Square is considering making a hardware wallet for Bitcoin

[n0nce]

Most recent blog update: https://wallet.build/product-principles/

Still absolutely no information about how these recovery tools will work or where else your keys are going to be stored to allow recovery to happen...

Does say a couple of things I found interesting though:

Often the only way to recover your money if you lose your phone or hardware wallet is to rely on a 12- or 24-word secret phrase – which we think customers will either forget, or more likely out of a fear of forgetting, write on a post-it note.

I find it hard to believe that the people are Block honestly believe that most people are trying to memorize their seed phrase or have it written on a post-it note and stuck on their monitor, when every other hardware wallet in existence which uses seed phrases is very clear that it should be written down and stored somewhere safe, secure, and hidden. I suspect this is part of their marketing - sow the seed (no pun intended) that seed phrases are bad by focusing only on the most insecure way of using them, so their overly complicated 2-of-3 app/hardware/server solution seems better in comparison.

Thanks for the update!

Yeah; that's very questionable. Essentially a classic strawman argument.
For usability, I find that giving customers two microSD cards and extremely easy instructions to follow ('pop it in and click a button'), as well as telling them to write those words on a securely stored piece of paper, is easy enough for anyone.
By the way, the 'original password manager' (paper book) that older people are ridiculed for, has been shown not to be as bad as you would expect. Writing down any type of 'secrets' and storing the paper holding them securely (for decades) is very natural to humans, even going back hundreds and thousands of years, so I don't see why the 2022 human should be too stupid to accomplish it.

Thus, we’ll rely on partnerships with exchanges, other wallets, traditional financial institutions, and payments providers, to help customers connect to services that allow them to buy and sell their bitcoin.

Sounds like a privacy nightmare.

It already begins with them sharing the customer data with their other (sub-)companies, which is standard business practice.. So far, I'd say: keep your hands off this device at any cost.

Integrating exchanges and API calls to all sorts of '' is something I've never understood.
Like Loyce, I'm a big fan of the KISS principle, so it's unbelievable to me how companies think they need to maximally dumb down their products, whilst at the same time throwing waterfalls of garbage at their customers such as myriads of shitcoins to choose from, as well as more often than not NFTs, leverage trading and all this sort of stuff.
This doesn't all need to exist in your wallet (if at all, but that's another question).

[o_e_l_e_o]

Essentially a classic strawman argument.

I've now stumbled across this video from Consensus 2022, again with Lindsey Grossman as we saw in a previous video. Skip to 12:42.

She says that all software and hardware wallets are "very difficult to use" and "anxiety producing". She again repeats this nonsense that people are "remembering" their 12 or 24 word seed phrase, comparing it to people forgetting passwords. I suspect this strawman is going to be a large part of their marketing to users who simply don't know any better. (And still no information about recovery. Almost likely they are keeping this part deliberately hidden?)

It already begins with them sharing the customer data with their other (sub-)companies, which is standard business practice.. So far, I'd say: keep your hands off this device at any cost.

Yeah, I said as much on this post: https://bitcointalk.org/index.php?topic=5341906.msg59309830#msg59309830

I just don't follow what they are trying to do here. They say writing down 12 words is too complicated and they want to make something simpler. So they create a wallet which requires two devices, an app (with presumable a PIN or password), an online account (with an email and password), will require the user to set up these three things and manage the interplay between them, will likely require KYC or some form of identity verification for their recovery tools, and will be filled with integrations to "exchanges, other wallets, traditional financial institutions, and payments providers" (no doubt meaning the app will be filled with ads, affiliate links, and loads of unnecessary features like swapping bitcoin to shitcoins, staking/lending, etc.)

I just don't see how any of this is simpler.

[DaveF]

...Writing down any type of 'secrets' and storing the paper holding them securely (for decades) is very natural to humans, even going back hundreds and thousands of years, so I don't see why the 2022 human should be too stupid to accomplish it....

Leaving out all the other comments as to why I don't like this device, I will actually give them a small pass on this.

For 20+ years now businesses have been conditioning people not to write down passwords for security reasons and that if you forget your password to your bank or whatever there is a way to recover it. So on one hand we have 2+ decades of oh you lost information, here it is. On the other side we now have sorry you lost a few words out of 24 word seed, sucks to be you your BTC is gone forever.

Many other reasons not to like them, this is one of the smaller ones.

-Dave

[SFR10]

And still no information about recovery.

She did mention that their hexagonal shape HW components are part of the recovery process in case someone loses their phone ^{[at 14:51]}, but I'm going to argue that it's a lot easier to lose those tiny HW components than the phone itself!

[o_e_l_e_o]

She did mention that their hexagonal shape HW components are part of the recovery process in case someone loses their phone ^{[at 14:51]}, but I'm going to argue that it's a lot easier to lose those tiny HW components than the phone itself!

Here's the issue:

They are creating a 2-of-3 of multi-sig set up. They state that there will be one key is on your mobile app, one key in your hardware wallet, and one key on their servers. However, they also state that if you lose your phone you can recover your app using your hardware wallet and your online account, and if you lose your hardware wallet, you can recover this via your app and your online account. They also state that if you lose both your phone and hardware wallet, you will still be able to recover your wallet via your online account:

If you lose your hardware device, or lose both your phone and your hardware device, there will be ways for you to recover your wallet based on the security settings you’ve defined when you set up your wallet.

Now, these two positions are mutually exclusive. They cannot claim that they are only storing one of your private keys on their server, but then also state that if you lose both the private keys you are storing that you will be able to recover them from their servers. They cannot be able to provide a back up of two of the keys if they aren't storing either of them. Which means either they are lying, deliberately trying to pull the wool over the eyes of users who don't understand this, or they haven't actually figured out how any of this is going to work yet.

I find it pretty disingenuous that they keep pushing this recoverability as a big selling point while providing absolutely zero details on how it actually works.

[n0nce]

She did mention that their hexagonal shape HW components are part of the recovery process in case someone loses their phone ^{[at 14:51]}, but I'm going to argue that it's a lot easier to lose those tiny HW components than the phone itself!

Here's the issue:

They are creating a 2-of-3 of multi-sig set up. They state that there will be one key is on your mobile app, one key in your hardware wallet, and one key on their servers. However, they also state that if you lose your phone you can recover your app using your hardware wallet and your online account, and if you lose your hardware wallet, you can recover this via your app and your online account. They also state that if you lose both your phone and hardware wallet, you will still be able to recover your wallet via your online account:

If you lose your hardware device, or lose both your phone and your hardware device, there will be ways for you to recover your wallet based on the security settings you’ve defined when you set up your wallet.

Now, these two positions are mutually exclusive. They cannot claim that they are only storing one of your private keys on their server, but then also state that if you lose both the private keys you are storing that you will be able to recover them from their servers. They cannot be able to provide a back up of two of the keys if they aren't storing either of them. Which means either they are lying, deliberately trying to pull the wool over the eyes of users who don't understand this, or they haven't actually figured out how any of this is going to work yet.

I find it pretty disingenuous that they keep pushing this recoverability as a big selling point while providing absolutely zero details on how it actually works.

I just thought real hard and came up with an idea on how the highlighted part may be solved.

It's certainly not a good one and would make the device look even worse, but be technically correct. Hear me out:
[1] One key on Square server
[2] One key on hardware signer
[3] One key on the phone -- but -- not actually on the phone, but in an app on that phone, which is just a software client for essentially an online wallet

This way, if you lose phone and signer, you login to your account on a new phone or on your PC; then together with key number 1, you can restore the multisig wallet.

Besides the obviously flawed nature of online wallets (not your keys), this would also actually put 2 out of 3 keys on their server, as obviously this 'email + password' account will be on their server.
But it's the only way I see their 2 following statements working together:

• It's a 2-out-of-3 multisig setup.

• If you lose your hardware device, or lose both your phone and your hardware device, there will be ways for you to recover your wallet based on the security settings you’ve defined when you set up your wallet.

[DireWolfM14]

Besides the obviously flawed nature of online wallets (not your keys), this would also actually put 2 out of 3 keys on their server, as obviously this 'email + password' account will be on their server.

Nevertheless, I think you might be onto something.  It's not beyond a company with that kind of ego to decide the general public are not to be trusted with their own security.  Yet they keep digging in, and continue to use phrases like "self-custody" and "self-serve recovery."

This is from the latest post on their blog;

In a previous post we shared how our hardware device will be one of three elements included in our self-custody bitcoin wallet, providing customers with additional layers of security when moving money and acting as a self-serve recovery kit when a customer loses their mobile wallet.

[n0nce]

Besides the obviously flawed nature of online wallets (not your keys), this would also actually put 2 out of 3 keys on their server, as obviously this 'email + password' account will be on their server.

Nevertheless, I think you might be onto something.  It's not beyond a company with that kind of ego to decide the general public are not to be trusted with their own security.  Yet they keep digging in, and continue to use phrases like "self-custody" and "self-serve recovery."

If I remember correctly, there was another (unrelated) service (wallet?) in the past that claimed you had 'self-custody', since you could display, backup and restore your seed words, but also access your account (which included the seed) using an email and password login.
This means that you did have 'full self control over the funds', but they did, too!

I'm not saying Square is doing this, just saying it wouldn't be the first time..

[DireWolfM14]

Besides the obviously flawed nature of online wallets (not your keys), this would also actually put 2 out of 3 keys on their server, as obviously this 'email + password' account will be on their server.

Nevertheless, I think you might be onto something.  It's not beyond a company with that kind of ego to decide the general public are not to be trusted with their own security.  Yet they keep digging in, and continue to use phrases like "self-custody" and "self-serve recovery."

If I remember correctly, there was another (unrelated) service (wallet?) in the past that claimed you had 'self-custody', since you could display, backup and restore your seed words, but also access your account (which included the seed) using an email and password login.
This means that you did have 'full self control over the funds', but they did, too!

I'm not saying Square is doing this, just saying it wouldn't be the first time..

I just find it ironic that some bloated-ego blowhard who tried, (and failed) to lecture us on "misinformation," ending up wrong more often than not, and trying to prevent open discourse which would allow people to make up their mind still thinks so highly of himself that, once again he's trying to protect us from ourselves.  And, to do so, he's spreading misinformation.

Even if it was the best hardware wallet on the market I wouldn't give that shitforbrains a single penny of my money.

[o_e_l_e_o]

I just thought real hard and came up with an idea on how the highlighted part may be solved.

Reading through their blog posts and Twitter accounts, it sounds very much like you can recover either the phone or the hardware wallet (or even both) just by using some as-of-yet unknown recovery tools. This necessitates them storing all three keys. The only way I can see this being possible with them still being able to claim they only have access to one key (without just outright lying) is for them to store your other two keys but encrypted. The only way this would (kind of) work* is if those keys were encrypted by a client set password, but then you still have the problem of if the client forgets the password. Which then leads us back to square one of how they can promise recovery if the client loses/forgets everything. The only way I can see this happening (client loses phone, loses hardware wallet, forgets account password and can still recover their wallet) is via KYC. And don't even get me started on that.

And don't even start to tell me that all this is somehow simpler than me typing 12 words in to a new wallet.

*I mean, not really work at all, since we would have absolutely no way of verifying that they were encrypted, encrypted securely, and that Block couldn't access them, even if that's what they claimed.

[n0nce]

~snip~

If I remember correctly, there was another (unrelated) service (wallet?) in the past that claimed you had 'self-custody', since you could display, backup and restore your seed words, but also access your account (which included the seed) using an email and password login.
This means that you did have 'full self control over the funds', but they did, too!

I'm not saying Square is doing this, just saying it wouldn't be the first time..

I just find it ironic that some bloated-ego blowhard who tried, (and failed) to lecture us on "misinformation," ending up wrong more often than not, and trying to prevent open discourse which would allow people to make up their mind still thinks so highly of himself that, once again he's trying to protect us from ourselves.  And, to do so, he's spreading misinformation.

Even if it was the best hardware wallet on the market I wouldn't give that shitforbrains a single penny of my money.

I'm not following; is this about Jack Dorsey? I honestly have no idea about him except being Twitter CEO and Square founder.

I just thought real hard and came up with an idea on how the highlighted part may be solved.

Reading through their blog posts and Twitter accounts, it sounds very much like you can recover either the phone or the hardware wallet (or even both) just by using some as-of-yet unknown recovery tools. This necessitates them storing all three keys. The only way I can see this being possible with them still being able to claim they only have access to one key (without just outright lying) is for them to store your other two keys but encrypted. The only way this would (kind of) work* is if those keys were encrypted by a client set password, but then you still have the problem of if the client forgets the password. Which then leads us back to square one of how they can promise recovery if the client loses/forgets everything. The only way I can see this happening (client loses phone, loses hardware wallet, forgets account password and can still recover their wallet) is via KYC. And don't even get me started on that.

And don't even start to tell me that all this is somehow simpler than me typing 12 words in to a new wallet.

*I mean, not really work at all, since we would have absolutely no way of verifying that they were encrypted, encrypted securely, and that Block couldn't access them, even if that's what they claimed.

An account- / password-based system that encrypts the seeds and then uploads all of them to Square may potentially be sold as viable alternative to simple 12 or 24 seed phrases, because it abstracts away the importance of the password (in this case as important as an actual Bitcoin seed phrase!!) and lets them recommend customers to store it in their password manager like every other password.

It would - again - be a very bad scheme with low security and no benefit compared to just storing the seed phrase yourself.

[Pmalek]

Often the only way to recover your money if you lose your phone or hardware wallet is to rely on a 12- or 24-word secret phrase – which we think customers will either forget, or more likely out of a fear of forgetting, write on a post-it note.

Oh my God the horrors of having to enter 12/24 words to recover your coins. How did we survive this ordeal for so long Thank you Square!

I suspect this is part of their marketing

Yeah, obviously. They know that what they are saying is not true. But they want the potential users to feel as stupid as possible by telling them you can't do that. You don't know how to. You are going to make a mistake. Your only choice is trusting us with our new revolutionary innovations that will make your life easier.

[o_e_l_e_o]

It would - again - be a very bad scheme with low security and no benefit compared to just storing the seed phrase yourself.

Absolutely, and I can't really believe that this is what is underpinning Block's entire security schematic, but there is simply no way for them to be able to help a user recover the key from either their phone or their hardware device without Block having access to those keys in some form.

Your only choice is trusting us

This is what it all boils down to. A self-custody wallet that requires complete trust in a third party, which is not a self-custody wallet at all.

It would be great if they could actually just reveal how their recovery mechanism will actually work, but each additional little bit of information they leak out over time are doing nothing to change my mind that I will never be using nor recommending this wallet.

[Pmalek]

This is what it all boils down to. A self-custody wallet that requires complete trust in a third party, which is not a self-custody wallet at all.

Square just invented shared self-custody. You are in custody of your keys, but they have custody of your keys as well.

It would be great if they could actually just reveal how their recovery mechanism will actually work, but each additional little bit of information they leak out over time are doing nothing to change my mind that I will never be using nor recommending this wallet.

Unless the userbase they are targeting starts asking such questions, they probably won't do that. It will be interesting to observe how this approach of theirs has been received by their community members. If the feedback is positive and people only have good things to say about what Square is doing, it will just give them the needed motivation to keep pushing forward. 

[n0nce]

Often the only way to recover your money if you lose your phone or hardware wallet is to rely on a 12- or 24-word secret phrase – which we think customers will either forget, or more likely out of a fear of forgetting, write on a post-it note.

Oh my God the horrors of having to enter 12/24 words to recover your coins. How did we survive this ordeal for so long Thank you Square!

I suspect this is part of their marketing

Yeah, obviously. They know that what they are saying is not true. But they want the potential users to feel as stupid as possible by telling them you can't do that. You don't know how to. You are going to make a mistake. Your only choice is trusting us with our new revolutionary innovations that will make your life easier.

I'm loving the technical understanding with which this thread is able to call out their bullshit word by word..

Your only choice is trusting us

This is what it all boils down to. A self-custody wallet that requires complete trust in a third party, which is not a self-custody wallet at all.

How about this for a name: The 'trust me, bro' wallet by Block / Square?

It would be great if they could actually just reveal how their recovery mechanism will actually work, but each additional little bit of information they leak out over time are doing nothing to change my mind that I will never be using nor recommending this wallet.

In the beginning, I assumed that the whole thing was still in draft phase ('good enough to attract investors') and 'we'll figure out the technicalities later'. But by now they should have an idea if what they envision is possible and if not, adjust their promises accordingly. Mistakes are human, and honesty is crucial.

This is what it all boils down to. A self-custody wallet that requires complete trust in a third party, which is not a self-custody wallet at all.

Square just invented shared self-custody. You are in custody of your keys, but they have custody of your keys as well.

This one's for you Pmalek, 'shared self-custody' - that's too funny!

[DireWolfM14]

I'm not following; is this about Jack Dorsey? I honestly have no idea about him except being Twitter CEO and Square founder.

Yeah, that's him.  Not a fan, as you can tell.  Sorry to start slinging mud in this thread, but HE started it. 

Square just invented shared self-custody.

Brilliant.  I think you just coined the term for the next generation of Hardware Wallet Shysters.

[n0nce]

Square just invented shared self-custody.

Brilliant.  I think you just coined the term for the next generation of Hardware Wallet Shysters.

I just had a glance at Blockstream Green wallet, since it's one of the reproducible mobile wallets on https://walletscrutiny.com/.
Apparently, Blockstream actually invented shared self-custody, before Block??

Blockstream Green offers the option to secure your wallet with our Multisig Shield. One key is held on your device and another on our servers, enabling you to protect your wallet with two-factor authentication. Timelocks or a third backup key ensure you always retain full ownership of your funds.

Has anyone looked into this further? It seems like a similar concept where you need to cosign using a second factor, but their server is what enforces this and ultimately cosigns, after you present ownership of the second factor.
For example, has anyone had a look whether all transactions are sent to the server (massive privacy issue) and whether there are other problems with the wallet?

I'm telling you guys, the number of wallets that I can safely recommend nowadays is so tiny..
Especially for mobile. How hard can it be to make a Bitcoin wallet that actually follows Bitcoin core principles?

I get it that in some fields, all the software that's available is super complex and has more features than what the majority needs; thus, there's a market for a more convenient, even though maybe less privacy-friendly alternative.
But...
[1] This is Bitcoin. Its whole purpose is to leave the responsibility with the user and let them be their own bank. With both the risks and the benefits that this entails.
[2] The situation I described above, was over 10 years ago - when Bitcoin Core was the only wallet around. I totally agree that it's not possible for every person on the world to download the whole blockchain and lots are willing to offer up some privacy to be able to use Bitcoin. That's why Electrum came around and became so popular (and still is till today).

But aren't there enough 'convenient, but not totally private' wallets around by now? At a certain points, no one is better than another and just looks a little different. I believe we've reached a point where simply bringing Bitcoin Core to mobile would be a huge revolution.

[Pmalek]

I just had a glance at Blockstream Green wallet, since it's one of the reproducible mobile wallets on https://walletscrutiny.com/.
Apparently, Blockstream actually invented shared self-custody, before Block??

Blockstream Green offers the option to secure your wallet with our Multisig Shield. One key is held on your device and another on our servers, enabling you to protect your wallet with two-factor authentication. Timelocks or a third backup key ensure you always retain full ownership of your funds.

Has anyone looked into this further?

I might be focusing too much on semantics here, but it looks like an optional feature to me based on how they said it. We offer you the option to use Multisig Shield... etc., etc. Maybe it works in a different way as well. I am just guessing here, I am not agreeing with any type of shared custody.

With the Multisig Shield, the user seems to have access to two signing keys while Blockstream keeps one. That's similar to what Electrum does with its 2FA. It's an optional feature that you don't have to use. And even if you do, you can still recover your coins and get access to your bitcoins since you have 2 out of 3 signing keys. 

[o_e_l_e_o]

Apparently, Blockstream actually invented shared self-custody, before Block??

Blockstream Green used to be known as GreenAddress until Blockstream acquired it and made it their own. I think the difference here between this and whatever Block are making is that Blockstream are open that they only hold one key and therefore cannot access your funds. If you lose your other two keys, then you lose your wallet. This is obviously in contrast to Block, who say if you lose your other two keys then they can somehow manage to recover them.

In terms of your question about mobile wallets, I would just stick to Electrum. If you want to use it easily but not very privately, just install and run. If you want to go a bit more technical but a lot more private, point it towards your own Electrum server.

[n0nce]

Apparently, Blockstream actually invented shared self-custody, before Block??

Blockstream Green used to be known as GreenAddress until Blockstream acquired it and made it their own. I think the difference here between this and whatever Block are making is that Blockstream are open that they only hold one key and therefore cannot access your funds. If you lose your other two keys, then you lose your wallet. This is obviously in contrast to Block, who say if you lose your other two keys then they can somehow manage to recover them.

That's a good point! Green doesn't have Square's whole recovery problem (allowing to recover after losing 2 keys) - this is about security.
But what about privacy? Is there a way they (or Electrum) can implement 2FA without knowing about every single one of your addresses (and transactions) or not?

In terms of your question about mobile wallets, I would just stick to Electrum. If you want to use it easily but not very privately, just install and run. If you want to go a bit more technical but a lot more private, point it towards your own Electrum server.

Do you know whether Electrum on Android supports hardware wallets or exporting and importing PSBTs in general? Being able to do so would also be handy if someone had a PC-based airgap setup (keys on old offline PC).