Foundation Passport (FE) hardware wallet review and walkthrough

[Pmalek]

If I remember correctly, either the device tells you to check the battery charge isn't too low or their instructions do. So you kind of do it at your own risk. I certainly haven't tried what happens when cutting power during a firmware update, but speaking in broad terms, this is something that can indeed happen when updating microcontroller firmware.

I did a software BIOS update the other day on a DELL laptop and noticed something interesting. A few days earlier, I failed to get the installation running and I wasn't sure what was wrong. And when I tried it a few days later, it worked flawlessly. The reason being that my laptop was charging at the time. I guess DELL won't allow you to perform BIOS updates unless your device is on a charger, just in case you run out of juice. Or the remaining battery capacity has to be above a certain percentage.

Would be a cool addition to a battery-powered hardware wallet to have some sort of meter that wouldn't allow you to perform firmware upgrades if the battery is below 50% or 20% depending on how long the process usually takes and how much power it wastes. With on-screen instructions to charge your battery fully and try again. Of course that wouldn't be easy to do since there are so many different types of batteries with different run times. 

[1715564794]

1715564794

[1715564794]

1715564794

[dkbit98]

I did a software BIOS update the other day on a DELL laptop and noticed something interesting. A few days earlier, I failed to get the installation running and I wasn't sure what was wrong. And when I tried it a few days later, it worked flawlessly. The reason being that my laptop was charging at the time. I guess DELL won't allow you to perform BIOS updates unless your device is on a charger, just in case you run out of juice. Or the remaining battery capacity has to be above a certain percentage.

I know that Lenovo Thinkpad laptops doesn't allow you to complete BIOS update unless you plug in your working battery, and you need to plug in electric cable as well.
This was done so that you wouldn't brick your device in case electric power suddenly cuts off for whatever reason, your battery would prevent that.
To conclude, if you don't have working battery you can't update BIOS on Thinkpad laptops.
Hardware wallets I use didn't have any battery, but you could use them connected with your laptops (that has battery) to prevent issues during firmware update.

[n0nce]

I did a software BIOS update the other day on a DELL laptop and noticed something interesting. A few days earlier, I failed to get the installation running and I wasn't sure what was wrong. And when I tried it a few days later, it worked flawlessly. The reason being that my laptop was charging at the time. I guess DELL won't allow you to perform BIOS updates unless your device is on a charger, just in case you run out of juice. Or the remaining battery capacity has to be above a certain percentage.

I know that Lenovo Thinkpad laptops doesn't allow you to complete BIOS update unless you plug in your working battery, and you need to plug in electric cable as well.
This was done so that you wouldn't brick your device in case electric power suddenly cuts off for whatever reason, your battery would prevent that.

Yes, it's a concept that is implemented in a lot of mobile electronics, from all sorts of vendors.
As Pmalek mentioned, though, the issue with triple-A's is that the device manufacturer (in this case Foundation) doesn't know which battery type you are using.

The whole issue with this design choice is that Alkalines are less efficient (drain excess power) if you hit them with a too high load, plus the electronics of 'Passport FE' can't handle a low voltage (below 1.1-1.2V-ish). This combined means that a pretty full pair of Alkalines can drain quickly if you initiate a firmware upgrade, while it would happily do a multiple of the energy-equivalent in 'transaction signatures'.

Anyhow, I don't think we have a lot more to add to the topic of 'v1 battery choice bad', since the company is actively shipping v2 with Li-Ion rechargeable batteries, by now...

[o_e_l_e_o]

Taking my question over from this thread so as not to derail it.

How do Foundation handle your data? Their privacy policy states the usual, that they collect your name, address, email, etc., which is obviously required to ship you a product. It also says that they can share your data with third parties for various reasons, including marketing, which is not great and frankly unnecessary. They also make no mention of how long they keep your data, so presumably that means indefinitely.

I couldn't see this discussed yet previously, but apologies if I've missed it. Has anyone asked them directly? Why not scrub all sensitive data after 90 days like Trezor do?

[n0nce]

Taking my question over from this thread so as not to derail it.

How do Foundation handle your data? Their privacy policy states the usual, that they collect your name, address, email, etc., which is obviously required to ship you a product. It also says that they can share your data with third parties for various reasons, including marketing, which is not great and frankly unnecessary. They also make no mention of how long they keep your data, so presumably that means indefinitely.

I couldn't see this discussed yet previously, but apologies if I've missed it. Has anyone asked them directly? Why not scrub all sensitive data after 90 days like Trezor do?

I haven't asked them, yet. Not sure if mentioning @zherbert here summons him, but I'll also send a DM.
It would be great if he could answer directly here in this thread.

I do know they self-host all (or at least most?) of their infrastructure, to make sure that customer data leaks can't happen through service providers (like mailing list services).


One thing that springs to mind about the missing 90 day limit is that as they're doing preorders that take more than 90 days to ship, they have to keep customer information at least until the shipping date.
Keeping the information a bit longer is useful in case there's an issue with the shipment and whatnot.

[dkbit98]

I couldn't see this discussed yet previously, but apologies if I've missed it. Has anyone asked them directly? Why not scrub all sensitive data after 90 days like Trezor do?

Information I have is that Foundation Passport deletes (auto-purge) every customer information 60 days after device shipping, and some stuff gets deleted even after 30 days.
This is unofficial information and maybe they didn't add this in official website yet, but it should be done in near future.
To be sure if something was changed I would contact them on official email hello@foundationdevices.com.

[Pmalek]

How do Foundation handle your data? Their privacy policy states the usual, that they collect your name, address, email, etc., which is obviously required to ship you a product. It also says that they can share your data with third parties for various reasons, including marketing, which is not great and frankly unnecessary. They also make no mention of how long they keep your data, so presumably that means indefinitely.

Since I took at their Privacy Policy not that long ago, I will share some quotes from my thread.

We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate...

We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

The data gets de-anonymized, but they don't mention when. And you are right, I don't remember seeing anything about how long the data is stored on their servers in either form. Maybe it depends on the local laws of the State they operate in

[o_e_l_e_o]

Information I have is that Foundation Passport deletes (auto-purge) every customer information 60 days after device shipping, and some stuff gets deleted even after 30 days.

I went digging on their Twitter profile based on your comment here, and I found some conflicting information:

In addition to self-hosting, we automatically purge customer data from our servers 60 days after your order ships.

We will purge all customer data from our online store after 30 days and download what we need for tax/regulatory compliance in offline+encrypted storage.

So they seem to delete your data from online servers after either 30 or 60 days, but they keep it offline indefinitely? It would be good to get some clarification on this. It would also be good for them to update their privacy policy to reflect all this, so it is in official writing rather than just a Twitter post.

We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate...

Yeah, as I said above, not great. Sharing with law enforcement on production of a valid subpoena or similar, while I don't like it, is absolutely necessary for a company which operates within the US, so there is nothing they can do about that. Sharing with "private parties as they believe appropriate" is not, and shouldn't be there.

The data gets de-anonymized

You mean anonymized, or de-identified. Still, anonymized data is a marketing trick, with one study showing that a staggering 99.98% of anonymized data could still be used to re-identify specific individuals. I don't want my data anonymized - I want it wiped.

[dkbit98]

So they seem to delete your data from online servers after either 30 or 60 days, but they keep it offline indefinitely? It would be good to get some clarification on this. It would also be good for them to update their privacy policy to reflect all this, so it is in official writing rather than just a Twitter post.

Yeah I think they need to update their website with this information to clarify everything, and I think I saw one of their team members saying they are working on that.
I prefer buying my stuff offline without leaving any personal information whenever possible, but it's impossible to do this with Passport if you live outside United States.
I don't even know if they have any official shop that sells them locally, but going to Bitcoin conferences you can probably find and buy one of this devices.

[n0nce]

~

Good points! I hope @zherbert will answer them, as I've no idea about those questions myself, either.

Good news, though: I just got a DM that I successfully summoned him and he'll reply soon..


Side question, though: How many of you guys read every company's privacy policy who you order from? Do you do this categorically, just for Bitcoin-related stuff, and if so, why? Interested in hearing / reading your thoughts.

[o_e_l_e_o]

Side question, though: How many of you guys read every company's privacy policy who you order from? Do you do this categorically, just for Bitcoin-related stuff, and if so, why? Interested in hearing / reading your thoughts.

I do, not just for things I order, but for any site which requires me to make an account or sign up, although I appreciate I am very much on the extreme end of the spectrum here. It's why I don't have a single social media profile, why I use alternative or burner emails for almost everything, and why I buy as much stuff in person as I can.

Privacy policies for companies which delivery goods are pretty much universally awful, exactly because they must collect a name and address for shipping purposes, and they almost always retain that information and share it with third parties. This maybe isn't such a privacy or security issue for you that data brokers know you have bought a new bed, say, but it is certainly a major issue if they know you have bought a hardware wallet or other bitcoin related products, which is why bitcoin related companies need to be held to higher standard than the likes of Home Depot.

And of course I would advocate ordering to a PO Box or other location which is not directly linked to your real name and address whenever possible.

[dkbit98]

Side question, though: How many of you guys read every company's privacy policy who you order from? Do you do this categorically, just for Bitcoin-related stuff, and if so, why? Interested in hearing / reading your thoughts.

Generally I read them but sometimes I don't manage to read 100% with full attention especially if they contain a lot of reading material.
Before I used to be much less careful but I guess I learned my lesson.

For anyone who is interested BTC Sessions posted good video tutorial for new Foundation Passport batch2 hardware wallet signing device.
This is full video starting with turning on device, generating seed words, to using their new envoy app, blue wallet and sparrow wallet.
Watch to the end of this video if you want to see downsides he noticed so far:
https://www.youtube.com/watch?v=_uGZHg64wwA

[zherbert]

Hi all, I have been summoned to this thread, and I appreciate all your comments and discussion! I lurk here from time-to-time but will make a more intentional effort to reply to comments in this thread. If you have any questions, please send my way! And thank you to n0nce and dkbit98 for being especially active.

Regarding our privacy policy – we currently have our Wordpress + WooCommerce instance set to automatically clear personal data from orders 60 days after shipping. For cancelled orders, those clear automatically after 30 days.

We do download, encrypt, and store data offline for sales tax reporting (typically need the zip code for each order) and for warranty/repair requests. If someone contacts us 6 months after ordering, for example, we need to be able to look up the order details and confirm they are a customer in order to send a replacement device. I hope this is reasonable, as it is necessary to store some information when operating a business where customers are buying a physical product.

We are working on an internal "vault" tool that will allow us to automatically encrypt all customer data and rate limit + audit internal requests to view that data. That will be live internally sometime next year, and will allow us to more aggressively purge data from Wordpress + WooCommerce.

We self host a lot – Wordpress, our own mailing list, our customer support center, even our internal video chat tool and scheduling website. But we do sadly rely on some third parties. First is Google, who we use for company email. This means any interaction with our customer support team has emails stored with Google.

Second is our outgoing marketing emails – we do not host our own email server, so we use Mailgun for SMTP. They log messages for 2 days (I believe).

Therefore, in our official privacy policy, we legally are required to say that we share data with third parties for marketing reasons – because we use Mailgun for SMTP for marketing emails.

We 100% do not sell your data to marketing companies or anything like that.

We have a new privacy policy going live soon that better details the exact systems we use.

As always, when buying a hardware wallet, we recommend providing as little personal information as possible. As an American company we may be required to comply with law enforcement requests (though we'd fight any request as hard as possible).

Our blog actually lays out some posts on how to preserve your privacy when buying a Passport:

Buying a Passport with PayJoin and general privacy tips: https://foundationdevices.com/2022/03/passport-coinjoin/
Using Bitcoin more privately: https://foundationdevices.com/2022/05/interacting-with-bitcoin-privately/

Thank you for reading and please send your questions!

[n0nce]

Thank you for reading and please send your questions!

Thanks for your answers! I don't think I have follow-up questions to these points directly, but I started to watch BTCSessions' Passport video for batch 2 and he quickly said that you can 'decide what you get notifications for'.
There is a selection of 'All', 'Transactions', 'Updates' and 'Security'.



Does this mean the application has some kind of remote notifications built-in (that to the best of my knowledge need to go through Google and / or Apple servers)? Or is it just a 'notification page' inside the app?
And do you use Firebase or any other Analytics / similar type framework?

I've yet to try Envoy, as I'm generally skeptical of most mobile wallet applications; none could really satisfy my privacy requirements until now.

[dkbit98]

First is Google, who we use for company email. This means any interaction with our customer support team has emails stored with Google.

If you self-host everything else, why don't you do the same thing for emails as well?
I know most people use gmail, but you can't seriously expect them to respect any customer privacy.
You don't sell anything directly to third parties, but google can and probably are sharing all email content with government agencies.

As always, when buying a hardware wallet, we recommend providing as little personal information as possible. As an American company we may be required to comply with law enforcement requests (though we'd fight any request as hard as possible).

Do you have any official reseller stores in US and in other parts of the world that can sell Passport devices for cash or bitcoin in person?
I think this is a best way for reducing digital footprint and there is no risk of any leaks happening in future.

[n0nce]

First is Google, who we use for company email. This means any interaction with our customer support team has emails stored with Google.

If you self-host everything else, why don't you do the same thing for emails as well?

I can't speak for Foundation, but I do know that - especially with outgoing emails - self-hosting these days is a pretty big challenge.
Some providers will immediately flag your emails or delete them outright due to too strict firewall settings. Imagine a customer not receiving a response because their email provider didn't let Foundation team's reply through. That will probably be the main issue.

Maybe a support thread on Bitcointalk, together with support through DM (even if it may sound silly) could be a better way, avoiding email completely.

Do you have any official reseller stores in US and in other parts of the world that can sell Passport devices for cash or bitcoin in person?
I think this is a best way for reducing digital footprint and there is no risk of any leaks happening in future.

I agree that local and international brick-and-mortar resellers / distributors would be a great idea.
Though up until now everything was preorder - I don't believe that in-person preorders are very convenient; the customer would at least need to visit the store 2x. But on the other hand, they may actually be ready to do it.

Hopefully we'll see in-stock, in-person offerings around the world, after preorders are shipped!

[dkbit98]

I can't speak for Foundation, but I do know that - especially with outgoing emails - self-hosting these days is a pretty big challenge.
Some providers will immediately flag your emails or delete them outright due to too strict firewall settings. Imagine a customer not receiving a response because their email provider didn't let Foundation team's reply through. That will probably be the main issue.

Sure it can happen, but every serious company in the world have their own email with domains, it would be silly if everyone would use just gmail.
Blocking usually happens if people are using shared hosting, and I am not 100% sure but I think that ledger and trezor considered switching to self-hosted emails after leaking of their newsletter with third party partners.

[n0nce]

I can't speak for Foundation, but I do know that - especially with outgoing emails - self-hosting these days is a pretty big challenge.
Some providers will immediately flag your emails or delete them outright due to too strict firewall settings. Imagine a customer not receiving a response because their email provider didn't let Foundation team's reply through. That will probably be the main issue.

Sure it can happen, but every serious company in the world have their own email with domains, it would be silly if everyone would use just gmail.
Blocking usually happens if people are using shared hosting, and I am not 100% sure but I think that ledger and trezor considered switching to self-hosted emails after leaking of their newsletter with third party partners.

Oh, it's not about using a Gmail domain; Foundation Devices do have their own domain and use it for support emails. It just appears on the backend they use Google.
And that's what the vast majority of companies does (if it's not Google, it's a different third party email provider), no matter what the domain is, which you see as an end customer.

As far as I know, truly self-hosting your IMAP and SMTP and getting all emails to come through is one of the hardest things on the internet..
But I'd be happy to be proven wrong e.g. through a written guide on how to set up self-hosted email with high success rate!


Edit: I've looked around a bit, and it seems possible, but fiddly. It's possible to land on a blacklist and then need to get un-blacklisted manually.

Self-hosting email in 2020 – Joe Nobody vs. World [02/2020]
Outlook.com is blocking my mail server [07/2020]
Outlook.com is no longer blocking my mail server [08/2020]

Now, this is a private person hosting their own private email account. If something like that happens, it's probably not critical.
But imagine what happens if as a company, you appear going 'MIA' in a support discussion or appear to be completely unresponsive to support requests, because their replies land in your spam folder.
Even one day of this can cause significant harm to a company's reputation.

Now, neither do I want to be the 'weird nerd' jumping in to protect a certain company, nor do I know for sure that this is the reason why Foundation Devices doesn't host their own support emails.
I just wanted to inform everyone who believes this to be a trivial task that it's really not.


Personally, I'd prefer not to get Foundation Devices emails for a day or two (because of landing on my email provider's blacklist or whatever)), but I kind of understand the rationale.

I also do believe it would be possible for Foundation to move to a self-hosted server, and prior to that inform customers about the change and that they might need to check their spam folder or explicitly whitelist them.
It would also be possible to write a blog post about it and link it just below the support form, so that new customers know why they may not be receiving a reply.

[n0nce]

Double posting! Gaah I guess it's fine in this case.

My Passport Batch 2 is on its way to me and I will create a separate thread for it when it arrives.
However, to start having some fun already and preparing the review, I checked out their simulator today!

It's not the most performant VM I've seen, but then again, I ran it inside another VM. You can run Founders Edition or Batch 2.

Code:

git clone https://github.com/Foundation-Devices/passport2/
cd passport2/simulator
make color     # make mono for FE
just sim color # just sim mono for FE

A few tips and tricks:
[1] You need to create work directory in simulator.
[2] You need to create snapshots directory in simulator to take snapshots with 'Z'.
[3] You can use OBS with its 'Virtual Camera' feature. Start it before starting the simulator. Then put in an 'Image' source with whatever QR code you want to 'scan' with the virtual Passport. When you now start the Passport simulator, it picks up this virtual camera as if it was its own, so whatever you put on the canvas, it will pick up and scan.

I think it's actually a great idea to try this out to see how you like the Passport's UI, workflows and make yourself familiar with it, especially if you're waiting to receive one already.
Here's an image of the landing screen.

[DireWolfM14]

I think it's actually a great idea to try this out to see how you like the Passport's UI, workflows and make yourself familiar with it, especially if you're waiting to receive one already.
Here's an image of the landing screen.

Actually, I'm waiting for your review before I order one. 

That's super cool, don't recall any other hardware wallet vendors providing a simulator before.  I'll have to fire up a VM and play around with it sometime soon.  I actually have a lot of IT work to do in the next few weeks to make sure I can access all my servers while traveling oversees, so I'm not sure when I'll get around to it.  I might just get to set it up so I have something to play with on long flight.