Topic: Square is considering making a hardware wallet for Bitcoin - page 8. (Read 3812 times)

Well, it's possible this 'feature' will be dropped. Or opt-in or something. As you correctly say, it would be possible to build a system like this:
[1] setup normal 2-out-of-3 multisig
[2] they refuse to cosign for large amounts
---
^ this is the first 'killer feature' they want to implement

[3] they have an encrypted version of your two seeds (local encryption before sending & open source software could make this fairly trustable)
[4] if you lose your two seeds, they can give you those encrypted ones and you have to enter a password to decrypt them
---
^ this is the second 'killer feature'

However, [4] requires choosing and safely storing a strong password, which completely defies this whole concept that is based on the assumption that people don't want to write down and securely store a 12 word seed.

So technically, the two things they want to accomplish, are possible, but then the whole thing makes no sense. If there's no encryption at play, so no password to be written down, then it's not secure as they claim and they could steal all your funds at any time. So it wouldn't make sense either. This is the dilemma I keep talking about.

Another point to consider: We haven't talked about privacy yet, have we? If your wallet sends transactions to their server to be cosigned, especially if you also use other Square apps (they can share data amongst each other, even on iOS) and / or use the proposed exchange feature inside the wallet, all your transactions will be linked to your real life identity.

If they want to play the semantics game, technically even an exchange's hot wallet could be considered 'full control', claiming you can click the 'withdraw' button any time and nobody else, so you and only you have full control over those funds (I know, right? Utter bullshit.)

Me neither, nor am I defending that model. I am just making conclusions based on the things that have been revealed here about Square.

You have (full) control in the sense that you can move your coins without requesting permission (It sounds incredibly stupid even writing this when you are thinking about Bitcoin) from Square because you have two of the private keys. But you don't have full control when it comes to the sole custody of said keys and the coins they are supposed to protect.   

Agreed, but I really don't see how it can be anything else. If they can recover both your mobile key and your hardware key if you are to lose both devices, then they must be storing all three keys in some way. They might claim they are encrypted, that Block can't access them, and so on, but that will be impossible to verify and you are still left trusting a third party completely, both for their honesty and their technical competence in setting up their back end and security systems.

I don't consider shared control to be full control. Full control means that I, and I alone, have control over my coins. If you can unilaterally move my coins and therefore revoke my ability to access them, then I don't have full control over them.

Compare that with a traditional (non-Square) 2/3 multisig setup. If you lose 2 out of 3 private keys, is it possible for you to recover them by proving to a company that you are the legitimate owner? And if such a system exists, that means they store the keys as well "protected" behind some security questions, passwords, or PINs. If you lose 2 out of 3 private keys in a normal multisig, your coins are gone. If you do the same with Square's device, there is no need to worry. But we know what that means.

You probably will have full control, meaning access to 2/3 signing keys if they go for a 2/3 multisig. The thing they aren't telling you is they will have full control as well. Shared full control of private keys.

It would honestly be kind of disappointing, because other plans and projects from them don't sound too bad, as I remarked earlier. For instance, having a new ASIC manufacturer around would always be great to see, but if they were really to sell such a misleading product at the same time, it would be hard to support such a company.
I guess it really remains to be seen because any info we have and get from them, even now, months later, is still super unclear.

Or, option 3, they know fine well that they will be storing all your keys in some form and therefore have complete control over your coins, but as Pmalek says, they are counting on the fact that their target audience won't understand this and are being deliberately misleading with their marketing when they say that you will have full control over your funds.

I know, but as Leo says in below quote, it makes no sense. It's easier to write 12 words; people write and protect important information on paper since forever. It's not hard, it's known and intuitive and there's little that can go wrong.


Honestly, when they first announced the device, the information available was so vague that I also thought 'they have an idea / pitch right now that makes no technical sense'. There were contradictions and other issues we talked about in the first pages of this thread. It's not gotten much clearer by now and the things they keep claiming sound and feel mostly like 'yeah, that's good enough to get some investors'. But I'm not certain they've figured out the rough architecture of the system by now.

The wallet is supposedly recoverable even if you lose your phone and the device, so there's no need for either at all. Anyone with basic knowledge of Bitcoin can understand this. Then it's just an online wallet with extra steps. But at the same time they claim that it's not just an online wallet. So it remains to be seen if and what they'll come up with, but honestly if you go for simplicity, there's nothing really much better than a software wallet and maybe a support person to talk to. As soon as you introduce extra hardware it gets more complicated than without it.

I think there are some good companies, but they are those who really embrace the Bitcoin spirit, open source and everything that comes with it. Compare Lightning Labs' LND (tons of marketing, performance issues, hindering development of privacy stuff like bolt12, trying to develop own / proprietary stuff) against Blockstream's Core Lightning (little marketing, runs on any hardware, lots of community contributions, modular, ...). For me, you already feel a difference if you compare LL people to Blockstream's Adam Back, of course long-time forum user here as well.

These are exactly the contradictions I'm talking about. They either have massive miscommunications between each other, or they don't yet actually know how they want to implement the whole thing.

Which will be impossible to verify since we do not have access to their back end to verify anything that they say. Even the entire set up process could be insecure and expose your keys before you even set up the back up. And even if they don't actually have access to it, it still leaves it open to attack.

Maybe they should recommend users write that down on paper then so they don't lose it, since it is so important. And make sure it is a very strong password. 12 random words should do it.

Pulling something out of the air in terms of the recovery if you loose every device I can see them storing it in a way that they don't have access to but you do. Kind of the way the lastpass / and other password managers do it.

But it would still rely on the user knowing username & password & some other form of data. That would make it vulnerable to the $5 wrench attack. Unless there is another failsafe. Something like you need to wait "X" days before it's recovered. Still FAR from perfect or even a good idea.

-Dave

We already have very trusted hw wallet manufacturers and their products work perfectly. I don't see any value making another hw wallet tbh. But then I don't understand why people still get into the restaurant business while they are already at every corner neither.


I don't think Jack knows that much about hw wallets. I don't even think he understands crypto completely. He is definitely not an expert but has lots of money so...

I know mate, but the thing is, you are telling it to the wrong crowd. I am not going to be their customer and I don't see anyone else who regularly frequents this board to become one either.

And that's another thing. Those who will be tricked into purchasing this hardware device, won't have any clue of what satoshi wanted with the creation of Bitcoin. They will see Bitcoin as that new fancy kind of money that you buy today, and when you sell it in a year, you get more USD for it. Not to mention that if you verify your identity and submit your documents, the exchange gives you an extra $10 for free. It's awesome. 

According to this page - https://wallet.build/how-the-wallet-works/ - the wallet is a 2-of-3 multi-sig with one key stored on the mobile app, one on the hardware device, and one on the cloud. This allows a user to spend small amounts using only their mobile app (by signing with mobile key and cloud key), but require the mobile app and hardware device for larger spends (as the user can specify an amount above which Block will refuse to co-sign transactions from the mobile app, therefore requiring the hardware key instead).

However, the same page also says this:

If you lose 2 out of 3 keys, but then Block can somehow magically recover access to your coins, then although they say they only store one key they must be storing at least another key and therefore have complete access to your coins at any time.

Yes, but as I said, this isn't a matter of simplicity, but responsibility. It really can't go more simple than writing down 12 words. You don't make it more simple by handing out your custody to Square, you're just ignoring the downsides. Despite the fact that such service doesn't make sense, it's plainly ironic to use bitcoin that way. Satoshi's turning in his grave. 

Can't look forward 'til the first Square's keys' breaching.

And with an account owned by someone else, you just have to enter your username and a password or maybe your email or a scan of your fingerprint and you are in. If you forget any of your data, you just ask Square and they will be happy to help in contrast to non-custodial Bitcoin solutions (bad Bitcoin, get down), where you have to go through the horrors of writing with your own hand. Yuck! When given a choice between the two, the average halfwit would rather not do or learn anything. 

But this isn't a matter of simplicity. With a non-custodial wallet, you just have to write down a seed phrase; it doesn't go more simple than that. Besides, if you're going to do something, do it right. If, say, they want to convince the people use bitcoin, they should just leave some links to educate themselves. There are lots of excellent sources to begin with.

But, that's not what they want. The existence of this recovery service displays that they put their sales above their project's fundamentals. They don't want educated clients. They're a business, trying to sell their new product to their followers, most of which have no idea of what they're paying for.

I don't think users of their device will have any keys or seeds. They will have accounts while the keys are stored elsewhere.

I don't know if you ever watched South Park, but I remember one episode where the Americans believed that China was planning to invade them. I can't remember the specifics. Anyways, they sent a team of experts to China in an attempt to discover proof of the invasion. The Chinese knew what they were doing, so once the Americans arrived they kept taking them to restaurants, night clubs, and held presentations talking about how Americans have huge penises, while the Chinese penis is so small. They returned home happy by the size of their junk, but forgot why they went to China in the first place. Anyways, the point is diverting the attention from the important things (security, custody, wallet safety) and make them focus on something else so they wont ask questions.

Exactly! Block is well aware of that. But they are going to do everything in their power not to inform their users about it. And those who know (like yourself), aren't their market anyways. That's the sad reality of it all.

But he also says in the video that if you lose your phone (and therefore the wallet app it contains which allows you to spend all your coins and therefore must hold your private keys), then you can recover it using their cloud recovery service, which means this cloud recovery service must keep either your private keys or a seed phrase.

Block obviously have a huge budget, and they seem to spending a lot of that budget on marketing, videos such as this one, and so on, in an attempt to convince people that they are incredibly stupid and can't possible handle something so insanely complicated as writing down 12 words on a piece of paper.

Until the government come along and force Block to use their copies of your private keys to seize your funds as part of some nameless and faceless investigation. If Block can recover your coins, then they can steal your coins. It's as simple as that.

"where's the 'be your own bank' spirit gone?" - Not only do they not want to, but many even can't. Someone, because of their laziness, is not ready to learn new things, and someone is simply not ready for this - there are still many people for whom even making a couple of clicks on a PC is an extremely difficult task. Although it may seem incredible to many of you.

It has long seemed to me that ease of use is needed for bitcoin mass character, because most people don't want to make unnecessary "body movements". The simpler, the more massive. This is exactly what Square wants to give to its audience. Since they are already in the process of implementation, it means that their analysis and risk department (or whatever they call it) studied the prospects and demand of users in detail, which means they saw opportunities to meet their needs.

Square is already on its way to implementing its plans. What can their opponents do? Nothing. This fight has already been lost before it has begun and is similar to the fight against "windmills".

They offer people what they desire - less stress and indulge their laziness. HW from Square is doomed to success.

Offer people the freedom and control of their finances, but given that there are many things to do in terms of learning, managing and controlling security, they will refuse it. They will give up in favor of complete dependence for the sake of "getting rid" of "difficulties" and for the sake of simple actions with a finger on a smartphone screen.

More and more often I have the idea that bitcoin is still not for everyone. Not because someone is "chosen" or better than others, but because not everyone is ready to take control of their financial assets, manage and be responsible for them.

It never arrived in the first place. The majority of people don't want it. Not even all Bitcoiners want it. Despite using Bitcoin, you can still come across stories of people getting hacked and losing millions of dollars worth of coins they kept in this or that exchange because it was "easier" for them. 

I am afraid that Square will have great success with this hardware thing that will come out one day. You are underestimating the laziness of many, many people. And that's the target audience for Square. Instead of being your own custodian (boring) who has to write down weird words on a piece of paper by hand (how awful), buy this fancy new device that has an app. You click on the app, swipe your fingers here while you enjoy the great graphics and design we made, and you are done. If you run into any problems, click on this button and we promise we will help you. It's all in the cloud, don't worry. Way toooo many people will feel like that's all they need. 

He doesn't say they keep your keys, but "a part of your wallet" - whatever the hell that means - but it's true that it makes zero sense. What's so difficult about actually promoting self-custody and privacy? Simple principles.

---

Is it just me or do you also believe there's nothing legitimate behind most of those bitcoin companies? Am I the only one who feels they're spending more time on marketing, talking about it in social media - generally on the appearance, but not on the actual thing?