Many wallet are compatible with Jade (notably sparrow), from different projects.
> I don’t think the article claims every HWW with a screen behaves like that
They're explaining the problems with screens. In the case of Jade, what they're explaining doesn't apply, as far as I know.
The article is from two years ago and also talks about what they *might* do (like using the servers to do another verification). Do you know of a more recent article that talks about what they actually settled on and what they're doing now?
Good question. I would assume that it would be instant if they also have the oracle server.
My thinking is the odds of : stealing the Jade and hacking the oracle server versus the odds of hacking a secure element.
Not to mention (well, I guess I'm mentioning) the risks of a supply chain attack for the secure elements. I pretty much assume that's already been done since we saw what happened in Lebanon with the pagers, radios, etc. Supply chain attacks are not as far fetched as we might want to think.
Secure elements are closed-hardware and require NDAs. Not feeling good about that at all.
And at this point, secure elements are securing crazy amounts of money. So the temptation must be off the scale.
I think the Jade Plus can be used as a stateless signer with the seed QRs.
I don't understand this section of that webpage "Receiving Money: Screens Help, But Aren’t the Only Option"
That's not how Jade works. Your Green app (companion app) gives you an address and you can click a button on the app to "verify" that the address does belong to your Jade. You then click confirm on your Jade.
If you take for granted that your phone is not compromised, you don't even need bitkey.
Only the oracle server? (not the Jade too?). Then you just make a new oracle server from your backups.
Get a bidet !
Compare those odds :
1. someone steals your jade, hacks it and *also* hacks the blockstream oracle server (and you could have your own oracle server, by the way)
*versus*
2. someone from a local thief ring steals your coldcard and gives it to their main tech guy who has about 100,000$ worth of electronic stuff to hack the secure element.
I like 1 better.
Maybe it will but I don't think it's wise. Not wise for security of the btc, for the investors, for the employees, and not even wise for us "not your keys, not your coins" humbly stacking privacy-advocating plebs. But maybe that's the way it'll go.
with claws-mail, there's no js, html, css, etc, so it's basically just text. Fewer security risks.
You're also a privacy advocate so I'm surprised to see you suggest that it would be better to make the addresses public. I wouldn't even want that as a precedent that people could point to and say "well, the big guys do it, why can't you".
Is it public knowledge where the MSTR btc are being held? I'm not aware of that but I didn't really look into it. If they're already disclosing that, it's true that it would be less relevant to have the flows tracked. But still, let's say they decide to sell later : if you know what the addresses are and you see them move to an exchange, you could front-run MSTR, etc. It would hurt them getting the maximum value for their investors.
I'll repeat it : I don't invest in any way in MSTR, and I don't want to. But someone who chooses to invest in public markets is accepting those sets of rules.
As for moving the btc to different addresses after the proof of reserves (to not hold btc in addresses for which the public key is known) : wouldn't that pretty much defeat the purposes of the proof of reserves ? In the fiat world, people do that : they get their friends and family to move funds to a bank account just long enough to prove a certain amount in a bank account. The money is redistributed afterwards.
But then you still have to hack the Jade itself too.
I don't understand bitkey. There's no screen on it to see what you're confirming. If your phone is compromised and showing you a different address than where you'll really be sending the btc, what protection does the bitkey give you?
#btc #bitcoin #bitkey #security
From the online research I've done on this guy, it seems like he's been lying about lots of things for a long time.
Yes it does. 1. It gives more public visibility on the flows of funds and thus whom to target. 2. Plus, you publish the public key, so you remove the extra security that we get from an used btc address (the public key being hashed).
I don't, and won't, own his stock for moral reaons (mostly because I don't want to give blackrock money for them to buy bitcoin), but he's right on his arguments against proof of reserves. It's bad for security (on the technical side) and it doesn't prove liabilities. But for me it's just not your keys, not your coins.
Driver's license or Passport. Proof of source of income. Verified address, verified phone number. Oh, and I need a selfie with the passport too. Fair is fair.
I find it's cheaper to just buy a used desktop on ebay. I get better specs for cheaper, and normal desktops don't flake out as much as raspberry pis do. RPs are really for educational purposes, they're great educational tools for kids. But having them run 24/7 is risky in my opinion.
haram would be if there's "interest" paid on it, no? There's no interest on ecash.
If banks can KYC me, than I can KYC their employees. How do I know they're on the up and up? Maybe they're still doing some of the shady stuff that they've already been fined for, in the billions. I wouldn't want to be involved in any of that, now would I ?
If governments can KYC me, than I can KYC the politicians and all of the public employees. How do I know they're not using my money to bomb brown people somewhere (to quote George Carlin) ? I don't want to be involved in any of that either.
Fair is fair. What's good for the goose is good for the gander.
But I agree with Saylor on the security front concerning proof of reserves. Publishing addresses is a terrible idea. And signing anything where you'll end up publishing the public keys for addresses full of bitcoins (while keeping the btc in those addresses long term) is also pretty bad. There's a reason why we hash the public key to make the address.
#kyc #banks #btc #bitcoin #security