Steve Lee is lead at Spiral, Block's open source initiative, and has recently helped launch Presidio Bitcoin, a bitcoin community space in San Francisco. Craig Raw is the creator and maintainer of Sparrow Wallet, one of the best bitcoin desktop wallets available. We discuss the tradeoffs of Block's new Bitkey hardware wallet and potential improvements. Then we briefly jump into discussion on soft fork proposals for bitcoin vault functionality.
Steve on Nostr: https://primal.net/moneyball
Craig on Nostr: https://primal.net/craigraw
EPISODE: 151
BLOCK: 888348
PRICE: 1222 sats per dollar
support dispatch: https://citadeldispatch.com/donate
nostr live chat: https://citadeldispatch.com/stream
odell nostr account: https://primal.net/odell
dispatch nostr account: https://primal.net/citadel
youtube: https://www.youtube.com/@CitadelDispatch
podcast: https://serve.podhome.fm/CitadelDispatch
stream sats to the show: https://www.fountain.fm/
join the chat: https://citadeldispatch.com/chat
learn more about me: https://odell.xyz
(00:02:55) Introduction
(00:04:32) Presidio Bitcoin Launch and Community Spaces
(00:08:16) Challenges and Opportunities in South Africa
(00:14:31) Bitkey: Making Bitcoin Self Custody Easier
(00:33:08) Threat Modeling and Security Concerns
(00:42:00) Future Scenarios for Bitkey and Sparrow Integration
(00:54:02) Recovery Scenarios and User Experience
(01:17:02) The Potential of Bitcoin Vaults
(01:30:25) Final Thoughts and Future of Bitcoin Security
Friend of the show Orange Surf wrote up some notes on Craig's proposed FROST improvement to Bitkey here: https://orange.surf/bitkey-notes/
[00:00:00]
Alex Gladstein:
Wanted to point out to to show the power of a space like this is what we've seen around the world in this kind of emerging way for people to live in Bitcoin and spend in Bitcoin at at scale, and it's all because of spaces. So there's a space in Costa Rica called Bitcoin Jungle. There's a space on the African continent that's rooted a little more ephemerally, but it's the African Bitcoin Conference. And then there's a space that, our friend, Nifty over here has created called BTC plus plus, and it kinda moves around the world. But all three of these spaces brought people together who then figured out how to bridge Bitcoin with local fiat currency. So in Kenya and in Brazil and in Costa Rica, you can live in Bitcoin, and you can just walk up to anybody and pay them in in through the Lightning Network, which is acting as like a little bit of, like, you know, connective tissue between you living in Freedom Money and the merchant.
The merchant just gets the local currency. So in Costa Rica, it's like a mobile app, mobile money, SIMP. They just they get the Costa Rican currency. In Kenya, it's the same thing. They get m pesa. And in in Brazil now, because of some of the developers who worked on a hackathon last week or something like that, you can get the Brazilian currency, but you can live in Bitcoin. And I'm starting to see this happen at scale. And this happened with as as with as with, what is it? Is it Azteco? Azteco? So Azteco is super dominant in South Africa. So people in South Africa do the same thing. They can live in Bitcoin and they can spend it in any store in the country. So you're starting to see it possible for people to actually live in Bitcoin at scale. You know, hundreds of millions of people can have access to this stuff. And it's all because of spaces. And I think that this space is gonna be important not just to spread awareness here in the Bay Area, but also to be a brother or sister organization to all the other spaces and to connect. One of the one of the ones that we helped start, is in India. India is a very important country for a million reasons, but it's one of the countries that I think in the next fifty years is gonna play one of the biggest roles in Bitcoin because of the public interest in gold and the public skepticism of of digital payments.
And people in India who we were connected with applied to us to create, basically, a Presidio Bitcoin, but in India. And they did it, and they have it now, and they run it now. So there's so many cool things that you all can do when you link space to space to space.
[00:02:55] ODELL:
Happy Bitcoin Tuesday, freaks. It's your host, Odell, here for another Citadel Dispatch, the interactive live show focused on actual Bitcoin and Freedom Tech discussion. It has been a month since our last dispatch. Many of you may have listened to it with the one and only Jack Dorsey. Sorry to keep you guys waiting for another rip, but we have a great conversation lined up. I got another great two conversations lined up over the next few weeks. Hopefully, I'll add more to that. Who do I have? I have April 2. I have Nifty joining us. We'll be talking about BTC plus plus and OpenSats.
That's April 2 at two thousand UTC. And on April 11, I have Dan Gould joining us to talk about pay join. That will be at seventeen hundred UTC. As always, you can find all the information on the show at SILdispatch.com, all the relevant links. I recently ran the numbers, and SIL dispatch right now is we've recorded over three hundred and forty three hours of dispatch, which is insane. Rabbit hole recaps is at five hundred and forty seven hours. So that's over nine hundred hours of me on a podcast, which is either a great accomplishment or a questionable decision on my use of time.
But thank you all for joining me for much of that. I appreciate it. And, if you appreciate the show, that's what keeps me going. Anyway, guys, that intro clip was Presidio Bitcoin. The Presidio Bitcoin launch is a new physical space in San Francisco. I have a lot of experience with running physical space in Bitcoin Park in Nashville. It's, quite an undertaking, but it's well worth it. We recently actually just launched in Austin as well, Bitcoin Park Austin merging the two communities. I have Steve Lee here who is in that clip. He's one of the guys in charge of Presidio Bitcoin and helping making that a reality. And I have Craig Raw here of Sparrow Wallet. Obviously, Steve is a many time guest here and is is also lead at Spiral Blocks Bitcoin initiative.
Steve, how's it going?
[00:05:26] Steve Lee:
Great. How are you doing?
[00:05:28] ODELL:
I'm doing great. Craig, how's it going? You good over there?
[00:05:32] Craig Raw:
It's great. Yeah. Good to be back back on the pod. Final boss.
[00:05:37] ODELL:
Final boss. I I mean, I think a great place to start here and, obviously, yeah, a great place to start here is is Presidio Bitcoin. Steve, congratulations on the launch. What does it feel like over there?
[00:05:52] Steve Lee:
Thank you. Fantastic, actually. It's, I drank it up there as one of the top sort of product market fit thing projects I've worked on in my my career. Like, Google Master Mobile is is one of them. Proceeding Bitcoin has just been magical from the start. We've been having about 15 people work out of it since November as we build it out, and then we just launched it a few weeks ago. But, everyone who who is working out of it, everyone who visits seems to have a really good experience. Our retention of people working out of it is high, which which was a a known or a challenge going into it just because people get so used to working from home and they don't like to commute.
So even though we have a a nice space here, just getting people off their butts to get in the into the office was an unknown, but that's been really successful. And it's a great event space too. We've had two of the best bit devs in San Francisco since, like, the 2018 era, 50 plus people showing up. We got Greg Maxwell to come. So, that that I I consider that a coup. Yeah. It's going really well. And we have a a recording studio, and I'm even deciding to be a podcaster now. So there you go. Are you are you at Presidio right now? Yeah. I'm in the recording studio, but just using my I love it. Amateur setup. But Yeah. I mean, you had a who's who at the Presidio launch. I mean, that clip,
[00:07:26] ODELL:
to the people on audio, you were listening to Alex Gladstein speak. He was sitting next to David Marcus and Jack Dorsey, and, Steve was the was the moderator of that panel. But by far, the most impressive attendee was was g Max, having Greg Maxwell there. I I think a bunch of us were, that that was the one that hit us.
[00:07:48] Steve Lee:
G Max and Andrew Polstra. So I I I I highly doubt there's ever been a a small group meeting or, you know, event like that that has Michael Sailor, Jack Dorsey, David Marcus, Greg Maxwell, Andrew Polstra all in the same same room. And, like, rock star dev was there, and it it it was a real And there was, like, what? Like, 60 people. Right?
[00:08:05] ODELL:
Yep. About seventy seventy people. We we had about a %. The per the per capita concentration of of talent there was pretty insane.
[00:08:16] Steve Lee:
Yeah. And, one thing we're given our location in San Francisco Bay Area, 1 of the aims for this space is to, really do a lot of outreach and engagement with Silicon Valley and big tech. I feel like that Silicon Valley and big tech, that world and the Bitcoin world are just often, not seeing I die with each other. So, I come from the big tech world, but I'm a hardcore Bitcoiner. So, hopefully hopefully, this space can can help bridge that gap. I think I think, it's a it's a bridge worth worth, gapping. So
[00:08:54] ODELL:
I love it. Freaks, I, the Nostr stream is is is down. I guess Kieran of ZapStream is under attack, some sort of attack. Someone wiped his, all of his discs. He lost everything. Now he's under DDoS. We are streaming to YouTube. The YouTube live chat will be streamed into the broadcast. So if you wanna participate, participate via YouTube. I think I talked to a million about it. I think we're gonna have to release a Primal Video Streaming client. So that's your tease for the day. We'll keep it open and interoperable, and but and I love Kieran, but I think we're just gonna have to do that.
So we'll make that happen, and, hopefully, it'll become the best place, to stream video. Yes. And we have everything in the live chat. It is also streamed to x because I am not a purist, despite many, beliefs otherwise. Craig, I don't think you have any community spaces out by you. It seems like if you watch the news, you guys are fucked over there. How how are you thinking about, I mean, I think your location is public, but I also don't don't wanna say it out loud. Do you have any opinion on living within a strong community?
[00:10:29] Craig Raw:
Yeah. Look. I mean, I'm lucky enough to live in a a small village, and it it really does help, from many points of view. You have a community. You have you're able to have better security, because you can fund it in a private way. You don't have to rely on the state quite as much. But, you know, I think that that's true for anywhere that you live. Certainly, it helps that I live in a far corner of the world in many ways. I don't have to worry about certain things, but as everyone sees on the news, there are certain events or certain, a certain way of life that is under threat here.
And, yeah, I mean, it's been going on for a long time. The news just happens to capture the current state of the nation, if you will. But, you know, we all have been observing, you know, what has been going on for quite a long time, many years now.
[00:11:33] ODELL:
Is I mean, is it is it legit, like, just a straight up race war over there right now?
[00:11:38] Craig Raw:
Look. I mean, South Africa obviously has a very complex racial history, and it's very hard to say anything about that without anything simple about that. It is unfortunate that we have, you know, this such extreme racial tension in our past because it leads to a lot of racial tension in our current present. And, you know, you can understand it while at the same time understanding why it's not helpful. So it's quite difficult to resolve. And, unfortunately, many people think that the state is the the body that must resolve this, that must bring equality or what have you.
I don't agree with that view myself, but, unfortunately, that is the dominant view, and it results in a lot of very, racially biased laws here, which results in a great deal more tension. And so it leads on. You know? How do we get past that? I think we have to build a society which is ultimately meritocratic, which is ultimately based on good education, rather than trying to push people forward based on their skin color or some something else. So, you know, that's that's the goal, and the question that people don't agree on is how to get there.
[00:13:06] ODELL:
Well, well said. Just, I think you already know this, but if there's anything I can do or the global Bitcoin community, just shout. You got a lot of support out here. And, if you ever wanna seek refugee status in America, we can, like, work out some kind of visa situation. You could be like my personal Bitcoin infrastructure provider or something. We'll we'll make it work. Somehow, we're in the halls of government over here. So, we might even we might even be able to get you a preemptive pardon or something like that if we need to. You just, like like, a get out of jail free card forever.
[00:13:43] Steve Lee:
The city of Bitcoin is on federal land, so maybe that we can work a deal. Is it really? Yeah.
[00:13:49] ODELL:
So how does that work? Are you paying Elon rent?
[00:13:55] Steve Lee:
There's there's, like, a the landlord had leased this space for fifty years or some, like, super long period of time. Oh, wow. But it is it's like the Presidio Trust is the overall steward of the Presidio.
[00:14:10] ODELL:
That's fascinating. I mean, I knew pres the Presidio was federal, but I figured you guys were just, like, you could see it from your window or something. I didn't realize you were actually on the land. That's pretty cool. Interesting.
[00:14:21] Steve Lee:
Like, Luke Lucas films, like, Star Wars stuff is here on federal land. The statue of Yoda. Yeah.
[00:14:31] ODELL:
So, guys, I mean, I think our first topic should be, Bitkey. That's how we all connected, relatively recently, and then we decided to rip a dispatch for the benefit of everyone else because I think there's a lot of good conversation here. Why don't we start with, Steve. Why don't you explain what the big key is, why it exists, what what the goals of, of the project are?
[00:14:59] Steve Lee:
Sure. I'll just give my caveat that I I don't I don't work on the team. So I speak for myself, not for the team.
[00:15:07] ODELL:
And that, yeah. So I'll just speak freely. So I'll, Well, just before you continue, I just wanna say that I recently got to meet a bunch of the team in person, in Jackson Hole. So I I can speak for the team, but continue.
[00:15:23] Steve Lee:
So this will be my my own opinion. I I I work closely with them and and give feedback, but you can kinda think of me as, like, just a Bitcoiner like you guys, who is an advocate for the the the goals and aims of the Vicky product. So what what's, what's sort of unique about Vicky? I think what excites me most is just the, making it much simpler for people to self custody. The UX, I think, is I would call it revolutionary, dramatically better, for for pry managing private keys. And that's because, it it fundamentally, because the customer, the user doesn't have to directly handle private key material. So which a a lot of products, have seed phrases, and and with with Viki, you don't have to to handle that. It's also novel because it's a two or three multisig out of the box, and, I believe it's the only product really like that.
Every other multisig is either do it yourself, like, you can use Sparrow and then use different hardware manufacturers and create your own multisig, or you're using, you know, like, a cost or unchained type of a service. But even then, you're you're somewhat I mean, they they assist dramatically, but it's still it's still you're putting the pieces together. So that's that's novel. It's a it's a mobile app. It doesn't use a desktop, application, and it's NFT based. So there's a the onboarding experience is can literally be done in, like, forty seconds. If if it's your if it's your first time, maybe it takes you five minutes just because you, you know, you deliberately beat every screen, but it's a really easy onboarding experience. And it, it I'd say it optimizes, reducing foot guns, reducing, user error for key loss, which I think is underappreciated in the space, and most other products do worse at that. Having said that, there's definitely many areas of security that can still be improved at Bitkey, And privacy, there's a lot of improvements that could be improved with the key. So I think the good news there is that a lot of that stuff in the road map can be done without sacrificing the UX. So, hopefully, it's just a matter of time.
And I also hope that, this design is copied and improved upon in the industry. That that that's my hope, that it's not just a one company's product kinda thing, but, you know, I said it's I think it's revolutionary. If it's revolutionary, that means others others will copy it and make it even better.
[00:18:11] ODELL:
Awesome. Yeah. I mean, the way I talk about Bitkey is, Bitkey is, fundamentally, massive innovate innovation in terms of Bitcoin self custody and holding holding Bitcoin in a self custody way relatively securely with with very little friction and and very little possibility of, messing it up. Vicky is the first time that I can, for instance, give my my dad just give my dad a device or give a nontechnical friend a device, have them go through the steps with the mobile app and set it up, and they don't have to ask me any questions. They don't have to watch a tutorial video. They don't have to read any guides. In two years, they won't just absolutely freak out after they haven't touched it for years, and the price is way higher and and not know how to access their Bitcoin.
So it it it definitely reduces the burden of me as someone trying to onboard someone. And I am in in this interesting position in this conversation, I think, because me personally, you know, the trade off balance doesn't really make sense for me. I I personally use Sparrow plus hardware signers, and I I particularly like Coldcard the best. But at the same time, I've recommended Bikki to many different people. And so I actually have a Bikki right here, unopened, in the box because I have a bunch of those that I just, like, hand out to people, and it's a fucking amazing product. Now with all that said, there are some trade offs in terms of trust.
There are some trade offs in terms of interoperability. I'm curious, Craig, where how do you how do you think about the Bitkey?
[00:20:11] Craig Raw:
So first of all, I I just wanna, concur with both you and Steve in saying, you know, it really is an innovation. And when it comes to self custody, I really can't have enough praise for innovations in that space. My goal, with Sparrow is to promote self custody and being self sovereign over your funds. And anybody working in that space and pushing out products and doing new things deserves commendation in my view. So let that stand as a point on its own. I think, you know, I think it's it's important for me to present some alternative points of view here.
The the the thing about the Bitkey is that it is, by design, a closed system. So if you are using the Bit Bitkey, you are contained within that space, and it's a comfortable space. It's great UX. But if you were to want to evolve your self custody journey and, Matt, you mentioned using Sparrow with hardware signers, which is a more, secure in many ways, setup, then you have to leave the Bitkey ecosystem behind. And that's somewhat unfortunate. I think it's maybe an inevitable consequence, and this is, I think, what we were talking about is is that a requirement of the Bitkey ecosystem? Is that a requirement of the design choices that went into it, Or can somebody take their stack, which they put on into the Bitkey and evolve from there?
Can they take that on into a more evolved setup in future? And I think that that's an interesting challenge for the Bitkey team to consider because there's a lot to be thought about when you're doing doing that. So, you know, one thing that we know is that closed so systems tend to fare better to sorry, fare worse over the long term than open ones simply because the universe is, tends towards entropy. And open systems and people working on open systems and coming up with different ideas handle that truth about the universe better. Right? We have people adapting to things and developing things for different situations.
And that's why you end up with, this plethora of hardware devices that we have today, all these different wallets that can interact with them, and really a very rich ecosystem in which a Bitcoiner can choose the particular setup that matches their use use case. Now I will say that none of those use cases are as easy to use in a two of three multisig as the VitKey. So, you know, I'm not trying to say that it's all better. But what I am saying is that the trade off that you get for that great UX is moving from an oak a sort of open ecosystem to a closed one or at least a more closed closed one. And that's quite a serious trade off that you make.
The question really is, is that trade off a requirement? Is that or can that ever be done in a way which allows the Bitkey to also benefit from the kind of open ecosystem ethos that we have in other areas?
[00:23:31] Steve Lee:
Yeah. I think this this tees up the conversation we were having over signal that we we're we're both like or all three of us are like, hey. Let's let's just do it live. It'll be easier to talk about. I think, Greg, you provided good context there. So I'd love to talk about different hypothetical scenarios, and then we can talk about pro you know, the benefits of of those. So, I mean, let's let's start with Bitkey today. As you said, Craig, it's it's a closed system in the sense that you can't use other hardware devices with Bitkey like you can with Sparrow.
You also can't use Sparrow with Bitkey, or, you know, another another reason we started chatting is, like, using Sparrow as a watch only wallet for for Bitkey, and Craig actually found a a a bug or a I don't know if you'd call it a bug, but the area of improvement with the derivation path for for Vicky. So thanks for finding that. I think the teams acknowledges that and is gonna fix it. But I think even with that, problem, I I think you can still set up a a Sparrow to watch only for wallet for for for Vicky. But still, there's not like it's pretty closed in that respect. Just so everyone's aware, though, the the code for Vicky is published source.
Although we can get we can go and get into that rabbit hole as well. It's not as, you know, we can have a reproducible build and things like that, and it's it's not perfect in that respect. But, again, there's a road map to get there, and a desire to get there. But, let's go through a hypothetical scenario of, using other hardware devices with Bitkey. I personally think that could make sense. One of the criticisms of the current Bitkey hardware device is that there's no display, and it's pretty much, like, written in stone within Bitcoin culture that you need the display on your hardware device to verify a transaction.
And, there's you know, it's not not arguable that there's benefits to to doing that. And the the Viki hardware device doesn't have that. So maybe a future Viki hardware device does have that. It's already been published. What can be done with the current Viki product is that you can have a a I mean, I think the team called it server as a screen, but you can send a transaction verification message to a a user over SMS or email, or they can view it on a in a web browser on another device, to verify a transaction. We can get into that rabbit hole as well if you want. But, you know, another solution would be like, hey. The Bitkey ecosystem and and, like, services and software can work with Trezor's, cold cards, ledgers as well.
And I personally think that's a that's a solid direction. I think that does add value for users. You could imagine instead of having your keys, on your mobile phone and your Vicky device, you could have one on Vicky device and one on a cold card instead of on your on your phone. And I think that that would definitely improve security. I don't think you sacrifice user experience that much. It would be there'd be a little bit more steps and complications there because it's not fully vertically integrated, but it wouldn't be that bad, and it it would be a more secure system than the current Viki. Or you can imagine a direction going, like, a different multisig setup than two of three. You could have three of five and and have more. It's certainly one advantage of using, like, Sparrow with in a three of five is that you can use different vendors for your hardware devices, and that reduces supply chain attack that that vector of of, security risk.
So that that kind of openness for Vicky in the future does make sense to me. What what was making less sense to me when we were chatting about this is integration with Sparrow. And I'm definitely not I love Sparrow. I'm not a hater of Sparrow at all. Go ahead, Matt. Did you have a question? Let's just pull let's just pull it back real quick.
[00:27:50] ODELL:
To those that are not aware, the current Bitkey setup is the Bitkey device holds a key, your mobile phone holds a key, and block server holds a key. The Bitkey device does not have a screen on it, but my understanding of the setup is that the Bitkey server is also verifying stuff so that if your mobile the the concern is if your mobile phone gets compromised. Your mobile phone is showing you an incorrect receive address or if your mobile phone is actually constructing a transaction that is sending somewhere else. That that is not where you think it's going. And these two scenarios, usually, on, like, a cold card, for instance, you would verify it on on the screen of the secure device itself.
Vicky doesn't have a a screen in that situation. But that setup is what also makes it incredibly user friendly to use, where the user is simply interacting with just a mobile app. They're getting reasonable security guarantees, and all it takes for them to send a transaction is to scan their fingerprint and tap this really solid built device on the back of their phone. Okay. I think that that was important context. Now, I mean, Craig, what is what is your perspective here? Let's
[00:29:09] Craig Raw:
let's put it back together. Steve, you know, everything you've just said sounds really great. You know, I think we are in actual broad agreement here. I don't think given what you said, you know, it's if you actually consider the Bitkey device, and I have one in my hand here, you know, it's it's certainly, on its own, makes up for a poorer hardware wallet than most other hardware wallets you can buy because it doesn't have the screen. It wasn't designed in that way. So I think from the perspective of kind of making it a standalone hardware signer, it doesn't make a great deal of sense.
From the perspective of should the mobile key, the the key stored on the mobile app, be exposed so that you can, you know, construct your own two of three in Sparrow and kind of move outside the Bitkey ecosystem, obviously, you're then asking the user to deal with private key material, and there's a lot of risks with that. And I completely understand the decision of the Bitkey team not to do do that. So that that makes sense. So I think we're in broad agreement in terms of of, you know, does it make sense for to take the current Bitkey system and expose the different parts, split split them up, and kind of just transpose them into an a sort of open Bitcoin ecosystem. I think that kind of really, undermines the original intention and the design choices that you made.
Now that doesn't preclude, as you said, the ability to work in future to take that that really great UX that Bitkey has and to bring it into, the Bitcoin kind of open ecosystem and allow it to, interact with other hardware signers. So that's that's a future that I I'm really interested in and would like to explore more because, that I think, you know, really adds a great deal. Not that the Bitkey is not adding already, but it really adds a great deal to the space that we're in.
[00:31:18] Steve Lee:
And and maybe, for a little bit more context for the audience who hasn't used Bitkey, the one thing that makes the UX so great, and it sounds like the three of us agree that the UX is great, is recovery. So, there's just there's it it really minimizes the chances that a customer is going to lose their Bitcoin on their own. So if we're assuming no. You know, you're not being attacked by the government or North Korea or whatever, but you just, you know, it I I think a lot of people hesitate to self custody because they are afraid they're going to mess up. They don't spend hundreds of hours like the three of us and maybe a lot of people in the audience studying OPSEC and all the all these different, systems. So, if you lose your phone, you can easily recover. If you lose your device, you can easily recover. If you lose your phone and your device, incredibly, you can recover. And and the audience might wonder how because that's two of the three keys.
Well, the key on the mobile phone is is encrypted and backed up in either iCloud or Google Cloud, and it can be recovered. And and it's all these recovery services are done while block only retains one key. So there's no no recovery scenario where block has two keys and could confiscate the the the Bitcoin. So the that that recovery UX, if that can be brought to, you know, other hardware devices as well, being part of that recovery service, I think that would be a benefit to to the ecosystem and and and users.
[00:32:57] ODELL:
I mean, I like the idea of going through scenarios here, like practical scenarios, and and discussing how Vicky currently handles it versus how it could be improved. You mentioned here, like, North Korea, the NSA. So we have a concept that is it's called threat modeling. Right? It's like, who is in your threat model? Who are you trying to protect yourself from? I would actually probably go I I Bitkey is probably North Korea proof. Like, I mean, there was a recent case with Bybit getting hacked by North Korea. Like, they probably would have been better off using Bitcoin in a Bitkey than whatever their Ethereum multisig setup was. And we could go down that rabbit hole. But, the biggest, you know, concern in this threat model is probably, like, an NSA type actor, a US based government actor, because things are you're you're downloading an an iPhone app.
So Apple would need to be compromised. You're using you're using cloud services, whether that's Google or Apple. So, like, in a threat modeling scenario, that's probably the biggest risk, or block trying to be outwardly malicious, which I would, like, kind of group into that same kind of NSA type threat model. So for most people, NSA is not in their threat model. Big US company tech companies are not in their threat model of colluding with each other like a block and an apple colluding with each other. But what is in their threat model is them losing losing Bitcoin.
So what let me let me go through a scenario that I've seen. I have have friends that that have ledger wallets, and they're using ledger and single sig. They're not using it with Sparo Wallet. They're using it with Ledger's mobile app. They're not spending Bitcoin. They're simply saving Bitcoin, and they keep just sending to their same receive address. Maybe they have auto withdrawals enabled and they're just, they're reusing addresses. They're definitely not using coin join, and they're not even creating new addresses and they're just sending it to their ledger wallet. And now ledger has seed backups, which I think we should talk about the fact that Bitkey doesn't have seed backups.
So they're supposed to set up, you know, their 12 or 24 backup phrase word when they first set up their Ledger. Now there's two issues here. The first issue is they record it correctly, but they don't keep those seed words safe and someone gets access to them and they steal their money. The second issue is they lose their seed words or they write them down incorrectly. And Ledger, for instance, doesn't give you any way of checking what those seed words are. So in four years, five years, your Bitcoin's worth 10 x, 20 x, 30 x. There's no way for you to verify that you actually wrote down those seed words correctly, without reinitializing a whole new Ledger Wallet. That's just an issue with Ledgers. This is the most common hardware wallet in the market, the Ledgers.
The second thing is if you forget your PIN on a ledger, you have three tries. And no one thinks they forgot their PIN on the first try. So they put in the PIN the first time, they get it wrong, and then they have two more tries. They usually go, oh, I'm I'm good. I remember my PIN. They put it in again. They get it wrong. They have one more try. If they get it wrong at that point, their ledger wipes. At that point is usually when I get the panicked call. Them freaking freaking the hell out. They can't find their seed phrase. They have one more PIN entry. Bitkey fixes that.
That whole scenario can't can't happen on a Bitkey. And and to me, that's why it's a fundamental improvement. Now at the same time, I me personally, I like seeds. Like, I think seeds are an amazing invention. I think it's amazing that I can have a seed from a cold card and then just put it into Sparrow Wallet. And, like, I don't even need a cold card to restore it, which is crazy. That's, like, fundamentally incredibly empowering. But I don't know, like, I don't know if you can have both. Like, I don't know if you can have both in the same device. I don't know if that makes sense or not. But anyway, I'm kinda rambling, but, like, that's how I think about it. Like, I don't know if, like, do we want the Bitkey do we want the Bitkey to do everything, or should it just be like, that's what I I'm I'm curious in Craig's opinion here because I think I know Steve's opinion. But I'm curious in Craig's opinion. Like, do we want the Bitkey to have power user features and, like, advanced options and all this other stuff at the detriment of, you know, people foot gunning themselves?
Or or is does it make sense to have, like, a very user friendly wallet that's, like, a stepping stone outside of custodial? They these people are probably using Coinbase or using a Ledger Wallet or something. And then, hopefully, then they upgrade to, you know, a cold card or something or a multisig setup at at some point in the future.
[00:38:11] Craig Raw:
Yeah. So, you know, I think the the answer is, you know, no. We don't want we don't we don't want to detract from the great UX that Bitkey has built. We don't want to make that worse just because we've always done things in a different way in the past. I think where, you know, where it's it's interesting to explore future direction, though, is let's say that somebody has started off with the Hot Wallet, moved to the Bitkey, started to stuck set, started to really understand Bitcoin better, started to put more and more into it until it becomes a substantial part of their life savings.
You know? At some point, does it make sense for them to say, you know, I could be more secure than I am with this device. I should upgrade. And I think that that does make sense. I think there comes not necessarily for everyone, but there does come a point for many people where they'll they'll be, you know what? I hear that there are different ways of doing this. I'm gonna explore it, and they're just gonna go off and do that. Now what the unfortunate thing is they didn't have to leave the Bitkey ecosystem behind in in a com complete way. They can't they can't kind of take that device and that experience and that, familiarity that they have with it along with them. And that's a bit of a pity, really, because that's how people kind of move from single sync to multi sync, for example, is they're really familiar with one device, and they can kind of go on using the same interfaces, whether it's the hardware device interface or the soft software wallet. They can kind of go on using that, and they can take that familiarity onwards.
With the Bitkey, you can't. So that's that's one of the big trade offs. And for many people, just that will mean that they, either, a, won't do it, or if they do do it, they'll mess it up. Right? So there's kind of this learning, barrier that we have at this current point. You know, I think what we would ideally want is that the Bitkey learning experience and that comfortable environment that they've built can be used to evolve things to the next level. You know, if we if we look at what the Bitkey is, you know, it's it's it's it does make certain trade offs in order to achieve the UX that it has. So, for example, the Bitkey app is really where the u the the user expresses their intent of what they want to do.
And the device, because it doesn't have a screen, it can it can authent authenticate who the user is. It can say, right. We could based on the fingerprint, we can tell that the user is actually the user, but it can't do anything about trying to verify what is the user's intent. And in the same way, the server can't really I mean, it's a server. It can't really verify what the user's intent is. You can do certain things like set up spending limits which require the hardware device or not, but that's the kind of, you know, limitations, if you will, of that particular set setup. Now if you have a more traditional, say, two of three, you are going to not only have the software wallet, for example, Sparrow, where you construct the transaction, but then you're then gonna have two hardware devices with screens where you're gonna be able to verify what it is that you're actually doing. So on a number of different levels there, you've got more verification going on, and that's the kind of more secure setup for anyone that's listening to this with the Bitkey that you might wanna consider in future. As I say, my desire would be that the the great UX that the Bitkey has built is part of that more enhanced setup, and I don't have to kind of leave that environment behind.
[00:42:01] Steve Lee:
So that this is a good so this is a good part of the discussion because this is where we or where I got stuck in our our previous text based conversation. I agree with you that there's gonna be, you know, peep people are gonna start their self custody journey with Vicky and then at some point wanna graduate to a more sophisticated setup that is more more secure. And that could be some future road map that key you know, that key just gets more and more secure and and or or offers a new product line or whatever. That's one option. But let's let's talk about an option where they upgrade to, a different hard hardware device or set of hardware devices or to to Sparrow.
Where I get hung up on is if they if that person upgrades to Sparrow, they would at least with today's the way the product works today, they'd lose all the recovery UX that is currently built in to to Bitkey. So they'd really just be completely switching from the Bitkey experience they had to another experience, for example, Sparrow. And and they can do that today because they can just, you know, they can just move move their funds from their Viki wallet to a a new wallet they create with Sparrow. So help me understand, a world where they they retain the Bitkey experience, but it gets enhanced because now they're driving it through, in Sparrow. And I think this I mean, this question applies whether you're talking about Electrum or any other kind of, like, software front end experience, but we'll use Sparrow as an example since since that's what you work on.
[00:43:53] Craig Raw:
Sure. So, you know, I think we're at the sort of more hand wavy part of the discussion here because, obviously, I don't quite know exactly, what can be done and what what can't. But let's let's say, as a hypothetical, we have a Frost based multisig where we have this kind of, MPC like situation, and then the Bitkey ecosystem was one of the the the keys in that. Right? So it wasn't trying to break up the Bitkey and say, well, use the device on its own. It was taking that entire ecosystem and saying, here's a really, great UX experience, which has got these recovery pods built into it, and it's forming part of this Frost setup, which has then got these other devices in it. Right? And let's say we had some other device, you know, called, you know, the we we already have a bit bit box, but say, like, the the bit bit lock, which was similar to a bit key and also had these recovery parts built into it. You could see how we could then have a multisig where no one was ever having to deal with seeds or make seed backups. You could then have recovery parts of all of these different devices, and you would then be able to transfer that Bitkey experience into that. Now, I don't know whether that could be done, but I it's definitely an interesting area, I think, to explore.
[00:45:13] Steve Lee:
Yeah. I I think to retain because there is there's a lot of complexity in the recovery software that's hidden from the user, but the complexity was from, you know, the big Vicky software development team had to to build it out. A lot of it's on Vicky servers. So it seems to me, like, for it to be opened up to to, like, a Sparrow, either, Vicky product would have to evolve into well, it it's a service that is available to other software front ends, or those recovery paths would need to be turned into a standard protocol so that it's not bit keep proprietary.
And it's not just their product and business. But and anyone else could also implement the the services using that protocol. And then the sparrows of the world could and and other wallets could support that protocol and also not become dependent on one company and one and one service. So I think either either of those are either either of those are possible. The the latter one is that's a pretty extraordinary effort. It it would need like, I think the ecosystem would need to come to a conclusion. Like, yes, Vicky did create a revolutionary recovery UX and design.
The whole or, like, big parts of the ecosystem need to adopt that. It's clearly the way to go. And then we'd get more movement on, like, oh, there should be a protocol for this. We can't depend on on just one company, or one service. That that's a future I'd love to see. I think we're we're not there yet. I mean, at least a few of us think it's a pretty pretty special UX and would like to see broader interest in adoption, but I don't think we're we're there yet. But but is that is that sort of what you I mean, Craig, you said it's sort of hand wavy, but is that is that the the waving the hands in the right direction? What what I just said?
[00:47:15] Craig Raw:
Not not not really. I mean, I just wanna as a very simple kind of example, let's say that the the Bitkey app had a QR scanner in it. It was able to scan a PSPT from Sparrow, which was a Frost kind of, setup. And then it was able to kind of combine behind the scenes its various keys into the single frost key and then use that to then sign the frost based multisig. So it's sort of a multisig of a multisig, if that makes any sense. Now in that sense, the recovery methods that are built into the Bitkey can remain what they are, and the Bitlock, this kind of imaginary company that I'm making up, can have their own recovery methods, and they then form the second key of this kind of, more, I guess, you could say, the sort of multisig of multisig.
Again, I'm I'm sort of saying this in a hand wavy way. I'm not sure exactly how possible this is, but given that Schnorr gives us the addition of keys and all of these different properties, I would think that it is. So what I would like to see is actually people coming to market with different approaches, and that obviously leads to robustness. We all know that a multi vendor, multi sig is the best that we have in the market at this time. Right? If you want the most secure setup, that's the best you can do. So imagine what we had if we had these different companies bringing these products to market with different recovery methods, all of which, by the way, have their own failure mechanisms built into them. They always do. So if we had different recovery methods built in, we could then protect the multisig as a whole because we would then have different ways of being able to or at least more defense against a certain kind of attack. Right? You would then have to attack this thing in multiple different different ways. So that's kind of what I'm thinking towards is kind of leveraging the properties of Schnorr to be able to give us this kind of, this way of kind of adding things together and adding security on top of what we already have.
[00:49:25] Steve Lee:
I see. I let let me I I think I understand, your perspective now. So for example, okay. So today, Vicky has three keys. There's one on the device, one on the phone, one on Vicky's server. The a future version could the the the key that is on the phone, it instead of just being a single sig key, it could be, a composition like you're saying. It could be itself a two of three, which I could use Sparrow to manage that two of three because those other three keys could be I could have those on, like, cold card, ledger, Trezor. Sparrow combines it, and then, that would that would be one one of the three keys in in the big key system, but it it does it does harden it because it makes it way harder to compromise that mobile key.
[00:50:15] ODELL:
No. I think what he's saying is the two of three that is bit key could in effect be one key in, like, a three of five. Okay. So, like, you have the Bitkey stack as a signer, and then you maybe have a cold card as a signer, and then you have a seed signer as a signer. And then so that's a overwhelming overarching two of three, but the bit key portion of that is itself a two of three. So you don't have to deal with seeds on the bit key side. Craig, that's kind of what you're saying. Right?
[00:50:45] Craig Raw:
Yep. That's that's it. Yeah. So that that kind of gives you a way of being able to say, right, I'm used to this Bitkey. I've been using it for many years, but I'm getting nervous about the amounts that's all in in in it. I wanna upgrade to the next level, but I don't really wanna leave the Bitkey behind. How can I do that? And this is one way I can imagine that you might be able to do it in future.
[00:51:07] Steve Lee:
Okay. Thank you for clearing that. And I'm glad we're doing the show instead of signal because that what you're proposing is actually the simplest out of all these scenarios I was thinking in my head. So I think that's I think that's pretty interesting. I'll, I'll definitely bring this back to the Big E team and maybe some of them will will listen to this show too. But I I think that's, I think that's pretty compelling.
[00:51:29] ODELL:
I, awesome. I mean, I think my biggest concern is the lack of screen and specifically verifying, received transactions, deposit addresses. And, yes, this has been mostly a hypothetical concern. We haven't really seen this type of attack in the wild. We haven't even seen, like, Coinbase deposit addresses, for instance, be replaced man in the middle, and there's no way to verify those. The the single easiest way would be to have a or not the single easiest way. The way to do it right now without any hardware change would be some kind of watch only capability in Sparrow. I heard you mention that, but it'd be nice if someone could just have their full wallet on Sparrow in a watch only way, and they could verify receive addresses there before they send to the mobile app.
I don't think that's possible right now. I know there is it is possible?
[00:52:28] Craig Raw:
It is. Yes. So right now, the Bitkey app, you can export the output descriptor of your wallet, and you can put it into Sparrow. There's a little issue around the derivation parts, but, you know, you just have to turn off derivation validation in Sparrow in the general settings. But beyond that, you can it's very easy. You just copy and paste that little that string, all of those numbers. That is, you put that into where the output descriptor goes or you put it into a file and you just import that into Sparrow, and your Bitkey wallet will appear there. Now you obviously can't sign. So it is just a watch on only at that point, but you certainly can use it to get the receive address to verify things. So that's a very helpful way. And then that's kind of what actually kicked this whole thing off was kind of for the first time, I said to myself, wow. It's really interesting.
The Bitkey, ecosystem is taking part in the broader kind of open Bitcoin coins sort of ecosystem that we're all in.
[00:53:28] Steve Lee:
But real quick, I still don't see how that protects a user on transaction verification because because you can you can use Sparrow and see, here's an address. Oh, and then, okay, that's what I'm wanting to send to. And then even on the mobile app, it can show you that, but then it maliciously sends a different address to Vicky design.
[00:53:49] ODELL:
No. No. No. This is for receives. This is for deposits. It does not help in the sender side. Okay. And it doesn't help if the Bitkey cap Bitkey app is already compromised when you press the export button. But, presumably, you do it originally. You do it in the beginning. You're not compromised. If for some reason it it differentiates in some time in the future, then you would know. So it's still not a perfect situation. I mean, I do think, eventually, Bitkey will launch, you know, a hardware with a screen, and user will be able to buy it and just go through the app and switch to the hardware with the screen. Like, that should be relatively easy UX to implement. And I have a feeling there's demand there for it, and it'll probably happen, which kind of mitigates that concern to degree.
I mean, I would flip it just a little bit here, and I'm curious on Craig's opinion. You know, Craig, I love Spire Wallet. I use it every day. I rely on it. It's an amazing piece of software. I don't know where I'd be without it, But it has gotten bloated is the wrong word, but it has gotten more feature rich over time, which is awesome from a power user perspective. But do you have any desire to have, like, a simple button or something, so that when, like, I onboard a user, I can just have them press easy mode?
[00:55:18] Craig Raw:
Yeah. I mean, it's a really interesting, you know, question. And what I what I've tried to do in building it and, you know, the I guess we can decide on how successful I've been is to try and and make, sort of a scheme of progressive revealment. So, for example, you know, you can have more than one account, but the actual accounts tabs don't show until you have a second account. That's a really simple kind of exam some sample on it. I think, you know, I think that there's room in this world for many different wallets. I don't think Sparrow needs to be the only wallet, and it shouldn't be the only wallet. I think it tends to be the one that people, end up at. It's kind of the Bitcoin as wallet, but, you know, it is quite a lot for a new user.
And for some people, it might be too much. And then there will no doubt be other wallets. And we've got some great content at tenders. We've got the the nunchucks and the Bitcoin keepers of of the world who are coming in to kind of fill that that space. So, you know, that that's that's kind of the beauty of the open Bitcoin ecosystem, right, is that you can use these different wallets and you can use these different devices to suit the particular needs, whether they're the educational needs, whether they're the security needs, whether they're the privacy needs of different users. And I think, you know, for me, I need to try and understand very clearly who is my user audience and try and develop for them and not try and be everything to everyone. So in answer to your question, I mean, yes, I could try and build a simple user mode, and it would be similar in some ways to building a mobile app, which is in very many ways because of the constrained screen real estate, a simple mode, if you will. But you lose so so much, of course, if you do that. Right? Now, you know, people will inevitably say, well, I just need x. You know? Can I just have have x? And then you're kind of back to where you began. So it's a tricky one for me. I think the reality is, you have to to to kinda choose. And, I mean, Steve, I I'm sure you have some good views on this as well. But you you have to choose, who do you serve, and you have to be truthful to that choice. You can't try and be everything to everyone.
I think that that's quite an important thing. So those are my kind of broad views on it, and I'm I'm kind of happy with that choice. I I don't have a particular desire to to try and make this the kind of Uber app. I kind of just want to focus, more and more on just trying to serve the particular segment of the market that Sparrow was originally designed for.
[00:58:02] Steve Lee:
Yeah. I agree with that last last point. And and it and also, I mean, the audio even though I'm I I you often might hear me shilling Vicky, I my position is not like, oh, all other solutions suck. They should go away. Vicky is for for everyone. It's more just like there's already a lot of solutions that are catering to an audience of people who are, willing to put the time into being a self sovereign and and trust minimizing as possible, and Sparrow is, like, a great choice for that. There was but there's a huge gap in omission for, people who just simply don't have the time or patience or ability to to handle private key material directly. So, I just think it, like, complements the rest of the the ecosystem. And and and that's why I think this conversation is interesting because, yeah, again, a lot of people who start with the key, they might get to a point where they would want to to have a more sophisticated setup where they're doing something like Craig suggesting, where Vicky they keep using Vicky, but it just becomes one one of end keys in a Spero setup. And I got I'm glad I understand what you were trying to suggest there because I I I do find that, like, a pretty pretty attractive upgrade path for for people.
I I also want I just looked at some of the audience engagement. People some people were saying that Vicky has Frost, but Vicky just to be clear, Vicky does not currently have Frost. There is definitely hope and desire to add Frost to Vicky. And even at the the early days of Vicky development, there was, a hope to to just make it frost out of the gate and not even support legacy script, only support frost. And that would have been really nice. But, unfortunately, there was not strong, ecosystem adoption of Beck 32 m. And and what, you know, what does that mean? Well, that that that meant, like, Binance and Coinbase customers couldn't send their coins to any wallet that was, Taproot only or or, you know, based on Frost. So a decision was made to to not, not support it, but in the future, hopefully, we do. And then we get all kinds of amazing benefits, including recovery scenarios that don't require, an on chain transaction, which right now maybe cost a dollar, but, you know, we've seen periods of time where that's $50. And in the future, it might consistently be $50. So being able to utilize Frost to recover without having that additional expense would be enormous, and it would enable things like Craig's suggesting as well.
[01:00:50] ODELL:
The other piece here is okay. So let's walk through just the scenarios real quick. I'm using Bitkey, and I have I have it on mobile as well. And I have my cloud backup, and there's the server key. If I lose my Bitkey or my Bitkey goes to the wash or something, the recovery path for that is I reach out to Bitkey support, and they send me a new Bitkey. Is that correct?
[01:01:23] Steve Lee:
From the so just to be quick, you so that you lost your, hardware device? Your Bitkey? Broke. Yeah. Or broke or whatever. Yeah. It's not working or I lost it. So you from the mobile app, you trigger, like, a a recovery scenario, and there's I think it's a seven day delay and notify period. So you'd need to go buy a new hardware device and also wait, I think, at seven seven days for the recovery to fully take place. And in that seven day window, you're being notified through different communication channels that this recovery process is underway. And the reason why that's important is because if you think about it I mean, there's you have to think about any recovery scenario as in you're the legitimate customer and owner of those coins or you're an attacker and a thief.
So, what you don't want to have happen is if an attacker, like, SIM swaps you or somehow
[01:02:21] ODELL:
takes over your They get your phone. Phone account. Right? And they're trying to restore a BitKeeper. And then they then they trigger recovery,
[01:02:28] Steve Lee:
say that they lost their device. You don't want them getting the coins. So if it in the attacker scenario, you've got this window of time in which the legitimate customer is getting notified, and they can cancel that recovery process. So that's how it works if you lose your hardware device. If you lose your like, if you delete the app on your phone or lose your phone, then it's a much simpler recovery process. Mean mean or it's, like, immediate because you can just use your hardware device to authenticate yourself as the legitimate
[01:03:00] Craig Raw:
Wait. Wait. We'll just
[01:03:02] ODELL:
so we wait let's just go through the hardware piece. So because this is the one piece I haven't test. I've tested I've tested, the model where you're not using the server key to break glass model. If you lose your phone, you're just doing it in I like, an iCloud recovery or or a Google Drive recovery. But if you lose the device, you lose the device, seven day delay notify, then after seven days, you have a new device. Yeah. You just go through the steps in the app and what you're, like, tapping and initializing it. Is that how it works? Or
[01:03:38] Steve Lee:
Yeah. After the seven days. And then it's you you know, it has to sweep your wallet, so it,
[01:03:43] ODELL:
it creates a new a new two of three wallet. It's technically creating a new wallet and sending all the funds to the new wallet.
[01:03:50] Steve Lee:
Yep. But the users wouldn't really realize that. Correct. But well, except for they'd be they'd pay on on chain fees to do that. But that's why, you know so in the future, hopefully, Frost is supported and then then that happens without that on chain transact on chain transaction.
[01:04:07] Craig Raw:
Yeah. So so so the the the risk with that model, which is actually pointed out in the recovery, doc, that, has been put out. But the the risk in that model is if you don't have access to the communication channels that, you know, notify you. Let's say an attacker has stolen your phone. It's your only means of accessing SMS and email, then they just have to get through those seven days. And, obviously, they won't then cancel or they will cancel whatever whatever it is, but they will then have the ability to kind of, subvert that process, that delay lock. So that's kind of the the the risk there. I think it's worth being aware of. And that's kind of one of the things where, you know, as a new Bitkey user, you kind of you get the device, you get the app, and it's just super easy. But as your as your stack grows, you're gonna want to start thinking about these these things, and that's where the complexities of these different recovery mechanisms start to come in. Right? So you never really escape it. Right? You never really get away from it as you have to protect more. You're gonna eventually always gonna have to consider what are the different attack models, what is my threat model here, who am I trying to protect against, and what happens if x x happens. Right? That's kind of the the the kind of downside, if you will, that we all have to deal deal with. So, you know, on the one hand, seeds, and seed backups are painful because they happen at the right at the start. Right? The worst possible time when you have a new Bitcoin user, you're throwing all of the stuff at them, and they just you know, this is crazy. I've never seen anything like this in my life. And it really turns turns turns them off. But the downside of of kind of, of taking that away is that later on, people need to, start figuring out a more complex kind of thing. On the one hand, we have these 12 words. On the other hand, we have all of these different attack models and people saying, well, what happens if I don't have access to my messages? What happens if I don't have access to my email? What devices do I have access on those things on? And it's actually quite a complex, set of considerations that you have at that point of view of time rather than just thinking, well, I've got a safe, and I've got my 12 words in a safe. Right? So there's there's real trade offs here, and I think it's I'm not trying to say in any way that the Bitkey team has not been open with them. As I say, they're in the dock. But it's important to realize that the complexities, just because you don't have to deal with them at the start, they're still there.
And you have to, take them into account if you have material amount of funds that you're trying to protect against various kinds of attacks.
[01:06:55] Steve Lee:
Yep. I I totally agree. In my own opinion, that's that seven day window, I think the default should be a month, and user configurable, to to it it still doesn't, like, eliminate the threat you just mentioned, Craig. But, certainly, if it's if it's a month, you have a lot more grace period if you're, like, out in the jungle for for a week trip or or if someone if if if you're someone who doesn't have a laptop, you know, your only device is the phone, and your phone gets compromised, like, you get SIM swapped, and you can't, like, get out of that mess within a week, that that is gonna be a very stressful period of time. If you have a month or or or longer, you have a lot more time to get your phone because you might not be receiving these messages if your only device has been compromised.
So so But a SIM swap
[01:07:46] ODELL:
a a SIM swap here wouldn't compromise you. They they would have to actually have your phone. They would have to take your phone or compromise your phone directly.
[01:07:58] Steve Lee:
What? They they
[01:08:01] ODELL:
because, like, a swim a SIM swap doesn't give someone access to your iCloud, for instance.
[01:08:06] Steve Lee:
Yeah. Yeah. They would also have to attack your
[01:08:09] ODELL:
account. Otherwise, all the celebrities' naked photos would be everywhere. Yeah. So I guess, like, it is it is protected from a SIM swap. I would just say, just real quick here, while we're talking it through all these things out loud. For the average user, I kind of agree, like, is seven you're you're picking a number out of a hat about a trade off balance in terms of how long the delay in notify is. But keep in mind that during that seven day period, while a user has lost their Bitkey or their Bitkey broke, there was a user on X. I don't know if it was verified or not. I know they're talking to the Bitkey team and that funds weren't lost, but that said like the fingerprint reader stopped working. Right. And they couldn't, they couldn't access their funds. So they have to wait through that seven day period or thirty day period if it gets increased. Ideally, it's user configurable. But my point is is during that period, what is actually happening is they're panicking like crazy.
Right? They're like, if they're not in an attack scenario and they've just lost their Bitkey or it stopped working, they're panicking because they don't have access to their Bitcoin for however long that delay period is. So it's not like a perfect increasing it is not necessarily a perfect solution because then they're panicking for twenty nine days or whatever.
[01:09:23] Steve Lee:
Yep. That's a good point.
[01:09:25] ODELL:
Ideally, it's user configurable. But so then the other piece is the Bitkey server goes down or block goes out of business, which is unlikely, but let's say that happens. And there is the break glass mode where where you take effectively a cloud backup, and you take an Android device and you install an APK. Right? So you install an application of the Bitkey application, a backup Bitkey application. Then you scan the QR code, and then you tap with your device to spend. A lot of people might not have, like, an extra Android phone lying around, or they might not have an Android phone, period. It'd be nice if that break glass mode just worked with Sparrow. Like, if they could just use their Bitkey device, use the cloud backup in Sparrow, and just be able to recover their funds. I think that would be a a good situation, but it works as I've tested it. Like, it works.
It's just, like, a little bit I mean, some even people that own Android phones, maybe they've never used an APK before. I know this audience has, But probably most people have onboarded to Bitkey. Like, if they have to go through that process, it's me walking them through that process and then panicking during it.
[01:10:41] Steve Lee:
Right. But, I mean, a few things are the first, hopefully, that is a rare occurrence. Right? I mean, the company going bankrupt or the or the government, like, shutting down the big key server, it it's certainly important to handle that scenario because it is it is possible. But it's not like a it's it's not a recurring thing or it's and it's unlikely each year you go by. So so I I just say that because if it's a little bit onerous to do the emergency access kit, Like Yeah. You know, it's, you know, it's not that big a deal. Having said that, it's completely reasonable to suggest that, like, you know, improving that experience and to be able to use Sparrow.
The trade off there, it wouldn't be that hard. There would need to be a key export capability added. And if if that's the the whole, like, to to have seed phrases or not to have seed phrases, it's those are two options. You but there's another option too, which is deferred deferred seed phrase or deferred private key access. And deferred meaning it you only get it once you break break glass. You you only do it in this emergency scenario. It's not a regular so it doesn't hurt you during onboarding. It doesn't add complexity when you're a new user getting used to it. It doesn't give you a foot gun when you're using the product. But when you get in this emergency scenario where you wanna exit, then you do get, get the keys, and then you could import them to to Sparrow or another wallet. So I think that's that's certainly a reasonable consideration for the future.
[01:12:19] ODELL:
I, the other piece I know I'm kinda jumping around here, but we have you we have you both. Another piece that I think would be kinda interesting is so, like, when I said when I onboard someone to cold card, I don't tell them, like, go straight to multisig. Right? Like, I I think multisig is incredibly empowering. I use it personally, you know, individually and across my organizations. It's a fucking superpower. It's awesome. But it is it adds complexity. So I tell them go single sig. But what I tell them to do is have two hardware devices initialized on the same wallet. Right? And what does that do? That does if they they set up a cold card, for instance, they write down their backup words, then they take a second cold card, they restore their backup words to it. It does two things. It it makes it so they know their backup is correct.
And the second thing it does is it gives them a fully initialized second secure device that they can keep somewhere else. So if the first device dies, they're good. This whole delay notify thing, I think that panic could be mitigated a bit if users could just buy a second bit key and have it already initialized. So they can keep the second bit key in their office, for instance, or something and the other one at their home. And if something happens to the one in their home, instead of waiting thirty days then you can increase the delay and notify too. Because instead of waiting thirty days, they can just take the second device, and use that. That's like a fully initialized copy of the original device. I think that would be a very graceful way of handling the the the loss of device.
[01:13:58] Steve Lee:
Yeah. I I agree with that as well. And but but bear in mind so we've already come up with, like, five or six great ideas for Bitkey. There's, like, at least a a 10 x multiple of, like, ideas and road map and features and priorities on that team. So it's gonna take time, which is why I'm I I'm a huge proponent of, like, I'd love to see other teams, other products, other wallets, going after a similar design and architecture as Big Key just so we get more, you know, more teams, more people, more experiments, building on this type of architecture.
[01:14:40] Craig Raw:
Alright. Well, I just want to go go with that, Steven. It's it's it's it's great that, as you mentioned earlier, you are working in really the heart of where a lot of these companies are because, you know, I think what we kind of would really like to see is some of the the kind of companies that have a lot of experience in UX design, kind of have a lot of resources in that, can approach it from that point of view and come up with different ideas, that are not that are, you know, similar to the Bitkey, but different. Right? Different kind of trade offs that we have. So that's, I think, would be very positive to see, and I think we will see it. I think we are absolutely going to see, and hopefully quite soon, other entrance into this space, because there's a lot of design space here, and different ideas and different things that can work, as we've just come up with a variety of different ideas.
And I I think, you know, it's it's it's just to go back to an earlier point, having, you know, ideas like having two bit keys, that's really the power where you see the power of an open ecosystem. Right? The fact that, you know, even if, MBK didn't consider that the cold card would be used in that way, people have started using it in that way. Right? And that's kind of what you want. Right? You want people to take your product and to use it in ways that you didn't imagine it because it has these kind of abilities. And that which really gives legs to the thing is is is that kind of, flexibility that you build in.
[01:16:24] ODELL:
Awesome. I mean, I think this has been a very productive conversation. I will say on the new entrance point of view, I'm pretty optimistic on what the guys behind the Cove Wallet are building, with the idea being there, like, a mobile alternative to Sparrow that has less power user features and is just simpler to use. So, hopefully, we see more things happening in throughout the design space. I mean, there's kind of been a little bit of stagnation until Bitkey came out and kinda flipped the script a bit. So
[01:17:03] Steve Lee:
Do you wanna Yeah. We have, like, 15
[01:17:05] ODELL:
left. Did did you wanna talk vaults or not? Yeah. I mean, you you seem like a a supporter. Why don't you make the pitch for why we should care? Are you thinking I'm a supporter? I Are you not?
[01:17:17] Steve Lee:
I well, I'll I'll I'll tell you what I think, and then I'm I'm super curious what both of you guys what you what you guys think. I so, well, first of all, for for folks in the audience who don't know what a vault is, there there have been vaults from custodians for a a while. Like, Coinbase had the notion of a vault, you know, for at least eight years. And, it kinda like this delay and notify period that we just talked about. Like, let's say I have my Bitcoin at Coinbase. I put it in the vault. If I wanna withdraw it, I have to wait forty eight hours or some period of time until it actually gets withdrawn. And during that window of time, I'm receiving notifications through different communication mechanisms saying, hey. This is happening. And that protects me against someone hacking into my Coinbase account and and doing a a withdrawal that that I didn't intend for. So this features, and I think River just sent out something similar. So custodians have done this for a while, but the conversation happening with Bitcoin developers right now is vaults at the protocol level.
Be so that it's not done at the application level like a Coinbase is doing it, but instead of the protocol level. So it's independent of any company or service provider. And so you could have, like, you could be using Sparrow and have a a three of five multisig setup, but you could set it up so that you, you can't immediately if you try to withdraw or spend money out of that wallet, there's a waiting period. You could be receiving notifications. And if you, interject, it it'll cancel the withdrawal, and it would go and and and if and if, if you do that, it goes to this secondary wallet, the vault.
So on the surface, it's super attractive. It just adds another layer of security, and that's definitely a big benefit. I was a huge fan of this concept maybe six, seven years ago. I'm a little I I'm open to the conversation still, but I'm I I see a lot of drawbacks that would need to be addressed now. So let me just enumerate those, and then I got I wanna hear what your your guys' view on this is. But, I worry about complexity being added. So it's already hard enough to have one wallet and manage the the keys for that one wallet. Here, you'd need to manage two sets two wallets. And whatever the key configurations are for those two wallets, that's one complexity. Another drawback is that you do to spend your coins, you do have this, delay. So if you actually wanna spend your coins, you're having to wait for that delay. Depending on your use case, though, that if you're truly, like, like, it's your life savings and you you don't, you know, you you don't intend to spend it for a long time, that that might not be that big a deal.
And then the third drawback is that you need some kind of monitoring service to monitor the blockchain, the mempool, in order to alert you of an attack. And you either need to then host your own monitoring service yourself, so it adds a huge, you know, UX burden and operational DevOps operational burden on the user, or you're, you know, paying a third party to do that for you. So I I think that Vault advocates, maybe aren't discussing those downsides, as much as they should. But, yeah, I mean, I I remain, I mean, the the reason why it's coming up now is, like, people who are advocates for consensus changes around covenants will sometimes cite vaults as, like, a a leading use case for why we wanna change the consensus rules of Bitcoin. And then it gets into a debate about, like, how practical they are, how much adoption we'd see of vaults. And so that's the current conversation, but I'm curious what you guys what your views on vaults are.
Will will they be adopted? Do they really advance security a lot or not?
[01:21:41] ODELL:
Craig?
[01:21:43] Craig Raw:
So, Steve, I think you've done a great job at summarizing, you know, the the pros and cons of vaults. I think, you know, there's there's only one way to know, and that's to actually use them. Right? I I think, everything in Bitcoin serves at this at the pleasure of store value. In other words, that is the number one use case for Bitcoin in the world, like it or not, and Volt's very much caters towards that use use case. So it is by default interesting regardless of the various drawbacks, and I think the drawbacks you mentioned are absolutely valid. So, you know, right now, we have people complaining, prominent Bitcoin is saying that multisig is too complex, that it's too difficult, that it's too, how can I say this, too difficult to change in a way should you need to rotate keys or whatever?
All of those things have solutions somewhere in the future, perhaps, but, ultimately, Volts is, adding to the complexity, in the way that you've said. So instead of having, you know, a single kind of set of keys, you now have two sets of keys. Why? Because you need to be able to have an escape path should this bolt withdrawal go wrong. Right? Should there be an attack? What is the escape path? This kind of safe safe path, if you will. And that's, I think something which is underappreciated because it's difficult enough if you think about c backup. Right? If you are gonna go around and then have, sort of different geographic locations where you have seed backups, that's quite a difficult thing to set up in and of itself. Right? You now need to have these actual safe places which are distinct from each other. Now if you are going to multiply, you know, and I say this in a loose sense, you're gonna multiply that complexity by two, you might get to a point where people just say, you know, that's that's just way too much. I already had to try and find three different locations to store my seeds. Now I'm gonna have to find another a fourth or a fifth. Right? And that's that that just starts to sound like way too much for most people. So, you know, are Vaults likely to take off and become the kind of everyday Bitcoinist tool? I don't think so. I I I I doubt that would happen. At least it wouldn't happen for many years.
However, I do think that, as I said, store value is the key. And if we if if Bitcoin is, as Matt says, designed to pump forever, then we are going to end up in a place where we're gonna have to store huge amounts of value. And in that sense, we're gonna need every tool that we can get our hands on, and Volts is a great tool. So it's very hard to argue against it from that point of point of point of view. I personally think Volts would absolutely get use. I think there's an absolutely valid use use case, and I think probably the strongest use use case in my view for all of this, covenants type stuff. I know there are many other use use cases, and people will say, well, you know, we need to scale the UTXO model and all of these kind of things, and, certainly, those things are valid. But if you're talking about the needs today, I suspect that the actual use case of covenants in bolts would be the number one for some time, just because that's what people need today. They don't need to necessarily scale the UTXO set today.
So that's kind of my my broad views on it.
[01:25:28] ODELL:
Well, so the way I look at it is is from a use case perspective. So in the short term, what would the use cases be? I I tend to agree with you that people that are practicing self custody probably won't want to add the additional complexity of of having another wallet that they have to secure, their backup wallet. I think you could have interesting scenarios where, you have, like, a keyless setup. Right? So you have a setup. Let's you know, we'll use Unchained as an example. Unchained right now defaults to two of three. You could have a scenario where the user holds none of their keys, but they can use vaults to have this backup and go to the backup wallet.
There could be a scenario there, where they're actually only securing one seed, but that seed is only used in emergencies. Otherwise, they're they're they're holding custodial. There could be something there. I know there's a lot of high net worths that just don't want to be holding their own keys, but maybe they would hold one emergency key. The second piece is, just like amateur custodians in general protecting themselves. So, like, Cashew is something I'm very excited about. And if you're running a Cashew Mint, you basically have a large honeypot hot wallet that you're constantly operating.
Those people that are running mints are already pretty technically proficient. They might take advantage of Vaults, to make sure that they don't get rugged, that they don't accidentally rug their users by getting rugged themselves and getting compromised themselves. All that said, I don't really think there's that much demand for it except for, like, a small subset of Bitcoin x. And the environment for Softworks right now is probably the worst environment we've seen in a long time in terms of trying to find consensus for something. There really needs to be an overwhelming, you know, momentum or desire or motivation to to do something. And I just don't think it's really there for vaults, but maybe I'm wrong.
[01:27:42] Steve Lee:
Yep. The the one thing I the cost of scenario, you know or sorry. Not the cost. The Cashew scenario, like, if you're running ecashment. And this extends to exchanges too who might wanna use this for their hot wallet cold storage setup, but you you need a pretty sophisticated scenario of knowing, because it because you have this time delay in spending your coins, you can't lock up, like, the entire cashew mint or else it would just freeze the whole system. People wouldn't be able to to make make transfers. So you'd have to somehow figure out based on historical data what percentage of your, total mint needs to be liquid, you know, within, you know, within a day or two days or whatever and, and only lock up some of it in in a vault.
[01:28:39] ODELL:
Yeah. Yeah. That's a good point. So it's, like, not even practical that practical for that anyway. It would help a little bit. You'd need a elaborate design
[01:28:49] Steve Lee:
to do that as well. Yeah. And I
[01:28:53] Craig Raw:
probably a DevOps team. I think that, you know, something that is that is true, not just of Vaults, but, of of Bitcoin self custody in general is that you want to have always, if if you're holding on to any significant amount, you do want to have different wallets which have different levels of security. And, you know, the vault, in this case, would obviously be the maximum level, and then you would want to have sort of a spending wallet or a a sort of a lukewarm wallet, if you will, which was a much lower security wallet. And I think that that's true true today. Right? If you have your cold storage and you've kind of progressed to the most secure setup, you'll have a multisig, which might be in in different signers in different geographic locations. Obviously, that's gonna be a real pain if you ever have to spend. So you then have a spend spending wallet. And I think that that's that kind of model, is gonna become the model of the future future. I think Bolt fits quite well into that. You know, we don't know what the adoption is until we have it or if we ever have it.
But, you know, I I do think that there is going to be some demand for that kind of ultra secure level. And then, as I say, having sort of much, you know, sort of a single SIG cold card or some kind of lower levels, which then augment that.
[01:30:26] ODELL:
Yeah. That makes sense to me. It's like you can think of it kind of like a hot cold setup in, for exchanges. People have I mean, I think most people have that in practice, and they don't even really realize. Right? It's like you have your spending wallet. You have your your cold storage. Maybe that's all people have. Maybe people don't really spend Bitcoin. Maybe that's only, like, a dozen of us. But, yeah, vaults could play a role there. I just do you guys think there's actually demand? Like, do you realistically think this is, you know, what the community rallies around in terms of a soft work?
[01:31:07] Steve Lee:
No. I I I think I think we'll probably get covenant someday, and vaults is one application. Some people will use it early on. And ten years from now, a lot of the complexities and and drawbacks that we're mentioning can be smoothed over. They'll just be libraries built out and tools built out, making it way easier for the future cashew mint operators to to to do that where they're not having to build all this themselves. I think that can happen over a ten year period of time. I just don't think it's like a super strong motivator to, like, change the consensus rules of Bitcoin on its own.
I think it's like a secondary benefit we get if we get covenants.
[01:31:51] Craig Raw:
Yeah. And I I think it's it's it's worth saying in case everyone anyone out there is kind of looking at, the kind of talk online is that opfolds, which is the particular proposal we are probably referring to, at least the leading one, is is is not even really being proposed in any serious way at this time. It's mostly op CTV and op, checks it from stack. So, you know, it's it's, it's certainly not, in our immediate future. I think, it it just I think it it is it is at least true that some people would use it, and it would probably get more use over time as the value that Bitcoin as an ecosystem needs to store goes up.
[01:32:43] ODELL:
Awesome. Guys, this has been a pleasure. I've enjoyed the conversation. I think it's been very productive. Based on the live chat, it seems like people have found it helpful. I think it's just important to be very transparent and open and honest with with Bitcoin trade offs and tool trade offs. And the ultimate dream here, I think, is for users to have many different options and for users to choose the options that best suit them, and have agency in that decision, have an educated decision to be able to make that make very important decisions for their for their family's livelihood.
We've gone an hour and a half. I think it'd be great to wrap with some final thoughts. Steve, final thoughts.
[01:33:31] Steve Lee:
I don't know. Let can Craig start? Sorry. I have my Final thoughts. Ready.
[01:33:37] Craig Raw:
Yeah. Look. I I guess I'm just gonna go back to, my sort of early comments. I think one of the the biggest strengths that Bitcoin has, and it doesn't get talked about a great great deal, because it's it's kind of assumed, I guess, is that we have these these, really great standards, which were these kind of very small, short documents that were written, back in the day. I'm talking about documents like BIP 32 and BIP 44. And they're kind of these little building blocks, which don't have they're not like reams of text. They're actually quite simple. They're relatively easy for a developer to read and build on. And what they have led to is this great open ecosystem where we have all of these different vendors, and developers coming and building on this original core. Right? So we've kind of taken things from a kind of a single key, single address setup all the way to these kind of geographically multi vendor, multi segs.
And that's a long distance, and we've done that in a way that maintains, the kind of, openness and the kind of, accessibility for anyone to take take part. I think that that's a feature of Bitcoin which is really precious. That's one which I value hugely in terms of my own use of Bitcoin. I love the ability that I can move move around and do various things. So those standards are very important to me. I would encourage anyone building in the space or even just using it to always consider standards based, products and products that are built on stand stand standards. It's a really important part because it leads to the kind of world and the kind of ecosystem that we have today. So that's kind of my my message, is always think about standards and try to lean towards them because it's gonna lead to more optionality in the future.
[01:35:39] ODELL:
Love it. Thanks, Craig. Steve, final thoughts.
[01:35:43] Steve Lee:
Yeah. Well, I appreciate Craig, bringing this up. And instinctively, I'm I'm all about standards as well. I was just hitting a roadblock and seeing how it works out here, but now I understand. So thanks for that conversation. My I guess my final thought, I I'm excited about private key management because, I mean, it's future. It's really hard it's really hard to do. But if we look at the past ten years, look how far we've come. And if you just listen to our conversation now, and we just scratch the surface on, like, improvements to Bitkey or Sparrow or just the space in general, adding vaults, etcetera.
Think about the next it's gonna take time. It's a lot of still a lot of work ahead of us, but we know what these things are. These this isn't like we have to invent new things. We we can name a hundred things over the next ten years that are going to happen. People are gonna build it, and the solutions are gonna become much easier to use and be more secure. So I think that I find that super exciting.
[01:36:42] ODELL:
Yeah. I think it's easy to get lost in the weeds and get disenfranchised, but, the kids kids these days have it so easy. You know? It it used to it used to be it used to be a lot more difficult, and a lot scarier and a lot people used to lose Bitcoin all the time. It it used to be a very common occurrence. You would just see on Reddit Bitcoin talk. I got compromised, and we've come a long, long way as an industry. I wanna I wanna thank Craig and Steve for joining us. I wanna thank them for being on team Bitcoin and and building in the space. Your guys' contributions are greatly appreciated.
I plan to have you guys on, I'm sure, on dispatch many, many times in the future. I wanna thank the freaks for joining us, supporting the show. As always, sale dispatch is, has no ads. It is completely supported by our audience. So thank you all for donating your hard earned Bitcoin to the show. It means a lot. It's it's it's pretty crazy how much support is out there. So thank you guys. And as always, you can find Cielo Dispatch in your favorite podcast app by search just searching Cielo Dispatch, any podcast app. If you use Fountain Podcasts, you can leave a comment, feedback, questions, things you wanna see from the show.
I read all of them. So thank you for your support. Consider sharing with friends and family. Thank you, Steve. Thank you, Craig. Until next time. Appreciate you both.
[01:38:08] Steve Lee:
Peace. See you, guys. Bye bye.
Wanted to point out to to show the power of a space like this is what we've seen around the world in this kind of emerging way for people to live in Bitcoin and spend in Bitcoin at at scale, and it's all because of spaces. So there's a space in Costa Rica called Bitcoin Jungle. There's a space on the African continent that's rooted a little more ephemerally, but it's the African Bitcoin Conference. And then there's a space that, our friend, Nifty over here has created called BTC plus plus, and it kinda moves around the world. But all three of these spaces brought people together who then figured out how to bridge Bitcoin with local fiat currency. So in Kenya and in Brazil and in Costa Rica, you can live in Bitcoin, and you can just walk up to anybody and pay them in in through the Lightning Network, which is acting as like a little bit of, like, you know, connective tissue between you living in Freedom Money and the merchant.
The merchant just gets the local currency. So in Costa Rica, it's like a mobile app, mobile money, SIMP. They just they get the Costa Rican currency. In Kenya, it's the same thing. They get m pesa. And in in Brazil now, because of some of the developers who worked on a hackathon last week or something like that, you can get the Brazilian currency, but you can live in Bitcoin. And I'm starting to see this happen at scale. And this happened with as as with as with, what is it? Is it Azteco? Azteco? So Azteco is super dominant in South Africa. So people in South Africa do the same thing. They can live in Bitcoin and they can spend it in any store in the country. So you're starting to see it possible for people to actually live in Bitcoin at scale. You know, hundreds of millions of people can have access to this stuff. And it's all because of spaces. And I think that this space is gonna be important not just to spread awareness here in the Bay Area, but also to be a brother or sister organization to all the other spaces and to connect. One of the one of the ones that we helped start, is in India. India is a very important country for a million reasons, but it's one of the countries that I think in the next fifty years is gonna play one of the biggest roles in Bitcoin because of the public interest in gold and the public skepticism of of digital payments.
And people in India who we were connected with applied to us to create, basically, a Presidio Bitcoin, but in India. And they did it, and they have it now, and they run it now. So there's so many cool things that you all can do when you link space to space to space.
[00:02:55] ODELL:
Happy Bitcoin Tuesday, freaks. It's your host, Odell, here for another Citadel Dispatch, the interactive live show focused on actual Bitcoin and Freedom Tech discussion. It has been a month since our last dispatch. Many of you may have listened to it with the one and only Jack Dorsey. Sorry to keep you guys waiting for another rip, but we have a great conversation lined up. I got another great two conversations lined up over the next few weeks. Hopefully, I'll add more to that. Who do I have? I have April 2. I have Nifty joining us. We'll be talking about BTC plus plus and OpenSats.
That's April 2 at two thousand UTC. And on April 11, I have Dan Gould joining us to talk about pay join. That will be at seventeen hundred UTC. As always, you can find all the information on the show at SILdispatch.com, all the relevant links. I recently ran the numbers, and SIL dispatch right now is we've recorded over three hundred and forty three hours of dispatch, which is insane. Rabbit hole recaps is at five hundred and forty seven hours. So that's over nine hundred hours of me on a podcast, which is either a great accomplishment or a questionable decision on my use of time.
But thank you all for joining me for much of that. I appreciate it. And, if you appreciate the show, that's what keeps me going. Anyway, guys, that intro clip was Presidio Bitcoin. The Presidio Bitcoin launch is a new physical space in San Francisco. I have a lot of experience with running physical space in Bitcoin Park in Nashville. It's, quite an undertaking, but it's well worth it. We recently actually just launched in Austin as well, Bitcoin Park Austin merging the two communities. I have Steve Lee here who is in that clip. He's one of the guys in charge of Presidio Bitcoin and helping making that a reality. And I have Craig Raw here of Sparrow Wallet. Obviously, Steve is a many time guest here and is is also lead at Spiral Blocks Bitcoin initiative.
Steve, how's it going?
[00:05:26] Steve Lee:
Great. How are you doing?
[00:05:28] ODELL:
I'm doing great. Craig, how's it going? You good over there?
[00:05:32] Craig Raw:
It's great. Yeah. Good to be back back on the pod. Final boss.
[00:05:37] ODELL:
Final boss. I I mean, I think a great place to start here and, obviously, yeah, a great place to start here is is Presidio Bitcoin. Steve, congratulations on the launch. What does it feel like over there?
[00:05:52] Steve Lee:
Thank you. Fantastic, actually. It's, I drank it up there as one of the top sort of product market fit thing projects I've worked on in my my career. Like, Google Master Mobile is is one of them. Proceeding Bitcoin has just been magical from the start. We've been having about 15 people work out of it since November as we build it out, and then we just launched it a few weeks ago. But, everyone who who is working out of it, everyone who visits seems to have a really good experience. Our retention of people working out of it is high, which which was a a known or a challenge going into it just because people get so used to working from home and they don't like to commute.
So even though we have a a nice space here, just getting people off their butts to get in the into the office was an unknown, but that's been really successful. And it's a great event space too. We've had two of the best bit devs in San Francisco since, like, the 2018 era, 50 plus people showing up. We got Greg Maxwell to come. So, that that I I consider that a coup. Yeah. It's going really well. And we have a a recording studio, and I'm even deciding to be a podcaster now. So there you go. Are you are you at Presidio right now? Yeah. I'm in the recording studio, but just using my I love it. Amateur setup. But Yeah. I mean, you had a who's who at the Presidio launch. I mean, that clip,
[00:07:26] ODELL:
to the people on audio, you were listening to Alex Gladstein speak. He was sitting next to David Marcus and Jack Dorsey, and, Steve was the was the moderator of that panel. But by far, the most impressive attendee was was g Max, having Greg Maxwell there. I I think a bunch of us were, that that was the one that hit us.
[00:07:48] Steve Lee:
G Max and Andrew Polstra. So I I I I highly doubt there's ever been a a small group meeting or, you know, event like that that has Michael Sailor, Jack Dorsey, David Marcus, Greg Maxwell, Andrew Polstra all in the same same room. And, like, rock star dev was there, and it it it was a real And there was, like, what? Like, 60 people. Right?
[00:08:05] ODELL:
Yep. About seventy seventy people. We we had about a %. The per the per capita concentration of of talent there was pretty insane.
[00:08:16] Steve Lee:
Yeah. And, one thing we're given our location in San Francisco Bay Area, 1 of the aims for this space is to, really do a lot of outreach and engagement with Silicon Valley and big tech. I feel like that Silicon Valley and big tech, that world and the Bitcoin world are just often, not seeing I die with each other. So, I come from the big tech world, but I'm a hardcore Bitcoiner. So, hopefully hopefully, this space can can help bridge that gap. I think I think, it's a it's a bridge worth worth, gapping. So
[00:08:54] ODELL:
I love it. Freaks, I, the Nostr stream is is is down. I guess Kieran of ZapStream is under attack, some sort of attack. Someone wiped his, all of his discs. He lost everything. Now he's under DDoS. We are streaming to YouTube. The YouTube live chat will be streamed into the broadcast. So if you wanna participate, participate via YouTube. I think I talked to a million about it. I think we're gonna have to release a Primal Video Streaming client. So that's your tease for the day. We'll keep it open and interoperable, and but and I love Kieran, but I think we're just gonna have to do that.
So we'll make that happen, and, hopefully, it'll become the best place, to stream video. Yes. And we have everything in the live chat. It is also streamed to x because I am not a purist, despite many, beliefs otherwise. Craig, I don't think you have any community spaces out by you. It seems like if you watch the news, you guys are fucked over there. How how are you thinking about, I mean, I think your location is public, but I also don't don't wanna say it out loud. Do you have any opinion on living within a strong community?
[00:10:29] Craig Raw:
Yeah. Look. I mean, I'm lucky enough to live in a a small village, and it it really does help, from many points of view. You have a community. You have you're able to have better security, because you can fund it in a private way. You don't have to rely on the state quite as much. But, you know, I think that that's true for anywhere that you live. Certainly, it helps that I live in a far corner of the world in many ways. I don't have to worry about certain things, but as everyone sees on the news, there are certain events or certain, a certain way of life that is under threat here.
And, yeah, I mean, it's been going on for a long time. The news just happens to capture the current state of the nation, if you will. But, you know, we all have been observing, you know, what has been going on for quite a long time, many years now.
[00:11:33] ODELL:
Is I mean, is it is it legit, like, just a straight up race war over there right now?
[00:11:38] Craig Raw:
Look. I mean, South Africa obviously has a very complex racial history, and it's very hard to say anything about that without anything simple about that. It is unfortunate that we have, you know, this such extreme racial tension in our past because it leads to a lot of racial tension in our current present. And, you know, you can understand it while at the same time understanding why it's not helpful. So it's quite difficult to resolve. And, unfortunately, many people think that the state is the the body that must resolve this, that must bring equality or what have you.
I don't agree with that view myself, but, unfortunately, that is the dominant view, and it results in a lot of very, racially biased laws here, which results in a great deal more tension. And so it leads on. You know? How do we get past that? I think we have to build a society which is ultimately meritocratic, which is ultimately based on good education, rather than trying to push people forward based on their skin color or some something else. So, you know, that's that's the goal, and the question that people don't agree on is how to get there.
[00:13:06] ODELL:
Well, well said. Just, I think you already know this, but if there's anything I can do or the global Bitcoin community, just shout. You got a lot of support out here. And, if you ever wanna seek refugee status in America, we can, like, work out some kind of visa situation. You could be like my personal Bitcoin infrastructure provider or something. We'll we'll make it work. Somehow, we're in the halls of government over here. So, we might even we might even be able to get you a preemptive pardon or something like that if we need to. You just, like like, a get out of jail free card forever.
[00:13:43] Steve Lee:
The city of Bitcoin is on federal land, so maybe that we can work a deal. Is it really? Yeah.
[00:13:49] ODELL:
So how does that work? Are you paying Elon rent?
[00:13:55] Steve Lee:
There's there's, like, a the landlord had leased this space for fifty years or some, like, super long period of time. Oh, wow. But it is it's like the Presidio Trust is the overall steward of the Presidio.
[00:14:10] ODELL:
That's fascinating. I mean, I knew pres the Presidio was federal, but I figured you guys were just, like, you could see it from your window or something. I didn't realize you were actually on the land. That's pretty cool. Interesting.
[00:14:21] Steve Lee:
Like, Luke Lucas films, like, Star Wars stuff is here on federal land. The statue of Yoda. Yeah.
[00:14:31] ODELL:
So, guys, I mean, I think our first topic should be, Bitkey. That's how we all connected, relatively recently, and then we decided to rip a dispatch for the benefit of everyone else because I think there's a lot of good conversation here. Why don't we start with, Steve. Why don't you explain what the big key is, why it exists, what what the goals of, of the project are?
[00:14:59] Steve Lee:
Sure. I'll just give my caveat that I I don't I don't work on the team. So I speak for myself, not for the team.
[00:15:07] ODELL:
And that, yeah. So I'll just speak freely. So I'll, Well, just before you continue, I just wanna say that I recently got to meet a bunch of the team in person, in Jackson Hole. So I I can speak for the team, but continue.
[00:15:23] Steve Lee:
So this will be my my own opinion. I I I work closely with them and and give feedback, but you can kinda think of me as, like, just a Bitcoiner like you guys, who is an advocate for the the the goals and aims of the Vicky product. So what what's, what's sort of unique about Vicky? I think what excites me most is just the, making it much simpler for people to self custody. The UX, I think, is I would call it revolutionary, dramatically better, for for pry managing private keys. And that's because, it it fundamentally, because the customer, the user doesn't have to directly handle private key material. So which a a lot of products, have seed phrases, and and with with Viki, you don't have to to handle that. It's also novel because it's a two or three multisig out of the box, and, I believe it's the only product really like that.
Every other multisig is either do it yourself, like, you can use Sparrow and then use different hardware manufacturers and create your own multisig, or you're using, you know, like, a cost or unchained type of a service. But even then, you're you're somewhat I mean, they they assist dramatically, but it's still it's still you're putting the pieces together. So that's that's novel. It's a it's a mobile app. It doesn't use a desktop, application, and it's NFT based. So there's a the onboarding experience is can literally be done in, like, forty seconds. If if it's your if it's your first time, maybe it takes you five minutes just because you, you know, you deliberately beat every screen, but it's a really easy onboarding experience. And it, it I'd say it optimizes, reducing foot guns, reducing, user error for key loss, which I think is underappreciated in the space, and most other products do worse at that. Having said that, there's definitely many areas of security that can still be improved at Bitkey, And privacy, there's a lot of improvements that could be improved with the key. So I think the good news there is that a lot of that stuff in the road map can be done without sacrificing the UX. So, hopefully, it's just a matter of time.
And I also hope that, this design is copied and improved upon in the industry. That that that's my hope, that it's not just a one company's product kinda thing, but, you know, I said it's I think it's revolutionary. If it's revolutionary, that means others others will copy it and make it even better.
[00:18:11] ODELL:
Awesome. Yeah. I mean, the way I talk about Bitkey is, Bitkey is, fundamentally, massive innovate innovation in terms of Bitcoin self custody and holding holding Bitcoin in a self custody way relatively securely with with very little friction and and very little possibility of, messing it up. Vicky is the first time that I can, for instance, give my my dad just give my dad a device or give a nontechnical friend a device, have them go through the steps with the mobile app and set it up, and they don't have to ask me any questions. They don't have to watch a tutorial video. They don't have to read any guides. In two years, they won't just absolutely freak out after they haven't touched it for years, and the price is way higher and and not know how to access their Bitcoin.
So it it it definitely reduces the burden of me as someone trying to onboard someone. And I am in in this interesting position in this conversation, I think, because me personally, you know, the trade off balance doesn't really make sense for me. I I personally use Sparrow plus hardware signers, and I I particularly like Coldcard the best. But at the same time, I've recommended Bikki to many different people. And so I actually have a Bikki right here, unopened, in the box because I have a bunch of those that I just, like, hand out to people, and it's a fucking amazing product. Now with all that said, there are some trade offs in terms of trust.
There are some trade offs in terms of interoperability. I'm curious, Craig, where how do you how do you think about the Bitkey?
[00:20:11] Craig Raw:
So first of all, I I just wanna, concur with both you and Steve in saying, you know, it really is an innovation. And when it comes to self custody, I really can't have enough praise for innovations in that space. My goal, with Sparrow is to promote self custody and being self sovereign over your funds. And anybody working in that space and pushing out products and doing new things deserves commendation in my view. So let that stand as a point on its own. I think, you know, I think it's it's important for me to present some alternative points of view here.
The the the thing about the Bitkey is that it is, by design, a closed system. So if you are using the Bit Bitkey, you are contained within that space, and it's a comfortable space. It's great UX. But if you were to want to evolve your self custody journey and, Matt, you mentioned using Sparrow with hardware signers, which is a more, secure in many ways, setup, then you have to leave the Bitkey ecosystem behind. And that's somewhat unfortunate. I think it's maybe an inevitable consequence, and this is, I think, what we were talking about is is that a requirement of the Bitkey ecosystem? Is that a requirement of the design choices that went into it, Or can somebody take their stack, which they put on into the Bitkey and evolve from there?
Can they take that on into a more evolved setup in future? And I think that that's an interesting challenge for the Bitkey team to consider because there's a lot to be thought about when you're doing doing that. So, you know, one thing that we know is that closed so systems tend to fare better to sorry, fare worse over the long term than open ones simply because the universe is, tends towards entropy. And open systems and people working on open systems and coming up with different ideas handle that truth about the universe better. Right? We have people adapting to things and developing things for different situations.
And that's why you end up with, this plethora of hardware devices that we have today, all these different wallets that can interact with them, and really a very rich ecosystem in which a Bitcoiner can choose the particular setup that matches their use use case. Now I will say that none of those use cases are as easy to use in a two of three multisig as the VitKey. So, you know, I'm not trying to say that it's all better. But what I am saying is that the trade off that you get for that great UX is moving from an oak a sort of open ecosystem to a closed one or at least a more closed closed one. And that's quite a serious trade off that you make.
The question really is, is that trade off a requirement? Is that or can that ever be done in a way which allows the Bitkey to also benefit from the kind of open ecosystem ethos that we have in other areas?
[00:23:31] Steve Lee:
Yeah. I think this this tees up the conversation we were having over signal that we we're we're both like or all three of us are like, hey. Let's let's just do it live. It'll be easier to talk about. I think, Greg, you provided good context there. So I'd love to talk about different hypothetical scenarios, and then we can talk about pro you know, the benefits of of those. So, I mean, let's let's start with Bitkey today. As you said, Craig, it's it's a closed system in the sense that you can't use other hardware devices with Bitkey like you can with Sparrow.
You also can't use Sparrow with Bitkey, or, you know, another another reason we started chatting is, like, using Sparrow as a watch only wallet for for Bitkey, and Craig actually found a a a bug or a I don't know if you'd call it a bug, but the area of improvement with the derivation path for for Vicky. So thanks for finding that. I think the teams acknowledges that and is gonna fix it. But I think even with that, problem, I I think you can still set up a a Sparrow to watch only for wallet for for for Vicky. But still, there's not like it's pretty closed in that respect. Just so everyone's aware, though, the the code for Vicky is published source.
Although we can get we can go and get into that rabbit hole as well. It's not as, you know, we can have a reproducible build and things like that, and it's it's not perfect in that respect. But, again, there's a road map to get there, and a desire to get there. But, let's go through a hypothetical scenario of, using other hardware devices with Bitkey. I personally think that could make sense. One of the criticisms of the current Bitkey hardware device is that there's no display, and it's pretty much, like, written in stone within Bitcoin culture that you need the display on your hardware device to verify a transaction.
And, there's you know, it's not not arguable that there's benefits to to doing that. And the the Viki hardware device doesn't have that. So maybe a future Viki hardware device does have that. It's already been published. What can be done with the current Viki product is that you can have a a I mean, I think the team called it server as a screen, but you can send a transaction verification message to a a user over SMS or email, or they can view it on a in a web browser on another device, to verify a transaction. We can get into that rabbit hole as well if you want. But, you know, another solution would be like, hey. The Bitkey ecosystem and and, like, services and software can work with Trezor's, cold cards, ledgers as well.
And I personally think that's a that's a solid direction. I think that does add value for users. You could imagine instead of having your keys, on your mobile phone and your Vicky device, you could have one on Vicky device and one on a cold card instead of on your on your phone. And I think that that would definitely improve security. I don't think you sacrifice user experience that much. It would be there'd be a little bit more steps and complications there because it's not fully vertically integrated, but it wouldn't be that bad, and it it would be a more secure system than the current Viki. Or you can imagine a direction going, like, a different multisig setup than two of three. You could have three of five and and have more. It's certainly one advantage of using, like, Sparrow with in a three of five is that you can use different vendors for your hardware devices, and that reduces supply chain attack that that vector of of, security risk.
So that that kind of openness for Vicky in the future does make sense to me. What what was making less sense to me when we were chatting about this is integration with Sparrow. And I'm definitely not I love Sparrow. I'm not a hater of Sparrow at all. Go ahead, Matt. Did you have a question? Let's just pull let's just pull it back real quick.
[00:27:50] ODELL:
To those that are not aware, the current Bitkey setup is the Bitkey device holds a key, your mobile phone holds a key, and block server holds a key. The Bitkey device does not have a screen on it, but my understanding of the setup is that the Bitkey server is also verifying stuff so that if your mobile the the concern is if your mobile phone gets compromised. Your mobile phone is showing you an incorrect receive address or if your mobile phone is actually constructing a transaction that is sending somewhere else. That that is not where you think it's going. And these two scenarios, usually, on, like, a cold card, for instance, you would verify it on on the screen of the secure device itself.
Vicky doesn't have a a screen in that situation. But that setup is what also makes it incredibly user friendly to use, where the user is simply interacting with just a mobile app. They're getting reasonable security guarantees, and all it takes for them to send a transaction is to scan their fingerprint and tap this really solid built device on the back of their phone. Okay. I think that that was important context. Now, I mean, Craig, what is what is your perspective here? Let's
[00:29:09] Craig Raw:
let's put it back together. Steve, you know, everything you've just said sounds really great. You know, I think we are in actual broad agreement here. I don't think given what you said, you know, it's if you actually consider the Bitkey device, and I have one in my hand here, you know, it's it's certainly, on its own, makes up for a poorer hardware wallet than most other hardware wallets you can buy because it doesn't have the screen. It wasn't designed in that way. So I think from the perspective of kind of making it a standalone hardware signer, it doesn't make a great deal of sense.
From the perspective of should the mobile key, the the key stored on the mobile app, be exposed so that you can, you know, construct your own two of three in Sparrow and kind of move outside the Bitkey ecosystem, obviously, you're then asking the user to deal with private key material, and there's a lot of risks with that. And I completely understand the decision of the Bitkey team not to do do that. So that that makes sense. So I think we're in broad agreement in terms of of, you know, does it make sense for to take the current Bitkey system and expose the different parts, split split them up, and kind of just transpose them into an a sort of open Bitcoin ecosystem. I think that kind of really, undermines the original intention and the design choices that you made.
Now that doesn't preclude, as you said, the ability to work in future to take that that really great UX that Bitkey has and to bring it into, the Bitcoin kind of open ecosystem and allow it to, interact with other hardware signers. So that's that's a future that I I'm really interested in and would like to explore more because, that I think, you know, really adds a great deal. Not that the Bitkey is not adding already, but it really adds a great deal to the space that we're in.
[00:31:18] Steve Lee:
And and maybe, for a little bit more context for the audience who hasn't used Bitkey, the one thing that makes the UX so great, and it sounds like the three of us agree that the UX is great, is recovery. So, there's just there's it it really minimizes the chances that a customer is going to lose their Bitcoin on their own. So if we're assuming no. You know, you're not being attacked by the government or North Korea or whatever, but you just, you know, it I I think a lot of people hesitate to self custody because they are afraid they're going to mess up. They don't spend hundreds of hours like the three of us and maybe a lot of people in the audience studying OPSEC and all the all these different, systems. So, if you lose your phone, you can easily recover. If you lose your device, you can easily recover. If you lose your phone and your device, incredibly, you can recover. And and the audience might wonder how because that's two of the three keys.
Well, the key on the mobile phone is is encrypted and backed up in either iCloud or Google Cloud, and it can be recovered. And and it's all these recovery services are done while block only retains one key. So there's no no recovery scenario where block has two keys and could confiscate the the the Bitcoin. So the that that recovery UX, if that can be brought to, you know, other hardware devices as well, being part of that recovery service, I think that would be a benefit to to the ecosystem and and and users.
[00:32:57] ODELL:
I mean, I like the idea of going through scenarios here, like practical scenarios, and and discussing how Vicky currently handles it versus how it could be improved. You mentioned here, like, North Korea, the NSA. So we have a concept that is it's called threat modeling. Right? It's like, who is in your threat model? Who are you trying to protect yourself from? I would actually probably go I I Bitkey is probably North Korea proof. Like, I mean, there was a recent case with Bybit getting hacked by North Korea. Like, they probably would have been better off using Bitcoin in a Bitkey than whatever their Ethereum multisig setup was. And we could go down that rabbit hole. But, the biggest, you know, concern in this threat model is probably, like, an NSA type actor, a US based government actor, because things are you're you're downloading an an iPhone app.
So Apple would need to be compromised. You're using you're using cloud services, whether that's Google or Apple. So, like, in a threat modeling scenario, that's probably the biggest risk, or block trying to be outwardly malicious, which I would, like, kind of group into that same kind of NSA type threat model. So for most people, NSA is not in their threat model. Big US company tech companies are not in their threat model of colluding with each other like a block and an apple colluding with each other. But what is in their threat model is them losing losing Bitcoin.
So what let me let me go through a scenario that I've seen. I have have friends that that have ledger wallets, and they're using ledger and single sig. They're not using it with Sparo Wallet. They're using it with Ledger's mobile app. They're not spending Bitcoin. They're simply saving Bitcoin, and they keep just sending to their same receive address. Maybe they have auto withdrawals enabled and they're just, they're reusing addresses. They're definitely not using coin join, and they're not even creating new addresses and they're just sending it to their ledger wallet. And now ledger has seed backups, which I think we should talk about the fact that Bitkey doesn't have seed backups.
So they're supposed to set up, you know, their 12 or 24 backup phrase word when they first set up their Ledger. Now there's two issues here. The first issue is they record it correctly, but they don't keep those seed words safe and someone gets access to them and they steal their money. The second issue is they lose their seed words or they write them down incorrectly. And Ledger, for instance, doesn't give you any way of checking what those seed words are. So in four years, five years, your Bitcoin's worth 10 x, 20 x, 30 x. There's no way for you to verify that you actually wrote down those seed words correctly, without reinitializing a whole new Ledger Wallet. That's just an issue with Ledgers. This is the most common hardware wallet in the market, the Ledgers.
The second thing is if you forget your PIN on a ledger, you have three tries. And no one thinks they forgot their PIN on the first try. So they put in the PIN the first time, they get it wrong, and then they have two more tries. They usually go, oh, I'm I'm good. I remember my PIN. They put it in again. They get it wrong. They have one more try. If they get it wrong at that point, their ledger wipes. At that point is usually when I get the panicked call. Them freaking freaking the hell out. They can't find their seed phrase. They have one more PIN entry. Bitkey fixes that.
That whole scenario can't can't happen on a Bitkey. And and to me, that's why it's a fundamental improvement. Now at the same time, I me personally, I like seeds. Like, I think seeds are an amazing invention. I think it's amazing that I can have a seed from a cold card and then just put it into Sparrow Wallet. And, like, I don't even need a cold card to restore it, which is crazy. That's, like, fundamentally incredibly empowering. But I don't know, like, I don't know if you can have both. Like, I don't know if you can have both in the same device. I don't know if that makes sense or not. But anyway, I'm kinda rambling, but, like, that's how I think about it. Like, I don't know if, like, do we want the Bitkey do we want the Bitkey to do everything, or should it just be like, that's what I I'm I'm curious in Craig's opinion here because I think I know Steve's opinion. But I'm curious in Craig's opinion. Like, do we want the Bitkey to have power user features and, like, advanced options and all this other stuff at the detriment of, you know, people foot gunning themselves?
Or or is does it make sense to have, like, a very user friendly wallet that's, like, a stepping stone outside of custodial? They these people are probably using Coinbase or using a Ledger Wallet or something. And then, hopefully, then they upgrade to, you know, a cold card or something or a multisig setup at at some point in the future.
[00:38:11] Craig Raw:
Yeah. So, you know, I think the the answer is, you know, no. We don't want we don't we don't want to detract from the great UX that Bitkey has built. We don't want to make that worse just because we've always done things in a different way in the past. I think where, you know, where it's it's interesting to explore future direction, though, is let's say that somebody has started off with the Hot Wallet, moved to the Bitkey, started to stuck set, started to really understand Bitcoin better, started to put more and more into it until it becomes a substantial part of their life savings.
You know? At some point, does it make sense for them to say, you know, I could be more secure than I am with this device. I should upgrade. And I think that that does make sense. I think there comes not necessarily for everyone, but there does come a point for many people where they'll they'll be, you know what? I hear that there are different ways of doing this. I'm gonna explore it, and they're just gonna go off and do that. Now what the unfortunate thing is they didn't have to leave the Bitkey ecosystem behind in in a com complete way. They can't they can't kind of take that device and that experience and that, familiarity that they have with it along with them. And that's a bit of a pity, really, because that's how people kind of move from single sync to multi sync, for example, is they're really familiar with one device, and they can kind of go on using the same interfaces, whether it's the hardware device interface or the soft software wallet. They can kind of go on using that, and they can take that familiarity onwards.
With the Bitkey, you can't. So that's that's one of the big trade offs. And for many people, just that will mean that they, either, a, won't do it, or if they do do it, they'll mess it up. Right? So there's kind of this learning, barrier that we have at this current point. You know, I think what we would ideally want is that the Bitkey learning experience and that comfortable environment that they've built can be used to evolve things to the next level. You know, if we if we look at what the Bitkey is, you know, it's it's it's it does make certain trade offs in order to achieve the UX that it has. So, for example, the Bitkey app is really where the u the the user expresses their intent of what they want to do.
And the device, because it doesn't have a screen, it can it can authent authenticate who the user is. It can say, right. We could based on the fingerprint, we can tell that the user is actually the user, but it can't do anything about trying to verify what is the user's intent. And in the same way, the server can't really I mean, it's a server. It can't really verify what the user's intent is. You can do certain things like set up spending limits which require the hardware device or not, but that's the kind of, you know, limitations, if you will, of that particular set setup. Now if you have a more traditional, say, two of three, you are going to not only have the software wallet, for example, Sparrow, where you construct the transaction, but then you're then gonna have two hardware devices with screens where you're gonna be able to verify what it is that you're actually doing. So on a number of different levels there, you've got more verification going on, and that's the kind of more secure setup for anyone that's listening to this with the Bitkey that you might wanna consider in future. As I say, my desire would be that the the great UX that the Bitkey has built is part of that more enhanced setup, and I don't have to kind of leave that environment behind.
[00:42:01] Steve Lee:
So that this is a good so this is a good part of the discussion because this is where we or where I got stuck in our our previous text based conversation. I agree with you that there's gonna be, you know, peep people are gonna start their self custody journey with Vicky and then at some point wanna graduate to a more sophisticated setup that is more more secure. And that could be some future road map that key you know, that key just gets more and more secure and and or or offers a new product line or whatever. That's one option. But let's let's talk about an option where they upgrade to, a different hard hardware device or set of hardware devices or to to Sparrow.
Where I get hung up on is if they if that person upgrades to Sparrow, they would at least with today's the way the product works today, they'd lose all the recovery UX that is currently built in to to Bitkey. So they'd really just be completely switching from the Bitkey experience they had to another experience, for example, Sparrow. And and they can do that today because they can just, you know, they can just move move their funds from their Viki wallet to a a new wallet they create with Sparrow. So help me understand, a world where they they retain the Bitkey experience, but it gets enhanced because now they're driving it through, in Sparrow. And I think this I mean, this question applies whether you're talking about Electrum or any other kind of, like, software front end experience, but we'll use Sparrow as an example since since that's what you work on.
[00:43:53] Craig Raw:
Sure. So, you know, I think we're at the sort of more hand wavy part of the discussion here because, obviously, I don't quite know exactly, what can be done and what what can't. But let's let's say, as a hypothetical, we have a Frost based multisig where we have this kind of, MPC like situation, and then the Bitkey ecosystem was one of the the the keys in that. Right? So it wasn't trying to break up the Bitkey and say, well, use the device on its own. It was taking that entire ecosystem and saying, here's a really, great UX experience, which has got these recovery pods built into it, and it's forming part of this Frost setup, which has then got these other devices in it. Right? And let's say we had some other device, you know, called, you know, the we we already have a bit bit box, but say, like, the the bit bit lock, which was similar to a bit key and also had these recovery parts built into it. You could see how we could then have a multisig where no one was ever having to deal with seeds or make seed backups. You could then have recovery parts of all of these different devices, and you would then be able to transfer that Bitkey experience into that. Now, I don't know whether that could be done, but I it's definitely an interesting area, I think, to explore.
[00:45:13] Steve Lee:
Yeah. I I think to retain because there is there's a lot of complexity in the recovery software that's hidden from the user, but the complexity was from, you know, the big Vicky software development team had to to build it out. A lot of it's on Vicky servers. So it seems to me, like, for it to be opened up to to, like, a Sparrow, either, Vicky product would have to evolve into well, it it's a service that is available to other software front ends, or those recovery paths would need to be turned into a standard protocol so that it's not bit keep proprietary.
And it's not just their product and business. But and anyone else could also implement the the services using that protocol. And then the sparrows of the world could and and other wallets could support that protocol and also not become dependent on one company and one and one service. So I think either either of those are either either of those are possible. The the latter one is that's a pretty extraordinary effort. It it would need like, I think the ecosystem would need to come to a conclusion. Like, yes, Vicky did create a revolutionary recovery UX and design.
The whole or, like, big parts of the ecosystem need to adopt that. It's clearly the way to go. And then we'd get more movement on, like, oh, there should be a protocol for this. We can't depend on on just one company, or one service. That that's a future I'd love to see. I think we're we're not there yet. I mean, at least a few of us think it's a pretty pretty special UX and would like to see broader interest in adoption, but I don't think we're we're there yet. But but is that is that sort of what you I mean, Craig, you said it's sort of hand wavy, but is that is that the the waving the hands in the right direction? What what I just said?
[00:47:15] Craig Raw:
Not not not really. I mean, I just wanna as a very simple kind of example, let's say that the the Bitkey app had a QR scanner in it. It was able to scan a PSPT from Sparrow, which was a Frost kind of, setup. And then it was able to kind of combine behind the scenes its various keys into the single frost key and then use that to then sign the frost based multisig. So it's sort of a multisig of a multisig, if that makes any sense. Now in that sense, the recovery methods that are built into the Bitkey can remain what they are, and the Bitlock, this kind of imaginary company that I'm making up, can have their own recovery methods, and they then form the second key of this kind of, more, I guess, you could say, the sort of multisig of multisig.
Again, I'm I'm sort of saying this in a hand wavy way. I'm not sure exactly how possible this is, but given that Schnorr gives us the addition of keys and all of these different properties, I would think that it is. So what I would like to see is actually people coming to market with different approaches, and that obviously leads to robustness. We all know that a multi vendor, multi sig is the best that we have in the market at this time. Right? If you want the most secure setup, that's the best you can do. So imagine what we had if we had these different companies bringing these products to market with different recovery methods, all of which, by the way, have their own failure mechanisms built into them. They always do. So if we had different recovery methods built in, we could then protect the multisig as a whole because we would then have different ways of being able to or at least more defense against a certain kind of attack. Right? You would then have to attack this thing in multiple different different ways. So that's kind of what I'm thinking towards is kind of leveraging the properties of Schnorr to be able to give us this kind of, this way of kind of adding things together and adding security on top of what we already have.
[00:49:25] Steve Lee:
I see. I let let me I I think I understand, your perspective now. So for example, okay. So today, Vicky has three keys. There's one on the device, one on the phone, one on Vicky's server. The a future version could the the the key that is on the phone, it instead of just being a single sig key, it could be, a composition like you're saying. It could be itself a two of three, which I could use Sparrow to manage that two of three because those other three keys could be I could have those on, like, cold card, ledger, Trezor. Sparrow combines it, and then, that would that would be one one of the three keys in in the big key system, but it it does it does harden it because it makes it way harder to compromise that mobile key.
[00:50:15] ODELL:
No. I think what he's saying is the two of three that is bit key could in effect be one key in, like, a three of five. Okay. So, like, you have the Bitkey stack as a signer, and then you maybe have a cold card as a signer, and then you have a seed signer as a signer. And then so that's a overwhelming overarching two of three, but the bit key portion of that is itself a two of three. So you don't have to deal with seeds on the bit key side. Craig, that's kind of what you're saying. Right?
[00:50:45] Craig Raw:
Yep. That's that's it. Yeah. So that that kind of gives you a way of being able to say, right, I'm used to this Bitkey. I've been using it for many years, but I'm getting nervous about the amounts that's all in in in it. I wanna upgrade to the next level, but I don't really wanna leave the Bitkey behind. How can I do that? And this is one way I can imagine that you might be able to do it in future.
[00:51:07] Steve Lee:
Okay. Thank you for clearing that. And I'm glad we're doing the show instead of signal because that what you're proposing is actually the simplest out of all these scenarios I was thinking in my head. So I think that's I think that's pretty interesting. I'll, I'll definitely bring this back to the Big E team and maybe some of them will will listen to this show too. But I I think that's, I think that's pretty compelling.
[00:51:29] ODELL:
I, awesome. I mean, I think my biggest concern is the lack of screen and specifically verifying, received transactions, deposit addresses. And, yes, this has been mostly a hypothetical concern. We haven't really seen this type of attack in the wild. We haven't even seen, like, Coinbase deposit addresses, for instance, be replaced man in the middle, and there's no way to verify those. The the single easiest way would be to have a or not the single easiest way. The way to do it right now without any hardware change would be some kind of watch only capability in Sparrow. I heard you mention that, but it'd be nice if someone could just have their full wallet on Sparrow in a watch only way, and they could verify receive addresses there before they send to the mobile app.
I don't think that's possible right now. I know there is it is possible?
[00:52:28] Craig Raw:
It is. Yes. So right now, the Bitkey app, you can export the output descriptor of your wallet, and you can put it into Sparrow. There's a little issue around the derivation parts, but, you know, you just have to turn off derivation validation in Sparrow in the general settings. But beyond that, you can it's very easy. You just copy and paste that little that string, all of those numbers. That is, you put that into where the output descriptor goes or you put it into a file and you just import that into Sparrow, and your Bitkey wallet will appear there. Now you obviously can't sign. So it is just a watch on only at that point, but you certainly can use it to get the receive address to verify things. So that's a very helpful way. And then that's kind of what actually kicked this whole thing off was kind of for the first time, I said to myself, wow. It's really interesting.
The Bitkey, ecosystem is taking part in the broader kind of open Bitcoin coins sort of ecosystem that we're all in.
[00:53:28] Steve Lee:
But real quick, I still don't see how that protects a user on transaction verification because because you can you can use Sparrow and see, here's an address. Oh, and then, okay, that's what I'm wanting to send to. And then even on the mobile app, it can show you that, but then it maliciously sends a different address to Vicky design.
[00:53:49] ODELL:
No. No. No. This is for receives. This is for deposits. It does not help in the sender side. Okay. And it doesn't help if the Bitkey cap Bitkey app is already compromised when you press the export button. But, presumably, you do it originally. You do it in the beginning. You're not compromised. If for some reason it it differentiates in some time in the future, then you would know. So it's still not a perfect situation. I mean, I do think, eventually, Bitkey will launch, you know, a hardware with a screen, and user will be able to buy it and just go through the app and switch to the hardware with the screen. Like, that should be relatively easy UX to implement. And I have a feeling there's demand there for it, and it'll probably happen, which kind of mitigates that concern to degree.
I mean, I would flip it just a little bit here, and I'm curious on Craig's opinion. You know, Craig, I love Spire Wallet. I use it every day. I rely on it. It's an amazing piece of software. I don't know where I'd be without it, But it has gotten bloated is the wrong word, but it has gotten more feature rich over time, which is awesome from a power user perspective. But do you have any desire to have, like, a simple button or something, so that when, like, I onboard a user, I can just have them press easy mode?
[00:55:18] Craig Raw:
Yeah. I mean, it's a really interesting, you know, question. And what I what I've tried to do in building it and, you know, the I guess we can decide on how successful I've been is to try and and make, sort of a scheme of progressive revealment. So, for example, you know, you can have more than one account, but the actual accounts tabs don't show until you have a second account. That's a really simple kind of exam some sample on it. I think, you know, I think that there's room in this world for many different wallets. I don't think Sparrow needs to be the only wallet, and it shouldn't be the only wallet. I think it tends to be the one that people, end up at. It's kind of the Bitcoin as wallet, but, you know, it is quite a lot for a new user.
And for some people, it might be too much. And then there will no doubt be other wallets. And we've got some great content at tenders. We've got the the nunchucks and the Bitcoin keepers of of the world who are coming in to kind of fill that that space. So, you know, that that's that's kind of the beauty of the open Bitcoin ecosystem, right, is that you can use these different wallets and you can use these different devices to suit the particular needs, whether they're the educational needs, whether they're the security needs, whether they're the privacy needs of different users. And I think, you know, for me, I need to try and understand very clearly who is my user audience and try and develop for them and not try and be everything to everyone. So in answer to your question, I mean, yes, I could try and build a simple user mode, and it would be similar in some ways to building a mobile app, which is in very many ways because of the constrained screen real estate, a simple mode, if you will. But you lose so so much, of course, if you do that. Right? Now, you know, people will inevitably say, well, I just need x. You know? Can I just have have x? And then you're kind of back to where you began. So it's a tricky one for me. I think the reality is, you have to to to kinda choose. And, I mean, Steve, I I'm sure you have some good views on this as well. But you you have to choose, who do you serve, and you have to be truthful to that choice. You can't try and be everything to everyone.
I think that that's quite an important thing. So those are my kind of broad views on it, and I'm I'm kind of happy with that choice. I I don't have a particular desire to to try and make this the kind of Uber app. I kind of just want to focus, more and more on just trying to serve the particular segment of the market that Sparrow was originally designed for.
[00:58:02] Steve Lee:
Yeah. I agree with that last last point. And and it and also, I mean, the audio even though I'm I I you often might hear me shilling Vicky, I my position is not like, oh, all other solutions suck. They should go away. Vicky is for for everyone. It's more just like there's already a lot of solutions that are catering to an audience of people who are, willing to put the time into being a self sovereign and and trust minimizing as possible, and Sparrow is, like, a great choice for that. There was but there's a huge gap in omission for, people who just simply don't have the time or patience or ability to to handle private key material directly. So, I just think it, like, complements the rest of the the ecosystem. And and and that's why I think this conversation is interesting because, yeah, again, a lot of people who start with the key, they might get to a point where they would want to to have a more sophisticated setup where they're doing something like Craig suggesting, where Vicky they keep using Vicky, but it just becomes one one of end keys in a Spero setup. And I got I'm glad I understand what you were trying to suggest there because I I I do find that, like, a pretty pretty attractive upgrade path for for people.
I I also want I just looked at some of the audience engagement. People some people were saying that Vicky has Frost, but Vicky just to be clear, Vicky does not currently have Frost. There is definitely hope and desire to add Frost to Vicky. And even at the the early days of Vicky development, there was, a hope to to just make it frost out of the gate and not even support legacy script, only support frost. And that would have been really nice. But, unfortunately, there was not strong, ecosystem adoption of Beck 32 m. And and what, you know, what does that mean? Well, that that that meant, like, Binance and Coinbase customers couldn't send their coins to any wallet that was, Taproot only or or, you know, based on Frost. So a decision was made to to not, not support it, but in the future, hopefully, we do. And then we get all kinds of amazing benefits, including recovery scenarios that don't require, an on chain transaction, which right now maybe cost a dollar, but, you know, we've seen periods of time where that's $50. And in the future, it might consistently be $50. So being able to utilize Frost to recover without having that additional expense would be enormous, and it would enable things like Craig's suggesting as well.
[01:00:50] ODELL:
The other piece here is okay. So let's walk through just the scenarios real quick. I'm using Bitkey, and I have I have it on mobile as well. And I have my cloud backup, and there's the server key. If I lose my Bitkey or my Bitkey goes to the wash or something, the recovery path for that is I reach out to Bitkey support, and they send me a new Bitkey. Is that correct?
[01:01:23] Steve Lee:
From the so just to be quick, you so that you lost your, hardware device? Your Bitkey? Broke. Yeah. Or broke or whatever. Yeah. It's not working or I lost it. So you from the mobile app, you trigger, like, a a recovery scenario, and there's I think it's a seven day delay and notify period. So you'd need to go buy a new hardware device and also wait, I think, at seven seven days for the recovery to fully take place. And in that seven day window, you're being notified through different communication channels that this recovery process is underway. And the reason why that's important is because if you think about it I mean, there's you have to think about any recovery scenario as in you're the legitimate customer and owner of those coins or you're an attacker and a thief.
So, what you don't want to have happen is if an attacker, like, SIM swaps you or somehow
[01:02:21] ODELL:
takes over your They get your phone. Phone account. Right? And they're trying to restore a BitKeeper. And then they then they trigger recovery,
[01:02:28] Steve Lee:
say that they lost their device. You don't want them getting the coins. So if it in the attacker scenario, you've got this window of time in which the legitimate customer is getting notified, and they can cancel that recovery process. So that's how it works if you lose your hardware device. If you lose your like, if you delete the app on your phone or lose your phone, then it's a much simpler recovery process. Mean mean or it's, like, immediate because you can just use your hardware device to authenticate yourself as the legitimate
[01:03:00] Craig Raw:
Wait. Wait. We'll just
[01:03:02] ODELL:
so we wait let's just go through the hardware piece. So because this is the one piece I haven't test. I've tested I've tested, the model where you're not using the server key to break glass model. If you lose your phone, you're just doing it in I like, an iCloud recovery or or a Google Drive recovery. But if you lose the device, you lose the device, seven day delay notify, then after seven days, you have a new device. Yeah. You just go through the steps in the app and what you're, like, tapping and initializing it. Is that how it works? Or
[01:03:38] Steve Lee:
Yeah. After the seven days. And then it's you you know, it has to sweep your wallet, so it,
[01:03:43] ODELL:
it creates a new a new two of three wallet. It's technically creating a new wallet and sending all the funds to the new wallet.
[01:03:50] Steve Lee:
Yep. But the users wouldn't really realize that. Correct. But well, except for they'd be they'd pay on on chain fees to do that. But that's why, you know so in the future, hopefully, Frost is supported and then then that happens without that on chain transact on chain transaction.
[01:04:07] Craig Raw:
Yeah. So so so the the the risk with that model, which is actually pointed out in the recovery, doc, that, has been put out. But the the risk in that model is if you don't have access to the communication channels that, you know, notify you. Let's say an attacker has stolen your phone. It's your only means of accessing SMS and email, then they just have to get through those seven days. And, obviously, they won't then cancel or they will cancel whatever whatever it is, but they will then have the ability to kind of, subvert that process, that delay lock. So that's kind of the the the risk there. I think it's worth being aware of. And that's kind of one of the things where, you know, as a new Bitkey user, you kind of you get the device, you get the app, and it's just super easy. But as your as your stack grows, you're gonna want to start thinking about these these things, and that's where the complexities of these different recovery mechanisms start to come in. Right? So you never really escape it. Right? You never really get away from it as you have to protect more. You're gonna eventually always gonna have to consider what are the different attack models, what is my threat model here, who am I trying to protect against, and what happens if x x happens. Right? That's kind of the the the kind of downside, if you will, that we all have to deal deal with. So, you know, on the one hand, seeds, and seed backups are painful because they happen at the right at the start. Right? The worst possible time when you have a new Bitcoin user, you're throwing all of the stuff at them, and they just you know, this is crazy. I've never seen anything like this in my life. And it really turns turns turns them off. But the downside of of kind of, of taking that away is that later on, people need to, start figuring out a more complex kind of thing. On the one hand, we have these 12 words. On the other hand, we have all of these different attack models and people saying, well, what happens if I don't have access to my messages? What happens if I don't have access to my email? What devices do I have access on those things on? And it's actually quite a complex, set of considerations that you have at that point of view of time rather than just thinking, well, I've got a safe, and I've got my 12 words in a safe. Right? So there's there's real trade offs here, and I think it's I'm not trying to say in any way that the Bitkey team has not been open with them. As I say, they're in the dock. But it's important to realize that the complexities, just because you don't have to deal with them at the start, they're still there.
And you have to, take them into account if you have material amount of funds that you're trying to protect against various kinds of attacks.
[01:06:55] Steve Lee:
Yep. I I totally agree. In my own opinion, that's that seven day window, I think the default should be a month, and user configurable, to to it it still doesn't, like, eliminate the threat you just mentioned, Craig. But, certainly, if it's if it's a month, you have a lot more grace period if you're, like, out in the jungle for for a week trip or or if someone if if if you're someone who doesn't have a laptop, you know, your only device is the phone, and your phone gets compromised, like, you get SIM swapped, and you can't, like, get out of that mess within a week, that that is gonna be a very stressful period of time. If you have a month or or or longer, you have a lot more time to get your phone because you might not be receiving these messages if your only device has been compromised.
So so But a SIM swap
[01:07:46] ODELL:
a a SIM swap here wouldn't compromise you. They they would have to actually have your phone. They would have to take your phone or compromise your phone directly.
[01:07:58] Steve Lee:
What? They they
[01:08:01] ODELL:
because, like, a swim a SIM swap doesn't give someone access to your iCloud, for instance.
[01:08:06] Steve Lee:
Yeah. Yeah. They would also have to attack your
[01:08:09] ODELL:
account. Otherwise, all the celebrities' naked photos would be everywhere. Yeah. So I guess, like, it is it is protected from a SIM swap. I would just say, just real quick here, while we're talking it through all these things out loud. For the average user, I kind of agree, like, is seven you're you're picking a number out of a hat about a trade off balance in terms of how long the delay in notify is. But keep in mind that during that seven day period, while a user has lost their Bitkey or their Bitkey broke, there was a user on X. I don't know if it was verified or not. I know they're talking to the Bitkey team and that funds weren't lost, but that said like the fingerprint reader stopped working. Right. And they couldn't, they couldn't access their funds. So they have to wait through that seven day period or thirty day period if it gets increased. Ideally, it's user configurable. But my point is is during that period, what is actually happening is they're panicking like crazy.
Right? They're like, if they're not in an attack scenario and they've just lost their Bitkey or it stopped working, they're panicking because they don't have access to their Bitcoin for however long that delay period is. So it's not like a perfect increasing it is not necessarily a perfect solution because then they're panicking for twenty nine days or whatever.
[01:09:23] Steve Lee:
Yep. That's a good point.
[01:09:25] ODELL:
Ideally, it's user configurable. But so then the other piece is the Bitkey server goes down or block goes out of business, which is unlikely, but let's say that happens. And there is the break glass mode where where you take effectively a cloud backup, and you take an Android device and you install an APK. Right? So you install an application of the Bitkey application, a backup Bitkey application. Then you scan the QR code, and then you tap with your device to spend. A lot of people might not have, like, an extra Android phone lying around, or they might not have an Android phone, period. It'd be nice if that break glass mode just worked with Sparrow. Like, if they could just use their Bitkey device, use the cloud backup in Sparrow, and just be able to recover their funds. I think that would be a a good situation, but it works as I've tested it. Like, it works.
It's just, like, a little bit I mean, some even people that own Android phones, maybe they've never used an APK before. I know this audience has, But probably most people have onboarded to Bitkey. Like, if they have to go through that process, it's me walking them through that process and then panicking during it.
[01:10:41] Steve Lee:
Right. But, I mean, a few things are the first, hopefully, that is a rare occurrence. Right? I mean, the company going bankrupt or the or the government, like, shutting down the big key server, it it's certainly important to handle that scenario because it is it is possible. But it's not like a it's it's not a recurring thing or it's and it's unlikely each year you go by. So so I I just say that because if it's a little bit onerous to do the emergency access kit, Like Yeah. You know, it's, you know, it's not that big a deal. Having said that, it's completely reasonable to suggest that, like, you know, improving that experience and to be able to use Sparrow.
The trade off there, it wouldn't be that hard. There would need to be a key export capability added. And if if that's the the whole, like, to to have seed phrases or not to have seed phrases, it's those are two options. You but there's another option too, which is deferred deferred seed phrase or deferred private key access. And deferred meaning it you only get it once you break break glass. You you only do it in this emergency scenario. It's not a regular so it doesn't hurt you during onboarding. It doesn't add complexity when you're a new user getting used to it. It doesn't give you a foot gun when you're using the product. But when you get in this emergency scenario where you wanna exit, then you do get, get the keys, and then you could import them to to Sparrow or another wallet. So I think that's that's certainly a reasonable consideration for the future.
[01:12:19] ODELL:
I, the other piece I know I'm kinda jumping around here, but we have you we have you both. Another piece that I think would be kinda interesting is so, like, when I said when I onboard someone to cold card, I don't tell them, like, go straight to multisig. Right? Like, I I think multisig is incredibly empowering. I use it personally, you know, individually and across my organizations. It's a fucking superpower. It's awesome. But it is it adds complexity. So I tell them go single sig. But what I tell them to do is have two hardware devices initialized on the same wallet. Right? And what does that do? That does if they they set up a cold card, for instance, they write down their backup words, then they take a second cold card, they restore their backup words to it. It does two things. It it makes it so they know their backup is correct.
And the second thing it does is it gives them a fully initialized second secure device that they can keep somewhere else. So if the first device dies, they're good. This whole delay notify thing, I think that panic could be mitigated a bit if users could just buy a second bit key and have it already initialized. So they can keep the second bit key in their office, for instance, or something and the other one at their home. And if something happens to the one in their home, instead of waiting thirty days then you can increase the delay and notify too. Because instead of waiting thirty days, they can just take the second device, and use that. That's like a fully initialized copy of the original device. I think that would be a very graceful way of handling the the the loss of device.
[01:13:58] Steve Lee:
Yeah. I I agree with that as well. And but but bear in mind so we've already come up with, like, five or six great ideas for Bitkey. There's, like, at least a a 10 x multiple of, like, ideas and road map and features and priorities on that team. So it's gonna take time, which is why I'm I I'm a huge proponent of, like, I'd love to see other teams, other products, other wallets, going after a similar design and architecture as Big Key just so we get more, you know, more teams, more people, more experiments, building on this type of architecture.
[01:14:40] Craig Raw:
Alright. Well, I just want to go go with that, Steven. It's it's it's it's great that, as you mentioned earlier, you are working in really the heart of where a lot of these companies are because, you know, I think what we kind of would really like to see is some of the the kind of companies that have a lot of experience in UX design, kind of have a lot of resources in that, can approach it from that point of view and come up with different ideas, that are not that are, you know, similar to the Bitkey, but different. Right? Different kind of trade offs that we have. So that's, I think, would be very positive to see, and I think we will see it. I think we are absolutely going to see, and hopefully quite soon, other entrance into this space, because there's a lot of design space here, and different ideas and different things that can work, as we've just come up with a variety of different ideas.
And I I think, you know, it's it's it's just to go back to an earlier point, having, you know, ideas like having two bit keys, that's really the power where you see the power of an open ecosystem. Right? The fact that, you know, even if, MBK didn't consider that the cold card would be used in that way, people have started using it in that way. Right? And that's kind of what you want. Right? You want people to take your product and to use it in ways that you didn't imagine it because it has these kind of abilities. And that which really gives legs to the thing is is is that kind of, flexibility that you build in.
[01:16:24] ODELL:
Awesome. I mean, I think this has been a very productive conversation. I will say on the new entrance point of view, I'm pretty optimistic on what the guys behind the Cove Wallet are building, with the idea being there, like, a mobile alternative to Sparrow that has less power user features and is just simpler to use. So, hopefully, we see more things happening in throughout the design space. I mean, there's kind of been a little bit of stagnation until Bitkey came out and kinda flipped the script a bit. So
[01:17:03] Steve Lee:
Do you wanna Yeah. We have, like, 15
[01:17:05] ODELL:
left. Did did you wanna talk vaults or not? Yeah. I mean, you you seem like a a supporter. Why don't you make the pitch for why we should care? Are you thinking I'm a supporter? I Are you not?
[01:17:17] Steve Lee:
I well, I'll I'll I'll tell you what I think, and then I'm I'm super curious what both of you guys what you what you guys think. I so, well, first of all, for for folks in the audience who don't know what a vault is, there there have been vaults from custodians for a a while. Like, Coinbase had the notion of a vault, you know, for at least eight years. And, it kinda like this delay and notify period that we just talked about. Like, let's say I have my Bitcoin at Coinbase. I put it in the vault. If I wanna withdraw it, I have to wait forty eight hours or some period of time until it actually gets withdrawn. And during that window of time, I'm receiving notifications through different communication mechanisms saying, hey. This is happening. And that protects me against someone hacking into my Coinbase account and and doing a a withdrawal that that I didn't intend for. So this features, and I think River just sent out something similar. So custodians have done this for a while, but the conversation happening with Bitcoin developers right now is vaults at the protocol level.
Be so that it's not done at the application level like a Coinbase is doing it, but instead of the protocol level. So it's independent of any company or service provider. And so you could have, like, you could be using Sparrow and have a a three of five multisig setup, but you could set it up so that you, you can't immediately if you try to withdraw or spend money out of that wallet, there's a waiting period. You could be receiving notifications. And if you, interject, it it'll cancel the withdrawal, and it would go and and and if and if, if you do that, it goes to this secondary wallet, the vault.
So on the surface, it's super attractive. It just adds another layer of security, and that's definitely a big benefit. I was a huge fan of this concept maybe six, seven years ago. I'm a little I I'm open to the conversation still, but I'm I I see a lot of drawbacks that would need to be addressed now. So let me just enumerate those, and then I got I wanna hear what your your guys' view on this is. But, I worry about complexity being added. So it's already hard enough to have one wallet and manage the the keys for that one wallet. Here, you'd need to manage two sets two wallets. And whatever the key configurations are for those two wallets, that's one complexity. Another drawback is that you do to spend your coins, you do have this, delay. So if you actually wanna spend your coins, you're having to wait for that delay. Depending on your use case, though, that if you're truly, like, like, it's your life savings and you you don't, you know, you you don't intend to spend it for a long time, that that might not be that big a deal.
And then the third drawback is that you need some kind of monitoring service to monitor the blockchain, the mempool, in order to alert you of an attack. And you either need to then host your own monitoring service yourself, so it adds a huge, you know, UX burden and operational DevOps operational burden on the user, or you're, you know, paying a third party to do that for you. So I I think that Vault advocates, maybe aren't discussing those downsides, as much as they should. But, yeah, I mean, I I remain, I mean, the the reason why it's coming up now is, like, people who are advocates for consensus changes around covenants will sometimes cite vaults as, like, a a leading use case for why we wanna change the consensus rules of Bitcoin. And then it gets into a debate about, like, how practical they are, how much adoption we'd see of vaults. And so that's the current conversation, but I'm curious what you guys what your views on vaults are.
Will will they be adopted? Do they really advance security a lot or not?
[01:21:41] ODELL:
Craig?
[01:21:43] Craig Raw:
So, Steve, I think you've done a great job at summarizing, you know, the the pros and cons of vaults. I think, you know, there's there's only one way to know, and that's to actually use them. Right? I I think, everything in Bitcoin serves at this at the pleasure of store value. In other words, that is the number one use case for Bitcoin in the world, like it or not, and Volt's very much caters towards that use use case. So it is by default interesting regardless of the various drawbacks, and I think the drawbacks you mentioned are absolutely valid. So, you know, right now, we have people complaining, prominent Bitcoin is saying that multisig is too complex, that it's too difficult, that it's too, how can I say this, too difficult to change in a way should you need to rotate keys or whatever?
All of those things have solutions somewhere in the future, perhaps, but, ultimately, Volts is, adding to the complexity, in the way that you've said. So instead of having, you know, a single kind of set of keys, you now have two sets of keys. Why? Because you need to be able to have an escape path should this bolt withdrawal go wrong. Right? Should there be an attack? What is the escape path? This kind of safe safe path, if you will. And that's, I think something which is underappreciated because it's difficult enough if you think about c backup. Right? If you are gonna go around and then have, sort of different geographic locations where you have seed backups, that's quite a difficult thing to set up in and of itself. Right? You now need to have these actual safe places which are distinct from each other. Now if you are going to multiply, you know, and I say this in a loose sense, you're gonna multiply that complexity by two, you might get to a point where people just say, you know, that's that's just way too much. I already had to try and find three different locations to store my seeds. Now I'm gonna have to find another a fourth or a fifth. Right? And that's that that just starts to sound like way too much for most people. So, you know, are Vaults likely to take off and become the kind of everyday Bitcoinist tool? I don't think so. I I I I doubt that would happen. At least it wouldn't happen for many years.
However, I do think that, as I said, store value is the key. And if we if if Bitcoin is, as Matt says, designed to pump forever, then we are going to end up in a place where we're gonna have to store huge amounts of value. And in that sense, we're gonna need every tool that we can get our hands on, and Volts is a great tool. So it's very hard to argue against it from that point of point of point of view. I personally think Volts would absolutely get use. I think there's an absolutely valid use use case, and I think probably the strongest use use case in my view for all of this, covenants type stuff. I know there are many other use use cases, and people will say, well, you know, we need to scale the UTXO model and all of these kind of things, and, certainly, those things are valid. But if you're talking about the needs today, I suspect that the actual use case of covenants in bolts would be the number one for some time, just because that's what people need today. They don't need to necessarily scale the UTXO set today.
So that's kind of my my broad views on it.
[01:25:28] ODELL:
Well, so the way I look at it is is from a use case perspective. So in the short term, what would the use cases be? I I tend to agree with you that people that are practicing self custody probably won't want to add the additional complexity of of having another wallet that they have to secure, their backup wallet. I think you could have interesting scenarios where, you have, like, a keyless setup. Right? So you have a setup. Let's you know, we'll use Unchained as an example. Unchained right now defaults to two of three. You could have a scenario where the user holds none of their keys, but they can use vaults to have this backup and go to the backup wallet.
There could be a scenario there, where they're actually only securing one seed, but that seed is only used in emergencies. Otherwise, they're they're they're holding custodial. There could be something there. I know there's a lot of high net worths that just don't want to be holding their own keys, but maybe they would hold one emergency key. The second piece is, just like amateur custodians in general protecting themselves. So, like, Cashew is something I'm very excited about. And if you're running a Cashew Mint, you basically have a large honeypot hot wallet that you're constantly operating.
Those people that are running mints are already pretty technically proficient. They might take advantage of Vaults, to make sure that they don't get rugged, that they don't accidentally rug their users by getting rugged themselves and getting compromised themselves. All that said, I don't really think there's that much demand for it except for, like, a small subset of Bitcoin x. And the environment for Softworks right now is probably the worst environment we've seen in a long time in terms of trying to find consensus for something. There really needs to be an overwhelming, you know, momentum or desire or motivation to to do something. And I just don't think it's really there for vaults, but maybe I'm wrong.
[01:27:42] Steve Lee:
Yep. The the one thing I the cost of scenario, you know or sorry. Not the cost. The Cashew scenario, like, if you're running ecashment. And this extends to exchanges too who might wanna use this for their hot wallet cold storage setup, but you you need a pretty sophisticated scenario of knowing, because it because you have this time delay in spending your coins, you can't lock up, like, the entire cashew mint or else it would just freeze the whole system. People wouldn't be able to to make make transfers. So you'd have to somehow figure out based on historical data what percentage of your, total mint needs to be liquid, you know, within, you know, within a day or two days or whatever and, and only lock up some of it in in a vault.
[01:28:39] ODELL:
Yeah. Yeah. That's a good point. So it's, like, not even practical that practical for that anyway. It would help a little bit. You'd need a elaborate design
[01:28:49] Steve Lee:
to do that as well. Yeah. And I
[01:28:53] Craig Raw:
probably a DevOps team. I think that, you know, something that is that is true, not just of Vaults, but, of of Bitcoin self custody in general is that you want to have always, if if you're holding on to any significant amount, you do want to have different wallets which have different levels of security. And, you know, the vault, in this case, would obviously be the maximum level, and then you would want to have sort of a spending wallet or a a sort of a lukewarm wallet, if you will, which was a much lower security wallet. And I think that that's true true today. Right? If you have your cold storage and you've kind of progressed to the most secure setup, you'll have a multisig, which might be in in different signers in different geographic locations. Obviously, that's gonna be a real pain if you ever have to spend. So you then have a spend spending wallet. And I think that that's that kind of model, is gonna become the model of the future future. I think Bolt fits quite well into that. You know, we don't know what the adoption is until we have it or if we ever have it.
But, you know, I I do think that there is going to be some demand for that kind of ultra secure level. And then, as I say, having sort of much, you know, sort of a single SIG cold card or some kind of lower levels, which then augment that.
[01:30:26] ODELL:
Yeah. That makes sense to me. It's like you can think of it kind of like a hot cold setup in, for exchanges. People have I mean, I think most people have that in practice, and they don't even really realize. Right? It's like you have your spending wallet. You have your your cold storage. Maybe that's all people have. Maybe people don't really spend Bitcoin. Maybe that's only, like, a dozen of us. But, yeah, vaults could play a role there. I just do you guys think there's actually demand? Like, do you realistically think this is, you know, what the community rallies around in terms of a soft work?
[01:31:07] Steve Lee:
No. I I I think I think we'll probably get covenant someday, and vaults is one application. Some people will use it early on. And ten years from now, a lot of the complexities and and drawbacks that we're mentioning can be smoothed over. They'll just be libraries built out and tools built out, making it way easier for the future cashew mint operators to to to do that where they're not having to build all this themselves. I think that can happen over a ten year period of time. I just don't think it's like a super strong motivator to, like, change the consensus rules of Bitcoin on its own.
I think it's like a secondary benefit we get if we get covenants.
[01:31:51] Craig Raw:
Yeah. And I I think it's it's it's worth saying in case everyone anyone out there is kind of looking at, the kind of talk online is that opfolds, which is the particular proposal we are probably referring to, at least the leading one, is is is not even really being proposed in any serious way at this time. It's mostly op CTV and op, checks it from stack. So, you know, it's it's, it's certainly not, in our immediate future. I think, it it just I think it it is it is at least true that some people would use it, and it would probably get more use over time as the value that Bitcoin as an ecosystem needs to store goes up.
[01:32:43] ODELL:
Awesome. Guys, this has been a pleasure. I've enjoyed the conversation. I think it's been very productive. Based on the live chat, it seems like people have found it helpful. I think it's just important to be very transparent and open and honest with with Bitcoin trade offs and tool trade offs. And the ultimate dream here, I think, is for users to have many different options and for users to choose the options that best suit them, and have agency in that decision, have an educated decision to be able to make that make very important decisions for their for their family's livelihood.
We've gone an hour and a half. I think it'd be great to wrap with some final thoughts. Steve, final thoughts.
[01:33:31] Steve Lee:
I don't know. Let can Craig start? Sorry. I have my Final thoughts. Ready.
[01:33:37] Craig Raw:
Yeah. Look. I I guess I'm just gonna go back to, my sort of early comments. I think one of the the biggest strengths that Bitcoin has, and it doesn't get talked about a great great deal, because it's it's kind of assumed, I guess, is that we have these these, really great standards, which were these kind of very small, short documents that were written, back in the day. I'm talking about documents like BIP 32 and BIP 44. And they're kind of these little building blocks, which don't have they're not like reams of text. They're actually quite simple. They're relatively easy for a developer to read and build on. And what they have led to is this great open ecosystem where we have all of these different vendors, and developers coming and building on this original core. Right? So we've kind of taken things from a kind of a single key, single address setup all the way to these kind of geographically multi vendor, multi segs.
And that's a long distance, and we've done that in a way that maintains, the kind of, openness and the kind of, accessibility for anyone to take take part. I think that that's a feature of Bitcoin which is really precious. That's one which I value hugely in terms of my own use of Bitcoin. I love the ability that I can move move around and do various things. So those standards are very important to me. I would encourage anyone building in the space or even just using it to always consider standards based, products and products that are built on stand stand standards. It's a really important part because it leads to the kind of world and the kind of ecosystem that we have today. So that's kind of my my message, is always think about standards and try to lean towards them because it's gonna lead to more optionality in the future.
[01:35:39] ODELL:
Love it. Thanks, Craig. Steve, final thoughts.
[01:35:43] Steve Lee:
Yeah. Well, I appreciate Craig, bringing this up. And instinctively, I'm I'm all about standards as well. I was just hitting a roadblock and seeing how it works out here, but now I understand. So thanks for that conversation. My I guess my final thought, I I'm excited about private key management because, I mean, it's future. It's really hard it's really hard to do. But if we look at the past ten years, look how far we've come. And if you just listen to our conversation now, and we just scratch the surface on, like, improvements to Bitkey or Sparrow or just the space in general, adding vaults, etcetera.
Think about the next it's gonna take time. It's a lot of still a lot of work ahead of us, but we know what these things are. These this isn't like we have to invent new things. We we can name a hundred things over the next ten years that are going to happen. People are gonna build it, and the solutions are gonna become much easier to use and be more secure. So I think that I find that super exciting.
[01:36:42] ODELL:
Yeah. I think it's easy to get lost in the weeds and get disenfranchised, but, the kids kids these days have it so easy. You know? It it used to it used to be it used to be a lot more difficult, and a lot scarier and a lot people used to lose Bitcoin all the time. It it used to be a very common occurrence. You would just see on Reddit Bitcoin talk. I got compromised, and we've come a long, long way as an industry. I wanna I wanna thank Craig and Steve for joining us. I wanna thank them for being on team Bitcoin and and building in the space. Your guys' contributions are greatly appreciated.
I plan to have you guys on, I'm sure, on dispatch many, many times in the future. I wanna thank the freaks for joining us, supporting the show. As always, sale dispatch is, has no ads. It is completely supported by our audience. So thank you all for donating your hard earned Bitcoin to the show. It means a lot. It's it's it's pretty crazy how much support is out there. So thank you guys. And as always, you can find Cielo Dispatch in your favorite podcast app by search just searching Cielo Dispatch, any podcast app. If you use Fountain Podcasts, you can leave a comment, feedback, questions, things you wanna see from the show.
I read all of them. So thank you for your support. Consider sharing with friends and family. Thank you, Steve. Thank you, Craig. Until next time. Appreciate you both.
[01:38:08] Steve Lee:
Peace. See you, guys. Bye bye.
Introduction
Presidio Bitcoin Launch and Community Spaces
Challenges and Opportunities in South Africa
Bitkey: Making Bitcoin Self Custody Easier
Threat Modeling and Security Concerns
Future Scenarios for Bitkey and Sparrow Integration
Recovery Scenarios and User Experience
The Potential of Bitcoin Vaults
Final Thoughts and Future of Bitcoin Security
