This is technically already possible, but up to developers to implement. Swiss Bitcoin Pay integrated the entire setup flow for a BitBox02 into their app for example!

/Joko

I would say for me, the general adoption of Bitcoin in the public. I hope Bitcoin will grow more as neutral money and find ways to be used as a payments tool despite regulation getting more and more restrictive lately.

/Joko

Thank you!

/Joko

Interesting!

/Joko

We would love to make self custody more affordable in the future, especially for those with less income to spend on a hardware wallet. Unfortunately since we're based and producing in Switzerland, it's going to be tough for us to get the price of our hardware wallet down low enough.

I think there are great ways to store Bitcoin securely also without a hardware wallet, if you're willing to put in more effort. Multisig using multiple smartphones (or people) can be a very cost effective way to secure your coins before you eventually have stacked enough to justify buying a hardware wallet. It might be harder to use, but that might be a trade-off people with lower income might be willing to make.

/Joko

Should be supported with Sparrow for example!

/Joko

Yes, the BitBox02 supports miniscript (and even minitapscript)!

If you use a passphrase, you get into a completely new wallet. So yes, your xpubs will change.

No, you can't access someone's wallet by knowing their public key!

Honey badger don't care

Considering that most of our employees are distributed all over Europe.. it will probably be a while lol

/Joko

The general lack of motivation to self custody. 90% of people get onboarded to bitcoin exchanges without ever taking self custody of their coins.

It's unfortunate but exchanges have an incentive to discourage self custody.

/Joko

We always aim to reduce trust, however there is always some level of trust needed in the hardware wallet manufacturer. If you want to significantly reduce the trust needed in a particular company, then it is probably best to set up a multisig using hardware wallets from different companies. /Jad

I'll leave the very specific questions to my colleagues, but to your question about 3rd party chips on the PCB:

Even though we have a closed source secure element and now a bluetooth chip, we do not trust these chips. The secure element does not store the private keys, it only stores one of the three secrets to decrypt the seed stored on the MCU. Of course the bluetooth chip never gets access to private key information and is only used for communication purposes.

/Joko

Not currently possible unfortunately as this would require manually entering a private key on the device (which is not good UX and would require a firmware update to support such a feature). For now, users will need to sweep with a software wallet (like Bluewallet, Sparrow etc.) for and then send to their BitBox wallet, but of course you need to trust the software wallet. But something that would be interesting to look into in the future. /Jad

As @Stadicus already answered on the security aspects, I would like to add that I feel like air gapping adds unnecessary friction to self custody.

Passing back and forth microSD cards or even scanning QR codes, charging batteries and focusing most of the user experience on a low performance, hard to use device makes self custody tougher to use for the average person, in my opinion.

/Joko

Right now there are no concrete plans to implement MuSig2 or FROST, but we are watching the space closely. Since we're a small team, we have to manage resources to work on features that a lot of our customers are asking for. If we see a lot of demand for MuSig2 or FROST - we will definitely prioritize it.

/Joko

Thank you!

We are exploring a lot of ways to make self custody easier and more fault proof. Bitkeys approach (besides lacking a screen) is very interesting. Unfortunately setups that include a third party that holds one of the multisig keys are, to my knowledge, considered "custodial" according to EU law - even if these keys can't spend on their own.

I personally find seeds great, as they give you with a physical backup that you can rely on.

We really tried to make this possible. Unfortunately Apples restrictive USB policy does not allow BitBox02 users to connect to their iPhones. The new hardware of the Nova was needed to circumvent these USB policies from Apple.

Submitting to the policies of the "Made For iPhone" program would have resulted in potential security and privacy compromises that we were not willing to make. With Bluetooth in the form of Whisper, we have found a secure and private way to make the BitBox02 Nova usable on iPhone without compromising our values.

Using twice encrypted Bluetooth also has the benefit of being able to keep supporting security measures like the Anti-Klepto protocol or authenticity check - something that is much harder to do with other ways to circumvent the USB policies of Apple.

/Joko

I and nearly everyone I know first bought a Ledger as our first hardware wallet. A lot of beginners don't feel comfortable buying a hardware wallet that's strictly limited to Bitcoin and we want to give them the opportunity to get an open source, easy to use hardware wallet.

The Multi supports only a handful of coins compared to our competitors. We haven't added new coins in a long time and are not planning more support right now. We only actively market the Bitcoin-Only edition and the share of Multi to Bitcoin-Only is continuously dropping over the years.

/Joko

There are good ways to protect against malicious supply chains, like cryptographic tamper protection as we use: https://blog.bitbox.swiss/en/supply-chain-attacks/

For the issue that the BitBox could be compromised by a rogue employee, we have implemented Anti-Klepto, which prevents your seed from secretly being exfiltrated via signature nonces (also known as Dark-Skippy): https://blog.bitbox.swiss/en/how-almost-all-hardware-wallets-can-steal-your-seed/

With generic hardware, you're not solving this problem, but only moving it. Suddenly you don't have to worry about the hardware being malicious, but the code that you're flashing. Hardware wallets are made so you don't have to trust your host device, but if you're flashing your firmware from the host device to the generic hardware, that's where you're exposed to a potential attack surface.

/Joko