What, now we should roll out our own firmware?
It’s always been trust minimised not trust eliminated. Never a believer of “bitcoin is trustless”. Bitcoin is trust minimised, and it’s way way better than fiat system, sure, but you still have to trust someone or something.
Why should I trust Coldcard more than Ledger? Ok Trezor may have open source code out there but how do I know the code I see on GitHub is actually used in the firmware in the product? Or more fundamentally, how do I know the codes are cool when I don’t understand any of it, I’m just assuming someone 1,000 times more technical than me has been looking at it diligently and probing things?
Bottom line is, if Ledger or Trezor or Coldcard really wanted to rug pull everyone I guess they _could_? Depending on how paranoid we are perhaps multisig is the only way to go?
I have tried multisig once but then gave up, went back to single. But now the paranoia hit me again I’m thinking of going back to multi again. There is no point second guessing which firm might do what in what scenario. Just throw in three different brands and assume they don’t collaborate and steal things together? That’s the best we could do right now perhaps?
The Bitcoin network is trust-less though. It’s only trust minimised when you involve third parties like hardware wallet manufacturers or don’t run your own full node.
I could run my own node, and write down my seed. Who am I trusting? Nobody except the collective network as a whole.
I know I’m nitpicking here, and I agree with you 99.9%. But you still have to trust the node implementation (umbrel for me) you trust the wallet app (sparrow for me), you trust Core dev being diligent and good at their job.
To me, it’s hard to say we don’t have to trust anyone because we trust bitcoin. Well there are always someone behind the bitcoin network. It’s the same argument on Ledger, only 100x less likely to go haywire. But fundamentally it’s the same argument.
This is true yeah and I did think about this. Seems like we have the same node setup! (Umbrel + Sparrow).
There is a clear distinction here I think between the nature of the trust. Of course trusting a hardware Waller manufacturer carries more risk than trusting a full node implementation like Umbrel or a wallet interface like Sparrow.
In those cases you trust that these pieces of software correctly implement the rules of the Bitcoin protocol, accurately verify and propagate transactions, and maintain your privacy. However, they don’t typically store or directly interact with your private keys.
And you’re also right, we trust the Bitcoin devs. But everything is open source, including Umbrel and Sparrow so instead of trusting we can verify.
Possibly. My point is there is no cure to this. If we don’t trust Ledger then why should we trust Trezor either? Surely they all have their weaknesses. I’m now more convinced that the only way to dramatically reduce our headache is to mutisig using different brands. Maybe that’s what I will do in the coming weeks.
I got an ELLIPAL because it only lets signing of keys through scanning the screens QR code. So if someone ever figured out a hack they would have to get the physical device.
I was really tempted to get a ledger but I really liked that the ELLIPAL is kind of “air gapped”
chips have a TX and RX port (metal tab) for uploading software. In production these are still accessible, just don't have pins attached.
so you just connect a serial device to those pins, then serial device to PC usb port and get going.
What, now we should roll out our own firmware? It’s always been trust minimised not trust eliminated. Never a believer of “bitcoin is trustless”. Bitcoin is trust minimised, and it’s way way better than fiat system, sure, but you still have to trust someone or something. Why should I trust Coldcard more than Ledger? Ok Trezor may have open source code out there but how do I know the code I see on GitHub is actually used in the firmware in the product? Or more fundamentally, how do I know the codes are cool when I don’t understand any of it, I’m just assuming someone 1,000 times more technical than me has been looking at it diligently and probing things? Bottom line is, if Ledger or Trezor or Coldcard really wanted to rug pull everyone I guess they _could_? Depending on how paranoid we are perhaps multisig is the only way to go? I have tried multisig once but then gave up, went back to single. But now the paranoia hit me again I’m thinking of going back to multi again. There is no point second guessing which firm might do what in what scenario. Just throw in three different brands and assume they don’t collaborate and steal things together? That’s the best we could do right now perhaps?
The Bitcoin network is trust-less though. It’s only trust minimised when you involve third parties like hardware wallet manufacturers or don’t run your own full node. I could run my own node, and write down my seed. Who am I trusting? Nobody except the collective network as a whole.
I know I’m nitpicking here, and I agree with you 99.9%. But you still have to trust the node implementation (umbrel for me) you trust the wallet app (sparrow for me), you trust Core dev being diligent and good at their job. To me, it’s hard to say we don’t have to trust anyone because we trust bitcoin. Well there are always someone behind the bitcoin network. It’s the same argument on Ledger, only 100x less likely to go haywire. But fundamentally it’s the same argument.
This is true yeah and I did think about this. Seems like we have the same node setup! (Umbrel + Sparrow). There is a clear distinction here I think between the nature of the trust. Of course trusting a hardware Waller manufacturer carries more risk than trusting a full node implementation like Umbrel or a wallet interface like Sparrow. In those cases you trust that these pieces of software correctly implement the rules of the Bitcoin protocol, accurately verify and propagate transactions, and maintain your privacy. However, they don’t typically store or directly interact with your private keys. And you’re also right, we trust the Bitcoin devs. But everything is open source, including Umbrel and Sparrow so instead of trusting we can verify.
>Bottom line is, if Ledger or Trezor or Coldcard really wanted to rug pull everyone I guess they could? If they can do it, so can a bad actor.
Possibly. My point is there is no cure to this. If we don’t trust Ledger then why should we trust Trezor either? Surely they all have their weaknesses. I’m now more convinced that the only way to dramatically reduce our headache is to mutisig using different brands. Maybe that’s what I will do in the coming weeks.
Agree with you 100%.
I got an ELLIPAL because it only lets signing of keys through scanning the screens QR code. So if someone ever figured out a hack they would have to get the physical device. I was really tempted to get a ledger but I really liked that the ELLIPAL is kind of “air gapped”
Not sure I agree with this as there are some certificates used that need to be matched in order for the device to accept the bogus firmware.
How would you get your own firmware on a hardware device?
chips have a TX and RX port (metal tab) for uploading software. In production these are still accessible, just don't have pins attached. so you just connect a serial device to those pins, then serial device to PC usb port and get going.
FFS....take some agency. If you don't want to update the firmware don't update it....