pull down to refresh
136 sats \ 5 replies \ @k00b 11h \ on: Photon SDK for seedless bitcoin wallet designs bitcoin
The way I see it is that everyone complains about how no one self-custodies and it's too hard, then someone comes up with an alternative approach to self-custody and everyone complains that it's foul play because it doesn't work like everything else.
Moving the conversation to ulterior motives without assessing whether seedless has a better UX or not is a tad suspicious. If the UX isn't improved, feel free to claim lock-in is the reason for the difference. If the UX is better, and the seed can't be exposed without compromising this better UX, then perhaps lock-in isn't the motive.
afaict most of the lock-in narrative is radiating from competitors, who just might be hyper sensitive to flaws, or might have ulterior motives of their own. afaict these competitors are failing to steward us into an era of self-custody via The True Way, and their "solution" is to call retail stupid and lazy and competitors corrupt.
We need people/companies experimenting with new approaches to self-custody with new tradeoffs if we want more folks to self-custody.
If the UX isn't improved, feel free to claim lock-in is the reason for the difference. If the UX is better, and the seed can't be exposed without compromising this better UX, then perhaps lock-in isn't the motive.
The UX of their backup and recovery flow is interesting and seems like it could be a good new way for Bitcoiners to do long term storage.
What I'm struggling with is the way they prevent users from exporting key material.
In Bitcoin, where "not your keys, not your coins" has been such a rallying cry, I don't agree that "you can send your coins to a new address" = just the same as normal self-custody portability.
"You can send your coins to a new address" is not as strong a guarantee as "you can import your wallet state into a lot of other software."
Bitkey's design could have included a reasonably safe way to export keys (unless they believe there is no safe way for users to handle raw keys...which again is a pretty big departure from Bitcoin culture, not just a UX change).
However, the design of their multisig or how they set up the keys makes it difficult to import into other wallets as well. If a wallet wants to do fancy things that no other wallet supports, this carries a pretty big risk, I think; but, even in that case, I'd like a wallet that lets me export my keys and descriptor or state so I could at least attempt to recover in another wallet.
I still feel that a hardware wallet that is only portable to a different device via a transaction feels a lot like vendor lock in.
We need people/companies experimenting with new approaches to self-custody with new tradeoffs if we want more folks to self-custody.
This is a great point. Nobody was being too critical of Bitkey until they began their "Seedless is safer" advertising campaign. I agree that new solutions are needed and Bitkey is definitely one of them. I think they could have avoided many reactions like mine if they had said "We've got a new solution, it's very robust for all sorts of reasons, one of the trade-offs is that you can't export your key material" instead of saying, "Actually, you shouldn't be able to export your key material because it's dangerous."
reply
I still feel that a hardware wallet that is only portable to a different device via a transaction feels a lot like vendor lock in.
I disagree, and I feel like it's worth saying so. This is sort of like calling a white lie fraud. It quacks like a goose not a duck.
Imagine apple cloud let you transfer your photos to google cloud via a button click. Is this lock-in? Sounds like the opposite to me. Is it suddenly lock-in if a competitor, say dropbox, syncs everything locally and you don't have to do the transfer to move to another solution? Not to me - it's just a different solution to the same problem.
I think they could have avoided many reactions like mine if they had said "We've got a new solution, it's very robust for all sorts of reasons, one of the trade-offs is that you can't export your key material" instead of saying, "Actually, you shouldn't be able to export your key material because it's dangerous."
It's hard to get attention being meek like this. Everyone took the rage bait and amplified the message. Marketing accompli.
reply
It quacks like a goose not a duck.
This is a really nice metaphor.1 phenomenal!
Imagine apple cloud let you transfer your photos to google cloud via a button click. Is this lock-in?
In the world of Bitcoin, I believe the answer is yes. Because at any point apple cloud can refuse to honor your click.
Now, Bitkey has the Emergency Exit Kit for this scenario. But my complaint is that it makes a security trade off not made by seeds (and being able to export your key material).
A hardware signer that creates a wallet that no other type of wallet can recover is definitely a new way of thinking about security and, I believe, deserves a healthy amount of inspection.
While I enjoy marketing via controversy, it's not really "fud" when people react to the controversial statements.
But I take your points, especially the reality that self custody is not coming to Bitcoin in any great number and that we need good solutions for lots of use-cases.
Footnotes
-
I had to take a minute to figure out if it was a metaphor or an analogy. ↩
reply
Anyway, I'm obscuring my own point. I just think trying to get to motive is tricky.
I also find myself in a weird position apologizing for every variation of self-custody [that offers unilateral exit in all but the worst case at least] because the alternative is much worse and the alternative dominates right now.
reply
You are right. I somewhat thoughtlessly thought "lock in" did not imply some kind of nefarious motive. It probably does.
But "not portable" does not do justice to my thoughts.
reply