⚡️ We hope you were able to grab a Jade for 10% off with code STACKERJADE

Thanks everyone for taking part and sharing your thoughts on BIP85 recovery phrases 🔒

The winner of the free Jade is @colourorange 🎉

Reach out to us on Nostr to claim your prize ⬇️

Zaps, boosting & sending sats directly changes everything.⚡️

Could try the Rebuild Following+ Connections button on Nostrgram 👀

📡 Blockstream npub: npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n

Love to hear it, thanks for the feedback!

Hard to give an exact answer, typically under two weeks

Makes sense to switch if your manufacturer has a poor security track record and/or stops providing support/upgrades for a device.

Speaking of Jade specifically: Jade is highly versatile device with three communication methods and you can use both with remote PIN server or statelessly. Jade is supported by a large range of apps, a libwally stack with no external dependencies, and we still have a lot more planned.

Also offers some unique security features you can't find many other places, such as anti-exfil

Probably the bcur and qrparsing libraries. We have done some level and review and modifications to ensure security, however we do not have a third party auditing that we commissioned. The libraries are indeed open source, as well as the esp32 camera library (however the esp32 doesn't load the camera firmware)

We have a couple ideas of what this could look like, but probably not coming any time soon

This will not currently work for Liquid txs (PSET) however it is something we are exploring

This will not currently work for Liquid txs (PSET) however it is something we are exploring

Security, privacy, FOSS, ease-of-use

From another team member:

(At least some of) Ian M. Banks 'Culture' novels. Peter F. Hamilton's 'Night's Dawn' trilogy. Stephen Donaldson's 'The Gap'. Dune, of course. Anything by Larry Niven.

We only accept a very small list of certain UR messages and other specific payload types (eg. SeedQR). We then apply strict checks to the format of that payload to ensure it is valid and is what we think it is (for example our PSBT parser can be quite strict in what it accepts). Then after that, we still have the checks and validations we run on the payload (eg. the txn data) regardless of which transport it was received from.

Foundation

Jade doesn't have an SD card option, although it is offered for a much lower price

Camera is likely better - since it allows you to communicate with your companion app only when you choose for it to. Less likely to be attacked

It's debatable if the USB driver is worse than QR and bcur decoders

One of the most difficult tradeoffs was the choice between using a remote PIN server and a secure element. We decided to choose the PIN server route to maintain DIY possibilities, and also to keep the design fully open-source

Thanks for the kind words! SD cards should be safe. NFC depends on the stack/security of each part. Bluetooth also depends on stack/security of each part. QR relies on the QR parsers and all the bcur dependencies, as well as PSBT parsing dependencies.

This is actually exactly how a fully air-gapped workflow with Jade works today. Users simply scan a SeedQR with Recovery Phrase Login, and the wallet is forgotten as soon as the device is rebooted. Users can also use Jade as a "stateless" device for USB and Bluetooth communications as well.