We are Foundation, creators of the Passport hardware wallet. AMA! \ stacker news ~bitcoin

We are Foundation, creators of the Passport hardware wallet. AMA!

8526 sats \ 52 comments \ @foundationdvcs 24 Oct 2022 bitcoin freebie

If we can lower the barrier to becoming a sovereign individual, we believe that more and more people will reclaim their sovereignty and freedom. This is not a guess; this is our conviction.

This starts with Passport, our best-in-class Bitcoin hardware wallet, and Envoy, the perfect companion app for your Passport and a zen-like Bitcoin software wallet. But over the coming months and years we’ll release a suite of hardware and software that makes it easy to become a sovereign individual.

Our focus on educational content and user privacy ensure that no sovereign individual is left behind, and we are continually expanding on our content and improving our best-in-class user experience to ensure that everyone has access to powerful tools for digital sovereignty, no matter what.

Passport is only the beginning 😎

Our Mission

Foundation builds Bitcoin-centric tools that empower you to reclaim your sovereignty.

Where to Learn More

Our website: https://foundationdevices.com/ Our Twitter: https://twitter.com/FOUNDATIONdvcs

Ask Us About...

Where Bitcoin fits into sovereignty
Hardware wallets role in the space
Why software wallets are still important (and our plans with Envoy!)
Why we prioritize free and open-source software and hardware
The importance of privacy
Digital sovereignty
Building secure devices that are still enjoyable to use
Why we started with a Bitcoin hardware wallet
Future plans
And anything else you'd like!

view all related items

10.5k sats \ 5 replies \ @dtonon 24 Oct 2022

Just yesterday I came across this article: https://medium.com/@Fiach_dubh/rekt-crypto-hardware-con-artists-creep-into-bitcoin-8ad713198d3a

Any comment, please?

398 sats \ 4 replies \ @zachherbert 24 Oct 2022 freebie

Sure, that article was published just a few months after we publicly announced Foundation to the world, after I recorded with TFTC podcast.

Seems pretty apparent that a competitor was quite unhappy that we used some of their open source code, and has been coming after us ever since – calling us "cloners" "leeches" "scammers" "con artists" and so on.

Our founding team worked together previously at a company called Obelisk, building ASIC mining hardware, and shipped over $26M of hardware (over 13,000 units). We ultimately quit our jobs and left because (1) we wanted to be founders and build a Bitcoin-centric company and (2) we didn't agree with the management decisions.

I talked about it more in length on the Blue Collar Plebcast:

10.9k sats \ 1 reply \ @Fiach_Dubh 24 Oct 2022 freebie

I'm going to jump in here and comment as I'm the author of that article.

I originally wrote that piece to warn the Bitcoin community of you and your teams generally shitty behavior at obelisk to your customers.

Your competitors were not aware of that piece until I published it as a PSA. They had no involvement in it's writing or publishing.

Some of the behavior I experienced as an obelisk customer personally from you:

A) promising compensation for delayed miners, crediting it to users accounts, and then NEVER PAYING THEM OUT B) being personally named for good reason in the subsequent lawsuit, since you yourself promised compensation in the obelisk discord at the time was coming, including honoring of coupons for future products such as hardware wallet devices https://www.classaction.org/news/class-action-filed-over-obelisks-sale-of-sc1-dcr1-cryptocurrency-miners C) generally stringing your obelisk customers along to get them to not join the lawsuit D) over promising on delivery times, which were late by months if I recall correctly

Or absolve Ken from obelisk/foundation of

D) over promising on the hashrate of the ASICs your team produced by 1/3rd!

When confronted with these facts on twitter you yourself dmed me in a rage, then blocked me. Your company twitter then blocked me. Then your staff blocked me so I can't respond to their comments saying the article was "debunked."

News flash: calling something debunked doesn't make it debunked. You have to actually provide evidence to the contrary. Which you haven't done. All I've seen you do is hand wave this sordid chapter away as a nuisance to your current enterprise. When it's very very relevant.

I encourage your customers to take a close look at you and your teams history. To verify the information in that article independent of my valid points.

You would rather have me silenced.

I would rather see you recognized for the animal you are.

20 sats \ 0 replies \ @shyfire 25 Oct 2022

Appreciate the info.

1010 sats \ 1 reply \ @dtonon 24 Oct 2022

Thanks for the reply.

Yes I read about Obelisk and I'm quite impressed about the story, it is a bit worrying. I don't know if it is true, so I asked a comment. Of course about the critiques, not your revenue ;)

About ColdCard source code usage, the main point for me, so do you confirm that was legit from your point of view?

I'm referring to this part of the article:

On its own, a non-contentious clone (or fork) of the Coldcard would maybe be an interesting project. After all, it’s just “building on each other’s accomplishments”, though I’d hardly call the Obelisk dumpster fire an accomplishment. More like a pattern of duplicitous behavior.

As a result of this borderline IP theft by foundation devices, Coinkite is studying whether to change their software and hardware licensing to a more commercially restrictive alternative, as a defensive measure against this encroachment.

Would you do it again?

1030 sats \ 0 replies \ @dtonon 25 Oct 2022

While I wait your reply, if you will reply, I can only comment this your tweet and the following one:

https://twitter.com/FOUNDATIONdvcs/status/1334597921023668226

We are grateful for @COLDCARDwallet 's open source firmware, of which we’ve used numerous components to more quickly bring Passport to market. However, we are disappointed that they’ve recently chosen to relicense their firmware as closed source.

https://twitter.com/FOUNDATIONdvcs/status/1334597922214850583

The Commons Clause license condition is closed source and incompatible with GPL. The Free Software Foundation @fsf urges rejection of software under this license condition, and the license condition is widely criticized and on the decline. https://directory.fsf.org/wiki/License:C

Calling yourself "disappointed" after you used someone else work to bootstrap your hardware wallet company is a bit harsh on my opinion. And directly ask the FSF to jump in is a quite dirty move to discredit ColdCard.

110 sats \ 1 reply \ @0322ee777777 24 Oct 2022

Does foundation plan to follow most hardware wallet providers and offer accessories/backup plates etc? Great work on Passport and Envoy, don't expect you to do it all!

205 sats \ 0 replies \ @foundationdvcs OP 24 Oct 2022 freebie

We've brainstormed some ideas on accessories for Batch 2 and Founder's Edition that we haven't been able to build on due to time constraints, but as we've grown we've had more time and resources to bring things like that to the market.

Keep an eye out for more on that!

274 sats \ 5 replies \ @bitcoingraffiti 24 Oct 2022

Favy scifi novel?

294 sats \ 4 replies \ @foundationdvcs OP 24 Oct 2022 freebie

For the broader team, it has to be Asimov's Foundation, and we've even written a blog post on the topic: https://foundationdevices.com/2021/09/bitcoin-asimovs-foundation/

@sethforprivacy here: Dune series has to be one of the best for me recently (I know I'm late to the party), but Neuromancer is another great imagination of a sci-fi future.

@zachherbert here: We intentionally named the company after the Foundation trilogy, but I also echo Seth's Dune recommendation + recently read Three Body Problem and it's incredible.

0 sats \ 0 replies \ @bitcoingraffiti 24 Oct 2022

Read the article. Nice, makes sense. Good foundation! I like the mentions of the Sovereign Individual. Reading that one now.

0 sats \ 2 replies \ @bitcoingraffiti 24 Oct 2022

Ok, I want bonus sats for this question. I read all your recommendations except the Three Body Problem.

My favies are: Dune, Neuromancer and Snow Crash. I like the idea of Foundation that this idea spans out across the ages. I only read the first installment. Do you reckon I should read the rest?

Gonna read your article. ty

216 sats \ 1 reply \ @zachherbert 24 Oct 2022 freebie

Definitely read the rest of the Foundation novels! They are truly excellent.

One thing to point out – the company name is based loosely on the first Foundation novel, not the sequels. Turns out there's more than one Foundation 🤫

0 sats \ 0 replies \ @bitcoingraffiti 24 Oct 2022

Which is in the first book, right? There's like a sister planet on the other side of the galaxy.

110 sats \ 3 replies \ @0322ee777777 24 Oct 2022

Who is your favorite employee? 😉

289 sats \ 0 replies \ @zachherbert 24 Oct 2022 freebie

In all seriousness, I'm still pinching myself – can't believe we've built such an incredible team.

There's the more public ones like @QnA, Lili, and @sethforprivacy. But behind the scenes we have extremely talented software + hardware engineers and designers.

We likely have one of the most multidisciplinary teams in the industry, and we do everything in house. Circuit boards, firmware, mechanical engineering, industrial design, mobile apps, you name it! Even some operating system work now :)

205 sats \ 0 replies \ @sethforprivacy 24 Oct 2022

Obviously the most recent addition ;)

110 sats \ 0 replies \ @QnA 24 Oct 2022 freebie

230 sats \ 1 reply \ @kr 24 Oct 2022

How do you know when you’ve made a product that is enjoyable to use?

Do you have any user happiness metrics you optimize for?

280 sats \ 0 replies \ @foundationdvcs OP 24 Oct 2022

One of the reason's we're able to build such great products is that we're building for ourselves first. We saw a need in the space for a user-friendly hardware wallet and attacked that first, and will keep building until we're satisfied (hint: we're never 100% satisfied ;)).

As for happiness metrics, we did a customer survey before we launched Batch 2 to get a feeling for all things Passport, and that helped us shape the decisions we made with Batch 2. We pride ourselves on being extremely active in the broader Bitcoin community and stay closely connected to what the space needs to better empower sovereign individuals.

110 sats \ 1 reply \ @03bcf32596 24 Oct 2022

Nice looking product but very expensive for what it is versus grabbing a cheap phone running S30+ and D-I-Ying yourself one https://github.com/BitcoinComfy/BitcoinMRE

100 sats \ 0 replies \ @foundationdvcs OP 24 Oct 2022

While there are fascinating projects out there for DIY hardware wallets, it's extremely important to remember the purpose of a hardware wallet -- securing your private keys against common attacks, even if the attacker has the physical device (but not the seed/backup/passcode).

If you use a standard device like an old Nokia, anyone with access to it could easily scrape keys off the device. Utilizing a secure element and hardware designed to be as secure as possible (like in the Passport) makes it extremely difficult for an attacker to get your private keys without having the seed/backup/code in hand as well.

We do realize that the price of Passport can be out of reach for some, and that's one of the reasons we're working on expanding Envoy's feature set -- even without a Passport.

186 sats \ 1 reply \ @ncryppt 24 Oct 2022

What is it like being a Boston based company in the bitcoin space?

255 sats \ 0 replies \ @foundationdvcs OP 24 Oct 2022

We are now helping organize and sponsor BitDevs Boston and are about to meet again this Wednesday. We brought it back after 2.5 years last month and are excited to help the Boston Bitcoiner's community grow.

We can also say we do our manufacturing in the New England area, driving distance to Boston, so we're very involved with manufacturing (@zachherbert is there today, actually!). There's a lot of manufacturing talent in the New England area from the height of Telecom industry in the 90s, and we hope to be able to bring some of it back and are very proud we make Passport in the USA!

Otherwise, we have a distributed team with people all over the world!

186 sats \ 2 replies \ @janowitz 24 Oct 2022 freebie

I would buy one immediately if it only had Monero support integrated. If you are talking about sovereignty and privacy, it's really tough with Bitcoin, even if you connect to the network via Tor. Coin control or even post-coinjoin privacy are really complex and you can lose your complete privacy with a small mistake.

So do you plan to add Monero to the wallet? One might use Bitcoin for storing but Monero for spending.

21 sats \ 1 reply \ @foundationdvcs OP 24 Oct 2022

We agree that privacy on Bitcoin can be very challenging for many people, and that's why we're focused on bringing education and solutions of our own to bear on the issue for Bitcoiners. We don't want to "just" enable secure custody, we also want to enable on-chain privacy for our users.

As for Monero support -- we're definitely looking at it internally, but we are a Bitcoin-centric company first and foremost.

I can confirm though that support for it won't be added on current products, just for clarity :)

304 sats \ 0 replies \ @iguano 25 Oct 2022

I think focusing only on bitcoin is the right approach. It look more polished and professional. All this multi-alt-coins wallets look like a joke and confuse the newcomers.

186 sats \ 1 reply \ @Tenuki 24 Oct 2022 freebie

What would you say are the key differences/advantages/disadvantages of the passport batch 2 when compared with coldcard mk4?

10 sats \ 0 replies \ @foundationdvcs OP 24 Oct 2022

We thoroughly appreciate the ColdCard approach to security as there is a lot to like there! The key difference for us is in finding ways to retain similar security guarantees and ethos while improving on user experience.

We don't want secure self-custody to be something with a high barrier to entry -- we want to ensure that as many people as possible, no matter their technical proficiency, are able to use Bitcoin securely to gain financial sovereignty.

We have more details and comparisons available in our FAQs as well: https://docs.foundationdevices.com/faqs#how-does-passport-compare-to-other-hardware-wallets

110 sats \ 2 replies \ @Atreus 24 Oct 2022

How important is the philosophy of the "Sovereign Individual" to you? Did it influence to get into Bitcoin, or did you discover it after?

120 sats \ 1 reply \ @foundationdvcs OP 24 Oct 2022

The idea of empowering sovereign individuals is absolutely at the core of what we do, and we see the specific angle of "digital sovereignty" as an area that we can uniquely solve for users over time.

The financial aspects of sovereignty under-gird every other aspect, and so we chose to focus on Bitcoin custody and usage before anything else. We've been very grateful to be able to solve some serious issues we saw in the space with Passport and Envoy. We needed better tools ourselves, and so we set out to build what we would want out of Bitcoin tools and will keep doing so!

As for when we some of us on the team got into the concept:

@zachherbert - I got into Sovereign Individual as a concept after Bitcoin, but our mission as a company is very much inspired by the book itself. I got into Bitcoin first purely for the "Number Go Up" aspects, but quickly got exposed to the values of the space through podcasts like TFTC and lots of reading on my own.

@sethforprivacy - I was very much brought into the concept of sovereignty and personal privacy because of Bitcoin (and Monero!), and doubt I would have cared much for the topics without the community resources and educators in the space like @qna and @odell. Very thankful for the many great people in the space who helped to shape my views!

@qna - I'm very much a sum of the people in the space who have worked hard to educate others in the space, so I came into the concept as well after finding Bitcoin! I echo a lot of Seth's sentiment above as well.

10 sats \ 0 replies \ @Atreus 24 Oct 2022

Based AF. Thanks for such a great reply!

110 sats \ 1 reply \ @godlikeXi 24 Oct 2022

The device has the look of an early aughts phone. I have fond memories of those phones. Did it get it's inspiration from those early feature phones? Oh - Can I get a promo code? LOL

10 sats \ 0 replies \ @foundationdvcs OP 24 Oct 2022

Yes, very much was a conscious choice as a part of the design as we wanted it to feel familiar in form factor and usage. It's already hard enough to use how to use Bitcoin, and you shouldn't have to learn how to use an entirely new form factor and device. We want to ease the entry into Bitcoin self-custody, and we feel that the familiar design helps that process for more people.

As for promo codes, check out the podcasts (hint hint) and people in the space who have promo codes as part of their sponsorship ;)

110 sats \ 1 reply \ @vdo 24 Oct 2022 freebie

Looks like you care about privacy. Are there plans to support Monero in the future?

0 sats \ 0 replies \ @foundationdvcs OP 24 Oct 2022

We're definitely looking at it internally, but we are a Bitcoin-centric company first and foremost.

I can confirm though that support for it won't be added on current products, just for clarity :)

110 sats \ 1 reply \ @junkbondzz 24 Oct 2022 freebie

When can I expect my foundation hardware wallet in the mail?

100 sats \ 0 replies \ @foundationdvcs OP 24 Oct 2022 freebie

We've shipped over half of all orders so far, and have been working hard to get the rest out as quickly as possible -- without sacrificing quality. We've tried to be very meticulous in our testing of each piece of the Batch 2 product throughout production to ensure that each customer gets the best possible device and maintain consistent quality for every Passport we ship.

For questions on a specific order, just shoot us an email at hello@foundationdevices.com that includes your order number and we'd love to help out there.

85 sats \ 0 replies \ @ken 24 Oct 2022

Now we have an AMA with Foundation 21 million, preset inflation We're going to moon, fly past the Space Station Download Passport, leave your nation!

10 sats \ 1 reply \ @BeardedSaintRef 24 Oct 2022

How much are you charging for your hardware wallets? What incentives are there for your potential customers to choose your product over others like trezor, or nano etc…

10 sats \ 0 replies \ @foundationdvcs OP 24 Oct 2022

The Passport Batch 2 is $259:

https://foundationdevices.com/passport/

For that money, however, we pride ourselves on being a best-in-class user experience that lowers the barrier to entry to secure self-custody (even multi-sig for advanced setups!), airgapped security via QR codes or microSD cards, and lots of other features designed to retain strong security without sacrificing usability. We also pair Passport with a rapidly growing set of tools and features via Envoy, our companion app and mobile wallet.

We also have a quick breakdown comparison available in our FAQs as well here: https://docs.foundationdevices.com/faqs#how-does-passport-compare-to-other-hardware-wallets

10 sats \ 1 reply \ @0322ee777777 24 Oct 2022

What lessons did Batch 2 teach you for batch 3 (whenever that is)?

199 sats \ 0 replies \ @foundationdvcs OP 24 Oct 2022 freebie

Batch 2 was a great improvement on our Founder's Edition and gave us the chance to drastically improve on what we shipped originally. We're very pleased with how much better we've been able to make the user experience when storing and transacting with Bitcoin for our customers, especially when paired with our new app, Envoy.

I think the two biggest lessons we learned from the process of pre-orders and shipping are that the challenge of supply chain issues greatly complicates the pre-order model and makes it something we're going to move away from with future products now that we've grown as a company.

We've also learned the hard way that giving firm ETAs for shipment when there are so many moving pieces that are not entirely under our control only leads to difficulties for everyone.

10 sats \ 3 replies \ @thrown 24 Oct 2022

One of the things I am really passionate about is making custody easier and less footshootery. I just think “what would it take to get my parents into Bitcoin”.

What is Foundation working on to improve this? Things like account recovery, etc

What do you think will be the best practices going forward for the masses of “normies”?

edit: Do you think it is helpful to think of different kinds of wallets? savings vs checking account analogy?

220 sats \ 2 replies \ @foundationdvcs OP 24 Oct 2022 freebie

Thanks for breaking the ice, @thrown!

That ability for anyone to quickly and easily learn to self-custody Bitcoin in a secure way is a driving force for us, and a key reason why we've tried to push away from the normal "store your 24 word seed phrase" model and implemented backups to MicroSD cards with a simple 20 digit passcode.

You can read more on that here: https://docs.foundationdevices.com/passport/backup

This simplifies the process of backup and restore, allows us to bundle far more data into the restore process (account names, multi-sig configurations, derivation paths, user settings, and opens up possibilities like coin labels etc.), and makes it a more "traditional" setup for people. We think one of the big barriers of entry to self-custody is the fear of losing funds and being entirely responsible, like if you lose the seed or break the device.

Tools like the Casa seedless 2-of-3 multisig model is very intriguing, and we're always brainstorming ways we can help to bring peace of mind to customers of Foundation.

We're also working to enable Envoy to be an extremely approachable standalone software wallet without sacrificing privacy, with lots of exciting announcements there still to come.

2 sats \ 1 reply \ @thrown 24 Oct 2022

I definitely like the idea of multi-sig recovery. I think existing fiat banking institutions could transform into Lightning nodes and one of your recovery agents maybe. But even ignoring “institutions”, I think it will become natural for families to start to support each other financially more and become their own little bank together.

For example, my parents would feel more comfortable if they knew that I could help them if they messed something up.

5 sats \ 0 replies \ @foundationdvcs OP 24 Oct 2022

Definitely agreed, finding ways to help community groups and families "crowd-source" custody in a social way while breaking the dependence on a third-party is something we've been actively exploring.

Moving backups away from seed words help a bit with that, but we agree that using multi-sig in unique ways is really a key approach for the future of broader Bitcoin usage.

211 sats \ 2 replies \ @BITC0IN 24 Oct 2022

Why do you still use a secure element that is no longer recommended for use by the manufacturer? https://www.microchip.com/en-us/product/atecc608a

are you guys going to switch to the b model in future iterations for better security?

228 sats \ 1 reply \ @zachherbert 24 Oct 2022 freebie

We use the 608a chip from Microchip, and are switching to the 608b for next batches.

There is no critical vulnerability in the 608a, it's just not recommended for new designs because the 608b is rolling out. The 608b does have some kind of security enhancements but Microchip has not provided any further info. My guess is the 608b further protects against sophisticated lab-based laser attacks.

In order to compromise the 608a, or the 508a, or many chips like it – you can use expensive lab equipment to grind down the top layers of the chips, and shine lasers at the chip in an attempt to extract some data. My guess is we'll see similar attacks against the 608b, and I am sure Ledger's team is already trying to break the 608b.

Every chip is vulnerable to these kinds of targeted, sophisticated attacks, and we've seen everything from Apple's chips, to Intel SGX, etc be compromised in the last few years.

Passport's dual chip architecture removes the need to place all your trust in a single chip, and requires that an attacker compromises both the STM processor and the Microchip secure element.

You'd have to be specifically targeted for this attack, your device would have to be brought to a lab and taken apart, the chips would need to be removed from the board, etc.

Contrast to something like a Trezor, which does not use a secure element and can be trivially voltage-glitched using $100 of hardware.

There is no perfect security, but we can ship devices that require enormous cost and time to break into. Things like Multisig and Passphrases also render these sophisticated attacks useless.

1081 sats \ 0 replies \ @03ff5d1d0d 25 Oct 2022 freebie

seems like a critical vulnerability to me:

"In 2020, we evaluated the Microchip ATECC508A Secure Memory circuit. We identified a vulnerability allowing an attacker to read a secret data slot using single Laser Fault Injection. Subsequently, the product life cycle of this chip turned to be deprecated, and the circuit has been superseded by the ATECC 608A, supposedly more secure. We present a new attack allowing retrieval of the same data slot secret for this new chip, using a double Laser Fault Injection to bypass two security tests during a single command execution. A particular hardware wallet is vulnerable to this attack, as it allows stealing the secret seed protected by the Secure Element. This work was conducted in a black box approach. We explain the attack path identification process, using help from power trace analysis and up to 4 faults in a single command, during an intermediate testing campaign. We construct a firmware implementation hypothesis based on our results to explain how the security and one double-check counter-measure are bypassed."

https://www.sstic.org/media/SSTIC2021/SSTIC-actes/defeating_a_secure_element_with_multiple_laser_fau/SSTIC2021-Article-defeating_a_secure_element_with_multiple_laser_fault_injections-heriveaux.pdf

0 sats \ 1 reply \ @03cd7d2ac2 24 Oct 2022

There Is a bounty program for those Who find bugs in your code ?

0 sats \ 0 replies \ @foundationdvcs OP 25 Oct 2022

Yes, there is a bug bounty program available:

https://foundationdevices.com/security/

We also have PGP keys available for more secure communications around bugs and security disclosures:

https://foundationdevices.com/pgp/