Buying Passport privately USING Coinjoin

What is coinjoin?

Coinjoin is a form of collaborative Bitcoin transaction where two or more users create a transaction that provides ambiguity about the ownership of the transaction outputs. This takes place without a user needing to trust any other user participating in the transaction.

Imagine you and nine friends all throw a $10 note into a box, shake the box around, and then each pick out a note at random. Nobody would know who ended up with whose original $10 bill!

Coinjoins can take many different shapes and sizes but are always performed in a non-custodial fashion, meaning that you never lose control of your bitcoin when participating. Anytime you’re participating in a ‘coinjoin’ that asks you to send all your Bitcoin to an address not under your control, beware. So called ‘Mixers‘ like this operate in a custodial fashion and have been known to steal people’s bitcoin. Tread extremely carefully and only use tools that are well vetted.

The most common type of Coinjoin is known as an ‘Centrally Coordinated’ one, where there are often many participants in each transaction. An example of this is the Samourai Wallet Whirlpool implementation. In this type of setup, multiple users connect to a central coordinator which acts as a the central authority between all participants. The coordinator never gains control of any funds or learns anything about the participants. Its main functions are to coordinate the transaction (which becomes difficult to do purely in a peer-to-peer fashion as more participants are added) and collect a fee for maintaining the service.

Why coinjoin?

Traditional finance offers fairly good levels of privacy from certain parties. For example, your employer doesn’t get to see how you spend your paycheck, and the Barista at Starbucks doesn’t get to see how you spend the change from the $20 bill you used for your morning latte.

Due to Bitcoin’s completely transparent ledger, it’s more challenging to maintain your privacy in the above examples – unless you embrace basic privacy practices when interacting with Bitcoin! In addition to being transparent, the Bitcoin blockchain is also permanent. Every transaction you make is copied to thousands of nodes (or computers) around the world to be stored indefinitely.

These two properties of Bitcoin (transparency and permanency) make it trivial for even semi-sophisticated actors with time and resources to track the flow of funds across the blockchain, at any time they like. The mistakes you make today could easily be used against you in the coming years by anyone with the ability and desire to interpret this public information.

Coinjoins provide Bitcoiners with a way to prevent against such attacks and regain some privacy. Coinjoins allow you to prevent your employer, Starbucks Barista, or even worse – a chain surveillance firm (whose job it is to track entities on the blockchain) – from tracking your spending habits. This gives you the ability to spend or save in the same way you would with physical cash, without fear of retribution at some arbitrary point in the future.

what is a payjoin?

Aside from the commonly used ‘centrally coordinated’ coinjoins, consisting of a larger number of users that each receive back the same amount they put in (less any fees), there is also Payjoin. Payjoins are peer-to-peer coinjoins, generally between just two parties. Payjoins are more commonly used when transferring value from one person to another, like buying a new hardware wallet!

Payjoins enable Bitcoin value transfer between two parties, whilst breaking something called the ‘Common Input Ownership Heuristic’ (CIOH). This heuristic used by chain surveillance firms to try and interpret the flow of funds across the blockchain. These firms do this by assuming that all of the inputs to a transaction belong to the same entity, which is true of most typical Bitcoin spends, but not with Payjoin!

As with any normal bitcoin transaction where value is being transferred from one person to another, during a Payjoin transaction the recipient gains the desired amount of Bitcoin from the sender, receiving at least one transaction output (the payment). Where a Payjoin differs is that the recipient also provides an input to the transaction, completely undermining the CIOH and casting doubt over the true flow of funds. The resulting transaction looks no different to any other typical spend, with only the two participants knowing they just completed a coinjoin whilst also transferring value from one to the other.

The other beautiful part about Payjoin is that due to the nature of how these transactions are constructed, the actual value transacted between the two parties is not visible to anyone looking at the blockchain. We’ll demonstrate this in the steps that follow.

buying passport with a payjoin

Currently there are only a few wallets able to send and receive Payjoins that adhere to the BIP78 standard. Sparrow Wallet is a great example, and will be used to demonstrate how you can purchase a Passport with a Payjoin. The receiver side of this transaction will be the Payjoin compatible BTCPay Server, which operates as our in-house Bitcoin payment processor.

First off: head to our website, add Passport to your cart, and then head to the checkout to provide contact and shipping information. Once that’s complete, choose Bitcoin as your payment option and click ‘Proceed To BTCPay’.

Next you’ll be greeted with an invoice which you can choose to pay using the Lightning Network, or in this case, regular ‘on-chain’ Bitcoin. The QR code shown is an encoded version of the receive address for sending using a standard transaction. For Payjoin, navigate to the ‘Copy’ tab and copy the Payment Link provided.

Using a hot wallet in Sparrow, open the Send tab and paste the payment link into the ‘Pay to’ field. Sparrow will then populate the recipient address and amount, and will store the remaining info for a following step in the process. Give the transaction a label, adjust your miner fee and click Create Transaction.

On the next screen you can review the transaction details. Note the blank ‘Payjoin input’? We’ll get to that next.

Click ‘Sign’ to authorize the first part of the transaction.

Now we have the option to Get Payjoin Transaction. This uses the information provided from the payment link copied earlier to contact the Foundation Devices BTCPay Server to obtain the details of the UTXO to be used as the missing input in our Payjoin.

Recipient Payjoin input obtained and the final transaction is ready to sign.

Payjoin signed and ready to be broadcast to the network.

The BTCPay Server will automatically detect the incoming payment and mark your order as confirmed!

transaction analysis

This image is a block explorer view of the transaction demonstrated above, with added annotations to explain the makeup of the transaction. Some key things to note:

• Both sender and recipient have one input and one output each
• The actual value transferred for the purchase during the transaction was 0.00511928 BTC (see the invoice above), this amount is not visible
• The transaction has cast doubt over the true flow of funds and improved the privacy of both participants

The receiver has contributed a UTXO of 0.00583881 BTC to the transaction and finished up with a UTXO of 0.01095809 BTC. Subtract one from the other and you get the exact value of the invoice 0.00511928 BTC.

other privacy considerations

Spending via Payjoins or by using the outputs from larger coordinated coinjoins is a fantastic way to preserve your privacy at the Bitcoin network level. It’s also worth noting that those two options can be combined for even greater effect – Coinjoin with Whirlpool, then use those mixed outputs to create a Payjoin spend!

There are unfortunately many other things to consider when attempting to spend Bitcoin privately, or when ordering Bitcoin related items online. We plan to cover these in future articles, but will summarize them below for awareness.

(1) Purchasing using Bitcoin directly from an exchange

Are you comfortable with the exchange (or trading partner if using a peer-to-peer method) knowing you’re spending to a Bitcoin related company? If not, make use of the Coinjoin tools outlined in this article.

(2) Purchasing using a credit card

Are you comfortable with your bank knowing you’re spending to a Bitcoin related company? If not, purchase using Bitcoin that has been obtained in a private manner or has been coinjoined.

(3) Getting items shipped to your home address

Are you comfortable with the company you’re purchasing from knowing your home address? Are you aware of their data retention policies? How about a curious courier that might see a Bitcoin logo on one of your packages? If not, opt to get the items delivered to a PO box, re-mailer or similar service. The options available to you will depend on your jurisdiction.

(4) Getting items shipped using your real name and telephone number

Once again, are you aware of the company’s data retention policies? Do they have a good track record for keeping customer data secure? You could use a pseudonym and a phone number that is not tied to your personal identity.

The holistic approach

Bitcoin privacy is a multifaceted beast with many things to consider, nobody gets it perfect first time. The key thing to remember is that there’s never a bad time to start improving your privacy. Pick one aspect, make a change, then move on to the next to ensure you don’t get overwhelmed. Stay tuned for more articles on the subject, and if you need personalized support consider checking out our Concierge service.

purchase PASSPORT

Order Passport Batch 2 today, limited to 2400 units!

$199.00Add to cart

SUPPORT, WHERE And WHEN YOU NEED IT

At Foundation Devices, we strive to make tools that are powerful, elegant, and easy to use. Judging from the results of our customer surveys, we’re off to a good start – but we can always do more!

Bitcoin attracts users from different backgrounds and skill sets, from complete beginners purchasing their very first hardware wallet, to expert users buying an additional signing device to compliment their geographically distributed multisig quorum.

Expert users are unlikely to need the same level of hand holding as those just starting their Bitcoin journey, but we want to ensure that no sovereign individual gets left behind. Because of this, we’ve been working hard to improve our content and support options so that everyone can use Passport to its fullest potential.

At the end of 2021 we migrated our user documentation from GitBook to our own self hosted docs site thanks to the great Free and Open Source (FOSS) tool Wiki.js. We think the new layout and improved structure is easier and quicker to navigate. If videos are your thing, we have you covered with a growing collection of ~50 videos on everything from setting up Passport to creating your first sovereign multisig setup with tools like Specter and Sparrow Wallet.

Behind the scenes we’ve also migrated to our own self hosted help desk software thanks to another great FOSS tool, FreeScout. Whilst this shift might seem trivial, the move has allowed us to implement some really cool features to better support you while keeping your data safe. They include:

live chat

Got a burning question that you can’t find an answer to via our docs? You can now message us during business hours for a quick reply from one of our team members. The live chat is present on both our documentation and our main website; just click the small blue chat icon on the bottom right of your screen.

Twitter Direct Messages

If you follow us on Twitter already (follow us @FOUNDATIONdvcs if not!), one of the simplest ways for you to reach our expert support staff is to send us a direct message on Twitter, ensuring that even when you’re scrolling Twitter you have access to support where and when you need it.

telegram bot

Are you an avid Telegram user? Yeah, us too! We have a vibrant and growing community chat which you can find here. However, sometimes you may have a question that you don’t want to ask in front of hundreds of other users. To fix this, we now have our very own Telegram Bot (@FoundationDevicesBot), waiting to help you – in private – with any questions or issues. Messages sent to our Telegram bot will be picked up by the same expert support team that answers our online live chat.

pgp protected emails

PGP provides the ultimate way in which to communicate via even the most insecure mediums. We are really excited that our more privacy conscious users can now communicate with us in a fully encrypted fashion. This makes asking even the most sensitive of questions completely secure and private, even in the extremely unlikely event that our email server were to be compromised.

Simply send us an email at hello@foundationdevices.com using our PGP email contact key, include your own PGP public key to the email so we can respond, and enjoy the peace of mind that comes with truly privacy-preserving communications.

purchase PASSPORT

Order Passport Batch 2 today, limited to 2400 units!

$199.00Add to cart

multisig – is it for me?

bitcoin Key storage

The Bitcoin network dictates that, to create a valid spend transaction, you must provide proof of ownership of the bitcoin being used in the transaction. This is done via the use of a private key to create a digital signature (or proof) that the person creating the transaction is spending the coins belonging to them. Anyone in the network can look at the provided signature and corresponding address being spent from to verify the authenticity of the transaction, without needing to know the private key of person creating the spend. Anyone with access to your private key can spend from your wallet. Now that we understand the importance of private keys, we should probably understand how to secure them properly!

A typical Bitcoin wallet, such as those found on a mobile phone or desktop applications, protects your sats with a single master secret or ‘key’. To sign off on any spend from such a wallet requires a signature from this single key. These types of wallets are colloquially referred to as ‘single-sig’, short for ‘single signature’, referring to the authentication level required to create a valid spend. Used in a setting such as a mobile phone, single-sig wallet setups provide great convenience for those on the go spends that are typically on the lower end of the value scale.

Single-sig wallets can of course be used in more secure setups, such as with an air-gapped hardware wallet like Passport. Used in this context, the key, which is required to authorize transactions, never leaves the offline device. When paired with wallet software like BlueWallet, the software manages incoming transactions and constructs outgoing spends for the offline device to read and sign using its stored key. This extra step, where the authority to spend has been removed from the ‘online’ wallet software, provides an extra security layer against potentially compromised internet connected devices.

With this simplicity comes a theoretical single point of failure. If your wallet and/or seed backup gets compromised, so does your bitcoin! Sure, you could deploy a Passphrase, but what if we wanted to take things a step further and protect ourselves against even more attack vectors?

What is multisig?

Much like single-sig, multisig (short for ‘multi signature’), derives its name from the level of authentication or ‘proof’ required to create a spend transaction. Generally speaking, a multisig wallet requires sign-off from more than one key for any spend. With multisig, you have the freedom to fine tune your wallet configuration to suit your personal circumstances. Two of the most common approaches taken today look like this:

A 2-of-3 setup where 3 keys are used to create the wallet and protect the bitcoin, but only 2 of those keys are required to authorize a spend

A 3-of-5 setup where 5 keys are used to create the wallet and protect the bitcoin, but only 3 of those keys are required to authorize a spend

The number of different Multisig configurations is almost limitless and can be tailored for almost any scenario. A company holding bitcoin on their balance sheet might opt to create an 7-of-12 setup where all board members hold a key and a majority (7) of them are required to authorize spends, whereas individuals would likely not require this level of complexity and would opt for a simpler setup with fewer keys to manage.

multisig benefits

So why might a sovereign individual want to consider a multisig setup? What extra benefits will be gained to offset the increased complexity?

1. Removal of a single points of failure – In a single-sig setup, if the device holding your private keys, or the corresponding mnemonic seed backup is compromised, so is your bitcoin. With multisig, an attacker would need access to the multisig wallet (or backup file) AND the minimum number of keys required to make a spend.
2. Redundancy – With a multisig wallet, you can afford to lose at least one key and its corresponding offline backup and still be able to spend your bitcoin. In a 2-of-3 setup, for example, loss of a single key would not result in a catastrophic loss of funds. Likewise, in a 3-of-5 setup, loss of two keys would not result in a loss of funds.
3. Protection against a compromised manufacturer – In the unlikely event that the hardware wallet used in a single-sig setup turns out to contain a malicious back door, the wallet manufacturer could wait until funds are deposited and then drain the wallet at any point in the future. In this scenario, the manufacturer may not even be at fault; the device could be intercepted in-transit and swapped with a compromised device before arriving at its final destination. When a multisig wallet is configured with devices from multiple vendors, this attack is mitigated.

multisig considerations

While multisig offers exponentially improved protection from single points of failure and improved redundancy from key loss when compared to single-sig, it does also pose some new problems that must be considered before diving in head-first.

1. More seeds to backup – Every device or key has its own mnemonic seed backup. Storing any of these at the same location negates the some of the benefits we outlined above. Do you have enough secure locations to store all of these seeds?
2. More devices to secure – As outlined above, storing these devices in the same location is an attack vector. More devices = more secure locations required.
3. Wallet configuration backup – In a doomsday scenario where a single key (and its backup) in a 2-of-3 setup is lost and the computer holding the wallet software is also not accessible, the remaining two keys, on their own, are not sufficient to recreate the wallet. To mitigate this, it is advisable to keep a copy of the wallet backup file with every key backup. Fortunately, modern multisig coordinator software like Sparrow or Specter Desktop offer this in a single file that can be printed or stored on a USB or microSD card. This file alone does not have the ability to spend; think of it as the ‘framework’ from which you can recreate the wallet.
4. Inheritance – You might be an avid Bitcoiner, keen on leveling up your Bitcoin security but is your next of kin? You might have the most secure setup the world has ever witnessed, but if only you know how to access it, your bitcoin disappears when you do! The obvious thought is to leave some detailed instructions in case of emergency, but what if those instructions were to fall into the wrong hands?
5. Spending inconvenience – If you need two keys to spend from your wallet, with one in your home and another a 90 minute drive away at a relative’s house, it could become a real chore if this is a wallet you’re planning to use on a regular basis.

multisig with passport

So, you’ve weighed up the pros and cons and decided to protect your bitcoin using a multisig wallet. Here’s one of the many ways you can do that easily using Passport and one of our favorite desktop wallets, Sparrow . Be sure to check out our other multisig tutorials covering BlueWallet and Specter Desktop.

Once set up, signing multisig transactions with Passport is very similar to single-sig and can be done via QR or microSD. Passport also allows you to view all of the multisig wallets it is a part of by heading to Settings > Multisig. Within the multisig menu you can also import new configurations via QR code or microSD as well as set the device’s ‘Multisig Policy‘. This setting dictates the way in which the device behaves when importing new configurations.

Multisig is an extremely powerful tool in the right hands, capable of protecting your wallet from almost all perceivable attack vectors – but it’s not without potential pitfalls! We suggest weighing the options discussed here and making up your own mind based on your own personal circumstances.

If you would like to leverage the power of a multisig with Passport as at least one of the signers, you can now preorder a device from our second batch at a new, reduced price.

purchase PASSPORT

Order Passport Batch 2 today, limited to 2400 units!

$199.00Add to cart

Passphrases – What/Why/How?

bitcoin backups

The default backup for a typical Bitcoin wallet today consists of a mnemonic seed which is typically 12, 18 or 24 words in length and chosen from a universally agreed upon list of 2048 words. With this mnemonic seed you can move or recover your bitcoin into any other BIP39 compatible wallet (hint – they pretty much all are!).

Thankfully it is now common practice for Bitcoiners to store their mnemonic seed using a robust metal backup method to ensure their bitcoin is not lost in the case of disaster. But these storage methods pose a new problem to solve, what happens if someone were to find the metal backup? Your mnemonic seed, in clear text, ripe for picking to the first person that lays their eyes on it!

Sure, you could opt to use a multisig solution where a single mnemonic seed phrase does not give access to your bitcoin, but that poses many other considerations (to be covered in a future article), first amongst which is drastically increased complexity. You could also opt to use an encrypted backup which is perfectly resistant to physical attacks but does not offer the same assurances against fire or water.

Enter passphrases…

What are Passphrases

A passphrase is an additional word or combination of words that can be added to your mnemonic seed as an additional layer of security against physical attacks. A passphrase can be as short or as long as you like and can contain any combination of letters (upper and lower case), numbers or special characters. Passphrases are case and order sensitive, for example Passphrase123, 123passphrase, passphrase123 and 123Passphrase will all result in completely different wallets, each with their own unique list of addresses.

A passphrase is never stored on your signing device and will need to be entered every time you want to manage the passphrase protected wallet – fortunately Passport makes long passphrase entry simple thanks to its keypad design. Your passphrase does not replace your mnemonic seed; it is used in addition to it. If you decide to use a passphrase to protect your bitcoin, you need both your seed and your passphrase to recover funds.

should you use a passphrase?

There are two main benefits for users that choose to implement a passphrase, plus an optional third that comes with a little extra complexity.

1. Physical Attack Protection – If using a passphrase protected wallet and an attacker were to find your mnemonic seed backup, the attacker does not gain access to your bitcoin.

2. Plausible deniability – If using a passphrase protected wallet and an attacker were to hold you hostage until you gave up your bitcoin, you could have previously loaded a small amount onto the wallet without the passphrase (i.e. just your seed words). Telling the attacker where the mnemonic backup is, and allowing them to find this small amount may be enough to stop any further attack whilst the majority of your bitcoin is held safely within the passphrase protected wallet the attacker doesn’t know exists.

3. Separate Wallets – Some more advanced users may also use multiple different passphrases as a method of separating out their different pots of bitcoin. This could be for short/long term savings or for ensuring that separating KYC and noKYC funds never get merged together to protect the users privacy. It’s worth noting that the same effect can be achieved using the accounts feature on Passport.

passphrase considerations

Whilst passphrases offer many great benefits, particularly from a security standpoint, users must be aware of the considerations and pitfalls of using a wallet with passphrase protection.

1. Short Passphrases – Short 1 or 2 word passphrases from the BIP39 list or the dictionary are next to useless and can be brute forced by even modest attackers. Ensure you use a minimum of four words with numbers and/or characters being an additional bonus.

2. Long Passphrases – Longer passphrases are exponentially more secure, but remember, you need to enter this into your signing device every time you want to manage or spend from that wallet. If your signing device makes text entry a chore, the likelihood is you just won’t use it, or even worse, you might enter it incorrectly and cause yourself hours of confusion trying to work out why the addresses being generated don’t match those expected.

3. Storing a Passphrase – Your passphrase is part of your bitcoin backup. No passphrase, no bitcoin recovery. For obvious reasons the passphrase should not be stored in the same location as the mnemonic seed, so consideration must be made to a separate, secure storage location and medium. Imagine your metal seed backup survives a flood but the passphrase you jotted down on paper doesn’t!  No passphrase, no bitcoin recovery!

4. Inheritance – Extra security is great, but will your loved ones know what to do with your passphrase in the event that you are no longer around? Would they even be able to find it?

using a passphrase with passport

So, you’ve weighed up the pros and cons and decided to protect your wallet with a passphrase, smart move! Here’s how you can do that easily using Passport.

To apply a passphrase simply head to Settings > Advanced > Passphrase. Here you can opt to set a passphrase or enable the device to prompt you to enter one each time it boots (useful for users that always use passphrase protected wallets) or you can press ‘Set Passphrase’.

Next, enter your desired passphrase carefully then press continue and double check you have entered the passphrase correctly.

Any time a passphrase protected wallet is active on Passport, it will be denoted by a small ‘P’ in the top left corner.

DO NOT USE THE PASSPHRASE SHOWN

This applied passphrase will be active until Passport is turned off or the user manually clears the passphrase using the exact same method as above. If after reading this post you decide you want to add passphrase protection to your bitcoin storage setup, you will need to activate the new wallet using the process detailed above then export that new wallet to your chosen software wallet. From there you can clear the passphrase and send from your old (non passphrase) wallet across to the addresses controlled by your new passphrase protected wallet.

Decided you want to leverage the power of a passphrase protected wallet? You can get your hands on one of the few remaining Founders Edition Passport devices below.

purchase PASSPORT

Order Passport Batch 2 today, limited to 2400 units!

$199.00Add to cart

Bitcoin and Asimov’s Foundation

In Asimov’s renowned Foundation trilogy, the Galactic Empire is crumbling. Civil war and nuclear holocaust are imminent. An inevitable dark age of 30,000 years awaits humanity.

All of humanity’s knowledge will be lost.

Hari Seldon, leader of a fringe scientific movement called Psychohistory, becomes aware of this impending doom and devises a plan. Mankind will establish a colony on the edge of the galaxy – a Foundation – and catalog all of humanity’s knowledge in an Encyclopedia Galactica. This will reduce the dark age to only 1000 years and allow humanity to rebuild.

Today, we live at the intersection of three major societal shifts.

1. The global economy abandoned a gold standard in 1971, which has since caused the destruction of our middle class and plunged us all into drowning debt and inescapable inflation. The solution from our elected (and appointed) leaders? Print more money!
   
2. We are in the midst of a “Great Reset.” The US dollar (cough, petrodollar) is on the decline and competing powers are vying to replace it. China, specifically, aims to displace the United States as the dominant global superpower by 2049. The CCP is already exporting its tried-and-tested, authoritarian, mass surveillance system to the rest of the world.
   
3. With the invention and global adoption of the Internet, our world is entering its Fourth Stage as an Informational society. As noted in The Sovereign Individual, an eerily prescient publication, this societal shift will force the Nation State into decline. 

While our world is not at risk of 30,000 years of darkness (we hope), we are experiencing hard times – and they will only continue to grow harder throughout this decade.

One potential outcome is that China becomes the new global superpower and succeeds at exporting its authoritarianism to us all. The CCP uses its digital yuan as a tool of population control and mass surveillance, creating a permanent ruling class of elites that control how money is printed and distributed. Society experiences a twisted combination of 1984 and Fahrenheit 451.

Bitcoin offers us salvation. Rather than transitioning to yet another centralized currency, fabricated by a central bank, backed by nothing – Bitcoin reaches mass adoption as the decentralized global reserve currency. We experience a separation of money and state. Permanent inflation ends. Individuals can save and invest in their future. Governments’ ability to wage endless wars, via money printing and taxation, is no more. A new peaceful, prosperous era of the sovereign individual emerges. 

Bitcoin is our Foundation. Mass embrace of Bitcoin will enable humanity to minimize the duration of chaos and emerge in utopia.

A transition to a Bitcoin Standard will not be easy. In this decade we will face seemingly insurmountable resistance from a dying fiat system that is gasping for breath as it drowns. Much of this resistance will be political – governments will attempt to ban, curtail, and cripple Bitcoin as its user base grows. But Bitcoin, and its forces of decentralization, will also threaten the incumbent technology gatekeepers that control how the world accesses the Internet.

The vast majority of the world’s population accesses the Internet via devices and services made by Apple and Google. The vast majority of the world’s population uses closed source devices made by small numbers of large manufacturers. So if we want to opt out of the Fiat Standard, and opt into a Bitcoin Standard, how can we do so as the incumbents resist?

The answer is simple. We must rebuild and catalog humanity’s knowledge, just like Hari Seldon did in Asimov’s Foundation. But unlike Seldon, we don’t need to build our Encyclopedia on a remote planet on the edge of the galaxy. Instead, we can build it in the open – through the power of Free and Open Source hardware and software. 

This is why we started Foundation Devices – to accelerate the adoption of Bitcoin by rebuilding and cataloging humanity’s knowledge as open source. To create a permissionless hardware and software foundation on which others can build. To help guide humanity through our transition to the Fourth Stage.

purchase PASSPORT

Passport will be back in stock soon!

$199.00Add to cart

The Foundations of Freedom in Bitcoin

In the decentralized, peer-to-peer Bitcoin network, there are no central institutions that protect individuals from fraud or loss. Sovereign Bitcoin users must look after their own security, which makes it critically important that they are able to identify which products and services are trustworthy and safe to use. 

The first step Bitcoin organizations should take in order to be considered credible is to be fully open source under the proper licensing. Open source projects are more likely to be secure because, given an active development community, a greater number of individuals are involved in inspecting and contributing to their code.

Bitcoin is an ecosystem built on a foundation of free and open source software and ideas. Progress in Bitcoin is made as we build on each other’s work. Bitcoin users must have full freedom over the hardware and software infrastructure they use – freedom to fork, freedom to change, freedom to run the programs they want without any intermediaries.

This article will explain why open source development is both more efficient from a security perspective and the only viable way forward for Bitcoin.

Civil Liberties in Hardware and Software

To understand why open source is critical for Bitcoin users, it helps to have some historical context about how the movement’s ideals emerged. Before the Copyright Act of 1976 ruled that computer programs could be considered intellectual property, software programs had often been bundled and sold together with hardware. This created a development environment in which programmers worked primarily out of passion for their field and cooperated with one another in a free-flowing, non-restrictive way. 

However, after the 1976 changes to IP law, companies began working on proprietary software that could be sold on its own. This marked the beginning of a trend that gained full momentum by the early 1980s and which eventually resulted in the walled garden ecosystems we see today.

The irony for many of the originators of the technology that had enabled the personal computing era was that they believed foremost in the civic duty of sharing information for public benefit. A staunch advocate for freedom of access and development in software among this generation of creators was Richard Stallman. His writings voiced the idea that it was not enough to protect the practical aims of open information sharing – philosophical aims conducive to a virtuous society also had to be respected in software. 

To reflect the importance of individual freedoms, Stallman wrote the GNU General Public License (GPL) series of copyleft licenses that protect the rights of software users, rather than owners.

In addition to all the practical benefits of open source development, the terms “Free and Open Source Software (FOSS)” and “Free and Open Source Hardware (FOSH)” imply that a product upholds basic individual freedoms and civic duty. Here, “free” refers to freedom, rather than whether or not the product is free to use. 

In his writings on “nonfree” software, Stallman describes how privatization and black-boxing of code erodes our spirit of self-reliance and consequently runs contrary to the principles upon which democracies like the United States are founded. Without the ability to analyze, modify, or redistribute the software we use, we are ultimately passengers in the digital world, unable to take agency for ourselves or on behalf of our fellow citizens and neighbors.

Without the ability to analyze, modify, or redistribute the software we use, we are ultimately passengers in the digital world, unable to take agency for ourselves or on behalf of our fellow citizens and neighbors.

Bitcoin was not built to resemble the walled garden digital economy, but instead to provide a path for restoring our sense of self-sufficiency and sovereignty. In today’s world of sweeping centralization, over-organization, and lack of transparency, it is more important than ever to protect the ideals that Bitcoin stands for. The only way to work towards a future for Bitcoin in which freedom and autonomy are preserved is to support projects that are free and open source under FOSS and FOSH licenses.

Not Compromising on Open Source

In the same way that we trust the Bitcoin protocol because it is free and open source software, we can more confidently trust products that are free and open source. FOSS and FOSH licenses can help the Bitcoin community identify and give recognition to projects that uphold the full standards of transparency as well as reflect the spirit of free software and hardware.

As new waves of users enter the Bitcoin market, bringing us ever closer to mass adoption, there will also be unprecedented interest from malicious actors. In order to avoid thefts or loss of funds, a majority of new Bitcoiners may continue to consign key ownership to large exchanges or engage with Bitcoin through trusted third parties. 

The custodial decisions made by new Bitcoiners will have a tremendous effect on the future of financial sovereignty in Bitcoin – and whether centralized institutions and players that have no concern for the foundational principles of Bitcoin may come to dominate the space. It is our hope that the strength of free and open source projects in the industry will incentivize and inspire new users to opt to take control of their sovereignty.

Transparency is Better than Obscurity

The way forward for the Bitcoin community—if it wants to stay true to its ideals—is the same model of open source development adopted by the original Bitcoin protocol and software. Bitcoin is a paradigm that clearly thrives on communal development, cooperation, and progressively building on shared work. 

As Richard Stallman writes, “In any intellectual field, one can reach greater heights by standing on the shoulders of others. But that is no longer generally allowed in the software field—you can only stand on the shoulders of the other people in your own company.” A notable advantage of a decentralized system is in coalescing the work created by a diverse community of developers and entrepreneurs and enabling anyone to expand or improve upon that work.

A world in which we are not able to build on the intellectual progress of others is a world that would be less innovative and less secure. The hardware wallet industry is a quintessential example of how building on top of each other, rather than building from scratch, enables rapid innovation. We at Foundation are deeply appreciative of the open source projects – like MicroPython, Coldcard, and Trezor – that helped us bring Passport to market.  

A world in which we are not able to build on the intellectual progress of others is a world that would be less innovative and less secure.

It is much more efficient to build in concert with developers across an active community than to draw only from the development resources of one’s own company. When a product’s open source code attracts a larger and more diverse group of contributors to verify that it functions as intended and is not susceptible to critical flaws, consumers can have more confidence that it can be trusted. The cross-referencing of the opinions of experts is a much more credible source of information to depend on than the reputation of a centralized institution.

Recent notable hacks of proprietary hardware and software illustrate how detrimental black box development can be to the security of users. Just last year, Apple’s T2 co-processor, which handles encrypted storage and secure boot capabilities, was cracked by a team of researchers who found it was vulnerable to the same “checkm8” exploit that had been used to jailbreak Apple’s A10 processor. The fact that this vulnerability originated from T2 being based on the A10 is a telling example of how developers limited to the resources of their company are less likely to understand and recognize flaws in their product. Researchers found that attackers can gain access to the T2 chip of MacBooks produced from 2018 to 2020 if they have physical possession of the device or are able to swap out one of the owner’s cables for a modified lookalike specifically engineered for the attack. The failure of these generations of MacBooks is not a good look for Apple, a company that has long projected an image of itself as more secure due to its walled garden approach.

Also last year, Intel’s Software Guard eXtensions (SGX), a security system marketed as a highly isolated enclave for safeguarding private keys, fell victim to yet another security vulnerability. The latest crack involved two separate side channel attacks capable of stealing sensitive information, and came just after Intel sought to mitigate previous vulnerabilities by modifying app-layer code. The fact that large hardware manufacturers like Apple and Intel can struggle to provide consumers with secure black box private key storage solutions is further indication that open, auditable code can be a stronger security model.

The fact that large hardware manufacturers like Apple and Intel can struggle to provide consumers with secure black box private key storage solutions is further indication that open, auditable code can be a stronger security model.

Implications for Hardware

Hardware is a delivery mechanism for software, and free and open source hardware is absolutely fundamental to creating a decentralized digital economy in which users can find trustable products – and in which rapid innovation can occur. This is why we believe meeting the criteria for free and open source software and hardware is not only beneficial for security and product improvement, but necessary for the future of Bitcoin. 

To understand the specifics of the CERN OHL v2 hardware licenses and GPLv3 firmware licenses that classify Passport as FOSH, look out for our next article!

purchase PASSPORT

Order Passport Batch 2 today, limited to 2400 units!

$199.00Add to cart

Announcing Our Pre-Seed Raise

Foundation Devices is thrilled to announce that we’ve raised a pre-seed round of $2.5M led by Bolt.

Joining us are new investors Third Prime, Massachusetts Avenue Capital, Unpopular Ventures, Deep Ventures – as well as existing investors Warburg Serres, Fulgur Ventures, Inflection, and notable angels.

Bolt, a prominent early-stage venture fund, invests at the intersection of the physical and digital worlds. They were first round investors in groundbreaking hardware companies like Desktop Metal, Tonal, Nautilus Bio, and Fi.

Tyler Mincey, a partner at Bolt, is joining our board. Tyler has a highly relevant background in product management, design, and hardware/software engineering in companies large and small. At Apple, Tyler was a member of the original iPhone core team, later managed the iPod new product roadmap, and shipped over 150M units worldwide. We are thrilled to work closely with Tyler on developing new products and honing our design & manufacturing capabilities. 

Foundation is building the open hardware foundation for Bitcoin and a decentralized Internet. We believe that a new Internet, powered by open source software, must run on open hardware. Today’s devices are opaque, proprietary, and restrictive. Our goal is to build a new category of sovereign computing to serve as an open platform for development of a decentralized Internet. 

For Bitcoin and a decentralized Internet to succeed, users must store their own keys and run their own infrastructure. This is where we come in. Foundation believes software solutions alone are insufficient – consumers need integrated hardware and software to make it as easy to store your own keys as it is to open an account on an exchange. 

Last month we began shipping our first product, Passport, a next-gen Bitcoin hardware wallet. Passport is designed to be beautiful, intuitive, ultra-secure, and completely open source. Over the next several months we will improve Passport with firmware updates and design enhancements, as well as introduce companion software to further enhance the user experience.

To date, we’ve built all of Foundation with just four cofounders. We are now excited to be expanding the team in the following areas. If interested, view our Jobs Page and email us at jobs@foundationdevices.com.

• Software Engineering (web, mobile, embedded, Bitcoin)
• Mechanical Engineering
• FPGA & ASIC Engineering
• Graphic & Industrial Design
• Operations
• Customer Support
• Social Media & Community

Join us in our mission to make Bitcoin and decentralized tech accessible to each and every individual in order to build a new era of sovereignty, ownership, and privacy – and empower humankind.

– Team Foundation

purchase PASSPORT

Order Passport Batch 2 today, limited to 2400 units!

$199.00Add to cart

Leading an Open Hardware Renaissance

In April we set off to build a new type of hardware company. Instead of building closed source, proprietary hardware, we’d open source all of our work – from the firmware to the circuit designs. We’d fight back against today’s norm of security via opaqueness and instead embrace security via transparency.

Instead of releasing open source hardware catering only to developers and hardcore security enthusiasts, we’d design beautiful devices with bold, unique industrial designs and intuitive user interfaces. We’d aim to build the best products, period, and bring them to the largest number of people.

Only 8 months after launching Foundation Devices, we have finished prototyping Passport and are beginning mass production. In several weeks we will be shipping our first devices to customers across the world.

We are excited to announce that we’ve released Passport’s circuit designs as fully open source under CERN OHL S v2, and Passport’s alpha firmware under GPLv3 (and other compatible licenses). These viral, copyleft licenses ensure that others can use our work for any purpose – as long as they open source their work as well.

Open source is core to our mission and values at Foundation Devices, and we encourage other hardware companies to join the open hardware movement.

The Importance of Open Hardware

Security via openness and transparency. In a Bitcoin powered world, with immutable transactions and no recourse for thefts or loss, it is more important than ever that hardware and software are open. Security experts can easily review designs and report vulnerabilities, and advanced users can verify that the hardware and software have not been modified or tampered with.

Open hardware is likely to have fewer vulnerabilities than closed hardware. Read more in our previous post.

Building on each other’s work to innovate faster and progress society. In the hardware world today, progress is slow and siloed because each new hardware company either starts from scratch or buys proprietary IP from a small handful of companies (like Qualcomm or ARM). We think this is one of the main reasons why progress in the physical world is slower than in the digital world. In software, by contrast, developers can find tens of thousands of high quality open source libraries on Github and quickly integrate them into their projects.

Imagine if a young software startup was forced to pay Google for some proprietary IP to make a useful product and was required to sign an NDA – this is what the hardware world is like today.

Passport’s Open Source Foundation

Passport is built upon and inspired by numerous open source elements. For our hardware, we researched the architecture of popular devices like Coldcard, Bitbox02, and Trezor – all of whom post their electrical schematics on Github. We also implemented an open source true random number generator from the Betrusted project (called an Avalanche Noise Source).

For our firmware, we relied on the open source MicroPython project and used Coldcard’s open source firmware as a template. We started a new MicroPython project, did low-level bringup work for our hardware components (such as the camera), created a new user interface, and ported + modified pieces of Coldcard’s code.

We also implemented Trezor’s open source crypto library, ported Blockchain Commons’ open source UR Library to Python, and integrated two open source QR libraries.

It would not have been possible to design Passport in less than a year without building on great open source work.

Other Hardware Wallets

Currently only Passport and Trezor meet the definition of Open Source Hardware. Foundation Devices believes it is our responsibility to encourage other hardware producers to fully open source their work.

• We applaud Trezor for their full embrace of open source hardware, but we suggest they license their hardware designs under CERN OHL v2.
• We implore Ledger to change their approach and open source their hardware designs and proprietary firmware.
• We suggest that Bitbox02 and Coldcard release their circuit design files, rather than just their schematics, so that the hardware can be fully open source.

Our beliefs about the importance of open source were inspired by both Coldcard and Trezor. When Coldcard launched in 2018, they used Trezor’s open source crypto library – and welcomed others to use their open source, GPLv3 code!

We are grateful for Coldcard’s open source firmware, of which we’ve used numerous components to more quickly bring Passport to market. However, we are disappointed that they’ve recently chosen to relicense their firmware as non-open source. The Commons Clause license condition is not open source and is and incompatible with GPL. The Free Software Foundation urges rejection of software under this license condition, and the license condition is widely criticized and on the decline.

In Summary

Passport’s circuit designs are now released as fully open source under CERN OHL S v2, and Passport’s alpha firmware is now released under GPLv3 (and other compatible licenses).

We believe open hardware improves cooperation and security and accelerates industry progress. We’re excited to bring open hardware products to the world and hope to see others do the same!

purchase PASSPORT

Preorder Passport (Restocking soon)

$199.00Add to cart

Hardcore Hardware Security Requires a Step Back In Time

Foundation strives to build ultra-secure hardware with an open source security model. This is especially important for hardware wallets, which are used to store sizable amounts of Bitcoin and cryptocurrencies.

Today’s devices are largely designed for a pre-Bitcoin world. They are proprietary, opaque, and closed source. They are not designed to protect Bitcoin’s immutable transactions.

Take an iPhone, for example. An iPhone’s software is closed source – it runs firmware and an operating system made by Apple. There is no public code on Github. Security researchers or savvy individuals cannot audit any of the code running on the device. 

Likewise, an iPhone’s hardware is closed source – its circuit board designs, list of components (commonly called the “BOM” or bill of materials), and details of component functionality are proprietary and confidential. Sure, it’s possible to conduct a tear-down and attempt to determine how an iPhone works, how the circuitry is designed, and what components it uses. But the information gleaned from such an effort is limited at best.

Does Apple encrypt your iMessages? Does it safely upload your data to iCloud? Are apps sufficiently isolated to protect you from viruses and exploits? With closed source hardware like an iPhone running a closed source operating system, it is impossible to answer these questions. Instead, we are forced to trust Apple completely with our digital lives.

In a pre-Bitcoin world, this did not matter. The worst-case scenario was that an attacker stole your personal data, bought a few items with your credit card, and Venmo’d away a few thousand dollars. You then reset your passwords, called your credit card company, submitted a support ticket with Venmo – and resumed life as usual.

In a Bitcoin world, if your money is stolen then it is gone. There is no recourse. 

Today’s devices are built on a closed-source security model that is not transferable to a Bitcoin world. At Foundation Devices, we are dedicated to building ultra-secure hardware with an open source security model.

Unlike most hardware companies today, Foundation Devices:

1. Minimizes the use of black-box silicon – chips whose functions are unknown and are often bundled with common components like screens and touch panels.
2. Purchases chips and components only from reputable suppliers and distributors.
3. Reduces attack surfaces as much as possible.
4. Assembles our devices under close supervision in the USA.
5. Releases our hardware and software as open source.

In order to build secure hardware for a Bitcoin world, we sometimes need to take a step back in time. Many common components today are not designed for hardcore security, transparency, auditability, and openness. When designing Passport, our Bitcoin hardware wallet, we made the conscious decision to avoid the following:

• High resolution displays which contain black-box silicon that could collect data or display false information.
• Capacitive touch panels which contain black-box silicon that could record user inputs or hijack the device.
• Lithium ion batteries which contain black-box silicon that could help attackers exploit power-related vulnerabilities.
• Bluetooth which increases attack surface and has consistent vulnerabilities.
• USB which increases attack surface, such as this Ledger vulnerability.

This means that Passport uses a physical keypad, monochrome display, AAA batteries, and QR codes for communication. It somewhat resembles a Nokia phone! But it provides an excellent user experience, great design, and – most important – strong, open source security. 

If you are looking to purchase a hardware wallet, be wary of devices that use touch screens and contain Bluetooth. Be especially wary of closed source hardware. Ask the manufacturer – who makes the touch screen and where is it produced? Is the hardware and firmware open source? Does the wallet include Bluetooth or other forms of wireless communications?

Foundation Devices believes it is important that hardware wallet makers, above all, prioritize security. Here’s how we think about security for Passport:

1. If it can be visually inspected, it’s the best. This is why we use a Memory Display over a high resolution OLED or TFT display, and why we use a physical keypad over a touch panel.
2. Minimize the use of black-box silicon and purchase all chips from reputable suppliers. Our suppliers include ST Microelectronics, Microchip, Omnivision, Analog Devices, and ON Semiconductor. Passport does not contain components from sketchy Chinese OEMs.
3. Crucial components should be made ourselves. Rather than relying on a proprietary true random number generator (TRNG), we implemented an open source TRNG called an Avalanche Noise Source that uses commodity components (thanks bunnie!).

Over time, as Bitcoin grows and we sell more devices, we will design open source touch screens, more secure wireless communication protocols, and open and auditable chips. We look forward to making this a reality as we build Foundation Devices!

Interested in learning more about hardware security? We recommend this talk by bunnie, renowned hardware hacker and creator of the Betrusted project.

purchase PASSPORT

Order Passport Batch 2 today, limited to 2400 units!

$199.00Add to cart