Why we love encrypted microSD backups

Those of you who have been in Bitcoin for a while may be used to the seed phrase shuffle involved in creating a new Bitcoin wallet, but that concept is one that is alien to the normal person’s experience in the digital world. As people have become more and more used to trusting a centralized entity with their data behind only a username and password, the idea of physically writing down 12 or 24 words as a way to store wealth is not necessarily the most approachable.

While the concept of encrypted backups to microSD isn’t a new one, we’ve taken the path of using microSD backups as the default on-boarding method when a user sets up their new Passport. This approach does introduce a new set of trade-offs, but we think that it is a simpler approach for most people and opens up new possibilities when it comes to storing the secrets required to restore your funds after you lose your Passport, break it, or suffer a physical theft. Our goal with encrypted microSD backups is to improve the user experience and peace of mind for new users without sacrificing security, and we think this approach does just that.

Why not just use seed phrases like everyone else?

Here at Foundation, we’re deeply passionate about not only helping to onboard the deeply technical users in the Bitcoin community, but also ensuring that those who are new to the space can more easily dive down the rabbit hole of Bitcoin. This means that we work hard to ensure that deeply technical and complex setups can work well with Passport + Envoy, as well as very simplistic and approachable setups that are more friendly to new users.

This is why we’ve chosen to support both seed phrases and microSD backups and leave the choice up to the user. While we’ve made the default flow follow the microSD backup path, we still expose the seed words to users in the settings menu, allowing the standard backup path to be chosen by those who understand the trade-offs inherent in it. Unfortunately a seed cannot be used to backup and restore device configuration, account names, transaction tags, etc., meaning that a seed phrase can never restore any off-chain data.

If you backup the seed phrase you can always restore funds like normal in the Bitcoin space – both with Passport or with any other Bitcoin wallet of your choosing.

How do encrypted microSD backups work?

When you create a backup of your passport to microSD (something that automatically happens when you first setup your Passport and anytime you make account changes to it), Passport creates an encrypted 7-zip file using a 20-digit passcode that is generated using Passport’s three forms of entropy:

  1. The onboard CPU’s random number generator
  2. The secure element’s true random number generator
  3. The open source Avalanche noise entropy source

These three forms of entropy are used so that even if one was somehow compromised or vulnerable to attack, the passcode would still be cryptographically secure. 

This standard form of 7-zip encryption uses AES-256 to encrypt the data, and then uses a form of SHA-256 to hash the 20-digit passcode into a 256-bit key. The combination of these techniques means that there are 100,000,000,000,000,000,000 possible combinations of passcodes, making it practically impossible to bruteforce the passcode if an attacker somehow obtained the backup file.

As long as a user has access to both the backup file and the 20-digit passcode, they can not only restore their funds, they can also restore all device settings, accounts, account names, multisig configurations, etc. in just a couple of minutes. As the encrypted backup file is a standard 7-zip format, even if Foundation disappeared and your Passport stopped working you could easily decrypt the file with your 20-digit passcode on a computer and import the seed into any of your favorite Bitcoin wallets.

To learn more about the backup functionality, you can read through our docs here.

What are the key advantages of encrypted backups?

Migrating from seed phrases to an encrypted microSD backup (or utilizing them alongside a standard seed phrase backup) provides a few key advantages for users:

  1. All device configuration, accounts, account names, and multisig configurations are fully backed up and automatically restored when using microSD backups
    1. If you merely backup the seed phrase all of this secondary data is not backed up, leading to a lot of initial headache and extra setup necessary when restoring onto another device in the future
  2. You can safely make and distribute multiple copies of the backup file – even to family or friends you don’t fully trust – as they cannot view or move funds in any way with just the backup file
    1. Just be sure not to also give them the passcode!
  3. You can store the passcode safely in an end-to-end encrypted password manager like Bitwarden without risk of funds being stolen even if someone got access to your Bitwarden account
    1. Just be sure not to also store the backup file there!
  4. An attacker or thief finding either your backup file or passcode would not be able to easily tell that they are Bitcoin-related
    1. There is no reason for an attacker to suspect that a microSD card or 20-digit passcode would be worth stealing
  5. An attacker or thief finding either your backup file or passcode could not view or steal funds in any way without having both the backup file and passcode

What are the key disadvantages of encrypted backups?

While we think the overall trade-offs inherent in microSD backups are well worth it, there are some key drawbacks that you should be aware of if you choose to only use encrypted microSD backups:

  1. You must have both the 20-digit passcode and encrypted backup file to restore funds
    1. I.e. if you lose either one you will be unable to restore funds!
    2. This means that microSD backups do introduce a second single point of failure
    3. Advantage #3 above greatly reduces this disadvantages impact, practically
  2. If you store both the encrypted backup and passcode together, it provides no added security over a plaintext seed phrase
  3. MicroSD cards themselves have a limited lifecycle and can fail – it’s important to use high-quality industrial-grade microSD cards (like those we ship with Passport) to reduce this risk
    1. You can also backup the file to another storage medium like a NAS or extra hard drive as another failsafe, and shouldn’t rely on a single microSD card alone!

This may be a short list, but the first point is extremely important to understand – losing either the passcode or the encrypted backup file would lead to loss of funds if you also lost or broke your Passport!

Which should I use?

The beauty of Bitcoin is that it enables you to choose your own path, and we certainly don’t want to inhibit that freedom. That’s why we leave the ultimate choice up to you and ensure that you aren’t locked into our ecosystem (or even our favorite approach). Whether you choose microSD backups or seed phrases (or both!) is up to you, but both can be easily imported into any standard Bitcoin wallet app. If you want added peace of mind, you can even use both and store the three pieces separately – encrypted backup file, 20-digit passcode, and seed phrase!

Ultimately the choice is yours, but we certainly love encrypted backups and how they’re helping onboard less technical users in a way that is approachable and secure.

What We Protect

In Part 1 of our series on making every spend a CoinJoin, “Why We Mix”, we walked through the philosophical and practical first steps behind the fight for privacy in Bitcoin. In Part 2 we’re digging into what information we share when we make a standard Bitcoin transaction, and what we want to (and can!) choose to protect to gain financial privacy. 

Each transaction we send in Bitcoin contains information on all inputs used, all outputs sent, and the time when the transaction is published to the mempool and included in a block. This ultimately breaks down into 4 key pieces of information; the sender, the recipient, the amount sent, and the source node.

Why does Bitcoin reveal so much information in each transaction?

When you sit down and think about the amount of information contained in a Bitcoin transaction, you may begin to wonder why in the world all of this has to be shared with the world each time you send a Bitcoin transaction. One of the tradeoffs that comes with making Bitcoin a decentralized and distributed ledger is that each transaction must contain enough information for (1) miners and nodes to validate that transactions don’t double spend funds, (2) users to be able to find their own funds without hassle, and (3) for the supply of Bitcoin to be easily validated by network participants.

While novel approaches to leveraging more powerful (but more complex!) forms of cryptography to hide sender, recipient(s), and amounts have been developed and proposed over the years, none of these approaches existed in the early days of Bitcoin, and each comes with its own set of tradeoffs and risks. Instead of implementing protocol changes like ring signatures, confidential amounts, or stealth addresses at the base layer, the Bitcoin community and developers have opted to keep Bitcoin’s base layer transparent by design and rely on higher layers and application-level privacy tools to allow users to opt-in to better privacy in Bitcoin.

Because of this choice, the ability for each of us to gain privacy becomes a matter of personal responsibility and knowledge instead of a protocol-enforced default. For better or worse, we each get to choose our own preferences and path towards financial privacy when it comes to Bitcoin.

An example transaction

As we walk through these four key pieces of information about each Bitcoin transaction, having an example transaction to refer back to will be invaluable. This transaction has been chosen at random from the Bitcoin ledger, but illustrates quite a few key aspects of a lack of privacy being inherent in Bitcoin.

Transaction ID: 01b668043b819fd812dd861c2d28deba04136751af087386dc5b991beb73493a

What can we learn from a simple look into the transaction? Let’s break it down into key findings from using simple, widely available blockchain exploration tools like mempool.space and oxt.me:

  • The sender consolidated multiple outputs to make the transaction, revealing all the inputs as almost certainly belonging to them
  • Going back one hop with the largest input shows us that some of the funds were withdrawn from Bitstamp (but not all)
  • The sent amount is almost certainly 0.011 BTC, as it is sent to a different type of address (“P2SH”, or wrapped/nested SegWit)
    • We can also confirm this analysis due to the rounded payment amount (0.011 BTC) which almost never happens with fees or change outputs
  • The recipient is still using a legacy Bitcoin wallet and has not upgraded to use Segwit
  • The change amount is almost certainly 0.00004088 BTC, as it is sent to the same type of address as the inputs (“P2WPKH”, or Segwit Bech32)

We’ll look more at these findings in each section below.

Protecting the sender

When we look at the different pieces of information revealed in a Bitcoin transaction, the information on funds being spent (and thus on the sender themselves) rightfully deserves the most focus when approaching transactional privacy. When you view any basic Bitcoin transaction in an explorer, you quickly realize that you can learn an immense amount of information about the sender by simply following the inputs backwards.

How do we see this play out in our example transaction? Let’s take a closer look:

  • The sender consolidated multiple outputs to make the transaction, revealing all the inputs as almost certainly belonging to them
  • Going back one hop with the largest input shows us that some of the funds were withdrawn from Bitstamp (but not all), tying multiple addresses together with funds connected to the sender’s identity known by Bitstamp
Inputs to a previous transaction sent from Bitstamp wallets

This simple analysis is primarily possible because in Bitcoin, almost all transactions are performed by a single entity; and if a single entity is performing a transaction, then all inputs to that transaction are necessarily owned by them. This heuristic is called the “common-input-ownership heuristic” and is one of the foundational building blocks for the majority of chain surveillance in Bitcoin today. When those wishing to surveil Bitcoin’s usage can safely assume that all inputs in a transaction are owned by the sender, they can build detailed and nearly complete pictures of a user’s spending habits past, present, and future.

This heuristic is also the core of what CoinJoin-style transactions attempt to confuse and break by coordinating a single transaction between many different participants. If enough Bitcoin users started to make CoinJoin transactions regularly, we could even go so far as to break this heuristic and make it inaccurate for chain surveillance companies, severely limiting their visibility into our financial activity on Bitcoin.

While hiding the input addresses and amounts is strictly not possible in Bitcoin today, we do have a few options for obfuscating and confusing chain surveillance, making their lives as difficult as possible.

What can we do today?

While we’ll keep things short and sweet in this section, here are a few ways you can better protect your financial privacy when sending Bitcoin transactions:

  1. Always use a new receive address
    1. If your current Bitcoin wallet doesn’t do this automatically, it’s far past time to switch!
  2. Don’t consolidate funds in your wallet (a commonly recommended way to save on fees down the line) by sending all of your Bitcoin back to yourself in a single transaction
  3. Use as few inputs as possible (only one, if possible!) when sending a transaction
    1. Thankfully most good Bitcoin wallets will do this for you by default!
  4. Prefer using PayJoin when enabled by a merchant (anyone using BTCPay Server can easily enable this if they’re using a hot wallet!)
    1. Read our guide on doing just that when buying a Passport: Buying Passport Privately Using CoinJoin
  5. Use wallets like Samourai Wallet and Sparrow Wallet to CoinJoin your funds, ensuring that even when you spend funds the prior history of each input isn’t able to be traced
  6. Use wallets like Samourai Wallet and Sparrow Wallet which automatically create dummy CoinJoin transactions whenever possible to obscure the sender (often called a “STONEWALL” transaction)
  7. Use wallets like Samourai Wallet and Sparrow Wallet to create collaborative transactions that obfuscate the true sender and input (often called a “STONEWALLx2” transaction)

Protecting the amount sent

Protecting the sender is the core focus for many of the privacy tools built on Bitcoin, but protecting the amount sent in each transaction is also an important piece of a holistic approach to privacy on-chain. If we’re not careful about how amounts are handled, we can make it easier to undo our privacy and link transactions and addresses to each other. The most common ways to use amounts to reveal information in a transaction are to look for rounded payment amounts (i.e., 0.001 BTC exactly) or to look for exactly matching amounts (minus normal fees) going into and out of exchanges, instant exchangers, or decentralized exchanges.

How do we see this play out in our example transaction? Let’s take a closer look:

  • The sent amount is almost certainly 0.011 BTC, as it is sent to a different type of address (“P2SH”, or legacy SegWit)
    • We can also confirm this analysis due to the rounded payment amount (0.011 BTC) which almost never happens with fees or change outputs
  • The change amount is almost certainly 0.00004088 BTC, as it is sent to the same type of address as the inputs (“P2WPKH”, or Segwit Bech32)

Amount-based heuristics are a common tool used by chain surveillance companies to confirm other heuristics (like the “common-input-ownership heuristic” we’ve already discussed) or to make educated guesses in the absence of clearer signs on-chain. The ability to use amounts to tie transactions and inputs together is one of the main reasons that most of the most battle-tested CoinJoin protocols use common denominations for inputs (i.e., 0.05 BTC) instead of allowing arbitrary amounts. Using these common denominations prevents trivial linkage of inputs and outputs down the line.

What can we do today?

  1. Avoid using rounded amounts (i.e,. 0.01 BTC) when sending funds unless necessary
  2. Avoid using specific fee amounts (outside of 1sat/vbyte, of course) and allow your wallet to calculate fees appropriately
  3. Prefer using PayJoin when enabled by a merchant (anyone using BTCPay Server can easily enable this if they’re using a hot wallet!)
  4. Use wallets like Samourai Wallet and Sparrow Wallet and create a “STOWAWAY” transaction with other Samourai and Sparrow users to hide the amount being sent and true input

Protecting the recipient

Now that we’ve taken a look at protecting both the sender and amount in a transaction, how do we go about protecting the recipient’s privacy? Thankfully, many of the same principles apply here as well, especially avoiding address re-use. As every transaction in Bitcoin necessarily has a recipient with address and amount being visible on-chain, it can be quite difficult to actually preserve the privacy of the recipient, both from the sender and from outside observers.

How do we see this play out in our example transaction? Let’s take a closer look:

  • The sent amount is almost certainly 0.011 BTC, as it is sent to a different type of address (“P2SH”, or legacy SegWit)
    • We can also confirm this analysis due to the rounded payment amount (0.011 BTC) which almost never happens with fees or change outputs
  • The recipient is still using a legacy Bitcoin wallet and has not upgraded to use Segwit
  • The recipient sweeps this output along with many others in a later transaction, linking their other receive history together

Chain surveillance companies leverage many of the same techniques to identify recipients as they do with senders, including wallet fingerprinting by fees, script types, output consolidation, and address re-use. When these types of heuristics are used, it can lead to “wallet clustering”, where those performing surveillance can tie together transactions under a single entity, even if there is no direct identification attached. As always with privacy, it’s important to blend in with the crowd and avoid any mistakes that can make it easier to separate and cluster transactions under a single entity.

What can we do today?

  1. Avoid re-using addresses when receiving funds
  2. If you’re the sender and a recipient is re-using an address or has a static Bitcoin address posted for donations or payments, pressure them to either use a PayNym or a solution like SatSale or BTCPay Server to provide a new address with every payment
  3. Prefer using PayJoin when enabled by a merchant (anyone using BTCPay Server can enable this, if it’s not enabled ask your merchant to enable it!)
  4. Use wallets like Samourai Wallet and Sparrow Wallet to create collaborative transactions that obfuscate the true sender, receiver and input (often called a “STONEWALLx2” transaction)
  5. Use wallets like Samourai Wallet and Sparrow Wallet and create a “STOWAWAY” transaction with other Samourai and Sparrow users to hide the amount being sent and true received output

Protecting the source node

Last but not least comes an aspect of Bitcoin privacy that is often forgotten – protecting the IP address of the Bitcoin node that broadcasts the transaction in question. While the IP address and information about the originating node isn’t stored on the blockchain directly, it can be relatively easily seen by anyone operating a few nodes on the network and desiring to gather that type of information.

Because Bitcoin Core uses a very simplistic transaction broadcast protocol, an adversary seeking to surveil the network can run many nodes in many different geographic locations to try and be at least one connection of most nodes in the network. Once they have these broadly distributed nodes (a “Sybil attack”, something that is very cheap and easy to do in a permissionless and decentralized network like Bitcoin), they can then watch for where in the network they see transactions first broadcast. If they notice that a transaction they’re interested in was first broadcast from one node and propagated from there, they can make a very well educated guess that it was the source node for the transaction.

While this doesn’t guarantee that their guess is correct, it does help them narrow down the potential source node of a transaction and more actively Sybil attack that specific node to look for further transactions of interest. This can be combined with on-chain heuristics to try and find the source node being used by a specific entity and gain vast insight into their spending habits, their geographic location, and even their home address (if they reveal their true IP address to the Bitcoin network).

It’s important to remember that a peer-to-peer network like that used in Bitcoin is designed to be censorship-resistant and permissionless, not private. This approach works extremely well at ensuring that in most censorship scenarios a transaction can still be broadcast to the whole network, but also ensures that a motivated adversary can quite easily follow the flow of transaction propagation and block propagation across the network.

If you’d like to learn more about the issues inherent in this approach, there is an excellent article on the topic titled “Bitcoin’s P2P Network” at nakamoto.com.

What can we do today?

  1. If you run your own Bitcoin node, set it to only use the Tor network for communication
    1. This option is controlled by `onlynet=onion` in the config file, read more on the topic here
  2. Broadcast transactions manually via the Tor Browser and a service like mempool.space
    1. Only do this over Tor, never via clearnet!
    2. The current Onion address of the mempool.space broadcast tool is here
  3. Run your own Samourai Wallet “Dojo” node stack, which is Tor-only by default


After reading this I hope you come away with the conclusion that while Bitcoin’s on-chain privacy is imperfect by default, there are solutions available to each of these problems today. It may seem daunting to have to consider each of these aspects of information when sending or receiving a Bitcoin transaction, but as the issues around privacy within Bitcoin are clarified and made known, the wallets and apps we use to interact with Bitcoin can grow to better handle all of these potential issues for a user automatically.

Over the long-term it’s extremely important that wallet developers and node developers work hard to build in sane and private defaults to their apps, as most users have neither the knowledge nor expertise to properly handle every core piece of Bitcoin privacy. The more we as developers can improve users’ privacy without them even thinking actively about it, the better off our users will be and the better off the Bitcoin network and ecosystem will be.

In part 3 of this series we’ll take a closer look at protecting the sender via CoinJoin, including a sneak peak at what we’re working on to help make Bitcoin privacy more approachable for every Bitcoin user.

Stay tuned, and thanks for diving into the deep end of Bitcoin privacy with us today!

Announcing Our $7m Seed Round

We at Foundation are thrilled to announce the completion of a $7 million seed round led by Polychain Capital, enabling us to expand, improve, and reach more people with free and open source software and hardware that empowers you to reclaim your digital sovereignty. For more on the raise, read the official press release below.

Foundation Devices Announces Completion of $7M Seed Round to Accelerate Development of its Sovereign Computing Platform


BOSTON, MA – December 19, 2022 – Foundation Devices (“Foundation”), a sovereign computing company that develops Bitcoin-centric tools that empower users to reclaim their digital sovereignty, today announced the close of its $7 million seed round led by Polychain Capital. Other investors participating in the round include new investors Greenfield Capital and Lightning Ventures, and existing investors Third Prime, Warburg Serres, Unpopular Ventures, and Bolt.

Founded in April 2020, Foundation builds products that make Bitcoin and decentralized technologies accessible to everyone, enabling users to reclaim their digital sovereignty. Foundation’s flagship product, Passport, a best-in-class Bitcoin hardware wallet, offers a unique combination of intuitive design, hardcore security, and a mobile-first approach with QR codes. In March 2022, Foundation launched its second-generation Passport device, which continues to gain traction and adoption among consumers with thousands of Passports sold over the last 18 months.

Additionally, Foundation is continuing to develop its mobile app, Envoy, as a standalone sovereignty toolkit complete with a Bitcoin software wallet. Envoy offers the easiest onboarding and user experience of any Bitcoin wallet, with maximum privacy using the Tor network, a free and open source software for enabling anonymous communication.

Foundation’s financing will enable the company to continue expanding its team and building open source hardware and software products that provide users with a seamless, end-to-end sovereignty experience.

“Preserving freedom and privacy is more important than ever amidst worldwide censorship, privacy violations, and reckless financial and monetary policies,” said Zach Herbert, Co-Founder and CEO of Foundation Devices. “As the line between the physical and digital world continues to blur, we are excited to continue delivering decentralized products that usher in a new era of freedom and prosperity for users across the globe. This seed round marks just the beginning of our journey to build the world’s first sovereign computing platform.” 

“The Foundation team has been creating gorgeous, incredibly secure, yet easy to use products that further an individual’s ability to self-custody crypto assets,” said Will Wolf, Partner at Polychain Capital. “We are incredibly excited to support them on the next phase of their vision to empower self-sovereign individuals through decentralized technologies.”

“We are proud to support an ecosystem which is open source and transparent,” said Jendrik Poloczek, Principal at Greenfield Capital. “By building products that lower the barrier to becoming a sovereign individual, more people will confidently reclaim control of their money and data.”

“The rave reviews Foundation’s Passport has earned show that people are hungry for a sovereign computing experience that is thoughtfully designed,” said Tyler Mincey, Foundation board member and Partner at Bolt. “This is a giant step in the right direction, both for self-custody and digital sovereignty, and we are excited to continue supporting the Foundation team through this fundraise.”

About Foundation Devices

Launched in April 2020, Foundation Devices builds products that make Bitcoin and decentralized technologies accessible to everyone, enabling users to reclaim their digital sovereignty. Foundation’s open source products include Passport, a best-in-class Bitcoin hardware wallet, and Envoy, a mobile app.

To learn more about Foundation, visit our about page.

purchase PASSPORT

Order Passport Batch 2 today, limited to 2400 units!

$259.00Add to cart

Becoming a Bitcoiner of Action

Can we all just “hodl” for a better future, or is there more to changing the world around us than passively collecting more Bitcoin? We at Foundation saw that we could do more than just “hodl,” so we started this company out of a desire to help empower more people to reclaim their digital sovereignty. What else can each of us do to help drive Bitcoin and the world around us towards a better future?

While simply “hodling” is a unique approach that is only possible because of Bitcoin, we who understand the impact Bitcoin brings, the need for financial sovereignty, and the weight of issues in society have a responsibility to find ways to help others along the path as well. Once we’ve learned about Bitcoin for ourselves and benefited from it, we have powerful knowledge and experience that we can use to bring about a better world far more quickly.

In this blog post we wanted to lay out some actionable steps that the average Bitcoiner can take to find how they can best impact those around them, improve Bitcoin, bring widespread adoption, and empower others to become sovereign individuals as well. While this is by no means an exhaustive list, we think this is a great place to start.

Join a local Bitcoin meetup

It may seem incredibly simple, but one of the most profound ways each of us can help to spread adoption and help others (and ourselves!) is to get plugged into our local community of Bitcoiners. Meetups allow us to build relationships with other Bitcoiners while contributing thoughts, ideas, and time to educating others. Joining a meetup also helps grow the circular and parallel economies forming around Bitcoin and gives us a local lifeline in case things quickly go downhill. It’s impossible to overstate the importance of having a strong community around you, and a local Bitcoin meetup is the best place to find that.

“Meetups are one of the most high-signal places to learn about Bitcoin and self-sovereignty. I’ve met so many great friends from our local meetup – if you don’t have one in your area, consider starting one!”

Mitch, Co-organizer of KC Bitcoiners meetup

Finding a meetup can be as simple as asking around on Twitter, searching Meetup.com, browsing Bitcoin-Only.com’s list, or if there aren’t any around you – kicking one off yourself! These meetups don’t have to be highly organized and technical, they can be as simple as meeting at a bar or restaurant once a month to chat about all things Bitcoin. Don’t overthink the details, just start gathering Bitcoiners together and watch amazing things happen.

Educate others around you

You may not consider yourself an educator, but even someone relatively new to Bitcoin has a wealth of knowledge that the vast majority of people in the world simply do not. Even the “simple” things like setting up a mobile wallet, storing a seed phrase, or using a hardware wallet like Passport can be immensely helpful to newcomers in the space. Not only that, but having a friendly face or nym that new Bitcoiners can go to with questions or concerns eases the incredibly daunting early days in the Bitcoin rabbit hole. We can help more Bitcoiners stay the path towards self-custody without losing sats along the way by easing the barrier of entry through education and community.

“We all stand on the shoulders of giants. As Bitcoiners we have an obligation to pass on learned knowledge to those around us. This is how we continue to spread the mind virus. This is how we win.”

BitcoinQnA, Head of Customer Experience at Foundation

Educating others also has a powerful personal benefit – when you learn something well enough to teach others, you ingrain a deep and lasting knowledge for yourself that further empowers you towards digital sovereignty.

You know best what communities could benefit from your experience and expertise, but some potential places to contribute could be Twitter (even if you have a small account, it makes a difference!), the Telegram group for your favorite Bitcoin wallet or project, a local Bitcoin meetup, your friends or family, etc.

Contribute and donate to Bitcoin FOSS projects

Want a way to benefit Bitcoin as a project along with a burgeoning free and open-source (FOSS) ecosystem? There are many projects in the broader Bitcoin and sovereignty space that could use your help, starting with simple contributions that don’t even require technical expertise. Taking the time to give back to one of your favorite projects by helping out newcomers in their Telegram or chat rooms, opening issues on Github when you find bugs or want to recommend features, writing or translating documentation, or simply promoting the project on social media can be a huge boost as well.

One of the easiest ways to give back to these projects is to actually use Bitcoin as money and press send. The FOSS space has notorious issues with invaluable projects not getting enough funding to be sustainable, causing us to lose amazing contributors, important apps and tools, and for the spread of Bitcoin and freedom to be slowed.

Bitcoin has uniquely enabled FOSS projects to get funding directly to their wallets without any custodian, middle-man fees, or payment processor. Let’s find ways to leverage this new-found wealth and electronic cash to help fund the next generation of FOSS projects and bring digital sovereignty to more individuals around the world.

“Seeing a donation (especially in the beginning) means the world to a FOSS team like us [RoninDojo], it’s validation that what we are doing matters and keeps us moving forward.”

BTCxZelko, Co-founder of RoninDojo

We don’t want to play favorites, but some excellent FOSS projects in the space that can be funded by Bitcoiners like you and me can be found below (with links directly to their donations pages):

And if none of the above projects strike your fancy or you aren’t sure how to pick one, an easy way is to donate to OpenSats general fund (more on that next).

Donate to OpenSats

Do you find it too difficult to select a contributor, FOSS project, wallet, or educator in the space to donate to? Then OpenSats has you covered. OpenSats is a registered charity in the US, allowing US citizens to count donations as tax-deductible, allowing you to grow the ecosystem while saving some fiat from the tax man. OpenSats allows you to contribute to individual vetted projects and contributors, or to simply donate to the General Fund and trust OpenSats to distribute the funds in a way that aligns with your ethos.

“Thousands of open source contributors make this movement possible. We created Open Sats to support them without relying on corporate sponsors. No strings attached, 100% pass through, tax deductible or anonymous.”

Matt Odell, Co-founder of OpenSats

OpenSats even allows you to donate fiat if you can’t bear to part with your Bitcoin, an invaluable on-ramp for fiat-to-FOSS. If you want to learn more about OpenSats, be sure to check out their website or follow them on Twitter.

Find your niche

If we haven’t hit on a particular passion or area of interest for you in this post, don’t worry! We all have unique talents, passions, and expertise that enable us to be Bitcoiner’s of action. There is a place for each and every one of us to take actionable steps towards bringing digital sovereignty to more people around us, and you know best what that role could be for you. 

Take a few minutes today to pause and think on how you could give back to the projects and communities that have impacted you in your journey down the Bitcoin and sovereignty rabbit holes.

There’s no such thing as a self-hosted wallet

They’re not content with just controlling our fiat money and your Bitcoin on centralized exchanges, so they’re coming for our self-custodied Bitcoin as well.

In a proposal to the European Union, the General Secretariat laid out an updated set of restrictions on cryptocurrency usage within the EU. While much of the proposal should be familiar, the updated language and recommendations around so-called “self-hosted wallets” are a frightening step towards tighter control over how we use Bitcoin. This new regulation proposes not only an implementation of the “Travel Rule” (requiring personal identification attached to each transfer between centralized, regulated entities) but also a limit of €1,000 to transfers from and to regulated exchanges and a recommendation to “mitigate the risks posed by transfers from and to self-hosted addresses” with forthcoming recommended restrictions.

One of the most onerous aspects of this new regulation is the introduction of a new phrase to imply that money that you own and control can and should be regulated by introducing the term “self-hosted,” when no such term exists for physical cash or fiat. When you choose to control your Bitcoin, you don’t have to “self-host” anything, you simply have the key to certain Bitcoin outputs and can transfer ownership of Bitcoin outputs (or coins) to other entities by signing over control to them. This key is a randomly generated 64-character string of letters and numbers (i.e. E987…3262), and regulating knowledge of a string of characters is an unbelievable overstep of power. The ability to transfer monetary value in a peer-to-peer manner is one that has existed since the early days of civilization and has historically been private, without requiring disclosure or surveillance.

The implication that the only way the State can prevent crime is by surveilling and collecting personal information from every financial transaction is an unprecedented shift towards centralized control. This control has not been necessary in the past for a safe, effective, and high-functioning society to prosper. When compared to fiat, cryptocurrencies like Bitcoin present an infinitesimally small amount of illicit activity. In their 2022 “Crypto Crime Report”, Chainalysis estimated that only 0.15% of all cryptocurrency volume involved illicit activity, compared to an estimated 2-5% of all GDP ($1.6-4 *trillion*) for fiat. The EU wishes to wield irrational fear and literary propaganda to justify centralizing and expanding their control over our lives.

With these numbers in mind, why are regulators like the EU attempting to tighten the noose on cryptocurrency usage by sovereign individuals? It certainly is not to prevent rampant crime, as cryptocurrencies are barely utilized for that and the low-hanging fruit is fiat use in crime. Is it for our own benefit? It certainly isn’t for our monetary safety, as users’ funds are far safer when self-custodied than when left to centralized exchanges and regulated custodians. Maybe, just maybe, they want to limit the ways in which each one of us can take back some control of our money from the state.

When they can’t control or surveil our finances or our actions, the power returns to the sovereign individual.

Why we mix

In the fight to reclaim sovereignty in the digital age, Bitcoin has become one of the most powerful tools at our disposal. Bitcoin has the  ability to separate money from the State, facilitate direct peer-to-peer transactions, and break the financial censorship and surveillance so rampant in our world today. Therefore, it is immensely important that anyone seeking freedom learn to use it. However, one of the core features of peer-to-peer currencies that we’ve come to love in physical cash is privacy — no one but the people in a cash transaction know how much is transacted, for what, and with whom.

Therefore, privacy in an open society requires anonymous transaction systems.

Eric Hughes, “A Cypherpunk’s Manifesto

Bitcoin’s design is one that focuses on security (ensuring only owners of funds can spend them), auditability (ensuring no one can arbitrarily create funds), and censorship-resistant peer-to-peer payments, and has proven over the years to do each of these things *extremely* well. One of the keys to Bitcoin’s early adoption and growth was the ability for anyone testing it out to easily see the flow of funds, understand how bitcoin was created through mining, and confirm that the network did what it was supposed to.

We’ve since moved on from Bitcoin’s early days into an increasingly adversarial environment, one filled with chain surveillance companies, hackers, and controlling governments. This has made it clear that Bitcoin suffers from a privacy problem due to transactions being merely pseudonymous instead of anonymous. In order to fully enable financial sovereignty and better realize the censorship-resistant design of Bitcoin, solutions are needed to allow users to use it as the digital cash we so desperately need. In this series we will walk through why we need better privacy in Bitcoin, what pieces of data are most important to hide or obfuscate, and the tools and techniques that have been created and implemented to enable this.

Ultimately, we at Foundation care deeply about user privacy and want to ensure that every one not only has access to a superior store of value in Bitcoin, but also one that can be stored and spent freely, anonymously, and without censorship.

The threat of identity + Bitcoin

One of the most powerful things that Bitcoin did was to detach money from identity, state, and institutions, giving  anyone access to a new, free, and uncensorable type of money. Many of these states and institutions, however, would love nothing more than to co-opt and cripple Bitcoin’s power for the individual through chain surveillance and the introduction of lawless and shadowy “regulations” put into practice under the guise of our protection. One of the most powerful ways that they can seek to limit the power and sovereignty that Bitcoin grants to each of us is to tie our identities back to Bitcoin, often through the use of regulations like “Know Your Customer” (KYC) and “Anti-Money Laundering” (AML) controls.

These controls force users of centralized services and exchanges to give up egregious amounts of personal data in order to convert fiat to Bitcoin (or vice-versa). This data is then easily tied to our usage of Bitcoin, leading to simplified surveillance by chain surveillance companies, confiscation by governments, and theft by bad actors who hack these exchanges and steal our private data. As Bitcoin’s ledger is openly available and stored on thousands of computers around the world, it reveals large amounts of financial information to anyone with a web browser.

Consider this common example: imagine you head to your nearest cafe and buy a coffee with Bitcoin, but you do so without having taken steps towards better privacy. When you pay the barista, they can use their smart phone or computer to see how much Bitcoin you own, where else you spend it, how much you earn, etc. While we generally have quite poor financial privacy today from institutions (think about your bank or credit card company), we expect strong privacy from merchants and random individuals we interact with.

Satoshi’s prescience on KYC/AML

In Bitcoin’s whitepaper, Satoshi saw that the first key to enabling Bitcoin to be used in a private (and thus censorship-resistant and sovereign) manner was to keep the user’s identity off-chain at all costs. When identity is detached from Bitcoin transactions, even the pseudonymity of addresses is a reasonably strong form of privacy for the most common threat models. It may not be perfect, but when bad actors have no clear connections to identity, the job of chain surveillance becomes drastically more difficult. When we choose not to link our identity to our Bitcoin usage we can break many of the most common surveillance methods used and make Bitcoin a much more powerful tool.

The pervasive threat of KYC/AML regulations tying identity to our Bitcoin activity is only increasing, and those who are able to avoid this creeping invasion of privacy have a monumental head start when it comes to Bitcoin privacy. Satoshi was quite prescient when he grasped the disassociation of identity and Bitcoin being important, detailing how this would separate Bitcoin from the traditional financial system and grant greater privacy and freedom. Although this regulation has led to centralized exchanges requiring identification, there is a growing and rapidly improving segment of the space that is focused on building out decentralized methods to exchange that can allow us to buy and sell Bitcoin anonymously (or pseudonymously) and avoid ever relinquishing  our personal information. Exchanges such as Hodl Hodl, Agora Desk, and Bisq allow Bitcoiners to escape the KYC/AML surveillance mechanism and give us an invaluable advantage when it comes to Bitcoin privacy.

“… privacy can still be maintained by breaking the flow of information in another place: by keeping public keys anonymous.”
Satoshi Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System”

While most Westerners may not be too concerned with this reality at present, many around the world have come face to face with what happens when their identity is easily tied to financial activity. This pairing can lead to de-platforming, repression, confiscation, and other attacks that limit the power they gain from using Bitcoin. We have seen a rise  in surveillance and censorship across the world, but thankfully we have the tools at our disposal to fight back. Our aim is to maximize the impact of Bitcoin in the hands of each sovereign individual, and one of the core ways to do that is to properly leverage the tools available to us.

HOw was privacy viewed in Bitcoin’s early days?

While most people will first acquire  Bitcoin through these centralized and regulated exchanges, even those who avoid KYC entirely deserve strong on-chain privacy for their money. As we see in the Cypherpunk’s Manifesto, anonymous ways to transact are key to broader privacy and freedom, and can best enable us to reclaim our financial sovereignty. If our ability to store and spend our money freely is eroded via surveillance and control, the rest of our rights as humans can be  quickly degraded.

Enter Bitcoin privacy tools.

Since the very early days of Bitcoin, developers and members of the community have spent countless hours devising methods to preserve privacy in Bitcoin to further protect users and empower its censorship-resistance. While this was a core focus early on, many in the community may not be familiar with how critical this topic was to many of the early Bitcoiners who paved the way for us. Many of the concepts used in Bitcoin and other cryptocurrencies focused on privacy were discussed or created in the first few years of Bitcoin’s existence by Bitcoin legends like Satoshi, Hal Finney, Greg Maxwell, Peter Todd, and Adam Back.

Hal Finney set the tone early on in Bitcoin

Hal Finney set the tone early on in Bitcoin as he immediately saw the privacy implications of a fully transparent system. Finney was an early pioneer and privacy advocate, contributing greatly to the PGP protocol and authoring key emails to the early cypherpunk’s mailing list. While Hal Finney was one of the first to think deeply about how to bring anonymity to Bitcoin, Satoshi and many others joined in throughout the early years. Between 2011 and 2013, we saw “stealth addresses”, “PayJoin”, “CoinJoin”, “Confidential Transactions”, and “Borromean Ring Signatures” all proposed and discussed around the Bitcoin community.

While many of these early concepts were never broadly implemented in Bitcoin, one idea did start to gain traction in 2013 — CoinJoins. Greg Maxwell playfully proposed the concept of CoinJoins in a Bitcoin Talk thread titled “I Taint Rich!”, inviting random users to work with him to create collaborative transactions. The idea was that these transactions would create false links between his coins history and that of other Bitcoin Talk users, sowing doubt in chain surveillance companies analysis. These early Bitcoiners paved the way towards a better Bitcoin by taking the time to create, propose, and discuss amazing concepts like CoinJoin.

In Bitcoin, one of the fundamental heuristics used to attempt to trace coins is called the “common input ownership heuristic”, one that assumes that any inputs to a transaction are owned by the same entity. If we can break that heuristic by having Bitcoiners work together to build transactions, we can make it much more difficult to surveil our activity on-chain. At the same time, CoinJoins allow us to build these transactions in a way that makes it extremely difficult to correctly guess which input is connected to which output — breaking the deterministic links that are the norm within Bitcoin and granting strong transactional privacy.

Paving the way towards a better Bitcoin

While concepts like CoinJoin were only the beginning, they would lay the groundwork for many of the most powerful Bitcoin privacy tools at our disposal today. But how does CoinJoin work? What do we achieve when we build these collaborative transactions? What information do we need to hide when we transact in Bitcoin?

We must defend our own privacy if we expect to have any.

Eric Hughes, “A Cypherpunk’s Manifesto

We’ll take a deeper look at the data that we must protect in order to defend our right to privacy in part 2 of this series, and then dive into how we got from the early concept of CoinJoin to the mature tools we have at our disposal today in part 3, including what we have in store for Passport and Envoy users in the near future.

Learning more

Verifying Envoy on Android

One of the core tenets we live by here at Foundation is that of “don’t trust, verify.” We’ve long had a detailed guide available for verifying and updating the firmware on Passport in a secure way, but we want to expand on that by empowering users to more easily validate Envoy on Android. In this guide we’ll walk through the “why” and “how” of verifying the APK file (the raw binaries that Android uses for manually installing applications) with both simple hash verification and full PGP signature validation to ensure that the app you install is exactly what we published and has not been tampered with in any way.

Why is verification important?

While the Google Play Store and Apple App Store provide a secure centralized method to distribute apps, control over the published application ends up in the hands of Google and Apple, respectively. Because of these centralized “walled gardens,” the ability for end users to verify that the applications they are installing are exactly what the developers publish is minimized, and trust is placed in the app store provider.

When downloading the APK directly from Github, however, we unlock the ability to provide additional guarantees that the application you’re installing is exactly what we at Foundation have made and that it has not been tampered with along the way. Because we’re focused on securely storing and spending Bitcoin with Passport and Envoy, many users understandably want to take as many steps as possible to ensure that their funds are safe against even advanced attacks.

When downloading binaries directly (essentially what an APK file is), even from websites you’d normally trust like Github, you’re placing trust in the source of that binary to match the source code you expect. Verifying the zipped (or compressed) APK file we publish on Github prevents Github (or a malicious attacker somehow injecting themselves between you and Github’s servers!) from being able to tamper with the Envoy APK without being detected. This verification process does require some extra work but can provide additional peace of mind to users of Envoy while reducing trust in third-parties.

Let’s look at how exactly we can perform this verification on Android itself.

Simple hash verification

While full verification via PGP keys is more secure, simple hash verification is very easy and faster to perform while still giving some security guarantees against more trivial man-in-the-middle attacks. A hash of a file is a fixed-length string that uniquely represents a given file, where changing even a single bit of the file would result in an entirely different hash. As a given input file can only have a single hash, comparing the expected hash against the downloaded file ensures that not even a single bit in the file has been changed or corrupted.

  1. Download and install “DeadHash” via the Google Play Store or F-Droid
  2. Copy the SHA-256 hash for the Envoy APK zip file from the Github release page
    • The hash will look something like this:
    • 08cc97450febd558a0f54d93b181f9a90
  3. This SHA-256 hash (the same hashing algorithm used for Bitcoin mining!) is a way to represent the file in a way that cannot be falsified
  4. Open DeadHash and select the folder icon to choose the Envoy APK zip file
    • Select the downloaded APK zip file, i.e. envoy-apk-1.0.7-18.zip
  5. Paste the hash you copied into the “Compare” field
  6. Press “Calculate”
  7. Ensure that the SHA-256 hash validates and gives you a nice green check-mark
    • All of the hashing algorithms except for SHA-256 should show a red X, as we’ve only provided the SHA-256 hash
    • If you get a red X for all hashes, including SHA-256, stop immediately and reach out to us at hello@foundationdevices.com! If it does match, you’re all set.
DeadHash giving a successful hash check

Fully verifying Envoy via PGP

While more involved than simple hash verification, taking the time to validate our PGP key and signatures ensures that as many threats as possible are mitigated. When you validate the PGP keys and signatures of Envoy, you ensure that only a successful attack would require both the PGP private keys and control over our Github account(s). This verification also entirely mitigates the risk, however minor, of Github themselves tampering with the APK.

Getting setup

Before we get started, you’ll need to download and install a separate app on your Android device to enable you to validate the PGP key used to sign the Envoy zip file, and then import the Envoy signing key. For each of the steps below with commands (i.e. pkg install wget gnupg -y), simply copy and paste these into Termux and hit enter.

  1. Install the Termux app from Github or F-Droid
  2. Open Termux and install the required packages
    • pkg install wget gnupg -y
  3. Download the Envoy signing PGP key
    • wget --quiet https://docs.foundationdevices.com/envoy_key.pgp
  4. Download the Envoy APK file, manifest file, and PGP signature file
    • Replace the links below with those from the latest release!
    • wget --quiet https://github.com/Foundation-Devices/envoy/releases/download/v1.0.7/envoy-apk-1.0.7-18.zip
      wget --quiet https://github.com/Foundation-Devices/envoy/releases/download/v1.0.7/envoy-manifest.txt
      wget --quiet https://github.com/Foundation-Devices/envoy/releases/download/v1.0.7/envoy-manifest.txt.asc
Successful prep steps

verifying Envoy

  1. Import the Envoy signing PGP key
    • gpg --import envoy_key.pgp
    • Validate the key ID that is shown on the first or second line matches that on https://foundationdevices.com/pgp/ under “Envoy Signing Key”
      • i.e. “E8CE0DD2B5528043” (note that the key is not case sensitive)
    • If the key does NOT match, stop immediately and reach out to us at hello@foundationdevices.com! If it does match, proceed to step two below
    • This step imports the PGP key we publish on our website, allowing you to properly validate our PGP signature in the next step
  2. Verify the “envoy-manifest.txt” file is properly signed with our Envoy signing PGP key
    • gpg --verify envoy-manifest.txt.asc envoy-manifest.txt
    • You should see output including “Good signature from ‘Igor Cota <igor@openbook.hr>‘” in a line of the output from this step
    • This step ensures that the GPG key we publish was the one used to sign the envoy-manifest.txt file, and that the file has not been tampered with in any way
  3. Verify the Envoy APK zip file
    • echo "$(grep "envoy-apk" envoy-manifest.txt)" | sha256sum --check
    • This step compares the hash for the APK zip in the envoy-manifest.txt file that we’ve verified via PGP with the SHA-256 hash of the actual APK zip file we’ve downloaded, ensuring no tampering or corruption has happened
  4. If the output says something like envoy-apk-1.0.7-18.zip: OK, you’ve successfully verified the binary and can go ahead and install with added peace of mind
    • Note that the file name will change with each release, but you should always get the “OK” at the end!
    • If the output does NOT say “OK“, stop immediately and reach out to us at hello@foundationdevices.com!
Successful verification of Envoy via Termux


Congratulations on successfully verifying Envoy! These steps are certainly going above and beyond, but keeping with the “don’t trust, verify” mantra is one that always pays off. If you’d like to read more about the PGP or simple hash verification process, you can take a look at the following links:

Verifying your Casa Multisig with Passport and Sparrow

collaborative custody

Casa is one of the Bitcoin ecosystem’s leading collaborative custody services. Using the Casa mobile app, you can create a multi-signature wallet consisting of either:

  • 3 keys (Gold Plan) – 1 user secured signing device like Passport, a key stored on the user’s phone (backed up to the cloud), and Casa holding the third key.
  • 5 keys (Platinum Plan) – 3 user secured signing devices, a mobile key and a fifth key held by Casa.

With this setup, the user is always the majority key holder, and Casa alone cannot spend any funds from the wallet. Under normal operation, users do not need to interact with the key held by Casa and can authorize transactions themselves using their majority key set. Where the Casa key comes into play is in a scenario where the user loses access to 1 key in the Gold Plan, or 2 keys if using the Platinum Plan. In this scenario, the user can initiate a Recovery transaction to spend, with the help of Casa, their Bitcoin to a new multisig wallet where all keys are accessible once again.

With the release of Passport firmware v2.0.4, we are thrilled to announce that using Passport with Casa is now easier than ever. Passport’s new Extensions menu lets you quickly and easily enable different features that unlock new functionality. Once enabled, the Casa extension adds an additional Casa account screen. From here you can do the typical transaction signing as you would with any other Passport account, but you’ll also notice some Casa specific features, such as ‘Health Check’, that allows you to quickly confirm that Passport is still connected with your Casa account. You’ll also find a customized Casa connection wizard that makes your initial setup a breeze!

Founder’s Edition Passport users fear not, we will be porting all of the new v2.0.4 features to your firmware very soon.

Who is this guide for?

For the reasons outlined above (and many more), Casa functions incredibly well to help many Bitcoiners secure their wealth. This tutorial is for those users that want to leverage the power of a collaborative custody setup like Casa, but at the same time want to minimize the level of trust they place in Casa. The following steps show how to recreate a ‘watch-only’ version of a Casa multisig wallet. This watch-only version of the wallet will be created in the free and Open Source desktop application, Sparrow Wallet. Being a watch-only, Sparrow will not have the ability to spend any funds from within, though we will make a brief mention of the additional steps required to do this later.

There are three main reasons a user might want to carry out these steps:

  • To check that Casa is generating receive and change addresses that belong to the wallet created with the three keys provided. Later, we’ll leverage Passport’s ‘verify address‘ scanning feature to make this super simple.
  • In preparation for a doomsday scenario in which Casa the company ceased to exist and the user needed to recover their funds without the help of Casa.
  • To use the Whirlpool coinjoin service within Sparrow to mix directly into their Casa multisig wallet.
Sparrow Wallet Preview

Before we start

The following steps assume a few prerequisites are met. Ensure you meet all three requirements before attempting to complete this tutorial:

  • You have a Casa multisig wallet setup and active on your Android or iOS device.
  • You have downloaded Sparrow Wallet.
  • You have a secure method of transferring sensitive information from your phone to the device running Sparrow Wallet. Examples include Signal, Keybase, or an encrypted notes app like Standard Notes.

Exporting the public keys

To recreate the Casa wallet in Sparrow, we need the public keys from each wallet participant as well as the corresponding derivation path and fingerprint for each. If you’re a Gold plan user, that means you’ll need to check 3 keys, and Platinum users will need to check 5 keys.

Open the Casa app, click on any of the available keys, then tap ‘View Public Keys‘. Copy and paste all information shown into your chosen secure transfer app. Be sure to carefully label which key the information belongs to.

Repeat these steps for every key until you have something that resembles the image below. Depending on how you’ve used the Casa app prior to this guide, your derivation paths may be different to those shown in this guide. Also note the lack of a derivation path for the Casa Recovery Key, the Casa app does not display this information.

Standard Notes app displaying the exported Casa wallet information

Enter Sparrow

Now that we have the required information from Casa, we can turn our attention to Sparrow. Click File > New Wallet and give the wallet a name

Sparrow Wallet Creation

On the following screen, change the ‘Policy Type’ to Multi Signature, then change the ‘Script Type’ to Nested Segwit and finally, set ‘Cosigners’ to 2/3. This will set the wallet’s spending policy to match Casa where two signatures out of a possible three are required to spend from the wallet. If you are following this guide as a Platinum user, set ‘Cosigners’ to 3/5, where three signatures from a possible five are required to spend.

Sparrow Wallet configured to suit the Casa setup

The next step is to import the information taken from the Casa app, into Sparrow. Sparrow represents each cosigner as a ‘Keystore’, and for the purposes of this guide, all three cosigners will be imported using the ‘xPub / Watch Only Wallet‘ option.

Populate the first Keystore using the information saved in your chosen transfer app, ensuring you enter each piece of information exactly as it was copied from Casa.

Keystore 1 populated with public key information

Repeat for all cosigners until each Keystore in Sparrow is populated. For the Casa Recovery Key, enter the same derivation path used for all other keys.

All Keystores populated

Once completed, click ‘Apply’. Sparrow will then ask if you’d like to set a password to prevent unauthorized access to the wallet. This password is unique to Sparrow and, if applied, ensure it is securely backup up.

Do they match?

If you followed these instructions successfully, opening the Transactions tab will reveal your Casa wallet’s total balance and transaction history. If you do not, open the Sparrow Settings tab and double check the information entered is an exact match to that shown in Casa.

Casa Wallet successfully imported into Sparrow

Open the Receive screen in both Casa and Sparrow and check that the addresses shown are an exact match. We can now be confident that Casa is generating the correct receive addresses for your multi-signature wallet. If desired, you can repeat this check every time the Casa app shows you a new receiving address.

Sparrow Wallet receive screen

Verifying with passport

To leverage Passport’s powerful ‘Verify Address’ feature to verify all future addresses shown by Casa (or Sparrow) with a simple scan, we need to make Passport aware of the wallet configuration. Unlike other multisig wallet coordinators, Casa does not currently have a way to export this information via QR code or microSD card, but there are two other ways we can get this information to Passport.

Option 1 – Passport Multisig policy

By having Passport’s multisig policy set to ‘Ask to Import’, Passport will automatically pull the required information from the transaction details when signing a transaction with Casa.

Passport import multisig config
option 2 – use sparrow

With the multisig wallet open in Sparrow, head to Settings > Export, then click ‘Show’ next to ‘Passport Multisig’. Sparrow will then display an animated QR code containing all of the wallet public information which will notify Passport of the wallet details.

Multisig wallet config export

On Passport head to Settings > Multisig > Import from QR then scan the QR being displayed by Sparrow. Review the details shown on screen and then confirm.

scan + go

Now, when using the Verify Address feature on Passport, you’ll be able to choose your imported Casa wallet from the list and will get a confirmation that the address being shown is part of your multisig wallet.

Passport Address Verification

What if i want to spend?

At this stage Sparrow is acting purely as a watch-only wallet that cannot spend, and has no influence on the activities taken in the Casa app. The private keys required to authorize spends are still stored on your Passport, your phone and on the Casa Recovery Server respectively. But what if Casa were to disappear and you needed to move your Bitcoin?

In this very unlikely scenario, the steps required are almost identical to those outlined above. The only difference being, that instead of importing the Mobile cosigner’s public key, we instead need to import its private key. This private key can be exported from Casa by tapping on the mobile key then ‘Import or Export Backup’, followed by ‘Export Private Key’. Casa will then display a list of seed words that should be stored securely and not shared with anyone.

Once you have the mobile key’s seed words, you can change that Keystore in the Sparrow settings. Click ‘Import from an external source’, choose ‘Software Wallet’ then ‘Mnemonic Seed Words (BIP39)’. Then enter the seed words you noted down from the Casa app.

Importing a mnemonic seed to Sparrow

On the following screen set the derivation path to match the other cosigners and click ‘Import Custom Derivation Key’. To finalize these changes click ‘Apply’ on the settings screen.

Custom derivation path setting

Sparrow now contains 1 of the 3 private keys required to spend from this multisig wallet. Now, to spend your Bitcoin to a new wallet, all that’s required is to create the transaction by following the usual steps and providing a second signature with Passport. The video below demonstrates the typical signing flow with Passport + Sparrow.

A note on key rotations

When one key is compromised and replaced, Casa bumps all other keys to the next account level in their respective derivation paths. This means that any time a key rotation is performed within Casa, the above steps must be repeated. More experienced Sparrow users may opt to manually update each Keystore to reflect the wallet changes, but it is good practice for newer users to get comfortable creating the wallet from scratch.

BONUS – coinjoin directly to your casa wallet!

Sparrow Wallet recently incorporated the Samourai Wallet Whirlpool coinjoin implementation. Conjoin is one of the best methods available to preserve your privacy when interacting with Bitcoin’s transparent ledger. Sparrow enables you to participate in coinjoins via your computer without the need for an Android phone. Additional to the Whirlpool functionality, Sparrow also enables users to have those mixed outputs be sent automatically to any another wallet managed by the same Sparrow application. No additional user input, just start the mix, leave Sparrow running and it will do the rest for you!

This section of the guide is not designed to be a detailed walk through of using Whirlpool with Sparrow. For that, you can read this guide or watch this video. Prerequisites for this section of the guide:

  • Have a Casa wallet imported into Sparrow.
  • Have a single signature hot wallet (where Sparrow holds the seed words) set up in Sparrow.
  • Have the hot wallet funded with the amount of Bitcoin you want to coinjoin.

Starting the mix

With your hot wallet open in Sparrow and funded with the amount of Bitcoin you want to coinjoin, open the UTXO tab and from the list, select the UTXOs you want to mix. Then choose ‘Mix Selected’.

Starting a mix with Sparrow Wallet

Work through the following dialogue screens to select your miner fee and pool size to enter. The pool size you choose will depend on the amount of Bitcoin you are mixing plus the desired denomination of mixed output you desire. To confirm click Preview Premix.

Whirlpool info screen

On the following screen Sparrow provides a breakdown of the fees involved and mixed outputs created from the coinjoin. When you are happy click Broadcast Premix Transaction.

Premix preview

The coinjoin is now initiated and Sparrow will take over and do the rest for you, provided you keep the application running. After a short while, navigate to the Postmix tab from the side bar to see your mixed outputs. How many you see in this screen will depend on the amount of Bitcoin you elected to mix, and in which pool.

Mixing larger amounts in smaller pools may take longer to complete, so do not be alarmed the expected amount of Bitcoin does not show up immediately.

Sparrow Wallet Postmix Tab

Mixing to your casa multisig

To get your mixed outputs sent automatically to your Casa multisig, ensure both your hot wallet and the imported Casa wallet are open in Sparrow. Then navigate to the Postmix UTXOs tab and select the UTXO(s) to be mixed into the Casa wallet then click ‘Mix to’.

In the pop up window, select the imported Casa wallet from the Mix to drop down then select the minimum number of mixes required before the UTXOs are eligible to be sent to the Casa wallet, a higher number here will improve your privacy but means the move to Casa will take longer. Finally, leave the index range to Full and click Restart Whirlpool.

‘Mix to’ configuration

Now, when clicking on the UTXOs selected earlier, Sparrow will indicate at the bottom of the screen that they are ‘Mixing to Casa’. Again, all you need to do now is leave Sparrow running on your computer and it will take care of the rest for you.

‘Mix to’ started

After the defined amount of mixes have taken place, you’ll see incoming transactions of the pool amount landing in your Casa app (and the imported version on Sparrow). Each UTXO will be sent individually to your Casa wallet, and the more UTXOs set using ‘Mix To’, the longer the process will take to fully complete. Patience is key here and you can monitor everything from Sparrow.

It’s worth mentioning that whilst Whirlpool provides fantastic forward looking privacy for your mixed outputs, your wallet is still ultimately connected to Casa’s node, meaning that Casa will still know the UTXOs are yours.

the best of both worlds

By following the steps outlined in this guide, you really can have have it all! You get the awesome security and redundancy the Casa collaborative custody model offers, coupled with the fantastic forward looking privacy gained from using the Whirlpool coinjoin service within Sparrow. All of this, whilst also minimizing the trust placed in Casa by combining Passport with a Sparrow watch-only setup to validate everything the Casa app presents to you. Finally, in the highly unlikely situation that Casa were to disappear, you’re now also fully prepared to recover your Bitcoin too.

Stay tuned to our YouTube and BitcoinTV channels for an upcoming video tutorial on using Passport with Casa to secure your sats!


Order Passport Batch 2 today, limited to 2400 units!

$259.00Add to cart

Interacting with bitcoin privately

Bitcoin Privacy

One of the first things most people hear about Bitcoin is that it’s “Private internet money” or “Untraceable Cash for criminals.” But spend more than 5 minutes to understand how the network functions and you’ll quickly see that these assertions are incorrect and can often lead newcomers into a false sense of security when interacting with Bitcoin.

We spoke in our recent coinjoin article about how Bitcoin has a completely transparent record of all transactions ever made, known as the blockchain. This transparent nature makes it trivial to verify the total circulating supply of Bitcoin at any moment, an incredibly important feature. However, Bitcoin’s transparent nature also makes it easier for chain surveillance firms, or indeed anyone using a block explorer, to attempt to track the flow of funds across the network. Not great for privacy!

At a transactional level, Bitcoin offers less than perfect default privacy guarantees, which can be combated with tools like coinjoin, but transacting is just one of the many ways in which we interact and expose ourselves to Bitcoin and the ecosystem surrounding it. A holistic approach is a great way to attack most things in life; Bitcoin privacy is no different.

So what steps can average Bitcoiners take to preserve their privacy whilst leveraging the power of the world’s hardest money? What follows are some tools and techniques anyone can deploy when looking to improve or protect their Bitcoin privacy. You might be surprised at how simple some of them are!

#1 – SHhh

This might seem blatantly obvious, but the fewer people you talk to about owning Bitcoin, the fewer people know you own Bitcoin. Aside from the obvious privacy benefits, this one also improves your Bitcoin security too. Attackers cannot attempt to steal something they have zero knowledge about.

Of course you’ll want to try and ‘orange pill’ your friends and family and you’ll also need to ensure you have the necessary things in place for inheritance planning should anything happen to you, both of which involve you exposing a certain level of information about your Bitcoin. Just be selective with the info you share and who you share it with – it’s a fine balance to strike.

#2 – Use a Pseudonym

This one goes hand in hand with #1, but is geared more towards getting involved in the vibrant online Bitcoin community. A pseudonym is a great way to make new Bitcoin friends from all over the world without the need to share any of your personal information with a group of strangers on the internet.

Signing up to Twitter or Telegram with a username like @JohnDoe makes it easy for anyone to search your name and find out significant amounts of information about you in just a few clicks. Now that they know you’re a Bitcoiner, they may choose to use this information against you at any point in the future.

Ultimately you have no idea who the real people are behind the usernames you interact with online, so it makes perfect sense to guard yourself with a pseudonym whilst building those relationships. From there you can choose to selectively reveal as little or as much information about yourself as you’d like over time.

#3 Use Tor or a vpn

Any time you connect to the internet you leak information about yourself. The two usual suspects are your IP address, which shares your approximate location with every website you connect to, and your browsing activity with your Internet Service Provider (ISP).

Visiting a Bitcoin related website? That website knows roughly where you live, and your ISP sees every page you view. Querying your Bitcoin balance using the default node back-end in a wallet like BlueWallet or Blockstream Green? That company knows roughly where you live and how much Bitcoin you have, and the ISP also see’s you connecting to them.

By carrying out those activities over the Tor network or whilst using a VPN service, you gain differing levels of protection against these sorts of privacy leaks. These tools work by hiding your browsing activity from your ISP and masking your IP address from the websites or nodes you connect to.

Where possible, try to use Bitcoin wallets like Envoy or Samourai Wallet that default to Tor connections. When using tools like public blockchain explorers or any Bitcoin related websites, use the Tor network or have a VPN service like Mullvad active to mask your true IP address. It’s worth noting here that whilst a VPN will hide your browsing activity from your ISP and your IP address from the services you connect to, the VPN provider can still see this information.

Tor Browser Window

#4 Obtain via no-KYC methods

When purchasing Bitcoin from a regulated exchange like Cash App or River, you’ll need to provide personal information to satisfy the ‘Know your Customer’ (KYC) regulations imposed upon them. Usually this information will be your name, address, drivers license, or passport and in some cases, might even be a selfie or video asking you to turn your head and say some specific words. Any Bitcoin you then purchase from that entity is tied to your personal identity.

Your public information is stored by these companies (sometimes poorly) and likely shared with the government upon request. Unfortunately, this information is often leaked onto the internet by hackers, resulting in anyone with eyes on the leaked list learning your name, where you live, what you look like and potentially how much Bitcoin you own.

This information could make you a target to a local thief who might take the opportunity to pay you a visit and try to persuade you to hand over your hard earned sats. Although the more likely outcome is that you’ll become the target of phishing attacks where an attacker will send a bogus email asking you to login to a malicious website in an attempt to steal your Bitcoin.

Fortunately you can combat this by obtaining Bitcoin via methods that do not require you to share such excessive amounts of personally identifying information. These methods take many forms, below is a list of just a few of them. You can learn more at kycnot.me and nokyconly.com.

Bisq Decentralized Exchange

#5 Run your own node

In #3 we spoke about the risks of network level privacy leaks when querying public block explorers or when using the default node option of some wallets. Another way you can combat these privacy leaks is to run your own Bitcoin node. A node is the way in which all Bitcoin wallets communicate with the Bitcoin network to send transactions and query balances. If you are not using your own node, you are trusting someone else’s node with your privacy and to serve you the correct information.

Thankfully today we have a wealth of different node options available to suit all requirements and skill levels. Some are as simple as downloading Bitcoin Core onto an old laptop to connect your hardware wallet to, and some come packed with more advanced features like personal block explorers, coinjoin implementations, Electrum servers, and Lightning Network features.

Which one you choose will depend entirely on your budget, requirements, available hardware, and skill levels. Just remember, to leverage the power of your own personal node, you must use it as the back end for your Bitcoin wallets! “Don’t trust, verify.”

RoninDojo Tanto Plug + Play Node

#6 Address reuse

We have the legacy financial system to thank for this one! We are used to having a single account number which we re-use for years on end to receive money. That single number is the ‘place’ where we store our fiat wealth. Bitcoin is slightly different. In Bitcoin we have our wallet, which is typically backed up by a 12 or 24 word seed, and from that seed we can derive an unlimited amount of individual addresses.

Typically a Bitcoin address will look something like this bc1qrkgefmxzn6v3kuhkgxlf6lkul9y50ahf4ckrq8, although some older address standards can start with ‘1‘ or ‘3‘. Re-using the same address for multiple transactions tells anyone looking at the blockchain that all funds within those transactions belong to the same entity.

When receiving Bitcoin it’s good practice to use a new address with every transaction. This might sound like a logistical nightmare, but almost all modern wallets will automatically serve you a new one every time you receive, the only thing you need to do is not share the same one with different people. The wallet will automatically watch all of those addresses and show you your wallet’s total balance.

#7 coin control and labeling

The Bitcoin balance you see in your wallet is the sum of all of the smaller pieces of Bitcoin contained within. These pieces of Bitcoin are known as Unspent Transaction Outputs (UTXOs) and each will have a history, some of which belongs to you, some of which does not. If you use a wallet that automatically selects which UTXOs are used when making each transaction, you may be sharing unwanted transactional information with the recipient of the transaction or anyone surveilling the blockchain.

Additionally, if your wallet enables you to view and select UTXOs to transact with, but you do not know the source of each, how will you know which ones are best to use for the different transactional situations you find yourself in? By using a wallet that allows UTXO labeling and the selection of which UTXOs are used to construct each transaction (known as Coin Control), you are able to share the minimal amount of information when transacting.

A good practical example of this would be a wallet that contains both KYC and no-KYC Bitcoin. Ideally, you should not combine these two sources in a single transaction, because it will tie the no-KYC Bitcoin to the KYC Bitcoin that is linked your true identity provided when you purchased from the regulated exchange. If your coins are clearly labelled ‘KYC‘ and ‘no-KYC‘ then you can make an educated decision when spending those sats in the future.

Sparrow Wallet showing labeling

#8 Use coinjoin

Those of you that read our coinjoin article will already have a flavor of what coinjoin is and why it’s important. Here is a snippet from the opening paragraph. ‘Coinjoin is a form of collaborative Bitcoin transaction where two or more users create a transaction that provides ambiguity about the ownership of the transaction outputs. This takes place without a user needing to trust any other user participating in the transaction.’

Coinjoin aims to combat the transparent nature of the Bitcoin blockchain by making it difficult for anyone surveilling the chain to track the flow of funds. There are many times of coinjoins a user can take part in to improve their ‘on-chain’ privacy. There are centrally coordinated solutions such as Whirlpool and peer-to-peer solutions like JoinMarket, Stonewall X2 and Stowaway.

A combination of some or all of these tools can be used to improve on-chain privacy, and with the exception of JoinMarket, all of the aforementioned tools can be accessed via Samourai or Sparrow wallets.

Whirlpool coinjoin from KYCP.org

Final thoughts

Bitcoin privacy is an constantly evolving phenomenon. For every new wallet feature or protocol upgrade, there is a shift in regulation or surveillance technology to attempt to combat it. The steps outlined above may seem daunting or lengthy, but in our opinion, are a small price to pay to achieve true financial sovereignty. Privacy in Bitcoin is not easy, but is attainable for those that seek it.

If you’d like to learn more about the practical application of some of these tools and techniques, check out bitcoiner.guide/privacy from our very own Bitcoin QnA and Jameson Lopp’s privacy resource page.

purchase PASSPORT

Order Passport Batch 2 today, limited to 2400 units!

$259.00Add to cart

Buying Passport privately USING Coinjoin

What is coinjoin?

Coinjoin is a form of collaborative Bitcoin transaction where two or more users create a transaction that provides ambiguity about the ownership of the transaction outputs. This takes place without a user needing to trust any other user participating in the transaction.

Imagine you and nine friends all throw a $10 note into a box, shake the box around, and then each pick out a note at random. Nobody would know who ended up with whose original $10 bill!

Coinjoins can take many different shapes and sizes but are always performed in a non-custodial fashion, meaning that you never lose control of your bitcoin when participating. Anytime you’re participating in a ‘coinjoin’ that asks you to send all your Bitcoin to an address not under your control, beware. So called ‘Mixers‘ like this operate in a custodial fashion and have been known to steal people’s bitcoin. Tread extremely carefully and only use tools that are well vetted.

The most common type of Coinjoin is known as an ‘Centrally Coordinated’ one, where there are often many participants in each transaction. An example of this is the Samourai Wallet Whirlpool implementation. In this type of setup, multiple users connect to a central coordinator which acts as a the central authority between all participants. The coordinator never gains control of any funds or learns anything about the participants. Its main functions are to coordinate the transaction (which becomes difficult to do purely in a peer-to-peer fashion as more participants are added) and collect a fee for maintaining the service.

Whirlpool coinjoin example with 5 participants

Why coinjoin?

Traditional finance offers fairly good levels of privacy from certain parties. For example, your employer doesn’t get to see how you spend your paycheck, and the Barista at Starbucks doesn’t get to see how you spend the change from the $20 bill you used for your morning latte.

Due to Bitcoin’s completely transparent ledger, it’s more challenging to maintain your privacy in the above examples – unless you embrace basic privacy practices when interacting with Bitcoin! In addition to being transparent, the Bitcoin blockchain is also permanent. Every transaction you make is copied to thousands of nodes (or computers) around the world to be stored indefinitely.

These two properties of Bitcoin (transparency and permanency) make it trivial for even semi-sophisticated actors with time and resources to track the flow of funds across the blockchain, at any time they like. The mistakes you make today could easily be used against you in the coming years by anyone with the ability and desire to interpret this public information.

Coinjoins provide Bitcoiners with a way to prevent against such attacks and regain some privacy. Coinjoins allow you to prevent your employer, Starbucks Barista, or even worse – a chain surveillance firm (whose job it is to track entities on the blockchain) – from tracking your spending habits. This gives you the ability to spend or save in the same way you would with physical cash, without fear of retribution at some arbitrary point in the future.

what is a payjoin?

Aside from the commonly used ‘centrally coordinated’ coinjoins, consisting of a larger number of users that each receive back the same amount they put in (less any fees), there is also Payjoin. Payjoins are peer-to-peer coinjoins, generally between just two parties. Payjoins are more commonly used when transferring value from one person to another, like buying a new hardware wallet!

Payjoins enable Bitcoin value transfer between two parties, whilst breaking something called the ‘Common Input Ownership Heuristic’ (CIOH). This heuristic used by chain surveillance firms to try and interpret the flow of funds across the blockchain. These firms do this by assuming that all of the inputs to a transaction belong to the same entity, which is true of most typical Bitcoin spends, but not with Payjoin!

As with any normal bitcoin transaction where value is being transferred from one person to another, during a Payjoin transaction the recipient gains the desired amount of Bitcoin from the sender, receiving at least one transaction output (the payment). Where a Payjoin differs is that the recipient also provides an input to the transaction, completely undermining the CIOH and casting doubt over the true flow of funds. The resulting transaction looks no different to any other typical spend, with only the two participants knowing they just completed a coinjoin whilst also transferring value from one to the other.

The other beautiful part about Payjoin is that due to the nature of how these transactions are constructed, the actual value transacted between the two parties is not visible to anyone looking at the blockchain. We’ll demonstrate this in the steps that follow.

buying passport with a payjoin

Currently there are only a few wallets able to send and receive Payjoins that adhere to the BIP78 standard. Sparrow Wallet is a great example, and will be used to demonstrate how you can purchase a Passport with a Payjoin. The receiver side of this transaction will be the Payjoin compatible BTCPay Server, which operates as our in-house Bitcoin payment processor.

First off: head to our website, add Passport to your cart, and then head to the checkout to provide contact and shipping information. Once that’s complete, choose Bitcoin as your payment option and click ‘Proceed To BTCPay’.

Passport order ready to be place

Next you’ll be greeted with an invoice which you can choose to pay using the Lightning Network, or in this case, regular ‘on-chain’ Bitcoin. The QR code shown is an encoded version of the receive address for sending using a standard transaction. For Payjoin, navigate to the ‘Copy’ tab and copy the Payment Link provided.

Invoice QR
Invoice ‘copy’ field

Using a hot wallet in Sparrow, open the Send tab and paste the payment link into the ‘Pay to’ field. Sparrow will then populate the recipient address and amount, and will store the remaining info for a following step in the process. Give the transaction a label, adjust your miner fee and click Create Transaction.

Transaction built

On the next screen you can review the transaction details. Note the blank ‘Payjoin input’? We’ll get to that next.

Transaction Summary

Click ‘Sign’ to authorize the first part of the transaction.

Transaction ready for signing

Now we have the option to Get Payjoin Transaction. This uses the information provided from the payment link copied earlier to contact the Foundation Devices BTCPay Server to obtain the details of the UTXO to be used as the missing input in our Payjoin.

Payjoin coordination ready

Recipient Payjoin input obtained and the final transaction is ready to sign.

Payjoin input obtained

Payjoin signed and ready to be broadcast to the network.

Final transaction for broadcast

The BTCPay Server will automatically detect the incoming payment and mark your order as confirmed!

Order complete

transaction analysis

This image is a block explorer view of the transaction demonstrated above, with added annotations to explain the makeup of the transaction. Some key things to note:

  • Both sender and recipient have one input and one output each
  • The actual value transferred for the purchase during the transaction was 0.00511928 BTC (see the invoice above), this amount is not visible
  • The transaction has cast doubt over the true flow of funds and improved the privacy of both participants
Click to open transaction in a blockchain explorer

The receiver has contributed a UTXO of 0.00583881 BTC to the transaction and finished up with a UTXO of 0.01095809 BTC. Subtract one from the other and you get the exact value of the invoice 0.00511928 BTC.

other privacy considerations

Spending via Payjoins or by using the outputs from larger coordinated coinjoins is a fantastic way to preserve your privacy at the Bitcoin network level. It’s also worth noting that those two options can be combined for even greater effect – Coinjoin with Whirlpool, then use those mixed outputs to create a Payjoin spend!

There are unfortunately many other things to consider when attempting to spend Bitcoin privately, or when ordering Bitcoin related items online. We plan to cover these in future articles, but will summarize them below for awareness.

(1) Purchasing using Bitcoin directly from an exchange

Are you comfortable with the exchange (or trading partner if using a peer-to-peer method) knowing you’re spending to a Bitcoin related company? If not, make use of the Coinjoin tools outlined in this article.

(2) Purchasing using a credit card

Are you comfortable with your bank knowing you’re spending to a Bitcoin related company? If not, purchase using Bitcoin that has been obtained in a private manner or has been coinjoined.

(3) Getting items shipped to your home address

Are you comfortable with the company you’re purchasing from knowing your home address? Are you aware of their data retention policies? How about a curious courier that might see a Bitcoin logo on one of your packages? If not, opt to get the items delivered to a PO box, re-mailer or similar service. The options available to you will depend on your jurisdiction.

(4) Getting items shipped using your real name and telephone number

Once again, are you aware of the company’s data retention policies? Do they have a good track record for keeping customer data secure? You could use a pseudonym and a phone number that is not tied to your personal identity.

The holistic approach

Bitcoin privacy is a multifaceted beast with many things to consider, nobody gets it perfect first time. The key thing to remember is that there’s never a bad time to start improving your privacy. Pick one aspect, make a change, then move on to the next to ensure you don’t get overwhelmed. Stay tuned for more articles on the subject, and if you need personalized support consider checking out our Concierge service.

purchase PASSPORT

Order Passport Batch 2 today, limited to 2400 units!

$259.00Add to cart