S4 E1: ShapeShift COO Jon on the KeepKey Hardware Wallet
Season 4 of the Bitcoin Takeover Podcast is all about hardware wallet makers and the people who break them. Therefore, the next 10 episodes will feature interviews with important figures from the field of Bitcoin security who will be talking about the best ways to maintain your financial sovereignty.
As Trezor and Coldcard have updated their devices, and new players such as Coldcard and BitBox have emerged as serious contenders, the KeepKey is the oldest hardware wallet on the market. As described in the three-part review of hardware wallets that I wrote for Bitcoin Magazine, it has multiple limitations and may not be ideal for certain applications. However, it does have advantages of its own.
ShapeShift COO Jon has agreed to do an interview in which he answers to some tough questions about the security model of the KeepKey, while also explaining the advantages of the new ShapeShift platform. Most importantly, Jon has talked about the main differences between the KeepKey and the competitors (Trezor, Ledger, Coldcard, BitBox).
The discussion also diverges towards the end, as the ShapeShift COO explains the privacy and security features of the exchange service.
Here are some of the questions to which Jon had to reply:
1. Why should bitcoiners buy a hardware wallet? In which ways is it better than cold storage methods like the paper wallet or the steel plate?
2. Why should that wallet be a KeepKey? What is special about your device, compared to the competition?
3. Can you say something that you like and something that you don’t like about your competition? (this includes Trezor, BitBox, Coldcard, and Ledger)
4. How much of the code that goes into a KeepKey is open sourced and why do your competitors often call the device a “Trezor clone”?
5. In my review, the KeepKey hardware wallet was the oldest design and lacked several features. Is a new device on the way? And if so, what kind of features will it have?
6. Would you consider releasing a Bitcoin-only version of the KeepKey, to reduce the attack surface?
7. In the experience that I’ve had, the KeepKey is not as friendly with multisig setups as the Trezor Model T and the Coldcard Mk3. Are you planning to make any improvements in this regard?
8. Do you have any kind of recommendations for people who choose not to use the ShapeShift platform and go for Electrum and Wasabi?
9. Why did ShapeShift decide to also integrate the Trezor and the Ledger on their platform, thus supporting the competition?
10. What are KeepKey’s upcoming plans in the hardware wallet market?
11. The KeepKey is $29 cheaper if you sign up to the ShapeShift platform. Would you say that this is the price of users’ privacy and personal data?
Special thanks to LXMI and Bottle Pay for sponsoring this episode!
“LXMI is a European Cryptocurrency exchange whose name is inspired by Lakshmi, the Hindu Goddess of Wealth, Good Fortune and Prosperity. It’s one of the regulated and legal Cryptocurrency exchange.
On LXMI you can buy bitcoins with most fiat currencies and you can also do the trading for top Altcoins.
They follow the “Not your keys not your bitcoins” philosophy with their integrated non-custodial wallet which helps you manage your own private keys. So if you’re into trading, then you don’t have to worry about having your Crypto frozen by whatever political decisions, since you’re empowered to hold and move your coins around whenever you wish.
It’s great to have new players like LXMI that respect your financial sovereignty.
LXMI is launching in 2020 for more information please check out – www.LXMI.IO/
If you’re not trading, it’s recommended to move your coins to a hardware wallet or some other form of cold storage, and in this episode, you’re about to find why.
Please keep in mind that this is just an ad for a sponsor of this show. It’s not meant to serve as financial advice, and you’re responsible to do your own research before buying anything and act according to your own decisions. Embrace your financial sovereignty with agency and precaution.
Bottle Pay Ad:
Hey you! Looking for the simplest way to get started sending satoshis on the Lightning Network? Then sign up with your social account on Bottle Pay now.
Bottle Pay is your premium Lightning service for unfairly cheap and effortless bitcoin payments. It is powerful enough to offer all of the payment features you need, while also being simple enough for no-coiners to understand.
No more confusion and headaches! Send satoshis instantly to anyone on a supported social network in a couple of clicks.
Login today at bottle.li, and receive 1000 free satoshis to get you started sending and receiving bitcoin. Follow the steps to become a Power User and earn even more.
Head over to bottle.li and get started now.
Vlad Costea (03:48):
Hi there and welcome to season four of the Bitcoin Takeover podcast. I am Vlad and this season is specifically about the makers and the breakers of hardware wallets. And this first episode is actually about the oldest hardware wallet, the oldest major hardware wallet that is still on the market, which is the key key. And my guest is Jon, who is the COO of shapeshift. So hi Jon.
Jon Shapeshift (04:16):
Hi there. Vlad, how are you doing today?
Vlad Costea (04:18):
I’m okay, but before we move on with our conversation, I just want to give a shout out to the two sponsors of this episode who are LXM I a European exchange that’s going to launch in 2020 and Bottle Pay, which is a payment system that has become very popular on Twitter. So I gave them a shout out. Now let’s talk about hardware wallets. I was waiting, waiting for a confirmation… Awkward moment.
Jon Shapeshift (04:45):
Oh, okay. Yes, yes. Let’s, let’s do it.
Vlad Costea (04:49):
My first question for you is why would anyone need a hardware wallet? Because usually when experts discuss security, they’re going to say, Oh, it’s so much better to use a paper wallet or a brain wallet or to write your seed words on some sort of metal plate. Why you use the hardware wallet at all?
Jon Shapeshift (05:10):
Yeah. So well first off, I’m not sure I agree with that. Some of advice, especially about brain wallets, I don’t think anyone thinks brain welds are good security in 2019 there they’ve shown to be very, very crackable. But aside from something like that a hardware wallet is a very good combination of security and convenience for the average user, especially if they’re holding any large amount of crypto.
New Speaker (05:37):
It gives you the ability to, you know, obviously generate your keys offline. You can still hold the seed on the middle plate or on paper somewhere stored away, but it gives you much easier access to that versus if you’re using just a paper wallet, anytime you want to actually use it you’re going to have to scan it, put onto something online or you know, deal with a bunch of offline transaction signing software or something very complicated for the average user.
Jon Shapeshift (06:04):
That’s not really tenable. I’m a hardware wallet makes that a lot easier to actually interact with your crypto and do it in such a way that you don’t expose your private keys during the process. So I think hardware wallets offer a very, very good, you know, degree of security, but still offering the convenience of being able to actually use it. With a paper wallet, you don’t really have that choice. It’s, you know, a paper wall. It’s really only best for something that you’re gonna put in a safe and forget about for the next decade. Other than that, it’s not very usable.
Vlad Costea (06:38):
Okay. Now in regards to the keep key hardware wallet, what is your position in regards to the product? Have you been part of the development team?
Jon Shapeshift (06:48):
So as chief operations officer, I have not directly been a part of the development team. I’ve certainly been involved in our development conversations where we’re bringing the software that goes along with the KeepKey as well as the firmware updates we’re doing and security you know, reviews and updates and vulnerabilities that come in. I’m involved with all of that at a high level. But I’m not down in the weeds of actually working on the code of this thing. We have a engineering team that is mostly doing that at this point.
Vlad Costea (07:21):
Okay. So given this experience that you have and the exposure, why do you think that Bitcoiners should buy the KeepKey right now? What is special about it as compared to the competition?
Jon Shapeshift (07:35):
Yeah, the, the main thing that’s I say would be special nowadays is really the software implementation that we’ve just released. We kind of made a decision that the hardware was, you know, pretty darn good as far as we can tell over time. But what we really didn’t like was the original keep client that when we acquired keep key was mainly being used.
New Speaker (07:57):
We, we’ve supported that since we acquired KeepKey, but we recently just back in July launched a new shapeshift platform that’s really become the new interface and software component for KeepKey. And I think in combination with that, it’s really the best hardware experience on the market in my opinion because I think that’s where I haven’t been as pleased with some other hardware wallets. I like a lot of our, the other hardware wallets. It’s not to say anything about problems with those devices, but I think the software has been lacking over the years. And I think the software that rerelease, you know, offers a much better user experience for the average user.
Vlad Costea (08:36):
Okay. So you have mentioned other hardware wallets and this is the territory where it gets very interesting because I want to ask you about the pros and cons that you can mention of every other major competitor. Like what do you think about the presser?
Jon Shapeshift (08:55):
Yeah. So I
Vlad Costea (08:55):
Think the Trezor is a very good device. For the most part, honestly, I’m, I’m big. I, I own a number of hardware wallets myself, including hardware wallets from the competition. And I think that there’s a number of good options out there. So I’m not sitting here thinking that, you know, the keep keys great and everything else is terrible. It’s just not really the case. There’s, there’s a number of good hardware out there the Tresor among them. So the Tresor overall I think is a very good device.
New Speaker (09:21):
Um one of the cons compared to the KeepKey might just be that it has a much smaller screen, at least the original device. And so that doesn’t always let you see like entire big point addresses, which can be a little worrisome from a man in the middle component. But overall it’s not a huge issue. It’s, it’s still a very good device I’ve owned, I’ve owned a Tresor pretty much as long as I’ve wanted to keep key. What about the new bed box out too? I’m not sure if you were able to test it, but it looks good. It takes, yeah,
Jon Shapeshift (09:54):
Actually I actually met the beatbox folks. I think they’re based out of Switzerland if I remember correctly. And I, we, we actually went and talked with them in their offices last year and that device seems pretty interesting. I, I can’t say I know enough about it to say what the immediate downsides or major pros of it are. But it seemed like an interesting approach.
Vlad Costea (10:18):
Yeah. A lot of people talk about to keep key. Andy mentioned, I’m sorry, now the kid kid a bit box and they mention how the first model got hacked and they had to discontinue it and come up with design. And do you think that the team is very good and competent enough to release something that is where fee of users trust? Because so far it hasn’t been hacked because it’s too new.
Jon Shapeshift (10:43):
Yeah. So I guess it depends. I don’t know enough about the history to, I think weigh in as much as I’d like to there. It depends how it was hacked. The first time. Hacked can mean a lot of things when it comes to a hardware wallet and that can mean something very, very bad or it can mean something totally innocuous depending what that means.
New Speaker (11:00):
If it was, if it was actual like remote bumbler ability, that’s among the worst state you can have on a hardware wallet. And that in fact actually required them releasing a new device because the other one wasn’t saveable then that’s not a good thing. At the same time I don’t know enough about their team and engineers to say whether they’re, you know, you know, competent enough or not, et cetera. So I’m not sure I know enough to weigh in on that.
Vlad Costea (11:26):
I like to think that the fact that they have a Bitcoin core developer among them is just an extra layer of trust that you can put into them, even though it’s a bad idea to put trust in anyone in this industry. Anyway, let’s not talk too much about the big box. Let’s move on to maybe the most popular vice among Twitter, which is the cold card. What do you think about it?
Jon Shapeshift (11:56):
Yeah, the cold cards. Another one that’s pretty new on the scene that I don’t, I don’t know enough about [inaudible] to weigh in on, you know exactly what its security features. You know, our, our compared to other wallets from what I’ve heard, it seems like an interesting device, but I’m not sure if it gives as much full features, especially on the software side as like a treasurer ledger or KeepKey.
Vlad Costea (12:20):
Oh, I think it’s the exact opposite of what shapeshift is trying to deal with to keep G because it has no computer interface. It’s made to do most operations on device and that uses a BIP. I don’t recall the number of it, but it’s called partially signed Bitcoin transactions. You can just power the device and you operate with an SD card that you’d done an act to your computer and you’re supposed to use either Electrum personal server or wasabi wallet or some kind of third party open source software. So they don’t have like a computer software implementation. This is good for pressure, but not for newbies who are just trying to get into Bitcoin.
Jon Shapeshift (13:09):
Yeah. So exactly. That might be really good for someone who just cares about those things, who’s already comfortable with things like the lecture or wasabi. But generally those types of interfaces leave a lot of lacking for the majority of users is what we found.
Vlad Costea (13:25):
Okay. So we have one device left in this classification and that’s the ledger, which sometimes seems quite polarizing because some people criticize them for not open sourcing all of their code and they criticize the fact that you have to trust the company. And most of the times that’s a bad idea in this sector.
Jon Shapeshift (13:50):
Yeah. So I’ve owned ledgers ever since they came out. I remember when they first started going to conferences before we even owned to keep going. And I, I’ve always found them interesting devices. I own a number of different ledgers myself. Overall I think they’re great devices. I definitely understand the apprehension about the fact that not all their firmware especially is open source. And that really you know nerves especially, you know, old school Bitcoiners and they’re not always the comfortable with that. And I think that’s totally valid if that’s what they want.
New Speaker (14:21):
But I’ve never heard of any major you know, attack on someone’s ledger remotely or something like that that gave me pause or issues. So I think that they’re pretty secure. You know, again, one of the problems with the legacy, at least ledger nano S was just again that the screen was a little bit on the small side, especially compared to the keep keys. You can’t display entire addresses on it, which again can be a little bit of a man in the middle problem. But overall I think it’s a really still good device. I wouldn’t tell anyone not to get a ledger if that’s the type of, you know, form factor and what they’re going for.
Vlad Costea (14:59):
So you spoke about open source code and I think that’s also an interesting discussion to be had because I want to ask you how much of the code that goes into the KeepKey is open sourced and why do sometimes competitors call the keep key a Trezor clone?
Jon Shapeshift (15:18):
Yeah, so I’ll answer the second question first, which is when we acquired, I mean the, the reason they call it a Trezor clone is that when before we even acquired KeepKey, when the original developers, the KeepKey company and created the device, they forked the original firmware from the Tresor. So it is, it’s not exactly a clone because the code has diverged quite a bit over the last two or three years. But originally it was a fork of the open source treasure code.
New Speaker (15:47):
So there is a lot of relation there in terms of the foundation of firmware. But since then they’ve really kind of gone their own separate ways. And you know, there, there’s still some similarities at least compared to like a ledger, but they’ve been developed pretty differently over time. And all of KeepKey’s firmware is open source. You can go on get hub and see all of it.
Vlad Costea (16:09):
Okay. That’s a good answer. So I mentioned in my review and the claim magazine death, the KeepKey is the oldest design in the review and there are several features that newer models include and the kid doesn’t. So are you thinking right now we’re releasing some kind of updated keep key, different kind of hardware wallet but a different design because also I remember the Kikuyu was about $200 at some point and now you can buy it for, I think it’s 49 or something or $10 your membership on shapeshift. So yeah, some sort of new premium device coming [inaudible]
Jon Shapeshift (16:54):
It’s certainly something we’re thinking about. We’re not at a point where we’re ready to announce anything on that fronter or say that there will be another device coming. You know, our, our real focus in the immediate short term is improving the experience of using the KeepKey as much as possible. And so that really means updates to the software that you use with it, which right now with the main focus is the actual shapeshift platform. As well as firmware and you know, adding more additional coins, support and things like that. Is really where the immediate updates are going to come for the key came more than a new device.
Vlad Costea (17:29):
So I guess you’re not going to release anytime soon. Any kind of model that you’re coin only because I see that there’s a trend that I observed in presser and both old card and bit box that they released Bitcoin only devices.
Jon Shapeshift (17:47):
Yeah, that’s interesting. We don’t have any plans to do that on a hardware level at the moment. I think that’s something, you know, and also, you know, you know, part of that is, you know, the shape shifts history is obviously we come from a very multi coin, you know, philosophy in place of everything we’ve done over time and the majority of our users are constantly, like the biggest requests we get for KeepKey and shapeshift combined is more coins, more coins, more coins.
New Speaker (18:11):
So at least our user base is not the ones that are generally asking for a Bitcoin on the device. That being said, if we saw a large demand for that among our users, we could consider something like that. We probably wouldn’t release a new device, but we could release, you know, a firmware version that would take everything off except for the Bitcoin part of the firmware and that would effectively be the same thing.
Vlad Costea (18:33):
Okay. Yeah. I think a lot of companies do this. I don’t think they have different hardware, but they have just the Bitcoin stuff or that they reduce the attack surface.
Jon Shapeshift (18:45):
Yeah, it’s an interesting thought. Again, I think if we saw enough demand from our users to do that, it might be something we consider, but right now the main feedback we’re getting from our users is the opposite. They want more coins, more assets, not less.
Vlad Costea (18:59):
Another popular third that seems to be more in demand in the last couple of years among Bitcoin or is the ability to do multisig. And some people refer to it as a good way to secure your coins because you have different parts of your private key being in different places. And you can have organizations which control a certain amount of Bitcoins or you can have families which manage their funds and have this political dimension, which prevents any one party from arbitrarily spending the entire amount. And in my experience reviewing the KeepKey, it’s not very friendly with multisig setups. So do you think you’re going to improve on that or is it a priority right now?
Jon Shapeshift (19:49):
Yeah. So yeah, multisig is obviously great. There is an ability to use KeepKey and multisig fashion today, but you’re right, it’s not super streamlined and you’d have to have a decent bit of technical knowledge to do it correctly. It’s definitely something we have talked a lot about and that we’ll either you know, is or will become a priority pretty soon, especially through the new shapeshift platform software using your keep key. I think there’s a lot of cool things that we can and want to do with multisig and the keep key.
New Speaker (20:19):
Um so I definitely think there will be a lot of multisig related features coming to the keep key, you know, in the short to medium term future. I don’t know exactly when those will release yet or what they’ll look like. But I think there’s quite a few things we want to do on that front to make multisig just far easier to use with [inaudible] as well as just on the platform overall.
Vlad Costea (20:42):
I think right now one of the main advantages and selling points of this is the price itself because of the top five biggest Harvard wallet manufacturer is you have to keep this device on the market. And I can think of ways in which maybe somebody who is security minded will just buy KeepKey because it’s solid, it’s rugged, it has that nice farm tracks or brand and displays the entire Bitcoin adverse and they’re going to run something like Electrum or wasabi. Instead of using those awkward dots. You have parties, you have any advice or recommendations for people who buy the KeepKey for this purpose?
Jon Shapeshift (21:27):
Yeah, I mean that’s a totally legit way to use the KeepKey. And if that’s, you know, what people prefer and want to use, then you know, that’s totally cool. I don’t know that I have any specific advice other than just being careful. I’ve seen at least a number of people get hit with phishing attacks when using a lecturer, ma. I don’t know that any particular software is immune from this.
New Speaker (21:48):
Um but there, there are still a number of attacks that exist, especially on older versions of Electrum that you just have to be careful about. So it definitely takes, again, a little more technical knowhow to I think do that correctly. But if you have that technical knowhow, then that’s a perfectly valid way to use the KeepKey. And there’s nothing wrong with that. You just won’t get some of the more advanced features that we’re going to be able to offer through things like the shapeshift platform now and going forward.
Vlad Costea (22:13):
Oh, okay. So can you talk about these advance features that are going to be available on the CPF platform?
Jon Shapeshift (22:20):
Yeah, so I mean, even today you have, you know, when you plug a KeepKey into the ship ship platform, you have access to significantly more, you know, asset support than you’re going to get on Electrum. You have access to the, you know, free trading that we just released in the last week, VR, Fox Token that you get for free. And that’s kinda just the start of things.
New Speaker (22:40):
You also have the ability to, you know, view your entire portfolio of assets, view that over time, a much nicer visualization and we’re going to be bringing more and more interesting, you know, features and abilities to interact with, you know, the blockchain and various ways, you know, the Bitcoin blockchain. But of course other blockchains and you know, dApps and things like that. Things that’ll just be more optimized through the platform. And I just a much nicer UX and UI.
Vlad Costea (23:07):
Okay. Also, when I visited the shapes of that form while doing my review for Bitcoin magazine, I noticed that you enable a future to connect your ledger or your Trezor to the platform and pleasant the same need because basically you’re supporting the competition or are you really [inaudible]
Jon Shapeshift (23:29):
Yeah, we we definitely are. I think actually using your Trezor for example, with the shapeshift platform is the best way to use your Trezor out today. I’ve used it with my Trezor. I love it. We, you know, we are definitely supporting other hardware wallets on the shapeshift platform. They keep key is going to be the device that it’s most optimized for and kind of the premium experience. But we want to support, you know, as many, you know, relevant hardware devices like the Trezor and the ledger as we can. The ledger support is not fully out yet, but it actually will be in a matter of weeks, not months. So that’s coming very soon. And yeah, we’re, we’re very happy to support other hardware wallets in the platform. Ultimately our goal is to really promote the use of non-custodial solutions.
New Speaker (24:13):
Um we think the key piece, a great way to do that, and you know, probably the best way to use the shapeshift platform today, but we know that there’s a lot of Trezor users out there. There’s a lot of ledger users and those devices are still very good devices and we wouldn’t tell anyone that they have to switch to use the shapeshift platform. We think that as long as they’re using a good hardware wallet and a non-custodial solution, that’s good enough for us. We don’t, it doesn’t necessarily have to be to keep key for us to be happy.
Vlad Costea (24:40):
So don’t you think that you’re disincentivizing people from purchasing the KeepKey by allowing them to use just oppressor? [inaudible]
Jon Shapeshift (24:49):
Yeah, you could argue that and that that might be the case for some people. But ultimately, again, the goal is not just to sell keep keys. The goal is to, you know, put out software there that really promotes the use of non-custodial a wallet and you know, exchange software. And that’s really where shape shifts, bread and butter is we think the key key is a great addition to that. And again, is probably the best use of the experience. But you can still have a really great experience on shapeshift without a keep gate with the Trezor ledger. And that might mean people don’t buy the KeepKey and that’s okay. We’re, we’re totally fine with that.
Vlad Costea (25:21):
So what are key keys or shape shifts plan for the hardware wallet market?
Jon Shapeshift (25:29):
Yeah, I mean the main plan is kind of what we just talked about, which is really producing the best possible software to use with your hardware wallet. Because I think again, that’s historically where hardware wallets have kind of lacked the most, has been the actual UI and UX of the software that you connect with in use. And you know, the devices one thing, and it’s obviously paramount because that’s where your keys are actually kept and the real security, but 90 you know, 90 to 95% of the time a user is actually interacting or trying to do a transaction.
New Speaker (25:59):
They have to use the actual software attached to the thing. And that’s where most of their interaction with the device actually happens. So in our opinion, the most important thing to do really well. In addition to having a very good key store, like a key or another hardware wallet is the actual software. So a lot of our focus and plans for the immediate future are on improving that software and making the best possible UI and UX for using a hardware wallet and storing your assets, non-custodial li and trading non-custodial li.
Vlad Costea (26:30):
Do you also consider allowing users to connect to the shapeshift platform with their full nodes as sometimes it’s important for users to have this sort of privacy where their transaction data gets under devices and they don’t have to trust the third party, whether it’s sheet shift or some other node, but they’re relaying of
Jon Shapeshift (26:53):
Yeah, that’s a, that’s an interesting point. Definitely something we’ve considered. Right now the best way to do that today would be to use something like an Electrum. At some point it would be nice to allow the shapeshift software to be run locally and let people to do that. That hasn’t really been a priority for us and the majority of our users, that’s not what they’re looking for.
New Speaker (27:12):
We do certainly allow the ability though for someone to use the software totally anonymously without giving us any information as long as they only need to do that. If they want to trade. So they do have the ability to get on there and not give us any information and clear out any data that they give us, you know, after use and things like that. But eventually, you know, if, especially if there’s demand for it, we probably would release some localized version that can be run on someone’s desktop as well. It’s just not an immediate priority.
Vlad Costea (27:41):
Yeah. I remembered that shape shift was one of the most popular services in 2017 and a lot of people were, I think mostly converting Bitcoin for Monero or the other way around. And at some point, I don’t know exactly what happened, but you started to allow people to sign up to the platform and it’s some people that was the moment when you don’t want fell out of grace or something, especially to the hardcore maximalists. So I think it would make a lot of difference if you allowed more privacy for users, but at the same time to metal that regulators in a way that also makes it okay for you.
Jon Shapeshift (28:22):
Yeah, it’s a, it’s a fine line to walk of course. But yeah, we, we care a lot about privacy of our users and we’re very interested to give features to them. Some of those like, you know, running the software locally is a pretty technically advanced feature that, you know, most users are not going to use. That’s probably why it hasn’t been prioritized for us yet. But we have prioritized a lot of other privacy centric features like the ability to use the entire platform anonymously without giving us any information and you know, you don’t, you don’t expose anything that way. So there, there are various things that we will continue to do to support those privacy centric minded folks. Those are still a large part of our user base.
Vlad Costea (29:03):
Yeah, I think that’s very important. And something else that I think should be considered, I don’t think there is demand for it because most of the users don’t, don’t really understand how it works. But UTX cell control is essential because sometimes you have 50 Bitcoins or something and you’re sending 0.1 Bitcoin and you don’t want the other person to know how much Bitcoin you have. And you should try to have smaller UTX sows and maybe they have a point to Bitcoin UTX so that used to send 0.1 and the other person will not know that actually hold 50 or 100 or 1000, whatever.
Jon Shapeshift (29:45):
Yeah, yeah, no, absolutely. Our, so our software will all our ready automatically try to prioritize their smallest UTX sows when creating a transaction. Most good Bitcoin software should do that. But we’ve definitely talked about releasing more advanced features for power users that would allow them to specifically choose which UTX those they want to use in a transaction, which change address, et cetera. That’s another one of those features that, you know, the majority of, I think our users, it’s just a little, you know, too technically advanced for what they actually need or want. But it would be a great thing to release eventually. And I, I would, you know, I would love to have that feature myself. Be great.
Vlad Costea (30:26):
Okay. So let’s say that I order a KeepKey today and I get it. What kind of software or which software is it going to run? Is it the local software dock was used or originally, or do I have to connect to the shapes of platform?
Jon Shapeshift (30:44):
So you still have a choice if you get the key peak today, the recommended experience, the best experience in our opinion is definitely to connect to the shapeshift platform. And it’s the most, it’s the most flexible because you can access it, you know, from anywhere from any device. For the most part, even, you know, even if you’re keeping is not plugged in, you can still check your balance on your phone and things like that.
New Speaker (31:04):
So it’s a very flexible software, but you can still use the KeepKey client. You can still use Electrum as you’ve mentioned. So there are other options depending on what you want. But the, we would definitely, what’s, what’s, what if you buy the device today, what you’re going to see in the device and what we’re going to highly recommend to you is the platform software because we think it’s you know, far and beyond the best UX for the KeepKey and really for any hardware wallet.
Vlad Costea (31:30):
Okay. I actually had another question. Let me think. Oh yeah, it’s about the difference in price. So you can get a KeepKey today for, I think it’s $39 the whole price or you can get it for $10 if you sign up. What shape shift would you see that 39 no, $29 is the price that you pay for your data?
Jon Shapeshift (31:57):
Yeah. No. So not really. Because we don’t pay, we don’t pay for data. We don’t sell data. Honestly, the data has no monetary value to us. And we wish, you know, in a perfect world we wouldn’t take the data at all. But you know, due to various regulatory situations, it’s just a reality that we have to, in some cases at least for trading. So the main reason and also that $10 price is very much a promotional price that won’t last forever and it won’t always be available.
New Speaker (32:25):
So that’s more just a promotion we’re doing to, you know, get people incentivized to actually want to try out the platform and you know, get a KeepKey, which we think is, you know, again, a great way to store your keys and hold your funds. And we think that’s worthwhile to offer a cheap option for people who might be on the fence. So w we think that’s what it’s more about. It’s really not about the cost of the data. Cause again, that doesn’t really have much if any monetary value to us company.
Vlad Costea (32:53):
Yeah. Sometimes I think about this and Google terms, you know, when Google is offering all that Sue to applications for free and you’re thinking what happens to the files that I store in the cloud, in my Google drive or whatever. So when I saw this difference, my first thought was, okay, so what happens to that personal data? Why does it matter that you sign up with your email address to two shapes?
Jon Shapeshift (33:22):
Yeah, and it’s a good question and I think when you’re using the Google example, it’s a really smart and you know that is the way to think about it. That is what a company like that is doing. In the case of shapeshift though, we don’t actually ever do anything with that data. In fact, we don’t mind it. We don’t sell it. We don’t share it with third parties. We don’t sell it to anyone.
New Speaker (33:42):
In fact, we’re one of the few companies out there that actually spent a lot of extra time and engineering effort and that continuing time and engineering effort to immediately encrypt all that data. The moment we get it. So even, even internally, we can’t really read it unless there’s some situation where we have to decrypt and look at it for you know, a specific regulatory reason or something like that. It’s completely inaccessible. It’s entirely encrypted the moment we get it.
Vlad Costea (34:07):
So you’re saying that a way to associate a certain transaction with a user?
Jon Shapeshift (34:16):
So would we, what we can associate with is an X pub and if, if we were to decrypt the data, there would be a way for us to associate that if we had to in a regulatory situation. But we generally don’t do that. And again, if someone’s really concerned about privacy, they don’t have to sign up or give us any information at all, in which case there’s really no way to associate it.
Vlad Costea (34:42):
I think that this is a useful question because a lot of people the size, the fact that cheap shift allows you to sign up in the first place and it’s also useful for me to learn. So do you think that in the future there will be a market for Bitcoin transaction data where people being very interested to acquire a large amount of transactions so that they can associate and maybe try to find some sort of relations and links?
Jon Shapeshift (35:12):
Yeah. there certainly will be and already is in some cases. So you know, a company like chain analysis and companies like that that, you know, primarily sell to regulators and law enforcement, there’s already a huge market for that type of data. As well as anyone that has to deal with any heavy amounts of regulatory compliance that all those things already have. There is large markets for that type of data. We don’t personally take or storage such data or sell that data and we’re not interested in supporting such markets. But I, you know, it would be a lie to say that there isn’t a lot of interest in such data. There absolutely is.
Vlad Costea (35:50):
Okay. Now let me ask you this. I think it’s going to be one or two last questions about tacking hardware wallets and how you react when somebody hacks or device. Did you have any kind of situation where you are under pressure to release a fix for some kind of vulnerability?
Jon Shapeshift (36:09):
Yes, definitely. You know, setting the time since we’ve acquired keep key, there have been a number of security vulnerabilities in the KeepKey. Usually it’s not just to keep key. It’s usually either to keep key amp, the Trezor or to keep the Trezor and ledger altogether.
New Speaker (36:23):
Um so we usually what happens is we will get a a vulnerability report from some sort of security researcher or we’ll figure out something internally ourselves and share it with other companies when that happens or another company figures out something and shares it with us. Generally this tends to be pretty collaborative even among these competitive companies cause everybody has an interest in keeping their users funds safe. And it really depends on the vulnerability. Some vulnerabilities have been very minor over time and you know, you want to get a fix out there, but the attack surface or the likelihood of the attack is very, very insignificant.
Jon Shapeshift (36:57):
And in that case it’s not as much of an emergency, but then, yeah, sometimes there have been vulnerabilities that are more significant or more worrisome and you try to get those, you know, a firmware update to patch those out as quickly as possible without revealing any information about the attack or how to do it until the update is out there. So that’s always something that you deal with when you ha when you are an owner of a hardware device like this.
New Speaker (37:20):
Um you know, it’s just inevitable that people are going to keep trying to hack things over time. Nothing will ever be a hundred percent safe. There will always be potential issues that can pop up. And the most important thing is to just know that you have a team behind that hardware wallet that you own that’s going to react to those things quickly.
Jon Shapeshift (37:37):
The good news is that the vast majority of these attacks, even the serious ones, almost all of them require some sort of physical access to the device to do anything significant. I’ve seen very few, if any actual remote type attacks, which would be far more worrisome. But you know, this, the, the ones with the device in hand are still serious and we patch those as quickly as we can. But those tend to be a lower attack surface. Then, you know, someone that’s able to, you know, do something online and take over your computer and attack the device that way. So that’s, that’s very, very rare with hardware wallets because of their designs and keeping the keys offline. And that’s really what helps prioritize what does an emergency and what isn’t.
Vlad Costea (38:18):
So would you agree that it’s very, it’s essential to keep your hardware wallet away from physical contact and any type of physical tempering and that’s the, the main attack vector to any device?
Jon Shapeshift (38:36):
Yes. you know, so as our, you know, our chief security officer would say anytime someone has physical access to something given enough time and motivation, there’s likely a way that they can break into that thing. You know, it’s a big difference between whether that takes a few seconds or, you know, days or weeks of dedicated time and equipment.
New Speaker (38:58):
But yes, definitely, you know, if you have a large amount of funds on your hardware device, you should treat it as you would anything else that you would keep a large amount of funds with. And you shouldn’t just let people have physical access to it at any time without your knowledge. That’s never going to be good from an ops sector security paradigm.
Vlad Costea (39:16):
Okay. So my last question is about something which I discovered while doing my review for Bitcoin magazine. I was not able to find any kind of section on your website which mentions bounty programs in case somebody finds a vulnerability in the key and they want to get a reword what they, what do they do more? Exactly.
Jon Shapeshift (39:38):
Yeah. So there is, there is actually a bounty program that we are consistently running for that. I wonder if it’s maybe it’s not on the KeepKey, it’s on the shapeshift actual website. If you go to shapeshift and you look at the responsible disclosure program there is an actual whole section about that and we list people that we’ve paid, how much, what, how to report to us. So we do actually have a whole policy how to deal with this and we’ve been running that for quite awhile.
Vlad Costea (40:08):
Okay. You just gave me some homework.
Jon Shapeshift (40:11):
Yeah. If you go to, if you go to shapeshift.com and just look in the flutter, you’ll see a link to responsible disclosure policy and there’s a whole page describing everything we do on that front. So yeah, we’ve been running that ever since we required keeping you.
Vlad Costea (40:25):
Okay. So Jon, thank you very much for doing this. I got you answered. Even the toughest of questions that may not be comfortable.
Jon Shapeshift (40:35):
Absolutely. It was a good time
Vlad Costea (40:36):
Or it’s about hardware wallets and what’s you think they should be and how they’re going to improve in the coming years?
Jon Shapeshift (40:43):
Sure. I mean, I think the, again, the most important thing is that I think the majority of hardware wallets on the market, especially when you’re talking about the key key, the Trezor and the ledger do a very good job of keeping your keys disconnected from the internet and not being exposed that way, which is honestly the biggest risk or any crypto user on a day to day basis. So I think the most important thing I would get out to people is just the importance of using a hardware device like that. If you’re going to store your own keys, which we at ShapeShift certainly think you should for a number of reasons, you’re probably easiest, most convenient way to do that in a very safe way is with a hardware wallet. And we think that’s worthwhile. And we personally think the key is a great way to do that and that it has the best software experience you could possibly have. And it’s only gonna get better. So we, you know, we just really encourage people hold your own keys, not your keys, not your crypto.
Vlad Costea (41:35):
Okay. Thank you very much. And Jesse and Ellen, this entire season is going to consist of 10 episodes or hardware wallet makers get to talk about their products and they promote what is special about the devices that they’re developing and selling. And there’s also going to be a section dedicated to hackers so that they can give some advice and maybe tell stories about how they broke into some kind of device. So thank you Jon. Thank you very much for, thanks for having me.