related posts
251 sats \ 1 reply \ @clownworld 22 Oct 2022 freebie
I don’t completely agree with this.
Certainly cards like that are no replacement for a proper hardware wallet, but they are great for spending at merchants quickly and seamlessly without needing a smartphone.
The new cards that let you spend LN btc with a tap would be great if accepted more places - similar user experience to Suica in Japan, which is extremely convenient.
reply
12 sats \ 0 replies \ @joko OP 23 Oct 2022
Totally agree! But this is not what this blog post is about. This is about cards that are claiming to be hardware (onchain) wallets, not lightning wallets. These do not allow you to spend money without a smartphone or anything like this.
For lightning, NFC cards make sense as there isn't usually a lot of money loaded onto them and you can justify the loss in security by far superior UX.
reply
225 sats \ 1 reply \ @petertodd 22 Oct 2022
Good writeup.
The way I describe this problem to consulting clients is to say it's a matter of validating user intent. The only thing that a card can validate is that you intended to make a payment at that time. How much, and to whom, you can't validate at all.
Though even hardware wallets with screens are tricky to use re: intent too. Yes, they can tell you what BTC address you're paying, and how much. But that's not the same thing as telling you who you are paying.
If you're making a 50BTC payment with a hardware wallet - indeed, any wallet - double check the address in an entirely different way! Eg if the address is a deposit address for an exchange, call them up and verify it over the phone in case your browser got hacked and the address has been replaced by the hacker. This does happen.
reply
210 sats \ 0 replies \ @joko OP 22 Oct 2022 freebie
Thanks! I'd argue intent validation can be done in various forms though, such as an encrypted software wallet or 2FA key (f.e. Blockstream Green).
I think there's actually a lot of room for improvement in address verification, for example signed deposit addresses.
At least for withdrawals, most exchanges nowadays make you confirm the bitcoin address via email, which the user can (and should) check on another device. This is not the case for deposits though. BIP47 payment codes could help with this, but unfortunately have other downsides, like poor light client support.
reply
111 sats \ 1 reply \ @random_ 22 Oct 2022
I grabbed stacks of the arculus cards from the conference.
They cannot be reprogrammed.
But the boxes they came in were cool, so maybe I will do an art project.
reply
220 sats \ 0 replies \ @joko OP 22 Oct 2022 freebie
The boxes are really the best thing about these wallets. The Tangem packaging is even nicer than the Arculus, but both wallets are equally pointless.
reply
164 sats \ 9 replies \ @samsamskies 22 Oct 2022
Satscards are dope. Def wouldn’t keep large amounts of bitcoin on them tho.
reply
210 sats \ 8 replies \ @joko OP 22 Oct 2022 freebie
What for though? They are worse than regular software wallets in every single way. They are basically like printing out a SeedQR and handing it to someone.
reply
0 sats \ 7 replies \ @samsamskies 23 Oct 2022
You don't need internet to make a transaction with someone. Just give them the card. Good backup to have. Also, great for gifting bitcoin to people.
It's definitely way more secure than printing out your seed on a QR code and handing it to someone. In that case, both of you have the private key and you can move the funds after you give them the seed. That's not the case with Satscards. I don't think there's a way to reveal the private key on the Satscard without sweeping the funds.
reply
0 sats \ 6 replies \ @joko OP 23 Oct 2022
You don't need internet? How do you verify there's actually money on the card then?
Also in which world is giving a Satscard away cheaper than an onchain transaction?
reply
0 sats \ 5 replies \ @samsamskies 23 Oct 2022
You can verify the balance with a block explorer with your node hooked up to a Blockstream Satellite 😂. Or you can can just call someone you trust to verify the balance for you. I’m waiting for someone to build a USSD block explorer.
Normies often don’t have a bitcoin wallet to accept the tx as a gift. Also, you can’t give it as a physical gift with a card like you normally do at events like weddings.
I lived in rural West Africa for a few years and would have loved to have all this offline Bitcoin tech when I lived there.
reply
0 sats \ 2 replies \ @joko OP 23 Oct 2022
LOL
Sure, I guess for low amount gift vouchers it's fine - but then you can also just gift a written down seed phrase / SeedQR
reply
0 sats \ 1 reply \ @samsamskies 23 Oct 2022
That’s not the same though. Cause both of you now have the private key.
Also, it’s way easier for a noob to sweep the funds with a Satscard if bitcoin moons and they need to move the funds. Satscards can also be sweeped up to 10 times. Each time a new private key is used. This way you can replace funds with a lower amount any time bitcoin pumps hard.
reply
0 sats \ 0 replies \ @joko OP 23 Oct 2022
Sure, the minor inconvenience is sending to another wallet.
I don't think it's easier to sweep the funds from a Satscard for a noob as it doesn't follow industry standards.
But to circle back to the OP, this is more about cards that want to be wallets (I guess they call that Tapsigner?).
reply on another page
0 sats \ 1 reply \ @samsamskies 23 Oct 2022
Also, I’m not trying to convince you to get some Satscards. Just explaining why I and many others like them.
reply
0 sats \ 0 replies \ @joko OP 23 Oct 2022
All good, I like discussing the topic and don't think you mean bad.
I think many people who like them don't really understand their security model. Part of the reason for this is the disingenuine marketing. We've long moved past paper wallets and suddenly new companies repackage them as being a good and novel idea.
reply
100 sats \ 12 replies \ @BlokchainB 22 Oct 2022
To each is own. If customers like them and they are fairly secure then have at it. I think it’s cool different companies are trying different form factors to lower the entry burden for the common person
reply
220 sats \ 11 replies \ @joko OP 22 Oct 2022 freebie
Right, but they are not 'fairly secure'. It's enough that the user downloads the wrong app from the internet. Yet they are marketed as "safe". Quote by Tangem: "The safest crypto wallet for everyone".
Card wallets give users a false sense of security and make them pay for it.
They also don't lower the entry burder for the common person as a software wallet is even easier to use and not less secure.
reply
0 sats \ 10 replies \ @BlokchainB 23 Oct 2022
Downloading the wrong app is a security hole for anything related to bitcoin.
So many users been rug pulled already with bogus software wallet apps.
I see the problem card wallets are trying to solve. The idea here is to isolate seed from phone. In a cheap and almost dumb way so users don’t overthink it or become overwhelmed.
reply
0 sats \ 9 replies \ @joko OP 23 Oct 2022
No, you don't have that issue with a good hardware wallet. If one device (host device or hww) is not malicious, you will know. With a card wallet, it's enough if one device of the two is malicious. This is effectively doubling your attack surface.
If all you want is to isolate seed from your phone, use an encrypted software wallet.
reply
0 sats \ 8 replies \ @BlokchainB 23 Oct 2022
But what is the cost of a good hardware wallet? Would an unbanked person even understand or care? Attack from who? Their government? Random hacker on the web? If one of the goals of bitcoin is to bank the unbanked then you need to try all types of products that lower the cost and can give reasonable security.
reply
0 sats \ 7 replies \ @joko OP 23 Oct 2022
Exactly! That's why I'm saying just use a FREE software wallet.
reply
0 sats \ 6 replies \ @BlokchainB 23 Oct 2022
FREE software wallet NEED hardware to run it. So it’s not technically free!
reply
0 sats \ 5 replies \ @joko OP 23 Oct 2022
Yes.. yes it is.
view replies
0 sats \ 5 replies \ @rijndael 23 Oct 2022
- key exfiltration
- background use of key material
Both things that are mitigated by having the key off-device.
Are blind signers better than dedicated hww or airgapped laptops? No. Are they the SAME as phone hot wallets? Also no. Key security is a gradient and there are more than two points on the spectrum.
reply
0 sats \ 4 replies \ @joko OP 23 Oct 2022
Both are also solved by using an encrypted software wallet.
reply
0 sats \ 3 replies \ @rijndael 23 Oct 2022
doesnt help with key exfiltration if the host device is compromised
reply
0 sats \ 2 replies \ @joko OP 23 Oct 2022
Yes it does. If the wallet is properly encrypted, you can't decrypt from just having access to the phone.
If you mean that the wallet would be swept as soon as you send a transaction, it's the same with a card wallet.
reply
0 sats \ 1 reply \ @rijndael 23 Oct 2022
Cards key isn’t resident in memory on the phone. The encrypted hot key is, when you have the app open. They’re different models.
reply
0 sats \ 0 replies \ @joko OP 23 Oct 2022
Functionally zero difference. It's much more of a difference that you suddenly have to trust the software wallet AND the card wallet. You double your attack surface.
reply