Some good info from the person behind them here:
Followed all these fine folks now 😎
Thanks so much for having me!
Such a blast getting to share what I've learned and have fantastic and well thought out discussions with passionate Bitcoiners!
If you're in the Charlotte area you really should prioritize coming out for nostr:npub1p7g986pc56qmvryplgzka0fsrpuwlk6mxk3h686w4e46n74e56qqhz88vk events, community is *everything*.
An Ohio man was sentenced today to four years and three months in prison for stealing over 712 bitcoin that were the proceeds of the darknet bitcoin mixer Helix and subject to forfeiture in a then-pending criminal case. https://www.justice.gov/opa/pr/man-sentenced-stealing-over-712-bitcoin-subject-forfeiture
Really good article on this crazy case here:
https://darkdot.com/articles/helix-bitcoin-mixer/
Fun fact Dean Harmon is an FBI informant since 2021 😬
Let's put to bed the myth perpetuated by Coinkite employees that COLDCARD is in any way open-source today.
Open-source has a clear and globally recognized definition, and being open-source *matters*.
How it started:
How it's going:
DISCLAIMER: Obviously I work for Foundation, a competitor to COLDCARD, but the views I lay out here were already true before joining Foundation.
I would be just as happy if this led to zero sales of Passport but got the truth out there.
Freedom and integrity matter.
For background, COLDCARD was started as a free and open-source project that forked some of Trezor's code base way back in the day, and inherited the copy-left GPL licensing from Trezor:
https://github.com/trezor/trezor-firmware/blob/master/LICENSE.md
Copy-left licenses like GPL are a fantastic tool to ensure that your code and any derivative products others make using any part of it *must* remain open-source no matter what. No one can take your code and build a closed-source product.
GPL = good.
https://gnu.org/licenses/gpl-3.0.en.html
In 2020, a small team of 4 founders who loved the open-source movement and wanted to build a more approachable and easy to use HWW started Foundation, and leveraged some of the code from COLDCARD's open-source repos, specifically around PSBT signing.
This was *100%* above board, compliant, and within the spirit of both open-source and the specific licenses on COLDCARD's codebase, those being GPL.
Foundation gave clear and generous credit and committed to always keeping the code open-source:
When NVK realized that the open-source ethos allows for competitors to use parts of your code base and build better products (i.e. compete in a free market), he decided that he would rather build a legal moat and move to a "source-verifiable" license:
https://github.com/Coldcard/firmware/blob/master/COPYING-CC
This move meant that COLDCARD was no longer open-source, and was instead merely available for download and viewing. While people could come along and contribute code as they saw fit, they could never build or sell *any* product using COLDCARD code, even if kept open-source.
How do I know this is what the MIT-CC (or "Commons Clause") license now used by COLDCARD means?
Because the website for the license created by the original authors of the license spells it out in plain text:
MIT-CC is an interesting license on its own right, and isn't evil or anything, but it is certainly not within the realm of open-source in any way.
It is a clear departure from the definition of open-source that is globally recognized:
Why does all this matter? First, it's important that companies in the Bitcoin space honestly and openly discuss their approach.
If Coinkite doesn't hold a core ethos with the open-source movement, they are able to do so *but users/customers must understand the implications*
Obviously I believe in freedom and Coinkite are free to do what they want with their software, but their stance is antithetical to the open-source movement and is made more clear by the day.
Not only do they prevent the free use of their software, they actively go out of their way to harass and attack others who do the same thing they did - use open-source code and build something awesome out of it.
In the image above, NVK attacks an open-source contributor (who also works at Foundation) for using his free time to help the Monero community with forking Foundation code and creating something they want from it.
AKA the entire purpose of FOSS being mocked and insulted.
Why does open-source matter?
When a project is open-source, it means that not only do they share a freedom-focused ethos with you, but it also incentivizes other developers and companies in the space to build on their work.
More eyes on the code and devs building around a codebase means more secure code, a better and flourishing ecosystem, and far better verification that the code actually does what it's supposed to do.
It also means that if the company producing the software goes under, someone can jump in and pick up where they left off.
If Foundation had to shut down for some reason, any one of you could start a new HWW company from our code and open-source schematics and we'd applaud.
Open-source also means that companies are forced to compete by prioritizing users needs, not building products locked behind laws or lawyers that don't have to keep up with the times.
More competition in a free market means you, the customer, wins.
When code is *not* open-source, it means that there is no core incentive for others outside of the company building the product to review the code, build around it, or contribute to it.
As no one could ever create something they can sell with it, why build around it?
When code is *not* open-source, it also means that the contribution made, even though technically visible, can never help to grow the broader ecosystem and benefit the whole of the Bitcoin space.
It builds monopolies, not free markets.
Bitcoin is about freedom, and Satoshi's decision to use permissive open-source licenses was intentional and fitting with his attempts to build an open and inclusive monetary network.
Open-source is the reason Bitcoin has flourished and so many amazing tools have been built.
While everyone within Bitcoin is free to choose the licenses they want for their projects, if they choose source-verifiable or closed-source they must be up front and honest about it, and users must understand the massive tradeoffs involved.
The information in this thread is all readily visible and I've linked to it all directly, so please feel free to do your own research and confirm my claims independently.
You absolutely should DYOR in situations like this.
Please note that @NVK has not replied to any of the claims made here and has instead chosen to block me, so I am unable to interact with any of his tweets.
I have no doubt he's subtweeting about this but be aware I have no way to respond to him or his personal attacks now.
Since sharing this on Twitter he has so far called me a "spook", a "white knight", a "FOSS commie", a "bitch", and a "grifter" in the span of 12h all while blocking me.
TIL FOSS is just "commie zealotry" 🙃
Just this, but wasn't anything directly at Odell of course!
Theoretically they got rid of all Trezor code before re-licensing but the timeline isn't clear.
Let's put to bed the myth perpetuated by Coinkite employees that COLDCARD is in any way open-source today.
Open-source has a clear and globally recognized definition, and being open-source *matters*.
How it started:
How it's going:
DISCLAIMER: Obviously I work for Foundation, a competitor to COLDCARD, but the views I lay out here were already true before joining Foundation.
I would be just as happy if this led to zero sales of Passport but got the truth out there.
Freedom and integrity matter.
For background, COLDCARD was started as a free and open-source project that forked some of Trezor's code base way back in the day, and inherited the copy-left GPL licensing from Trezor:
https://github.com/trezor/trezor-firmware/blob/master/LICENSE.md
Copy-left licenses like GPL are a fantastic tool to ensure that your code and any derivative products others make using any part of it *must* remain open-source no matter what. No one can take your code and build a closed-source product.
GPL = good.
https://gnu.org/licenses/gpl-3.0.en.html
In 2020, a small team of 4 founders who loved the open-source movement and wanted to build a more approachable and easy to use HWW started Foundation, and leveraged some of the code from COLDCARD's open-source repos, specifically around PSBT signing.
This was *100%* above board, compliant, and within the spirit of both open-source and the specific licenses on COLDCARD's codebase, those being GPL.
Foundation gave clear and generous credit and committed to always keeping the code open-source:
When NVK realized that the open-source ethos allows for competitors to use parts of your code base and build better products (i.e. compete in a free market), he decided that he would rather build a legal moat and move to a "source-verifiable" license:
https://github.com/Coldcard/firmware/blob/master/COPYING-CC
This move meant that COLDCARD was no longer open-source, and was instead merely available for download and viewing. While people could come along and contribute code as they saw fit, they could never build or sell *any* product using COLDCARD code, even if kept open-source.
How do I know this is what the MIT-CC (or "Commons Clause") license now used by COLDCARD means?
Because the website for the license created by the original authors of the license spells it out in plain text:
MIT-CC is an interesting license on its own right, and isn't evil or anything, but it is certainly not within the realm of open-source in any way.
It is a clear departure from the definition of open-source that is globally recognized:
Why does all this matter? First, it's important that companies in the Bitcoin space honestly and openly discuss their approach.
If Coinkite doesn't hold a core ethos with the open-source movement, they are able to do so *but users/customers must understand the implications*
Obviously I believe in freedom and Coinkite are free to do what they want with their software, but their stance is antithetical to the open-source movement and is made more clear by the day.
Not only do they prevent the free use of their software, they actively go out of their way to harass and attack others who do the same thing they did - use open-source code and build something awesome out of it.
In the image above, NVK attacks an open-source contributor (who also works at Foundation) for using his free time to help the Monero community with forking Foundation code and creating something they want from it.
AKA the entire purpose of FOSS being mocked and insulted.
Why does open-source matter?
When a project is open-source, it means that not only do they share a freedom-focused ethos with you, but it also incentivizes other developers and companies in the space to build on their work.
More eyes on the code and devs building around a codebase means more secure code, a better and flourishing ecosystem, and far better verification that the code actually does what it's supposed to do.
It also means that if the company producing the software goes under, someone can jump in and pick up where they left off.
If Foundation had to shut down for some reason, any one of you could start a new HWW company from our code and open-source schematics and we'd applaud.
Open-source also means that companies are forced to compete by prioritizing users needs, not building products locked behind laws or lawyers that don't have to keep up with the times.
More competition in a free market means you, the customer, wins.
When code is *not* open-source, it means that there is no core incentive for others outside of the company building the product to review the code, build around it, or contribute to it.
As no one could ever create something they can sell with it, why build around it?
When code is *not* open-source, it also means that the contribution made, even though technically visible, can never help to grow the broader ecosystem and benefit the whole of the Bitcoin space.
It builds monopolies, not free markets.
Bitcoin is about freedom, and Satoshi's decision to use permissive open-source licenses was intentional and fitting with his attempts to build an open and inclusive monetary network.
Open-source is the reason Bitcoin has flourished and so many amazing tools have been built.
While everyone within Bitcoin is free to choose the licenses they want for their projects, if they choose source-verifiable or closed-source they must be up front and honest about it, and users must understand the massive tradeoffs involved.
The information in this thread is all readily visible and I've linked to it all directly, so please feel free to do your own research and confirm my claims independently.
You absolutely should DYOR in situations like this.
Please note that @NVK has not replied to any of the claims made here and has instead chosen to block me, so I am unable to interact with any of his tweets.
I have no doubt he's subtweeting about this but be aware I have no way to respond to him or his personal attacks now.
Since sharing this on Twitter he has so far called me a "spook", a "white knight", a "FOSS commie", a "bitch", and a "grifter" in the span of 12h all while blocking me.
TIL FOSS is just "commie zealotry" 🙃
A quick response here, but first off I want to say I absolutely love @ODELL and have the utmost respect for him.
Overall Matt confirms the points I made in my thread about CC being non-FOSS, but unfortunately uses the same harsh rhetoric of "cloning" as NVK does.
An open-source project leveraging code from another open-source project to build a product that competes in the free market is not "cloning".
Passport was created as an alternative that is easier to use and more approachable, but shared the (very solid) security model.
When it comes to security it's absurd to roll your own setup for no reason when a comprehensive and excellent security model already exists, and all credit to NVK for an excellent approach taken.
Leveraging an open-source security model for a new product is just smart.
Passport used this well-vetted security model and some of the code from CC to build a competing product with an aim of allowing more people to store their Bitcoin securely without all the technical barriers.
That is not "cloning".
One additional thought here - NVK initially leveraged code from Trezor and built a competing product that improved on a lot of the model Trezor had.
I don't consider that cloning either, and wouldn't call it that.
It's simply embracing FOSS and free markets.
For more context you can refer to my original thread that prompted all of this here:
They pretend to be on Twitter and Nostr and ride the FOSS movements coattails.
Thankfully they updated their site to no longer say they're FOSS.
Odell is one of the best and most honest and generous people in the space, I and many others would never be here without him and his tireless efforts.
Odell is a hero of mine and someone I try to emulate and learn from to this day.
🎯
It's something of my specialty these days 😅
I truly hope nothing I said attacked your character in any way, that was not up for debate at all in this drama I sparked.
Please tell me if that's wrong somehow and I'd love to correct the mistake.
The lie is that they still pretend on Twitter that they are in the same camp as the FOSS movement and share an ethos when they clearly do not belong anywhere close to the FOSS movement.
They still try to use it for marketing etc. which is purely a lie.
As for integrity on the subject of "cloning", you can read my responses here:
https://twitter.com/sethforprivacy/status/1651222101343236099?s=20
If the choices are to remain open source and have a VC backed company come in and profit on your hard work to your detriment, or change the license, I'd choose change the license.
They made a business decision that you don't like.
Foundation made a business decision Coinkite didn't like.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 is quite opinionated, but that's ok.
So are you.
And you would be free to do that, but if you do that you have to stop riding the coattails of the FOSS movement and be clear that you're merely source-available and don't share the FOSS ethos.
They chose this path because it helps them build a legal moat around their products instead of compete in the free markets.
MIT-CC is *very* different and a complete 180 from MIT itself, just to be clear here.
ColdCard uses MIT-CC which is a restrictive "source-viewable" license and not open-source at all.
The only benefit to their license choice is protecting the company at the harm of the broader ecosystem.
Let's put to bed the myth perpetuated by Coinkite employees that COLDCARD is in any way open-source today.
Open-source has a clear and globally recognized definition, and being open-source *matters*.
How it started:
How it's going:
DISCLAIMER: Obviously I work for Foundation, a competitor to COLDCARD, but the views I lay out here were already true before joining Foundation.
I would be just as happy if this led to zero sales of Passport but got the truth out there.
Freedom and integrity matter.
For background, COLDCARD was started as a free and open-source project that forked some of Trezor's code base way back in the day, and inherited the copy-left GPL licensing from Trezor:
https://github.com/trezor/trezor-firmware/blob/master/LICENSE.md
Copy-left licenses like GPL are a fantastic tool to ensure that your code and any derivative products others make using any part of it *must* remain open-source no matter what. No one can take your code and build a closed-source product.
GPL = good.
https://gnu.org/licenses/gpl-3.0.en.html
In 2020, a small team of 4 founders who loved the open-source movement and wanted to build a more approachable and easy to use HWW started Foundation, and leveraged some of the code from COLDCARD's open-source repos, specifically around PSBT signing.
This was *100%* above board, compliant, and within the spirit of both open-source and the specific licenses on COLDCARD's codebase, those being GPL.
Foundation gave clear and generous credit and committed to always keeping the code open-source:
When NVK realized that the open-source ethos allows for competitors to use parts of your code base and build better products (i.e. compete in a free market), he decided that he would rather build a legal moat and move to a "source-verifiable" license:
https://github.com/Coldcard/firmware/blob/master/COPYING-CC
This move meant that COLDCARD was no longer open-source, and was instead merely available for download and viewing. While people could come along and contribute code as they saw fit, they could never build or sell *any* product using COLDCARD code, even if kept open-source.
How do I know this is what the MIT-CC (or "Commons Clause") license now used by COLDCARD means?
Because the website for the license created by the original authors of the license spells it out in plain text:
MIT-CC is an interesting license on its own right, and isn't evil or anything, but it is certainly not within the realm of open-source in any way.
It is a clear departure from the definition of open-source that is globally recognized:
Why does all this matter? First, it's important that companies in the Bitcoin space honestly and openly discuss their approach.
If Coinkite doesn't hold a core ethos with the open-source movement, they are able to do so *but users/customers must understand the implications*
Obviously I believe in freedom and Coinkite are free to do what they want with their software, but their stance is antithetical to the open-source movement and is made more clear by the day.
Not only do they prevent the free use of their software, they actively go out of their way to harass and attack others who do the same thing they did - use open-source code and build something awesome out of it.
In the image above, NVK attacks an open-source contributor (who also works at Foundation) for using his free time to help the Monero community with forking Foundation code and creating something they want from it.
AKA the entire purpose of FOSS being mocked and insulted.
Why does open-source matter?
When a project is open-source, it means that not only do they share a freedom-focused ethos with you, but it also incentivizes other developers and companies in the space to build on their work.
More eyes on the code and devs building around a codebase means more secure code, a better and flourishing ecosystem, and far better verification that the code actually does what it's supposed to do.
It also means that if the company producing the software goes under, someone can jump in and pick up where they left off.
If Foundation had to shut down for some reason, any one of you could start a new HWW company from our code and open-source schematics and we'd applaud.
Open-source also means that companies are forced to compete by prioritizing users needs, not building products locked behind laws or lawyers that don't have to keep up with the times.
More competition in a free market means you, the customer, wins.
When code is *not* open-source, it means that there is no core incentive for others outside of the company building the product to review the code, build around it, or contribute to it.
As no one could ever create something they can sell with it, why build around it?
When code is *not* open-source, it also means that the contribution made, even though technically visible, can never help to grow the broader ecosystem and benefit the whole of the Bitcoin space.
It builds monopolies, not free markets.
Bitcoin is about freedom, and Satoshi's decision to use permissive open-source licenses was intentional and fitting with his attempts to build an open and inclusive monetary network.
Open-source is the reason Bitcoin has flourished and so many amazing tools have been built.
While everyone within Bitcoin is free to choose the licenses they want for their projects, if they choose source-verifiable or closed-source they must be up front and honest about it, and users must understand the massive tradeoffs involved.
The information in this thread is all readily visible and I've linked to it all directly, so please feel free to do your own research and confirm my claims independently.
You absolutely should DYOR in situations like this.
Please note that @NVK has not replied to any of the claims made here and has instead chosen to block me, so I am unable to interact with any of his tweets.
I have no doubt he's subtweeting about this but be aware I have no way to respond to him or his personal attacks now.
Since sharing this on Twitter he has so far called me a "spook", a "white knight", a "FOSS commie", a "bitch", and a "grifter" in the span of 12h all while blocking me.
TIL FOSS is just "commie zealotry" 🙃
Fully unpacked it here with some minor additions/updates:
#[2]
Let's put to bed the myth perpetuated by Coinkite employees that COLDCARD is in any way open-source today.
Open-source has a clear and globally recognized definition, and being open-source *matters*.
How it started:
How it's going:
DISCLAIMER: Obviously I work for Foundation, a competitor to COLDCARD, but the views I lay out here were already true before joining Foundation.
I would be just as happy if this led to zero sales of Passport but got the truth out there.
Freedom and integrity matter.
For background, COLDCARD was started as a free and open-source project that forked some of Trezor's code base way back in the day, and inherited the copy-left GPL licensing from Trezor:
https://github.com/trezor/trezor-firmware/blob/master/LICENSE.md
Copy-left licenses like GPL are a fantastic tool to ensure that your code and any derivative products others make using any part of it *must* remain open-source no matter what. No one can take your code and build a closed-source product.
GPL = good.
https://gnu.org/licenses/gpl-3.0.en.html
In 2020, a small team of 4 founders who loved the open-source movement and wanted to build a more approachable and easy to use HWW started Foundation, and leveraged some of the code from COLDCARD's open-source repos, specifically around PSBT signing.
This was *100%* above board, compliant, and within the spirit of both open-source and the specific licenses on COLDCARD's codebase, those being GPL.
Foundation gave clear and generous credit and committed to always keeping the code open-source:
When NVK realized that the open-source ethos allows for competitors to use parts of your code base and build better products (i.e. compete in a free market), he decided that he would rather build a legal moat and move to a "source-verifiable" license:
https://github.com/Coldcard/firmware/blob/master/COPYING-CC
This move meant that COLDCARD was no longer open-source, and was instead merely available for download and viewing. While people could come along and contribute code as they saw fit, they could never build or sell *any* product using COLDCARD code, even if kept open-source.
How do I know this is what the MIT-CC (or "Commons Clause") license now used by COLDCARD means?
Because the website for the license created by the original authors of the license spells it out in plain text:
MIT-CC is an interesting license on its own right, and isn't evil or anything, but it is certainly not within the realm of open-source in any way.
It is a clear departure from the definition of open-source that is globally recognized:
Why does all this matter? First, it's important that companies in the Bitcoin space honestly and openly discuss their approach.
If Coinkite doesn't hold a core ethos with the open-source movement, they are able to do so *but users/customers must understand the implications*
Obviously I believe in freedom and Coinkite are free to do what they want with their software, but their stance is antithetical to the open-source movement and is made more clear by the day.
Not only do they prevent the free use of their software, they actively go out of their way to harass and attack others who do the same thing they did - use open-source code and build something awesome out of it.
In the image above, NVK attacks an open-source contributor (who also works at Foundation) for using his free time to help the Monero community with forking Foundation code and creating something they want from it.
AKA the entire purpose of FOSS being mocked and insulted.
Why does open-source matter?
When a project is open-source, it means that not only do they share a freedom-focused ethos with you, but it also incentivizes other developers and companies in the space to build on their work.
More eyes on the code and devs building around a codebase means more secure code, a better and flourishing ecosystem, and far better verification that the code actually does what it's supposed to do.
It also means that if the company producing the software goes under, someone can jump in and pick up where they left off.
If Foundation had to shut down for some reason, any one of you could start a new HWW company from our code and open-source schematics and we'd applaud.
Open-source also means that companies are forced to compete by prioritizing users needs, not building products locked behind laws or lawyers that don't have to keep up with the times.
More competition in a free market means you, the customer, wins.
When code is *not* open-source, it means that there is no core incentive for others outside of the company building the product to review the code, build around it, or contribute to it.
As no one could ever create something they can sell with it, why build around it?
When code is *not* open-source, it also means that the contribution made, even though technically visible, can never help to grow the broader ecosystem and benefit the whole of the Bitcoin space.
It builds monopolies, not free markets.
Bitcoin is about freedom, and Satoshi's decision to use permissive open-source licenses was intentional and fitting with his attempts to build an open and inclusive monetary network.
Open-source is the reason Bitcoin has flourished and so many amazing tools have been built.
While everyone within Bitcoin is free to choose the licenses they want for their projects, if they choose source-verifiable or closed-source they must be up front and honest about it, and users must understand the massive tradeoffs involved.
The information in this thread is all readily visible and I've linked to it all directly, so please feel free to do your own research and confirm my claims independently.
You absolutely should DYOR in situations like this.
Please note that @NVK has not replied to any of the claims made here and has instead chosen to block me, so I am unable to interact with any of his tweets.
I have no doubt he's subtweeting about this but be aware I have no way to respond to him or his personal attacks now.
Since sharing this on Twitter he has so far called me a "spook", a "white knight", a "FOSS commie", a "bitch", and a "grifter" in the span of 12h all while blocking me.
TIL FOSS is just "commie zealotry" 🙃
💯
That is a very apt comparison I hadn't seen, love it.
FOSS Washing it is 😅
Thankful for seedsigner as an alternative!
Great people behind it too 😀
It's too long and I'm too tired to copy-paste it all here, but it's high time I finally comment on the ridiculousness of Coinkite/COLDCARD trying to pretend they are still open-source and playing word games to convince people of their abandoned ethos.
Being *actually* open-source matters for many reasons.
https://twitter.com/sethforprivacy/status/1651039483419058177
Nitter link (privacy-preserving frontend for Twitter): https://twitter.com/sethforprivacy/status/1651039483419058177
Same disclaimer from the Twitter thread for full transparency:
DISCLAIMER: Obviously I work for Foundation, a competitor to COLDCARD, but the views I lay out here were already true before joining Foundation.
I would be just as happy if this led to zero sales of Passport but got the truth out there.
Freedom and integrity matter.
Understandable, I would hope everyone would read the full thread before coming to conclusions, though, and I have it clearly listed everywhere that I work for Foundation if they somehow missed that.