It's too long and I'm too tired to copy-paste it all here, but it's high time I finally comment on the ridiculousness of Coinkite/COLDCARD trying to pretend they are still open-source and playing word games to convince people of their abandoned ethos.
Being *actually* open-source matters for many reasons.
https://twitter.com/sethforprivacy/status/1651039483419058177
Nitter link (privacy-preserving frontend for Twitter): https://twitter.com/sethforprivacy/status/1651039483419058177
Nitter link paste bugged, here is the correct link:
https://nitter.sethforprivacy.com/sethforprivacy/status/1651039483419058177
Well damn...I don't know all of the context but doesn't sound like a good look
Coinkite is in the business of making Bitcoin toys for nerds. They should definitely be trusted 🤡
Better than being in the business of making shitcoin toys for degens
Shots fired
Not really. Shots have all come from NVK for the past 2+ years. Foundation have been the adults in the room. I own and use both devices but I cringe everytime I see NVK use the term "cloners" to describe foundation.
Love NVK and Coldcard but have to agree
Next time (if there is a next time), lead with the disclaimer. This story is not new to me and I knew you worked at Foundation, but for those that are hearing/seeing this for the first time, your point would come acros
Same disclaimer from the Twitter thread for full transparency:
DISCLAIMER: Obviously I work for Foundation, a competitor to COLDCARD, but the views I lay out here were already true before joining Foundation.
I would be just as happy if this led to zero sales of Passport but got the truth out there.
Freedom and integrity matter.
Interesting thread
What truth are you getting out there? The picture clearly shoes coinkite removed the ‘Open Source’ and changed it to ‘Verifiable Code’. Is the code note verifiable? Where is the lie? What am I missing?
You say you’re cool with companies choosing to make their own decisions on licensing, but then you attack them when they do.
The whole FOSS thing clearly changes when hardware is introduced imo. There is a lot more cost, complexity, and risk when shipping software + hardware than just software. As a user it’s easy to complain about companies not having Open Source code when you’re not the one responsible for running that business.
You say integrity matters. Will Foundation or you address the claims that foundation essentially cloned the mk3 which played a crucial role in them getting funding. I don’t know how you take someone’s code turn around and sell hardware for personal gain. It’s not like they are releasing free software for anyone to use at no cost. This sounds more like socialism or stealing. Just my 2 sats
The lie is that they still pretend on Twitter that they are in the same camp as the FOSS movement and share an ethos when they clearly do not belong anywhere close to the FOSS movement.
They still try to use it for marketing etc. which is purely a lie.
As for integrity on the subject of "cloning", you can read my responses here:
https://twitter.com/sethforprivacy/status/1651222101343236099?s=20
Where are the receipts of them pretending to pass off as FOSS? The only thing you showed is them claiming their source code can be verified which is true.
Where is the marketing material claiming their code is Open Source?
It seems you can do everything with their software except profiting from it by creating a competing business that sells hardware.
All this outrage and old fud seems manufactured
This is 80% of the reason i'll never touch coldcard with a 10ft pole. If I diden't have a Seed Signer i'd probably be looking at foundation devices.
Gives me vibes of "green washing". I've seen others do this too. Idk what to call it. Maybe "FOSS washing"?
💯
That is a very apt comparison I hadn't seen, love it.
FOSS Washing it is 😅
at this point, what’s the best in the game for cold storage?
Coldcard
cool cool. our friend in this thread seems to take issue with em.
Way to verify 😅👍
I don't know about all the backstory, but as a lover of open source licenses, I don't think it needs to be used for everything. And nothing I've seen from coinkite makes me think Coldcard is anything but an awesome, transparent, and auditable product - including anything in Seth's thread.
noted. appreciate the response here.
I own several COINKITE products, including multiple ColdCards. They are awesome... but there are other good choices out there too.
Unfortunately COINKITE's recent anti-FOSS maneuvers are legitimately troubling. nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8calls anything he disagrees with a shitcoin, and builds a cult of blind followers. Its a dangerous path that has made me question the integrity of the project. They've basically become Ledger -- rotten to the core.
At minimum I stopped taking firmware updates for my coldcards a while ago. I also have no intention of buying anymore COINKITE products, and no longer recommend them to new users.
Can you tell us more about the anti-FOSS manouvers?
Well the easiest thing to point to is their move away from GPL license. That may seem insignificant to the uninitiated, but its a literal maneuver of theirs to take their product out of the FOSS space. Essentially they have transitioned from fostering open software ecosystem to leeching off of open source projects and building a proprietary walled garden. Its anti-FOSS. Its anti-Bitcoin.
You can also see NVK's ad-hominem attacks against other FOSS "competitors". Calling other hardware wallets, software wallets, even calling Android itself a shitcoin. Everything that isn't making NVK money is a shitcoin in NVK's eyes. He does this to tap into Bcoiner's strong anti-shitcoin mentality (which exists for a good reason), but in effect manipulates Bitcoiners into becoming COINKITE maximalists too. Ironically being a maximalist for a tool like a hardware wallet is antithetical to being a maximalist for a protocol like Bitcoin. The latter actually makes sense. The former is backasswards.
But really... if you haven't been following, or havent noticed the NVK rhetoric, then give nostr:npub1tr4dstaptd2sp98h7hlysp8qle6mw7wmauhfkgz3rmxdd8ndprusnw2y5g's thread a read. He outlines it better than me.
Yeah I read the thread and I have kind of half-followed this whole drama for awhile. I don't think there's anything wrong with transitioning off a FOSS license and providing non-FOSS products. Maybe NVK has been a jerk and I would say calling forkers "cloners" is lame, but I'm just not really moved by any of this mudslinging.
To be clear, I don't think every project everywhere needs to be GPL or FOSS. But Bitcoin wallets should be. Bitcoin's ethos is to build open tools to empower people over institutions. An institution that builds proprietary Bitcoin tools clearly doesn't get this ethos, and should not be trusted IMO.
Not to mention, relicensing GPL code to be non-GPL is against the terms of the license. Any subsequent license would be null, AFAIK.
Yes it would be null.
I think source-available Bitcoin wallets are fine. I don't see why they need to FOSS vs source-available.
Well this is just my opinion, but its about ethos. Proprietary projects by their nature build to centralize things in their walled gardens. FOSS projects build to decentralize.
Bitcoin's ethos is as important to me as any other technical aspect of the project, therefore I'm wary of Bitcoin projects that behave counter to that ethos.
But again... thats just my opinion. I'm open to having my mind changed on that 🍻
Building non-FOSS source-available tools helps the builders get paid for their work, while still providing the transparency needed for verification, as well as providing the possibility of guerilla underground reproduction of the tools if the government shuts the project down. Most source-available tools are free to use for anything except resale. Not only coinkite but also Start9 and Umbrel are non-FOSS source-available. These are badass cypherpunk tools. Without the freedom to license themselves according to their needs, some of these projects may not even exist at all.
Cheers 🍻 🤙
Badass cypherpunk tools that wouldn't exist if the state didn't protect their code lol
Wut?
GPL is not state-protected?
We all live under threat of violence. We can't just pretend it's not there. Adapt.
If I fork coldcard's code today and start selling a product using this code, who will protect coldcard from me?
The same people who will come for your Bitcoin
Yes, exactly. The antithesis of Bitcoin protects coldcard.
Just because we live under the threat of violence from the state doesn't mean we should adapt to use the state to be violent against each other. That is regression. It is weak.
Trezor.
Encrypted distributed digital; no hardware necessary to stack and hold long and cold.
@jamiesonlopp
Coinkite Coldcard
A lil sus for sure. Greed is the root of all evil 😪
Thanks for posting this. Did not know that COLDCARD wasn't FOSS. Any BTC project that isn't FOSS goes against the ethos of Bitcoin.
You care so much about FOSS that you didn’t check the license?
Another ad hominem attack from NVK. Go ahead and attack the person's credibility, rather than address the details of his concern. 👏👏
And for the record, I did check the license, years ago when I bought mine. The license has since changed. Thats the problem.
If the choices are to remain open source and have a VC backed company come in and profit on your hard work to your detriment, or change the license, I'd choose change the license.
They made a business decision that you don't like.
Foundation made a business decision Coinkite didn't like.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 is quite opinionated, but that's ok.
So are you.
They made a business decision purely out of fear and reliant on the state. Weak sauce.
And you would be free to do that, but if you do that you have to stop riding the coattails of the FOSS movement and be clear that you're merely source-available and don't share the FOSS ethos.
That's fine.
I don't think I'm convinced that they are riding the FOSS coattails. They were open source, it made sense until they realized it didn't.
It still makes sense to publish the source code for security validation, but not working for free to help VCs profit more than themselves.
I'm not worked up about it like you are I guess.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8is upset and it shows, but I don't blame him. I also think his stance on raspberry pis is a bad take.
Nobody's perfect, and nobody has the same values as you.
Now what do you think about the Blockstream Jade?
Hey Seth - what is your steel man for why Coinkite have chosen to do things this way?
You've taken a very particular hard-line FOSS-maximalist position and also implied the MIT license is strongly **not** FOSS (although it actually is for most intents and purposes).
Also, I think worth mentioning here that this issue does not affect the quality and security of Coinkite products.
#[4] did this because he is afraid of competition and loose on ethos. In other words, because he is weak.
You're confusing MIT (FOSS) with MIT-CC (not FOSS, source available).
It does affect quality and security of their products. Fewer people can build on top of their code means fewer eyes on the code means fewer bugs discovered and patched by the wider ecosystem.
They chose this path because it helps them build a legal moat around their products instead of compete in the free markets.
MIT-CC is *very* different and a complete 180 from MIT itself, just to be clear here.
ColdCard uses MIT-CC which is a restrictive "source-viewable" license and not open-source at all.
The only benefit to their license choice is protecting the company at the harm of the broader ecosystem.
Respectfully, I don't think you're being fair here. That's not a steel man.
The site you linked to make your case that the license is "not within the realm of open-source in any way" is really helpful and worth a read if people actually want to "DYOR" as you suggest: https://commonsclause.com/
I'm a layman, but for the most part this seems extremely permissive. Like 95% of maximum open source.
For example, here it indicates that you can build on top of it and sell your software. To claim this is harmful is an extraordinary claim which you don't seem justified to make:
"
**May I create, distribute, offer as SaaS, and/or “sell” my products using Commons Clause licensed components?**
Yes!
Commons Clause only forbids you from “selling” the Commons Clause software itself. You may develop on top of Commons Clause licensed software (adding applications, tools, utilities or plug-ins) and you may embed and redistribute Commons Clause software in a larger product, and you may distribute and even “sell” (which includes offering as a commercial SaaS service) your product. You may even provide consulting services (see clarifying discussion here). You just can’t sell a product that consists in substance of the Commons Clause software and does not add value.
"
That last paragraph looks ripe for lawyers to sort out and suck more money up out of free enterprise.
Even though Foundation forked from the permissively licensed code, NVK and co still continue to launch plenty of accusations Foundation was/is a re-skin of Coldcard with no substantial changes to the code, which isn't the case.
It is clear NVK's choice of this license had 1 goal: prevent Foundation from building on the code.
This decision was and continues to be bad for the Bitcoin space and antithetical to FOSS principles that led to Bitcoin in the first place.
Seems like Foundation benefits substantially already from Coinkite's work, and continue to do so. Probably wouldn't exist at all without Coinkite.
License clearly allows them to build on top of Coldcard firmware, so long as they are also adding value. It's disingenuous to claim it's not in the realm of open source, because it obviously is.
If I were to **actually** steel man the probable logic for Coinkite's decision its that they wanted to contribute their code and let it be scrutinized, but they wanted some assurance against a much bigger and better capitalized manufacturer doing a full clone (or even many smaller ones cloning and distributing on Amazon potentially putting users at risk).
I doubt there would be any issue with other firms producing products with improvements or different security models. Just seems like a personal issue between Foundation and Coinkite, and Seth is pressing it as a negative marketing campaign which just fuels the fire.
I thought Foundation devices looked interesting and I was open to buying one, but this marketing approach has left a sour taste. Probably won't ever buy from them now, but good luck to you all 🏳️
First paragraph, yes foundation forked from coldcard and have always made this clear. Just like coldcard forked from trezor.
The MIT commons clause license website faq explicitly states it shouldn't be considered open source.
Sounds like you're running with incomplete information and ignoring the facts on the ground.
I don't give a shit what product you use. Have fun.
Where do they claim to still be open source? On their website it says verifiable source code
They pretend to be on Twitter and Nostr and ride the FOSS movements coattails.
Thankfully they updated their site to no longer say they're FOSS.
nothing good comes out of there
