eWallet (Bitcoin hardware wallet) is now available

[Madness]

Hmm , now this thread right here makes more sense : https://bitcointalk.org/index.php?topic=995379.0
I thought he is the author and creator of the eWallet while he was only trying to quote your thread right here if I understood right . Anyone here on this thread can confirm that he received his wallet ?

~ Madness

[TheRealSteve]

Anyone here on this thread can confirm that he received his wallet ?

Come on now.. this thread is only 2 pages long:

http://www.stellaw.info/blog/2015/3/18/black-arrow-ewallets-arrives

( Navigate up to see a quick peek inside as well. )

[TheRealSteve]

It would likely be a bit longer if the OP wasn't so voraciously deleting posts regarding their past track record.

Hah - true enough.  By my estimate, 6 pages.

I'm twixt on this.  On the one hand, people should indeed know about the history and read up on past events.  On the other hand, many of the posts were off topic with regard to this particular product, so I just can't fault them for removing those.  I'm fully expecting this very post to get deleted as well, for example, because it's got nothing to do with their hardware wallet.
Perhaps the next forum software can have a section called "related threads", which people can add/vote on.  That'll might get abused pretty quick, but ideally it would allow for threads like this one to have a clear pointer to other threads of interest.

[lucasjkr]

I have questions that id ask any hardware wallet vendor, namely how can you provide assurance that you are not I. Possession if either the actually private keys used by the device or a seed whereby you could gain knowledge about what keys will be generated in the future?

I don't even know how you would go about answering that, honestly. But with the community looking to hardware wallets as a means to keep their coins secure, in all honesty, it seems like hardware wallets are little black boxes that require users to place their ultimate faith in the manufacturer of little $100 devices. Everything could go find for years, then one day the carpet could be pulled out.

Not accusing or anything, but how can you provide any assurance?

[TheRealSteve]

[...]

Just wanted to say that - yes, I fully agree.  Self-moderation is a double-edged sword.  I use it myself in one of my threads as without it, it would have expanded to several pages of people who didn't even read the first post   But I know it's also been (ab)used to silence criticism.

[TheRealSteve]

I have questions that id ask any hardware wallet vendor, namely how can you provide assurance that you are not I. Possession if either the actually private keys used by the device or a seed whereby you could gain knowledge about what keys will be generated in the future?

I don't think they can provide 100% assurance on an as-delivered device, because it involves a black box (as you say) that may or may not actually do what its official datasheet says it should be doing.   E.g. even if it's a simple microcontroller that has a known documented firmware dump option, there's no guarantee that they didn't clone that microcontroller and - on receiving the dump command - dump innocuous firmware, while keeping nefarious firmware that's actually used locked away.  It would be expensive to produce such a clone, but if the potential payout is high enough, could certainly be done.

So anybody paranoid enough should be able to buy the chip required, solder that on themselves, compile the source of the firmware (which can be relatively easily reviewed), and then stick that on there.

Of course the truly paranoid might not be convinced that the manufacturer of the chip isn't in on some grand conspiracy

[robertgoss]

so if you guys are using same firmware as trezor what really is the difference between yours and theirs ? .. doesnt that kinda makes them both same other then the price difference i mean ?

[GreatBug]

so if you guys are using same firmware as trezor what really is the difference between yours and theirs ? .. doesnt that kinda makes them both same other then the price difference i mean ?

the bootloader is different.

If you can set aside your tinfoil hat for a moment, you are correct in principal that these are the 'same' devices.

[lucasjkr]

I have questions that id ask any hardware wallet vendor, namely how can you provide assurance that you are not I. Possession if either the actually private keys used by the device or a seed whereby you could gain knowledge about what keys will be generated in the future?

I don't think they can provide 100% assurance on an as-delivered device, because it involves a black box (as you say) that may or may not actually do what its official datasheet says it should be doing.   E.g. even if it's a simple microcontroller that has a known documented firmware dump option, there's no guarantee that they didn't clone that microcontroller and - on receiving the dump command - dump innocuous firmware, while keeping nefarious firmware that's actually used locked away.  It would be expensive to produce such a clone, but if the potential payout is high enough, could certainly be done.

So anybody paranoid enough should be able to buy the chip required, solder that on themselves, compile the source of the firmware (which can be relatively easily reviewed), and then stick that on there.

Of course the truly paranoid might not be convinced that the manufacturer of the chip isn't in on some grand conspiracy

I don't know. I'll go ahead and predict that a lot of coins will will one day be lost because of corrupted hard ware wallets; I wish we had a remindme bot over here!

[lucasjkr]

With all that said, why do you need to hide behind a newbie account?

I came here wondering about how we can trust hardware wallets in general, whether from black arrow or trezor, learned a bit more than I expected about allegations about Black Arrow... But I feel like I have to take those with a grain of salt because you can't link your ordinary user account to this...?

[TheRealSteve]

I came here wondering about how we can trust hardware wallets in general

On that topic - in addition to what I already wrote - as many people are receiving their Mycelium Entropy devices, and are finding that boxes (appear to) have been tampered with, Mycelium has also responded with how that (doesn't) affects its integrity.
http://www.reddit.com/r/Bitcoin/comments/30ip6j/my_new_mycelium_entropy_device_opened_by_border/

I'd actually search for 'mycelium entropy' here / at reddit, there's a fair bit of discussion on that aspect (as well as general reviews of the device , of course).

[blackarrow]

so if you guys are using same firmware as trezor what really is the difference between yours and theirs ? .. doesnt that kinda makes them both same other then the price difference i mean ?

the bootloader is different.

If you can set aside your tinfoil hat for a moment, you are correct in principal that these are the 'same' devices.

Sorry, we did not had time to set this up but we will shortly.
We can now offer the wallet without firmware and without bootloader for customers who wish to upload their own firmware.

[lucasjkr]

Yay! First time in all my time here that I had a post deleted... And now, I have no trust in this company.

[Muhammed Zakir]

Sorry, we did not had time to set this up but we will shortly.
We can now offer the wallet without firmware and without bootloader for customers who wish to upload their own firmware.

@blackarrow: Is this like bWallet? Does it have sort of backdoor like bWallet? You aren't even putting enough efforts. It doesn't take much time to create a repository. This inreases the suspiciousness of your product.

Trezor code is licenced GPLv3, which roughly means that anyone can do whatever they want with the code (including producing and selling clones)
 =snip=

They changed the TREZOR firmware license from "completely open-source" (LGPLv3) to "shared-source" (Ms-RSL) on January 28, 2015.(copy-paste from http://satoshilabs.com/news/2015-01-30-trezor-software-license/)

[TheRealSteve]

They changed the TREZOR firmware license from "completely open-source" (LGPLv3) to "shared-source" (Ms-RSL) on January 28, 2015.(copy-paste from http://satoshilabs.com/news/2015-01-30-trezor-software-license/)

Yeah, and then reverted that change.

After the change, we were amazed by the strength of the feedback showing that you all really do care about open source philosophy.

That’s why we have decided to revert the license change.

Their repo needs a LICENSE file for clarity, perhaps.

Discussions:
http://www.reddit.com/r/Bitcoin/comments/2u7dec/trezor_team_on_software_licensing_we_have_decided/
http://www.reddit.com/r/TREZOR/comments/2u3l6l/regarding_the_recent_change_from_open_lgplv3_to/

[Webnet]

I'd like one hardware wallet,
does it generate addresses itself or can I import an address into the device.

[blackarrow]

I'd like one hardware wallet,
does it generate addresses itself or can I import an address into the device.

 Please place your order on our website: https://www.blackarrowsoftware.com/store/ewallet.html

The addresses are generated by the wallet. It would be insecure to use keys generated by the computer.

[blackarrow]

We are currently running a promotion for the eWallet: Buy over 5 pcs, get them at half price on our website:

https://www.blackarrowsoftware.com/store/ewallet.html

[Xialla]

We are currently running a promotion for the eWallet: Buy over 5 pcs, get them at half price on our website:

https://www.blackarrowsoftware.com/store/ewallet.html

not sure if it is driven by your own stupidity or simple greed, but you scammed dozens of people and now you are "brave" enough and offering another product? holy fuck, where is last piece of common sense?

[blackarrow]

Promotion has ended. Thank you for your continuous support!