A big problem with self-custody is that there always remains one thing (like the backup) that gives full and immediate access to all your coins. This piece of information must be kept secure, but should also be easy to recover.

It's hard to keep the backup secure, and as long as users at home have immediate access to all their funds, that can make them targets for the $5-dollar-wrench-attack.

A few options that try to fix this:

Not having instant access to your full stash should be normalized, so thieves can no longer assume that a "friendly visit" at home will pay off.

The general lack of motivation to self custody. 90% of people get onboarded to bitcoin exchanges without ever taking self custody of their coins.

It's unfortunate but exchanges have an incentive to discourage self custody.

/Joko

I think the gist of this question is a general mistrust in hww. This is totally fine, and we do a lot to address these questions. There are many different aspects to this.

A blog post of mine goes into the details of how we combine a secure chip (which we don't trust) with open-source firmware. It's more important to build a robust security architecture that can handle untrusted components (for example, they never learn any secrets) and avoid singe-points of failures.

Unfortunately, verifying hardware is much more complicated than verifying software. You can't run a checksum over hardware, and there's no "reproducible build" process. All you can do as a verifyer is physical spot checks.

This is why open-source firmware is so important. You can verify the "logic" of the device, how it works, what it does, and what it does not do. It also keeps us as a manufacturer accountable.

EMC tests are part of the FCC certifaction process, and of course the BitBox underwent these checks. But these are not security checks, and no amount of them will give assurance for every BitBox, as these are just spot-checks.

Again, open-source firmware helps. The best a malicious hardware chip that is not supposed to be there can do is try a side-channel attack, for example listening in on a wire, as there's provably no code or logic that would actively use this chip. So if the chips never learn any secrets, that's the best guarantee.

For ultimate protection, to completely eliminate any trust in a specific manufacturer, there's multi-vendor multi-sig. As multiple signers from multiple vendors are involved, all of them would need to collude to pull of a targeted attack. With open-source, that can't be done in secret, so it would be a "burn all bridges and run" attack. As publicly listed companies, this is not feasible.

We always aim to reduce trust, however there is always some level of trust needed in the hardware wallet manufacturer. If you want to significantly reduce the trust needed in a particular company, then it is probably best to set up a multisig using hardware wallets from different companies. /Jad

I'll leave the very specific questions to my colleagues, but to your question about 3rd party chips on the PCB:

Even though we have a closed source secure element and now a bluetooth chip, we do not trust these chips. The secure element does not store the private keys, it only stores one of the three secrets to decrypt the seed stored on the MCU. Of course the bluetooth chip never gets access to private key information and is only used for communication purposes.

/Joko

Right now there are no concrete plans to implement MuSig2 or FROST, but we are watching the space closely. Since we're a small team, we have to manage resources to work on features that a lot of our customers are asking for. If we see a lot of demand for MuSig2 or FROST - we will definitely prioritize it.

/Joko

I and nearly everyone I know first bought a Ledger as our first hardware wallet. A lot of beginners don't feel comfortable buying a hardware wallet that's strictly limited to Bitcoin and we want to give them the opportunity to get an open source, easy to use hardware wallet.

The Multi supports only a handful of coins compared to our competitors. We haven't added new coins in a long time and are not planning more support right now. We only actively market the Bitcoin-Only edition and the share of Multi to Bitcoin-Only is continuously dropping over the years.

/Joko

Hi! Our goal is to empower as many people as possible to get into the Bitcoin space by equipping them with tools that make it easy, safe, and comfortable. However, new people to the space usually haven't learned about what makes Bitcoin special and unique, and they like having "options". The Multi is thus kinda like a gateway drug into Bitcoin. Then we provide a lot of educational content through newsletters and our blog posts about what makes Bitcoin special. We're happy to often hear from original Multi customers, that they come back to us in a year or so and order a Bitcoin-only version.

Thank you!

Appreciate it! :)

We're quite happy in Switzerland, which is a beautiful place in geographical Europe, but not part of the European Union. :)

Considering that most of our employees are distributed all over Europe.. it will probably be a while lol

/Joko

Honey badger don't care

If you live in an oppressive state that surveils your entire purchase history, using a SeedSigner is probably a better choice than ordering a commercial hardware wallet.

In nearly all other cases, I think it's preferable to use a commercial hardware wallet like the BitBox02. You don't have to worry about a potentially tampered device, the user experience is far easier, you have physical protection and you get potentially better access to features like miniscript.

One other issue I see with singlesig seedsigner usage is that you have to store the seed somewhere and keep it accessible at the same time. So most users I've talked to keep the seed very close and not really in a secure location. You can easily keep a BitBox on your desk and not worry about anyone getting access to it, as it comes with a secure element.

/joko

Our blog post "How Shift Crypto protects your personal information" goes into more details, as data protection is quite a complex topic with many moving parts.

The most important duration in my view is the 30 days, after which we completely anonymize user data in our (self-hosted) online shop, actually overwriting the database fields.

I could be wrong but I believe they retain such information data for ~30 days after order has been placed should there be any issues with shipping, to have it at hand and troubleshoot with carriers if necessary. After that, it gets encrypted and stored safely for however long the national laws in Switzerland specify. That's my understanding, not associated with BitBox myself, just vague recollections from similar questions (and answers.)

Related: https://bitbox.swiss/policies/privacy-policy/

We really tried to make this possible. Unfortunately Apples restrictive USB policy does not allow BitBox02 users to connect to their iPhones. The new hardware of the Nova was needed to circumvent these USB policies from Apple.

Submitting to the policies of the "Made For iPhone" program would have resulted in potential security and privacy compromises that we were not willing to make. With Bluetooth in the form of Whisper, we have found a secure and private way to make the BitBox02 Nova usable on iPhone without compromising our values.

Using twice encrypted Bluetooth also has the benefit of being able to keep supporting security measures like the Anti-Klepto protocol or authenticity check - something that is much harder to do with other ways to circumvent the USB policies of Apple.

/Joko

Correct. Nova has the new isolated bluetooth chip that makes it work with iOS and iPad, as Apple is restrictive of the gadgets you can physically connect to your phone or tablet and work with, bluetooth via the whisper implementation was the way, so you'd need a Nova to have it working on Apple products. No compromises as the new bluetooth chip is isolated from the secure element and double-chip set up within the BitBox02. Find out more on this here.

From a product management perspective (not the actual chip-level programming), it's important to always get user feedback and build something that is really easy to use.

Making secure hardware simple might be the real challenge.

It is probably different for different people, but the hardest problems for me have been picking a name! There are no right answers :)

Technically for the BitBox02, it was actually figuring out the cardboard packaging - more than expected design considerations & iterations and production times.

If you use a passphrase, you get into a completely new wallet. So yes, your xpubs will change.

No, you can't access someone's wallet by knowing their public key!

Not currently possible unfortunately as this would require manually entering a private key on the device (which is not good UX and would require a firmware update to support such a feature). For now, users will need to sweep with a software wallet (like Bluewallet, Sparrow etc.) for and then send to their BitBox wallet, but of course you need to trust the software wallet. But something that would be interesting to look into in the future. /Jad

We are proud to contribute to the Bitcoin open-source infrastructure in general, and have done so many times over the years contributing to BIPs or cryptographic libraries (eg. with anti-klepto).

The LIBBTC library I actually had to look up... :) It was created by our original co-founder Jonas Schnelli 10 years ago, and I think we used it in the BitBox01. Not quite sure yet, as that was before my time.

As @Stadicus already answered on the security aspects, I would like to add that I feel like air gapping adds unnecessary friction to self custody.

Passing back and forth microSD cards or even scanning QR codes, charging batteries and focusing most of the user experience on a low performance, hard to use device makes self custody tougher to use for the average person, in my opinion.

/Joko

I assume that all reputable HWW (e.g., long trackk record, have a screen, fully interoperable for recovery) are secure and better choice than relying on a third party.

What we at BitBox heavily focus on is ease-of-use. I don't think that security has to be complicated, on the contrary: simplicity is part of security, as it helps avoid human errors.

The BitBox is the simples hardware wallet that "just works" with all devices (now also on iPhone/iPads) that you can give to friends and family. We build products for the next million newcomers to the space, while still making sure essential expert functions (full node support, Tor connectivity, 3rd-party wallet integrations, coin control) are available for those that need them.

Yes! We have a blog post on this topic:

Besides tamper-evident packaging, the better way is via the device authenticity check. Briefly, each BitBox02 has a unique key on its secure chip, that is generated and signed during factory installation.

The BitBox App automatically verifies authenticity using a challenge-response process to this key. If the device fails to prove it's genuine, a clear warning is shown to the user.

It is. They come in vacuum sealed, tamper-proof like transparent plastic bags, you'd know 100% if it's been ripped apart or looks different from original, as it has some watermarked logos across and well, it's vacuum sealed, if you open it somehow in transit, recipient will be able to tell, unless scammer comes up with a replica and repacks. Visit their threat model section on site, click on Supply chain attacks in the table of contents. Further information on there!

Related: https://bitbox.swiss/bitbox02/security-features/

We just launched the BitBox02 Nova with iOS support and updated hardware just two weeks ago and currently it's all hands on deck to ship the first devices. In the beginning, quality assurance is much more effort, and we're looking up to scale up production as soon as possible.

Maybe we'll need to recover a bit after that, before we start working on the next big thing... :)

"we will answer them starting at 4 CEST."

The BitBoxApp already has password or PIN protection on mobile devices, as we can use the system libraries. Implementing password protection on desktop systems (Windows, macOS, Linux) needs more groundwork and also involves encrypting all data-at-rest. It's on our todo list, but not not actively worked on just yet.

The path we usually recommend is to start your own Bitcoin Treasury, get one (or more) BitBox hardware wallets to to keep your valuable stack safe, and then make a big media splash for what is basically common sense. Maybe also get a nice steelwallet, just to be sure? :)

We're not actively pushing for any specific opcodes, but are open to use new scripting techniques when this involves improving the user experience, e.g. with better backup security, degrading multisig setups, etc.

The BitBox firmware is very restrictive, however, and opcodes need to be enabled when we deem them secure. Blind signing can be a problem (where the device itself is not able to sanitized the data).

We build even in bull markets! :)