How is Block running the key server, mobile app, and BitKey as a 2 of 3 isn't distributing risk?
Let alone the UTXO privacy concerns.
Everything has trade offs, you forgot a few.
Discussion
The only question mark is the key server.
App is open source and reproduceable.
However in the Bitkey model effectively you have two hot keys (phone and key server) which is a big trade off even if itβs source viewable (it is not FOSS), and your hardware wallet has no screen so you could easily approve a transfer to an address other than you intended if someone has hijacked your phone and what appears on its screen. The Bitkey is a $150 glorified yubikey.
This is true, which is why it makes sense at the $25 promo price.
At the $150 asking price, it's a tapsigner with an added fingerprint sensor, but with additional tradeoffs and vendor lock-in.
I can only see this being a useful product if they keep the current model for entry-level users and unlock it for use as a blind signer for any multisig setup.
> if someone has hijacked your phone and what appears on its screen.
this is common for all blind signers, not a bitkey specific issue.
Any blind signer can be turned into a non-blind one with 2 things:
1. Extra code in the signer to check if the sign request is signed by the screen device
2. A screen device that shows the transaction, and produces a signature for it if approved (this can be less secure)
Yeah I agree if it was $25 it makes a lot more sense.
However I think other blind signers are marketed differently and sold to a largely different audience. My guess is people buying say a tapsigner and using Nunchuk are more educated on these trade offs.