Square is considering making a hardware wallet for Bitcoin

[Pmalek]

But he also says in the video that if you lose your phone (and therefore the wallet app it contains which allows you to spend all your coins and therefore must hold your private keys), then you can recover it using their cloud recovery service, which means this cloud recovery service must keep either your private keys or a seed phrase.

I don't think users of their device will have any keys or seeds. They will have accounts while the keys are stored elsewhere.

Block obviously have a huge budget, and they seem to spending a lot of that budget on marketing, videos such as this one, and so on, in an attempt to convince people that they are incredibly stupid and can't possible handle something so insanely complicated as writing down 12 words on a piece of paper.

I don't know if you ever watched South Park, but I remember one episode where the Americans believed that China was planning to invade them. I can't remember the specifics. Anyways, they sent a team of experts to China in an attempt to discover proof of the invasion. The Chinese knew what they were doing, so once the Americans arrived they kept taking them to restaurants, night clubs, and held presentations talking about how Americans have huge penises, while the Chinese penis is so small. They returned home happy by the size of their junk, but forgot why they went to China in the first place. Anyways, the point is diverting the attention from the important things (security, custody, wallet safety) and make them focus on something else so they wont ask questions.

Until the government come along and force Block to use their copies of your private keys to seize your funds as part of some nameless and faceless investigation. If Block can recover your coins, then they can steal your coins. It's as simple as that.

Exactly! Block is well aware of that. But they are going to do everything in their power not to inform their users about it. And those who know (like yourself), aren't their market anyways. That's the sad reality of it all.

[1714894673]

1714894673

[BlackHatCoiner]

It has long seemed to me that ease of use is needed for bitcoin mass character, because most people don't want to make unnecessary "body movements". The simpler, the more massive.

But this isn't a matter of simplicity. With a non-custodial wallet, you just have to write down a seed phrase; it doesn't go more simple than that. Besides, if you're going to do something, do it right. If, say, they want to convince the people use bitcoin, they should just leave some links to educate themselves. There are lots of excellent sources to begin with.

But, that's not what they want. The existence of this recovery service displays that they put their sales above their project's fundamentals. They don't want educated clients. They're a business, trying to sell their new product to their followers, most of which have no idea of what they're paying for.

[Pmalek]

But this isn't a matter of simplicity. With a non-custodial wallet, you just have to write down a seed phrase; it doesn't go more simple than that.

And with an account owned by someone else, you just have to enter your username and a password or maybe your email or a scan of your fingerprint and you are in. If you forget any of your data, you just ask Square and they will be happy to help in contrast to non-custodial Bitcoin solutions (bad Bitcoin, get down), where you have to go through the horrors of writing with your own hand. Yuck! When given a choice between the two, the average halfwit would rather not do or learn anything. 

[BlackHatCoiner]

When given a choice between the two, the average halfwit would rather not do or learn anything.

Yes, but as I said, this isn't a matter of simplicity, but responsibility. It really can't go more simple than writing down 12 words. You don't make it more simple by handing out your custody to Square, you're just ignoring the downsides. Despite the fact that such service doesn't make sense, it's plainly ironic to use bitcoin that way. Satoshi's turning in his grave. 

Can't look forward 'til the first Square's keys' breaching.

[o_e_l_e_o]

I don't think users of their device will have any keys or seeds. They will have accounts while the keys are stored elsewhere.

According to this page - https://wallet.build/how-the-wallet-works/ - the wallet is a 2-of-3 multi-sig with one key stored on the mobile app, one on the hardware device, and one on the cloud. This allows a user to spend small amounts using only their mobile app (by signing with mobile key and cloud key), but require the mobile app and hardware device for larger spends (as the user can specify an amount above which Block will refuse to co-sign transactions from the mobile app, therefore requiring the hardware key instead).

However, the same page also says this:

If you lose your hardware device, or lose both your phone and your hardware device, there will be ways for you to recover your wallet based on the security settings you’ve defined when you set up your wallet. We’ll provide more detail on what this process looks like for customers and how it works in a future update.

If you lose 2 out of 3 keys, but then Block can somehow magically recover access to your coins, then although they say they only store one key they must be storing at least another key and therefore have complete access to your coins at any time.

[Pmalek]

You don't make it more simple by handing out your custody to Square, you're just ignoring the downsides. Despite the fact that such service doesn't make sense, it's plainly ironic to use bitcoin that way. Satoshi's turning in his grave. 

I know mate, but the thing is, you are telling it to the wrong crowd. I am not going to be their customer and I don't see anyone else who regularly frequents this board to become one either.

And that's another thing. Those who will be tricked into purchasing this hardware device, won't have any clue of what satoshi wanted with the creation of Bitcoin. They will see Bitcoin as that new fancy kind of money that you buy today, and when you sell it in a year, you get more USD for it. Not to mention that if you verify your identity and submit your documents, the exchange gives you an extra $10 for free. It's awesome. 

[mindrust]

We already have very trusted hw wallet manufacturers and their products work perfectly. I don't see any value making another hw wallet tbh. But then I don't understand why people still get into the restaurant business while they are already at every corner neither.

I think it's good news and will give a boost to the power of open source projects, so far we can't judge it but given Jack's experience it might be a good hardware wallet.

I don't think Jack knows that much about hw wallets. I don't even think he understands crypto completely. He is definitely not an expert but has lots of money so...

[DaveF]

Pulling something out of the air in terms of the recovery if you loose every device I can see them storing it in a way that they don't have access to but you do. Kind of the way the lastpass / and other password managers do it.

But it would still rely on the user knowing username & password & some other form of data. That would make it vulnerable to the $5 wrench attack. Unless there is another failsafe. Something like you need to wait "X" days before it's recovered. Still FAR from perfect or even a good idea.

-Dave

[o_e_l_e_o]

Pulling something out of the air in terms of the recovery if you loose every device I can see them storing it in a way that they don't have access to but you do.

Which will be impossible to verify since we do not have access to their back end to verify anything that they say. Even the entire set up process could be insecure and expose your keys before you even set up the back up. And even if they don't actually have access to it, it still leaves it open to attack.

But it would still rely on the user knowing username & password & some other form of data.

Maybe they should recommend users write that down on paper then so they don't lose it, since it is so important. And make sure it is a very strong password. 12 random words should do it.

[n0nce]

I've watched part of the video so far and the hardware wallet part is honestly pretty confusing. First, he talks about all the issues about not having self-custody, but then he presents this super complex system, with phone, hardware device, cloud, accounts, subscriptions, something about exchanges(?)

I think they want to create something that all people can use, even if they are not using their brain at all, and most people are sadly constantly on autopilot mode.

I know, but as Leo says in below quote, it makes no sense. It's easier to write 12 words; people write and protect important information on paper since forever. It's not hard, it's known and intuitive and there's little that can go wrong.

That marketing is very good, but they are using very good marketing to try to convince people that having three different things you have to look after and depending on a third party recovery tool is somehow easier than just writing down 12 words, which I do not buy at all.

And I'm disappointed that they still haven't released any details whatsoever on how this third party recovery is going to work. The longer this goes on the more I think that they don't actually know themselves.

Honestly, when they first announced the device, the information available was so vague that I also thought 'they have an idea / pitch right now that makes no technical sense'. There were contradictions and other issues we talked about in the first pages of this thread. It's not gotten much clearer by now and the things they keep claiming sound and feel mostly like 'yeah, that's good enough to get some investors'. But I'm not certain they've figured out the rough architecture of the system by now.

The wallet is supposedly recoverable even if you lose your phone and the device, so there's no need for either at all. Anyone with basic knowledge of Bitcoin can understand this. Then it's just an online wallet with extra steps. But at the same time they claim that it's not just an online wallet. So it remains to be seen if and what they'll come up with, but honestly if you go for simplicity, there's nothing really much better than a software wallet and maybe a support person to talk to. As soon as you introduce extra hardware it gets more complicated than without it.

Is it just me or do you also believe there's nothing legitimate behind most of those bitcoin companies? Am I the only one who feels they're spending more time on marketing, talking about it in social media - generally on the appearance, but not on the actual thing?

I think there are some good companies, but they are those who really embrace the Bitcoin spirit, open source and everything that comes with it. Compare Lightning Labs' LND (tons of marketing, performance issues, hindering development of privacy stuff like bolt12, trying to develop own / proprietary stuff) against Blockstream's Core Lightning (little marketing, runs on any hardware, lots of community contributions, modular, ...). For me, you already feel a difference if you compare LL people to Blockstream's Adam Back, of course long-time forum user here as well.

I don't think users of their device will have any keys or seeds. They will have accounts while the keys are stored elsewhere.

According to this page - https://wallet.build/how-the-wallet-works/ - the wallet is a 2-of-3 multi-sig with one key stored on the mobile app, one on the hardware device, and one on the cloud. This allows a user to spend small amounts using only their mobile app (by signing with mobile key and cloud key), but require the mobile app and hardware device for larger spends (as the user can specify an amount above which Block will refuse to co-sign transactions from the mobile app, therefore requiring the hardware key instead).

However, the same page also says this:

If you lose your hardware device, or lose both your phone and your hardware device, there will be ways for you to recover your wallet based on the security settings you’ve defined when you set up your wallet. We’ll provide more detail on what this process looks like for customers and how it works in a future update.

If you lose 2 out of 3 keys, but then Block can somehow magically recover access to your coins, then although they say they only store one key they must be storing at least another key and therefore have complete access to your coins at any time.

These are exactly the contradictions I'm talking about. They either have massive miscommunications between each other, or they don't yet actually know how they want to implement the whole thing.

[o_e_l_e_o]

They either have massive miscommunications between each other, or they don't yet actually know how they want to implement the whole thing.

Or, option 3, they know fine well that they will be storing all your keys in some form and therefore have complete control over your coins, but as Pmalek says, they are counting on the fact that their target audience won't understand this and are being deliberately misleading with their marketing when they say that you will have full control over your funds.

[n0nce]

They either have massive miscommunications between each other, or they don't yet actually know how they want to implement the whole thing.

Or, option 3, they know fine well that they will be storing all your keys in some form and therefore have complete control over your coins, but as Pmalek says, they are counting on the fact that their target audience won't understand this and are being deliberately misleading with their marketing when they say that you will have full control over your funds.

It would honestly be kind of disappointing, because other plans and projects from them don't sound too bad, as I remarked earlier. For instance, having a new ASIC manufacturer around would always be great to see, but if they were really to sell such a misleading product at the same time, it would be hard to support such a company.
I guess it really remains to be seen because any info we have and get from them, even now, months later, is still super unclear.

[Pmalek]

According to this page - https://wallet.build/how-the-wallet-works/ - the wallet is a 2-of-3 multi-sig with one key stored on the mobile app, one on the hardware device, and one on the cloud.

If you lose your hardware device, or lose both your phone and your hardware device, there will be ways for you to recover your wallet based on the security settings you’ve defined when you set up your wallet.

If you lose 2 out of 3 keys, but then Block can somehow magically recover access to your coins, then although they say they only store one key they must be storing at least another key and therefore have complete access to your coins at any time.

Compare that with a traditional (non-Square) 2/3 multisig setup. If you lose 2 out of 3 private keys, is it possible for you to recover them by proving to a company that you are the legitimate owner? And if such a system exists, that means they store the keys as well "protected" behind some security questions, passwords, or PINs. If you lose 2 out of 3 private keys in a normal multisig, your coins are gone. If you do the same with Square's device, there is no need to worry. But we know what that means.

they are counting on the fact that their target audience won't understand this and are being deliberately misleading with their marketing when they say that you will have full control over your funds.

You probably will have full control, meaning access to 2/3 signing keys if they go for a 2/3 multisig. The thing they aren't telling you is they will have full control as well. Shared full control of private keys.

[o_e_l_e_o]

I guess it really remains to be seen because any info we have and get from them, even now, months later, is still super unclear.

Agreed, but I really don't see how it can be anything else. If they can recover both your mobile key and your hardware key if you are to lose both devices, then they must be storing all three keys in some way. They might claim they are encrypted, that Block can't access them, and so on, but that will be impossible to verify and you are still left trusting a third party completely, both for their honesty and their technical competence in setting up their back end and security systems.

You probably will have full control, meaning access to 2/3 signing keys if they go for a 2/3 multisig. The thing they aren't telling you is they will have full control as well. Shared full control of private keys.

I don't consider shared control to be full control. Full control means that I, and I alone, have control over my coins. If you can unilaterally move my coins and therefore revoke my ability to access them, then I don't have full control over them.

[Pmalek]

I don't consider shared control to be full control. Full control means that I, and I alone, have control over my coins.

Me neither, nor am I defending that model. I am just making conclusions based on the things that have been revealed here about Square.

You have (full) control in the sense that you can move your coins without requesting permission (It sounds incredibly stupid even writing this when you are thinking about Bitcoin) from Square because you have two of the private keys. But you don't have full control when it comes to the sole custody of said keys and the coins they are supposed to protect.   

[n0nce]

I guess it really remains to be seen because any info we have and get from them, even now, months later, is still super unclear.

Agreed, but I really don't see how it can be anything else. If they can recover both your mobile key and your hardware key if you are to lose both devices, then they must be storing all three keys in some way. They might claim they are encrypted, that Block can't access them, and so on, but that will be impossible to verify and you are still left trusting a third party completely, both for their honesty and their technical competence in setting up their back end and security systems.

Well, it's possible this 'feature' will be dropped. Or opt-in or something. As you correctly say, it would be possible to build a system like this:
[1] setup normal 2-out-of-3 multisig
[2] they refuse to cosign for large amounts
---
^ this is the first 'killer feature' they want to implement

[3] they have an encrypted version of your two seeds (local encryption before sending & open source software could make this fairly trustable)
[4] if you lose your two seeds, they can give you those encrypted ones and you have to enter a password to decrypt them
---
^ this is the second 'killer feature'

However, [4] requires choosing and safely storing a strong password, which completely defies this whole concept that is based on the assumption that people don't want to write down and securely store a 12 word seed.

So technically, the two things they want to accomplish, are possible, but then the whole thing makes no sense. If there's no encryption at play, so no password to be written down, then it's not secure as they claim and they could steal all your funds at any time. So it wouldn't make sense either. This is the dilemma I keep talking about.

Another point to consider: We haven't talked about privacy yet, have we? If your wallet sends transactions to their server to be cosigned, especially if you also use other Square apps (they can share data amongst each other, even on iOS) and / or use the proposed exchange feature inside the wallet, all your transactions will be linked to your real life identity.

You probably will have full control, meaning access to 2/3 signing keys if they go for a 2/3 multisig. The thing they aren't telling you is they will have full control as well. Shared full control of private keys.

I don't consider shared control to be full control. Full control means that I, and I alone, have control over my coins. If you can unilaterally move my coins and therefore revoke my ability to access them, then I don't have full control over them.

If they want to play the semantics game, technically even an exchange's hot wallet could be considered 'full control', claiming you can click the 'withdraw' button any time and nobody else, so you and only you have full control over those funds (I know, right? Utter bullshit.)

[Pmalek]

Well, it's possible this 'feature' will be dropped. Or opt-in or something. As you correctly say, it would be possible to build a system like this:
[1] setup normal 2-out-of-3 multisig
[2] they refuse to cosign for large amounts
---
^ this is the first 'killer feature' they want to implement

In this scenario of yours, does the user still have access to his mobile app and device where the keys are stored or did he lose one/both of them? If it's a normal 2-out-of-3 multisig, Square's signature wouldn't even be needed. Having the control of how much the user is and isn't allowed to spend from his own money is another highlight in the long list of 'no thanks' for this product of theirs.

[o_e_l_e_o]

However, [4] requires choosing and safely storing a strong password, which completely defies this whole concept that is based on the assumption that people don't want to write down and securely store a 12 word seed.

Precisely. Either their solution requires you to back up a strong password, which is no different to backing up a secure seed phrase, in addition to being much more complicated to use and recover from, OR it is completely insecure and Block can steal all your coins at any time. Neither is good.

If your wallet sends transactions to their server to be cosigned

Even if you decide to never use their server and co-sign all your transactions with the hardware device, the initial set up of a 2-of-3 multi-sig requires all three devices to have the master public keys from the other two, meaning Block can still see all your addresses and transactions, even if you never interact with them (although I'm certain that their mobile app will connect to their servers and their servers alone, so even without the multi-sig set up they could still monitor everything you do).

[n0nce]

Well, it's possible this 'feature' will be dropped. Or opt-in or something. As you correctly say, it would be possible to build a system like this:
[1] setup normal 2-out-of-3 multisig
[2] they refuse to cosign for large amounts
---
^ this is the first 'killer feature' they want to implement

In this scenario of yours, does the user still have access to his mobile app and device where the keys are stored or did he lose one/both of them? If it's a normal 2-out-of-3 multisig, Square's signature wouldn't even be needed. Having the control of how much the user is and isn't allowed to spend from his own money is another highlight in the long list of 'no thanks' for this product of theirs.

It's not my scenario; it's one of their two aforementioned 'killer features' they've confirmed multiple times: you can set a threshold below which the hardware signer is not needed since they'll provide the second signature.
For higher amounts their server will deny to sign and you will need to use the hardware device. The idea is that if the phone gets stolen the thief can't spend all your funds.

[o_e_l_e_o]

Most recent blog update: https://wallet.build/product-principles/

Still absolutely no information about how these recovery tools will work or where else your keys are going to be stored to allow recovery to happen...

Does say a couple of things I found interesting though:

Often the only way to recover your money if you lose your phone or hardware wallet is to rely on a 12- or 24-word secret phrase – which we think customers will either forget, or more likely out of a fear of forgetting, write on a post-it note.

I find it hard to believe that the people are Block honestly believe that most people are trying to memorize their seed phrase or have it written on a post-it note and stuck on their monitor, when every other hardware wallet in existence which uses seed phrases is very clear that it should be written down and stored somewhere safe, secure, and hidden. I suspect this is part of their marketing - sow the seed (no pun intended) that seed phrases are bad by focusing only on the most insecure way of using them, so their overly complicated 2-of-3 app/hardware/server solution seems better in comparison.

Thus, we’ll rely on partnerships with exchanges, other wallets, traditional financial institutions, and payments providers, to help customers connect to services that allow them to buy and sell their bitcoin.

Sounds like a privacy nightmare.