S4 E2: ShiftCrypto’s Douglas Bakkum & Jonas Schnelli on the BitBox02 Hardware Wallet

ShiftCrypto’s BitBox02 is one of the most pleasant surprises on the hardware wallet market. It takes the best elements from Trezor (open source audited software) and Ledger (secure element chip), then adds an extra layer of good op-sec by making use of a male connector which eliminates the need for a potentially compromised cable.

From a software perspective, the BitBoxApp allows users to connect to their full node (thus greatly increasing privacy and security) and enables coin control (great for UTXO management).

Furthermore, the research team behind ShiftCrypto has made multiple responsible disclosures about vulnerabilities that they found in their competitors’ devices (for more information, check out The Charlatan’s article on the Coldcard ransom attack, Benma’s report on the Trezor Model T theft attack, and Kaspar Etter’s breakdown of multisig configuration issues). This competitive yet collaborative environment creates better security premises for everybody involved.

ShiftCrypto is one of the actors who definitely improve the greater state of the hardware wallet market. Correspondingly, having co-founders Douglas Bakkum and Jonas Schnelli on this second episode is a privilege and a great opportunity to learn.

For an in-depth analysis of the BitBox02 and other significant devices, read the three-part review that I published in Bitcoin Magazine: Part OnePart TwoPart Three.

Some questions asked to Douglas Bakkum and Jonas Schnelli during the interview:

1. Why should bitcoiners buy a hardware wallet? In which ways is it better than cold storage methods like the paper wallet or the steel plate?


2. Why should that wallet be a BitBox02? What is special about the ShiftCrypto devices, compared to the competition?


3. Can you say something that you like and something that you don’t like about your competition? (this includes Trezor, KeepKey, Coldcard, and Ledger)


4. What is the story of the original BitBox and why was it discontinued so quickly? Do you think that the flaws have been fixed in the 02?


5. What do you think about the fact that Coldcard and Ledger also use the secure element chip design?


6. What is the general feedback that you’ve received for the BitBox02 since launch and what are the features that get most praise?


7. In the experience that I’ve had, the BitBox02 is less friendly with multisig setups than the Trezor Model T and the Coldcard Mk3. Are you planning to make any improvements in this regard?


8. Do you have any kind of recommendations for people who choose not to use your BitBoxApp software and go for Electrum and Wasabi?


9. In the last couple of weeks your researchers have discovered vulnerabilities in the Trezor Model T and the Coldcard Mk3. What was the response you got from your competitors?


10. What are ShiftCrypto’s upcoming plans in the hardware wallet market?

11. Is there backwards compatibility between the BitBox01 and the BitBox02?

12. What are your takes on QR codes? Do you think this is a future step for hardware developers? (asked by EnkiTek on Twitter)

13. Where’s the inspiration come from? What’s behind BitBoxBase and Tep, and what might we expect down the road? (asked by Track Bender on Twitter)

… and many more, the interview was longer and more in-depth than expected.

You may listen to the episode on iTunes or Spotify!

If you haven’t signed up to either service, you may try the direct RSS feed.

Special thanks to LXMI and Bottle Pay for sponsoring this episode!

LXMI Ad:

“LXMI is a European Cryptocurrency exchange whose name is inspired by Lakshmi, the Hindu Goddess of Wealth, Good Fortune and Prosperity. It’s one of the regulated and legal Cryptocurrency exchange.

On LXMI you can buy bitcoins with most fiat currencies and you can also do the trading for top Altcoins. 

They follow the “Not your keys not your bitcoins” philosophy with their integrated non-custodial wallet which helps you manage your own private keys. So if you’re into trading, then you don’t have to worry about having your Crypto frozen by whatever political decisions, since you’re empowered to hold and move your coins around whenever you wish. 

It’s great to have new players like LXMI that respect your financial sovereignty.

LXMI is launching in 2020 for more information please check out – www.LXMI.IO/

If you’re not trading, it’s recommended to move your coins to a hardware wallet or some other form of cold storage, and in this episode, you’re about to find why.

Please keep in mind that this is just an ad for a sponsor of this show. It’s not meant to serve as financial advice, and you’re responsible to do your own research before buying anything and act according to your own decisions. Embrace your financial sovereignty with agency and precaution.

Bottle Pay Ad:

Hey you! Looking for the simplest way to get started sending satoshis on the Lightning Network? Then sign up with your social account on Bottle Pay now.

Bottle Pay is your premium Lightning service for unfairly cheap and effortless bitcoin payments. It is powerful enough to offer all of the payment features you need, while also being simple enough for no-coiners to understand.

No more confusion and headaches! Send satoshis instantly to anyone on a supported social network in a couple of clicks.

Login today at bottle.li, and receive 1000 free satoshis to get you started sending and receiving bitcoin. Follow the steps to become a Power User and earn even more.

Head over to bottle.li and get started now.

Automatic Transcript (Great for SEO)

1
00:00:42,730 --> 00:00:49,770
[Music]

2
00:00:46,219 --> 00:00:52,920
you are listening to season four of the

3
00:00:49,770 --> 00:00:55,800
Bitcoin takeover podcast a 10 part

4
00:00:52,920 --> 00:00:59,550
series in which hardware wallet makers

5
00:00:55,800 --> 00:01:02,040
and breakers get interviewed before I

6
00:00:59,550 --> 00:01:03,600
introduce this episode's guests let's

7
00:01:02,040 --> 00:01:15,690
hear a few words from the show's

8
00:01:03,600 --> 00:01:18,090
sponsors LX mi is a European public

9
00:01:15,690 --> 00:01:19,410
currency exchange whose name is inspired

10
00:01:18,090 --> 00:01:22,440
by Laxmi

11
00:01:19,410 --> 00:01:25,590
the Hindu goddess of wealth good fortune

12
00:01:22,440 --> 00:01:27,869
and prosperity it's one of the regulates

13
00:01:25,590 --> 00:01:31,470
in an illegal crypto currency exchanges

14
00:01:27,869 --> 00:01:33,960
on Alex mi you can buy bitcoins with

15
00:01:31,470 --> 00:01:37,289
most currencies and you can also do

16
00:01:33,960 --> 00:01:39,210
trading with top out coins they follow

17
00:01:37,289 --> 00:01:41,220
the natural keys not your bitcoins

18
00:01:39,210 --> 00:01:43,740
philosophy with their integrated

19
00:01:41,220 --> 00:01:46,590
noncustodial wallet which helps you

20
00:01:43,740 --> 00:01:48,720
manage your own private keys so if

21
00:01:46,590 --> 00:01:51,240
you're into trading then you don't have

22
00:01:48,720 --> 00:01:54,540
to worry about having your crypto frozen

23
00:01:51,240 --> 00:01:56,369
by whatever political decisions since

24
00:01:54,540 --> 00:01:59,880
you're empowered to hold and move your

25
00:01:56,369 --> 00:02:02,280
coins whenever you wish it's great to

26
00:01:59,880 --> 00:02:05,490
have new players like Alex mi that

27
00:02:02,280 --> 00:02:08,610
respects your financial sovereignty Alex

28
00:02:05,490 --> 00:02:12,480
mi is launching in 2020 and for more

29
00:02:08,610 --> 00:02:14,060
information please check out LX M I dot

30
00:02:12,480 --> 00:02:16,340
IO

31
00:02:14,060 --> 00:02:18,290
if you're not into trading it's

32
00:02:16,340 --> 00:02:20,810
recommended to move your coins to a

33
00:02:18,290 --> 00:02:23,569
hardware wallet or some other form of

34
00:02:20,810 --> 00:02:26,569
cold storage and in this episode you're

35
00:02:23,569 --> 00:02:28,459
about to find out why please keep in

36
00:02:26,569 --> 00:02:31,010
mind that this is just an ad for a

37
00:02:28,459 --> 00:02:33,200
sponsor of the show it's not meant to

38
00:02:31,010 --> 00:02:34,760
serve as financial advice and you're

39
00:02:33,200 --> 00:02:37,910
responsible to do your own research

40
00:02:34,760 --> 00:02:39,640
before buying anything and act according

41
00:02:37,910 --> 00:02:42,410
to your own decisions

42
00:02:39,640 --> 00:02:50,780
embrace your financial sovereignty with

43
00:02:42,410 --> 00:02:53,150
agency and precaution way to get started

44
00:02:50,780 --> 00:02:55,790
standing satoshis on the Lightning

45
00:02:53,150 --> 00:03:00,470
Network then sign up with your social

46
00:02:55,790 --> 00:03:03,500
account bottle pay now is your premium

47
00:03:00,470 --> 00:03:06,800
lightning service for unfairly cheap and

48
00:03:03,500 --> 00:03:08,840
effortless Bitcoin payments it is

49
00:03:06,800 --> 00:03:11,150
powerful enough to offer all of the

50
00:03:08,840 --> 00:03:14,030
payment features you need while also

51
00:03:11,150 --> 00:03:17,360
being simple enough for no corners to

52
00:03:14,030 --> 00:03:21,200
understand no more confusion and

53
00:03:17,360 --> 00:03:24,470
headaches sensitive she's instantly to

54
00:03:21,200 --> 00:03:27,590
anyone on a supported social network in

55
00:03:24,470 --> 00:03:31,100
a couple of clicks log in today at

56
00:03:27,590 --> 00:03:33,980
bottle da Li and receive 1,000 free

57
00:03:31,100 --> 00:03:37,459
Satoshi's to get you started sending and

58
00:03:33,980 --> 00:03:40,600
receiving bitcoins follow the steps to

59
00:03:37,459 --> 00:03:43,880
become a power user and earn even more

60
00:03:40,600 --> 00:03:46,510
head over to bottle da l eye and get

61
00:03:43,880 --> 00:03:46,510
started now

62
00:03:47,970 --> 00:03:54,400
hello and welcome to season 4 episode 2

63
00:03:52,120 --> 00:03:57,250
of the Bitcoin takeover podcast

64
00:03:54,400 --> 00:04:01,360
I am glad and today I have two guests

65
00:03:57,250 --> 00:04:04,120
who work and have developed shift crypto

66
00:04:01,360 --> 00:04:07,150
security one of the rising companies in

67
00:04:04,120 --> 00:04:09,010
the hardware wallet market and just in

68
00:04:07,150 --> 00:04:10,240
case you didn't get accustomed to the

69
00:04:09,010 --> 00:04:12,520
format by now

70
00:04:10,240 --> 00:04:14,290
the whole season is going to be about

71
00:04:12,520 --> 00:04:18,040
hardware wallet makers and their

72
00:04:14,290 --> 00:04:21,489
breakers and the names of my guests are

73
00:04:18,040 --> 00:04:25,660
Douglas Beckham or bakhoum as its

74
00:04:21,489 --> 00:04:28,090
pronounced in German and Jonas snellie

75
00:04:25,660 --> 00:04:30,700
who is also a Bitcoin core developer and

76
00:04:28,090 --> 00:04:34,480
this is going to be very interesting so

77
00:04:30,700 --> 00:04:37,410
hello gentlemen hey well thanks for this

78
00:04:34,480 --> 00:04:40,990
opportunity No thank you yeah thanks oh

79
00:04:37,410 --> 00:04:44,260
because there's a lot going on and I

80
00:04:40,990 --> 00:04:46,780
noticed that the pit box so - it is

81
00:04:44,260 --> 00:04:50,080
getting some traction I noticed that

82
00:04:46,780 --> 00:04:52,660
this it's not quite the holiday season

83
00:04:50,080 --> 00:04:55,360
but on Black Friday I saw that black

84
00:04:52,660 --> 00:04:57,070
stream had some sort of buffer when the

85
00:04:55,360 --> 00:04:57,580
bed box I would sued the ledger and the

86
00:04:57,070 --> 00:05:00,220
treasure

87
00:04:57,580 --> 00:05:03,940
so you're basically positioned on their

88
00:05:00,220 --> 00:05:05,500
podium and also there was this video of

89
00:05:03,940 --> 00:05:09,490
somebody could try to order more than

90
00:05:05,500 --> 00:05:11,890
four devices and was not able so if you

91
00:05:09,490 --> 00:05:14,410
have this kind of limitation in place I

92
00:05:11,890 --> 00:05:16,960
presume that you you're starting to have

93
00:05:14,410 --> 00:05:19,810
a demand for the product

94
00:05:16,960 --> 00:05:22,780
yeah it's slowly picking up so we just

95
00:05:19,810 --> 00:05:24,190
released our big box o to hardware

96
00:05:22,780 --> 00:05:25,180
wallet which is our second version

97
00:05:24,190 --> 00:05:29,050
device

98
00:05:25,180 --> 00:05:32,139
I guess just a couple of months ago and

99
00:05:29,050 --> 00:05:34,419
so we spent a lot of time in the last

100
00:05:32,139 --> 00:05:35,949
years developing it and were quite quite

101
00:05:34,419 --> 00:05:40,389
happy with the response we've gotten so

102
00:05:35,949 --> 00:05:42,070
far and we're looking forward for you

103
00:05:40,389 --> 00:05:43,509
know to keep keep promoting it keep

104
00:05:42,070 --> 00:05:46,900
hearing feedback and keep trying to

105
00:05:43,509 --> 00:05:49,240
improve on it and Douglas as far as I

106
00:05:46,900 --> 00:05:53,050
know you're the creator and designer of

107
00:05:49,240 --> 00:05:54,430
the original bit box right yes so again

108
00:05:53,050 --> 00:05:56,740
the big box or twos or second version

109
00:05:54,430 --> 00:05:59,949
the first one I created and designed

110
00:05:56,740 --> 00:06:03,220
myself a number of years ago about four

111
00:05:59,949 --> 00:06:05,979
years ago now and so I do have a quite a

112
00:06:03,220 --> 00:06:07,930
bit of technical background to be able

113
00:06:05,979 --> 00:06:11,949
to do that of course but right now my

114
00:06:07,930 --> 00:06:13,720
role is the CEO so fortunately and

115
00:06:11,949 --> 00:06:17,430
unfortunately I don't get so much chance

116
00:06:13,720 --> 00:06:20,320
to do the technical work anymore okay

117
00:06:17,430 --> 00:06:23,110
that's in sports now so my first

118
00:06:20,320 --> 00:06:25,690
question for both of you is why should

119
00:06:23,110 --> 00:06:28,510
bitcoiners by a hardware wallet because

120
00:06:25,690 --> 00:06:30,970
when asked some security specialists

121
00:06:28,510 --> 00:06:33,669
they're going to say that it's better to

122
00:06:30,970 --> 00:06:36,340
just use a paper wallet or some other

123
00:06:33,669 --> 00:06:38,139
cold storage method and some people even

124
00:06:36,340 --> 00:06:40,840
say that it's better to get a

125
00:06:38,139 --> 00:06:44,480
general-purpose item that you cannot

126
00:06:40,840 --> 00:06:47,760
distinguish by manufacturer

127
00:06:44,480 --> 00:06:51,930
yeah there's there's different layers or

128
00:06:47,760 --> 00:06:54,030
their faults about what's most secure I

129
00:06:51,930 --> 00:06:58,020
mean in general if you're going to use

130
00:06:54,030 --> 00:07:00,180
the paper wallet so where do you

131
00:06:58,020 --> 00:07:02,660
generate your entropy you're going to

132
00:07:00,180 --> 00:07:05,430
roll dices which is really complicated

133
00:07:02,660 --> 00:07:08,520
order you going to use a computer to

134
00:07:05,430 --> 00:07:11,310
generate the paper wallet which during

135
00:07:08,520 --> 00:07:15,360
the moment of your generation of that

136
00:07:11,310 --> 00:07:17,550
the actual seed you may be compromised

137
00:07:15,360 --> 00:07:20,370
at that point so that's that's a

138
00:07:17,550 --> 00:07:22,200
critical moment and then be what if you

139
00:07:20,370 --> 00:07:24,360
want to spend your coins assume you have

140
00:07:22,200 --> 00:07:26,250
created a secure paper wallet that at

141
00:07:24,360 --> 00:07:28,800
some point you want to sell the coins or

142
00:07:26,250 --> 00:07:31,050
send them forward what are you going to

143
00:07:28,800 --> 00:07:33,360
do with the paper wallet so you need to

144
00:07:31,050 --> 00:07:36,870
enter the seat again into your computer

145
00:07:33,360 --> 00:07:40,650
or eventually an insecure device and if

146
00:07:36,870 --> 00:07:42,830
that device is compromised the funds may

147
00:07:40,650 --> 00:07:45,419
be redirected to the attacker and

148
00:07:42,830 --> 00:07:47,850
hardware wallets they come with very

149
00:07:45,419 --> 00:07:50,460
limited the tax surface they have almost

150
00:07:47,850 --> 00:07:52,560
no iOS so it's like secure on the

151
00:07:50,460 --> 00:07:56,400
hardware hand and it's also having

152
00:07:52,560 --> 00:07:59,430
usually non Linux dedicated operating

153
00:07:56,400 --> 00:08:01,110
system which is like super small amounts

154
00:07:59,430 --> 00:08:04,200
of lines of codes compared to you know

155
00:08:01,110 --> 00:08:07,050
Android with probably ten millions of

156
00:08:04,200 --> 00:08:10,560
lines of code just for the kernel and I

157
00:08:07,050 --> 00:08:12,570
guess by limiting that we can make sure

158
00:08:10,560 --> 00:08:15,990
or horrible as can make sure it's like

159
00:08:12,570 --> 00:08:22,169
the best or the least amount of attack

160
00:08:15,990 --> 00:08:24,210
vectors possibly okay I know that

161
00:08:22,169 --> 00:08:26,820
generally hardware wallets tend to be

162
00:08:24,210 --> 00:08:31,919
very secure unless you have some sort of

163
00:08:26,820 --> 00:08:34,169
physical access to them and maybe that

164
00:08:31,919 --> 00:08:36,479
this applies to any security device it's

165
00:08:34,169 --> 00:08:39,450
safe until somebody but it's very

166
00:08:36,479 --> 00:08:41,969
skilled and knows exactly what to do

167
00:08:39,450 --> 00:08:44,690
gets their hands on them and possibly

168
00:08:41,969 --> 00:08:47,329
that's where the compromise can happen

169
00:08:44,690 --> 00:08:49,730
yeah it's always you know the more money

170
00:08:47,329 --> 00:08:53,149
you willing to spend to compromise the

171
00:08:49,730 --> 00:08:56,540
device the more likely is it that you're

172
00:08:53,149 --> 00:08:59,600
going to access the secrets on it

173
00:08:56,540 --> 00:09:02,959
there is nothing we unhackable that's

174
00:08:59,600 --> 00:09:06,980
just not possible so it's like how how

175
00:09:02,959 --> 00:09:08,870
secure you make things so you can take

176
00:09:06,980 --> 00:09:11,209
one horrible but then you can reuse

177
00:09:08,870 --> 00:09:13,970
multiple order words in kind of a split

178
00:09:11,209 --> 00:09:17,420
portfolio a situation or in a multi

179
00:09:13,970 --> 00:09:19,519
stick but at the end is it's it's

180
00:09:17,420 --> 00:09:22,459
everything is hacked oh it's just very

181
00:09:19,519 --> 00:09:24,920
complicated and to beatbox out to also

182
00:09:22,459 --> 00:09:28,310
protects from physical theft so it's

183
00:09:24,920 --> 00:09:31,459
like we're trying to make it impossible

184
00:09:28,310 --> 00:09:36,949
for for physical self to access the

185
00:09:31,459 --> 00:09:40,180
funds so user wants to buy a hardware

186
00:09:36,949 --> 00:09:43,310
wallet and they're not quite decided

187
00:09:40,180 --> 00:09:46,610
they don't know what to do why should

188
00:09:43,310 --> 00:09:48,500
they go for the big box of to what is

189
00:09:46,610 --> 00:09:52,370
special about it as compared to the

190
00:09:48,500 --> 00:09:56,509
competition yeah I can try to try to

191
00:09:52,370 --> 00:09:58,880
answer this one and so there are a

192
00:09:56,509 --> 00:10:02,720
number of options and more options

193
00:09:58,880 --> 00:10:05,269
coming out to the market and I think in

194
00:10:02,720 --> 00:10:06,980
general it that's a good thing there's

195
00:10:05,269 --> 00:10:09,980
solid competition I think it's a good

196
00:10:06,980 --> 00:10:11,810
thing to have you know if you have a lot

197
00:10:09,980 --> 00:10:13,610
of funds it's probably a good idea to

198
00:10:11,810 --> 00:10:16,790
have a couple of different hardware

199
00:10:13,610 --> 00:10:18,829
wallets just in order to reduce some of

200
00:10:16,790 --> 00:10:21,250
the manufacturer risk if a problem

201
00:10:18,829 --> 00:10:23,600
happens in one of them but for our

202
00:10:21,250 --> 00:10:25,370
Hardware wallet in particular we do

203
00:10:23,600 --> 00:10:27,559
think it has some advantages over the

204
00:10:25,370 --> 00:10:31,220
competition some strong advantages both

205
00:10:27,559 --> 00:10:33,559
in terms of usability also in terms of

206
00:10:31,220 --> 00:10:38,720
security which I can touch on very

207
00:10:33,559 --> 00:10:41,629
quickly so usability when we when we

208
00:10:38,720 --> 00:10:44,750
design the bid box or two we try to take

209
00:10:41,629 --> 00:10:48,559
a lot of lessons from our bit box or one

210
00:10:44,750 --> 00:10:50,120
and apply them to the bit box or two in

211
00:10:48,559 --> 00:10:51,620
terms of usability one of the most

212
00:10:50,120 --> 00:10:55,220
popular features of our first target

213
00:10:51,620 --> 00:10:58,040
wallet was the micro SD card and so we

214
00:10:55,220 --> 00:10:58,370
focus talked a lot on simplicity and the

215
00:10:58,040 --> 00:11:00,499
mic

216
00:10:58,370 --> 00:11:03,139
SD card is one of the best ways to do

217
00:11:00,499 --> 00:11:07,480
that what that refers to specifically is

218
00:11:03,139 --> 00:11:07,480
when you first create a hardware wallet

219
00:11:07,569 --> 00:11:15,680
you need to handle the backup safely and

220
00:11:12,939 --> 00:11:17,809
the common way to do that is with this

221
00:11:15,680 --> 00:11:20,110
mnemonic word list and so you write down

222
00:11:17,809 --> 00:11:22,370
12 or 24 words onto a piece of paper

223
00:11:20,110 --> 00:11:25,730
then you have to reenter into the device

224
00:11:22,370 --> 00:11:27,709
in order to check it and so on and the

225
00:11:25,730 --> 00:11:30,589
feedback we got from new users and our

226
00:11:27,709 --> 00:11:33,319
resellers is that this is a quite a

227
00:11:30,589 --> 00:11:36,019
complicated process they call it

228
00:11:33,319 --> 00:11:37,610
mnemonic anxiety where users especially

229
00:11:36,019 --> 00:11:39,110
new users they don't really understand

230
00:11:37,610 --> 00:11:40,999
the concept and so it's really stressful

231
00:11:39,110 --> 00:11:44,629
during this whole process that can take

232
00:11:40,999 --> 00:11:47,540
20 to 30 minutes to write down each each

233
00:11:44,629 --> 00:11:51,050
letter correctly and so on and so on and

234
00:11:47,540 --> 00:11:53,389
so with the micro SD card we eliminate

235
00:11:51,050 --> 00:11:56,329
the need for that where the backup is

236
00:11:53,389 --> 00:11:58,309
created instantly on the SD card and so

237
00:11:56,329 --> 00:12:01,759
a back concept of a backup is really

238
00:11:58,309 --> 00:12:04,790
easy to understand and just saves a lot

239
00:12:01,759 --> 00:12:06,499
of a lot of stress during the whole

240
00:12:04,790 --> 00:12:09,230
process and so you can set it up you can

241
00:12:06,499 --> 00:12:11,870
also recover a wallet very quickly with

242
00:12:09,230 --> 00:12:15,470
the big box or two for for more expert

243
00:12:11,870 --> 00:12:17,749
users or the people I guess more

244
00:12:15,470 --> 00:12:20,779
comfortable handling mnemonics we also

245
00:12:17,749 --> 00:12:23,389
do offer the option to display the

246
00:12:20,779 --> 00:12:26,509
mnemonic on the screen and to record it

247
00:12:23,389 --> 00:12:28,129
down onto paper so that that's one way

248
00:12:26,509 --> 00:12:32,389
in terms of usability I think one of the

249
00:12:28,129 --> 00:12:34,730
unique things with our second Hardware

250
00:12:32,389 --> 00:12:37,639
wallet also is the user input and so we

251
00:12:34,730 --> 00:12:39,889
have touch sliders on the sides of the

252
00:12:37,639 --> 00:12:43,929
device and those things allow different

253
00:12:39,889 --> 00:12:46,100
types of gestures so a tap slide hold

254
00:12:43,929 --> 00:12:47,509
things like that allows a lot of

255
00:12:46,100 --> 00:12:49,339
flexibility there and we think we can do

256
00:12:47,509 --> 00:12:51,319
a lot of really interesting UX with that

257
00:12:49,339 --> 00:12:52,730
and also having the sliders on the side

258
00:12:51,319 --> 00:12:54,800
of the device and start over the screen

259
00:12:52,730 --> 00:12:56,240
you don't your fingers not in the way at

260
00:12:54,800 --> 00:12:59,029
screen so it's a bit better usability

261
00:12:56,240 --> 00:13:01,459
experience that way we've gotten a lot

262
00:12:59,029 --> 00:13:06,110
of good feedback on the uniqueness and

263
00:13:01,459 --> 00:13:08,720
we think also in terms of the different

264
00:13:06,110 --> 00:13:11,269
things you need to do on a device such

265
00:13:08,720 --> 00:13:12,510
as password entry or scrolling through

266
00:13:11,269 --> 00:13:14,190
data

267
00:13:12,510 --> 00:13:17,100
that we can do this in a much more

268
00:13:14,190 --> 00:13:19,410
efficient and even fun way and so quite

269
00:13:17,100 --> 00:13:22,170
quite happy about the response to that

270
00:13:19,410 --> 00:13:30,830
from the initial users so far in terms

271
00:13:22,170 --> 00:13:33,750
of security to when we had our small

272
00:13:30,830 --> 00:13:35,310
meeting in Berlin we talked about it a

273
00:13:33,750 --> 00:13:42,240
little bit I'll try to summarize very

274
00:13:35,310 --> 00:13:43,940
quickly we I guess looking at ledger and

275
00:13:42,240 --> 00:13:47,520
treasure I think they're the domain

276
00:13:43,940 --> 00:13:50,340
market leaders at the moment they do

277
00:13:47,520 --> 00:13:52,500
security or their their security

278
00:13:50,340 --> 00:13:54,870
architecture is a bit different I guess

279
00:13:52,500 --> 00:13:57,360
kind of extremes and we try to take the

280
00:13:54,870 --> 00:13:59,490
best of both worlds so treasure for

281
00:13:57,360 --> 00:14:01,350
example is open source which is a really

282
00:13:59,490 --> 00:14:03,090
great thing but the use of

283
00:14:01,350 --> 00:14:06,930
general-purpose microcontroller which is

284
00:14:03,090 --> 00:14:10,350
not designed for security that's okay

285
00:14:06,930 --> 00:14:14,190
but it makes it a bit easier to for an

286
00:14:10,350 --> 00:14:16,230
attacker to access the secrets or data

287
00:14:14,190 --> 00:14:19,710
on on the device if they do physical

288
00:14:16,230 --> 00:14:22,470
theft ledger on the other hand does use

289
00:14:19,710 --> 00:14:27,270
a secure element which is specifically

290
00:14:22,470 --> 00:14:28,710
designed to prevent physical access when

291
00:14:27,270 --> 00:14:32,940
someone steals a device that's a very

292
00:14:28,710 --> 00:14:35,280
great thing but the issue there is in

293
00:14:32,940 --> 00:14:36,630
order to run code on the secure element

294
00:14:35,280 --> 00:14:38,640
they have to sign an NDA with the

295
00:14:36,630 --> 00:14:41,040
manufacturer and so the close the code

296
00:14:38,640 --> 00:14:44,340
is closed source and important parts of

297
00:14:41,040 --> 00:14:47,370
the code are closed source the problem

298
00:14:44,340 --> 00:14:48,690
with this is that in order for a secure

299
00:14:47,370 --> 00:14:51,150
element to be labeled a secure element

300
00:14:48,690 --> 00:14:53,280
you have to the manufacturer has to go

301
00:14:51,150 --> 00:14:56,880
through a certification process where it

302
00:14:53,280 --> 00:14:58,350
could take a year or more and time it

303
00:14:56,880 --> 00:15:00,240
can take a million dollars to go through

304
00:14:58,350 --> 00:15:03,770
this so it's very costly kind of setup

305
00:15:00,240 --> 00:15:07,200
and in the past it's been reported that

306
00:15:03,770 --> 00:15:10,380
manufacturers do not have the incentive

307
00:15:07,200 --> 00:15:14,840
to fix bugs that happen and it's

308
00:15:10,380 --> 00:15:17,880
inevitable that bugs will happen and so

309
00:15:14,840 --> 00:15:19,710
you know if these these things are used

310
00:15:17,880 --> 00:15:21,570
in ATM cards and stuff like that where

311
00:15:19,710 --> 00:15:23,160
it's probably okay it's probably an

312
00:15:21,570 --> 00:15:24,990
acceptable level but when it comes to

313
00:15:23,160 --> 00:15:25,510
cryptocurrencies where one small bug

314
00:15:24,990 --> 00:15:29,320
could

315
00:15:25,510 --> 00:15:33,130
your transaction to fly away into the

316
00:15:29,320 --> 00:15:35,770
into the ether and not be recoverable we

317
00:15:33,130 --> 00:15:40,860
think this is just a no-go

318
00:15:35,770 --> 00:15:43,750
and the reason that the manufacturers

319
00:15:40,860 --> 00:15:45,430
aren't incentivized to fix bugs is in

320
00:15:43,750 --> 00:15:47,620
order to change the code which is

321
00:15:45,430 --> 00:15:51,160
oftentimes at the hardware level they

322
00:15:47,620 --> 00:15:52,690
would need to do a chip redesign they

323
00:15:51,160 --> 00:15:54,940
need to redo the certification process

324
00:15:52,690 --> 00:15:56,320
or another year to market another

325
00:15:54,940 --> 00:15:59,830
million dollars and so they have a

326
00:15:56,320 --> 00:16:03,370
tendency to just ignore these problems

327
00:15:59,830 --> 00:16:06,910
and you know it's it's to a point now

328
00:16:03,370 --> 00:16:09,130
where you know the this the the quality

329
00:16:06,910 --> 00:16:10,360
of the the chips are good but you know

330
00:16:09,130 --> 00:16:13,630
even if you have a one-in-a-million

331
00:16:10,360 --> 00:16:16,500
possibility of a bug happening in some

332
00:16:13,630 --> 00:16:18,970
side case or edge case that still means

333
00:16:16,500 --> 00:16:22,650
irreversible loss of funds to people and

334
00:16:18,970 --> 00:16:25,150
in my opinion that's just a no-go and so

335
00:16:22,650 --> 00:16:27,070
the big box or - we try to take the best

336
00:16:25,150 --> 00:16:30,970
of both worlds so we do use a

337
00:16:27,070 --> 00:16:34,450
general-purpose microphone it is run

338
00:16:30,970 --> 00:16:37,420
open-source and we use only the most

339
00:16:34,450 --> 00:16:40,000
well vetted cryptographic libraries to

340
00:16:37,420 --> 00:16:42,340
do that but we also combine that with

341
00:16:40,000 --> 00:16:45,460
the secure chip and the secure chip we

342
00:16:42,340 --> 00:16:47,140
use purely for security in the physical

343
00:16:45,460 --> 00:16:52,930
access to the device and so this is also

344
00:16:47,140 --> 00:16:55,150
why we try to the threat scenario of

345
00:16:52,930 --> 00:16:59,890
theft is also something we protect

346
00:16:55,150 --> 00:17:02,440
against okay because when I tested it

347
00:16:59,890 --> 00:17:04,480
for my Bitcoin magazine review which is

348
00:17:02,440 --> 00:17:07,690
also be read and if you're getting

349
00:17:04,480 --> 00:17:10,870
informed what I liked about it was that

350
00:17:07,690 --> 00:17:14,740
wooden user interface you were able to

351
00:17:10,870 --> 00:17:17,350
connect your full node and also enable a

352
00:17:14,740 --> 00:17:18,280
function which allowed you to have UT

353
00:17:17,350 --> 00:17:20,680
accel control

354
00:17:18,280 --> 00:17:26,050
I think it's called coin control indeed

355
00:17:20,680 --> 00:17:29,290
yes yeah so these two options even

356
00:17:26,050 --> 00:17:32,020
though they might sound but now or

357
00:17:29,290 --> 00:17:33,700
something that should be there they're

358
00:17:32,020 --> 00:17:36,340
not actually in the interfaces of

359
00:17:33,700 --> 00:17:39,570
stressors and ledger so that's something

360
00:17:36,340 --> 00:17:39,570
that I really appreciate

361
00:17:41,500 --> 00:17:46,820
it's since its expiry on the software

362
00:17:44,539 --> 00:17:48,919
layer so it has not too much to do with

363
00:17:46,820 --> 00:17:51,860
hardware itself but it's part of our

364
00:17:48,919 --> 00:17:54,950
user experience cycle and I think

365
00:17:51,860 --> 00:17:57,500
especially coin control to control up to

366
00:17:54,950 --> 00:18:00,799
you tick so I consider that very

367
00:17:57,500 --> 00:18:03,500
essential because I don't a want to link

368
00:18:00,799 --> 00:18:06,320
which which would change so what you

369
00:18:03,500 --> 00:18:09,110
what controls coin control allows you

370
00:18:06,320 --> 00:18:12,110
it's like forwarding single received

371
00:18:09,110 --> 00:18:14,840
amount to let's say an exchange if you

372
00:18:12,110 --> 00:18:19,159
don't want to have a change address

373
00:18:14,840 --> 00:18:21,880
which could be bad for privacy or if

374
00:18:19,159 --> 00:18:24,350
there is taint and you take those

375
00:18:21,880 --> 00:18:29,120
there's a lot of taint going on with

376
00:18:24,350 --> 00:18:32,049
people sending small amounts to larger

377
00:18:29,120 --> 00:18:35,600
addresses so they can track you better

378
00:18:32,049 --> 00:18:38,720
and usually normal normal wallets will

379
00:18:35,600 --> 00:18:41,720
also take those who take those and spend

380
00:18:38,720 --> 00:18:44,990
those coins as well so manual point

381
00:18:41,720 --> 00:18:46,820
control I think this is way how it how

382
00:18:44,990 --> 00:18:49,010
it should have been from the beginning

383
00:18:46,820 --> 00:18:52,159
and automatic coin selection is

384
00:18:49,010 --> 00:18:56,120
something that people should have been

385
00:18:52,159 --> 00:18:58,730
enabled intentionally intentionally now

386
00:18:56,120 --> 00:19:01,010
and you also have the best 32 support

387
00:18:58,730 --> 00:19:03,380
from day one which is something that

388
00:19:01,010 --> 00:19:05,899
took other manufacturers a long time to

389
00:19:03,380 --> 00:19:09,260
implement but in regards to coin control

390
00:19:05,899 --> 00:19:12,110
I think it manages to fix and address

391
00:19:09,260 --> 00:19:14,240
one of the design issues of Bitcoin

392
00:19:12,110 --> 00:19:17,990
because when you send somebody any

393
00:19:14,240 --> 00:19:19,730
amounts they can see everything even in

394
00:19:17,990 --> 00:19:22,309
terms of how much you have and how much

395
00:19:19,730 --> 00:19:24,679
people who sent you their bitcoins head

396
00:19:22,309 --> 00:19:27,289
and they can track all of this

397
00:19:24,679 --> 00:19:30,019
information all the way to whoever they

398
00:19:27,289 --> 00:19:32,539
want to identify so if you have for

399
00:19:30,019 --> 00:19:35,960
example 50 bitcoins and you want to send

400
00:19:32,539 --> 00:19:37,820
point one to somebody you don't want

401
00:19:35,960 --> 00:19:41,029
them to see that you have 50 because

402
00:19:37,820 --> 00:19:42,919
nowadays that's a lot of money and if

403
00:19:41,029 --> 00:19:46,490
you have just a small niche Excel which

404
00:19:42,919 --> 00:19:48,590
enables you to send that amounts for

405
00:19:46,490 --> 00:19:50,820
example you have a points to you th cell

406
00:19:48,590 --> 00:19:54,360
they're only going to see that and

407
00:19:50,820 --> 00:19:57,389
are useful yeah I mean it's it's not

408
00:19:54,360 --> 00:20:01,940
it's not a mixer so you they're still

409
00:19:57,389 --> 00:20:04,409
linkage to your uniform along formal

410
00:20:01,940 --> 00:20:08,130
receiving but you can't choose which

411
00:20:04,409 --> 00:20:10,830
ones you wanna use which is like a huge

412
00:20:08,130 --> 00:20:12,630
benefit in terms of rate of response or

413
00:20:10,830 --> 00:20:14,820
and which ones of those who are you

414
00:20:12,630 --> 00:20:16,019
going to spend because otherwise your

415
00:20:14,820 --> 00:20:18,330
wallet doesn't make any difference

416
00:20:16,019 --> 00:20:22,610
between where you got money from and

417
00:20:18,330 --> 00:20:26,730
this could be hurtful for your privacy

418
00:20:22,610 --> 00:20:28,379
okay I think the next part of the

419
00:20:26,730 --> 00:20:31,409
interview is going to be the toughest

420
00:20:28,379 --> 00:20:34,080
one because I'm not something nice about

421
00:20:31,409 --> 00:20:37,559
your competition and we're going to

422
00:20:34,080 --> 00:20:39,690
break this down by manufacture so we

423
00:20:37,559 --> 00:20:44,309
begin web browser because they were the

424
00:20:39,690 --> 00:20:47,159
first players on the market yeah so just

425
00:20:44,309 --> 00:20:48,740
to take one step back so I appreciate

426
00:20:47,159 --> 00:20:50,970
you also listing some of the other

427
00:20:48,740 --> 00:20:54,080
features of the wallet I just wanted to

428
00:20:50,970 --> 00:20:57,360
mention one other thing is that our

429
00:20:54,080 --> 00:20:59,120
desktop app is now also a mobile app so

430
00:20:57,360 --> 00:21:03,480
for Android we released a beta version

431
00:20:59,120 --> 00:21:06,029
which i think is quite quite cool so our

432
00:21:03,480 --> 00:21:07,950
device itself has a USBC connector so

433
00:21:06,029 --> 00:21:10,080
you can plug it directly into modern

434
00:21:07,950 --> 00:21:13,350
Android phones and we'd be really happy

435
00:21:10,080 --> 00:21:14,820
if our existing users can go check that

436
00:21:13,350 --> 00:21:18,299
out and give us some feedback so we can

437
00:21:14,820 --> 00:21:20,700
get it out of beta so I just sorry for

438
00:21:18,299 --> 00:21:24,149
the quick plug and then to come in to

439
00:21:20,700 --> 00:21:27,840
the next question say something nice

440
00:21:24,149 --> 00:21:32,129
about our competitors so I think I would

441
00:21:27,840 --> 00:21:35,159
say this is not not not so hard of a

442
00:21:32,129 --> 00:21:38,220
thing to do and I think in any young

443
00:21:35,159 --> 00:21:40,679
field and cryptocurrencies Hardware

444
00:21:38,220 --> 00:21:42,149
wallets especially our young field it's

445
00:21:40,679 --> 00:21:44,460
a very important thing for the

446
00:21:42,149 --> 00:21:48,259
competitors to kind of look out for each

447
00:21:44,460 --> 00:21:49,710
other because in this sense you know

448
00:21:48,259 --> 00:21:52,350
what's the saying

449
00:21:49,710 --> 00:21:54,120
we're rising tide lifts all boats I

450
00:21:52,350 --> 00:21:56,879
think that really applies in this

451
00:21:54,120 --> 00:21:58,529
current field and so we're we're also

452
00:21:56,879 --> 00:22:00,899
quite quite happy to make good

453
00:21:58,529 --> 00:22:05,129
relationships with our competitors and

454
00:22:00,899 --> 00:22:06,990
you know try to improve our offerings in

455
00:22:05,129 --> 00:22:10,110
all ways for everyone

456
00:22:06,990 --> 00:22:15,629
with respect to treasure we've had a lot

457
00:22:10,110 --> 00:22:17,519
of great relationships with them what

458
00:22:15,629 --> 00:22:20,129
really great thing of course is their

459
00:22:17,519 --> 00:22:22,620
open source nature they really stick to

460
00:22:20,129 --> 00:22:25,639
the ideals around that a really great

461
00:22:22,620 --> 00:22:27,629
community interaction we've done some

462
00:22:25,639 --> 00:22:30,499
responsible disclosures with them and

463
00:22:27,629 --> 00:22:32,669
it's been a really great great process

464
00:22:30,499 --> 00:22:36,629
so I'd say they're quite quite

465
00:22:32,669 --> 00:22:39,299
professional along that on that end and

466
00:22:36,629 --> 00:22:42,749
so again I think we kind of share the

467
00:22:39,299 --> 00:22:43,919
ideals of making you know keeping

468
00:22:42,749 --> 00:22:46,710
everything open-source really

469
00:22:43,919 --> 00:22:48,779
contributing to the community of course

470
00:22:46,710 --> 00:22:50,490
we have business models that compete

471
00:22:48,779 --> 00:22:52,619
where we try to sell hardware to

472
00:22:50,490 --> 00:22:56,190
customers but in the end we think

473
00:22:52,619 --> 00:22:58,169
improving the the whole ecosystem will

474
00:22:56,190 --> 00:23:01,110
just be a benefit for everyone including

475
00:22:58,169 --> 00:23:04,409
both of ourselves and the users in the

476
00:23:01,110 --> 00:23:10,080
community can you also say something

477
00:23:04,409 --> 00:23:16,159
that you don't like about Kresser so

478
00:23:10,080 --> 00:23:16,159
this is the hard part let's see I guess

479
00:23:18,350 --> 00:23:26,610
yeah you're forced out say they I think

480
00:23:24,240 --> 00:23:28,860
they do a really great job I think you

481
00:23:26,610 --> 00:23:31,889
know the hardware they build is is

482
00:23:28,860 --> 00:23:34,639
really nice the app is really nice I

483
00:23:31,889 --> 00:23:37,200
would say one of the negatives is that

484
00:23:34,639 --> 00:23:39,419
theft is not part of their security

485
00:23:37,200 --> 00:23:41,700
model for the hardware and I hope that

486
00:23:39,419 --> 00:23:46,129
they're working on solutions to that in

487
00:23:41,700 --> 00:23:48,450
the future okay let's move on to ledger

488
00:23:46,129 --> 00:23:50,369
you'll have to see something nice about

489
00:23:48,450 --> 00:23:56,399
them and something that's you don't like

490
00:23:50,369 --> 00:23:59,700
sure so ledger I think quite quite

491
00:23:56,399 --> 00:24:03,220
respectable company the market leaders

492
00:23:59,700 --> 00:24:07,510
in the field so they're really driving

493
00:24:03,220 --> 00:24:10,120
you know a lot of adoption and consumer

494
00:24:07,510 --> 00:24:13,500
pick up I think one of the best things

495
00:24:10,120 --> 00:24:15,670
about them is their ledger don't run

496
00:24:13,500 --> 00:24:20,560
Charles who's leading that he's a really

497
00:24:15,670 --> 00:24:23,560
great guy and again I think he fares

498
00:24:20,560 --> 00:24:25,690
these these ideals of the rising tide

499
00:24:23,560 --> 00:24:29,550
lifts all ships and so he's also very

500
00:24:25,690 --> 00:24:32,350
interested and in our communication to

501
00:24:29,550 --> 00:24:33,730
support each other to improve improve

502
00:24:32,350 --> 00:24:38,260
things and the ledger john-john if

503
00:24:33,730 --> 00:24:42,100
people don't know is specialized I guess

504
00:24:38,260 --> 00:24:45,850
white hat hacker kind of Enclave that's

505
00:24:42,100 --> 00:24:47,890
an independent part of ledger and they

506
00:24:45,850 --> 00:24:51,730
do a lot of really great work I have a

507
00:24:47,890 --> 00:24:53,680
lot of great experts in order to look at

508
00:24:51,730 --> 00:24:56,500
the security of themselves of course but

509
00:24:53,680 --> 00:24:58,710
also their competitors and related

510
00:24:56,500 --> 00:25:04,330
fields and I think that's a really great

511
00:24:58,710 --> 00:25:07,720
great asset for the whole ecosystem as

512
00:25:04,330 --> 00:25:09,750
far as things you don't like I guess

513
00:25:07,720 --> 00:25:13,030
that's a bit easier can use the

514
00:25:09,750 --> 00:25:15,160
stereotypical one that they're using the

515
00:25:13,030 --> 00:25:17,080
secure element which means part of their

516
00:25:15,160 --> 00:25:22,480
code has to be close source which I

517
00:25:17,080 --> 00:25:27,910
talked about a bit earlier okay that was

518
00:25:22,480 --> 00:25:30,850
easy I think the people on Twitter who

519
00:25:27,910 --> 00:25:33,550
buy products and then compare are a lot

520
00:25:30,850 --> 00:25:36,220
more toxic and a lot leaner than actual

521
00:25:33,550 --> 00:25:38,770
you people who are the executives and

522
00:25:36,220 --> 00:25:40,510
the creators of the devices I feel like

523
00:25:38,770 --> 00:25:41,790
there is some sort of spirit of

524
00:25:40,510 --> 00:25:45,940
camaraderie

525
00:25:41,790 --> 00:25:49,960
maybe but before I jump to conclusions

526
00:25:45,940 --> 00:25:52,240
about that but because some people say

527
00:25:49,960 --> 00:25:54,760
it's a treasure clone of sorts I I had

528
00:25:52,240 --> 00:25:58,120
the first interview of this season where

529
00:25:54,760 --> 00:25:59,800
the CEO of shape-shift so what do you

530
00:25:58,120 --> 00:26:03,280
think about the key key something good

531
00:25:59,800 --> 00:26:05,950
and something bad yeah so keep key

532
00:26:03,280 --> 00:26:08,200
I guess originally they were a treasure

533
00:26:05,950 --> 00:26:10,180
clone number of years ago and I think

534
00:26:08,200 --> 00:26:12,760
they weren't shy about advertising that

535
00:26:10,180 --> 00:26:14,950
and talking about it and really trying

536
00:26:12,760 --> 00:26:16,130
to take the treasure model and again

537
00:26:14,950 --> 00:26:17,780
this is

538
00:26:16,130 --> 00:26:19,190
I think treasure is okay with it they're

539
00:26:17,780 --> 00:26:20,780
all open that's why their code is open

540
00:26:19,190 --> 00:26:25,299
source so other people can improve on it

541
00:26:20,780 --> 00:26:29,840
and they took that code to make a better

542
00:26:25,299 --> 00:26:33,919
or try to make a better I guess UX in

543
00:26:29,840 --> 00:26:36,260
terms of hardware so but naturally in

544
00:26:33,919 --> 00:26:37,850
time things do diverge so it's I

545
00:26:36,260 --> 00:26:41,270
wouldn't necessarily call them a trouser

546
00:26:37,850 --> 00:26:43,130
clone anymore in time you know as you

547
00:26:41,270 --> 00:26:45,679
have your own hardware platform in your

548
00:26:43,130 --> 00:26:47,210
own those things will diverge and you'll

549
00:26:45,679 --> 00:26:50,750
you'll end up making different design

550
00:26:47,210 --> 00:26:54,559
decisions and so the key key I would say

551
00:26:50,750 --> 00:26:59,360
in that sense the the positives and

552
00:26:54,559 --> 00:27:02,150
negatives are similar to treasure so the

553
00:26:59,360 --> 00:27:03,830
the negative in the sense that you know

554
00:27:02,150 --> 00:27:07,299
they don't have the secure pin side so

555
00:27:03,830 --> 00:27:12,679
the threat model doesn't include theft

556
00:27:07,299 --> 00:27:15,679
the positive is I guess since since they

557
00:27:12,679 --> 00:27:18,830
got bought by a shape shift they have

558
00:27:15,679 --> 00:27:21,679
quite nice usability in terms of the

559
00:27:18,830 --> 00:27:23,480
integration with shape shift which is

560
00:27:21,679 --> 00:27:25,429
quite quite a nice thing that's

561
00:27:23,480 --> 00:27:30,559
something that we're also interested in

562
00:27:25,429 --> 00:27:32,840
exploring okay now comes the harder part

563
00:27:30,559 --> 00:27:35,630
what do you think about the cold card

564
00:27:32,840 --> 00:27:39,289
because they don't like you as far as I

565
00:27:35,630 --> 00:27:41,809
think they used to like us and so I

566
00:27:39,289 --> 00:27:43,490
think I think they I think they still

567
00:27:41,809 --> 00:27:45,789
like us but we'll see I guess you'll

568
00:27:43,490 --> 00:27:53,150
have an interview with Rudolfo later

569
00:27:45,789 --> 00:27:57,470
assuming so cold card I I think they

570
00:27:53,150 --> 00:27:59,120
have they do a really great job of you

571
00:27:57,470 --> 00:28:01,640
know they have a really well defined

572
00:27:59,120 --> 00:28:04,700
market target market which is the people

573
00:28:01,640 --> 00:28:06,980
who care mostly about security and

574
00:28:04,700 --> 00:28:10,039
willing to sacrifice usability and so

575
00:28:06,980 --> 00:28:11,390
the that brings up immediately one of

576
00:28:10,039 --> 00:28:13,940
the negatives so usability is a

577
00:28:11,390 --> 00:28:16,059
challenge with when using their device

578
00:28:13,940 --> 00:28:21,289
just because you need to have a bit of

579
00:28:16,059 --> 00:28:23,210
more expert level knowledge and that

580
00:28:21,289 --> 00:28:25,789
that's due to their their design choices

581
00:28:23,210 --> 00:28:27,889
they did that on purpose and so

582
00:28:25,789 --> 00:28:30,620
on the other hand you know it's really

583
00:28:27,889 --> 00:28:32,960
optimized for security in a lot of ways

584
00:28:30,620 --> 00:28:41,630
which is a great thing

585
00:28:32,960 --> 00:28:44,870
and the I guess the the issues with why

586
00:28:41,630 --> 00:28:46,549
you say they don't like us I'm not sure

587
00:28:44,870 --> 00:28:48,679
if we'll get into this later or not but

588
00:28:46,549 --> 00:28:50,720
it has to do with a responsible

589
00:28:48,679 --> 00:28:52,100
disclosure that we made to them and I

590
00:28:50,720 --> 00:28:55,070
would say probably there was some

591
00:28:52,100 --> 00:28:57,529
miscommunication along the lines of what

592
00:28:55,070 --> 00:29:00,860
a responsible disclosure actually really

593
00:28:57,529 --> 00:29:02,690
meant in the end and how that process

594
00:29:00,860 --> 00:29:05,510
would play out I guess they're kind of a

595
00:29:02,690 --> 00:29:08,990
newer player on the market so the

596
00:29:05,510 --> 00:29:10,880
protocol is in place for what steps to

597
00:29:08,990 --> 00:29:13,130
go through or kind of maybe not

598
00:29:10,880 --> 00:29:15,350
completely in place and so when we did

599
00:29:13,130 --> 00:29:17,240
make our responsible disclosure there

600
00:29:15,350 --> 00:29:19,460
was some kickback from them about

601
00:29:17,240 --> 00:29:21,440
whether or not the severity level was

602
00:29:19,460 --> 00:29:23,120
really what we think it is and so on and

603
00:29:21,440 --> 00:29:25,700
so on and these are all things that

604
00:29:23,120 --> 00:29:27,080
we've gone through in the past also and

605
00:29:25,700 --> 00:29:30,169
treasure and ledger have gone through in

606
00:29:27,080 --> 00:29:32,570
the past when first dealing with you

607
00:29:30,169 --> 00:29:37,010
know security reports and things like

608
00:29:32,570 --> 00:29:39,200
that I think it's just you know it's a

609
00:29:37,010 --> 00:29:41,389
it's a natural part of the game and you

610
00:29:39,200 --> 00:29:42,639
know getting having a good bug bounty

611
00:29:41,389 --> 00:29:45,980
program in place and getting

612
00:29:42,639 --> 00:29:48,409
high-quality feedback from there's some

613
00:29:45,980 --> 00:29:50,870
really excellent brains in the field

614
00:29:48,409 --> 00:29:55,370
which you have on your interview of

615
00:29:50,870 --> 00:29:57,950
course in the future that really no ways

616
00:29:55,370 --> 00:30:01,130
to hack stuff and like Jana said earlier

617
00:29:57,950 --> 00:30:04,340
nothing is unhackable and so the the

618
00:30:01,130 --> 00:30:06,529
thing that we need to do as harbor

619
00:30:04,340 --> 00:30:09,380
wallet manufacturers is be really

620
00:30:06,529 --> 00:30:11,480
receptive to that and fast responsive

621
00:30:09,380 --> 00:30:13,190
and they were they were accepted and

622
00:30:11,480 --> 00:30:20,090
responded really fast and put out a fix

623
00:30:13,190 --> 00:30:22,220
really fast and really be able to you

624
00:30:20,090 --> 00:30:26,750
know be receptive to that and take that

625
00:30:22,220 --> 00:30:29,090
and improve the products so how do you

626
00:30:26,750 --> 00:30:32,149
comment on the fact that the big box o2

627
00:30:29,090 --> 00:30:33,970
and the cold card mk3 using this

628
00:30:32,149 --> 00:30:37,230
insecure chip

629
00:30:33,970 --> 00:30:37,230
yeah let's dance

630
00:30:37,570 --> 00:30:44,200
so I can't I can't say you know what

631
00:30:41,410 --> 00:30:48,250
their full design decisions are so the

632
00:30:44,200 --> 00:30:49,750
idea of I guess how we call this dual

633
00:30:48,250 --> 00:30:51,910
chip approach so having both

634
00:30:49,750 --> 00:30:56,320
general-purpose microcontroller and a

635
00:30:51,910 --> 00:30:57,670
secure chip that started I guess we're

636
00:30:56,320 --> 00:31:00,790
the first ones to do that about four

637
00:30:57,670 --> 00:31:03,250
years ago with our first pit box you can

638
00:31:00,790 --> 00:31:07,150
argue about the way we implemented it

639
00:31:03,250 --> 00:31:10,780
was maybe not ideal but we kind of

640
00:31:07,150 --> 00:31:14,380
started that and then with the second

641
00:31:10,780 --> 00:31:16,920
version bit box and the cult card they

642
00:31:14,380 --> 00:31:20,380
use the same architecture the same

643
00:31:16,920 --> 00:31:23,290
chipsets and so I think in our opinion

644
00:31:20,380 --> 00:31:25,840
it's made the most sense as far as a

645
00:31:23,290 --> 00:31:27,340
security architecture and I think you

646
00:31:25,840 --> 00:31:28,480
know if you research the different chips

647
00:31:27,340 --> 00:31:29,980
that are available and things like that

648
00:31:28,480 --> 00:31:32,980
it's not too hard to come to your own

649
00:31:29,980 --> 00:31:35,980
conclusion that this is a good approach

650
00:31:32,980 --> 00:31:40,120
and so I think that both of us using the

651
00:31:35,980 --> 00:31:44,620
same approach with the chipset kind of

652
00:31:40,120 --> 00:31:46,660
may be valid covilhã dates our design

653
00:31:44,620 --> 00:31:52,240
choices and so I'm quite quite happy

654
00:31:46,660 --> 00:31:54,520
that they're doing that okay is there

655
00:31:52,240 --> 00:31:56,680
any other hardware wallet manufacturer

656
00:31:54,520 --> 00:31:58,810
that you think should be mentioned in

657
00:31:56,680 --> 00:32:07,660
this session before we move on with

658
00:31:58,810 --> 00:32:10,510
another question now this is the hard

659
00:32:07,660 --> 00:32:13,030
question you put me on the spot because

660
00:32:10,510 --> 00:32:16,600
I I don't want to make any one left out

661
00:32:13,030 --> 00:32:18,610
feel bad so I'll say probably makes

662
00:32:16,600 --> 00:32:22,150
sense to not list anyone in particular

663
00:32:18,610 --> 00:32:24,820
but there are a number of other hardware

664
00:32:22,150 --> 00:32:26,620
while defenders on the market a lot of

665
00:32:24,820 --> 00:32:30,550
newer ones that came out at last year's

666
00:32:26,620 --> 00:32:32,670
and you know I don't want to say too

667
00:32:30,550 --> 00:32:35,680
much about them there's some interesting

668
00:32:32,670 --> 00:32:40,540
then quite quite intriguing designs

669
00:32:35,680 --> 00:32:43,270
choices but in terms of you know

670
00:32:40,540 --> 00:32:44,750
promoting them or not I'd prefer to wait

671
00:32:43,270 --> 00:32:46,040
and see you know how

672
00:32:44,750 --> 00:32:48,200
they do on the market and now they do

673
00:32:46,040 --> 00:32:50,510
with with hacks and so on and things

674
00:32:48,200 --> 00:32:52,550
like that yeah I think it also needs a

675
00:32:50,510 --> 00:32:55,640
lot of time there people analyze the

676
00:32:52,550 --> 00:32:59,360
code people analyze the potential all

677
00:32:55,640 --> 00:33:01,550
abilities all new players they I think

678
00:32:59,360 --> 00:33:04,600
they just need to go through one two

679
00:33:01,550 --> 00:33:07,520
three years of experience before you

680
00:33:04,600 --> 00:33:13,640
realistically can construct them in any

681
00:33:07,520 --> 00:33:15,770
ways that's fair so sometimes I feel

682
00:33:13,640 --> 00:33:17,780
like this is the golden age of hardware

683
00:33:15,770 --> 00:33:20,390
wallets because there are so many

684
00:33:17,780 --> 00:33:22,940
manufacturers that just take the github

685
00:33:20,390 --> 00:33:25,220
repository they forget they create their

686
00:33:22,940 --> 00:33:29,210
own devices and sometimes they bring

687
00:33:25,220 --> 00:33:31,760
some interesting designs and what I

688
00:33:29,210 --> 00:33:35,000
appreciate mostly about hardware wallets

689
00:33:31,760 --> 00:33:38,000
is when they look like regular household

690
00:33:35,000 --> 00:33:39,800
devices and something that I like about

691
00:33:38,000 --> 00:33:43,040
the big box I would do by the way is

692
00:33:39,800 --> 00:33:46,250
that it has a male connector and I don't

693
00:33:43,040 --> 00:33:47,990
know why a lot of manufacturers don't do

694
00:33:46,250 --> 00:33:50,810
that because it looks like a USB flash

695
00:33:47,990 --> 00:33:52,190
drive when it's not turned on it makes

696
00:33:50,810 --> 00:33:54,820
sense where it's you have that male

697
00:33:52,190 --> 00:33:54,820
connector

698
00:33:56,980 --> 00:34:00,880
some people who are very security minded

699
00:33:59,200 --> 00:34:03,010
will say that the cable that you're

700
00:34:00,880 --> 00:34:05,559
using can be compromised so if you're

701
00:34:03,010 --> 00:34:07,570
cutting the cable in the middle then I

702
00:34:05,559 --> 00:34:13,720
guess that's an extra good security

703
00:34:07,570 --> 00:34:19,149
stuff yeah so the original dip box or

704
00:34:13,720 --> 00:34:21,220
one also had a male connector USP a and

705
00:34:19,149 --> 00:34:25,060
the bit box or two as a USBC male

706
00:34:21,220 --> 00:34:26,560
connector so originally a lot of what

707
00:34:25,060 --> 00:34:29,560
you say is exactly what we were thinking

708
00:34:26,560 --> 00:34:32,230
about before first of all you know

709
00:34:29,560 --> 00:34:33,429
cables they're kind of annoying to carry

710
00:34:32,230 --> 00:34:37,869
around but they could also be

711
00:34:33,429 --> 00:34:41,859
compromised by people sticking in some

712
00:34:37,869 --> 00:34:44,649
spy microchips inside with you know some

713
00:34:41,859 --> 00:34:50,230
kind of wireless output which has been

714
00:34:44,649 --> 00:34:52,810
done in the past and so we wanted to not

715
00:34:50,230 --> 00:34:56,080
need to use a cable and we also thought

716
00:34:52,810 --> 00:34:58,690
you know just a cable free approach is

717
00:34:56,080 --> 00:34:59,920
also a lot easier for usability so you

718
00:34:58,690 --> 00:35:01,540
can just plug it directly into your

719
00:34:59,920 --> 00:35:03,580
computer or plug it directly into your

720
00:35:01,540 --> 00:35:05,230
phone and so those are some of the

721
00:35:03,580 --> 00:35:09,160
design considerations we were thinking

722
00:35:05,230 --> 00:35:10,780
about but also you should we should not

723
00:35:09,160 --> 00:35:13,390
forget that we chose to shape it with

724
00:35:10,780 --> 00:35:15,310
the cable so people want to use a cable

725
00:35:13,390 --> 00:35:16,869
there's nothing that stops you even with

726
00:35:15,310 --> 00:35:20,650
the main connector so we have a

727
00:35:16,869 --> 00:35:22,900
female-to-male cable for extensions so

728
00:35:20,650 --> 00:35:25,840
it's it's possible to use a cable put

729
00:35:22,900 --> 00:35:28,240
mavis decision because you it's just way

730
00:35:25,840 --> 00:35:32,140
more natural to use it when you computer

731
00:35:28,240 --> 00:35:35,680
or smartphone yeah looks legit

732
00:35:32,140 --> 00:35:38,010
it looks like a USB flash drive yeah

733
00:35:35,680 --> 00:35:40,869
that's also a that also feature that

734
00:35:38,010 --> 00:35:43,780
sorry to interrupt it's also a feature

735
00:35:40,869 --> 00:35:46,900
because we think when you travel with

736
00:35:43,780 --> 00:35:48,760
such device you don't want that it that

737
00:35:46,900 --> 00:35:52,570
it looks like a hard wallet in the first

738
00:35:48,760 --> 00:35:55,150
place because it's also yeah it can also

739
00:35:52,570 --> 00:35:58,750
be problematic if you cross borders and

740
00:35:55,150 --> 00:36:02,440
anything like this so we made it not

741
00:35:58,750 --> 00:36:04,990
that you will see our logo or big

742
00:36:02,440 --> 00:36:09,270
Bitcoin or big box and on top of that

743
00:36:04,990 --> 00:36:09,270
thing with Indian first site

744
00:36:09,490 --> 00:36:17,480
yeah and I think the ledger has a very

745
00:36:15,440 --> 00:36:20,300
good design because it looks like lots

746
00:36:17,480 --> 00:36:21,980
of USB flash drives but when you look at

747
00:36:20,300 --> 00:36:24,650
the connector you're going to notice

748
00:36:21,980 --> 00:36:28,810
that it's female and I think that can

749
00:36:24,650 --> 00:36:28,810
give it away as a hardware wallet

750
00:36:29,470 --> 00:36:34,940
actually hadn't an entire article where

751
00:36:32,510 --> 00:36:38,740
I commented on what the devices looked

752
00:36:34,940 --> 00:36:42,650
like and for example on the cold card I

753
00:36:38,740 --> 00:36:44,720
said that it looks like a calculator but

754
00:36:42,650 --> 00:36:47,120
anyone who takes a closer look will

755
00:36:44,720 --> 00:36:49,550
notice that the screen is way too small

756
00:36:47,120 --> 00:36:53,150
when you're using a calculator you want

757
00:36:49,550 --> 00:36:55,870
to have more digits for input and also

758
00:36:53,150 --> 00:36:58,910
you don't have the buttons for

759
00:36:55,870 --> 00:37:01,730
mathematical operations so you don't

760
00:36:58,910 --> 00:37:04,970
have a plus a minus a divided all supply

761
00:37:01,730 --> 00:37:08,660
then what kind of calculator is it and

762
00:37:04,970 --> 00:37:09,950
that's very noticeable hmm yeah that'd

763
00:37:08,660 --> 00:37:12,890
be pretty cool if they come up with a

764
00:37:09,950 --> 00:37:15,910
new model with the calculator plausible

765
00:37:12,890 --> 00:37:19,160
deniability feature I'd like to see that

766
00:37:15,910 --> 00:37:23,570
yeah but I mean I guess in the end you

767
00:37:19,160 --> 00:37:25,610
know any border control officer you can

768
00:37:23,570 --> 00:37:30,200
provide them a list maybe six devices

769
00:37:25,610 --> 00:37:32,300
and in case they should seize those

770
00:37:30,200 --> 00:37:35,300
devices or look after them so I think

771
00:37:32,300 --> 00:37:38,750
it's even with you know the most stealth

772
00:37:35,300 --> 00:37:41,000
device people will recognize the frame

773
00:37:38,750 --> 00:37:43,100
people recognize this is a horrible

774
00:37:41,000 --> 00:37:46,310
wallet but I think it's great that

775
00:37:43,100 --> 00:37:50,570
knowing people will maybe have a harder

776
00:37:46,310 --> 00:37:53,230
time to figure out what it is no you

777
00:37:50,570 --> 00:37:56,630
don't want to show up and I think

778
00:37:53,230 --> 00:37:59,690
perspective maybe that the treasure has

779
00:37:56,630 --> 00:38:03,010
the worst of designs as it looks like

780
00:37:59,690 --> 00:38:05,600
some kinda remote control for your car

781
00:38:03,010 --> 00:38:07,970
but unless you have a car and you're

782
00:38:05,600 --> 00:38:13,210
known to actually use that kind of

783
00:38:07,970 --> 00:38:13,210
device then people will be suspicious

784
00:38:15,710 --> 00:38:23,690
that's true anyway let's move on with

785
00:38:20,089 --> 00:38:29,000
another question if you like this dirty

786
00:38:23,690 --> 00:38:32,720
part was so graceful that everything

787
00:38:29,000 --> 00:38:35,450
that was nice to say and now let me ask

788
00:38:32,720 --> 00:38:39,500
about the original bit box and why it

789
00:38:35,450 --> 00:38:41,869
was discontinued and what kind of issues

790
00:38:39,500 --> 00:38:46,640
that you think it had and have been

791
00:38:41,869 --> 00:38:48,559
fixed in the o2 model yeah so yeah I

792
00:38:46,640 --> 00:38:49,880
original pit box we talked about it a

793
00:38:48,559 --> 00:38:52,210
little bit it's originally called

794
00:38:49,880 --> 00:38:55,280
digital bit box when it first came out

795
00:38:52,210 --> 00:39:00,550
that's been on the market for over three

796
00:38:55,280 --> 00:39:04,760
and a half years and so and we recently

797
00:39:00,550 --> 00:39:06,260
discontinued we I should say we we

798
00:39:04,760 --> 00:39:10,910
didn't discontinue support we stopped

799
00:39:06,260 --> 00:39:14,030
sailing selling it last month and we

800
00:39:10,910 --> 00:39:17,380
will continue support officially for one

801
00:39:14,030 --> 00:39:20,390
more year possibly longer than that and

802
00:39:17,380 --> 00:39:22,819
I'd say one of the misconceptions that

803
00:39:20,390 --> 00:39:26,660
we realized after the fact is we use the

804
00:39:22,819 --> 00:39:30,619
term end-of-life and that's a very

805
00:39:26,660 --> 00:39:33,559
technical term in in retail hardware

806
00:39:30,619 --> 00:39:34,970
products and it doesn't mean that after

807
00:39:33,559 --> 00:39:38,270
one year from now the device is just

808
00:39:34,970 --> 00:39:40,010
gonna die and go away it doesn't mean

809
00:39:38,270 --> 00:39:44,180
that it just means that there's no

810
00:39:40,010 --> 00:39:46,010
guaranteed updates for it after a year

811
00:39:44,180 --> 00:39:47,859
from now but you'll still be able to use

812
00:39:46,010 --> 00:39:50,329
it and so you can still use it with our

813
00:39:47,859 --> 00:39:52,760
older apps or you can still use it with

814
00:39:50,329 --> 00:39:55,910
electrum it works with electron for a

815
00:39:52,760 --> 00:39:58,670
number of years now so just just to

816
00:39:55,910 --> 00:40:02,869
clarify that and so then the question is

817
00:39:58,670 --> 00:40:05,030
why did we choose to discontinue it so

818
00:40:02,869 --> 00:40:09,380
it has been just like every other

819
00:40:05,030 --> 00:40:10,869
hardware wallet that has been found

820
00:40:09,380 --> 00:40:13,460
their abilities have been reported on it

821
00:40:10,869 --> 00:40:17,180
but all the vulnerabilities reported on

822
00:40:13,460 --> 00:40:18,530
it have been fixed and so it's not an

823
00:40:17,180 --> 00:40:20,390
issue that there's something that's not

824
00:40:18,530 --> 00:40:23,720
fixed on it let's say the issue is more

825
00:40:20,390 --> 00:40:25,280
so we felt that in in the long run

826
00:40:23,720 --> 00:40:29,360
it wouldn't be competitive on the market

827
00:40:25,280 --> 00:40:33,680
because mainly it doesn't have a screen

828
00:40:29,360 --> 00:40:35,930
in addition not having a screen makes it

829
00:40:33,680 --> 00:40:40,010
a bit harder to do the security

830
00:40:35,930 --> 00:40:41,510
maintenance and so what we did without

831
00:40:40,010 --> 00:40:43,910
the screen was we had a secure

832
00:40:41,510 --> 00:40:47,150
connection to a mobile app and so using

833
00:40:43,910 --> 00:40:51,050
a mobile app we phrased it as basically

834
00:40:47,150 --> 00:40:53,510
a secure large remote screen and that

835
00:40:51,050 --> 00:40:56,180
worked but then this introduces another

836
00:40:53,510 --> 00:41:00,260
another channel communication channel

837
00:40:56,180 --> 00:41:04,970
where people can attack and getting that

838
00:41:00,260 --> 00:41:09,170
right takes some effort and so it's also

839
00:41:04,970 --> 00:41:13,810
a maintenance issue like a dev resources

840
00:41:09,170 --> 00:41:16,400
issue on our end in order to continue to

841
00:41:13,810 --> 00:41:17,960
maintain it we think like right again

842
00:41:16,400 --> 00:41:19,250
right now all the vulnerabilities are

843
00:41:17,960 --> 00:41:20,810
fixed but there could be more

844
00:41:19,250 --> 00:41:25,370
vulnerabilities found in the future

845
00:41:20,810 --> 00:41:27,800
somewhere with that channel and so those

846
00:41:25,370 --> 00:41:31,460
are the I guess the main reasons for for

847
00:41:27,800 --> 00:41:33,740
discontinuing it and again we we don't

848
00:41:31,460 --> 00:41:35,960
want to leave our existing users you

849
00:41:33,740 --> 00:41:38,240
know out in the blue and so we do we

850
00:41:35,960 --> 00:41:41,180
will continue support and of course if

851
00:41:38,240 --> 00:41:43,520
you have issues with it do do contact us

852
00:41:41,180 --> 00:41:46,280
do contact us at our own support

853
00:41:43,520 --> 00:41:48,320
channels and we'll try to take care of

854
00:41:46,280 --> 00:41:54,710
you like we would anyone else any of our

855
00:41:48,320 --> 00:42:00,530
other customers so yeah so that that's

856
00:41:54,710 --> 00:42:03,730
the reason it was discontinued and an

857
00:42:00,530 --> 00:42:06,380
additional benefit to that is you know

858
00:42:03,730 --> 00:42:10,730
time and dev resources are limited and

859
00:42:06,380 --> 00:42:12,230
so if we can put more more time into the

860
00:42:10,730 --> 00:42:15,320
bit box or two which we think is a much

861
00:42:12,230 --> 00:42:18,530
stronger competitor in the field and

862
00:42:15,320 --> 00:42:20,750
also inter-app trying to make that more

863
00:42:18,530 --> 00:42:24,410
usable try to add features that the

864
00:42:20,750 --> 00:42:28,430
users want we see this is a long run win

865
00:42:24,410 --> 00:42:31,850
in the end for for our customers may be

866
00:42:28,430 --> 00:42:33,500
that this will be a stupid question but

867
00:42:31,850 --> 00:42:36,920
is there any kind of backwards

868
00:42:33,500 --> 00:42:39,910
compatibility when you backup on a big

869
00:42:36,920 --> 00:42:43,710
box that one let the SD card so

870
00:42:39,910 --> 00:42:46,480
Serdar than to deal - and have it work

871
00:42:43,710 --> 00:42:49,569
yeah so it's not a stupid question at

872
00:42:46,480 --> 00:42:51,970
all we definitely wanted to do that but

873
00:42:49,569 --> 00:42:55,660
unfortunately it's not the case and the

874
00:42:51,970 --> 00:43:00,339
reason for that is we for the big bucks

875
00:42:55,660 --> 00:43:03,430
or one I guess the standards for like

876
00:43:00,339 --> 00:43:07,410
backups and mnemonics like 32 bit 44

877
00:43:03,430 --> 00:43:10,270
we're just coming out and so when we

878
00:43:07,410 --> 00:43:12,490
decided what kind of format we were

879
00:43:10,270 --> 00:43:14,859
going to make for for the backups they

880
00:43:12,490 --> 00:43:16,660
weren't following the exact standards we

881
00:43:14,859 --> 00:43:19,240
we tried to do something we thought made

882
00:43:16,660 --> 00:43:22,930
more sense was more secure but in the

883
00:43:19,240 --> 00:43:24,789
end the market hardware wallets in

884
00:43:22,930 --> 00:43:27,309
software wallets adopted these other

885
00:43:24,789 --> 00:43:31,960
standards and so when we made the bit

886
00:43:27,309 --> 00:43:33,910
box or two we decided it'd be more make

887
00:43:31,960 --> 00:43:35,650
more sense to have some kind of

888
00:43:33,910 --> 00:43:39,460
compatibility with the industry standard

889
00:43:35,650 --> 00:43:41,109
and so the the backups are different so

890
00:43:39,460 --> 00:43:43,329
they they're not going to be for

891
00:43:41,109 --> 00:43:49,349
compatible or backward compatible that

892
00:43:43,329 --> 00:43:55,390
said I would say if you switch wallets I

893
00:43:49,349 --> 00:43:58,210
think it's good practice to make kind of

894
00:43:55,390 --> 00:44:01,359
I guess a fresh wallet by that I mean

895
00:43:58,210 --> 00:44:03,400
sweeping the funds from your old seed

896
00:44:01,359 --> 00:44:04,930
your old hardware wallet your old

897
00:44:03,400 --> 00:44:06,369
software wallet into a new hardware

898
00:44:04,930 --> 00:44:10,750
wallet and then you can be confident

899
00:44:06,369 --> 00:44:12,670
that you know if you throw away or

900
00:44:10,750 --> 00:44:13,930
misplace your your old hardware wallet

901
00:44:12,670 --> 00:44:15,400
because you're not using anymore you

902
00:44:13,930 --> 00:44:17,710
forget about it that someone doesn't

903
00:44:15,400 --> 00:44:20,529
come along and just take it and can

904
00:44:17,710 --> 00:44:22,720
guess your password or social engineer

905
00:44:20,529 --> 00:44:25,980
you to figure out the password and then

906
00:44:22,720 --> 00:44:30,210
access the funds without you being aware

907
00:44:25,980 --> 00:44:33,180
okay so we previously established that

908
00:44:30,210 --> 00:44:35,849
the cold card and the big box of to have

909
00:44:33,180 --> 00:44:37,650
the same secured chip but how would you

910
00:44:35,849 --> 00:44:41,040
compare that ship with the one that's

911
00:44:37,650 --> 00:44:42,630
inside the ledger yeah

912
00:44:41,040 --> 00:44:44,520
so I touched on this a little bit

913
00:44:42,630 --> 00:44:46,890
earlier and talking about the security

914
00:44:44,520 --> 00:44:49,890
our security architecture versus ledger

915
00:44:46,890 --> 00:44:52,920
and so just to go into that a little bit

916
00:44:49,890 --> 00:44:56,880
more so the cold card in us are very

917
00:44:52,920 --> 00:44:59,130
similar and we are quite different than

918
00:44:56,880 --> 00:45:01,950
the ledger approach and so the ledger

919
00:44:59,130 --> 00:45:03,660
approach uses a secure element where

920
00:45:01,950 --> 00:45:06,210
they actually run a lot of the hardware

921
00:45:03,660 --> 00:45:10,650
wallet code on side or inside of that

922
00:45:06,210 --> 00:45:13,020
secure element and this is why again

923
00:45:10,650 --> 00:45:16,349
with the NDA's and so on that some of

924
00:45:13,020 --> 00:45:20,520
their code is closed source and so the

925
00:45:16,349 --> 00:45:22,950
cold card in us we use the secure the

926
00:45:20,520 --> 00:45:24,660
secure chip for a different purpose we

927
00:45:22,950 --> 00:45:27,810
don't run the actual Hardware wallet

928
00:45:24,660 --> 00:45:32,069
code on it we're more using it as I

929
00:45:27,810 --> 00:45:35,190
guess the Gateway to authenticate your

930
00:45:32,069 --> 00:45:40,010
device or login to your device and so in

931
00:45:35,190 --> 00:45:41,869
that sense we can use open source

932
00:45:40,010 --> 00:45:45,000
well-vetted

933
00:45:41,869 --> 00:45:48,150
cryptographic libraries for example

934
00:45:45,000 --> 00:45:50,400
we're using the ellipse IP library in

935
00:45:48,150 --> 00:45:53,960
that's used in Bitcoin core which we

936
00:45:50,400 --> 00:45:59,040
think is the fiber by far the best and

937
00:45:53,960 --> 00:46:02,490
safest cryptographic library I know just

938
00:45:59,040 --> 00:46:07,650
just to talk about bugs in in libraries

939
00:46:02,490 --> 00:46:10,710
so OpenSSH open a cell is very very

940
00:46:07,650 --> 00:46:12,750
common or well used library but during

941
00:46:10,710 --> 00:46:16,950
the development of the lib sakti they

942
00:46:12,750 --> 00:46:20,819
found during sanity test they found a

943
00:46:16,950 --> 00:46:23,460
difference in what the libtech p library

944
00:46:20,819 --> 00:46:25,200
produced versus these OpenSSH libraries

945
00:46:23,460 --> 00:46:27,720
the cryptographic libraries and it

946
00:46:25,200 --> 00:46:31,140
turned out that there was a bug in an

947
00:46:27,720 --> 00:46:34,500
education in the and the other OpenSSH

948
00:46:31,140 --> 00:46:36,690
library and so

949
00:46:34,500 --> 00:46:39,349
so many people have looked at us so much

950
00:46:36,690 --> 00:46:43,470
testing has gone into this particular

951
00:46:39,349 --> 00:46:45,599
library that you know we think to do our

952
00:46:43,470 --> 00:46:47,339
users justice we should be using this

953
00:46:45,599 --> 00:46:52,079
knowing we think other hard wallet

954
00:46:47,339 --> 00:46:54,900
should should adopt it also also you

955
00:46:52,079 --> 00:46:58,099
mentioned the design similarities

956
00:46:54,900 --> 00:47:01,380
between the cold card and a bit box oh -

957
00:46:58,099 --> 00:47:03,839
yeah this might be another dumb question

958
00:47:01,380 --> 00:47:07,290
but is there a compatibility with

959
00:47:03,839 --> 00:47:09,359
backups so you take the SD card from the

960
00:47:07,290 --> 00:47:15,750
big box and put it in the cold card and

961
00:47:09,359 --> 00:47:18,900
it just works as far as I'm aware no I

962
00:47:15,750 --> 00:47:22,050
think I'm not exactly familiar with how

963
00:47:18,900 --> 00:47:25,050
they're doing like wallet recovery at

964
00:47:22,050 --> 00:47:27,480
the moment but I believe with the cold

965
00:47:25,050 --> 00:47:30,420
card you have to enter the mnemonics

966
00:47:27,480 --> 00:47:34,380
through the the user interface in the

967
00:47:30,420 --> 00:47:36,119
screen and not buy the backup but I'm

968
00:47:34,380 --> 00:47:37,680
not I'm not sure exactly on that point

969
00:47:36,119 --> 00:47:40,530
where they're at right now and so in

970
00:47:37,680 --> 00:47:44,400
that sense the SD card wouldn't just

971
00:47:40,530 --> 00:47:47,520
work but since we're using the the bit

972
00:47:44,400 --> 00:47:49,710
standards then if you export the word

973
00:47:47,520 --> 00:47:51,900
list from the bit box or two then you

974
00:47:49,710 --> 00:47:56,970
would be able to import that into cold

975
00:47:51,900 --> 00:48:00,030
come time at the time right now when we

976
00:47:56,970 --> 00:48:02,339
record this the big box of two has been

977
00:48:00,030 --> 00:48:05,579
launched on the market for a couple of

978
00:48:02,339 --> 00:48:08,339
months maybe and what is the feature

979
00:48:05,579 --> 00:48:12,569
that got most praise from your users

980
00:48:08,339 --> 00:48:15,720
when you got feedback yeah so we've been

981
00:48:12,569 --> 00:48:17,520
quite quite happy with the reviews we're

982
00:48:15,720 --> 00:48:19,800
making a list on our website if other

983
00:48:17,520 --> 00:48:22,790
people are interested in getting some

984
00:48:19,800 --> 00:48:26,880
third party opinions on our device and

985
00:48:22,790 --> 00:48:29,099
what I'm maybe most happy about is a lot

986
00:48:26,880 --> 00:48:33,030
of great feedback about the user

987
00:48:29,099 --> 00:48:35,579
experience being both simple and even

988
00:48:33,030 --> 00:48:38,970
recommended for for new users but then

989
00:48:35,579 --> 00:48:41,730
also having

990
00:48:38,970 --> 00:48:44,790
the expert feature is still available so

991
00:48:41,730 --> 00:48:47,490
that you know some of the things he said

992
00:48:44,790 --> 00:48:52,080
like coin control or connecting your own

993
00:48:47,490 --> 00:48:55,590
node to our app for example being

994
00:48:52,080 --> 00:49:01,220
possible and so the in general is it's

995
00:48:55,590 --> 00:49:01,220
maybe not a good idea to try to make a

996
00:49:01,760 --> 00:49:07,680
one-size-fits-all solution but I think

997
00:49:04,830 --> 00:49:11,750
we were able to do that with our device

998
00:49:07,680 --> 00:49:11,750
which is quite nice

999
00:49:14,150 --> 00:49:18,410
approachable for further users that

1000
00:49:16,160 --> 00:49:20,359
don't have a deep crypto knowledge but

1001
00:49:18,410 --> 00:49:25,279
it still offers some advanced expert

1002
00:49:20,359 --> 00:49:26,930
features that people appreciate the

1003
00:49:25,279 --> 00:49:29,869
hardware design is also a general point

1004
00:49:26,930 --> 00:49:31,369
that users appreciate its aesthetics and

1005
00:49:29,869 --> 00:49:35,059
also as he mentioned before it's

1006
00:49:31,369 --> 00:49:37,250
discrete appearance so that you don't

1007
00:49:35,059 --> 00:49:43,880
you wouldn't recognize it as a hardware

1008
00:49:37,250 --> 00:49:46,640
all it per se and yeah it's also

1009
00:49:43,880 --> 00:49:49,130
important to note we have two versions

1010
00:49:46,640 --> 00:49:51,829
of our Hardware wallet out the hardware

1011
00:49:49,130 --> 00:49:53,480
itself is the same but we the firmer on

1012
00:49:51,829 --> 00:49:55,329
it's different we have a Bitcoin only

1013
00:49:53,480 --> 00:49:58,039
version which has gotten a lot of

1014
00:49:55,329 --> 00:50:01,460
positive feedback and we also have a big

1015
00:49:58,039 --> 00:50:04,760
core sorry a bit box multi Edition which

1016
00:50:01,460 --> 00:50:07,549
also has some support for different alt

1017
00:50:04,760 --> 00:50:13,220
coins and also you to have second factor

1018
00:50:07,549 --> 00:50:16,760
authentication alright so the next two

1019
00:50:13,220 --> 00:50:19,069
questions are for power users and the

1020
00:50:16,760 --> 00:50:21,500
first one is what kind of advice would

1021
00:50:19,069 --> 00:50:25,220
you give to people who decide not to use

1022
00:50:21,500 --> 00:50:30,230
the big box app and go for electrum or

1023
00:50:25,220 --> 00:50:33,470
wasabi yeah yeah right now I'm the big

1024
00:50:30,230 --> 00:50:38,059
dog so two is we're working on an

1025
00:50:33,470 --> 00:50:41,140
election plug-in in in at the very

1026
00:50:38,059 --> 00:50:43,819
beginning we identified the plugins

1027
00:50:41,140 --> 00:50:47,029
landscape as one of the problems in the

1028
00:50:43,819 --> 00:50:49,730
hardware board space because there's

1029
00:50:47,029 --> 00:50:51,950
there's a lack of a standard how a an

1030
00:50:49,730 --> 00:50:55,369
existing pot or software wallet can

1031
00:50:51,950 --> 00:50:58,089
interact with the HollyRod so what we

1032
00:50:55,369 --> 00:51:00,650
right now have is kind of a blocking

1033
00:50:58,089 --> 00:51:02,990
infrastructure like electron has a bunch

1034
00:51:00,650 --> 00:51:05,329
of plugins where the plugins are

1035
00:51:02,990 --> 00:51:08,329
maintained within the codebase of

1036
00:51:05,329 --> 00:51:10,880
electron so that makes it almost

1037
00:51:08,329 --> 00:51:13,010
impossible for a horrible bandar to

1038
00:51:10,880 --> 00:51:16,670
control the release cycles we imagine

1039
00:51:13,010 --> 00:51:20,180
there's a critical bug that makes us

1040
00:51:16,670 --> 00:51:22,160
like knock on the door of electro and

1041
00:51:20,180 --> 00:51:24,109
maybe back then to do a release which

1042
00:51:22,160 --> 00:51:26,060
they could refuse for political reasons

1043
00:51:24,109 --> 00:51:29,840
or whatever so the whole plugin

1044
00:51:26,060 --> 00:51:32,830
structure is not ideal for security in

1045
00:51:29,840 --> 00:51:36,050
general and especially in our case with

1046
00:51:32,830 --> 00:51:39,730
documents could have potential problems

1047
00:51:36,050 --> 00:51:42,530
and there is actually or I mean back in

1048
00:51:39,730 --> 00:51:45,680
2015 I started to write on the standards

1049
00:51:42,530 --> 00:51:49,340
how software mods could interact with

1050
00:51:45,680 --> 00:51:52,670
our awards that hasn't been any or a lot

1051
00:51:49,340 --> 00:51:56,360
of progress in that sense but there is

1052
00:51:52,670 --> 00:51:59,090
two library HWI vibrate that has been

1053
00:51:56,360 --> 00:52:03,220
created by a bunch of developers that

1054
00:51:59,090 --> 00:52:07,070
seems to be the future a future glue

1055
00:52:03,220 --> 00:52:10,210
element that could make it easy and

1056
00:52:07,070 --> 00:52:14,540
possible for some pulsing of hot rods

1057
00:52:10,210 --> 00:52:20,050
but right now we strongly recommend to

1058
00:52:14,540 --> 00:52:25,700
use our software it works out to yeah so

1059
00:52:20,050 --> 00:52:27,940
that said we we look quite positively at

1060
00:52:25,700 --> 00:52:30,710
electrum and Thomas who is running it

1061
00:52:27,940 --> 00:52:32,030
it's a really really great project I

1062
00:52:30,710 --> 00:52:33,110
think they're doing doing things the

1063
00:52:32,030 --> 00:52:36,860
right way

1064
00:52:33,110 --> 00:52:38,900
and at the moment our original bit box

1065
00:52:36,860 --> 00:52:41,600
does have support the bit box or two

1066
00:52:38,900 --> 00:52:46,250
does not have support yet but we're

1067
00:52:41,600 --> 00:52:49,430
working on making that available in the

1068
00:52:46,250 --> 00:52:52,940
very near future and also for electrum

1069
00:52:49,430 --> 00:52:57,800
for the hwi library that eunice

1070
00:52:52,940 --> 00:53:00,320
mentioned now this notes back to that

1071
00:52:57,800 --> 00:53:02,420
discussion that you had on the stuff and

1072
00:53:00,320 --> 00:53:04,820
leave our podcast and I don't want to

1073
00:53:02,420 --> 00:53:08,240
reiterate that but maybe we can make a

1074
00:53:04,820 --> 00:53:10,820
short summary why that box out - not as

1075
00:53:08,240 --> 00:53:16,010
friendly what multi-sig configurations

1076
00:53:10,820 --> 00:53:18,890
as for example the treasure metal T yes

1077
00:53:16,010 --> 00:53:21,400
that's that's a good point I mean if if

1078
00:53:18,890 --> 00:53:26,120
we look at multi signal teasing has been

1079
00:53:21,400 --> 00:53:29,540
very much proven on the unchanged side

1080
00:53:26,120 --> 00:53:33,430
so it works the cryptographic

1081
00:53:29,540 --> 00:53:37,050
assumptions are absolutely bulletproof

1082
00:53:33,430 --> 00:53:39,660
but the problem in multisig is the whole

1083
00:53:37,050 --> 00:53:43,589
user experience and the security

1084
00:53:39,660 --> 00:53:45,990
assumption horror Allah makes so when

1085
00:53:43,589 --> 00:53:48,810
you create a as an example when you

1086
00:53:45,990 --> 00:53:52,290
created receiving address you need to

1087
00:53:48,810 --> 00:53:57,810
have your co-signers Xbox or at least a

1088
00:53:52,290 --> 00:54:00,690
public key so if you if the concept or

1089
00:53:57,810 --> 00:54:02,010
if the implementation in in the whole

1090
00:54:00,690 --> 00:54:04,380
world firmware has not been made

1091
00:54:02,010 --> 00:54:07,440
correctly it could be possible for an

1092
00:54:04,380 --> 00:54:10,020
attacker to create fake receiving

1093
00:54:07,440 --> 00:54:12,510
address and in the worst case your your

1094
00:54:10,020 --> 00:54:14,970
coins are locked up in attackers pop key

1095
00:54:12,510 --> 00:54:18,510
or even as you eventually send your

1096
00:54:14,970 --> 00:54:22,140
constant to the Nirvana so and also we

1097
00:54:18,510 --> 00:54:26,940
have one of our employees cost for enter

1098
00:54:22,140 --> 00:54:30,210
has just released one ability for

1099
00:54:26,940 --> 00:54:33,270
transient ledger that actually can make

1100
00:54:30,210 --> 00:54:34,260
these funds really said set on the risk

1101
00:54:33,270 --> 00:54:37,890
of sex so I think

1102
00:54:34,260 --> 00:54:40,470
multisig on the at the concept on in the

1103
00:54:37,890 --> 00:54:42,570
Bitcoin chain is absolutely saying but

1104
00:54:40,470 --> 00:54:44,640
they're the concept how horrible it has

1105
00:54:42,570 --> 00:54:47,520
to do with mouth to see that hasn't been

1106
00:54:44,640 --> 00:54:50,220
really working out yet so that's why we

1107
00:54:47,520 --> 00:54:52,710
haven't implemented and served it to the

1108
00:54:50,220 --> 00:54:54,660
users right now and rather worked on the

1109
00:54:52,710 --> 00:54:56,760
conceptional layers that's also what we

1110
00:54:54,660 --> 00:55:00,359
have discovered those vulnerabilities

1111
00:54:56,760 --> 00:55:03,089
yeah and just just add on that so Casper

1112
00:55:00,359 --> 00:55:05,970
did really great work on that and just a

1113
00:55:03,089 --> 00:55:08,460
day or two ago we actually released a

1114
00:55:05,970 --> 00:55:10,770
blog post describing it's it's titled

1115
00:55:08,460 --> 00:55:13,349
the pitfalls of multi-site on hardware

1116
00:55:10,770 --> 00:55:15,119
wallets and so there's a lot of material

1117
00:55:13,349 --> 00:55:19,080
there that goes into further depth about

1118
00:55:15,119 --> 00:55:22,560
why it's not so straightforward to to do

1119
00:55:19,080 --> 00:55:25,380
security with multi-site yeah and the

1120
00:55:22,560 --> 00:55:27,540
conclusion we currently do I mean it's a

1121
00:55:25,380 --> 00:55:29,760
simple conclusion but it could be more

1122
00:55:27,540 --> 00:55:33,089
harmful to use not disagree with a new

1123
00:55:29,760 --> 00:55:35,790
single thing in certain situations so

1124
00:55:33,089 --> 00:55:38,670
before that has been sorted out on a

1125
00:55:35,790 --> 00:55:42,030
conceptual layer I think using single

1126
00:55:38,670 --> 00:55:45,119
sig is still only ability or your your

1127
00:55:42,030 --> 00:55:48,030
funds onto multiple hard robots may be

1128
00:55:45,119 --> 00:55:50,210
better ops right now especially frames

1129
00:55:48,030 --> 00:55:54,440
just without a lot of experience

1130
00:55:50,210 --> 00:55:57,620
I was about to mention your research

1131
00:55:54,440 --> 00:55:59,960
scene because in the last few weeks you

1132
00:55:57,620 --> 00:56:04,220
have made a lot of disclosures and you

1133
00:55:59,960 --> 00:56:07,100
have found filner abilities and the cold

1134
00:56:04,220 --> 00:56:12,820
card and the treasure and in the ledger

1135
00:56:07,100 --> 00:56:15,740
which is impressive yeah so this just

1136
00:56:12,820 --> 00:56:17,660
sorry to interrupt but just to give some

1137
00:56:15,740 --> 00:56:19,760
context there so it's not that we

1138
00:56:17,660 --> 00:56:22,640
actively sought out to find

1139
00:56:19,760 --> 00:56:25,100
vulnerabilities in our competitors it

1140
00:56:22,640 --> 00:56:29,660
was more so we really want to put

1141
00:56:25,100 --> 00:56:32,660
multi-sig into production for for our

1142
00:56:29,660 --> 00:56:34,940
our products and one of the first things

1143
00:56:32,660 --> 00:56:37,760
we did was look at and see how the

1144
00:56:34,940 --> 00:56:40,670
others did it and when we did that we

1145
00:56:37,760 --> 00:56:42,800
ended up finding a number of

1146
00:56:40,670 --> 00:56:46,910
vulnerabilities that we responsibly

1147
00:56:42,800 --> 00:56:49,040
disposed teach them and that's kind of

1148
00:56:46,910 --> 00:56:51,860
where where this this came out and so

1149
00:56:49,040 --> 00:56:53,990
that's also why all of these responses

1150
00:56:51,860 --> 00:56:55,880
kind of came out at the same time it's

1151
00:56:53,990 --> 00:56:59,510
because they were found at the same time

1152
00:56:55,880 --> 00:57:00,890
and again if you check out our blogs you

1153
00:56:59,510 --> 00:57:03,470
can find a link in our website if

1154
00:57:00,890 --> 00:57:05,810
cryptos eh it'll give you a lot more

1155
00:57:03,470 --> 00:57:09,350
details about each of these situations

1156
00:57:05,810 --> 00:57:14,690
so when you see that the responses that

1157
00:57:09,350 --> 00:57:18,020
you got were positive so the responses

1158
00:57:14,690 --> 00:57:20,540
from the community I would say the the

1159
00:57:18,020 --> 00:57:24,220
vast majority were positive the

1160
00:57:20,540 --> 00:57:27,280
interaction with treasure again was

1161
00:57:24,220 --> 00:57:33,160
really really great really amazing

1162
00:57:27,280 --> 00:57:36,380
ledger also in the end they said that

1163
00:57:33,160 --> 00:57:38,540
the the stuff we disclosed was expected

1164
00:57:36,380 --> 00:57:41,390
behavior you can read more about it but

1165
00:57:38,540 --> 00:57:45,170
the conversation with them was very good

1166
00:57:41,390 --> 00:57:48,560
also yeah called card you had mentioned

1167
00:57:45,170 --> 00:57:50,960
before they didn't they weren't so happy

1168
00:57:48,560 --> 00:57:53,650
I guess with the severity level that we

1169
00:57:50,960 --> 00:57:56,960
labeled with some of their

1170
00:57:53,650 --> 00:57:59,720
vulnerabilities which is led to a bit of

1171
00:57:56,960 --> 00:58:01,190
a what happens on Twitter oftentimes a

1172
00:57:59,720 --> 00:58:03,500
little bit of a

1173
00:58:01,190 --> 00:58:06,710
heated Twitter discussion call it that

1174
00:58:03,500 --> 00:58:09,289
but in the end I should say that called

1175
00:58:06,710 --> 00:58:11,750
card especially with multisig probably

1176
00:58:09,289 --> 00:58:17,319
did do the best job of all of them and

1177
00:58:11,750 --> 00:58:17,319
so it's a little interesting to see the

1178
00:58:17,470 --> 00:58:22,400
yeah unfortunately became too heated

1179
00:58:20,329 --> 00:58:29,510
because in the end it probably wasn't

1180
00:58:22,400 --> 00:58:31,400
such such a big deal in the end so so

1181
00:58:29,510 --> 00:58:34,039
the final question that I have for you

1182
00:58:31,400 --> 00:58:35,630
and this isn't the final person of the

1183
00:58:34,039 --> 00:58:38,809
interview because there are two more on

1184
00:58:35,630 --> 00:58:40,849
Twitter people have asked but the final

1185
00:58:38,809 --> 00:58:43,400
one that I have for you is about your

1186
00:58:40,849 --> 00:58:45,799
future plans and what are you planning

1187
00:58:43,400 --> 00:58:48,890
to do on this hardware wallet market in

1188
00:58:45,799 --> 00:58:55,339
the future and how will the bed box

1189
00:58:48,890 --> 00:58:57,950
though to evolve in time I mean we first

1190
00:58:55,339 --> 00:59:01,010
maybe can tap into the big box space

1191
00:58:57,950 --> 00:59:03,190
project we have started a few months or

1192
00:59:01,010 --> 00:59:08,390
is it even a year longer than a year ago

1193
00:59:03,190 --> 00:59:09,950
which is kind of a note including a

1194
00:59:08,390 --> 00:59:14,359
whore robot or we call the secure

1195
00:59:09,950 --> 00:59:18,260
element which is a complete open source

1196
00:59:14,359 --> 00:59:21,920
project also the hardware might be might

1197
00:59:18,260 --> 00:59:26,150
be open to build it on your own which is

1198
00:59:21,920 --> 00:59:29,750
is kind of a thing we think would be

1199
00:59:26,150 --> 00:59:31,910
very interesting parallel abusers and if

1200
00:59:29,750 --> 00:59:34,039
you haven't read about the beatbox phase

1201
00:59:31,910 --> 00:59:37,010
project I think it's only worse to go to

1202
00:59:34,039 --> 00:59:39,140
the ship at autopsy edge website and we

1203
00:59:37,010 --> 00:59:41,359
need up and we have started or we are in

1204
00:59:39,140 --> 00:59:47,029
the process of shipping the first petals

1205
00:59:41,359 --> 00:59:50,500
better devices a bunch of people yeah

1206
00:59:47,029 --> 00:59:53,809
and so yeah just to expand on that so

1207
00:59:50,500 --> 00:59:55,970
we're trying to I guess of course we're

1208
00:59:53,809 --> 00:59:58,220
interested in developing the bit box or

1209
00:59:55,970 --> 01:00:00,440
to further we're also interested in

1210
00:59:58,220 --> 01:00:02,720
expanding our our product offerings and

1211
01:00:00,440 --> 01:00:04,730
so the base default Bitcoin node

1212
01:00:02,720 --> 01:00:08,329
eventually lightning will be added also

1213
01:00:04,730 --> 01:00:11,510
and so we think this addresses a lot of

1214
01:00:08,329 --> 01:00:12,580
the privacy concerns that are still an

1215
01:00:11,510 --> 01:00:15,460
issue

1216
01:00:12,580 --> 01:00:17,320
in in Bitcoin especially whereas

1217
01:00:15,460 --> 01:00:22,480
hardware wallets solve the security

1218
01:00:17,320 --> 01:00:25,390
issue what what that means is if you use

1219
01:00:22,480 --> 01:00:26,920
a hardware wallet you still unless you

1220
01:00:25,390 --> 01:00:29,950
can connect your own full node which we

1221
01:00:26,920 --> 01:00:33,820
offer that option in our app but the

1222
01:00:29,950 --> 01:00:35,650
vast majority people don't and so when

1223
01:00:33,820 --> 01:00:36,580
you need to check out how many coins you

1224
01:00:35,650 --> 01:00:37,960
have in your hardware wallet you have

1225
01:00:36,580 --> 01:00:40,720
use you have to use a third party

1226
01:00:37,960 --> 01:00:45,180
service could be us could be treasurer

1227
01:00:40,720 --> 01:00:48,550
ledger not saying any of us would

1228
01:00:45,180 --> 01:00:50,680
actually spy on people but you know in

1229
01:00:48,550 --> 01:00:54,550
the future we could be forced to if a

1230
01:00:50,680 --> 01:00:56,890
government wants to you know forces us

1231
01:00:54,550 --> 01:00:58,150
to check out at someone's specific

1232
01:00:56,890 --> 01:01:01,390
address and so if you're using our

1233
01:00:58,150 --> 01:01:03,520
service to probe the bot chain basically

1234
01:01:01,390 --> 01:01:05,820
your whole financial history is exposed

1235
01:01:03,520 --> 01:01:09,130
and that's something that people tend to

1236
01:01:05,820 --> 01:01:10,480
not want to expose I know there's all

1237
01:01:09,130 --> 01:01:12,670
this talk about people don't care about

1238
01:01:10,480 --> 01:01:15,550
privacy anymore you know people post

1239
01:01:12,670 --> 01:01:17,050
everything on Facebook and so on but one

1240
01:01:15,550 --> 01:01:19,480
thing they don't really post on Facebook

1241
01:01:17,050 --> 01:01:21,520
every week is their bank statements for

1242
01:01:19,480 --> 01:01:22,810
example and so I think there are certain

1243
01:01:21,520 --> 01:01:24,670
things that people do want to have

1244
01:01:22,810 --> 01:01:27,760
private and the big box base addresses

1245
01:01:24,670 --> 01:01:29,710
that as far as the hardware wallet

1246
01:01:27,760 --> 01:01:31,390
itself yeah we have a lot of ideas so

1247
01:01:29,710 --> 01:01:33,450
multi-sig of course as we mentioned

1248
01:01:31,390 --> 01:01:36,640
before is something you want to add on

1249
01:01:33,450 --> 01:01:38,710
we want to continue to improve the

1250
01:01:36,640 --> 01:01:40,300
usability we're quite happy that people

1251
01:01:38,710 --> 01:01:42,040
like the usability already but there's

1252
01:01:40,300 --> 01:01:44,800
always ways we can continue to improve

1253
01:01:42,040 --> 01:01:46,510
that we have the mobile app come in

1254
01:01:44,800 --> 01:01:48,910
which a lot of people have given us

1255
01:01:46,510 --> 01:01:51,810
pretty good feedback on multi-language

1256
01:01:48,910 --> 01:01:54,880
or things like that but really

1257
01:01:51,810 --> 01:01:56,860
continuing to improve on the overall

1258
01:01:54,880 --> 01:01:59,290
user experience the usability also try

1259
01:01:56,860 --> 01:02:02,650
to give different types of services that

1260
01:01:59,290 --> 01:02:06,160
that people need such as theater on

1261
01:02:02,650 --> 01:02:11,650
ramps and things like that all right

1262
01:02:06,160 --> 01:02:13,390
so track bender from Twitter once yeah

1263
01:02:11,650 --> 01:02:17,050
he wants to know where the inspiration

1264
01:02:13,390 --> 01:02:20,740
came from or your devices what's behind

1265
01:02:17,050 --> 01:02:22,990
the big box bays and tap projects

1266
01:02:20,740 --> 01:02:25,210
and what me we might expect down the

1267
01:02:22,990 --> 01:02:28,210
road so similar to my question but more

1268
01:02:25,210 --> 01:02:29,619
specific to the product okay if we we

1269
01:02:28,210 --> 01:02:31,420
answered some of the base stuff already

1270
01:02:29,619 --> 01:02:35,530
but maybe maybe honest you want to jump

1271
01:02:31,420 --> 01:02:38,349
in oh yeah I think the base project it's

1272
01:02:35,530 --> 01:02:42,630
totally worth to read up further on on

1273
01:02:38,349 --> 01:02:44,710
our side but there is a lot of

1274
01:02:42,630 --> 01:02:47,710
possibilities people can build with it

1275
01:02:44,710 --> 01:02:50,410
it may be the mixer that automatically

1276
01:02:47,710 --> 01:02:54,730
makes mix coins it could be like

1277
01:02:50,410 --> 01:02:56,859
lightening situations which hsm that

1278
01:02:54,730 --> 01:02:58,780
could be cool services that you get like

1279
01:02:56,859 --> 01:03:01,720
information any a received coins in a

1280
01:02:58,780 --> 01:03:06,790
secure way but in general for a lot of

1281
01:03:01,720 --> 01:03:08,680
people privacy is equally or even more

1282
01:03:06,790 --> 01:03:11,800
important than the pants themselves

1283
01:03:08,680 --> 01:03:16,330
because you know if you are in in a

1284
01:03:11,800 --> 01:03:20,440
regime is closing you your financial

1285
01:03:16,330 --> 01:03:22,720
information can bring you in prison that

1286
01:03:20,440 --> 01:03:26,859
could be that could be situational

1287
01:03:22,720 --> 01:03:30,369
policies more more valuable than the

1288
01:03:26,859 --> 01:03:33,040
world itself so I think having privacy

1289
01:03:30,369 --> 01:03:35,530
as an option in Supreme Court in the

1290
01:03:33,040 --> 01:03:37,690
null sex was combined with trust so if

1291
01:03:35,530 --> 01:03:39,700
if you're using a third-party service

1292
01:03:37,690 --> 01:03:41,710
it's not only about privacy it's also

1293
01:03:39,700 --> 01:03:44,980
about rustic received coins

1294
01:03:41,710 --> 01:03:46,570
it could meet those they could not show

1295
01:03:44,980 --> 01:03:49,810
you those or they could even show you

1296
01:03:46,570 --> 01:03:56,050
fake coins in terms of on control on

1297
01:03:49,810 --> 01:03:59,970
confront incoming new check cells yeah

1298
01:03:56,050 --> 01:04:03,430
and so I guess at a at a higher level

1299
01:03:59,970 --> 01:04:05,140
you know all of us in our team you

1300
01:04:03,430 --> 01:04:10,570
understand I especially but our whole

1301
01:04:05,140 --> 01:04:13,630
team is quite you know motivated by just

1302
01:04:10,570 --> 01:04:15,940
the whole cryptocurrency revolution I

1303
01:04:13,630 --> 01:04:18,520
guess you can use that word where we

1304
01:04:15,940 --> 01:04:20,859
think you know it's really early right

1305
01:04:18,520 --> 01:04:22,630
now a lot of the infrastructure a lot of

1306
01:04:20,859 --> 01:04:25,359
the tools still need to be put in place

1307
01:04:22,630 --> 01:04:27,520
so that it's easier for for the whole

1308
01:04:25,359 --> 01:04:30,070
world to take advantage of the

1309
01:04:27,520 --> 01:04:32,560
opportunities that cryptocurrencies in

1310
01:04:30,070 --> 01:04:33,859
Bitcoin present and so from a company

1311
01:04:32,560 --> 01:04:35,420
point of view

1312
01:04:33,859 --> 01:04:39,949
we really want to give these tools and

1313
01:04:35,420 --> 01:04:44,869
we think hardware especially will play a

1314
01:04:39,949 --> 01:04:48,910
crucial role and we think hardware is

1315
01:04:44,869 --> 01:04:53,289
the self sovereign Hardware is the best

1316
01:04:48,910 --> 01:04:55,939
solution available and so that includes

1317
01:04:53,289 --> 01:04:57,380
you know solving the security needs with

1318
01:04:55,939 --> 01:04:59,599
Hardware wallet solving the privacy

1319
01:04:57,380 --> 01:05:03,109
needs with the bit box space and full

1320
01:04:59,599 --> 01:05:07,519
nodes solving usability issues with our

1321
01:05:03,109 --> 01:05:08,839
bit box app and we think you know if you

1322
01:05:07,519 --> 01:05:10,699
look at what makes cryptocurrencies

1323
01:05:08,839 --> 01:05:12,529
special it's these these great

1324
01:05:10,699 --> 01:05:14,779
properties like being decentralized

1325
01:05:12,529 --> 01:05:17,989
being permissionless censorship

1326
01:05:14,779 --> 01:05:23,749
resistant and so on and we think if you

1327
01:05:17,989 --> 01:05:25,579
don't have you know self custody self

1328
01:05:23,749 --> 01:05:28,249
sovereign solutions if you don't hold

1329
01:05:25,579 --> 01:05:31,339
your own keys of course you don't not

1330
01:05:28,249 --> 01:05:33,410
your keys not your funds there can be

1331
01:05:31,339 --> 01:05:37,670
problems in the long run in the sense

1332
01:05:33,410 --> 01:05:40,489
that you know if everyone just puts

1333
01:05:37,670 --> 01:05:44,289
their funds on centralized exchanges you

1334
01:05:40,489 --> 01:05:47,539
can ignore all the hacking risks but

1335
01:05:44,289 --> 01:05:50,179
this is kind of a slippery slope back

1336
01:05:47,539 --> 01:05:52,729
into the traditional way of doing things

1337
01:05:50,179 --> 01:05:54,259
in the financial world and it's also a

1338
01:05:52,729 --> 01:05:56,539
slippery slope in the traditional way

1339
01:05:54,259 --> 01:05:59,779
that governments can exert control so

1340
01:05:56,539 --> 01:06:00,949
for example you know if you're a crypto

1341
01:05:59,779 --> 01:06:02,929
company trying to open a bank account

1342
01:06:00,949 --> 01:06:04,999
there's a whole bunch of hurdles you

1343
01:06:02,929 --> 01:06:06,589
have to go through in order to do that

1344
01:06:04,999 --> 01:06:09,679
and the government's really really

1345
01:06:06,589 --> 01:06:11,660
paying attention to everything and so

1346
01:06:09,679 --> 01:06:14,869
these these properties that make crypto

1347
01:06:11,660 --> 01:06:16,939
special slowly slowly fade away and we

1348
01:06:14,869 --> 01:06:19,519
think that the only way to prevent that

1349
01:06:16,939 --> 01:06:21,859
from happening is self sovereign

1350
01:06:19,519 --> 01:06:24,259
solutions and decentralized Hardware

1351
01:06:21,859 --> 01:06:29,150
also and so I guess that's that's kind

1352
01:06:24,259 --> 01:06:33,229
of a bigger picture motivation one of

1353
01:06:29,150 --> 01:06:36,890
the things in the question also was

1354
01:06:33,229 --> 01:06:39,049
something we called tip what tab stands

1355
01:06:36,890 --> 01:06:40,980
for is tamper-evident packaging and so

1356
01:06:39,049 --> 01:06:43,640
it is a

1357
01:06:40,980 --> 01:06:46,170
a physical object but it's not

1358
01:06:43,640 --> 01:06:51,200
electronic circuits it's quite simple

1359
01:06:46,170 --> 01:06:53,940
thing and one of the biggest issues in

1360
01:06:51,200 --> 01:06:56,490
Hardware wallet field but also in a

1361
01:06:53,940 --> 01:06:59,850
number of other fields is how do you

1362
01:06:56,490 --> 01:07:03,450
secure the supply chain and so how do

1363
01:06:59,850 --> 01:07:06,570
you protect against someone tampering or

1364
01:07:03,450 --> 01:07:09,840
replacing your device on the way from

1365
01:07:06,570 --> 01:07:11,930
being shipped to the user a really great

1366
01:07:09,840 --> 01:07:15,030
example that came out a year or two ago

1367
01:07:11,930 --> 01:07:17,970
was with one of Ledger's resellers where

1368
01:07:15,030 --> 01:07:20,460
the reseller opened the box they

1369
01:07:17,970 --> 01:07:22,530
programmed the device set up a wallet on

1370
01:07:20,460 --> 01:07:25,050
it they changed the instruction manual

1371
01:07:22,530 --> 01:07:26,730
and so when the device got to the user

1372
01:07:25,050 --> 01:07:30,119
if the instruction manual said you're

1373
01:07:26,730 --> 01:07:33,960
all set your wallets ready have fun

1374
01:07:30,119 --> 01:07:36,210
go go at it but of course the reseller

1375
01:07:33,960 --> 01:07:38,609
then had the private key so if you put

1376
01:07:36,210 --> 01:07:42,000
any coins on it the reseller could just

1377
01:07:38,609 --> 01:07:43,320
steal it and so you know device asked to

1378
01:07:42,000 --> 01:07:44,760
station and things like that they helped

1379
01:07:43,320 --> 01:07:48,330
but they don't they don't solve that

1380
01:07:44,760 --> 01:07:50,280
this particular situation and so we

1381
01:07:48,330 --> 01:07:51,960
tried to think of a solution that can

1382
01:07:50,280 --> 01:07:55,050
solve that and this is this temper of it

1383
01:07:51,960 --> 01:07:56,910
in packaging again we just launched

1384
01:07:55,050 --> 01:07:58,650
I guess alpha so we're shipping some

1385
01:07:56,910 --> 01:08:01,530
elephant devices for early testers to

1386
01:07:58,650 --> 01:08:04,950
people and on our website you can read

1387
01:08:01,530 --> 01:08:07,940
more about it the concept is I'd say

1388
01:08:04,950 --> 01:08:10,200
pretty simple where we have some kind of

1389
01:08:07,940 --> 01:08:12,800
it's hard to explain in words but it's

1390
01:08:10,200 --> 01:08:15,990
easy if you watch the video but to try

1391
01:08:12,800 --> 01:08:19,470
the concept is we have a little pouch

1392
01:08:15,990 --> 01:08:21,450
with some small beads in it you you

1393
01:08:19,470 --> 01:08:24,330
shake it up and so you get a lot of

1394
01:08:21,450 --> 01:08:26,580
entropy in the random pattern of these

1395
01:08:24,330 --> 01:08:27,870
small beads inside this pouch and then

1396
01:08:26,580 --> 01:08:30,000
you vacuum seal this whole thing

1397
01:08:27,870 --> 01:08:32,100
together with the the enclosure and

1398
01:08:30,000 --> 01:08:34,380
whatever you want to protect inside and

1399
01:08:32,100 --> 01:08:38,430
that locks into place what we call a

1400
01:08:34,380 --> 01:08:40,279
temporary fingerprint this pattern we

1401
01:08:38,430 --> 01:08:46,230
take a photo of that before it leaves

1402
01:08:40,279 --> 01:08:49,109
our warehouses and when the user gets it

1403
01:08:46,230 --> 01:08:51,630
there's a QR code they can go scan that

1404
01:08:49,109 --> 01:08:53,579
in they can see

1405
01:08:51,630 --> 01:08:56,130
what the picture looks like through our

1406
01:08:53,579 --> 01:08:58,230
through our website and they can compare

1407
01:08:56,130 --> 01:09:01,230
and they can look at the this temporary

1408
01:08:58,230 --> 01:09:03,569
fingerprint this pattern of the beads in

1409
01:09:01,230 --> 01:09:06,299
the pouch and they can see whether or

1410
01:09:03,569 --> 01:09:08,400
not the device was opened along the way

1411
01:09:06,299 --> 01:09:09,509
because in order to tap it with the

1412
01:09:08,400 --> 01:09:11,460
device you'll have to break the vacuum

1413
01:09:09,509 --> 01:09:17,089
and once you break the vacuum the

1414
01:09:11,460 --> 01:09:19,859
pattern will disappear all right so I

1415
01:09:17,089 --> 01:09:21,420
don't think the chap was around the last

1416
01:09:19,859 --> 01:09:25,560
time I check your website but it's

1417
01:09:21,420 --> 01:09:28,560
definitely interesting and somebody and

1418
01:09:25,560 --> 01:09:31,319
key tack once you know what your take is

1419
01:09:28,560 --> 01:09:34,020
on QR codes and if you think this is a

1420
01:09:31,319 --> 01:09:35,730
few future step for hardware developers

1421
01:09:34,020 --> 01:09:39,779
I'm not sure what he means but you

1422
01:09:35,730 --> 01:09:43,560
possibly know better yeah yeah I think I

1423
01:09:39,779 --> 01:09:45,119
know what it means I mean usually the

1424
01:09:43,560 --> 01:09:46,949
problem is how you get unsigned

1425
01:09:45,119 --> 01:09:51,329
transactions into your harbor wallet

1426
01:09:46,949 --> 01:09:54,119
most several vendors currently use a USB

1427
01:09:51,329 --> 01:09:57,449
port so you connect to your computer

1428
01:09:54,119 --> 01:09:59,670
through USB and we all the other odds

1429
01:09:57,449 --> 01:10:01,770
consider that is an insecure port so

1430
01:09:59,670 --> 01:10:05,090
whatever comes in there will be verified

1431
01:10:01,770 --> 01:10:08,730
on the device with the on screen

1432
01:10:05,090 --> 01:10:12,210
approach or you can use the SD card

1433
01:10:08,730 --> 01:10:15,119
approach that has mainly Colcord uses

1434
01:10:12,210 --> 01:10:18,300
with the PSP T's and the third approach

1435
01:10:15,119 --> 01:10:20,610
would be using QR codes so imagine your

1436
01:10:18,300 --> 01:10:23,280
wall could display your bottom the

1437
01:10:20,610 --> 01:10:23,909
desktop could display a bunch of fewer

1438
01:10:23,280 --> 01:10:25,920
codes

1439
01:10:23,909 --> 01:10:29,940
you read those to enforce with your

1440
01:10:25,920 --> 01:10:31,920
hover wall and this would kind of bypass

1441
01:10:29,940 --> 01:10:35,280
the whole need for a cable or you can

1442
01:10:31,920 --> 01:10:37,440
connect it to your computer this is kind

1443
01:10:35,280 --> 01:10:39,840
of a nice approach but also has problems

1444
01:10:37,440 --> 01:10:42,060
I mean they're they're work off secure

1445
01:10:39,840 --> 01:10:44,940
code libraries where actually reading a

1446
01:10:42,060 --> 01:10:47,460
pure code could produce about for

1447
01:10:44,940 --> 01:10:51,060
overflow maybe in the worst case could

1448
01:10:47,460 --> 01:10:55,230
make you could corrode your device in

1449
01:10:51,060 --> 01:10:56,940
the worst case so I think pure code is

1450
01:10:55,230 --> 01:11:00,330
not safe for many types of

1451
01:10:56,940 --> 01:11:04,170
vulnerabilities but it would be cool

1452
01:11:00,330 --> 01:11:05,410
we how you could ever get your device

1453
01:11:04,170 --> 01:11:06,790
yeah

1454
01:11:05,410 --> 01:11:08,560
so just to expand on that I think

1455
01:11:06,790 --> 01:11:12,370
psychologically air-gap in your device

1456
01:11:08,560 --> 01:11:15,880
by only reading QR codes and displaying

1457
01:11:12,370 --> 01:11:20,050
QR codes is a nice concept but I think

1458
01:11:15,880 --> 01:11:23,380
in the end it's just a different way to

1459
01:11:20,050 --> 01:11:26,020
transmit data from your computer to a

1460
01:11:23,380 --> 01:11:28,660
device and so you still need to transfer

1461
01:11:26,020 --> 01:11:30,190
the same types of data which is what is

1462
01:11:28,660 --> 01:11:33,070
the transaction how much do you want to

1463
01:11:30,190 --> 01:11:36,750
send and things like that and so a lot

1464
01:11:33,070 --> 01:11:41,490
of the like attack vectors having a cure

1465
01:11:36,750 --> 01:11:44,530
code modality it doesn't really change

1466
01:11:41,490 --> 01:11:47,430
these attack vectors and so it's still

1467
01:11:44,530 --> 01:11:49,720
the same data and so it's how the

1468
01:11:47,430 --> 01:11:52,330
microcontroller on the hardware wallet

1469
01:11:49,720 --> 01:11:54,670
interprets that data which is where the

1470
01:11:52,330 --> 01:11:56,440
the attack would come in and that would

1471
01:11:54,670 --> 01:12:01,120
be the same if you're using a USB cable

1472
01:11:56,440 --> 01:12:04,150
or a QR code reader of course a big

1473
01:12:01,120 --> 01:12:06,610
difference then is the bandwidth and so

1474
01:12:04,150 --> 01:12:10,720
if your code reader has a lot lower

1475
01:12:06,610 --> 01:12:12,730
bandwidth then the USB so you don't need

1476
01:12:10,720 --> 01:12:14,260
too much bandwidth or for Hardware all

1477
01:12:12,730 --> 01:12:16,900
the transactions sometimes you do but

1478
01:12:14,260 --> 01:12:19,240
usually that's not really an issue and

1479
01:12:16,900 --> 01:12:23,800
so one of the advantages there I guess

1480
01:12:19,240 --> 01:12:29,140
would be time wise a bit less time to

1481
01:12:23,800 --> 01:12:32,670
actually perform an attack but in the

1482
01:12:29,140 --> 01:12:36,550
end a lot of the attacks are are similar

1483
01:12:32,670 --> 01:12:39,940
so I know that I'm not going to name any

1484
01:12:36,550 --> 01:12:41,500
names but a very important person for a

1485
01:12:39,940 --> 01:12:44,380
very important Hardware wallet

1486
01:12:41,500 --> 01:12:47,620
manufacturer said that users can

1487
01:12:44,380 --> 01:12:49,360
basically just go on eBay and buy used

1488
01:12:47,620 --> 01:12:52,330
hardware wallets and they're going to be

1489
01:12:49,360 --> 01:12:55,330
safe are you going to make any kind of

1490
01:12:52,330 --> 01:12:59,210
recommendations like that

1491
01:12:55,330 --> 01:13:03,800
never you wanna see want to go into

1492
01:12:59,210 --> 01:13:08,239
depth oh yeah I think to the supply

1493
01:13:03,800 --> 01:13:10,639
chain it's just too high yeah it's very

1494
01:13:08,239 --> 01:13:13,219
complicated but I would that be not like

1495
01:13:10,639 --> 01:13:17,449
coming to buy second like secondhand

1496
01:13:13,219 --> 01:13:21,679
awards yeah so the it brings up the

1497
01:13:17,449 --> 01:13:25,239
concept again that you know given enough

1498
01:13:21,679 --> 01:13:28,820
time and money anything can be act also

1499
01:13:25,239 --> 01:13:31,790
things can be forged and so you can you

1500
01:13:28,820 --> 01:13:32,989
can make imitations of different

1501
01:13:31,790 --> 01:13:36,639
hardware wallets I think that happened

1502
01:13:32,989 --> 01:13:41,060
to treasure in the past and so buying

1503
01:13:36,639 --> 01:13:45,949
buying a used hardware wallet on eBay or

1504
01:13:41,060 --> 01:13:49,730
whatever all of these different types of

1505
01:13:45,949 --> 01:13:53,210
attacks are possible a forged device you

1506
01:13:49,730 --> 01:13:55,280
know some kind of modified device or you

1507
01:13:53,210 --> 01:14:01,130
know a preset up wallet with different

1508
01:13:55,280 --> 01:14:04,850
seeds reprogrammed device it's is quite

1509
01:14:01,130 --> 01:14:06,139
I wouldn't risk it so I mean for for

1510
01:14:04,850 --> 01:14:09,320
small amounts of funds it's probably

1511
01:14:06,139 --> 01:14:11,900
okay but um I just wouldn't trust that

1512
01:14:09,320 --> 01:14:15,530
for for any significant holding any

1513
01:14:11,900 --> 01:14:20,659
significant amount of funds I just love

1514
01:14:15,530 --> 01:14:21,080
the skepticism in this space yeah it's

1515
01:14:20,659 --> 01:14:22,909
crazy

1516
01:14:21,080 --> 01:14:25,280
and it also brings up the question was

1517
01:14:22,909 --> 01:14:27,190
in second hand you know obviously the

1518
01:14:25,280 --> 01:14:30,530
fingers like somebody has used it before

1519
01:14:27,190 --> 01:14:32,980
but it's also the question what if you

1520
01:14:30,530 --> 01:14:35,900
buy it from the resellers oh it's like

1521
01:14:32,980 --> 01:14:38,270
getting in the same direction obviously

1522
01:14:35,900 --> 01:14:41,389
it's not because the product is still

1523
01:14:38,270 --> 01:14:46,190
sealed in in some ways but I mean seals

1524
01:14:41,389 --> 01:14:48,440
talked about easy to reseal or not but I

1525
01:14:46,190 --> 01:14:51,830
think we we've did the max we could to

1526
01:14:48,440 --> 01:14:53,650
make sure the product cannot be spoofed

1527
01:14:51,830 --> 01:14:56,210
in any ways in terms of loading

1528
01:14:53,650 --> 01:14:58,639
different farmers it's impossible

1529
01:14:56,210 --> 01:15:01,130
without all the wallet and it should be

1530
01:14:58,639 --> 01:15:02,920
very easy to visually inspect at it it

1531
01:15:01,130 --> 01:15:06,190
is okay but again

1532
01:15:02,920 --> 01:15:08,380
it's just impossible you know we can't

1533
01:15:06,190 --> 01:15:12,670
say impossible just try to make it very

1534
01:15:08,380 --> 01:15:15,460
very hard all right so we mentioned

1535
01:15:12,670 --> 01:15:17,590
purchase saying the bed box up to where

1536
01:15:15,460 --> 01:15:21,550
it can people listening to this get the

1537
01:15:17,590 --> 01:15:24,490
device so go to our website shift

1538
01:15:21,550 --> 01:15:26,320
cryptid CH you'll see a SHOP link and

1539
01:15:24,490 --> 01:15:28,510
you can buy our device there along with

1540
01:15:26,320 --> 01:15:32,890
some some interesting little accessories

1541
01:15:28,510 --> 01:15:34,720
also also that link will bring you to a

1542
01:15:32,890 --> 01:15:37,000
different list of resellers we have

1543
01:15:34,720 --> 01:15:41,200
around the world and so an advantage of

1544
01:15:37,000 --> 01:15:43,270
a reseller is a bit cheaper shipping

1545
01:15:41,200 --> 01:15:45,370
costs if you can find one in your own

1546
01:15:43,270 --> 01:15:46,950
area but yeah check out our website

1547
01:15:45,370 --> 01:15:50,200
shift crypto th

1548
01:15:46,950 --> 01:15:52,990
we also sell devices at conferences that

1549
01:15:50,200 --> 01:15:54,990
you attend or in places where people can

1550
01:15:52,990 --> 01:16:01,240
buy without signing up with their

1551
01:15:54,990 --> 01:16:06,630
address and full name or the delivery he

1552
01:16:01,240 --> 01:16:12,280
yes so at the conferences we attend we

1553
01:16:06,630 --> 01:16:13,720
do sell a limited number of devices also

1554
01:16:12,280 --> 01:16:16,620
if you're in Switzerland one of our

1555
01:16:13,720 --> 01:16:19,090
resellers has set up an anonymous way to

1556
01:16:16,620 --> 01:16:20,260
purchase devices so you could you can

1557
01:16:19,090 --> 01:16:22,560
check that out through our reseller

1558
01:16:20,260 --> 01:16:22,560
links

1559
01:16:23,229 --> 01:16:30,999
all right I think the last question

1560
01:16:25,479 --> 01:16:31,630
belongs to static us and I okay this is

1561
01:16:30,999 --> 01:16:35,499
Fred

1562
01:16:31,630 --> 01:16:37,840
oh it's did a gif on Twitter and asked

1563
01:16:35,499 --> 01:16:46,090
if this is a tag team or a versus

1564
01:16:37,840 --> 01:16:48,880
podcast mode I didn't see the gifts I

1565
01:16:46,090 --> 01:16:54,639
can't comment static is is one of our

1566
01:16:48,880 --> 01:16:58,570
team members for those not aware yeah he

1567
01:16:54,639 --> 01:17:00,010
works on the bit box project Knox did

1568
01:16:58,570 --> 01:17:05,079
backspace use the project lead on that

1569
01:17:00,010 --> 01:17:10,719
yeah so I'm sorry aesthetics I don't get

1570
01:17:05,079 --> 01:17:13,059
the question I'm going to you because he

1571
01:17:10,719 --> 01:17:15,369
also a spear the winner gets the Lambo

1572
01:17:13,059 --> 01:17:18,400
and I'm not Turk you saw the title card

1573
01:17:15,369 --> 01:17:20,699
but it has a retro 1980s Lambo in the

1574
01:17:18,400 --> 01:17:20,699
middle

1575
01:17:21,269 --> 01:17:27,510
you probably don't spend much time on

1576
01:17:23,739 --> 01:17:27,510
Twitter which is possibly for the best

1577
01:17:29,849 --> 01:17:37,900
out there

1578
01:17:31,059 --> 01:17:40,329
yeah I don't have any more questions for

1579
01:17:37,900 --> 01:17:45,159
you if you have anything to add before

1580
01:17:40,329 --> 01:17:46,690
we wrap up this interview now as a

1581
01:17:45,159 --> 01:17:49,030
pleasure talking to you that it was

1582
01:17:46,690 --> 01:17:51,159
great getting to know you at the last

1583
01:17:49,030 --> 01:17:52,209
conference and so thank you very much

1584
01:17:51,159 --> 01:17:54,369
for this opportunity

1585
01:17:52,209 --> 01:17:56,920
look forward to talking with you a lot

1586
01:17:54,369 --> 01:18:00,639
in the future also yeah thank you very

1587
01:17:56,920 --> 01:18:03,459
much flat for doing this appreciate when

1588
01:18:00,639 --> 01:18:06,599
we said it at the same time so it must

1589
01:18:03,459 --> 01:18:06,599
be me to also thank you

1590
01:18:09,170 --> 01:18:23,480
let's hear a few words from the show's

1591
01:18:11,389 --> 01:18:24,619
sponsors LX mi is a European public

1592
01:18:23,480 --> 01:18:27,530
currency exchange

1593
01:18:24,619 --> 01:18:30,409
whose name is inspired by Laxmi the

1594
01:18:27,530 --> 01:18:33,650
Hindu goddess of wealth good fortune and

1595
01:18:30,409 --> 01:18:36,590
prosperity it's one of the regulates in

1596
01:18:33,650 --> 01:18:39,530
an illegal crypto currency exchanges on

1597
01:18:36,590 --> 01:18:42,380
lxm ID you can buy bitcoins with most

1598
01:18:39,530 --> 01:18:45,320
currencies and you can also do trading

1599
01:18:42,380 --> 01:18:47,000
with top out coins they follow the

1600
01:18:45,320 --> 01:18:49,159
natural keys not your bitcoins

1601
01:18:47,000 --> 01:18:51,530
philosophy but they're integrated

1602
01:18:49,159 --> 01:18:54,380
noncustodial wallet which helps you

1603
01:18:51,530 --> 01:18:56,540
manage your own private keys so if

1604
01:18:54,380 --> 01:18:59,030
you're into trading then you don't have

1605
01:18:56,540 --> 01:19:02,360
to worry about having your crypto frozen

1606
01:18:59,030 --> 01:19:04,219
by whatever political decisions since

1607
01:19:02,360 --> 01:19:07,670
you're empowered to hold and move your

1608
01:19:04,219 --> 01:19:10,100
coins whenever you wish it's great to

1609
01:19:07,670 --> 01:19:13,310
have new players like LX mi that

1610
01:19:10,100 --> 01:19:16,429
respects your financial sovereignty LX

1611
01:19:13,310 --> 01:19:20,270
mi is launching in 2020 and for more

1612
01:19:16,429 --> 01:19:24,139
information please check out L X M I dot

1613
01:19:20,270 --> 01:19:26,090
IO if you're not into trading it's

1614
01:19:24,139 --> 01:19:28,580
recommended to move your points to a

1615
01:19:26,090 --> 01:19:31,340
hardware wallet or some other form of

1616
01:19:28,580 --> 01:19:34,369
hole storage and in this episode you're

1617
01:19:31,340 --> 01:19:36,260
about to find out why please keep in

1618
01:19:34,369 --> 01:19:38,810
mind that this is just an ad for a

1619
01:19:36,260 --> 01:19:41,000
sponsor of the show it's not meant to

1620
01:19:38,810 --> 01:19:42,560
serve as financial advice and you're

1621
01:19:41,000 --> 01:19:45,710
responsible to do your own research

1622
01:19:42,560 --> 01:19:47,440
before buying anything and act according

1623
01:19:45,710 --> 01:19:50,210
to your own decisions

1624
01:19:47,440 --> 01:19:53,920
embrace your financial sovereignty with

1625
01:19:50,210 --> 01:19:53,920
agency and precaution

1626
01:19:53,999 --> 01:20:00,519
hey you looking for the simplest way to

1627
01:19:57,760 --> 01:20:03,340
get started sending Satoshi's on the

1628
01:20:00,519 --> 01:20:06,360
Lightning Network then sign up with your

1629
01:20:03,340 --> 01:20:08,889
social account on bottle pain now

1630
01:20:06,360 --> 01:20:11,289
autoplay is your premium lightning

1631
01:20:08,889 --> 01:20:14,619
service for unfairly cheap and

1632
01:20:11,289 --> 01:20:16,780
effortless mid-point payments it is

1633
01:20:14,619 --> 01:20:18,940
powerful enough to offer all of the

1634
01:20:16,780 --> 01:20:21,820
payment features you need while also

1635
01:20:18,940 --> 01:20:25,179
being simple enough for no coiners to

1636
01:20:21,820 --> 01:20:28,989
understand no more confusion and

1637
01:20:25,179 --> 01:20:32,260
headaches sensitive she's instantly to

1638
01:20:28,989 --> 01:20:35,409
anyone on a supportive social network in

1639
01:20:32,260 --> 01:20:38,920
a couple of clicks log in today at

1640
01:20:35,409 --> 01:20:41,800
bottle da Li and receive 1000 free

1641
01:20:38,920 --> 01:20:45,249
satoshis to get you started sending and

1642
01:20:41,800 --> 01:20:48,389
receiving bitcoins follow the steps to

1643
01:20:45,249 --> 01:20:52,090
become a power user and earn even more

1644
01:20:48,389 --> 01:20:54,300
head over to bottle l/i and get started

1645
01:20:52,090 --> 01:20:54,300
now

Share:
Written by Vlad
I like Bitcoin and I'm doing this podcast. Message me on Twitter if you'd like to be a guest.