes plausible deniability is better. If such a device was inspected and discovered to be a hidden hardware wallet, then there is no way you can deny that. If you have a seed phrase encoded/hidden in pages of academic notes (for example), then you can easily just pass them off as notes.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
If they are willing to include this completely pointless code for no good reason, then what other meaningless "features" will they include in the future? This is the amateurish approach I was referring to.
Right; got you. I guess then it's especially good to see that instead of adding more such 'bloat' in batch 2, they reduced it by removing that gimmicky game menu altogether, instead. Seems like they took the right direction.

We criticize other hardware wallets for adding unnecessary features, like support for shitcoins, or a flashlight, or a fingerprint scanner. I don't see this as being any different.
Of course! Even though just adding Snake is far from it, I had thought about a full-on 'alibi mode' that makes it look and function like an actual mobile phone (e.g. for border controls and whatnot). That could have actually been a useful feature for some users, however I do prefer simplifying the device to its essentials, instead.
legendary
Activity: 2268
Merit: 18711
The codebase for those games is relatively tiny, and has no access to the secure element / any interaction with the Bitcoin-related stuff whatsoever. I don't see an obvious way to mount a meaningful exploit from a bug in one of those games; the attack surface there doesn't seem very promising.
Maybe not, but with pretty much every vulnerability to affect a hardware wallet, the developers and users didn't know it was possible, otherwise the vulnerability wouldn't exist. The fact remains that including any extraneous code, even if we all think it is safe, still poses a security risk. And even if it was 100% safe, I still disagree on principle. If they are willing to include this completely pointless code for no good reason, then what other meaningless "features" will they include in the future? This is the amateurish approach I was referring to. If you are creating and manufacturing a device which will be responsible for securing and protecting large amounts of money, then I expect you to take that seriously. Programming snake on to that device is not taking it seriously.

We criticize other hardware wallets for adding unnecessary features, like support for shitcoins, or a flashlight, or a fingerprint scanner. I don't see this as being any different.

Gladly, batch 2 doesn't have games:
Glad to hear it. Maybe I'll take another look at their devices.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
It's worth keeping in mind that only the first of these 3 has no option for altcoins whatsoever (you fund altcoin support development by buying a device that can support alts).
But they still have a bunch of completely unnecessary code on their device. The entire point of wanting bitcoin only firmware is to minimize the attack surface. Throwing in a bunch of unnecessary code (for games, no less!) completely defeats that purpose,
Are you referring to the Passport's hidden game menu?
I understand that and brought it up myself in my review, but it's on a whole different level than adding support for one more coin.
The codebase for those games is relatively tiny, and has no access to the secure element / any interaction with the Bitcoin-related stuff whatsoever. I don't see an obvious way to mount a meaningful exploit from a bug in one of those games; the attack surface there doesn't seem very promising.

But of course, it's unnecessary and just the idea of adding 'bloat' of any kind is already wrong in the first place.
Gladly, batch 2 doesn't have games:
https://github.com/Foundation-Devices/passport-firmware/search?q=snake
https://github.com/Foundation-Devices/passport2/search?q=snake

not to mention shows a very amateurish approach to security, and is one I simply cannot get behind, which is a shame because I do like the look of the Passport device otherwise.
Amateurish approach to security in general or just related to that hidden game menu?
Because general security-wise, everything seems very thought through and openly explained.
https://github.com/Foundation-Devices/passport-firmware/blob/main/SECURITY/SECURITY.md

I especially love that the open-source hardware can actually be verified for integrity through different means; if it wasn't, the benefit of open-source hardware would be somewhat limited for most users, especially when talking about security, supply chains and various types of hardware attack vectors.
legendary
Activity: 2268
Merit: 18711
To be fair, I personally believe the AOPP thing was 'easier to miss'
That may be so, but the fact remains that it was designed by a blockchain analysis company to help promote government regulations. If random members of the community can see the inherent problems with that, then Trezor (and all the other wallets which initially signaled support) should have known better too.

It's worth keeping in mind that only the first of these 3 has no option for altcoins whatsoever (you fund altcoin support development by buying a device that can support alts).
But they still have a bunch of completely unnecessary code on their device. The entire point of wanting bitcoin only firmware is to minimize the attack surface. Throwing in a bunch of unnecessary code (for games, no less!) completely defeats that purpose, not to mention shows a very amateurish approach to security, and is one I simply cannot get behind, which is a shame because I do like the look of the Passport device otherwise.

Good alternative option is to step away from all manufacturers and make your own DIY devices with rapsberry pi zero and similar devices (seedsigner and krux).
Yeah. I own both Ledger and Trezor devices, although I haven't used either of them for serious amounts of coins in a long time now. More than happy with my various cold, airgapped, and paper wallets.
legendary
Activity: 2212
Merit: 7064
Honestly, I don't see this happening. I've yet to encounter anyone who likes the idea of such a device and Bitcoiners in general seem to get more educated and more cypherpunk - thus committed and usually able to handle their seeds themselves - by the day.
I would be careful with block/square in near future, because based on their history they have plan to sell this hardware wallets in big packages to various companies and bussiness, not so much directly to individuals.
Than this companies would offer Block wallets to people who work for them or their partners, along with other Point of Sale devices they offer.

At most, a company like Ledger that is targeting non-Bitcoiners (watch their music video advertisements, NFT and Altcoin focus), may start rolling out something similar.
I think Ledger is mostly targeting shitcoiners Cheesy
All updates on their ledger live application is mostly altcoin related, adding and updating bunch of worthless tokens all the time.

Which hardware wallet manufacturer would people say is the most focused in this regard? Passport?
I would say that Passport and Trezor are still on top, especially with upcoming Trezor device with new secure element and bitcoin only firmware.
Good alternative option is to step away from all manufacturers and make your own DIY devices with rapsberry pi zero and similar devices (seedsigner and krux).
I am saying anything is perfect, and there are always pros and cons for everything you choose.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
But fortunately, there are enough competent companies that I'm confident won't lose their focus on sovereignty and commitment to the Bitcoin ideals.
I do think dkbit98 has a point here. Even the two biggest "classic" hardware wallet manufacturers - Ledger and Trezor - have made a bunch of questionable decisions recently, such as Ledger integrating a KYC dedit card in to Ledger Live, and Trezor implementing AOPP before having to 180 and remove it after community backlash. It's quite clear that neither company is solely focused on a "commitment to Bitcoin ideals".
To be fair, I personally believe the AOPP thing was 'easier to miss' - compared to integrating KYC - as it was disguised as 'well it's just simplifying message signing for users' (something that's always been possible and enforced by some exchanges).
So, a bunch of wallets I like and still use till today, just went with it and added AOPP support. Fortunately, they realized their mistake when the community pointed it out and reverted it in days, if not hours.

Which hardware wallet manufacturer would people say is the most focused in this regard? Passport?
I can't really say for sure; there's no perfect device. But most focused, probably Foundation Passport, yes.

First criterion would be Bitcoin-only (at very least the option to get a Bitcoin-only firmware); that already eliminates a lot of hardware wallets.
My list after that criterion would be:
  • Foundation Passport
  • Trezor Model One & Model T
  • Keystone Pro
  • BitBox02 Bitcoin-only
  • Coinkite ColdCard

Then, Bitcoin for me is synonymous with open-source and verifiability - hardware and software. This removes a few again, leaving us with the following (to the best of my knowledge).
  • Foundation Passport
  • Trezor Model One & Model T
  • BitBox02 Bitcoin-only

It's worth keeping in mind that only the first of these 3 has no option for altcoins whatsoever (you fund altcoin support development by buying a device that can support alts).

I know I really sound like a Passport shill in threads, but I encourage anyone to read my honest, unsponsored review in which I point out all of its flaws and issues and I think I'm vocal enough about them. It's just that for me, as of now, it's the only device that ticks all the 'essential' boxes, even though it does have its flaws.
Pages:
Jump to: