There are few things I find more disappointing in bitcoin than people tearing down other projects without good cause. This is the feeling I get from the on-going sniping coming from NVK (ColdCard) in his comments about the SeedSigner project. What makes it frustrating is that NVK has some valid points, but instead of talking about trade-offs he makes very absolutist statements with little factual background. But, of course these are his personal opinions but I think it is not helpful to new comers and for sure not for the bitcoin community of open source projects.
ColdCard and SeedSigner have a lot in common when it comes to functionality as well as potential markets. The key difference is that SeedSigner's value is that one can build it from off the shelf parts at a low cost. You don't have to import it from another country and be subjected to your purchase being flagged or shipment being stopped by state actors. The second difference is that the software is completely free and open source. CordCard is source available but not open source. ColdCard's hardware is proprietary. I have no problem with either of these decisions by the ColdCard team but the trade-offs are not mentioned when people are tearing down SeedSigner.
List of NVK's issues with SeedSigner that I've heard. Please add more if I've missed some.
- Evil Maid Attack
- Radio security issues
- Qualcomm chipset / General purpose computer for signing device
The evil maid attack seems like a straw man argument. I could be missing something and if I am please enlighten me. With any signing device you must protect your seed phrase. Radio issues I've seen mentioned recently would require physical access and seem pretty far fetched. They would require doing set up and then surveillance of the user. Seems like with these requirements any signing device would be vulnerable. The Qualcomm chipset concerns also seem silly. The whole point of the SeedSigner is to have a air-gapped machine. I find it highly unlikely that Qualcomm can monitor a device that never touches the Internet.
It bugs me that the head of one of the most popular bitcoin hardware companies is hammering a volunteer lead open source project. Its not a good look. Critism is good but this seems to go beyond that to me. My take thus far is that both of these devices and approaches have their place and the best way to address risks in both projects is to be honest with the security/convenience trade-offs. What do you think?