Bitcoin Forum

First, I would like to start by saying that I'm not affiliated with this project in any way.

It's just a project that I have been keeping an eye on for some time because I found it to be interesting, and they just officially launched on the main net a few hours ago, so I thought I'd share[1][2].

The app is a non-custodial multi-coin wallet (currently only supports Ethereum, Polygon, and the Nervos network) but should support BTC, SOL, and other coins later.

Unlike other wallets, this wallet uses passkeys. You don't need an email, a phone number, seedphrase, or any of that. See here for more info[3].

I'd like to hear your thoughts on this? I just started using it and will make sure to post updates as they add more features and coins.

EDIT: Moved this to the wallet software board, as the developers are now supporting Bitcoin (SegWit, Taproot) and working on a Bitcoin layer 2 solution (RGB++).

[1] https://joy.id/
[2] https://docs.joy.id/guide
[3] https://joy.id/faqs

On the main page, I saw their animated image explaining the security system using fingerprint and facial recognition. Do they actually implement this?Afaik, it is a very weak security method. They also have a recovery mechanism with some means that I think (tentatively suspect) that backups of privatekeys or mnemonic phrases are (also) stored on their side.

My conclusion is that this wallet actually goes against the security standards of crypto wallets in general.

Thank you for introducing Joyid to the Bitcoin Forum. I'm Cipher, the founder of JoyID, and I'm delighted to be here to discuss our new solution to wallet technology. Allow me to provide some insights into the mechanics of this innovative wallet.

First and foremost, it's crucial to highlight that JoyID is a non-custodial wallet. Our server never hosts your keys or any form of key shards. With JoyID, you retain 100% control over your private keys.

Furthermore, our wallet doesn't directly access your biometric information. While it does utilize the system's biometric verification feature, the wallet only receives the system's response in the form of an ECDSA signature. It remains entirely unaware of how you choose to identify yourself -- whether through Face ID, fingerprint recognition, or a PIN code.

Our technology leverages Passkey, a standard supported by the FIDO Alliance and widely adopted by modern devices. It utilizes a dedicated hardware secure chip to generate and manage asymmetric keys, enabling secure signature and verification services right on your device. Passkey is compatible with a range of operating systems, including iPhone, Android, Windows 11, MacOS, and Linux. Passkey makes JoyID a wallet with the secure level between software wallet and hardware wallet.

By combining these technologies with account abstraction (which maps multiple devices/keys to a single account) on Nervos (a UTXO PoW + RISC-V VM chain), we've created a wallet that's non-custodial, passwordless, mnemonic-free, and doesn't require installation. It also prioritizes biometric security. Our wallet is permissionless, chain-agnostic, and offers instant onboarding feature (10s to create a wallet and never lose). It's a game-changer for the crypto world.

And as a Bitcoin advocator and hodler, I'm working on the following features to benefit Bitcoin community.

- Bitcoin support, with air-gapped wallet feature, working
- Lightening network support, planning
- RGB support, planning
- Nostr support, already supported

Feel free to ask me anything about JoyID, thanks.

Thanks for your detailed response.

I would like to know more about the recovery process (which I believe is not available yet?) and how secure it is. and how difficult it is for someone (a hacker) to gain access to your wallet from either your device, or on another device since from my understanding, this whole passkey process uses your hardware, meaning even with your fingerprint/faceID, your wallet cannot be recovered elsewhere, but how would that work if you lose access to your phone?

I read the FAQ, but maybe you can give more details on all of that?

Don't get me wrong, I mean that implementing fingerprint locks and facial recognition as wallet security is not safe enough from environmental risks. It's good if you also have PIN as an option.

So where is the private key/mnemonic stored and retrieved for recovery? As per my understanding the private key cannot be eliminated whne generating a new wallet.

Also who is to be held liable in the case of a compromise?

When it comes to non-custodial wallets, I am not too comfortable but in cases where there is no exception, one has no option but I'm most concerned.

If we can get a feedback on how to recover private key/phrase, it will be okay.

From my understanding, the approach is different than what's being used in exchange apps, and wallets where the biometrics are used to unlock the app. I'll try to get in touch with Cipher, I think he could shed more light on all of this.

Here are some updates since I last posted here:

- The wallet has reached 150K users[1].
- You can now send and receive Arbitrum assets.

Again, I'm not affiliated with the project in any way, just think it's a very interesting concept.

For those who are interested in "potential airdrops". It appears that you can gain some points by doing some quests within the app. The team didn't mention anything about the "use" of those points, but I would imagine that eventually, they would have some kind of purpose at least.

[1] https://twitter.com/joy_protocol/status/1743599120592535778

More updates (again, I'm not affiliated with the project):

- Scroll network has been added.
- You can now add any unsupported EVM chain or token you want just like you would with MetaMask.

The wallet has also achieved 200K users.

Hey is this the JoyID wallet that also been used for smartlayer quest? I think its the same given the color of their UI. It seems you ate fond of their project as it seems you keep up with an updated info on their progress. If its the one used on smartlayer I could say that its run smoothly. You thi k their fingerprint locking and unlocking of wallets is actually a better one for login?

Yeah, it's the same JoyID OP is talking about. I just finished reading posts of some dudes in an online group I belong and away from the project's telegram handle. They talked about SLN (Smartlayer) and its claim that's ongoing. Those who lamented they haven't got theirs were directed to check their eligibility status with their JoyID addresses. That's how I got to know it's the same project.

I saw a screenshot of someone who got over 2,000 SLN from that airdrop. That's really huge when you juxtapose that with its trading price of >$6. It's unbelievable what people make from airdrops. It's very tempting, and that's why more people are chasing airdrops.

The wallet has made a few more updates:

- BiHelix (bitcoin infrastructure service) partnership which could indicate that bitcoin support is coming soon for both mainnet, LN as well as RGB++
- Spore NFT now supports JoyID.
- DotSwap also added support to JoyID.

So the wallet now supports Bitcoin (native SegWit and Taproot) as well as BRC20 tokens. I'm not going to lie, the wallet is still missing some very important functionalities like scanning QR code (which I think should've been a top priority, especially for a wallet that's supposed to be used on mobile) but that's coming on the way.

The wallet now supports RGB++ assets[1] (basically an upgraded version of RGB, the layer2 solution for bitcoin) as well as trading its coins on a DEX[2].

For those who read my above post about JPoints, I don't believe that's a thing anymore. I have been away for some time, and last time I checked, those are no longe showing in the wallet.

[1] https://twitter.com/joy_protocol/status/1775535895166537819
[2] https://twitter.com/joy_protocol/status/1780505146067448176

An important update: it would no longer be possible to create an account with JoyID in Windows (regardless of the version you're using) due to the currently limited support of Passkeys in Windows.

As for those who were a bit skeptical about the wallet and what it offers in the past. I suggest you check this newly released FAQ by the team. It should help clear lots of things:

https://nervina.notion.site/JoyID-FAQ-EN-3950ff33403e4545aa3d6129f2725cdb

I see this as being a service for the absolute newbies who don't feel like creating and holding their own keys. Anyone more serious and experienced in crypto shouldn't have problems with being a true custodian of keys and not rely on biometrics and face ID as ways of generating and recovering crypto wallets.
 
Your Passkey creates your private keys. And you get your Passkey by providing your fingerprint, face ID, or a PIN. Who else uses such a system? If JoyID where to disappear from the face of the world tomorrow, where could I import my Passkey and continue using my wallet? I know it's open-source, but we can't expect the target audience to build their own instances of the wallet from code.

The documentation says that it's not possible to export private keys and seed phrases from devices that support this standard. Apparently, they are working on enabling seed backups in the future. So, users are limited only to systems and services that use the Passkey standard, not like with traditional wallets where you can always import/export private keys and seeds.