S8 E5: Zach Herbert on the Foundation Devices’ Passport

In a market that seems to be oversaturated with hardware wallets, Foundation Devices CEO Zach Herbert comes with a bold plan: to become the Apple of Bitcoin security by providing a premium and intuitive experience without making too many compromises. In this regard, the Passport is a lot like MacOS next to more technical Unix-based operating systems.

Technically, the Passport by Foundation Devices makes use of existing open source code from Coldcard and Trezor. From a connectivity point of view, it removes the micro USB port and goes full PSBT with a micro SD card and a camera which scans QR codes. But from a user interface standpoint, it promises to be a lot smoother and easier to navigate. After all, a Passport costs about 3 times more than a Coldcard – so it should offer some extra bells and whistles that provide the power user features without the same technical requirements.

What I find interesting about the Passport is the form factor – it looks like a mobile phone which precedes the smartphone era. And given the increasing popularity of simple phones that only take calls and text messages, it can easily get confused with one of the modern Nokias. The Passport also works with AAA batteries and features input via physical keyboard, so it definitely feels like Foundation Devices’ approach to designing the hardware wallet of tomorrow is to look into the security quirks that were very popular in the early 2000s.

The only major tradeoff of which I am aware is the existence of the ATEC 608A security chip, which reduces the auditability of the device. It’s a compromise that you also find in the BitBox02 and Coldcard, but it’s there for the sake of improving the default physical security. Ideally, everything should be as open source and auditable as the Trezor – but it will take another year or two until their Tropic Square open source chips get launched, so until then we still need to choose our tradeoffs.

In this interview, Zach Herbert is noticeably honest about what the Foundation Devices Passport is and what it does. He explains that, on a scale from 1 to 10 which defines the open source nature of the hardware wallet, the Passport is an 8 or a 9. He also acknowledges the merit that other devices have and makes it clear that his mission is to provide the least compromising combination of accessibility and security.

After the traditional “tell me what the competition does well and what your device does better” comparison, Zach Herbert and I also talk about multisig setups, Shamir Secret Sharing, and the merits of the wallet.fail team which happens to review the security of the Passport.

The Foundation Devices Passport is scheduled to ship sometime in April 2021 and it will definitely be interesting to see how the market reacts to this new player and to which extent the security gets improved by yet another team that works with open source code. No matter which device you prefer, you can be certain that more research and development will lead to the identification of more issues whose fixes make everyone’s hardware wallet a lot safer. It’s all part of the open source ethos.

Listen to Zach Herbert on Spotify and Apple Podcasts!

If you don’t have an account on these streaming platforms, feel free to use my RSS feed. Not only that it’s completely free, requires no signup, and you have a download button for offline listening on your favorite MP3 player.

It also grants you the best privacy, as you don’t get tracked and nobody is going to monitor your listening behavior. I strongly recommend you to use the free and open source Tor browser while you’re at it, so your IP address also gets obscured.

Sure, it’s not as great for my statistics. But your privacy is a lot more important to me than my metrics on Spotify and Apple Podcasts.

However, if you do use Apple Podcasts or Spotify, then please leave a feedback. It isn’t only about the vanity metrics – the 2 minutes that you spend leaving a review will also boost the content and help others discover it. It’s your way of making sure that others would also find the interview and learn all the precious information from it.

This Episode is Sponsored by Vaultoro and Wasabi Wallet!

Want to learn more about the values of the two companies? I have recorded episodes with both Joshua Scigala (Vaultoro CEO) and Nopara73 (Wasabi Wallet creator).

If you would like to support the show and you’re into trading hard money like bitcoin, gold, and silver, then sign up to Vaultoro using my referral link. Vaultoro will help you forget about shitcoins and focus on sound money. They also allow you topick up your gold bars or have them shipped to your address, so you don’t have to trust any custodian with your money. Keep in mind that you are responsible for your own decisions and I am not providing you financial advice.

And if you would like to increase your network and transaction privacy, you should download Wasabi Wallet on your computer. It routes your connection through the Tor network to hide your IP, it downloads block filters so you validate your own transactions locally without appealing to a trusted third party, and it also connects to your own full node to boost your financial sovereignty. Wasabi is best known for its link-breaking CoinJoins, which are giving a hard time even to the EuroPol. Use the wallet to increase your financial sovereignty, but don’t do any illegal stuff – use your financial sovereignty with responsibility (also read the Wasabi terms of service).

Time Stamps for My Interview with Zach Herbert:

00:00 – Intro

03:40 – What was the initial reception like for the Foundation Devices Passport?

05:25 – The global chip shortage and hardware wallets

07:22 – Why launch another hardware wallet?

11:20 – Does the Foundation Devices Passport work with third party wallets like Wasabi, Electrum, and Blue Wallet?

14:00 – Why does the Passport sign transactions with an SD card or QR codes that you scan with the embedded camera?

16:20 – What kind of secure element chip does the Foundation Devices Passport use?

18:29 – From 1 to 10, how open source and transparent is the Passport hardware wallet?

20:40 – Tropic Square’s TASSIC chip and bunnie’s Precursor project

25:25 – Foundation Devices Passport vs Trezor

28:24 – Foundation Devices Passport vs Ledger

32:00 – Foundation Devices Passport vs Coldcard

39:17 – Is Foundation Devices Passport giving away bounties to ethical hackers?

41:47 – Passport’s security audit being made by the wallet.fail hackers

47:15 – Foundation Devices Passport vs BitBox02

52:07 – Why use hardware wallets when you can do cheaper DIY projects? 

56:03 – Should we load up on hardware wallets before supply chain attacks become a lot more common?

57:00 – Are multisig setups a silver bullet for security? What about Shamir Secret Sharing?

1:00:30 – The surprise gift that comes with the first batch of Passports

1:01:30 – How can you get more privacy when ordering the Passport from Foundation Devices?

1:07:16 – What should we expect next from Foundation Devices? (node, phone & more)