This is a transcription of our live "Ask Me Anything", hosted on August 26th, 2021 by Douglas, inventor of the original Bitbox and co-founder and CEO of Shift Crypto, and Stadicus, co-founder and product lead of Shift Crypto.
You can also watch the replay of the live AMA.
Table of Contents
- How secure are hardware wallets from material corruption or malfunction?
- What software wallets do the Shift Crypto team recommend?
- I'm having problems persuading newcomers to evolve from having their Bitcoin in exchanges to the BitBox02, what would you recommend to say to these people?
- Can I use my BitBox02 24-word Backup in a Ledger Nano S, and use it as a second hardware wallet?
- Where is the BitBox assembled?
- What's the risk of a disgruntled or rogue Shift Crypto employee creating malicious units undetected?
- What are the advantages of using your own node in conjunction with the Bitbox other than securing the network and verifying transactions yourself?
- Can I control transaction fees on the BitBox02 when I want to transfer between BitBox and an Exchange?
- How many backups do you recommend and what are the places you'd say people should store these?
- How do steel wallets work?
- A new US infrastructure bill requires hardware wallet makers to retain customer information. For US Citizens who already own Bitbox, would their Bitbox stop working or stop getting updates?
- Is any data exposed to the computer where the app is running? E.g. could someone who later uses my computer view my BTC balances?
- If buying BTC is available via the BitBox, how does one pay for BTC? Is it via stablecoin balance on the wallet or separately with a credit card?
- How can you get coins anonymously?
- Does the optional passphrase further secure BIP39 or just the HD wallet?
- Can you go into the reproducible builds with BitBox?
- What damage could malicious firmware potentially do if it somehow got pushed? Could it steal my funds or is there any security in the physical hardware itself?
- Can I download the BitBox app on my mobile phone and connect the wallet to it?
- Do you think there's a real opportunity for governments to create legislation to prohibit cryptocurrency?
The following is a transcription of the live AMA, edited slightly for readability.
What is Shift Crypto?
Douglas: We make hardware wallets - we consider these to be the safest way to hold and use cryptocurrencies. We're very happy to try to answer your questions if you have any about that, and our goal is to build hardware and software products that make using cryptocurrencies simple.
Oftentimes people say it’s security versus usability when it comes to hardware wallets, and you can’t have both. I don't believe that. Which is why I founded the company; because I think that's a false dichotomy and we're trying to make using cryptocurrencies as easy as possible.
#1 How secure are hardware wallets from material corruption or malfunction?
Douglas: So I think this has two aspects. One is on the hardware itself. One is on the software.
Starting with the hardware, it's inevitable with any hardware device (your phone or hardware wallet, or whatever) that there'll be some material effects because there's a lot of parts that go into it. A common one is the screen — it's hard to get screens exactly right. So all manufacturers have a lot of quality control processes in place.
We're quite lucky to have really great suppliers that we can work with to improve manufacturing, but things do go bad. We had a small instance where one batch of screens wouldn’t light up after a couple of tries, but we got that under control. These defects should get detected early, ideally during quality control before we even ship it. And if all is good, there should be a long lifespan.
In our case, and I'm sure others, we do quite extensive endurance testing. We'll stick the device in tumbler machines for months on end and just keep shuffling them around. We do temperature cycling — the washing machine test also. We're quite happy with the build of our products.
On the software side, I guess what people have to worry about is that your computer can malfunction over time. But in the end, as long as you have a backup, that shouldn't even really matter. That said, since the hardware can last so long, the software should also. One of the common things people worry about is cosmic radiation coming down and getting your device. This is a really rare occurrence, but if that did happen, we're still pretty safe in our case. The code on the device, called the firmware, has a checksum signature. So if even one bit gets flipped, the device is not going to start up and it's going to ask you to re-download the firmware, which all happens automatically. So you don't have to worry about that!
Another benefit of the BitBox02 is if someone tries to load up a malicious firmware entry device it also won’t work, because it's not going to pass the signal. The secrets on the device, in particular the seed, which was the basis of all of your addresses and the keys to your coins, is also protected with the checksum. So if something goes wrong there it would be detected. You won't end up with a completely different wallet and sending coins somewhere that you couldn't access in the future. And we've never had any reports of that occurring. I think it's really rare, but even if it does happen, as long as you have the backup, you’re safe. For us, we have a micro SD backup with a really, really, really easy process for setting up and using your wallet.
You can also write stuff onto a piece of paper. The piece of paper can last for centuries, millennia even, as long as you use archival paper and pencil. And the SD card itself, we've talked to the manufacturers and that will last many decades.
#2 What software wallets do the Shift Crypto team recommend?
Douglas: So we make hardware wallets and a software app, but of course we want to keep the AMA kind of neutral and talk about the space as a whole.
Stadicus: Software wallets are essential. Even if you have a hardware wallet, you still need a software wallet. Even if it doesn't know the secret, because the secret is outsourced to the hardware wallet. There are so many options out there, and I think it really depends on your use case.
So in my personal, everyday Bitcoin usage, I use multiple BitBoxes. I use them with the BitBoxApp, but I also use them in a multisig setup. So, for example, Sparrow Wallet for Bitcoin is a really, really good option. I really love Sparrow. It's simple, it's straightforward, and it has lots of advanced features. It also allows you to have a hot wallet, which is usually not secure, so it's better for lower funds, but you can use it with your hardware wallet. In general, I wouldn't really recommend a desktop wallet to be used as a hot wallet. So I only use these in combination with a hardware wallet.
I think there's like a really good use case for mobile wallets, especially in Bitcoin, if you combine them with the Lightning Network, which is not really compatible with hardware wallets. So on my phone, I have a ton of wallets, but the one that I actually use is BlueWallet. It's a really good one. It’s just a hot wallet for on-chain, but also for Lightning.
And the one I recommend mostly to newcomers is MUUN, because it's the most simple Lightning wallet to set up I've ever experienced. It doesn't even have the distinction between on-chain and off-chain, meaning Lightning. So you just send and receive and that's it, which is really good.
When it comes to altcoins,I have to admit I'm not really that versed. I think there are just standard wallets out there, like MyEtherWallet, Exodus, also of course, the native wallets that are built by the developers of the different altcoin blockchains. But, I would say I'm not really the expert in that, so I'm more comfortable recommending Bitcoin wallets.
#3 I'm having problems persuading newcomers to evolve from having their Bitcoin in exchanges to the BitBox02, what would you recommend to say to these people?
Stadicus: We actually have a blog post on the typical stages of how you get into crypto. Because most people buy crypto on an exchange, the most convenient way to store funds is to just use the exchange’s wallet and leave your coins there. Of course, we don't recommend that, otherwise we wouldn't have founded a hardware wallet company.
The main issues I see there, and what I would tell these people, might be a bit off-putting, because it makes novices question what crypto really is. If you have Bitcoin or any other cryptocurrency, it's an asset and if you hold it yourself, it's yours. You don't need to ask anyone for permission to do whatever you want with it. However, if you have it on an exchange it's not really yours — you don't own your Bitcoin. Instead, the exchange has an IOU for you and if you ask nicely, they might send your coins to you in the future. And they probably will send it to you. Unless they have been hacked, which happens all the time.
Binance just added a ton of additional KYC requirements. Now you need to upload your passport and all that stuff. Otherwise you aren't able to withdraw your coins. So they're not really yours. And you also can't really use it to do everyday payments because usually, exchanges subtract the fees from the amount and then you're sending the wrong amount and that leads to a lot of follow-up issues with merchants. So for me, it's really about holding my own keys, holding my own coins. These are mine. I know I have them and I can hold them for decades without asking anyone. For me, that's the main reason.
Douglas: There are different perspectives and different ways to look at it.
Coinbase, in the US, is the number one exchange. They were just in the news a couple of days ago because people lost their funds — someone lost $35,000, someone lost $200,000 and so on and so on.
There's thousands of these cases. And the reason for that is not the exchange itself getting hacked (although, if you look at history, there's been billions that have been lost by exchanges getting hacked). And billions have been lost by exchange operators deciding to say “Hey, I have the keys for these coins. I'm just gonna disappear”, and they run away and all their customers lose their funds. This happened in Canada and in South Africa this year. On Coinbase, people lost their funds because their personal devices were hacked. So their mobile phones got hacked by something called a SIM swap, where someone basically takes over the phone and then they can log into their Coinbase account and steal the funds. Coinbase is getting a lot of heat because they say, well, we can't do anything about it.
I think they're getting heat because people just don't understand that gone is gone. And cryptocurrency, which is also what makes crypto really special, is decentralized. There's no central gatekeeper. That means if someone gets access, gone is gone. And so on an exchange, even one with great security, and listed on the NASDAQ stock exchange, people can lose money.
So that's one way to look at it. I would say another way to look at it is, at least from what I hear, a lot of people are just kind of scared of holding their own keys. They’d rather trust someone else to do it, even though history is not on their side for that. Part of our job is to try to make it easy. We tried really hard to make the setup of the BitBox as painless as possible. It only takes a few minutes to get up and running and you're all set! Of course, you know, I don't want to say that we're perfect. We have things to improve and we're happy to hear feedback about what we can improve, but that's our goal and I think that's also the goal of other hardware wallets to get to that point.
Stadicus: I want to stress, we don't want to bash exchanges. They definitely have their role in the space. They're great to get started and to buy your coins and, if you're into trading, do your trading. I just wouldn't leave my life savings on there.
#4 Can I use my BitBox02 24-word Backup in a Ledger Nano S, and use it as a second hardware wallet?
Douglas: I haven't used a Ledger in a little while, but the answer should be yes.
All the main hardware wallets on the market adhere to a standard, defined by a Bitcoin Improvement Protocol, commonly called a “BIP”. Basically it makes a standard format for backups that you can use for any hardware wallet.
Stadicus: We generally do not recommend to use the same seed on the BitBox and on a different hardware wallet because that basically lowers the security by extending your attack surface. So if one device is hacked, the security of the other device doesn't bring you anything. What is very important is that it's possible to restore your backup in a Ledger. So what we try to avoid in any circumstances is that it's a vendor lock in. I would recommend keeping your seed on the BitBox, and doing proper backups. And if in, let's say, a hundred years Shift Crypto isn’t around anymore, you'll still be able to recover your backup on any other wallet that supports the same standard, which is basically every modern wallet. I wouldn't have the same seed on two devices at the same time.
#5 Where is the BitBox assembled?
Stadicus: We're really proud to create a product that is officially made in Switzerland. This label is not given lightly. The whole manufacturing process of the device, quality control, engineering, design — the whole team is located in Switzerland.
And we have a very, very close eye on every step of the supply chain. So you'll really get a Swiss made device that is not shipped around the world before you actually hold it in your hands.
#6 What's the risk of a disgruntled or rogue Shift Crypto employee creating malicious units undetected?
Douglas: This is something we, as a company, need to be aware of and why we have quality control not only on the product itself, but in our processes. And we do this quality control in a number of ways:
Our manufacturers are just down the road from us, and the crucial step of the initial programming, we do ourselves. We don't let anyone else do that. And our process of doing that, when you load firmware onto a device, it has to be signed. I mentioned signatures before, and it's not only a single signature, it's a multi-signature set up. So what that means is multiple people from our company have to look at the code, download it themselves, and make sure everything is right. They have to verify it and sign it themselves and then upload it.
Part of our goal is trying as much as possible to create a situation where you don't have to trust us. What we do is make our code open source. So you can go to GitHub and see our code there. We also make what's called deterministic builds. That means if you decide to build it yourself, you can verify that what we say is in the device is actually what is in the box. Through this whole process, we kind of allow others to verify what we’re saying is true.
Of course, part of the question is that most customers probably aren't going to download codes themselves and go through those steps. But we make it open-source so some people in the community who do care, can check that and report publicly if there’s anything wrong.
I would say a related risk, not necessarily in our company, but in the supply chain, would be if someone from UPS or Customs decides to switch out the package with a fake device. What we have is something called attestation check. So every time you plug your BitBox into a computer, there's a challenge from the app itself that can detect compromised devices. So there's a secret loaded onto the device when it's programmed, and every time it's plugged in the BitBoxApp checks if it's correct.
#7 What are the advantages of using your own node in conjunction with the BitBox other than securing the network and verifying transactions yourself?
Stadicus: The BitBox App I think was the first hardware wallet companion app that allowed you to just get rid of all the company servers that we run, for your convenience, and just connect to your own full node. I think that's really important. This is exactly what decentralization is all about. It's not really about adding security, because even if you're using a random Electrum server or even the Shift Crypto servers, the app still can check if you're on a totally malicious blockchain. But, full nodes come in when you really want to enforce your own consensus rules.
So you download a Bitcoin client on your node, Bitcoin Core, for example. This is the consensus you want to enforce, but just running it doesn't really help because you need to be able to verify incoming transactions against these consensus rules. And if they don't follow your rules, you need to be able to reject them.
If you do that for all the small stuff, but not for the big payments, like if you're getting your wage in Bitcoin, then I think that's really a pity because the higher the economic transaction that you verify, the more impact you have on enforcing the Nakamoto consensus.
In addition to that, it also adds a lot of privacy because the hardware wallet cannot really talk directly to the blockchain. It's just like a little hardware device without much memory or anything, so it needs to talk to some sort of server that is connected to the Bitcoin blockchain or to any other blockchain. And if you ask our own default servers from Shift Crypto, we do learn some of your financial transactions. Of course, we don't look at anything — we don't keep records. But philosophically, you shouldn't have to give away that information at all. So if you use the BitBox02 with your own full node, you're basically connecting directly to the Bitcoin blockchain, and you don't have to ask any third party what is actually happening in the network.
#8 Can I control transaction fees on the BitBox02 when I want to transfer between BitBox and an Exchange?
Douglas: Yes, you can control your own fees. If you're sending Bitcoins, right now we give you three automatic options to set a fee. So you set the fee depending on theoretically how fast your transaction will get put into the blockchain.
The idea is that the higher the fee, the more likely a miner will take your transaction and put it into the blockchain. But then there's another option where you can custom set it yourself. And for the people who may not be familiar with this, why you'd want to do that, is because it's been historically hard to accurately predict what fees make sense.
So, there's various websites where you can see how many transactions are waiting to go into the blockchain, and how many are in the queue. These are called mempools, or memory pools, and you can go look there and see what the actual wait is, and then input the fee yourself or put it lower if you want.
That's outgoing from the BitBox. Coming back from the exchange is all on the exchange’s side.
#9 How many backups do you recommend and what are the places you'd say people should store these?
Stadicus: I think that's a very nuanced question. It really depends on what you feel comfortable with, and how much value you are storing. If you hold a few thousands of dollars, it might be totally okay to have your backup on the SD card or on a paper backup hidden in a drawer somewhere. Of course, adding physical protection to the backup is always good. So if you do have a secure location, a vault, or a safety deposit box, then that's perfect.
The one thing about backups is that you need to store it securely, but you also need to store it redundantly so you don't have a single point of failure. Of course these two things contrast each other, because if you spread it out the chances of discovery are a bit higher. I don't think there's a clear cut answer to that.
It's possible to split up a backup if you have two or three. We do have a blog post that goes exactly into these backup topics. Today it's considered safe, but it reduces randomness quite a bit. So it might not be safe in 10 years.
If you're planning for long-term holding of really big funds, I think and hope that multisig will get a lot easier over time. Then you can have multiple signers so even if one is compromised, nothing is lost.
It really depends. I personally have mine distributed geographically, and of course then going multisig is even more secure. Unfortunately, I don’t have one specific answer, but I think that's probably a pretty long blog post that we need to write.
Douglas: I just saw a post by someone disagreeing with using a bank’s safe deposit box with someone who could deny you access. Which is a good point, so it also depends on your jurisdiction and how banks operate there.
Stadicus: Yeah, that's a good point. When I recently rethought my own setup, I set it up so that it's safe in physical locations, but I don't rely on any banks.
So there are secure locations where you don't have a bank, or you just might do it redundantly. Where in the best case, you just go to your bank and sign directly there, but if they should deny you access, you still have a fallback that might be very, very hard to access. So very inconvenient, but you hopefully wouldn't ever do that.
We do sell the Steelwallet. So as a very, very inconvenient, but super secure fallback solution to your bank denying you access; one option is to store your backup in steel and bury it somewhere. I’ve even heard people putting it in the trees and waiting until the tree grows over it. That's probably bad advice, but still funny.
#10 How do steel wallets work?
Douglas: There's a number of them out there that you can buy, but it's basically punching the “seed”, or the 24-word list into steel. Which of course, lasts quite a long time.
You can get more information on https://shiftcrypto.ch/steelwallet.
#11 A new US infrastructure bill requires hardware wallet makers to retain customer information. For US Citizens who already own BitBox, would their Bitbox stop working or stop getting updates?
Douglas: Stadicus, I don't know how much you know about this — I've read a little bit about it. As far as I understood, there was some debate, and I thought consensus, about removing hardware wallets from the law in this case so that they wouldn't be affected. I believe we're not affected since we're not a US company. But related to this there's a question of retaining customer information.
Interesting side note, the state of Mississippi’s State Secretary contacted us asking if we could help them identify a user of the BitBox, and I had to explain why that wasn’t possible. So even if we don't log data, someone could force us or try to force us to do that.
As far as existing BitBox users, no. We'll keep publishing updates for people and we don't see it affecting our business-based constituent. You can access our website and download updates and everything will continue to work.
The BitBox itself is designed to be decentralized and private.
Stadicus: I actually followed that pretty closely. I'm definitely not on the same political line as Ted Cruz, but he was very good arguing that in front of Congress — I almost wanted to marry him.
In the end you can write a law however you want, but going against open source software development, I don't think that is going to be enforceable ever. If you have the chance to run your own node, or if you have the chance to get your hands on hardware, that might be banned at some point, but I highly doubt that. Everything else is okay— good luck banning software.
America has very, very strict constitutional rights. Some argue that Bitcoin and free open source software is an example of free speech. So there's almost nothing that would trump that. They could make it super inconvenient somehow to buy and sell Bitcoin through regulated exchanges, but I don't see any possibility of enforcing open-source software developers to fill out IRS forms for customers.
#12 Is any data exposed to the computer where the app is running? E.g. Could someone who uses my computer view my BTC balances?
Stadicus: I think, yes. At the moment the app does store your extended public keys. It is necessary so when you plug in the BitBox it doesn't have to resync every time (which takes minutes), to show you what you actually own.
Tying into a different question that I've seen somewhere before where someone asked if it's actually possible to view the balance if the BitBox is not plugged in. The answer to that is “not yet”, but it is definitely also on our roadmap. We really want to support the watch-only feature, so you just can open the BitBox app and see your balance.
Of course, I think that needs to be opt-in, and at that point, we definitely would also add a pin or a password to access that information. That would also assume that we would then make it very clear what the app stores and what it doesn't.
#13 If buying BTC is available via the BitBox, how does one pay for BTC? Is it via stablecoin balance on the wallet or separately with a credit card?
Stadicus: So, this is a classic problem of a cyper-punk, decentralized, “we don't care” attitude of open source development, that somehow needs to talk to the legacy financial system that is heavily regulated. So we also had a question from before on if it's possible to buy Bitcoin anonymously, I can quickly take that after.
If you, as a regular user — not an expert, want to quickly buy Bitcoin or other cryptocurrencies, you need to go through a centralized service. So in the BitBox app you can buy all the coins that are supported directly, and we’re working with a partner on that because we definitely don't want it to be a financial service provider.
We do that with an external partner, which is MoonPay, and they accept payments from credit cards and bank transfers. I'm not sure about stable coins. I don't think that's an option, but it might be. The credit cards and bank transfers or the most common options.
Centralized services that are heavily regulated, usually also need KYC. So you need to identify yourself with at least an email address and maybe a quick selfie, but that's pretty quick.
For all European users that can buy Bitcoin from “KYC-light” services, like Bittr or Pocket, there's no additional KYC steps necessary for that. We don't have these directly in the BitBoxApp yet, so that's also something we’re planning, but you basically go to their website, click one button on the website and the BitBoxApp opens and that's it. So it's more that they integrate us, and we make sure it's as easy as possible, but we also would like to integrate them sooner rather than later.
#14 How can you get coins anonymously?
Stadicus: That's a really hard question. There are some decentralized services that allow that. So HodlHodl is one option which is all peer-to-peer, because you cannot buy from a centralized service anonymously due to regulation.
But there are platforms that try to match individuals so that you can trade Euros for Bitcoin as two free individuals. The challenge there is that even if you send someone money through a bank transfer, which is probably the easiest way, the recipient still sees your name. So they see where the bank transfer is coming from.
If you really want to do it anonymously, there's almost no way except mailing cash to them. Of course, that's pretty high risk to do that with an unknown counterparty.
HodlHodl is an option that gives you the different options to buy and sell. Bisq is another one. It's really great. It's an application you download and then everything is handled directly on your computer, connecting through the Tor network to other basic users. And you can even do that without any central server. So this is truly decentralized.
If you're lucky to live somewhere where there are crypto ATMs, that might be an option. I have the coin ATM radar open here. Switzerland is pretty crypto friendly, so if I look at what ATMs are available in Switzerland, there’s quite a lot. They all sell Bitcoin up to about a thousand francs per transaction, which you can buy anonymously. The downside is that they typically have pretty high fees, like 5% or more, but if you expect Bitcoin to go 10X then maybe it's worth it.
Unfortunately buying anonymously is not the easiest option. It's also not the cheapest option. I would say maybe have a little stash on the side that is not known to any counterparty. You never know what the future brings.
#15 Does the optional passphrase further secure BIP39 or just the HD wallet?
Douglas: I’m not entirely sure what they're intending the difference between the two to be. You get the wallet from the seed, the wallet is derived from the seed.
An optional passphrase, for people not familiar, that's not a password to the device itself, but in expert settings you can create an additional passphrase. We have this 24 word mnemonic optional passphrase that is sometimes called the 25th word. We don't exactly like that saying because it doesn't have to be a word, and you definitely shouldn't use one of the words from the word list, but something else.
How it works is, if you choose an optional passphrase, you can choose any passphrase you want, and the standard for that is to combine it with the seed, which creates a whole new wallet itself. So if you choose a different optional passphrase, you get a brand new wallet. If you enable this in the BitBox, it's a little bit like plausible deniability or hidden wallets where you can create a couple of different passphrases and put a little amount of coins on each. Maybe more on one and less on another, and then you can have different wallets in that sense.
This is an advanced feature that gets a lot of requests, but unfortunately it also gets a lot of requests from new users who may not be as technical, or who don’t understand the technical details. We'd actually suggest new users not to use it because the biggest loss of funds, and the only loss of funds we’ve seen both with the BitBox01 and the BitBox02, is actually people forgetting their password or forgetting their optional passphrase. So you really need to understand the concept and then take extra caution to store this passphrase. And I'd recommend not trusting your brain alone, because that can change as you get older.
Stadicus: I think it's really important to stress that this is an advanced user feature. If you don't know how BIP39 works on a technical level, I wouldn't use it. But if you do, it can be a good way to add it to secure your backup in addition to physical security, because then you have the backup and the passphrase. The thing with this is, if you lose one, you're basically rekt because there's no redundancy. You cannot afford to lose a single shard of your backup. So it's really a sword that can cut both ways.
#16 Can you go into the reproducible builds with the BitBox02?
Douglas: Yes. You can take the source code for the BitBox, it's open source so it's available on GitHub. You can download it yourself and we have instructions there about how to build it. So you need a certain compiler that compiles for the computer, the mini computer, and on the hardware itself. You can download that and then you just follow the instructions.
There's a Docker image also, so you can just run it on a Docker, which would be a click of a button. And then it will create firmware, which is just a binary blob of data. That's a few hundred kilobytes to build this, and then using the app you can take it and you can upload it onto the device yourself.
So reproducible for builds means what you compile, what you build yourself, would be identical. Every little bit of it would be identical to someone else who compiled it on a different machine or us, compliant ourselves. How do you compare this? Usually it's through something called the checksum. It's quite technical, but what you do is you basically get an ID number after you run it through the checksum which double checks that it matches.
Stadicus: Taking a step back, because even for me it's a pretty technical topic. Reproducible builds are so important, and I feel they are really, really undervalued. There are cases where a company can say they are open-source by providing human-readable programming code. This isn’t what runs on the BitBox. What we do provide is the binary. Our thinking is, if we can't guarantee that the human readable code is exactly what is ending up in the more obscure binary file that actually runs on your BitBox then, I mean, what's the use of open source anyway? Then anybody can run any source code and claim it's coming from the open repository. Only if it's reproducible, meaning everybody can do the same build process and check that we don't do any shenanigans in the background, is it truly open-source to our standards. At least, that’s my dummy for dummies explanation.
#17 What damage could malicious firmware potentially do if it somehow got pushed? Could it steal my funds or is there any security in the physical hardware itself?
Douglas: This has to do with the bootloader itself, which checks if the firmware is authentic or not. And so this hash that comes out, we sign it with keys, similar to how you would sign a Bitcoin transaction—it's the same process we sign on the firmware itself— and once you have the signature that's basically saying “Yes, we signed this. This is correct”.
The bootloader itself is a piece of code that's protected on the hardware wallet. You can't change it ever. That’s why the manufacturers say: once you put it there, it can't ever be changed. And that will always check if the firmware is validly signed. Which means that someone who doesn't have these keys cannot upload malicious firmware.
Us as a company, sure, there could be a rogue employee. There would need to be multiple of them who can create firmware that would be malicious. But that said, the keys are stuck inside the device, and so the firmware itself wouldn't affect it, but in combination with a malicious app, then that could be effective. Because of this, we try to minimize the trust. No matter what, there's always going to be some level of trust involved, but we try to make things as transparent as possible, such that these can be observed.
#18 Can I download the BitBox app on my mobile phone and connect the wallet to it?
Stadicus: Yes, you can. And I think that's a feature that is often overlooked. The cool thing is we do have the USB-C connector directly on the phone. I own the BitBox, so you can plug it in directly without any adapter to any modern Android phone.
Unfortunately, I'm only talking about Android phones. We would like to have it on iPhones as well. It would actually be pretty trivial to create an iOS app. The problem is that Apple needs to whitelist every device to actually use the USB-C connector and or any USB communication, and they would make us pay through our noses to have that privilege. We currently are not willing to give up so much money just for them to whitelist one single device. But this is something we're definitely exploring in the future.
For now, the BitBox app is available on Android and it's actually fully featured. So you never need to connect it to any desktop computer. You can do firmware upgrades with it. You can do everything. And a mobile phone that usually is a more secure environment for an app to run than a general purpose desktop computer.
#19 Do you think there's a real opportunity for governments to create legislation to prohibit cryptocurrency?
Stadicus: I'm a technical tinker, but I guess my perspective is that Bitcoin is very much unstoppable at this point in time, though it still relies heavily on centralized institutions.
I think if a government, let's say the US, who has a lot of oomph behind it, threatens to try to take it down. I think Bitcoin would be fine technically, but would it be able to achieve its goals like mass adoption? I mean, the goals are different for everybody, but would the price be affected? Definitely. Would it be a good store of value in the next 10, 20 years? Maybe not.
I'm not sure because a lot of that depends on mass adoption and people actually being comfortable in buying, even companies buying it. So that could be really a big setback. But from a technical perspective, I think it's pretty much unstoppable and people who want to use it and maybe even need to use it because they don't have an alternative, I think they would still want to use it. Though it would be a different Bitcoin than what we see today, especially from what we see on TradingView today.
Douglas: So just to add to that, countries in the past and even some countries today, have tried to ban Bitcoin, but even when they ban it, people in their country still use it. That's the power of cryptocurrencies— this decentralized, censorship-resistant money. You can hold yourself. Even governments can’t take it from you. They'll try to add taxes and things like that. I think, if you look at the US, there's a lot of momentum building for Bitcoin, a lot of adoption inside of people, but also companies and hedge funds. You can see people in the government advocating for it, so it's going to be hard to stop this ball from rolling.
Some governments around the world are truly evil, but I think most governments around the world, their goal is not to make it seem like they want to tax everything. The main goal is to make the common good. Cryptocurrencies and Bitcoin create a whole new economy, and this economy is going to get bigger and bigger. I think a lot of companies, politicians, startups, and people recognize that. And so I think there's going to be a push to build up ecosystems around it in different countries around the world, and the countries that are going to ban it or delay it are just going to get left behind. And so I think that in a game-theory sense, it's going to be okay.
Don’t own a BitBox yet?
Keeping your crypto secure doesn't have to be hard. The BitBox02 hardware wallet stores the private keys for your cryptocurrencies offline. So you can manage your coins safely.
The BitBox02 also comes in Bitcoin-only version, featuring a radically focused firmware: less code means less attack surface, which further improves your security when only storing Bitcoin.
Shift Crypto is a privately-held company based in Zurich, Switzerland. Our team of Bitcoin contributors, crypto experts, and security engineers builds products that enable customers to enjoy a stress-free journey from novice to mastery level of cryptocurrency management. The BitBox02, our second generation hardware wallet, lets users store, protect, and transact Bitcoin and other cryptocurrencies with ease—along with its software companion, the BitBoxApp.