Topic: Square is considering making a hardware wallet for Bitcoin - page 9. (Read 3812 times)

So I've been through the video, here are the parts which are relevant to the hardware device they are building:

https://youtu.be/Vlj72Em7kmk?t=654
Talks about the three way split they are using again, between mobile phone, hardware device, and the cloud, but goes in to very little detail. Specifically, gives absolutely no technical details at all about how the cloud recovery service is going to work or what data is actually stored on the cloud.

https://youtu.be/Vlj72Em7kmk?t=816
He mentions offering a subscription service for their recovery services. So now we have to pay Block to hold our keys for us? Sounds great!

https://youtu.be/Vlj72Em7kmk?t=830
Partnering with centralized exchanges to earn income from referrals to them. Sounds great for your privacy!

https://youtu.be/Vlj72Em7kmk?t=860
Goes back to what I said here: https://bitcointalksearch.org/topic/m.59309830. Your data will absolutely be shared.

That marketing is very good, but they are using very good marketing to try to convince people that having three different things you have to look after and depending on a third party recovery tool is somehow easier than just writing down 12 words, which I do not buy at all. And I'm disappointed that they still haven't released any details whatsoever on how this third party recovery is going to work. The longer this goes on the more I think that they don't actually know themselves.

I think they want to create something that all people can use, even if they are not using their brain at all, and most people are sadly constantly on autopilot mode.
Block want's to make hardware wallet for dummies, so they won't have to worry about securing seed phrase or private keys at all.
However, I am not saying that everything Block is doing is bad, they are sponsoring bitcoin developers, making dex exchange, and this wallet will have it's customers for sure.
One reason for this is that Block wallet will be just a small part of their much larger financial ecosystem, so many people who already use their services will probably buy this wallet, especially if they can earn something from it, like they plan.

If you have to rely on some cloud to access your funds, you'll run exactly into the issue Bitcoin was made to solve; where's the 'be your own bank' spirit gone?

I have yet to try it, but I believe the approach Casa is bringing to the table (when it comes to serving normal / tech-illiterate users) is the right way to go; self-custody using hardware wallets and multisig is more secure, there is no trust and due to full independence it's much more in line with the actual idea of Bitcoin.

Actually for real newcomers that don't want to spend money and just want to play around with small amounts, it's cheaper, easier and faster to use the BlueWallet or Muun Apps than buying any sorts of hardware device so I'm not even sure there's a market for what they're making. Anyone ready to spend some money and time to set stuff up, will probably quickly come across the more legit and feature-rich, as well as more independent and secure wallets that already exist for a long time.

@dkbit98, I've watched part of the video so far and the hardware wallet part is honestly pretty confusing. First, he talks about all the issues about not having self-custody, but then he presents this super complex system, with phone, hardware device, cloud, accounts, subscriptions, something about exchanges(?)... It seems they're overcomplicating the whole thing a lot, just to solve the apparent issue of writing down a few words and keeping them safe. Honestly, it may seem outrageous to some people, but folks have been securing a lot of stuff by 'writing it down and storing their paperwork securely' for decades. Think of even ordinary people's physical address books or password books; they never lose those. So seed words are more intuitive and easy to secure for the majority of people, than lots of technical folks may assume.

If they really want to 'build this in the open', not only should the hardware and software's code be open source, but the backend code would also need to be open source. It should also at least be possible to self-host this server software, if it's not the default; though I highly doubt many will do that, if they don't even run a Bitcoin node.

What I absolutely love is that it seems we're finally going to get another ASIC manufacturer; not based in China and even with open-source and ready to buy ICs! I'll definitely grab some of those for a few projects I have in mind.

I only watched Dorogusker's segment and the fact that the recovery process has something to do with the Cloud, it makes me believe there's no "real" advantage in having such wallets for normal or rather tech-illiterate users!

Virtual Block Investor Day 2022 happened and they released bunch of videos, with full video lasting over five hours, but there is one shorter dedicated to Bitcoin Ecosystem.
People speaking in this video are Jack Dorsey (Block Head),  Steve lee (Spiral Lead), Jesse Dorogusker (Bitcoin Hardware Lead) and Mike Brock (TBD Lead).
Video is about 30 minutes long and it's good to listen what they have to say, so we can get better picture about new device they are building, and how they want people to use it.
Hate it or love it, Block is not going away anywhere.
https://www.youtube.com/watch?v=Vlj72Em7kmk

HW from Square, as we know, is not a exchange, but there is an essential common property between them. This is that you give your money for the period of storage into the wrong hands with possible unpleasant consequences. One consequence, SEC points out, could be bankruptcy. In general, the requirements of SEC for me sound like they are telling to exchanges "you can take away the funds of your clients at any time under the pretext of bankruptcy, so please kindly inform them about this." So it turns out that Square, too, one day will be able to declare itself bankrupt and offer to say goodbye to crypto of its customers. It is not necessary that exactly this will happen (can always take it away under another pretext), but such services have a free hand and have all the possibilities.

We obviously didn't understand each other. I know that you are aware of the dangers of using custodians for your crypto, so I was just stating a fact and wanted to mention a new recommendation by the SEC, which I think is good. Since there are still many of those who believe using exchanges as private wallets is a good idea, articles like the one above show why they aren't.

I'm sorry that it wasn't clear; of course I know this, it was a rhetorical question. I continued to say that lots of people don't and therefore, education is needed instead of creating more and more dumbed down devices and services. With this I meant devices like the Square hardware device that abstracts away the concept of seeds, takes away sovereignty and isn't even more simple and straightforward to set up than a non-custodial mobile wallet application.

I think this tells you everything you need to know about storing your coins with someone else:
https://www.cnet.com/personal-finance/crypto/coinbase-discloses-customers-could-lose-their-crypto-if-it-ever-goes-bankrupt/
https://www.sec.gov/oca/staff-accounting-bulletin-121

SEC is now requiring custodial services to better explain to their customers the risks of keeping their coins in exchange accounts and what would happen in situations such as bankruptcy, for example. Simply put, if the exchange goes bankrupt, you could lose your cryptocurrencies because they are considered as being the property of the bankrupted service provider. I doubt this new requirement will change people's opinion about using exchanges as wallets though.   

I'm not even sure that this gap is very large. It could even be argued that downloading a non-custodial wallet app on a modern smartphone, and writing down the 12 words (or just backing up the phone if that's simpler for you - modern phones like iPhone even offer automated daily encrypted cloud backups [[of course no way to verify the encryption..]]), is already 'exceptionally simple' and it will be 100% self-custody.

It will also be easier, cheaper and more convenient than using the Block hardware device multisig setup, since you don't need an extra device at all.

And if you want some extra security, honestly, hardware wallet have come a long way. Especially the ones that you can use with your phone are very interesting to me, since lots of people just don't want to bother booting up their (often old) PC to do a transaction and most of their day-to-day computer usage is actually on their mobile phone.
I can only speak for the Passport, since that's the only HW wallet I've tried in conjunction with a mobile app and it is exceptionally easy to set up and use.

That's different, though. I also keep some coins in a very insecure mobile wallet because I value the convenience of simply whipping my phone out to pay for something when I'm on the move and not having to mess about with an additional hardware wallet. I do this not because I am unaware of the risks involved, but the exact opposite - I am entirely aware of the risks involved, and I have evaluated said risks, and I have reached the conclusion that I am willing to accept those risks for the extra convenience for the small amount of coins I am storing on such a wallet. On the other hand, many users keep huge amounts of coins on insecure web wallets or custodial exchanges because they are entirely unaware of the risks they take by doing so.

I do agree that there is a gap in the market for an exceptionally simple self custody solution, but as I've said higher up in this thread, I do not think this wallet from Block fills that gap. The multi-sig set up they have come up with, which requires setting up an account with Block, a hardware device, and an app on your phone, and managing the interplay between all three of these things, is in no way simpler than writing down a seed phrase.

I mean, yes, people do this, I'm not arguing against that. I'm just arguing against this being universally accepted as a justifiable option. I'm not talking about usage of a mobile wallet, but for example not withdrawing funds from exchanges or using a system so dumbed down (like Square hardware device) that puts you in disproportionately large risk for very little extra convenience (even over other 'dumbed down' setups), to the point where you don't even own your BTC. Not holding your keys is a line no system that is justified (even in niche scenarios) should cross.

That's another interesting aspect. I'm not yet sure myself, whether it's the people behind mass media (states and billionaires) trying to draw a certain picture about Bitcoin or how this misinformation spreads / spreaded across the population, down to almost every single mass media journalist.

Yes it is that simple. People are willing to trade security for convenience. *I* even know better but I still keep some limited funds in a very unsafe way because it makes my life easier.

But the message is wrong.
When a bank gets hacked we don't hear about the US dollar (or whatever) being hacked. We hear about that bank.
When a CC database at a merchant gets hacked we don't hear about Visa & MC & AMEX getting hacked we hear about the merchant.

What we need to do is figure out how to change the message that is being sent when an exchange is hacked. Not that BTC was hacked but that a specific exchange was hacked.

-Dave

I noticed that we often come across this argument: the majority of people want convenient solutions that require no brain activity, and accept that for many people it's a sensible tradeoff of higher convenience at the cost of reduced privacy or security.
But I thought about it and came to the conclusion that this can't be it. Like, what happens when centralized exchanges are hacked? Headlines: 'Bitcoin was hacked'; when data breaches happen, they are played down and people continue to trust these entities. What I'm trying to say: education is needed. There are definitely ways to make it easier for people to understand, even paid professionals exist that help you setup your own self-custody and everything.

I haven't tried it and I don't vouch for them, but Casa seems like something I'd recommend to someone who doesn't feel comfortable setting up everything solely based on forum entries and web articles and wants a support person they can reach 24/7 as well as some way to recover lost keys.

Of course, everyone's free to do what they want with their money, but I can't really accept 'convenient solutions like Square' as viable for any scenario honestly. If someone doesn't know / doesn't want to put in the time to learn everything, they should rather get a paid advisor like the ones working at Casa to help them set everything up; if wanted, give them a cosigning key, possibly even have them explain and go through multisig with them.

There are ways to get up and running quickly, securely and privately, without already being a Bitcoin and / or technology expert.

Obviously not, but I think most of the people just don't care much about this breaches and they don't take them seriously enough unless they are affected personally.
More leaks like this happen the more I think we are much better ordering general computer components or devices like raspberry pi, and use them for cold wallets and signing devices like SeedSigner.
I think that millions of people will still use convenient solutions like Square that requires zero brain activity and thinking from your side.  

Square is a perfect hardware wallet for Homer Simpson.

Or even worse, how many don't know due to poor procedures & policies?
Secrets may and probably will eventually leak. If nobody ever knows about it......


Or it was sold but nothing has been done with it yet.
Just out there 'fermenting' till we all forget about it because the next breach has happened.

-Dave

A new breech of customer data and this time it happened back in December. I wonder how many other hardware and crypto companies have been hacked but are keeping it a secret. It's getting to a point where you should consider that your personal data has been leaked unless proven otherwise.

So the ex-employee has client names, portfolio values, payment information, and social security numbers. Wonderful. At least we haven't seen the data being sold somewhere. I guess they got to him in time.

After a mad few days at work I was just winding down for the weekend and then you hit me with this? Consider my jimmies rustled.

But yeah, it's a bad look. 8.2 million customers being contacted four months after the event. Any data breach is bad obviously, but not informing customers for four months is unforgivable. That's four months to have the data shared and sold, four months to have accounts hacked, four months to be targeted for hacks and scams, four months for fraud to be committed in your name. Customers should be informed immediately so they can take proactive steps to protect themselves, such as password changes and credit monitoring/freezing.

Well, I'd certainly feel safe having my "hardware" wallet rely on servers ran by a company which forgets to terminate the accounts or permissions of ex-employees.

Here is your warning, do not read below this line :-)

Block / CashApp data breach:

https://techcrunch.com/2022/04/05/block-cash-app-data-breach/


So, do we REALLY want these people making a wallet for us?
We know they have some bad ideas as it is for how to make the wallet, now it takes them MONTHS to admit and report on a data breach.

-Dave

Lucky man!

I believe since they have the ability to restore everything with the loss of phone and hardware device, Block has full control over the coins and can thus send them to the family after they provide proof of death.

I don't see the issue with this as well. It's not very hard and you could just store printed instructions with the seed.

Right, above the limit. So you would set the limit to 1sat to get privacy, that was kind of how Lindsey worded it. As you say, the fact that they can recover everything means they must have the ability to see all your transactions and funds. From the presentation, I'm not sure if the architecture is actually not done / thought through yet (why do they already have prototypes of the hardware device then) or if Lindsey just doesn't know her own project's architecture which seems weird since she's the Business Lead at Block for this new wallet. It appears that it's one of the two, since she couldn't answer NVK's basic technical questions such as if they hold an xpub.