Bitcoin Forum

Quote from @jack


I think it's good news and will give a boost to the power of open source projects, so far we can't judge it but given Jack's experience it might be a good hardware wallet.


Also, such wallets will force existing companies to develop their systems rather than accepting more altcoins.

Based on those words alone I can tell you right now, I'm not a fan.  I reckon I'm not the target demographic, however, and that's not necessarily a bad thing.  If the focus security and ease-of-use, and it's offered by a trustworthy established company then I can see it attracting more people to crypto.  And that is specifically a good thing.


I'm not sure about that.  Hal Finny once wrote (here on the forum) that he believed Bitcoin will become the backing currency for several independent currencies.  I have a feeling he's right.  As more and more companies start acknowledging the benefits of bitcoin, they'll see their are also benefits to having their own custom currencies.  I suspect that some day Amazon gift-cards will give way to Amazon Alt-Coin.   Any retailers or bank can start offering incentives to using their custom cryptocurrency.  In fact, I'd be surprised if the credit-card issuers like Visa and MasterCard aren't already working on such a thing.  If they're not, they're being short-sighted.

Unless bitcoin's fee volatility becomes more stable and more affordable when mempool is busy, I suspect Hal's prediction is more likely than not.  

I expected to see hardware wallet industry would expand and bring in big tech players like Samsung and Apple so this news with Square thinking about creating their own wallet is confirming that.
However I have a few problems with Jack Dorsey, Twitter, CashApp and Square because they are known for censoring and banning people, Jack is supporting idea of some UBI Universal Basic Income that is a terrible idea.

What I can see from his twitter posts is that this devices suppose to be fully open source for software and hardware, it will have big display screen, connected to mobile and it will have support for layer2.
There is no fully open source secure element but Trezor wallet developers are working on their own and I would more trust them instead of Square but competition can be good and better than monopoly.
If you check Squareapp website you can see they already have some devices used as terminal and register but I don't see anything there being open source.

https://i.ibb.co/bK8MPgL/pic26.jpg
https://squareup.com/us/en/hardware

I agree with you, and I am not their target demographic as well.
However, to bring more people into crypto/bitcoin, it is very likely that companies can't force new users to be responsible for their keys by themselves. Too many people simple don't care about being responsible for their money and prefer a custodial service.

offering a custodial service is an interesting solution, especially if a reputable company is behind it
.




I think Visa/Mastercard will try to ignore crypto as much as possible, or bring crypto inside visa (like a pre paid bitcoin credit card). Creating their own alt coin would be extremely bulish for BTC and it would make a lot of people get interested in it.

That could be either good or bad ^{[it might have a similar impact to when altcoins were created, but this time for hardware wallets, and not all of them are going to be that reliable]}.

Are you sure about that? That's not how I interpreted jack's "9th point (https://twitter.com/jack/status/1400839187868401664) ^{[especially the latter part]}".

---

Does anybody know about the missing 5th part?
^{- Jack repeated part 4 twice.}

First of all, I am not fond of this kind of news. "Is considering" means nothing, nada. They may or may not do it, and if they'll do it, it may follow or not this "design". No. That's nothing.
So speculating about it doesn't help either.

And I'd be scared of a company with plenty of money, like Square, asking users what they want from a HW. I mean, they can afford proper specialists and see what's better from the current hardware wallets, make proper research and proper specs, without all this shit-show.

For now all they do is advertising themselves. Not much related imho with any HW they may or may not make.

Jack Dorseay and Jesse Dorogusker from Square now confirmed that they started to work on making their own hardware wallet and they are prioritizing mobile use, support for Bitcoin first, global distribution and multisig solution.
They are creating a small team led by Max Guise and they are hiring key roles in hardware, software and security at hardwallet@squareup.com.
https://twitter.com/JesseDorogusker/status/1413222597207134214

Update from Jack Dorsey and Square from recent Bitcoin Live Discussion between him, Elon Musk and Cathie Wood, and Jack confirmed they will make their upcoming hardware wallet fully Open Source from hardware design to software:
https://twitter.com/BitcoinMagazine/status/1418159256734375937

Full interview on Youtube:
https://youtu.be/FIKj-66X7oY

They previously hinted that their hardware wallet might be custodial and if that wasn't the case, this announcement about a fully open-source software and hardware would be something to look forward to. But even if they say that it's going to be fully open-source, I don't think everything will be made public. When the upcoming Trezor device was discussed, I remember finding in the announcement a sentence that says something along the lines of almost completely open-source.   

Depending on the secure element used, fully open source might not be possible since there may be propitiatory things in there. That has been discussed other places. Some people think having it hidden under NDAs is evil, others not so much.
Probably not worth getting very worked up over if that is the extent of it, but till we know more it's all just a guess anyway.

-Dave

Indeed, if they make everything open source other business(es) may profit from the free information and become competitors. So making everything public/open source has the potential to hurt own business. So various details may actually be hidden.

However, they are advancing, and they are moving fast. I'm no longer skeptic, I'm officially impressed.

Square recently posted new job applications for Senior Engineering Manager (https://jobs.smartrecruiters.com/Square/743999764183893-sr-engineering-manager-hardware-wallet?trid=33221b55-7baa-4189-992e-a7fac0c08950) who can make their upcoming Square Hardware Wallet, and for Hardware Wallet Business Lead (https://jobs.smartrecruiters.com/Square/743999764184423-hardware-wallet-business-lead) to operate their business model.
They have very optimistic goal of creating hardware wallet device for 100 million people, and they are hiring experienced people who can even work remotely.
Compared that with Ledger that sold around 3 million devices so far, and Trezor who sold over 1 million devices (I can't find exact numbers) you see how high goal is set for Square with 100 million devices.

If you combine the active users of both Twitter and Square, their goal roughly equates to 2/5^th of those userbases.
^{- IMO, it's a realistic goal [despite having huge respect for both Trezor and Ledger, if anyone can do it, it's them].}

They are expecting a huge increase in hardware wallet users and much bigger adoption rate if their goal is to mass-produce 100 million units. If the figures in sources like this one (https://www.buybitcoinworldwide.com/how-many-bitcoin-users/) or this  (https://markets.businessinsider.com/news/currencies/crypto-users-pass-100-million-boomers-gen-x-bitcoin-btc-ethereum-2021-2) are correct, Bitcoin has gone above 100 million users worldwide. I think only a small percentage of those use hardware wallets. Exchanges, mobile wallets, and non-custodial services still occupy a significant part of the market.

Even if had 200 or 500 million crypto users in a few years, producing 100 million devices might be too optimistic of a goal. But I am still glad that they are aiming high and hoping that one day we will reach those numbers.       

Ugh, that's like saying "it's for their own good", words that have been uttered by countless governments and corporations with malicious intent--as an example, take a look at all of the silly drug laws that exist around the world.  You might not agree with me on that, but it's certainly an example of huge powers restricting freedom under the guise of keeping people safe....from themselves.

If people want to own crypto and don't want to keep it in their own wallet and be responsible for their own private keys, they could always just store it on an exchange (which I obviously don't recommend).  No hardware wallet needed.

I can't argue with that, even if I don't like it.  It's kind of a paradox, I guess.  The HW manufacturer is making wallets so crypto users can keep their funds safe, but in order to feel completely safe you ought to be able to examine the code--which the manufacturer isn't able to provide because of the issue you mentioned.

I saw a tweet about Square looking for a developer a few days ago. I think they are
setting themselves up for a big influx in crypto adoption and they are possibly going
to target those who are currently using custodial services. 100,000,000 devices is massive.

There are definitely big developments afoot and they have big plans for the future
and crypto will play a big role,

I just saw on a seperate point that they announced plans to acquire Afterpay for
$29,000,000!

https://edition.cnn.com/2021/08/01/tech/square-afterpay-intl-hnk/index.html

Yes, but I think the open-source everything move from them is for them to win both the masses, and as well as the current Bitcoiners. They could simply brand the hardware wallet as something that's affiliated to the ever-so-famous Cash App, and that could easily easily offset the lost sales from those huge minority that's going to build everything from scratch.

I was not thinking at hobbyists as a threat for the business.
I was thinking to another business - maybe in China, for example - that can copy this and sell at less than half the price the same product, just branded with Ca5h App (based on your example).
But maybe I'm thinking too far. I don't know...

Hmm that makes sense. But I guess whether they make it open-source or not some Chinese businessmen are going to probably copy it anyway if it gets mainstream enough. Just like how we have fake iPhones despite Apple not being open source. Tech startups and tech businesses in general probably start businesses already expecting China to copy them at some point in the future.

I am following all hardware wallet market condition and so many of them popped up (and still popping up) that are claiming they are open source and coming from China that I would not be surprised to see something like this.
Some of them are mostly based on Trezor code BitHD (https://github.com/bithd), Prokey (https://github.com/prokey-io), OneKey (https://github.com/OneKeyHQ/OneKey-Wallet), or Keystone (ex Cobo) (https://github.com/KeystoneHQ), HyperMate (https://github.com/hyperpayorg/hardwallet)... but note that open source doesn't mean that something is automatically good.
Chinese population is over 1,4 Billion people, that is more than enough for Jack's dream of 100 Million HW owners, and if something like this happens to Trezor, imagine what will happen with Square 平方 HW  :D

Jack Dorsey and his Blocks team are making some decisions about upcoming hardware wallet and they are asking community for help and feedback.
They released a public document calling it Hardware Wallet Power Architecture SPADE, and they want feedback about best battery for this device, as well as other things.

What we learned so far after reading this 8 page long document?
- they decided to add wireless NFC feature for communication with smartphones.
- they want to add power source, replaceable or rechargeable battery (Coin Cell, Rechargeable LiPo or Alkaline AAA).
- multisig will be supported and very important feature.
- device will be reliable and able to survive shocks, stresses, drops, etc.
- device will have to last for years.
- device will be smaller, lighter with industrial design.

Full document:
https://block.xyz/wallet/battery.pdf

Will it be the only way to communicate?
Because if so, they'll lose quite a big segment of potential buyers, just because many smartphones don't have NFC (yes, even today).
And if there's also another way, I certainly hope that NFC can also be turned off, just in case.
(And yeah, I would have been preferring wired communication, like my Nano S does.)

Hopefully, it wont be there at all. Not sure why people prefer Bluetooth or NFC in this case instead of a cable.
 
NFC only works if two devices are in close proximity one to the other, but maybe there are certain gadgets that can widen this grid!? In that case, it  becomes a new attack vector. I remember reading an article some time ago on NFCs where it said that the protocol can't be considered secure because it was created to be a convenient and fast solution, not one that is security-oriented. NFC connections also don't require a password or pin. I am not sure if and how one can abuse the system to access someone's data, but if there is a way, someone somewhere will probably find it.   

This will probably be the only way of communicating judging by document they released, the reason is because they are focusing only on mobile and not desktop users.
I much more prefer QR codes and camera, but industry is apparently going in this direction.

I don't know exactly what phones support NFC but I am sure that all phones in future will have that options, or Jack wouldn't go planning something so big.
They want to sell this hardware wallets to 100 million users and more.
Here is one recently updated list of most NFC enabled mobile devices:
https://en.wikipedia.org/wiki/List_of_NFC-enabled_mobile_devices

Can you also turn off NFC on your credit an debit cards or in your passport and id cards?  :)

Yeah, quite sad.


It would have been probably better than NFC.


Not everybody is buying expensive phones.
I went to gsmarena and:
1. I've done a search with all phones released last year. 602 results. https://www.gsmarena.com/search.php3?nYearMin=2021
2. I've done a search with all phones released last year having NFC. 297 results. https://www.gsmarena.com/search.php3?nYearMin=2021&chkNFC=selected

So about half of them don't have it. And I took only the phones made last year! I find it more relevant than that wiki, sorry.


No, but I can turn it off in my phone¹. I expect the wallet be a tad smarter than an un-powered plastic card, really. Hence (while I understand your point) I think that the comparison doesn't stand.


NFC (Near field communication) works only very near. I don't know if attack vectors are so scary in this. Keep in mind that millions pay on a daily basis with NFC cards, phones, bracelets..


----
¹ Actually I could (and did) in my previous phone which had NFC. My current one doesn't have it.

On the latter part of the PDF link, they also mentioned the possibility of having "hybrid solutions (https://block.xyz/wallet/battery.pdf)"... Does anybody know if currently, we have a hardware wallet with such configuration?
^{- I do know it has its own risks, but I think it'd be cool to finally have a hardware wallet with multiple battery options.}

Hopefully, they could back it up by "showing" the results from various tests!

That's easier said than done ^{[unfortunately, but I hope I'm wrong]}.

On another article that was linked in the one that you posted yesterday, they mentioned there'll be QR code support in their mobile app:

• Quote from: https://squareselfcustody.substack.com/p/building-self-custody-hardware
  and people will still be able to use QR codes for payment applications via the mobile application that makes up part of the product.

Sure, but if I steal your NFC supported credit card, I can make contactless payments up to a certain amount (I think it's not more than €20-€50) without entering any PIN. I can do that multiple times in various stores without anyone suspecting anything. Surely Square will have countermeasures in place, but I am still not delighted about their choice.   

I think that Keystone wallet is the only one that offers some kind of hybrid battery solution in their Keystone pro version.
They have standard lithium slim battery and in the same package everyone receives fat empty container for regular AAA batteries that can work in emergency cases.
Most hardware wallets are using cable connection for power, and others are using only one type of battery.

I would like to see QR codes more than NFC, but some people are claiming that NFC is relatively safer and more simple option.
Simple is not always better, and NFC means that there is one more chip that could be exploited, and there is one source for most NFC chips.

I don't follow anything about smartphones so I can't confirm anything from wiki or any other websites.
Some guys from our local forum say that all phones now have NFC, and they are obviously wrong if data from gsmarena is true.

I really hope they ditch the NFC and that they only go for Alkaline if they know they have to keep the current draw very very low. Otherwise it will eat through them like Passport v1.

Yeah, that's about right. All the close-range mumbo jumbo is not implemented as a security measure; you can circumvent it with a tunneling attack, stronger antennas and similar. On hardware level, it is not protected against that. You can 'patch up the holes' by adding time of flight checks in higher layers or additional confirmation for larger amounts (like in credit cards) but it's not very confidence-inspiring that you'll constantly need to fix the holes of your underlying technology.

I never really dived that deep into it, until you mentioned it and I immediately fell in love with how they designed those batteries.
^{- Block should follow that design, as opposed to integrating both of them at the same time.}

I have limited knowledge about its security but in regards to the simplicity of its approach, it means little to nothing if it's going to work occasionally.
^{- My previous phone had fewer connection issues with NFC-enabled devices than the one I'm currently using [not sure why].}

While I don't expect gsmarena have info about really all makers and models, I'd expect that the even cheaper ones (ie those that may be missing) will just increase the numbers of models without NFC.

You are free to click onto the bottom-right button and see the results = the actual phones for which you'll see the specs if clicked.
Unfortunately you may have to fiddle more with the settings and get subsets, since not all are shown if the number of results is that big.
And unfortunately they don't have search for "no NFC" (either All, either with NFC).

Even more, there are results with the specs telling "NFC    Yes (market/region dependent)"
These are included in the list with NFC, hence giving a certain extra advantage to "that side".


TL;DR; I was actually "nice" to tell 50%, and the real percent of no-NFC phones for 2021 may be even bigger.

To paint a better picture, everyone should imagine that NFC is just a small antenna.
It's my opinion that having antenna in hardware wallet is not secure, but that is just my opinion, what do I know :)


In theory some kind of universal NFC reader could be used for all devices including desktop computers, but question is if this will be compatible with one used in Square wallet.
I was reading that Apple had worse support for NFC from all other smartphones, but maybe something changed in last few models.

I found some interesting articles about alleged ''secure'' NFC techology that everyone is trying to push down out throat recently.
One of them say that malware can be planted using NFC beaming, but bug was android related:
https://www.zdnet.com/article/android-bug-lets-hackers-plant-malware-via-nfc-beaming/

This one is from last year, NFC Flaws Let Researchers Hack ATMs by Waving a Phone!
https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/

After reading all this I am really having trouble to believe how they say that adding NFC in hardware wallets in more secure than other methods.
If ATM can get hacked with NFC than I rest my case, or maybe we should buy this new hardware wallets and use them for hacking  :D

I found a relatively old thread on Stack Exchange about a guy who wanted to track customers entering his dentist office via NFC technology. He wanted to extend the range to read NFC tags of his customers at a distance of 30-60 cm.

This is the answer of a person who claims that range can be extended and he wrote how to do it.

   
Source: https://electronics.stackexchange.com/questions/107811/diy-nfc-boosting-antenna-for-a-mobile-device

This one sounds good; what I saw so far in experimental setups was a bit different, but there seem to be multiple solutions to extending NFC range. Anything that can be used to extend any other RF-device's range should work on NFC just as well.
What is interesting though is that it starts making financial sense to develop and improve these further, the more financial transactions are made through NFC, while it has been a more academic and theoretical subject until now.

So, for those who do not know, Square (now block) is big into credit card processing and they also own CashApp
I use cashapp. I also have their debit card.

I was at a local restaurant the other day ( https://www.buffalogrilleli.com/ (https://www.buffalogrilleli.com/) ) and they are using square for CC processing.
I put in my card to pay (Citibank Sears MC running a 15% bonus cash back on restaurants more on this in another post https://bitcointalk.org/index.php?topic=5386484 ) and the terminal popped up with an enter your phone # for rewards at this restaurant.

OK, I put in a Google Voice number I use for stuff like this.

Got a text message on my phone about the points being added to my account, and poof the CashApp app saw the text and added it to it's list of bonuses and points with no interaction from me. The app wants to read text messages since there is nothing relevant on that phone I let it.

So with all this going on, if you are really concerned with privacy would you want a hardware wallet from a company like this?

Now I am saying the following, I don't give a shit at this point for me. *IF* I could go back in time I would have changed my habits about BTC & privacy and a bunch of other things 10 years ago. But I didn't, I'm known, and I am far to lazy to spend the time to put my privacy and anonymity back. I am on the old side of 50 and really have better things to do with my time.

But, if you are using one of their hardware wallets and they can get that 1st breadcrumb of tracking data from something you did, they can probably track a lot more then you think.

I can hear @o_e_l_e_o crying about the lack of privacy with all of this.

-Dave

I'm going to need you to start trigger warning posts like this! :P

But yeah, it's no real surprise. Companies which own many subsidiaries almost always share data fully and completely between their subsidiaries. It'll be in the terms of service which no one reads. For example, both Square and CashApp say the same thing about your who they share you data with:

If you are going to buy a hardware wallet from a company which also runs CashApp and Square, then your data will be shared across all their subsidiaries.

I've just seen that Block's hardware wallet will also have fingerprint sensor. There is a bitcointalk topic too about this. (https://bitcointalk.org/index.php?topic=5389642.0;topicseen)
The talk on Twitter is: https://twitter.com/jack/status/1502358737981521925


A funny answer, but actually very thoughtful was this:



I fear that this HW is designed more for hype than security...

If you look at the actual blog post from Block, it doesn't even sound like a hardware wallet at all anymore, but more like a YubiKey or other hardware 2FA device. See here: https://wallet.build/march-update/. Interesting quotes below.


So your funds are stored on the mobile wallet, you set a limit that the wallet is allowed to spend, and any transactions over that limit you have to connect the "hardware wallet" and use it to scan your fingerprint. The hardware wallet will not have a screen, meaning it cannot generate or display a seed phrase, cannot show transaction details for double checking, and cannot show a receiving address for verification. That's not a hardware wallet; that's a 2FA device.

Honestly, I'm quite disappointed at how this so-called hardware wallet is shaping up... Based on the @o_e_l_e_o (https://bitcointalk.org/index.php?topic=5341906.msg59523301#msg59523301)'s post, it seems that there are no preventive measures for anything that's below the chosen limit, and considering that there are various ways of cloning the fingerprints ^{[and other ways of acquiring it (e.g. by force)]}, this just introduces a lot of other risks to the equation.

I saw this news posted few days ago but I forget to post something about that.
If looks like Block developers want's to replace everything in their hardware wallet including seed words, passwords and seed phrases with a single fingerprint  ::)
This have disaster label written all over it, and from what I read most of the people don't like this idea, including me.
Fingerprint is one of the easiest thing you can copy, it can be taken from anything you touch and it's easy to duplicate it with cheap silicone.
There is no ''peace of mind'' in that, like Block Wallet team is saying in their document, so it's better to evaluate alternative options for people who don't want to be fingerprinted.

I never expected anything revolutionary to come from this project, but things are sure getting in wrong direction.
Whats next on the line? Iris scanner, maybe dna from blood or urine sample for using Block wallet :P

The funny thing about all that is that you don't even need Block's 2FA device to approve spending above a certain limit because all cheap smartphones nowadays already have an in-built fingerprint scanner. You can just create a software wallet in which it would be required to touch the scanner to send a transaction. In fact, there are tons of mobile software wallets that already have such a feature implemented. Why would I even buy additional hardware to achieve exactly the same security that I can achieve with only one device? I don't understand this VC thinking: they put their money into a project, but it seems they don't care if it really serves the purpose. The only thing they seem to care about is how to multiply their initial investments selling outright garbage to naive users.


Traditionally, the question about security and privacy... Can Jack Dorsey or someone else get the information about fingerprints from these devices, collect it, and link to the addresses? Imagine having a database where all the addresses on the blockchain have a corresponding fingerprint of real users. Isn't it a good approach to prevent crimes and money laundering?

Well, it is more secure having your 2FA require a second device, as then an attack has to compromise two devices (phone and "hardware" wallet) rather than just one device (phone). However, if all the coins are actually stored on the mobile wallet to begin with, with a simple software enforced spending limit, then surely someone compromising the phone would be able to extract the seed phrase or private keys or otherwise override the limit. How else would you restore your wallet if you lost the "hardware" device?

The whole thing leaves a lot of unanswered questions, but it doesn't seem very promising.

They of course say that the fingerprint information will never leave the device, but it will be up to us to try to verify that to be true after the device is released. I also am assuming that this device is not going to be open source.

This is shaping up nicely. No display, no seed, no passphrases, only ultra-safe fingerprints. How revolutionary. This isn't innovative at all. This isn't created to make your cryptocurrencies and their private keys safe. It's a device for idiots who can't or don't want to write down 12 or 24 words and keep them safe in one way or the other. Maybe with the next update, Jack will tell us that he will keep our recovery phrases safe and all we have to worry about is the tip of our fingers.

Let me just leave this here:
Breach of Biometrics Database Exposes 28 Million Records Containing Fingerprint and Facial Recognition Data (https://www.cpomagazine.com/cyber-security/breach-of-biometrics-database-exposes-28-million-records-containing-fingerprint-and-facial-recognition-data/)
Major breach found in biometrics system used by banks, UK police and defence firms (https://www.theguardian.com/technology/2019/aug/14/major-breach-found-in-biometrics-system-used-by-banks-uk-police-and-defence-firms)
Thousands of fingerprint files exposed in unsecured database, research finds (https://www.cnet.com/news/privacy/thousands-of-fingerprint-files-exposed-in-unsecured-database-research-finds/)

How else do you think he could sell this devices to 100 million people like they are planning?  ;)
They are obviously targeting dumb people with lower IQ that are buying all the new trending devices for convenience, so they won't have to think about security themselves.
btw how do you know their (new kids on the) Block hardware wallet is not going to have display?
That is probably worse than adding fingerprint scanner, I could live with that if it is optional like they say.

They mentioned it in their latest March update here (https://wallet.build/march-update/).
Check out the latest paragraph where they say: "As part of this approach, we plan to build the hardware without a display.

If there is no display, there is no way to see addresses, seeds, PINs, passphrases, fees, amounts, etc. You will only be able to check all of that in a software environment most probably. 

This might exactly be the reason for it not just being an app. Especially if it's not open-source, it's definitely possible that the biometric data is sent to some server and sold and / or leaked in the future. In case of applications, in theory most phones use their processors' secure elements (similar to what's used in real hardware wallets) to store an encoded version of the fingerprint, with no way for a userspace application to even access that information. All checks are done within the secure coprocessor. However, fingerprint modules do exist that basically just record a 'clear text image' of your actual finger. It's definitely possible for Block to use something like this.

Why aren't they buying any other 'new trending HW wallet' like something from your selection of open-source HW wallets (https://bitcointalk.org/index.php?topic=5288971.0)? :/ Probably less advertising would be my guess. Just like Ledger sells millions of actually bad products due to millions of advertisement dollars.

There's no point in a display on this already doomed device. That's because it's most probably just a 2FA device with no seed on it, from what we've seen. So the signature actually happens on the phone. I'm amazed how they can call this a hardware wallet with a straight face.. ;D

I've had a bit more of a read around their proposals, and it seems they are planning to use a 2-of-3 multisig. One private key stored on the mobile app, one private key stored on this fingerprint scanning hardware device, and one private key stored on Square's servers. The user then sets a limit to what they want to be able to spend from the mobile app. When they try to make a payment under this limit, the mobile app will sign and Square will sign, giving the two required keys. When they want to make a payment over this limit, Square will refuse to sign it, requiring the user to plug in their fingerprint scanner for the second signature.

So yeah, calling this a hardware wallet is very misleading. The piece of hardware will only contain one of the three necessary private keys, with the other two being stored on a mobile device and on the cloud respectively, which is obviously significantly less secure than an actual hardware wallet.

Multisig sounds better than it just being a glorified FIDO UF2 device. I still find it highly questionable. For example, Square could have a backdoor in place which allows to sign with server + device, circumventing the user.
In general, any device whose functionality is linked to an online service staying up and running is a bad long-term investment - it will become a paperweight sooner or later. Better spending a little more (I guess this will be super cheap to attract many users) and getting a proper hardware wallet.

I also suspect they will know every single one of your transactions, since the application would ask the server to co-sign every time and only after it declines (in case of larger amounts), it will try connecting to the hardware device. In case of smaller amounts, the server will also know about all your transactions by design.

In general, it seems to go well with their business(es) as a financial institution (instead of it being mostly a hardware manufacturer like other brands). After all, user data, especially payment / financial, is highly valuable.

Even more basic than this, if you are using their app you are connecting to their servers to receive updated transaction and balance information, so they will always know all your addresses and transactions. They also say if you lose your phone then you can recover your coins using the hardware device and the key that Block stores, meaning that they must have a copy of your full wallet containing all three public keys to be able to offer this functionality.

Absolutely. As I mentioned earlier in this thread, if you use this device your data will be collected and shared: https://bitcointalk.org/index.php?topic=5341906.msg59309830#msg59309830

I perfectly understand you and the attitude of people who know Bitcoin essence and the principles of interaction with it. Also, the attitude to HW in this topic that Square offers is not surprising for me. But Square doesn't create these products for you and people like you, that's the catch. They make a device for the masses. So that even a conditional housewife, who of all devices only knows how to use the TV remote control and poke on the touch screen of an iPhone, can use crypto. These are completely different target audiences.

It is a mistake to project your experience onto others. What is easy for you may not be feasible for others. Even such a trifle as to write 12 or 24 words.

This is a business and they are trying to fill their niche by satisfying the needs of people. And their need is very simple: to simplify interaction with crypto as much as possible. Yes, sacrificing all the basic features of bitcoin, but that's just how people are. Between security, reliability, anonymity and convenience, they always choose convenience. Of course, this is not about the participants of bitcointalk: I'm not very sure that housewives drop in here in order to improve their skills with crypto.

We here laugh at the features of the new device from Square, but rest assured, they will find their buyer.

I started out knowing nothing like everyone else and learned the things that interest me. I would certainly not put myself in the same category as many of the more technically advanced users here. I know enough. But I don't accept the notion that it's hard to learn how to generate and secure your seed properly. It's a completely different thing if people don't want to learn it. In that case, they can use whatever they want.

I have no doubt they will and with good marketing, it will become a hit. But hey, Bitconnect was a success as well for some time. Square's device is not a hardware wallet and shouldn't be called one. 

I don't disagree with you there, but I strongly disagree with how Block are presenting this device.

Even users who don't own a hardware wallet still know that a hardware wallet offers great security. One of the first things newbies on this forum get told is to buy a hardware wallet. Any time someone admits to keeping their coins on an exchange or a closed source hot wallet, they are told to buy a hardware wallet. Medium, Reddit, Twitter, YouTube, all filled with people telling you to buy a hardware wallet. Even if people don't understand how a hardware wallet works, they still know that it is safe and secure.

This device is not a hardware wallet. It does not protect your seed phrase, your keys, or your coins. Calling it a hardware wallet, when in reality it is simply a signing device for 1 key out of a 2-of-3 multisig is disingenuous at best and outright lying at worst. Plenty of people will read that this is a "hardware wallet" and will therefore believe that it is somehow as secure as something like a Ledger or a Trezor, when it is no such thing.

They can make any device they like, obviously, but they should be open and upfront about what it is and what it can do, and not call it something it isn't to make people think it is more secure than it actually is.

Wow, if they hold all three seeds, it's a real scam. I'd give them the benefit of the doubt for now and hope they at least implement the restoring like this:
1) Generate phone key.
2) Create new 2-of-3 multisig wallet: server key, new key from (1), device key.
2) Sign transaction with server & device that sends all funds into that new wallet.

I know.. This whole Square wallet is so anti-Bitcoin.. How does anyone honestly come up with such a system. ::)

On one hand you're right, but on the other hand I find it morally questionable for knowledgeable people such as the developers of this project, who know exactly what they're doing, to sell and even develop this device and call it 'HW wallet' with a straight face. It's so predatory in a way. They try giving people a sense of security and privacy. In a way, it should be more secure than e.g. keeping funds on an exchange, but privacy is completely out of question here - one of the main motivations for cryptocurrencies.

Honestly, this notion of people not being able to do anything themselves anymore seems to me like a disease, like a cancer, spreading through first-world society. People get more lazy and as a reaction, companies try capitalizing on that, taking more and more 'work' off people's shoulders, making them wholly dependent on them. This continues as a vicious circle to the point where young people don't fix their own bikes or cars anymore, can't wire up some appliance, while it was somehow all common knowledge not too long ago.
I don't accept that humanity dumbed down this hard; it must simply be laziness.

I would definitely like to ask Square HW wallet users face-to-face if they honestly believe they can't write 24 words by hand. :D

Not seeds, but public keys. If they can recover your coins when you can only provide a signature for a 2-of-3 transaction they ask you to sign (since the hardware device has no screen or interface to be able to generate its own transaction), then they must have generated the transaction meaning they must have access to all the public keys.

Whether or not it is more secure than an exchange depends on the details of how it is set up. On paper, a 2-of-3 multisig with them holding one key means they cannot steal your coins. However, users will almost certainly be locked in to using Block's wallet app and obviously locked in to using this device. Do we know the other two seed phrases are generated securely? Do we know that they aren't transmitted to Block? Do we know if the user even gets to see them? Do we know the device doesn't come pre-initialized? Is it all going to be open source? If you lose your phone or hardware device, can you recover your coins without Block's approval? Too many unanswered questions at the moment to be able to say this will be meaningfully safer than an exchange. But we know for a fact it will be significantly less safer than a real hardware wallet. And not only will you have zero privacy as you say, but your data will likely be shared across Block's subsidiaries and various third parties.

I wonder what would happen if the car was invented for the first time today. Turning a wheel and working pedals simultaneously? And turn signals and lights and wipers and washer fluid and a radio? All while other cars zoom around you and you have to pay attention to lanes and traffic signals and stop signs and more? And if you make a mistake you die? Far too risky and complicated. Better to leave it all to the bus driver experts.

Right, I forgot that the phone and hardware device can't create and sign a transaction on their own without interaction with the server.. It feels so unnatural and just.. wrong. I hope this won't gain traction honestly.

Very good questions. If this device and all software accompanying it won't be 1000% open-source (verifiable builds and all that), it would be extremely difficult to verify any responses to these questions anyway, so I'm intrigued to see how this whole thing pans out.

I've never heard of this take before, but it makes a lot of sense! Mind you, where I live, most people drive stick, so you need to work 3 pedals with two feet, steer with one hand, shift with the other and pay attention to all the other little high-speed metal boxes whisking past you, as you said.. :D

You are right, everything can be learned with the right motivation. Who wants to learn, he will do it. The rest, who have chosen a different path, still "can't be saved" from such products as from Square.

Yes, I understand you. This company abuses HW wording and misleads potential buyers. In this thread, you and everyone else are trying to do a good deed by trying to convey the right information and I'm sure some people, after reading this thread, will refuse to use Square's wallet. But what will be the percentage of all those wishing to acquire a pseudo-HW? Less than 600 have read this thread so far. It's like fighting windmills. But I agree with you that the fight against deception must continue.

I don't condone or endorse their way of doing business, I'm just voicing how I see it. This is a fact that is unpleasant both for those present here and for me. I don't take the side of Square, because at the moment I understand that their actions go against the ideas of bitcoin and the principles established in this forum.

This is not the only and not the last case in the world when the bad is presented under the guise of good. Unfortunately.

If Block's servers go down and the app cannot receive an updated balance or transactions, then there must be a way for the user to sign a transaction using the two keys they have in their possession, otherwise the whole set up is completely pointless and no better than holding coins at an exchange. This would rest on the user being able to extract the private keys from their phone and hardware device and import them in to another wallet along with the pubkey from Block, meaning a user setting up this device for the first time needs to back up two seed phrases and a pubkey at the minimum.

But of course, this is far more complicated than a standard hardware wallet which will have you back up a single seed phrase. Which makes me then suspect that this functionality will not be possible given how they are marketing this as a "simple" device, which would mean if Block's servers go down, your coins are essentially stuck in your wallet.

We'll obviously need to wait for full details, but if this is a simple as they say it is then it won't be secure, and for it to be a properly secure multisig then it will obviously be far harder to set up and back up properly than a single sig hardware wallet.

I think they will do all that is in their power not to allow their servers to go down and have backups ready to replace them in case that happens. If the device is intended for people who don't want to concern themselves with saving their own seeds and private keys, the whole system explodes if a server failure forces their customers to have to deal with multiple seeds/private keys and master keys all of a sudden.

Looking back in history, how often have the servers failed on Ledger and Trezor users, for example? In all my years of using Ledger Live, I honestly don't remember not being able to use the software because the servers were malfunctioning. Sometimes there are sync issues with certain coins, that's true. Of course, that doesn't mean that Square's servers will be equally reliable or unreliable depending how you look at it. 

I'm sure they will, but that doesn't make them infallible.

Sure, but then think about all the times various exchanges have gone down. Even massive websites like Facebook and Google experience down time. Just because it hasn't happened yet doesn't mean it's a good set up, just as storing your coins on an exchange doesn't become safe just because you haven't been hacked yet. If the whole set up depends on a single point of failure (Block's servers), then that's a set up I don't want to use and a set up which means they can remove your access to your coins at any time.

If you think about it, this dependence on their server makes it somewhat similar to an online wallet, which is quite scary. Sure, you hold private keys, but you can't do anything with them without Block? Block could literally censor transactions then? That's not even 'not a hardware wallet', I'd argue that this isn't even a real Bitcoin wallet in the first place, if you cannot sign anything on your own (even though you have 2 devices).

Literally anything would then be better than this atrocity. I don't see how they'd implement seed export / seed backup of the hardware device though, if it has no screen honestly. So it must be something like what I described...

Looks like they posted an update a few weeks ago which we missed: https://wallet.build/how-the-wallet-works/

Doesn't really say much that we didn't already know. Mainly just expands on how the 2-of-3 multi-sig set up works. Of interest, they have stopped using them term "hardware wallet" though, and instead refer to it as a "hardware device". They still make no mention of seed phrases, though, so it's still not clear if you can actually back up your wallet properly. Here's what they do say about back ups:

So just by installing the mobile app on your new phone, you are somehow able to recover the key lost from your old mobile app. Still no mention of seed phrases. Does this mean you create an account with them and their servers store another one of your keys? Completely unclear.

So if I lose both my phone and the hardware device, then I have lost 2 out of the 3 keys, meaning only the 1 key they claim to hold is still accessible, meaning the coins in the 2-of-3 wallet are lost. Yet, they say that there will still be a way for me to recover my wallet. And still no mention of seed phrases. We will have to wait for this future update to pass judgement, but it is sounding more and more like they will keep more than the one key they say they will.

At least the hardware device will have an option to use a PIN rather than a fingerprint.

Block developing team is making this reports to get more feedback from people.
They can't answer clearly about anything because they are just in early discussion phase, and as far as I know they didn't even start developing device or making early models.
Pin code or fingerprint security protection and recovery is fine with some people but for me, and servers will probably holding this information in some encrypted formats.

Chances for losing both devices are low in reality, it would be similar like losing multiple devices or backups in any other multi-sig setup.
Holding those devices on different places may be a good idea, but it adds complexity if you are using them often or for daily transactions.

Sure, but that's not what I'm getting at here. If I lose 2 of the 3 keys, and Block are claiming to only hold one key, then my wallet should be irrecoverable. And yet, they say that is not true and I will still be able to recover my wallet. For that to be the case, then unless I have seed phrase back ups (which doesn't seem to be possible from what I've read about this wallet), then Block must somehow have access to the other keys. And if that's the case, then everything else they have said about this wallet is meaningless.

We need more details, and the fact they aren't providing any is concerning on its own. Almost as if they are deliberately trying to keep the inner workings of this secret.

Their intention is to build a device for complete newbies to crypto who don't want to or can't focus on protecting their own data. That includes writing down and storing a set of 24 words. It's supposed to make it easy to use. We know that easy doesn't mean safe, but we are not the target audience. I doubt there will be a seed for the end-user. Maybe they can opt in to get one during the setup process. if not, it will be an account-based app where all operations are confirmed with a PIN, password, fingerprint, and similar.   

So I found a video of Lindsey Grossman talking at Bitcoin Miami. She is the Business Lead at Block for this new wallet: https://youtu.be/WbjzZQwDozw

No offense to her as a person, and she is good speaker, but everything she says just confirms what we said above. There will be no seed phrases, and there will no privacy. NVK makes an important point that you won't be able to just take your seed phrase and put it in to another wallet if you need to, if something goes wrong, if the company disappears, etc. You buy this wallet, and you are completely tied in to Block and their ecosystem. Yes, I appreciate that I am not their target market here, but I fail to see how a 2-of-3 multi-sig reliant on Block's servers and requiring some form of account, identification, passwords, etc., is "more complex" than just writing down 12 words on a piece of paper.

Although I will concede that the prototypes look sexy as hell: https://nitter.net/JesseDorogusker/status/1511714178326695939

Geometrically, yes, but hell, the shape is a 'Twitter NFT profile pic' reference, isn't it? :D

Honestly, I wouldn't advocate for any such product and prefer to teach self-custody, but if someone really needs it, from what I've heard, Casa (https://keys.casa/) sounds like a way better option. As far as I know they have a multisig setup as well, to help you restore your wallet and stuff, but you definitely can just stop using them or still have access to your funds if they disappear.

The higher plans are not cheap, but I see this as a big plus, because as we all know if you're not paying, you're the product. It doesn't mean your data is not sold when using a paid product, but the business is less incentivized to do so if they already make thousands of $ per year from your subscription, right.

Maybe they should consider renaming their hardware wallet from Block to BlackBox, but it reminds me on the model Blockstream is using for their Jade hardware wallet, that is also using server instead of secure element.
This probably means that Block hardware wallet won't have any secure element, that is the reason why they borrowed this idea from Blockstream.
I am not sure have exactlty they plan to sell this crap to millions of customers like they planned, but when I think again it's not that hard when you know they are mostly dealing with brainwashed masses.

We probably have different definitions or meaning for word sexy, because this looks like shit or those cheap fake gemstones you can find on ebay.
It also reminds me on something I would use to put my glass off juice or bottle of beer on...

https://i.ibb.co/4fF8WGk/img27f8a61018eeaf5ffb3a6e1dd669d4b0.jpg

I will never recommend anyone to buy their hardware wallet if they make it like this, even if they put open source sticker on it and give it away for ''free''.

 

What I meant to say was that I am not recommending Casa (Block is completely out of the picture anyway), but it seems much better than Block if you really want to give a third-party one of your keys for the added benefit of helping you restore your wallet in case you mess up. Since Casa seems to be just selling services and encourages & helps people use actual hardware wallets.

I know you said that about Casa and I would agree with you on that, but I was actually referring to upcoming Block hardware wallet.
More things I discover about that device, less I like it, and it's going to be hard to change my opinion about that, unless they make total remake from start.
However, I would like to test this device or read some review before making my final conclusions ;)
 

I would review it, but I also don't feel like giving them money for something I know from the start is fundamentally flawed.. :D
On the other hand, if I get a review unit and I say a single good thing about it, someone will rightfully assume that I say it only because I got it for free or might speculate I got paid for the review. It's such a dilemma!

I've watched a part of it so far and what I find hilarious is how the Arculus guy claims 'if a smartcard is good for securing fiat, it's good for securing BTC'. I mean, if someone finds my credit card, I can block it via a phone call to the bank. If they find my Bitcoin smart card, there is no bank to call and tell 'block this seed'. :D
So far it seems like everyone is advertising their product and no one's claims are questioned or challenged. Like a big ad block.
I do like the SeedSigner guy; he doesn't even mention his name and doesn't show his eyes.. While NVK brags about 'doing NFC'.

Because most people have gotten used to others fixing and doing things for them that they don't want it to change. There is an issue with your credit card, call your bank, they'll fix it. The car won't start, call your auto insurer. The AC isn't cooling like it did last year - don't try to clean it, but call the service personnel. People know what accounts and passwords are. They are familiar with PINs. God forbid we learn new things. Seeds, phrases, private and public keys, and derivation paths... what da hell are those?

Regular people: Can't I just register an account without all that other stuff?
Block: Sure you can, We've got just the thing for you.   

Like freshwater turtles.  ;D

Stop calling it a hardware wallet. The official term is "device". :o

Unfortunately, that's exactly what it is. There will be no mass adoption without the convenience and ease of use of BTC. Square is only trying to give what is the social demand of society. Yes, this is a different, traditional community, using banks, bank accounts, credit cards and so on. This is a completely different society, radically different from crypto community. But with the most important feature for Square - this society is larger, which means it will bring the company a huge number of users, and therefore profit. Both sides win in this scheme: users get what they want (simplicity and ease of use of the device, convenient support and the illusion of a guarantee of the safety of funds), and the company gets clients, money and control of users' finances.

I am not the first day on this forum, so I don’t like this concept at all, but unfortunately, I see that the world will move in this direction: everyone (service and product providers) will adapt to the mass user, who is lazy, stupid and not ready to take responsibility for their finances. And it will set global trends.

It turns out a kind of paradox: crypto community is waiting for BTC mass adoption, but it is precisely the masses that will destroy all ideas and values bitcoin.

There were a couple of parts where she talked about: "What if you die? How do you pass it on to your family? (https://youtu.be/WbjzZQwDozw?t=931)" + they "absolutely have inheritance in mind (https://youtu.be/WbjzZQwDozw?t=950)"...
^{- This may sound like I'm defending their product design, but the issue with the latter part is if one of my family members, somehow manages to get their hands on my seed phrases, there's still no "easy" way for them to use it and I can easily think of various ways that they could lose it.}

I have mixed feelings about it ^{[they look nice, but I think it can easily slip through our fingers]}!

Okay, I finished it now. NVK does question Block on the technical level which is great; e.g. if they have access to the xpub and notes that if they do, there is no privacy since Block knows every single transaction. Lindsey says they're still working on the implementation and has no direct response to his question. I am highly suspicious that transactions below the 'limit' which don't require interaction with the server, actually are oblivious to Block. I also don't believe that the hardware device is already finished and the basic architecture of the whole system (do they have your xpub or not) isn't...

What's interesting from Lindsey too is that I sense they want to implement the app in a way that reminds me of Muun. 'Customers don't want to think about if this is a QR code for Lightning or a QR code for on-chain'. So it seems it will use a combination of both, maybe also depending on what's cheaper at the time. I honestly don't fully understand how Muun works, but my understanding is that it does something similar, somehow using on-chain or LN depending on mempool, transaction size and such parameters.

Funny thing that Elon Musk is trying so hard to take over Twitter now and maybe we are going to see him making his own wallet version soon, it's ego thing you know.
Maybe we are going to see device war soon, Jack vs Elon, finish him  :D

Well I don't really care so much what other people are saying, it's just a noise like wind blowing.
I am not going to hide any bad sides or things I don't like for any device I test or write review, and even if they offer me money I will reveal that information.
In the end, people can decide for themselves if they are going to trust me or not.

I had no idea what that was until I just looked it up about 60 seconds ago. :P

But again, I don't see how Block's set up is going to be any easier here. If all my coins are in their multi-sig wallet and I die, then best case scenario my family member can access my phone, knows my unlock code/password/PIN (or can access a written back up), knows my app unlock code/password/PIN (or can access a written back up), can access my hardware device, knows my unlock PIN (or can access a written back up), and can send all the coins out to a different wallet. If they can't physically or digitally access my phone, then it is unclear how they would recover my coins, but would likely involve them sending proof of my death to Block so they can co-sign a transaction. If they can't physically or digitally access my hardware device, or I have used a fingerprint instead of a PIN, then again, it is not clear how they can recover my coins. If they can't access both phone or hardware device, then coins are presumably lost forever.

Compare all this with my family member simply accessing my seed phrase back up and entering in to a wallet of their choice. Not to mention all the security and privacy drawbacks from using Block. I just don't buy the argument they are pushing that their set up is somehow simpler or easier to use.

It would be transactions above the limit, not below it, which are signed with phone + hardware as opposed to phone + server. But given that Block are offering recovery services if you lose either phone or hardware device, then it means they must be storing all three xpubs and therefore your privacy is zero.

Lucky man! ;)

I believe since they have the ability to restore everything with the loss of phone and hardware device, Block has full control over the coins and can thus send them to the family after they provide proof of death.

I don't see the issue with this as well. It's not very hard and you could just store printed instructions with the seed.

Right, above the limit. So you would set the limit to 1sat to get privacy, that was kind of how Lindsey worded it. As you say, the fact that they can recover everything means they must have the ability to see all your transactions and funds. From the presentation, I'm not sure if the architecture is actually not done / thought through yet (why do they already have prototypes of the hardware device then) or if Lindsey just doesn't know her own project's architecture which seems weird since she's the Business Lead at Block for this new wallet. It appears that it's one of the two, since she couldn't answer NVK's basic technical questions such as if they hold an xpub.

Here is your warning, do not read below this line :-)

Block / CashApp data breach:

https://techcrunch.com/2022/04/05/block-cash-app-data-breach/


So, do we REALLY want these people making a wallet for us?
We know they have some bad ideas as it is for how to make the wallet, now it takes them MONTHS to admit and report on a data breach.

-Dave

After a mad few days at work I was just winding down for the weekend and then you hit me with this? Consider my jimmies rustled. :P

But yeah, it's a bad look. 8.2 million customers being contacted four months after the event. Any data breach is bad obviously, but not informing customers for four months is unforgivable. That's four months to have the data shared and sold, four months to have accounts hacked, four months to be targeted for hacks and scams, four months for fraud to be committed in your name. Customers should be informed immediately so they can take proactive steps to protect themselves, such as password changes and credit monitoring/freezing.

Well, I'd certainly feel safe having my "hardware" wallet rely on servers ran by a company which forgets to terminate the accounts or permissions of ex-employees. ::)

A new breech of customer data and this time it happened back in December. I wonder how many other hardware and crypto companies have been hacked but are keeping it a secret. It's getting to a point where you should consider that your personal data has been leaked unless proven otherwise.

So the ex-employee has client names, portfolio values, payment information, and social security numbers. Wonderful. At least we haven't seen the data being sold somewhere. I guess they got to him in time.

Or even worse, how many don't know due to poor procedures & policies?
Secrets may and probably will eventually leak. If nobody ever knows about it......


Or it was sold but nothing has been done with it yet.
Just out there 'fermenting' till we all forget about it because the next breach has happened.

-Dave

Obviously not, but I think most of the people just don't care much about this breaches and they don't take them seriously enough unless they are affected personally.
More leaks like this happen the more I think we are much better ordering general computer components or devices like raspberry pi, and use them for cold wallets and signing devices like SeedSigner.
I think that millions of people will still use convenient solutions like Square that requires zero brain activity and thinking from your side.  :P

Square is a perfect hardware wallet for Homer Simpson.

https://i.imgur.com/JZI1maK.jpg

I noticed that we often come across this argument: the majority of people want convenient solutions that require no brain activity, and accept that for many people it's a sensible tradeoff of higher convenience at the cost of reduced privacy or security.
But I thought about it and came to the conclusion that this can't be it. Like, what happens when centralized exchanges are hacked? Headlines: 'Bitcoin was hacked'; when data breaches happen, they are played down and people continue to trust these entities. What I'm trying to say: education is needed. There are definitely ways to make it easier for people to understand, even paid professionals exist that help you setup your own self-custody and everything.

I haven't tried it and I don't vouch for them, but Casa (https://keys.casa/) seems like something I'd recommend to someone who doesn't feel comfortable setting up everything solely based on forum entries and web articles and wants a support person they can reach 24/7 as well as some way to recover lost keys.

Of course, everyone's free to do what they want with their money, but I can't really accept 'convenient solutions like Square' as viable for any scenario honestly. If someone doesn't know / doesn't want to put in the time to learn everything, they should rather get a paid advisor like the ones working at Casa to help them set everything up; if wanted, give them a cosigning key, possibly even have them explain and go through multisig with them.

There are ways to get up and running quickly, securely and privately, without already being a Bitcoin and / or technology expert.

Yes it is that simple. People are willing to trade security for convenience. *I* even know better but I still keep some limited funds in a very unsafe way because it makes my life easier.

But the message is wrong.
When a bank gets hacked we don't hear about the US dollar (or whatever) being hacked. We hear about that bank.
When a CC database at a merchant gets hacked we don't hear about Visa & MC & AMEX getting hacked we hear about the merchant.

What we need to do is figure out how to change the message that is being sent when an exchange is hacked. Not that BTC was hacked but that a specific exchange was hacked.

-Dave

I mean, yes, people do this, I'm not arguing against that. I'm just arguing against this being universally accepted as a justifiable option. I'm not talking about usage of a mobile wallet, but for example not withdrawing funds from exchanges or using a system so dumbed down (like Square hardware device) that puts you in disproportionately large risk for very little extra convenience (even over other 'dumbed down' setups), to the point where you don't even own your BTC. Not holding your keys is a line no system that is justified (even in niche scenarios) should cross.

That's another interesting aspect. I'm not yet sure myself, whether it's the people behind mass media (states and billionaires) trying to draw a certain picture about Bitcoin or how this misinformation spreads / spreaded across the population, down to almost every single mass media journalist.

That's different, though. I also keep some coins in a very insecure mobile wallet because I value the convenience of simply whipping my phone out to pay for something when I'm on the move and not having to mess about with an additional hardware wallet. I do this not because I am unaware of the risks involved, but the exact opposite - I am entirely aware of the risks involved, and I have evaluated said risks, and I have reached the conclusion that I am willing to accept those risks for the extra convenience for the small amount of coins I am storing on such a wallet. On the other hand, many users keep huge amounts of coins on insecure web wallets or custodial exchanges because they are entirely unaware of the risks they take by doing so.

I do agree that there is a gap in the market for an exceptionally simple self custody solution, but as I've said higher up in this thread, I do not think this wallet from Block fills that gap. The multi-sig set up they have come up with, which requires setting up an account with Block, a hardware device, and an app on your phone, and managing the interplay between all three of these things, is in no way simpler than writing down a seed phrase.

I'm not even sure that this gap is very large. It could even be argued that downloading a non-custodial wallet app on a modern smartphone, and writing down the 12 words (or just backing up the phone if that's simpler for you - modern phones like iPhone even offer automated daily encrypted cloud backups [[of course no way to verify the encryption..]]), is already 'exceptionally simple' and it will be 100% self-custody.

It will also be easier, cheaper and more convenient than using the Block hardware device multisig setup, since you don't need an extra device at all.

And if you want some extra security, honestly, hardware wallet have come a long way. Especially the ones that you can use with your phone are very interesting to me, since lots of people just don't want to bother booting up their (often old) PC to do a transaction and most of their day-to-day computer usage is actually on their mobile phone.
I can only speak for the Passport, since that's the only HW wallet I've tried in conjunction with a mobile app and it is exceptionally easy to set up and use.

I think this tells you everything you need to know about storing your coins with someone else:
https://www.cnet.com/personal-finance/crypto/coinbase-discloses-customers-could-lose-their-crypto-if-it-ever-goes-bankrupt/
https://www.sec.gov/oca/staff-accounting-bulletin-121

SEC is now requiring custodial services to better explain to their customers the risks of keeping their coins in exchange accounts and what would happen in situations such as bankruptcy, for example. Simply put, if the exchange goes bankrupt, you could lose your cryptocurrencies because they are considered as being the property of the bankrupted service provider. I doubt this new requirement will change people's opinion about using exchanges as wallets though.   

I'm sorry that it wasn't clear; of course I know this, it was a rhetorical question. I continued to say that lots of people don't and therefore, education is needed instead of creating more and more dumbed down devices and services. With this I meant devices like the Square hardware device that abstracts away the concept of seeds, takes away sovereignty and isn't even more simple and straightforward to set up than a non-custodial mobile wallet application.

We obviously didn't understand each other. I know that you are aware of the dangers of using custodians for your crypto, so I was just stating a fact and wanted to mention a new recommendation by the SEC, which I think is good. Since there are still many of those who believe using exchanges as private wallets is a good idea, articles like the one above show why they aren't.

HW from Square, as we know, is not a exchange, but there is an essential common property between them. This is that you give your money for the period of storage into the wrong hands with possible unpleasant consequences. One consequence, SEC points out, could be bankruptcy. In general, the requirements of SEC for me sound like they are telling to exchanges "you can take away the funds of your clients at any time under the pretext of bankruptcy, so please kindly inform them about this." So it turns out that Square, too, one day will be able to declare itself bankrupt and offer to say goodbye to crypto of its customers. It is not necessary that exactly this will happen (can always take it away under another pretext), but such services have a free hand and have all the possibilities.

Virtual Block Investor Day 2022 happened and they released bunch of videos, with full video lasting over five hours, but there is one shorter dedicated to Bitcoin Ecosystem.
People speaking in this video are Jack Dorsey (Block Head),  Steve lee (Spiral Lead), Jesse Dorogusker (Bitcoin Hardware Lead) and Mike Brock (TBD Lead).
Video is about 30 minutes long and it's good to listen what they have to say, so we can get better picture about new device they are building, and how they want people to use it.
Hate it or love it, Block is not going away anywhere.
https://www.youtube.com/watch?v=Vlj72Em7kmk

I only watched Dorogusker's segment and the fact that the recovery process has something to do with the Cloud, it makes me believe there's no "real" advantage in having such wallets for normal or rather tech-illiterate users!

If you have to rely on some cloud to access your funds, you'll run exactly into the issue Bitcoin was made to solve; where's the 'be your own bank' spirit gone?

I have yet to try it, but I believe the approach Casa is bringing to the table (when it comes to serving normal / tech-illiterate users) is the right way to go; self-custody using hardware wallets and multisig is more secure, there is no trust and due to full independence it's much more in line with the actual idea of Bitcoin.

Actually for real newcomers that don't want to spend money and just want to play around with small amounts, it's cheaper, easier and faster to use the BlueWallet or Muun Apps than buying any sorts of hardware device so I'm not even sure there's a market for what they're making. Anyone ready to spend some money and time to set stuff up, will probably quickly come across the more legit and feature-rich, as well as more independent and secure wallets that already exist for a long time.

@dkbit98, I've watched part of the video so far and the hardware wallet part is honestly pretty confusing. First, he talks about all the issues about not having self-custody, but then he presents this super complex system, with phone, hardware device, cloud, accounts, subscriptions, something about exchanges(?)... It seems they're overcomplicating the whole thing a lot, just to solve the apparent issue of writing down a few words and keeping them safe. Honestly, it may seem outrageous to some people, but folks have been securing a lot of stuff by 'writing it down and storing their paperwork securely' for decades. Think of even ordinary people's physical address books or password books; they never lose those. So seed words are more intuitive and easy to secure for the majority of people, than lots of technical folks may assume.

If they really want to 'build this in the open', not only should the hardware and software's code be open source, but the backend code would also need to be open source. It should also at least be possible to self-host this server software, if it's not the default; though I highly doubt many will do that, if they don't even run a Bitcoin node.

What I absolutely love is that it seems we're finally going to get another ASIC manufacturer; not based in China and even with open-source and ready to buy ICs! I'll definitely grab some of those for a few projects I have in mind.

I think they want to create something that all people can use, even if they are not using their brain at all, and most people are sadly constantly on autopilot mode.
Block want's to make hardware wallet for dummies, so they won't have to worry about securing seed phrase or private keys at all.
However, I am not saying that everything Block is doing is bad, they are sponsoring bitcoin developers, making dex exchange, and this wallet will have it's customers for sure.
One reason for this is that Block wallet will be just a small part of their much larger financial ecosystem, so many people who already use their services will probably buy this wallet, especially if they can earn something from it, like they plan.

So I've been through the video, here are the parts which are relevant to the hardware device they are building:

https://youtu.be/Vlj72Em7kmk?t=654
Talks about the three way split they are using again, between mobile phone, hardware device, and the cloud, but goes in to very little detail. Specifically, gives absolutely no technical details at all about how the cloud recovery service is going to work or what data is actually stored on the cloud.

https://youtu.be/Vlj72Em7kmk?t=816
He mentions offering a subscription service for their recovery services. So now we have to pay Block to hold our keys for us? Sounds great! ::)

https://youtu.be/Vlj72Em7kmk?t=830
Partnering with centralized exchanges to earn income from referrals to them. Sounds great for your privacy! ::)

https://youtu.be/Vlj72Em7kmk?t=860
Goes back to what I said here: https://bitcointalk.org/index.php?topic=5341906.msg59309830#msg59309830. Your data will absolutely be shared.

That marketing is very good, but they are using very good marketing to try to convince people that having three different things you have to look after and depending on a third party recovery tool is somehow easier than just writing down 12 words, which I do not buy at all. And I'm disappointed that they still haven't released any details whatsoever on how this third party recovery is going to work. The longer this goes on the more I think that they don't actually know themselves.

He doesn't say they keep your keys, but "a part of your wallet" - whatever the hell that means - but it's true that it makes zero sense. What's so difficult about actually promoting self-custody and privacy? Simple principles.

---

Is it just me or do you also believe there's nothing legitimate behind most of those bitcoin companies? Am I the only one who feels they're spending more time on marketing, talking about it in social media - generally on the appearance, but not on the actual thing?

It never arrived in the first place. The majority of people don't want it. Not even all Bitcoiners want it. Despite using Bitcoin, you can still come across stories of people getting hacked and losing millions of dollars worth of coins they kept in this or that exchange because it was "easier" for them. 

I am afraid that Square will have great success with this hardware thing that will come out one day. You are underestimating the laziness of many, many people. And that's the target audience for Square. Instead of being your own custodian (boring) who has to write down weird words on a piece of paper by hand (how awful), buy this fancy new device that has an app. You click on the app, swipe your fingers here while you enjoy the great graphics and design we made, and you are done. If you run into any problems, click on this button and we promise we will help you. It's all in the cloud, don't worry. Way toooo many people will feel like that's all they need. 

"where's the 'be your own bank' spirit gone?" - Not only do they not want to, but many even can't. Someone, because of their laziness, is not ready to learn new things, and someone is simply not ready for this - there are still many people for whom even making a couple of clicks on a PC is an extremely difficult task. Although it may seem incredible to many of you.

It has long seemed to me that ease of use is needed for bitcoin mass character, because most people don't want to make unnecessary "body movements". The simpler, the more massive. This is exactly what Square wants to give to its audience. Since they are already in the process of implementation, it means that their analysis and risk department (or whatever they call it) studied the prospects and demand of users in detail, which means they saw opportunities to meet their needs.

Square is already on its way to implementing its plans. What can their opponents do? Nothing. This fight has already been lost before it has begun and is similar to the fight against "windmills".

They offer people what they desire - less stress and indulge their laziness. HW from Square is doomed to success.

Offer people the freedom and control of their finances, but given that there are many things to do in terms of learning, managing and controlling security, they will refuse it. They will give up in favor of complete dependence for the sake of "getting rid" of "difficulties" and for the sake of simple actions with a finger on a smartphone screen.

More and more often I have the idea that bitcoin is still not for everyone. Not because someone is "chosen" or better than others, but because not everyone is ready to take control of their financial assets, manage and be responsible for them.

But he also says in the video that if you lose your phone (and therefore the wallet app it contains which allows you to spend all your coins and therefore must hold your private keys), then you can recover it using their cloud recovery service, which means this cloud recovery service must keep either your private keys or a seed phrase.

Block obviously have a huge budget, and they seem to spending a lot of that budget on marketing, videos such as this one, and so on, in an attempt to convince people that they are incredibly stupid and can't possible handle something so insanely complicated as writing down 12 words on a piece of paper. ::)

Until the government come along and force Block to use their copies of your private keys to seize your funds as part of some nameless and faceless investigation. If Block can recover your coins, then they can steal your coins. It's as simple as that.

I don't think users of their device will have any keys or seeds. They will have accounts while the keys are stored elsewhere.

I don't know if you ever watched South Park, but I remember one episode where the Americans believed that China was planning to invade them. I can't remember the specifics. Anyways, they sent a team of experts to China in an attempt to discover proof of the invasion. The Chinese knew what they were doing, so once the Americans arrived they kept taking them to restaurants, night clubs, and held presentations talking about how Americans have huge penises, while the Chinese penis is so small. They returned home happy by the size of their junk, but forgot why they went to China in the first place. Anyways, the point is diverting the attention from the important things (security, custody, wallet safety) and make them focus on something else so they wont ask questions.

Exactly! Block is well aware of that. But they are going to do everything in their power not to inform their users about it. And those who know (like yourself), aren't their market anyways. That's the sad reality of it all.

But this isn't a matter of simplicity. With a non-custodial wallet, you just have to write down a seed phrase; it doesn't go more simple than that. Besides, if you're going to do something, do it right. If, say, they want to convince the people use bitcoin, they should just leave some links to educate themselves. There are lots (https://www.lopp.net/bitcoin-information.html) of (https://btcinformation.org/en/resources) excellent (https://learnmeabitcoin.com/) sources (https://en.bitcoin.it/wiki/Main_Page) to begin with (https://bitcoin.org/en/how-it-works).

But, that's not what they want. The existence of this recovery service displays that they put their sales above their project's fundamentals. They don't want educated clients. They're a business, trying to sell their new product to their followers, most of which have no idea of what they're paying for.

And with an account owned by someone else, you just have to enter your username and a password or maybe your email or a scan of your fingerprint and you are in. If you forget any of your data, you just ask Square and they will be happy to help in contrast to non-custodial Bitcoin solutions (bad Bitcoin, get down), where you have to go through the horrors of writing with your own hand. Yuck! When given a choice between the two, the average halfwit would rather not do or learn anything. 

Yes, but as I said, this isn't a matter of simplicity, but responsibility. It really can't go more simple than writing down 12 words. You don't make it more simple by handing out your custody to Square, you're just ignoring the downsides. Despite the fact that such service doesn't make sense, it's plainly ironic to use bitcoin that way. Satoshi's turning in his grave.  :P

Can't look forward 'til the first Square's keys' breaching.

According to this page - https://wallet.build/how-the-wallet-works/ - the wallet is a 2-of-3 multi-sig with one key stored on the mobile app, one on the hardware device, and one on the cloud. This allows a user to spend small amounts using only their mobile app (by signing with mobile key and cloud key), but require the mobile app and hardware device for larger spends (as the user can specify an amount above which Block will refuse to co-sign transactions from the mobile app, therefore requiring the hardware key instead).

However, the same page also says this:

If you lose 2 out of 3 keys, but then Block can somehow magically recover access to your coins, then although they say they only store one key they must be storing at least another key and therefore have complete access to your coins at any time.

I know mate, but the thing is, you are telling it to the wrong crowd. I am not going to be their customer and I don't see anyone else who regularly frequents this board to become one either. ;D

And that's another thing. Those who will be tricked into purchasing this hardware device, won't have any clue of what satoshi wanted with the creation of Bitcoin. They will see Bitcoin as that new fancy kind of money that you buy today, and when you sell it in a year, you get more USD for it. Not to mention that if you verify your identity and submit your documents, the exchange gives you an extra $10 for free. It's awesome. 

We already have very trusted hw wallet manufacturers and their products work perfectly. I don't see any value making another hw wallet tbh. But then I don't understand why people still get into the restaurant business while they are already at every corner neither.


I don't think Jack knows that much about hw wallets. I don't even think he understands crypto completely. He is definitely not an expert but has lots of money so...

Pulling something out of the air in terms of the recovery if you loose every device I can see them storing it in a way that they don't have access to but you do. Kind of the way the lastpass / and other password managers do it.

But it would still rely on the user knowing username & password & some other form of data. That would make it vulnerable to the $5 wrench attack. Unless there is another failsafe. Something like you need to wait "X" days before it's recovered. Still FAR from perfect or even a good idea.

-Dave

Which will be impossible to verify since we do not have access to their back end to verify anything that they say. Even the entire set up process could be insecure and expose your keys before you even set up the back up. And even if they don't actually have access to it, it still leaves it open to attack.

Maybe they should recommend users write that down on paper then so they don't lose it, since it is so important. And make sure it is a very strong password. 12 random words should do it. :P

I know, but as Leo says in below quote, it makes no sense. It's easier to write 12 words; people write and protect important information on paper since forever. It's not hard, it's known and intuitive and there's little that can go wrong.


Honestly, when they first announced the device, the information available was so vague that I also thought 'they have an idea / pitch right now that makes no technical sense'. There were contradictions and other issues we talked about in the first pages of this thread. It's not gotten much clearer by now and the things they keep claiming sound and feel mostly like 'yeah, that's good enough to get some investors'. But I'm not certain they've figured out the rough architecture of the system by now.

The wallet is supposedly recoverable even if you lose your phone and the device, so there's no need for either at all. Anyone with basic knowledge of Bitcoin can understand this. Then it's just an online wallet with extra steps. But at the same time they claim that it's not just an online wallet. So it remains to be seen if and what they'll come up with, but honestly if you go for simplicity, there's nothing really much better than a software wallet and maybe a support person to talk to. As soon as you introduce extra hardware it gets more complicated than without it.

I think there are some good companies, but they are those who really embrace the Bitcoin spirit, open source and everything that comes with it. Compare Lightning Labs' LND (tons of marketing, performance issues, hindering development of privacy stuff like bolt12, trying to develop own / proprietary stuff) against Blockstream's Core Lightning (little marketing, runs on any hardware, lots of community contributions, modular, ...). For me, you already feel a difference if you compare LL people to Blockstream's Adam Back, of course long-time forum user here as well.

These are exactly the contradictions I'm talking about. They either have massive miscommunications between each other, or they don't yet actually know how they want to implement the whole thing.

Or, option 3, they know fine well that they will be storing all your keys in some form and therefore have complete control over your coins, but as Pmalek says, they are counting on the fact that their target audience won't understand this and are being deliberately misleading with their marketing when they say that you will have full control over your funds.

It would honestly be kind of disappointing, because other plans and projects from them don't sound too bad, as I remarked earlier. For instance, having a new ASIC manufacturer around would always be great to see, but if they were really to sell such a misleading product at the same time, it would be hard to support such a company.
I guess it really remains to be seen because any info we have and get from them, even now, months later, is still super unclear.

Compare that with a traditional (non-Square) 2/3 multisig setup. If you lose 2 out of 3 private keys, is it possible for you to recover them by proving to a company that you are the legitimate owner? And if such a system exists, that means they store the keys as well "protected" behind some security questions, passwords, or PINs. If you lose 2 out of 3 private keys in a normal multisig, your coins are gone. If you do the same with Square's device, there is no need to worry. But we know what that means.

You probably will have full control, meaning access to 2/3 signing keys if they go for a 2/3 multisig. The thing they aren't telling you is they will have full control as well. Shared full control of private keys.

Agreed, but I really don't see how it can be anything else. If they can recover both your mobile key and your hardware key if you are to lose both devices, then they must be storing all three keys in some way. They might claim they are encrypted, that Block can't access them, and so on, but that will be impossible to verify and you are still left trusting a third party completely, both for their honesty and their technical competence in setting up their back end and security systems.

I don't consider shared control to be full control. Full control means that I, and I alone, have control over my coins. If you can unilaterally move my coins and therefore revoke my ability to access them, then I don't have full control over them.

Me neither, nor am I defending that model. I am just making conclusions based on the things that have been revealed here about Square.

You have (full) control in the sense that you can move your coins without requesting permission (It sounds incredibly stupid even writing this when you are thinking about Bitcoin) from Square because you have two of the private keys. But you don't have full control when it comes to the sole custody of said keys and the coins they are supposed to protect.   

Well, it's possible this 'feature' will be dropped. Or opt-in or something. As you correctly say, it would be possible to build a system like this:
[1] setup normal 2-out-of-3 multisig
[2] they refuse to cosign for large amounts
---
^ this is the first 'killer feature' they want to implement

[3] they have an encrypted version of your two seeds (local encryption before sending & open source software could make this fairly trustable)
[4] if you lose your two seeds, they can give you those encrypted ones and you have to enter a password to decrypt them
---
^ this is the second 'killer feature'

However, [4] requires choosing and safely storing a strong password, which completely defies this whole concept that is based on the assumption that people don't want to write down and securely store a 12 word seed.

So technically, the two things they want to accomplish, are possible, but then the whole thing makes no sense. If there's no encryption at play, so no password to be written down, then it's not secure as they claim and they could steal all your funds at any time. So it wouldn't make sense either. This is the dilemma I keep talking about.

Another point to consider: We haven't talked about privacy yet, have we? If your wallet sends transactions to their server to be cosigned, especially if you also use other Square apps (they can share data amongst each other, even on iOS) and / or use the proposed exchange feature inside the wallet, all your transactions will be linked to your real life identity.

If they want to play the semantics game, technically even an exchange's hot wallet could be considered 'full control', claiming you can click the 'withdraw' button any time and nobody else, so you and only you have full control over those funds :P (I know, right? Utter bullshit.)

In this scenario of yours, does the user still have access to his mobile app and device where the keys are stored or did he lose one/both of them? If it's a normal 2-out-of-3 multisig, Square's signature wouldn't even be needed. Having the control of how much the user is and isn't allowed to spend from his own money is another highlight in the long list of 'no thanks' for this product of theirs.

Precisely. Either their solution requires you to back up a strong password, which is no different to backing up a secure seed phrase, in addition to being much more complicated to use and recover from, OR it is completely insecure and Block can steal all your coins at any time. Neither is good.

Even if you decide to never use their server and co-sign all your transactions with the hardware device, the initial set up of a 2-of-3 multi-sig requires all three devices to have the master public keys from the other two, meaning Block can still see all your addresses and transactions, even if you never interact with them (although I'm certain that their mobile app will connect to their servers and their servers alone, so even without the multi-sig set up they could still monitor everything you do).

It's not my scenario; it's one of their two aforementioned 'killer features' they've confirmed multiple times: you can set a threshold below which the hardware signer is not needed since they'll provide the second signature.
For higher amounts their server will deny to sign and you will need to use the hardware device. The idea is that if the phone gets stolen the thief can't spend all your funds.

Most recent blog update: https://wallet.build/product-principles/

Still absolutely no information about how these recovery tools will work or where else your keys are going to be stored to allow recovery to happen...

Does say a couple of things I found interesting though:
I find it hard to believe that the people are Block honestly believe that most people are trying to memorize their seed phrase or have it written on a post-it note and stuck on their monitor, when every other hardware wallet in existence which uses seed phrases is very clear that it should be written down and stored somewhere safe, secure, and hidden. I suspect this is part of their marketing - sow the seed (no pun intended) that seed phrases are bad by focusing only on the most insecure way of using them, so their overly complicated 2-of-3 app/hardware/server solution seems better in comparison.

Sounds like a privacy nightmare.

Thanks for the update!

Yeah; that's very questionable. Essentially a classic strawman argument.
For usability, I find that giving customers two microSD cards and extremely easy instructions to follow ('pop it in and click a button'), as well as telling them to write those words on a securely stored piece of paper, is easy enough for anyone.
By the way, the 'original password manager' (paper book) that older people are ridiculed for, has been shown not to be as bad as you would expect. Writing down any type of 'secrets' and storing the paper holding them securely (for decades) is very natural to humans, even going back hundreds and thousands of years, so I don't see why the 2022 human should be too stupid to accomplish it.

It already begins with them sharing the customer data with their other (sub-)companies, which is standard business practice.. So far, I'd say: keep your hands off this device at any cost.

Integrating exchanges and API calls to all sorts of '' is something I've never understood.
Like Loyce (https://bitcointalk.org/index.php?topic=5389446.msg60559095#msg60559095), I'm a big fan of the KISS principle (https://en.wikipedia.org/wiki/KISS_principle), so it's unbelievable to me how companies think they need to maximally dumb down their products, whilst at the same time throwing waterfalls of garbage at their customers such as myriads of shitcoins to choose from, as well as more often than not NFTs, leverage trading and all this sort of stuff.
This doesn't all need to exist in your wallet (if at all, but that's another question).

I've now stumbled across this video from Consensus 2022 (https://www.coindesk.com/video/consensus-festival-2022-highlights/buying-your-first-crypto-wallets-and-exchanges-101/), again with Lindsey Grossman as we saw in a previous video (https://bitcointalk.org/index.php?topic=5341906.msg59859169#msg59859169). Skip to 12:42.

She says that all software and hardware wallets are "very difficult to use" and "anxiety producing". She again repeats this nonsense that people are "remembering" their 12 or 24 word seed phrase, comparing it to people forgetting passwords. I suspect this strawman is going to be a large part of their marketing to users who simply don't know any better. (And still no information about recovery. Almost likely they are keeping this part deliberately hidden?)

Yeah, I said as much on this post: https://bitcointalk.org/index.php?topic=5341906.msg59309830#msg59309830

I just don't follow what they are trying to do here. They say writing down 12 words is too complicated and they want to make something simpler. So they create a wallet which requires two devices, an app (with presumable a PIN or password), an online account (with an email and password), will require the user to set up these three things and manage the interplay between them, will likely require KYC or some form of identity verification for their recovery tools, and will be filled with integrations to "exchanges, other wallets, traditional financial institutions, and payments providers" (no doubt meaning the app will be filled with ads, affiliate links, and loads of unnecessary features like swapping bitcoin to shitcoins, staking/lending, etc.)

I just don't see how any of this is simpler.

Leaving out all the other comments as to why I don't like this device, I will actually give them a small pass on this.

For 20+ years now businesses have been conditioning people not to write down passwords for security reasons and that if you forget your password to your bank or whatever there is a way to recover it. So on one hand we have 2+ decades of oh you lost information, here it is. On the other side we now have sorry you lost a few words out of 24 word seed, sucks to be you your BTC is gone forever.

Many other reasons not to like them, this is one of the smaller ones.

-Dave

She did mention that their hexagonal shape HW components are part of the recovery process in case someone loses their phone ^{[at 14:51 (https://www.coindesk.com/video/consensus-festival-2022-highlights/buying-your-first-crypto-wallets-and-exchanges-101/)]}, but I'm going to argue that it's a lot easier to lose those tiny HW components than the phone itself!

Here's the issue:

They are creating a 2-of-3 of multi-sig set up. They state that there will be one key is on your mobile app, one key in your hardware wallet, and one key on their servers. However, they also state that if you lose your phone you can recover your app using your hardware wallet and your online account, and if you lose your hardware wallet, you can recover this via your app and your online account. They also state that if you lose both your phone and hardware wallet, you will still be able to recover your wallet via your online account:


Now, these two positions are mutually exclusive. They cannot claim that they are only storing one of your private keys on their server, but then also state that if you lose both the private keys you are storing that you will be able to recover them from their servers. They cannot be able to provide a back up of two of the keys if they aren't storing either of them. Which means either they are lying, deliberately trying to pull the wool over the eyes of users who don't understand this, or they haven't actually figured out how any of this is going to work yet.

I find it pretty disingenuous that they keep pushing this recoverability as a big selling point while providing absolutely zero details on how it actually works.

I just thought real hard and came up with an idea on how the highlighted part may be solved.

It's certainly not a good one and would make the device look even worse, but be technically correct. Hear me out:
[1] One key on Square server
[2] One key on hardware signer
[3] One key on the phone -- but -- not actually on the phone, but in an app on that phone, which is just a software client for essentially an online wallet

This way, if you lose phone and signer, you login to your account on a new phone or on your PC; then together with key number 1, you can restore the multisig wallet.

Besides the obviously flawed nature of online wallets (not your keys), this would also actually put 2 out of 3 keys on their server, as obviously this 'email + password' account will be on their server.
But it's the only way I see their 2 following statements working together:

• It's a 2-out-of-3 multisig setup.
• Quote from: https://wallet.build/how-the-wallet-works/
  If you lose your hardware device, or lose both your phone and your hardware device, there will be ways for you to recover your wallet based on the security settings you’ve defined when you set up your wallet.

Nevertheless, I think you might be onto something.  It's not beyond a company with that kind of ego to decide the general public are not to be trusted with their own security.  Yet they keep digging in, and continue to use phrases like "self-custody" and "self-serve recovery."

This is from the latest post on their blog;

If I remember correctly, there was another (unrelated) service (wallet?) in the past that claimed you had 'self-custody', since you could display, backup and restore your seed words, but also access your account (which included the seed) using an email and password login.
This means that you did have 'full self control over the funds', but they did, too! :D

I'm not saying Square is doing this, just saying it wouldn't be the first time..

I just find it ironic that some bloated-ego blowhard who tried, (and failed) to lecture us on "misinformation," ending up wrong more often than not, and trying to prevent open discourse which would allow people to make up their mind still thinks so highly of himself that, once again he's trying to protect us from ourselves.  And, to do so, he's spreading misinformation.

Even if it was the best hardware wallet on the market I wouldn't give that shitforbrains a single penny of my money.

Reading through their blog posts and Twitter accounts, it sounds very much like you can recover either the phone or the hardware wallet (or even both) just by using some as-of-yet unknown recovery tools. This necessitates them storing all three keys. The only way I can see this being possible with them still being able to claim they only have access to one key (without just outright lying) is for them to store your other two keys but encrypted. The only way this would (kind of) work* is if those keys were encrypted by a client set password, but then you still have the problem of if the client forgets the password. Which then leads us back to square one of how they can promise recovery if the client loses/forgets everything. The only way I can see this happening (client loses phone, loses hardware wallet, forgets account password and can still recover their wallet) is via KYC. And don't even get me started on that. ::)

And don't even start to tell me that all this is somehow simpler than me typing 12 words in to a new wallet.

*I mean, not really work at all, since we would have absolutely no way of verifying that they were encrypted, encrypted securely, and that Block couldn't access them, even if that's what they claimed.

I'm not following; is this about Jack Dorsey? I honestly have no idea about him except being Twitter CEO and Square founder.

An account- / password-based system that encrypts the seeds and then uploads all of them to Square may potentially be sold as viable alternative to simple 12 or 24 seed phrases, because it abstracts away the importance of the password (in this case as important as an actual Bitcoin seed phrase!!) and lets them recommend customers to store it in their password manager like every other password.

It would - again - be a very bad scheme with low security and no benefit compared to just storing the seed phrase yourself.

Oh my God the horrors of having to enter 12/24 words to recover your coins. How did we survive this ordeal for so long ??? Thank you Square!

Yeah, obviously. They know that what they are saying is not true. But they want the potential users to feel as stupid as possible by telling them you can't do that. You don't know how to. You are going to make a mistake. Your only choice is trusting us with our new revolutionary innovations that will make your life easier.

Absolutely, and I can't really believe that this is what is underpinning Block's entire security schematic, but there is simply no way for them to be able to help a user recover the key from either their phone or their hardware device without Block having access to those keys in some form.

This is what it all boils down to. A self-custody wallet that requires complete trust in a third party, which is not a self-custody wallet at all.

It would be great if they could actually just reveal how their recovery mechanism will actually work, but each additional little bit of information they leak out over time are doing nothing to change my mind that I will never be using nor recommending this wallet.

Square just invented shared self-custody. You are in custody of your keys, but they have custody of your keys as well.

Unless the userbase they are targeting starts asking such questions, they probably won't do that. It will be interesting to observe how this approach of theirs has been received by their community members. If the feedback is positive and people only have good things to say about what Square is doing, it will just give them the needed motivation to keep pushing forward. 

I'm loving the technical understanding with which this thread is able to call out their bullshit word by word.. :D

https://i.postimg.cc/VvSvLmSF/image.png

How about this for a name: The 'trust me, bro' wallet by Block / Square?

In the beginning, I assumed that the whole thing was still in draft phase ('good enough to attract investors') and 'we'll figure out the technicalities later'. But by now they should have an idea if what they envision is possible and if not, adjust their promises accordingly. Mistakes are human, and honesty is crucial.

---

This one's for you Pmalek, 'shared self-custody' - that's too funny! :D

https://i.postimg.cc/8c643yQP/image.png

Yeah, that's him.  Not a fan, as you can tell.  Sorry to start slinging mud in this thread, but HE started it.  :P


Brilliant.  I think you just coined the term for the next generation of Hardware Wallet Shysters.

I just had a glance at Blockstream Green (https://blockstream.com/green/) wallet, since it's one of the reproducible mobile wallets on https://walletscrutiny.com/.
Apparently, Blockstream actually invented shared self-custody, before Block??


Has anyone looked into this further? It seems like a similar concept where you need to cosign using a second factor, but their server is what enforces this and ultimately cosigns, after you present ownership of the second factor.
For example, has anyone had a look whether all transactions are sent to the server (massive privacy issue) and whether there are other problems with the wallet?

I'm telling you guys, the number of wallets that I can safely recommend nowadays is so tiny..
Especially for mobile. How hard can it be to make a Bitcoin wallet that actually follows Bitcoin core principles?

I get it that in some fields, all the software that's available is super complex and has more features than what the majority needs; thus, there's a market for a more convenient, even though maybe less privacy-friendly alternative.
But...
[1] This is Bitcoin. Its whole purpose is to leave the responsibility with the user and let them be their own bank. With both the risks and the benefits that this entails.
[2] The situation I described above, was over 10 years ago - when Bitcoin Core was the only wallet around. I totally agree that it's not possible for every person on the world to download the whole blockchain and lots are willing to offer up some privacy to be able to use Bitcoin. That's why Electrum came around and became so popular (and still is till today).

But aren't there enough 'convenient, but not totally private' wallets around by now? At a certain points, no one is better than another and just looks a little different. I believe we've reached a point where simply bringing Bitcoin Core to mobile would be a huge revolution.

I might be focusing too much on semantics here, but it looks like an optional feature to me based on how they said it. We offer you the option to use Multisig Shield... etc., etc. Maybe it works in a different way as well. I am just guessing here, I am not agreeing with any type of shared custody.

With the Multisig Shield, the user seems to have access to two signing keys while Blockstream keeps one. That's similar to what Electrum does with its 2FA. It's an optional feature that you don't have to use. And even if you do, you can still recover your coins and get access to your bitcoins since you have 2 out of 3 signing keys. 

Blockstream Green used to be known as GreenAddress until Blockstream acquired it and made it their own. I think the difference here between this and whatever Block are making is that Blockstream are open that they only hold one key and therefore cannot access your funds. If you lose your other two keys, then you lose your wallet. This is obviously in contrast to Block, who say if you lose your other two keys then they can somehow manage to recover them.

In terms of your question about mobile wallets, I would just stick to Electrum. If you want to use it easily but not very privately, just install and run. If you want to go a bit more technical but a lot more private, point it towards your own Electrum server.

That's a good point! Green doesn't have Square's whole recovery problem (allowing to recover after losing 2 keys) - this is about security.
But what about privacy? Is there a way they (or Electrum) can implement 2FA without knowing about every single one of your addresses (and transactions) or not?

Do you know whether Electrum on Android supports hardware wallets or exporting and importing PSBTs in general? Being able to do so would also be handy if someone had a PC-based airgap setup (keys on old offline PC).

The Android version of Electrum doesn't support hardware wallets. During the creation process, there is no option to pair it with a hardware wallet. Regarding PSBTs, I have never tested it personally, but since Electrum for Android allows for scanning of QR codes, I am guessing that it should work. 

Alright, nice. I will try it out soon with Passport. In theory, watch-only of Passport's xpub + PSBT input / output support would fully qualify as 'hardware wallet support' for this specific device.. :)

Latest update: https://wallet.build/losing-your-keys-without-losing-your-coins/

In summary:

• If you lose your phone, you can recover the app and its associated private key from a cloud back up. Because we all know how legendarily secure cloud back ups are. ::)
• If you lose your hardware device, you can sweep all your coins to a new multi-sig set up after a delay. Better hope you see the app notification warning so you can cancel the transaction if someone else requests the sweep!
• If you lose both, you can use social recovery if you set it up in advance. Block will email some trusted contacts who will then be required to confirm it is you who is making the request. You can then use the server key plus your cloud back up to access your coins. This becomes a massive attack/phishing vector as well as relying on a whole bunch of unknowns, such as trusted contacts remaining trusted, continuing to have access to email accounts, not forgetting passwords, email clients not shutting down or locking them out of accounts, etc.

The blog post goes to great lengths to explain how bad seed phrases are. It also gives three scenarios in which the above three recovery methods would be necessary. In all three of those scenarios (lost your phone, lost your hardware, your house burned down), a seed phrase back up secured off site would solve all your problems immediately without having to rely on cloud servers, trusted contacts, delayed sweeps, etc., and all the attack vectors and points of failure that these things introduce.

It also seems quite concerning that if you don't set up social recovery, then you actually have no way of recovering your wallet.

The other side of this is I really don't think we are their target audience. Taking a GIANT step back from good / bad I think I see where they are going with this.

They seem to be heading down the rode filled with people who want to buy / sell / trade / use crypto but not really deal with it or learn about it.

The kind of people who take 2 online security classes and think they are not cybersecurity experts even though they have no idea how to do a DNS query from the command line.

The kind of people who buy a Corvette and now think they can drive better by virtue of having a sports car.

etc.....

OTOH it's probably the same way professional stock traders look at people here and go "Oh, how cute, you bought 2BTC for $20000 last week and just sold them for $24000, I bought 500000 shares of F at $15.95 yesterday at 11:55 AM and sold them at $16.07 45 minutes later PM but yeah, you are a trader......"

We look at this thing and see a security / privacy disaster. Others look at it as something entirely different.

Look at is as a device for people who don't know, BUT ALSO DON'T WANT TO KNOW. They understand the "Not your keys, not your coins" but don't want to know what a key is or why it is or anything else. They can just now know that their keys are in this thing and they are theirs and if something goes wrong they can get them back.

Not saying it's good, just what I think it is.

-Dave

I actually don't dislike the "social recovery" method that much. I wouldn't use it, but judging by the brief explanation you provided, it remains an option. Not one I would take rather then seed phrases and passphrases, but still. If we rule out the possibility that all your trusted contacts turn on you and they don't lose access to their emails or get hacked/phished at the same time, they will be able to confirm if you are the one who is trying to access your seed or not. They can meet you in person and ask, they can call you, they might even live in the same house as you...

2 out of 3 persons have to confirm it really is you. And it's an optional feature. But they didn't mention if it's possible to change your trusted contacts in the settings. If your best friends sleeps with your wife, maybe you should change both. ;D

It still remains an unappealing system altogether, but no one will take us seriously if millions of people around the world decide that's exactly what they need. :-[

I appreciate your points, but here's the thing - the keys aren't fully theirs. One is stored by Block. One is stored in the cloud. One can be accessed by your trusted contacts. There are a lot of additional attack vectors here beyond a classic hardware wallet and a seed phrase back up.

Then set up your own multi-sig and give the seed phrase/xpub back ups to your trusted contacts yourself. Absolutely no need to involve a centralized third party with all the trust, security, and privacy implications.

But the catch with that is they collude and can recover the BTC without you.
Even if you have 9 of 12 multisig if 9 of those people get together they can take your money.

With the square wallet YOU have to start the process. Not saying it's better, but it is something to think about.

I thought about it more since I posted it, and I am still going with we are not their target audience. And looking at it as if we are gives a certain view.

There are some people who are perfectly happy with the coffee at 7-11, there are others that these people: https://georgioscoffee.com/collections/frontpage are just about adequate in a pinch and the 7-11 coffee is good for cleaning drains....

You can probably take a look at just about anything and see how enthusiasts look at items that are way way way sub optimal perhaps to the point of being actively bad in their opinion but are just fine for people who 'just want to use it' and don't care.

See the above 7-11 coffee as an example, some people think of coffee as just being a caffeine delivery system vs people who like good coffee vs people who setup their own coffee roaster in their garage.

-Dave

I don't disagree with what you are saying, and you are right. However, those who know or are willing to learn how to create multisig systems won't be targeted by Square as potential customers. Those who don't know how, aren't willing to learn, or just want it done as quickly as possible without lifting a finger, those are the potential customers. And I am afraid that group is much bigger then the first one.

Square might change their opinion about this and make it possible that the trusted contacts start the recovery process as well. They really shouldn't though. What happens if the owner of the coins dies and the social recovery is the only way to get access to the coins? 

Social recovery is used if you have lost both your phone with the Block app installed and your hardware wallet. So you would be emailing Block or filling in an online support form with details such as your name, address, or whatever else you handed over to Block when you first set up your account, or perhaps some of your bitcoin addresses so they can identify your account. It stands to reason that one of your trusted contacts, if they were conspiring with your other trusted contacts to steal your money, would be able to spoof this information without a huge amount of trouble. I don't think that presents any real barrier over your own multi-sig set up.

I accept those points, but I guess this goes back to what we discussed just the other week here: https://bitcointalk.org/index.php?topic=5407473.msg60661465#msg60661465

We are not the target audience for web wallets like blockchain.com, but we still discuss it and we still warn newbies (who are the target audience) just what a terrible idea it is to use such a wallet. And while I am not the target audience for this Block wallet, that doesn't mean I shouldn't discuss all the security and privacy vulnerabilities they are introducing with their recovery methods, especially since they themselves seem to be glossing over all these disadvantages and presenting their set up as some sort of new gold standard.

There. You (and Hal) hit the nail on the head.

I don't think anyone here is going to be surprised if Amazon indeed launches an "AmazonCoin" to replace their Gift Card system, Apple launches an "AppleCoin", etc, around 2040, only instead of using a decentralized blockchain, it is actually just a CBDC (Corporate Business Digital Currency) that can only be settled on their own servers i.e. there is no offramp.

It's 2022. We already have Corporate Business Digital "Currencies". Apple Pay, Meta Pay, Google Pay etc. It doesn't matter if you're paying in USD, it's as centralized as possible. There are already countless of merchants who adopt these payment methods, and these mega companies have massive control. Tell me why an "AppleCoin" would make any sense.

On the other hand, a Central Bank Digital Currency (these companies can use as their software's unit) makes a lot more sense.

It would only make sense if the adoption of cryptocurrencies reaches a certain level.

Then you can guarrentee that some idiot somewhere is going to think that shelving their physical gift card system and converting their digital gift cards to be backed by fixed units of CDBC is a good idea, and everyone's going to copy the first company that does it (probably Apple, if nobody challenges their supremacy by then).

I don't disagree, but I don't see how what they're offering is any more convenient, more simple or gives the user more confidence than going through a multisig setup with a professional from https://keys.casa/ step by step and doing it right with a helping hand guiding you along.

If I think about technologically 'weak' people around me, I'm sure as hell they'd prefer Casa over a complex system like this and there is ZERO chance they'd be able to restore a cloud backup of their phone, have friends who can be trusted to still have access to their email address in a few years' time, etc...
While giving them a phone number to call and providing instructions as to which words to put into which software is definitely something I can see them able to do.

This is my benchmark and Square is probably going to losing it on every point (in my opinion).

The more I have thought about this the more uneasy I am that they are doing away with seed phrases altogether. The only way to fully back up your wallet with the description they have given is with social recovery. Without using social recovery, then if you lose your phone and hardware wallet then your wallet is permanently lost (actually, Block can still access it, but they say they won't).

By using social recovery, you are reducing the security of my wallet and my coins to that of my recovery users' email passwords. And as we all know, people are in general horrible at generating or using secure passwords, at not reusing passwords across sites, at keeping passwords safe, and at continuing to use passwords which have been compromised in data breaches. You also have to blindly trust the email providers of all your recovery contacts, for both the security and the ongoing functioning of their service. And you also have to blindly trust Block themselves, for both the security and the ongoing functioning of their service. If any of these things fail, then you do not have a back up of your wallet.

Just give me a seed phrase already.

Square/Block is right about one thing in their latest blog post, people are generally terrible at creating and remembering secure passwords, and even worse in remembering seed phrases.
However, I think they are wrong when they say that most of the new people are intimidated by seed phrases, but they can act irresponsible and enter seed words in random phishing scam websites.
According to them people shouldn't be allowed to use any passwords or pin codes in their life, and they would need to have virtual babysitter cloud for everything they do in life.
If I understand correctly they have a plan to use some kind of Cloud Backup and I don't like this, even if it's encrypted, it's someone else computer device.

Just reading some of the comments on their Twitter post and some people ''can't wait'' for this device to be released... like it's solution for all their problems  ::)
https://twitter.com/max_guise/status/1557400948737069057?s=20

They are, but that doesn't mean they should get rid of Bitcoin's underlying security feature. More precisely, they aren't getting rid of it, they are just keeping the information for themselves in a cloud.

One should never generalize and think that everyone is the same, but that's not that far from the truth. When I consider my friend circle, I know many instances where they have been hacked, or had their devices and social media infected with nasty stuff. It was particularly funny when one friend got some malware that would shout insults over private messages to random people, so his parents got pissed at him for cursing at them. The occasional invitation for group sex from your aunt and uncle is also not to be forgotten, or links to download Severina's porn movie. I have seen how people work their phones. They open weird links that redirects them somewhere with popups and messages and without thinking or reading they just click the first button they see in an attempt to close the ad or whatever it is as fast as possible. But not everyone is like that. 7/10 or 8/10 probably are.   

Block (ex Square) developers decided to reveal more information about their upcoming hardware wallet device, and this time they talked more about processors.
They first considered making their own open source ASIC processor but that would prolong release date, and have other complications along the road.
This is why they decided to choose one of three models, Secure Element (SE), System on Chip (SoC), and Microcontroller (MCU).
Final choice was Silicon Labs EFR32MG24 secure MCU  that is based on the ARM Cortex-M33 architecture, and they plan to release firmware and hardware design open source as much is possible.

Looking at their release design we can see device with usb-c connection, Li-Po battery, fingerprint sensor, nfc coil and rgb led.
In heart of everything is Silicon Labs EFR32MG24:

https://i.imgur.com/gxQdxww.jpg
https://wallet.build/processing-our-processor-choice/
https://www.silabs.com/wireless/zigbee/efr32mg24-series-2-socs

That's all well and good, but their idea of having a 2-out-of-3 multisig that can be restored through their servers after losing 2 user keys is privacy-infringing at best and insecure & unreliable / not resilient at worst.
I sincerely hope they strip that and make it just a hardware wallet with (obviously) the option of doing plain old, regular multisig. Offering users the option to give them one of the 3 keys, would still be possible.
But a few things are just needed for any good hardware wallet (non-exhaustive, just stuff that this current device is missing in its current form):

• Seed phrase backup / export
• Restorability without aid of external server
• Possible to use without external server
• Screen to verify transaction details

This is not their own invention by any means, I think that Blockstream (and maybe some other manufacturer) is using very similar strategy with their Jade hardware wallet for years.
I have nothing against people who want to use this babysitter approach, but make it optional and give people a choice to not use it if they want to take the risk.
Problem with this approach is that it could happen something similar like with iPhones, they remove chargers from box and next year everyone removes charger from packaging.
In scenario with Block hardware wallet taking big market share, other brands (like ledger) could easily follow to make similar change.

The problem with making it optional is that it lacks the basic features required to use it standalone, that I listed above.

Honestly, I don't see this happening. I've yet to encounter anyone who likes the idea of such a device and Bitcoiners in general seem to get more educated and more cypherpunk - thus committed and usually able to handle their seeds themselves - by the day.
At most, a company like Ledger that is targeting non-Bitcoiners (watch their music video advertisements, NFT and Altcoin focus), may start rolling out something similar.

But fortunately, there are enough competent companies that I'm confident won't lose their focus on sovereignty and commitment to the Bitcoin ideals.

It is optional. The option is not to buy this custodial, impossible to properly back up, product and to buy a real hardware wallet or use an airgapped computer instead. :P

I do think dkbit98 has a point here. Even the two biggest "classic" hardware wallet manufacturers - Ledger and Trezor - have made a bunch of questionable decisions recently, such as Ledger integrating a KYC dedit card in to Ledger Live, and Trezor implementing AOPP before having to 180 and remove it after community backlash. It's quite clear that neither company is solely focused on a "commitment to Bitcoin ideals".

Which hardware wallet manufacturer would people say is the most focused in this regard? Passport?

To be fair, I personally believe the AOPP thing was 'easier to miss' - compared to integrating KYC - as it was disguised as 'well it's just simplifying message signing for users' (something that's always been possible and enforced by some exchanges).
So, a bunch of wallets I like and still use till today, just went with it and added AOPP support. Fortunately, they realized their mistake when the community pointed it out and reverted it in days, if not hours.

I can't really say for sure; there's no perfect device. But most focused, probably Foundation Passport, yes.

First criterion would be Bitcoin-only (at very least the option to get a Bitcoin-only firmware); that already eliminates a lot of hardware wallets.
My list after that criterion would be:

• Foundation Passport
• Trezor Model One & Model T
• Keystone Pro
• BitBox02 Bitcoin-only
• Coinkite ColdCard

Then, Bitcoin for me is synonymous with open-source and verifiability - hardware and software. This removes a few again, leaving us with the following (to the best of my knowledge).

• Foundation Passport
• Trezor Model One & Model T
• BitBox02 Bitcoin-only

It's worth keeping in mind that only the first of these 3 has no option for altcoins whatsoever (you fund altcoin support development by buying a device that can support alts).

I know I really sound like a Passport shill in threads, but I encourage anyone to read my honest, unsponsored review (https://bitcointalk.org/index.php?topic=5382675.0) in which I point out all of its flaws and issues and I think I'm vocal enough about them. It's just that for me, as of now, it's the only device that ticks all the 'essential' boxes, even though it does have its flaws.

I would be careful with block/square in near future, because based on their history they have plan to sell this hardware wallets in big packages to various companies and bussiness, not so much directly to individuals.
Than this companies would offer Block wallets to people who work for them or their partners, along with other Point of Sale devices they offer.

I think Ledger is mostly targeting shitcoiners :D
All updates on their ledger live application is mostly altcoin related, adding and updating bunch of worthless tokens all the time.

I would say that Passport and Trezor are still on top, especially with upcoming Trezor device with new secure element and bitcoin only firmware.
Good alternative option is to step away from all manufacturers and make your own DIY devices with rapsberry pi zero and similar devices (seedsigner and krux).
I am saying anything is perfect, and there are always pros and cons for everything you choose.

That may be so, but the fact remains that it was designed by a blockchain analysis company to help promote government regulations. If random members of the community can see the inherent problems with that, then Trezor (and all the other wallets which initially signaled support) should have known better too.

But they still have a bunch of completely unnecessary code on their device. The entire point of wanting bitcoin only firmware is to minimize the attack surface. Throwing in a bunch of unnecessary code (for games, no less!) completely defeats that purpose, not to mention shows a very amateurish approach to security, and is one I simply cannot get behind, which is a shame because I do like the look of the Passport device otherwise.

Yeah. I own both Ledger and Trezor devices, although I haven't used either of them for serious amounts of coins in a long time now. More than happy with my various cold, airgapped, and paper wallets.

Are you referring to the Passport's hidden game menu?
I understand that and brought it up myself in my review, but it's on a whole different level than adding support for one more coin.
The codebase for those games is relatively tiny, and has no access to the secure element / any interaction with the Bitcoin-related stuff whatsoever. I don't see an obvious way to mount a meaningful exploit from a bug in one of those games; the attack surface there doesn't seem very promising.

But of course, it's unnecessary and just the idea of adding 'bloat' of any kind is already wrong in the first place.
Gladly, batch 2 doesn't have games:
https://github.com/Foundation-Devices/passport-firmware/search?q=snake
https://github.com/Foundation-Devices/passport2/search?q=snake

Amateurish approach to security in general or just related to that hidden game menu?
Because general security-wise, everything seems very thought through and openly explained.
https://github.com/Foundation-Devices/passport-firmware/blob/main/SECURITY/SECURITY.md

I especially love that the open-source hardware can actually be verified for integrity through different means; if it wasn't, the benefit of open-source hardware would be somewhat limited for most users, especially when talking about security, supply chains and various types of hardware attack vectors.

Maybe not, but with pretty much every vulnerability to affect a hardware wallet, the developers and users didn't know it was possible, otherwise the vulnerability wouldn't exist. The fact remains that including any extraneous code, even if we all think it is safe, still poses a security risk. And even if it was 100% safe, I still disagree on principle. If they are willing to include this completely pointless code for no good reason, then what other meaningless "features" will they include in the future? This is the amateurish approach I was referring to. If you are creating and manufacturing a device which will be responsible for securing and protecting large amounts of money, then I expect you to take that seriously. Programming snake on to that device is not taking it seriously.

We criticize other hardware wallets for adding unnecessary features, like support for shitcoins, or a flashlight, or a fingerprint scanner. I don't see this as being any different.

Glad to hear it. Maybe I'll take another look at their devices.

Right; got you. I guess then it's especially good to see that instead of adding more such 'bloat' in batch 2, they reduced it by removing that gimmicky game menu altogether, instead. Seems like they took the right direction.

Of course! Even though just adding Snake is far from it, I had thought about a full-on 'alibi mode' that makes it look and function like an actual mobile phone (e.g. for border controls and whatnot). That could have actually been a useful feature for some users, however I do prefer simplifying the device to its essentials, instead.

Now that's an interesting idea. It would be difficult to pull off in such a way to either A) not be almost immediately obvious on closer inspection or B) not compromise the integrity of the hardware wallet. For example, a "phone" without any network or data connection whatsoever is highly suspect, but as soon as you add in any kind of network receiver then you put the hardware wallet at risk. A Passport device would certainly be the device to try this on, since it already looks very similar to old Nokia phones, but at the same time there is no phone in existence which runs on 2x AAA batteries.

If I was crossing a border with a lot of bitcoin and was highly suspicious that I would be stopped and searched, then I think some method which includes plausible deniability is better. If such a device was inspected and discovered to be a hidden hardware wallet, then there is no way you can deny that. If you have a seed phrase encoded/hidden in pages of academic notes (for example), then you can easily just pass them off as notes.

It is not necessary to disguise hardware wallet as a phone. Although the idea of ​​making the HW look and function like a full-fledged phone seems like a good idea to me. It would be better than just HW. Not necessarily for crossing the border, but for everyday storage and use in the immediate vicinity. Let's say for everyday tasks. The more ordinary the HW device looks, the calmer the soul. :) In fact, there is a wide field for creativity and can mask HW under any device. For example, an audio player that is fully functional. In this case, the risk of being identified due to the lack of a network and data transmission is eliminated.

Regarding 'putting the hardware wallet at risk', I guess something like multiplexing the (already as simple / dumb as possible) I/O and interfacing it by two completely separate PCBs, would probably be needed.
One PCB (half) with all the existing hardware wallet circuitry and another one with typical feature phone hardware.

Triple-A's have already been replaced by Nokia (yes, Nokia actually used or still uses them) Li-Ion rechargeable batteries.

https://i.postimg.cc/sxmscr9L/image.png

That's a good point. There are lots of good methods, like bringing an encrypted a file, highlighting (seed) words in a book, etc.
You can also append an encrypted wallet file to the end of a JPEG, so if they go open it, it opens normally. Possibilities are endless and have all sorts of up- and downsides.

I can see how in a less critical scenario, where they just quickly glance over the stuff you carry, even the current-gen Passports pass as phones without questions.

"If you want privacy, don't use my fucking app". - Straight from the source: https://open.spotify.com/episode/2kaFrG64SP7EzcCA0EEJEB - at 08:28.

If you don't have Spotify: https://nitter.net/GadSaad/status/1567149412043919360

Your picture there made me go and check out the Foundation site again to learn about version 2 of the Passport. I've got to say, it looks great. The physical design looks much better than the original, the color screen looks great, and they've fixed the battery issue. Couple all that with them getting rid of the bloat in the software, and if I was in the market for a hardware wallet then I'd probably be picking a Passport. I've got a couple of other questions, but I'll take them over to the thread you linked to stop derailing this one any further.

A quick glance over most hardware wallets to someone unfamiliar with hardware wallets and they would pass as a USB drive, a key fob, or maybe some kind of smart watch or other device. It's the targeted searches you need to be worried about.

That's from Jack Mallers, though. And I thought he's not involved with Square / Block, but instead Strike. I don't get how it relates to this thread. 0:)

I confused the Jacks. My bad.  :-X

Shit happens! 0:)

Still uncomfortable to hear something like this from a somewhat popular figure.
I'm not sure about the whole context, but somehow CoinDebit (https://bitcointalk.org/index.php?topic=5399200.0) was able to offer a no-KYC debit card.
And Mallers did speak out in favor of privacy as one of the reasons why he's so involved with Lightning. Now he turns around and shits on it? Again: context may be necessary.

The context is:
The government not giving you privacy = bad
The other company not giving you privacy = bad
My company not giving you privacy so we can sell your data = good

See it's simple.  ;D ;D ;D

Makes you wonder how far you would have to keep businesses separate to have the hardware part of the wallet with one, the software part of the wallet with another and any other apps / features with another so you could sell the HW portion as 100% not involved with the others so people who REALLY wanted as much privacy as they can get could then deal with the other aspects only if they wanted to.

I mean, I know you can do it. But at what point can you really legally say hardware business "A" has nothing to do with software business "B".

-Dave

I don't think this is hard to create, it doesn't have to be fully functional with signal strength and everything else, but this can be something like screensaver mode switch or lock screen.
New Passport batch already have exact same battery like old Nokia phones, so it would be very hard for anyone to say this is not a phone, until he tries to call someone.
One feature I would like to see in Passport is ability to reboot it to default clean state if it was not unlocked in specific amount of time.

Back to Block/Square hardware wallet, I bet they will have battery that can't be replaced easily, same like it is with most modern smartphones (except Fairphone or Pine phone maybe).

I am curious why only Trezor One is on this list and not also Trezor Model T. Am I missing something? Is it just an oversight on your end or is there something you don't like with the Model T? It's quite expensive if you ask me, but then again, so is Foundation Passport.

Too bad it doesn't have a wider distribution network in Europe. Last time I checked, you could only get it from resellers in the UK, Netherlands, and Belgium when we are talking about the EU zone.

Sorry, it's an oversight! I just forget its existence from time to time, as I believe the One to be much better value. If you've got the budget for a Model T, you should probably look at Passport, instead.. :-X

True; though I find ordering within the EU to be a fairly effortless task in 99% of cases. In theory, even one good distributor would suffice.

To Mallers' credit, he's talking about Strike's future as a product that largely resembles a brick and mortar bank, i.e. competing with Chase and BofA in their arena, while also allowing LN transactions to seamlessly work like typical debit cards work today.  Such a product could be a tremendous help to the bitcoin ecosystem, on-board more bitcoin users, and possibly even force the legacy financial institutions to adopt similar features.  In today's world, that kind of financial convenience means absolutely no privacy, and I'm afraid the majority won't care.  Hopefully the "self-sovereign" mentality will come later.  Baby steps...

To further separate the two Jacks; at least Mallers isn't trying to shill the idea of "shared self-custody!"   ::)

---

I'm anxiously awaiting your review of the second batch of the FPW.  It does indeed check a lot of my "essentials" boxes, and quite a few "nice to have."  I bought a Trezor T when they were around $150 USD, which is a great deal in my opinion, but I agree that the current price is not a great value at all.  I suspect that Trezor is low on inventory on the Model T, and rather than make more, they're priming their followers for the release of a new unit with a secure element.  I wouldn't be surprised to see it before Black Friday 2023, and priced similarly to the current price of the Model T.

---

Does Foundation not serve customer's outside of the USA directly?  That seems odd.  I don't see any reason whey they wouldn't be able to ship their product directly over-seas.  Being that it's open source hardware and software, there're no ITAR restrictions that I see as obstacles, and if I'm not mistaken, no other restrictions to shipping items over-seas exists in the US.

Yeah; I don't see how integrating my Bitcoin and Lightning wallets, as well as my BTC trades with my fiat bank account can be achieved in a privacy-sensible manner.
Except perhaps, if we can somehow get L1 privacy into Bitcoin...

They do, but then you need to provide your home address, pay import taxes and if you're unlucky, the customs office might even open your parcel.

You can order their hardware wallets from any place in the world. Probably not to countries that are on US sanction lists like North Korea, for example. I played around with their online shop yesterday just to see what kind of shipping costs would be applied if you had the device shipped to the EU and South America. You can check that out here (https://bitcointalk.org/index.php?topic=5413034.msg60923939#msg60923939).

Jack Dorsey sold Twitter to Elon Musk, but he is certainly not joking with Block hardware wallet, and they are already making bunch of their first prototypes in factory.
Device images are posted below and we know it will have type c connection, battery, fingerprint sensor or PIN, and NFC support.
They performed alpha testing with this devices and they send them to people to find all weaknesses and things that should be fixed and corrected.
Next they plan to release full electrical schematics and detailed design information, and they want to keep Block wallet with open source hardware.

https://i.imgur.com/amDStQb.jpg   https://i.imgur.com/O9PmyfM.png
https://wallet.build/how-we-design-our-hardware/

I didn't see the display on the Block hardware wallet from Square. Will this device work in conjunction with a smartphone and PC?

And why did they choose the shape of a hexagon and not a square?  ;D

A paranoid thought arose about the fingerprint sensor. Square will collect user data (fingerprints) and link identity and transactions\addresses? What do you think about this?

As for the built-in batteries, here are my thoughts. I think the trend in this direction will continue, moreover, develop and most of the device manufacturers will use this. Because users need autonomy and the ability to transfer / receive crypto anywhere, which will have a positive effect on mass adoption.

There is no screen. As I said in my post here (https://bitcointalk.org/index.php?topic=5341906.msg59523301#msg59523301), due to the fact this device doesn't have a screen then it cannot be used to verify any address prior to receiving nor any transaction prior to signing, therefore making it is little more than a glorified 2FA key.

As to how the device works, it is all operated through a mobile app (no details on this yet). It is set up in a 2-of-3 multi-sig with one key on the app, one on this device, and one on Block's servers.

The fingerprint scanner, although obviously a bad inclusion since biometrics are not safe, is irrelevant from a privacy perspective. To use this device you must first set up an account with Block and link that account to your mobile app and hardware device. All your balances, transactions, etc., will be routed through your account on Block's servers. Your privacy is exactly zero, with or without the fingerprint scanner.

After not being the Twitter CEO again, It was Jack Dorsey far less decentralized exchange (tbDEX) (https://bitcointalk.org/index.php?topic=5372301.0), now to no privacy hardware wallet. I have began to more notice that anything about Jack Dorsey related to planing of invention is just about how to link decentralized system with centralized system, linking privacy to no privacy, which only means a means to make what are privacy and decentralized in the past now to become not private and not decentralized. Already we are knowing also that this hardware wallet is faulty in design.

Minor nitpick but the shareholders voted overwhelmingly to do it, Jack probably wanted it to go through so he could get more users for his new 'not twitter but still twitter':
https://www.coindesk.com/web3/2022/10/20/jack-dorsey-backed-decentralized-social-network-bluesky-gets-30000-signups-in-48-hours/

Back to this 2FA device. I think the biggest issue really is that. If it had been marketed as a 2FA thing with some other features we would have all been a lot more accepting of it then it being marketing as a hardware wallet. But, with the lack of privacy, multisig with their servers, and some other things it's not what most people consider a hardware wallet.

<shrug>

At this point, I don't think it matters, as I said above I use cashapp and fully recognize how privacy intrusive it is. There are so many people out there who don't know or don't care and don't want to know or care. This is the product for them. 1 Simple button and things are 'secure'.

-Dave

We discussed it already, but removing the screen from a hardware wallet is a pretty bad idea.

It probably has something to do with Twitter 'NFT profile pictures'. Are they still a thing? Block probably expected more traction when they first started this project.

They really shouldn't. If the device is open source, you can check that for yourself in the firmware. It should use some type of one-way function computed on a scan of the fingerprint and use that to authenticate you to the device. Fingerprint data should never leave the device and in the best case, an actual full scan (visual representation; think: image) of the fingerprint should not even exist inside of the device at any point in time.
Some manufacturers have been doing fingerprint readers like this for at least 10 years now.

Is there a discussion against built-in batteries? I do know that you can hide hardware implants in there, since battery packs can house little microchips, but it's definitely possible to reduce such risk to a bare minimum.
I like the approach by Foundation Devices, where they chose a commonly used battery that you may even still have at home. That way, you don't need to trust them to give you a non-malicious one. As well as being able to quickly swap it, wherever you are. You may even be able to buy a cheap used phone on the street to take its battery out and put it in your empty Passport.. :D

If they want a simple, non-private way to get someone else to secure their funds, there's a much simpler and cheaper way, though. Exchanges or online wallets. Log into your account and access your coins. Lose your device? Just log back in. Lose your password? Reset through email or customer support. Private? Nope. Your coins? Nope. But basically equal characteristics as the Block device, without upfront cost, without need to recharge and keep the device handy at all times and less steps to perform when using it.

I was half way through typing a reply which was going to argue that this device did have one benefit over a centralized exchange, in that if the centralized exchange goes offline you cannot access your coins, whereas if Block goes offline then you can still access your coins via the two keys which are stored on the app and the hardware device. However, if then occurred to me that this probably isn't the case at all. If Block goes offline, then their app will no longer communicate with their servers and so therefore be useless. And since it seems this wallet does not provide seed phrases or access to your private keys, there will be no way for you to import your wallet elsewhere.

So actually, you seem completely right. This is just a third party custodian with extra (expensive) steps.

I'm not saying that it's good that there is no display on Hexagon Square-wallet. I just wanted to understand how approximately it would work. Well, in principle, it became clear to me.

And what does the crypto-community expect from this project in terms of success? Because judging by the reviews, the attitude towards this pseudo-wallet can hardly be called positive.

Ok, I understand you. They shouldn't, but it's better to check it in the code yourself. If you don't know how, wait for results from someone who is capable of it.

It will be difficult to put AAA batteries in this device, but it is quite possible to hide hardware implants. But I don't think that the Block is ready to take risks in this way, especially since they will know everything about their users anyway, because they will provide information about themselves.

With the Square device, Block will sell a sense of security and support, a little more than others. For this, people will gladly buy their devices.

I think it's going to become a success. They are going to market the hell out of it, and good marketing eventually pays off.

"Crypto community" is a very broad definition. Someone who uses cold-storage solutions, multisigs, offline signing, and mixes coins is part of the crypto movement. But then again, so is someone who keeps all his coins on a centralized exchange, uses custodial wallets, and has his private information stored digitally on the cloud or his email account. These two groups don't have much in common except they use bitcoin/crypto in one way or the other.

Block won't be targeting the first type. The device (it's not a hardware wallet) isn't going to get any attention amongst them.
But the second group of crypto users is bigger. And that's their target audience. The ordinary people who just want to speculate and make some quick bucks without spending much time on learning how to be in control of your financials because they are not in it for the technology or being in control.

Imagine if this hardware device got ad space during the Super Bowl, for example. It would sell in the millions despite what true Bitcoiners and crypto enthusiasts think of it. 

Yes, there is no screen and they are going to release Block app for Android and iOS devices, and I think they don't plan to release any desktop app.
I don't know why exactly they choose hexagon shape, maybe because this would be unique shape for hardware wallet device.

Yeah, well they claim this should be open source device, so maybe we could see people forking this and making it work without any server for multisig.
Let's wait and see how everything will work out in real life, but I am sure they have big plans to take over the market of hardware wallets, do legder, trezor and others should watch out for them.
I think they will have premium price, and they will offer some kind of deals for first released devices, but I am personally waiting to see what Trezor will release next with new secure element.

Market is flooded with those old Nokia batteries and they still work perfectly and hold charge for days or weeks.
I am curious to know when is your review of Passport coming out, and how much this battery holds in your device.

Mayne someone (Elon Musk) could ''hack'' it and remove custodian...  for his Doge shitcoin wallet  :D

Even if it comes with decagon or any other shape, there is no problem if it is functionally recommendable, but not. Not even a hardware wallet, no screen, having mobile app which makes it an online wallet, but more funds protected by the authentication hardware device (I mean what is referred to as hardware wallet).

I hope people will not compare this authentication device with hardware wallets like those mentioned. If it is the way people commented about the wallet, it means the real wallet is the mobile app. Let us wait and see how it would workout in real life, but this kind of wallet will only exist to make people to have false information about what hardware are, but I hope people should be able to pass it across that the hardware is not a wallet.

I agree with Pmalek above. The device isn't even at an alpha testing phase yet, and already Block employees are attending crypto conferences, seminars, and live streams, shilling hard for it and explaining how it is a hundred times better than all existing wallets. Block obviously have an advertising budget well above that of other hardware wallet manufacturers, as well as already having a lot of links and contacts within the crypto ecosystem which allows them to push their narrative. As such, I also expect this device to sell widely, despite being little more than a glorified 2FA code.

They will, because that's how Block are marketing it, and Block's marketing will reach far wider than the community pointing out that this device is not particularly great.

Again though; it probably provides near zero benefits over just keeping funds on a centralized exchange, with the added trouble of easily losing it and then having to go through some restore process with Block.
My prediction is that they will sell a lot of these, but people will start either losing them and not buying a second one (just restoring funds to software wallet or exchange wallet) or will just not use them. It's definitely more convenient to leave funds on the exchange if you buy and sell a lot (main usage of Bitcoin for this 'second group').

Do keep in mind, someone even tries selling paper wallets as 'alternatives to hardware wallets'. At least their advertising prompted MrSlattery to post their question in the 'Hardware Wallets' section here.

Mobile app in this case is used in similar way like you would use apps for any other hardware wallets, including ledger, trezor, passport, etc.
You need to have software wallet that communicates with hardware wallet device, so there is nothing really strange about this.

I am sure they have the biggest budget from all other hardware wallets combined, and that is without any additional investments or funding.
In future we could see many other hardware wallets joining forces if they want to survive and compete with Block.
One positive thing from Block showing up is that it will force Trezor and other hardware wallets to speed up their innovations ;)

The difference between Block and proper hardware wallets like the ones you mentioned is that their native apps don't hold your seed or private keys. Those never leave the hardware. Based on what we know about Block, it's software app will store one of the multisig keys. Due to the lack of a screen, you won't be able to verify transaction details like with other hardware wallets. You have to rely exclusively on what the app shows. 

This, of course, will be a disadvantage. If any glitch occurs in the application showing transaction information, such as the wrong recipient address, it will be possible to send to the wrong address and lose cryptocurrencies. What to do in this case? Check each time all transactions in https://blockchair.com/? Which will create another extra action. It seemed to be an insignificant detail at first glance, as the lack of a display (is it possible that the Block will save a lot on this) creates an unnecessary headache for users.

I guess any transaction to be broadcasted can be checked and rechecked on the mobile app which is actually the wallet that contains one or more master private key. Or probably there can still be confusion unless the hardware authentication app is manufactured for people to check if it can truly be called hardware wallet or not. Still, on all wallets, while using online wallet with it, best to still check for clipboard malware by double checking the address before sending or passing it to cold storage wallet for signing.

No, if the wrong address is only shown in the app, but the correct transaction is signed by the device, the funds will still reach the intended receiver.
You could end up with a hacked app though, that displays the correct address on your phone screen, but asks the hardware device to sign a transaction which sends all of your funds to an attacker's address. There will be no way of you to check that, if we assume compromised software.

In other words: eliminating the chance of a software attack is the main goal of hardware wallets; so assuming the software to be safe completely removes the need for such a device. We need to work in the 'compromised software' model for hardware wallets to even make sense. Therefore we can't rely on the software to display the right address and only ask for signatures of unmodified transactions.

That won't help you, as the block explorer doesn't display your transaction before it's submitted to the mempool and once you submit it, there's no way of 'taking it back', either.

Yeah, I said it before: a screen is absoutely fundamental. You need a physical 'communication channel' (light entering your eye) to verify what the wallet is actually signing.

Exactly. Since there is no screen on the device, you don't know if the displayed address on the app belongs to your wallet or not. That's if you are generating an address and you are supposed to receive BTC.

Like n0nce mentioned, the software could in theory show one thing, but the hardware signs something else. You would only notice a difference if you quickly checked if the transaction data is correct on a blockchain explorer after the broadcast. Depending on if, when, and how full RBF gets implemented with the next Bitcoin Core release, it might be easy to doublespend the transaction back to yourself. But that depends on too many factors out of your control: how many nodes opt-in for Full RBF, how many pools do it, and will the Block app have an option to cancel/doublespend a transaction back to yourself. o_e_l_e_o is a better person to talk to about such scenarios. 

I don't think such a scenario is even worth entertaining, because it would be fundamentally ridiculous scenario to be in where you are having to restore your hardware wallet to a different device to double spend your own transaction to try to recover your coins. The fact that such a ridiculous scenario is even a possibility (since there is no screen on the hardware device so therefore no way to verify what you are actually signing before you sign it) should be enough to tell you that you don't want to to use this device.

I fail to see what advantages this screenless hardware devices has over a simple 2FA hardware key such as the YubiKey. With both you cannot send a transaction without it, and both are unable to provide the ability to independently verify your transaction prior to signing. The YubiKey will likely end up being significantly cheaper, though, as will all your transactions since they won't be 2-of-3 multi-sig. And of course with your own 2FA set up, you can back up your wallet properly using a seed phrase and not some crazy scheme based on a third party account and social contacts.

New update was released on Block website wallet.build with weird title sayin Why We Want To Fail Right Now.
They started sending Block devices to employees for internal beta testing, finding bugs and sending feedback, but they claim developing is not yet finished and there is room for improvement.
Over next few weeks Block plans to give employees over 200 hardware wallets and allow early access to the mobile app, this will include 19 countries with Andoid and iOS devices.
In next months testing results should be released in public and testing will expand to external larger group.
https://wallet.build/why-we-want-to-fail-right-now/

This sentence from the second paragraph really does sum this whole thing up very well:

That is an awful lot of things that could go wrong, a large attack surface, and lots of capacity for bugs and vulnerabilities. Compare to a standard hardware wallet which you can use with any open source software such as Electrum, and does not have any of this extraneous bloatware that Block are tacking on.

Also, why the hell would anyone want a recovery service that runs on their servers? I want a seed phrase which is under my control and my control only. Not some third party nonsense.

Exactly the kind of people you want designing and building a new hardware wallet, then. ::) ::)

The odd headline seems to imply that the firm is willing to screw up during the testing phase in order to prevent future troubles when users buy the product. In general, this is logical and this is a simple marketing slogan, as if hinting that in the future they will be all right. But will it be?


What you don't need doesn't mean others don't.
I fully agree with your position, but Block users will have a lot of newbies who want to be able to recover lost seed phrases. Even on this forum, from time to time there are topics on the issue of the possibility of recovering seed-phrases and keys. Square started this whole story for a reason, and they have long analyzed the needs of potential customers. The key of which is access to lost seed phrases. They just give people what they want. You can say that this is bad, but this will not stop their customers from using this device.

I don't disagree with you, that there are lots of people who will think that this is a good thing and who will absolutely buy this device.

But it is a triumph of marketing on behalf of companies such as Block and centralized exchanges that they have convinced people that they are too stupid/careless to be able to safely write down 12 words and keep them safe, and that they need to trust third parties with their coins, keys, seed phrases, or recovery processed instead. The whole point of bitcoin is that you don't need to rely on third parties.

Because of the incredible difficulty of generating a seed yourself, taking a pen and a piece of paper, and writing down a set of words. Are you out of your mind, who does that?
Square is creating a solution to get you away from traditional ways of moving money by using none of the foundations that were established with the introduction of bitcoin.   

The problem is mental conditioning. From a few pages up in this thread:


There are people out there in their 20s who have never even stepped foot inside a bank. They have a checking account and savings account and so on and never interacted with another human about it. All online and all usernames and passwords recoverable. Same with brokerage accounts that could have hundreds of thousands of dollars. Never met a human who worked there. How do you convince them that they have to do that?

They are creating what people like not what is good for the people.

-Dave

And for that, we should heavily criticize them.. ;) As well as pointing this out and making it very clear to any potential customers. Education is key.

On the back of Ledger's recent debacle, seems like a good time to bump this thread given this wallet is also based on relying on third parties to store your back ups.

Three new blog posts were published last week: https://bitkey.build/

The first post says nothing of any real note, apart from reminding people just how difficult it is to store a seed phrase. ::)

The second one is filled with increasing amounts of nonsense:

In what world is writing down 12 worlds on a piece of paper either lengthy or complex? I can't wait to see how quick and easy their set up process is, given that you need to download an app, register an account, verify your identity, set up and link the hardware device, link it all to an online server, and then set up social recovery with a number of "trusted" contacts. You can do all that in less than the 30 seconds it takes me to write down and double check a seed phrase? ::)

So they want to protect against social engineering and phishing by implementing social recovery which is possibly the highest risk method when it comes to protecting against social engineering and phishing. Ok. ::)

They often disingenuously compare the worst practices with seed phrases against best practices with their device. People can be social engineered for the seed phrase, but apparently not for their social recovery system? They talk about how people back up seed phrases to the cloud, and that makes them insecure. And what is stopping someone backing up their Bitkey account details to the cloud as well? Or how people leave their seed phrase lying around where it could be found, but apparently no one ever does this with their phone or hardware device?

The third post is particularly interesting. After two previous posts talking about how seed phrases are super complicated and risky and their solution is going to be super simple, they have come up with the most over-complicated design possible to justify not having a screen on their wallet. Basically, every time you want to send or receive coins, your hardware wallet has to sign the sending or receiving address and then transmit that signed message to Block's servers, where they will verify the address has not been tampered with, and then send that address back to the relevant party to be used. The obvious flaws are that Block can spy on literally everything you do and that you have absolutely zero security from a bad actor in Block sending a malicious address. The less obvious flaws are that you now can't make transactions or even generate a new receiving address if Block's servers are down, and it opens a new attack vector for man-in-the-middle attacks if you rely on Block's servers telling you what addresses to use.

But don't forget guys, it's far simpler than just writing down 12 words!

You know what? Let's do a new topic with a challenge: who can write down and verify a 12-word seed phrase the fastest. This way we will have some hard numbers to compare against whenever someone claims they have a faster and more convenient seed phrase backup solution. ;)
Inspired by LoyceV's private key writing test (https://bitcointalk.org/index.php?topic=5363240.0)..

That's sooo bad! Never would I have envisioned such a bad solution for a screen-less hardware wallet ^(?). If you have to resort to this, why not just spend the extra few cents in materials and add a small screen? That's so beyond me.
Companies put little screens on all sorts of things that don't even need one (like toys, back side of phones -- this goes way back to flip phones with outer screen -- and more). And here, in the very application that really needs one, for whatever reason they are pitching, users don't get one. ;D
This decision was either really, really dumb or actually purposefully evil.

They explain in that third post that since a screen doesn't provide protection against the address or transaction being altered somewhere else than on the user's device or the hardware wallet, then screens are pointless. For example, if you send me an address to pay you some bitcoin, a screen on my hardware wallet does nothing to prevent clipboard malware on your computer from altering that address before I receive it. Which of course is true, but also completely misses the point. It's like saying "Well, a seat belt won't save my life if my engine bursts in to flames and explodes, so why bother wearing one at all?"

Just because something doesn't protect against all attack vectors doesn't mean it is pointless. Which they then discover by having to engineer a ridiculous system which requires the input of a centralized server in order for a user to simply verify an address.

But their system doesn't prevent that, either, right? So by their own logic, any address checking system is pointless (no matter if it's display-based or sketchy-centralized-server-based)?

Nope, unless you are using their convoluted system to sign a message on a Bitkey hardware wallet to transfer to their server for verification and then have their server send the address directly to me. Although all that actually does is shift the attack surface from your phone/computer to Bitkey's server, which I imagine would become a very attractive target for attackers since they could potentially intercept and alter thousands of addresses at once.

And of course let's not forget that all of this (signing messages to prove they haven't been altered) can already be achieved trivially easily without the involvement of any third parties.

o_e_l_e_o  trigger warning below (didn't I tell you in another post to go outside and enjoy the weekend)....

This seems to have been put out there with very little discussion anyplace:

https://www.coinbase.com/blog/announcing-a-global-partnership-with-blocks-bitkey-wallet

So you will be able to link your fully KYCd Coinbase coins with your fully linked self custody wallet that links back to Block to have them keep a way of recovering your keys.

It's just like banking with Chase. But with crypto.

-Dave

I wonder what could go wrong??  Probably nothing   ::)
Now I can only imagine hypothetical scenario with Coinbase getting attacked by US and other governments around the world, and they would have to give all customer information to authorities.
That means, there it zero privacy and custody of coins is questionable, because they can probably be seized much easier with all that personal data being in government hands.
Tough luck for all the people in places where Coinbase is not working, I guess no Block for them...  and nothing to lose.

Lol. Consider me triggered. At least everyone knows that Coinbase are a centralized third party, unlike Block lying about being "self custody" or Wasabi lying about being a "privacy" wallet.

Yo dawg, I heard you like third parties...

I'll just leave this here:

---

Coinbase have already handed over plenty of customer information to various governments and authorities, which will definitely include all customer's withdrawal addresses. The difference now is as you point out - they can very easily get Block to hand over your cloud back ups and seize your coins directly out of your hardware wallet, just like they can do to Ledger Recover.

Shhhh, you were supposed to keep those parties secret.

Oh, 3rd parties. ;)

---

Anyway, what I find interesting too is that the 1st post in this thread is over 2 years ago, and they are just starting the open beta.
And to get in it asks a bunch of questions about what wallets you use and what you do with BTC / crypto.
What have they been doing for 2 years other then designing something that looks like a rock. Yeah, it's cool looking I'll give them that. But 2 YEARS?

-Dave

I'm reading Bitkey's blog post about this here (https://bitkey.build/coinbase-and-cash-app/), and I can't get over just how terrible this is for your privacy.

You link your Bitkey account to Coinbase and interact with Coinbase via Bitkey. Obviously you need to KYC at Coinbase so they already have all your personal details, and now you are handing them all your wallet addresses on a silver platter. This is the same Coinbase which actively run their own blockchain analysis subsidiary. The same Coinbase which freely hand customer data over the US and other governments. The same Coinbase which admitted selling user data to third parties for their own profits.

When did we reach the point where a product completely and utterly trashing your privacy was irrelevant to the majority of users? And when did we reach the point where people are actually willing to pay to have their privacy trashed, such as with this or with Wasabi?

About 2 minutes after somebody noticed that you can make money trading BTC and selling BTC hardware and so on.
We (here) discussing privacy are in the minority, we are the people who spend hours thinking about and talking about BTC.

Most other people really don't give a shit. They want to make money or they don't care about privacy and want to do other things with crypto.

While leaving the wallet that shall not be mentioned out of it. People are worried about a lot of things, and those that care about privacy / anonymity will try to preserve theirs. Those that don't will not.
Same way those people who trade in an attempt to make a profit would not even think about doing anything like running their coins through a mixer / anonymization service since there are fees involved with that (however small) and that cuts into profits..... Same way you will NEVER see a real professional gambler drink while gambling. It makes you less sharp, where as those of us that go to casinos for fun....keep bringing me the free drinks till I can't drink no more....

-Dave

There is definite push for hardware wallets to start doing stuff like this and work with centralized exchanges.
It's not only Block and ledger wallet, in China they are doing the same thing with Safepal wallet and I am sure there will be more manufacturers joining ''the club''.
I just hope they all got a bit scared after people reacting furiously after ledger debacle.

Until it affects them on a personal level, than everyone is concerned.

For people who want to know what direction Block wallet is going you should check all their investors:
https://investors.block.xyz/overview/default.aspx

Almost every major hardware wallet is already doing such things, implementing KYC requiring exchanges, swaps, credit cards, or whatever, in to their wallet software. This general trend is part of the reason I moved away from hardware wallets altogether, and more recent events from the likes of Trezor and Ledger have only solidified my decision over time.

I say almost, because there is one notable exception which seems to genuine care about privacy and security - Passport. Here is one of the Passport devs discussing implementing new features in Bisq: https://github.com/bisq-network/bisq/discussions/6726.

And by then it is too late. I still can't get over how many people were absolutely astounded that the likes of Celsius and Voyager were gambling their money with no safety nets or collateral, despite their Terms of Service saying that this is exactly what they would do and it being pointed out multiple times on every online community. People simply didn't care until it was too late, and now they've lost everything. Just like people will use Ledger Recover or Bitkey's cloud and social recovery, and won't care until they lose everything.

They just opened Bitkey beta, so don't apply ::)
Something is telling me people are going to pay for this ''free'' device with their personal information and addresses, and you will receive it ONLY if you get selected....
Again, we now have notorious Recovery feature confirmed in Bitkey wallet.



Source:
https://bitkey.build/beta/

Archived:
https://web.archive.org/web/20230622202653/https://bitkey.build/beta/

Hi. I added Bitkey to my website where I compare more than 30 different hardware wallets: https://thebitcoinhole.com/.
There are still lots of questions about the wallet, so the info is not complete. I plan to add the missing info as soon as more official info is released.

You have to realize that the majority of people entering the crypto space care very little about what you just said. You know that character from the Simpsons that points the finger and yells, ha-ha? You are the one they are pointing the finger at. Not your personally, but privacy-advocates. A simple way to make money and ultimately see more of those $ signs will always beat taking the longer route that requires more time and effort. 

Nelson Muntz  (and no I didn't have to google that)

But, according to them and they really have no reason to lie since they are a public company and can have their records audited.
Coinbase has 56 million registered users, Gemini has 13 million (and I'm sure there is a ton of overlap but still) that puts us in the very small minority.

The main issue are people like me. I did not know better and gave up my privacy years ago, and without a hell of a lot of work there is no way I am getting it back.
So, I preach one things to others while doing something different myself.

Would I change if I could, yes. But as I posted a while ago, I'm over 50, there are a ton of things that can be traced back to me so at this point I put it under lost cause and move on.

And since it will come up....
Yes, I will get one of these to play with, because I am a tech & crypto nerd. No I will not use it as a primary or secondary or even 5th HW wallet.

-Dave

Hi all, I just published a pretty in-depth blog post about Bitkey. Would love any feedback.

http://zherbert.com/bitkey/

I think your article is spot on. I've raised pretty much all of the exact same points you have at various times over the last few years in this thread:

---

I think there are other fairly concerning aspects to this device you didn't touch on, such as their social recovery, which is just as easily fooled or attacked as Ledger's KYC based recovery service. The part of your article that I hadn't considered is the privacy implications for anyone else. As you point out, if I want to send money to a Bitkey user then I have to visit the Bitkey website in order to obtain their address, giving Bitkey the capability to link my transaction to my device identifiers, browser fingerprint, and IP address. That's utterly horrendous.

Guess I won't be transacting with anyone who uses this wallet, just as I don't transact with any merchant who uses BitPay.

Great article on Bitkey aka Square aka Block wallet!

For me this is not a real hardware wallet and adding open source label won't change anything in my opinion.
I can't add more detailed review until I test actual device or read feedback from other security experts, but initially I don't like anything about Bitkey, except maybe it's octagonal shape.
Surveillance Nightmare is the right word from your article, and what else can we expect form billionaire who claims he supports bitcoin... remember what Elon Musk did with his Tesla stunt.
I don't trust Jack Dorsey and his products in same way like I don't trust anything coming from Elon Musk.

Good read, nice summary of many of the issues we had brought up here over the months in a way, with some added extra points.

I just archived it here, since I started archiving everything I deem important to keep online for a long time: https://archive.is/zj0GI

Well I got a we did not choose you for our beta email.
Guess I will just have to wait to get the thing that I will put in the closet and never use that I will then sell years from now never having taken it out of the box.

I'm not an addict to these things I can quit at any time.....  https://bitcointalk.org/index.php?topic=5455887

-Dave

Jack Dorsey and his company Block have started the first beta units of their new Bitcoin hardware wallet BITKEY.
Teaser image was posted on twitter by one of the beta testers who received this wallet, and we know that fingerprint scanner is optional.
I checked Bitkey website and they still offer only option to Join whitelist.

https://www.talkimg.com/images/2023/10/04/Pb96P.jpeg
https://twitter.com/mcshane_writes/status/1709313340991004920

My main concern is beta units seem to be going out, but source code is nowhere to be found.

My main concern is that even if we get the source code, we will see that the device is an insecure privacy nightmare, due to the software and hardware architecture they chose: no screen, server-side verification of addresses, and more. There is no way that (open-source or not) code will solve these glaring issues.

I am sure they are cooking something behind the scenes  :D
Not that I like anything about Bitkey, except maybe unusual hexagonal shape.

Perfect scenario for disaster, but some people probably decided to blindly trust Jack and his team.  :P

in principle, every new competitor on the market should be viewed positively. be it in terms of hardware wallets or e.g. mining.
we need more alternatives and more decentralization!
and how the source code may look like, that we can not know at first and only think of different scenarios

So I agree that being closed source is not optimal.
I also agree that anything internet for a hardware wallet is bad. This server side address verification that was mentioned above feels bad.
Finally I agree that producing a hardware wallet alongside a companion app doesn't necessarily mean it's better than other ones that don't have a companion app with the same brand.

However, feel free to laugh at me, but I am in love with the design. Having no monitor though... Feels awkward.

Really?!
How much new hardware wallets do we really need, because we already have around 100 different models I think  :P
Bitkey wallet has nothing to do with decentralization, on contrary, and I can't look positive on every new crap that comes out in market, that is not normal behavior.

Hey man. I understand your point, but why is it bad to introduce new options to the market? Apparently, if the arguments you posted are true, we will just not use it. I mean isn't it that simple? Perhaps you worry because new bitcoin holders may get caught in traps and don't learn the best practices. And this is acceptable, but a free market allows anyone to create a new idea, the future of which may be good or bad

However, there is the small chance that either

1) They will not have the sales numbers they want and go back and for rev #2 make it with a screen and make it more private and.... Yeah, probably not going to happen.

And / or

2) Someone who knows how to make a good hardware wallet will take a look at this and go, yeah it's silly, but lets make one that does not look like a wallet but rather an oddball piece of art or whatever. Because if a quality known opensource wallet maker made something that looked like that I would think it would sell.

-Dave

Regarding Square's hardware device, which is not a hardware wallet, the one positive thing is that another brand could take a look at it and decide it's useless. But they could draw inspiration from it and actually create something meaningful and safe. But since this device is meant to target newbies and first-time crypto users, I think it will succeed regardless of its drawbacks. Good marketing results in wonders.

I can attest that we are drawing inspiration and discussing how to build a similar product at a similar cost without the multitude of drawbacks I noted in my blog post.

Bitkey wallet has now officially opened for pre-order with the price of $150 plus shipping and taxes.
That includes hardware device, mobile app, and bitcoin recovery tools if you lose phone, hardware, or both of them.
Note that shipping starts from late February to early March 2024, so don't expect fast delivery.

I think they also created new website with new video commercial:
https://bitkey.world/

Would I spend over $150 for this device?
- No, and Bitcoin is not accepted as payment option  :D

https://www.talkimg.com/images/2023/12/07/NqqY1.jpeg
https://twitter.com/jack/status/1732799578062172295

Even if none of its cons existed, I would've still said it's way too overpriced.

This part surprises me the most... A few months back, they partnered with Coinbase and integrated their services into their app, but for some reason, they're not using Coinbase Commerce on their website ^{[quite weird]}!

$150 for a closed source box with no screen which means you have to sign your transactions blindly and which gives Block the ability to completely surveil all your transactions. Seems like all the concerns we raised multiple times in this thread have been completely ignored and Block have powered ahead with the worst possible combination of features.

Hard pass.

Even worse, Jack's original 2021 announcement said that their work would be open source (as much as possible), as did one of their early blog posts.

I asked one of their leads on Twitter who replied "Yes we still plan to publish our code before we ship" (https://x.com/max_guise/status/1732808300427690113?s=20)

As we know, "publish" code is different from open source. Unfortunately Max did not reply to my followup questions asking about commitment to using FOSS licenses. Hopefully they will follow through on Jack's original commitment.

You forgot about inflation part, so price is not such a big problem for me here.
$150 today is not the same like $150 few years ago, and most hardware wallets are starting around $100 price target and up.

I though Jack Dorsey was a ''bitcoiner''... but than I remember never to trust what anyone say in public, especially if he was involved in big social media business.

I see a bunch of people on twitter ordering this stuff, so I won't be surprised if it gets sold-out quickly  ::)

There is no a single word about code on their website, and that usually means it's not open source.
Don't trust, verify.

Yeah, but most hardware wallets have a screen. :P This isn't even a hardware wallet, just a blind signing device.

Like a lot of projects in this space, silly little things like open source, self custody, not trusting third parties, privacy, etc., are all irrelevant when it comes to making as much profit as possible.

You're right, but it doesn't seem that they even tried to mitigate that problem by choosing alternative suppliers, and by continuing on that route, $300 hardware wallets would become the norm in a year or two.

In the latter part of "this blog post (https://bitkey.build/sharing-our-recovery-design/)", there's a PDF link with some information about an issue surrounding certain parts of the code:

• Quote from: https://bitkey.build/content/files/2023/11/Bitkey-Recovery-Features.pdf
  Bitkey server code that implements the co-signing policy is not yet verifiable
  ○ We will open-source the code prior to general availability - but this code runs in an Amazon Web Services environment managed by Block whose properties customers cannot directly verify.
  While we may be able to provide verifiability through AWS’ Nitro Enclave Attestation, we have not yet evaluated this approach nor implemented it

I wouldn't be surprised if that happens in few years, and not just for hardware wallets but for many other things, but looking in Sats price could actually go down ;)
That doesn't mean that I am endorsing Bitkey device in any way, this is just another way for Jack Dorsey to earn more money.

The problem is that their system design is flawed. It is not possible to fix a flawed design with even the best, most open, most reviewed or tested software codebase.
Think about a car without wheels; no matter how well engineered it is, with an excellent engine and micron-perfect panel gaps, it will never move an inch.

More of a side comment then anything, but CashApp (Square) is now aggressively pushing in the US their tax prep and filing service.
They can even track your crypto buy & sell for gain / loss purposes and so on.

Makes you wonder how many people will feed them more info about their crypto holdings because of this.

-Dave

The long-awaited hardware wallet Bitkey from Block / Square has been released (https://www.theverge.com/2024/3/13/24099583/block-crypto-wallet-bitkey-real-cash-purchase). Admit it, you were all waiting for this (to buy (https://bitkey.world/en-US/products/bitkey)), right? :) As @dkbit98 already wrote:


This device can't be purchased for cryptocurrencies (credit and debit cards only), which looks just as stupid as if a wallet for paper money could only be bought for metal coins. Maybe it’s impossible to store crypto on this hardware wallet? :) Ah, it seems bitcoin can be stored.

I don't know who waited for a long time for Bitkey, but it was not me for sure.
They finally started sending this devices, but I am not really interested in paying €145 plus shipping fees for this.
It's interesting that I couldn't find any information about source code, but it can be found on their github page:
https://github.com/proto-at-block/bitkey

To some extent, yes, but not for that reason :P

If you were referring to the content of their homepage, then perhaps it has something to do with the first bullet point in their "Notes (https://github.com/proto-at-block/bitkey?tab=readme-ov-file#notes)" section:
^{- IIRC, the server code had something to do with one of the keys, so I guess that counts as not being fully open-source!}

• Quote from: https://github.com/proto-at-block/bitkey?tab=readme-ov-file#notes
  This document (including Software and schematics) is current as of 2024-02-22. Our goal is to make sure the code we publish is up to date with what is available in the App Store. We may publish other items on a less real time basis (e.g. server code and schematics) and so what is published may not always map to what is in production or design.

It was a joke about waiting for Bitkey.

Has anyone already analyzed this source code on github? Nobody found anything interesting or alarming?


Of course, not for this reason. Let me guess, you were also wondering what crap this company would release and deprive its naive clients of sole ownership of their crypto assets? Initially, it was clear (presumably) that the square in its structure would use a concept that would directly confront the ideas of decentralization and the principles of cryptocurrencies (financial freedom and independence).

I'd like to think a little (hypothetically) about the nature of centralized hardware wallets. Let's assume that at one moment all crypto assets of the square's clients will be taken away by this company (isn't this the most frightening thing?). What can these clients do? Draw up a class action lawsuit against them (it’s clear which side the court will probably take). So it turns out that due to reputational and financial risks, it is not in the interests of such companies to openly rob their clients. Therefore, as I assume (but don't try to justify them), fears towards such manufacturers are slightly unfounded (but I will not recommend their devices). The greater concern is that the manufacturing company will not be able to build a reliable security system and that client assets will be stolen by malicious hackers. But the same thing can happen to any crypto investor with personal storage, right? A bonus can be considered that in case of losses incurred by a company like square, they will have to compensate (if they can) for the losses of clients. Unprepared crypto investors, who I assume are the majority, will benefit from placing the responsibility for custody and risk on someone else (the company), as when storing money in traditional banks. It is from this point of view that bitkey will be interesting.