Pages:
Author

Topic: Square is considering making a hardware wallet for Bitcoin - page 6. (Read 4017 times)

legendary
Activity: 2268
Merit: 18771
I have nothing against people who want to use this babysitter approach, but make it optional and give people a choice to not use it if they want to take the risk.
It is optional. The option is not to buy this custodial, impossible to properly back up, product and to buy a real hardware wallet or use an airgapped computer instead. Tongue

But fortunately, there are enough competent companies that I'm confident won't lose their focus on sovereignty and commitment to the Bitcoin ideals.
I do think dkbit98 has a point here. Even the two biggest "classic" hardware wallet manufacturers - Ledger and Trezor - have made a bunch of questionable decisions recently, such as Ledger integrating a KYC dedit card in to Ledger Live, and Trezor implementing AOPP before having to 180 and remove it after community backlash. It's quite clear that neither company is solely focused on a "commitment to Bitcoin ideals".

Which hardware wallet manufacturer would people say is the most focused in this regard? Passport?
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
That's all well and good, but their idea of having a 2-out-of-3 multisig that can be restored through their servers after losing 2 user keys is privacy-infringing at best and insecure & unreliable / not resilient at worst.
This is not their own invention by any means, I think that Blockstream (and maybe some other manufacturer) is using very similar strategy with their Jade hardware wallet for years.
I have nothing against people who want to use this babysitter approach, but make it optional and give people a choice to not use it if they want to take the risk.
The problem with making it optional is that it lacks the basic features required to use it standalone, that I listed above.

Problem with this approach is that it could happen something similar like with iPhones, they remove chargers from box and next year everyone removes charger from packaging.
In scenario with Block hardware wallet taking big market share, other brands (like ledger) could easily follow to make similar change.
Honestly, I don't see this happening. I've yet to encounter anyone who likes the idea of such a device and Bitcoiners in general seem to get more educated and more cypherpunk - thus committed and usually able to handle their seeds themselves - by the day.
At most, a company like Ledger that is targeting non-Bitcoiners (watch their music video advertisements, NFT and Altcoin focus), may start rolling out something similar.

But fortunately, there are enough competent companies that I'm confident won't lose their focus on sovereignty and commitment to the Bitcoin ideals.
legendary
Activity: 2212
Merit: 7064
That's all well and good, but their idea of having a 2-out-of-3 multisig that can be restored through their servers after losing 2 user keys is privacy-infringing at best and insecure & unreliable / not resilient at worst.
This is not their own invention by any means, I think that Blockstream (and maybe some other manufacturer) is using very similar strategy with their Jade hardware wallet for years.
I have nothing against people who want to use this babysitter approach, but make it optional and give people a choice to not use it if they want to take the risk.
Problem with this approach is that it could happen something similar like with iPhones, they remove chargers from box and next year everyone removes charger from packaging.
In scenario with Block hardware wallet taking big market share, other brands (like ledger) could easily follow to make similar change.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
Block (ex Square) developers decided to reveal more information about their upcoming hardware wallet device, and this time they talked more about processors.
They first considered making their own open source ASIC processor but that would prolong release date, and have other complications along the road.
This is why they decided to choose one of three models, Secure Element (SE), System on Chip (SoC), and Microcontroller (MCU).
Final choice was Silicon Labs EFR32MG24 secure MCU  that is based on the ARM Cortex-M33 architecture, and they plan to release firmware and hardware design open source as much is possible.

Looking at their release design we can see device with usb-c connection, Li-Po battery, fingerprint sensor, nfc coil and rgb led.
In heart of everything is Silicon Labs EFR32MG24:


https://wallet.build/processing-our-processor-choice/
https://www.silabs.com/wireless/zigbee/efr32mg24-series-2-socs
That's all well and good, but their idea of having a 2-out-of-3 multisig that can be restored through their servers after losing 2 user keys is privacy-infringing at best and insecure & unreliable / not resilient at worst.
I sincerely hope they strip that and make it just a hardware wallet with (obviously) the option of doing plain old, regular multisig. Offering users the option to give them one of the 3 keys, would still be possible.
But a few things are just needed for any good hardware wallet (non-exhaustive, just stuff that this current device is missing in its current form):
  • Seed phrase backup / export
  • Restorability without aid of external server
  • Possible to use without external server
  • Screen to verify transaction details
legendary
Activity: 2212
Merit: 7064
Block (ex Square) developers decided to reveal more information about their upcoming hardware wallet device, and this time they talked more about processors.
They first considered making their own open source ASIC processor but that would prolong release date, and have other complications along the road.
This is why they decided to choose one of three models, Secure Element (SE), System on Chip (SoC), and Microcontroller (MCU).
Final choice was Silicon Labs EFR32MG24 secure MCU  that is based on the ARM Cortex-M33 architecture, and they plan to release firmware and hardware design open source as much is possible.

Looking at their release design we can see device with usb-c connection, Li-Po battery, fingerprint sensor, nfc coil and rgb led.
In heart of everything is Silicon Labs EFR32MG24:


https://wallet.build/processing-our-processor-choice/
https://www.silabs.com/wireless/zigbee/efr32mg24-series-2-socs
legendary
Activity: 2730
Merit: 7065
Square/Block is right about one thing in their latest blog post, people are generally terrible at creating and remembering secure passwords, and even worse in remembering seed phrases.
They are, but that doesn't mean they should get rid of Bitcoin's underlying security feature. More precisely, they aren't getting rid of it, they are just keeping the information for themselves in a cloud.

According to them people shouldn't be allowed to use any passwords or pin codes in their life, and they would need to have virtual babysitter cloud for everything they do in life.
One should never generalize and think that everyone is the same, but that's not that far from the truth. When I consider my friend circle, I know many instances where they have been hacked, or had their devices and social media infected with nasty stuff. It was particularly funny when one friend got some malware that would shout insults over private messages to random people, so his parents got pissed at him for cursing at them. The occasional invitation for group sex from your aunt and uncle is also not to be forgotten, or links to download Severina's porn movie. I have seen how people work their phones. They open weird links that redirects them somewhere with popups and messages and without thinking or reading they just click the first button they see in an attempt to close the ad or whatever it is as fast as possible. But not everyone is like that. 7/10 or 8/10 probably are.   
legendary
Activity: 2212
Merit: 7064
Square/Block is right about one thing in their latest blog post, people are generally terrible at creating and remembering secure passwords, and even worse in remembering seed phrases.
However, I think they are wrong when they say that most of the new people are intimidated by seed phrases, but they can act irresponsible and enter seed words in random phishing scam websites.
According to them people shouldn't be allowed to use any passwords or pin codes in their life, and they would need to have virtual babysitter cloud for everything they do in life.
If I understand correctly they have a plan to use some kind of Cloud Backup and I don't like this, even if it's encrypted, it's someone else computer device.

Just reading some of the comments on their Twitter post and some people ''can't wait'' for this device to be released... like it's solution for all their problems  Roll Eyes
https://twitter.com/max_guise/status/1557400948737069057?s=20
legendary
Activity: 2268
Merit: 18771
The more I have thought about this the more uneasy I am that they are doing away with seed phrases altogether. The only way to fully back up your wallet with the description they have given is with social recovery. Without using social recovery, then if you lose your phone and hardware wallet then your wallet is permanently lost (actually, Block can still access it, but they say they won't).

By using social recovery, you are reducing the security of my wallet and my coins to that of my recovery users' email passwords. And as we all know, people are in general horrible at generating or using secure passwords, at not reusing passwords across sites, at keeping passwords safe, and at continuing to use passwords which have been compromised in data breaches. You also have to blindly trust the email providers of all your recovery contacts, for both the security and the ongoing functioning of their service. And you also have to blindly trust Block themselves, for both the security and the ongoing functioning of their service. If any of these things fail, then you do not have a back up of your wallet.

Just give me a seed phrase already.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
The other side of this is I really don't think we are their target audience. Taking a GIANT step back from good / bad I think I see where they are going with this.

They seem to be heading down the rode filled with people who want to buy / sell / trade / use crypto but not really deal with it or learn about it.

The kind of people who take 2 online security classes and think they are not cybersecurity experts even though they have no idea how to do a DNS query from the command line.

The kind of people who buy a Corvette and now think they can drive better by virtue of having a sports car.

etc.....
[...]
I don't disagree, but I don't see how what they're offering is any more convenient, more simple or gives the user more confidence than going through a multisig setup with a professional from https://keys.casa/ step by step and doing it right with a helping hand guiding you along.

If I think about technologically 'weak' people around me, I'm sure as hell they'd prefer Casa over a complex system like this and there is ZERO chance they'd be able to restore a cloud backup of their phone, have friends who can be trusted to still have access to their email address in a few years' time, etc...
While giving them a phone number to call and providing instructions as to which words to put into which software is definitely something I can see them able to do.

This is my benchmark and Square is probably going to losing it on every point (in my opinion).
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
It's 2022. We already have Corporate Business Digital "Currencies". Apple Pay, Meta Pay, Google Pay etc. It doesn't matter if you're paying in USD, it's as centralized as possible. There are already countless of merchants who adopt these payment methods, and these mega companies have massive control. Tell me why an "AppleCoin" would make any sense.

It would only make sense if the adoption of cryptocurrencies reaches a certain level.

Then you can guarrentee that some idiot somewhere is going to think that shelving their physical gift card system and converting their digital gift cards to be backed by fixed units of CDBC is a good idea, and everyone's going to copy the first company that does it (probably Apple, if nobody challenges their supremacy by then).
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
It's 2022. We already have Corporate Business Digital "Currencies". Apple Pay, Meta Pay, Google Pay etc. It doesn't matter if you're paying in USD, it's as centralized as possible. There are already countless of merchants who adopt these payment methods, and these mega companies have massive control. Tell me why an "AppleCoin" would make any sense.

On the other hand, a Central Bank Digital Currency (these companies can use as their software's unit) makes a lot more sense.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Hal Finny once wrote (here on the forum) that he believed Bitcoin will become the backing currency for several independent currencies.  I have a feeling he's right.  As more and more companies start acknowledging the benefits of bitcoin, they'll see their are also benefits to having their own custom currencies.  I suspect that some day Amazon gift-cards will give way to Amazon Alt-Coin.   Any retailers or bank can start offering incentives to using their custom cryptocurrency.  In fact, I'd be surprised if the credit-card issuers like Visa and MasterCard aren't already working on such a thing.  If they're not, they're being short-sighted.

There. You (and Hal) hit the nail on the head.

I don't think anyone here is going to be surprised if Amazon indeed launches an "AmazonCoin" to replace their Gift Card system, Apple launches an "AppleCoin", etc, around 2040, only instead of using a decentralized blockchain, it is actually just a CBDC (Corporate Business Digital Currency) that can only be settled on their own servers i.e. there is no offramp.
legendary
Activity: 2268
Merit: 18771
With the square wallet YOU have to start the process. Not saying it's better, but it is something to think about.
Social recovery is used if you have lost both your phone with the Block app installed and your hardware wallet. So you would be emailing Block or filling in an online support form with details such as your name, address, or whatever else you handed over to Block when you first set up your account, or perhaps some of your bitcoin addresses so they can identify your account. It stands to reason that one of your trusted contacts, if they were conspiring with your other trusted contacts to steal your money, would be able to spoof this information without a huge amount of trouble. I don't think that presents any real barrier over your own multi-sig set up.

I thought about it more since I posted it, and I am still going with we are not their target audience. And looking at it as if we are gives a certain view.
Those who don't know how, aren't willing to learn, or just want it done as quickly as possible without lifting a finger, those are the potential customers.
I accept those points, but I guess this goes back to what we discussed just the other week here: https://bitcointalksearch.org/topic/m.60661465

We are not the target audience for web wallets like blockchain.com, but we still discuss it and we still warn newbies (who are the target audience) just what a terrible idea it is to use such a wallet. And while I am not the target audience for this Block wallet, that doesn't mean I shouldn't discuss all the security and privacy vulnerabilities they are introducing with their recovery methods, especially since they themselves seem to be glossing over all these disadvantages and presenting their set up as some sort of new gold standard.
legendary
Activity: 2730
Merit: 7065
Then set up your own multi-sig and give the seed phrase/xpub back ups to your trusted contacts yourself. Absolutely no need to involve a centralized third party with all the trust, security, and privacy implications.
I don't disagree with what you are saying, and you are right. However, those who know or are willing to learn how to create multisig systems won't be targeted by Square as potential customers. Those who don't know how, aren't willing to learn, or just want it done as quickly as possible without lifting a finger, those are the potential customers. And I am afraid that group is much bigger then the first one.

But the catch with that is they collude and can recover the BTC without you.
Even if you have 9 of 12 multisig if 9 of those people get together they can take your money.

With the square wallet YOU have to start the process. Not saying it's better, but it is something to think about.
Square might change their opinion about this and make it possible that the trusted contacts start the recovery process as well. They really shouldn't though. What happens if the owner of the coins dies and the social recovery is the only way to get access to the coins? 
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Then set up your own multi-sig and give the seed phrase/xpub back ups to your trusted contacts yourself. Absolutely no need to involve a centralized third party with all the trust, security, and privacy implications.

But the catch with that is they collude and can recover the BTC without you.
Even if you have 9 of 12 multisig if 9 of those people get together they can take your money.

With the square wallet YOU have to start the process. Not saying it's better, but it is something to think about.

I thought about it more since I posted it, and I am still going with we are not their target audience. And looking at it as if we are gives a certain view.

There are some people who are perfectly happy with the coffee at 7-11, there are others that these people: https://georgioscoffee.com/collections/frontpage are just about adequate in a pinch and the 7-11 coffee is good for cleaning drains....

You can probably take a look at just about anything and see how enthusiasts look at items that are way way way sub optimal perhaps to the point of being actively bad in their opinion but are just fine for people who 'just want to use it' and don't care.

See the above 7-11 coffee as an example, some people think of coffee as just being a caffeine delivery system vs people who like good coffee vs people who setup their own coffee roaster in their garage.

-Dave
legendary
Activity: 2268
Merit: 18771
They can just now know that their keys are in this thing and they are theirs and if something goes wrong they can get them back.
I appreciate your points, but here's the thing - the keys aren't fully theirs. One is stored by Block. One is stored in the cloud. One can be accessed by your trusted contacts. There are a lot of additional attack vectors here beyond a classic hardware wallet and a seed phrase back up.

I actually don't dislike the "social recovery" method that much.
Then set up your own multi-sig and give the seed phrase/xpub back ups to your trusted contacts yourself. Absolutely no need to involve a centralized third party with all the trust, security, and privacy implications.
legendary
Activity: 2730
Merit: 7065
I actually don't dislike the "social recovery" method that much. I wouldn't use it, but judging by the brief explanation you provided, it remains an option. Not one I would take rather then seed phrases and passphrases, but still. If we rule out the possibility that all your trusted contacts turn on you and they don't lose access to their emails or get hacked/phished at the same time, they will be able to confirm if you are the one who is trying to access your seed or not. They can meet you in person and ask, they can call you, they might even live in the same house as you...

2 out of 3 persons have to confirm it really is you. And it's an optional feature. But they didn't mention if it's possible to change your trusted contacts in the settings. If your best friends sleeps with your wife, maybe you should change both. Grin

It still remains an unappealing system altogether, but no one will take us seriously if millions of people around the world decide that's exactly what they need. Embarrassed
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
The other side of this is I really don't think we are their target audience. Taking a GIANT step back from good / bad I think I see where they are going with this.

They seem to be heading down the rode filled with people who want to buy / sell / trade / use crypto but not really deal with it or learn about it.

The kind of people who take 2 online security classes and think they are not cybersecurity experts even though they have no idea how to do a DNS query from the command line.

The kind of people who buy a Corvette and now think they can drive better by virtue of having a sports car.

etc.....

OTOH it's probably the same way professional stock traders look at people here and go "Oh, how cute, you bought 2BTC for $20000 last week and just sold them for $24000, I bought 500000 shares of F at $15.95 yesterday at 11:55 AM and sold them at $16.07 45 minutes later PM but yeah, you are a trader......"

We look at this thing and see a security / privacy disaster. Others look at it as something entirely different.

Look at is as a device for people who don't know, BUT ALSO DON'T WANT TO KNOW. They understand the "Not your keys, not your coins" but don't want to know what a key is or why it is or anything else. They can just now know that their keys are in this thing and they are theirs and if something goes wrong they can get them back.

Not saying it's good, just what I think it is.

-Dave
legendary
Activity: 2268
Merit: 18771
Latest update: https://wallet.build/losing-your-keys-without-losing-your-coins/

In summary:

  • If you lose your phone, you can recover the app and its associated private key from a cloud back up. Because we all know how legendarily secure cloud back ups are. Roll Eyes
  • If you lose your hardware device, you can sweep all your coins to a new multi-sig set up after a delay. Better hope you see the app notification warning so you can cancel the transaction if someone else requests the sweep!
  • If you lose both, you can use social recovery if you set it up in advance. Block will email some trusted contacts who will then be required to confirm it is you who is making the request. You can then use the server key plus your cloud back up to access your coins. This becomes a massive attack/phishing vector as well as relying on a whole bunch of unknowns, such as trusted contacts remaining trusted, continuing to have access to email accounts, not forgetting passwords, email clients not shutting down or locking them out of accounts, etc.

The blog post goes to great lengths to explain how bad seed phrases are. It also gives three scenarios in which the above three recovery methods would be necessary. In all three of those scenarios (lost your phone, lost your hardware, your house burned down), a seed phrase back up secured off site would solve all your problems immediately without having to rely on cloud servers, trusted contacts, delayed sweeps, etc., and all the attack vectors and points of failure that these things introduce.

It also seems quite concerning that if you don't set up social recovery, then you actually have no way of recovering your wallet.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
Do you know whether Electrum on Android supports hardware wallets or exporting and importing PSBTs in general? Being able to do so would also be handy if someone had a PC-based airgap setup (keys on old offline PC).
The Android version of Electrum doesn't support hardware wallets. During the creation process, there is no option to pair it with a hardware wallet. Regarding PSBTs, I have never tested it personally, but since Electrum for Android allows for scanning of QR codes, I am guessing that it should work. 
Alright, nice. I will try it out soon with Passport. In theory, watch-only of Passport's xpub + PSBT input / output support would fully qualify as 'hardware wallet support' for this specific device.. Smiley
Pages:
Jump to: