Zach, Author at Foundation

Passport version 2.2.0 is now live!

Posted on January 2, 2024 - 5:12 pm by Zach

We’re excited to announce that the latest version of Passport firmware – 2.2.0 – is now live! To download it, simply initiate the update from Envoy to be guided through the process.

WHAT’S CHANGED

With this version of Passport’s firmware we’ve added the ability to seamlessly switch back and forth between signing via QR and microSD, added the ability to restore from SeedQR, improved the user interface on Founder’s Edition, and added many quality of life improvements across the board. With the number of new features we included in 2.1.0, we took this release to focus on refining our unified firmware between Founder’s Edition and Batch 2, as well as paving the way for full Taproot support in 2.3.0.

For more details on each of the changes, keep reading below!

NEW FEATURES

Automatically detect when a transaction being signed via QR is very large and prompt the user with the option to sign via microSD instead.
- When a transaction is very large signing via QR codes can take quite a long time. This change makes it much easier for users to switch to signing via microSD before going through the hassle of trying to sign an excessively large QR code.

You can now write a signed transaction out to microSD directly from the animated QR screen on Passport.
- Changed your mind and want to use microSD for that transaction you just signed? Now you can do so all from the same screen without having to go through the process of signing again.
You can now import a SeedQR directly into Passport when restoring from seed.
- Easily import a SeedQR from an existing wallet or restore from a SeedQR backup of Passport with a simple QR scan.

IMPROVEMENTS

Further improved signing of abnormally large transactions via both QR code and microSD.
Added an automatic encrypted microSD backup step when restoring Passport from a seed phrase.
Improved the spacing and alignment of text throughout the menu UI on Founder’s Edition to better account for the slightly different screen sizes.
Implemented secp256k1 support from rust-bitcoin, a requirement for full Taproot receive support in a future update.
We now create directories automatically on the microSD card as needed for storing partially-signed Bitcoin transactions (PSBTs), multisig configs, wallet configs, health checks, and Key manager.
- This makes managing files much easier, especially when viewing the contents of your microSD card on a computer.
Passport now uses a 3-digit code for sorting backup files, ensuring that backups are easier to distinguish and sort.
- Backups are now also sorted in reverse order, so you’ll always find your latest backup at the top when restoring or viewing existing backups!
Added additional context when setting a passphrase to ensure users understand that all passphrases are valid, and that Passport will clear passphrases upon shutdown.

Initial address verification for new accounts is now much faster.
Optimized fonts to free up some space in firmware.
Improved the Foundation icon when setting up a new Passport Founder’s Edition device.
Improved special character selection.
Upgraded to the latest version of foundation-rs, our open-source Rust library.
Removed unnecessary USB files, correcting a minor licensing display issue and simplifying compilation.
Improved copy and behavior of hiding and showing hidden keys in Key Manager.
Improved the behavior of the passphrase application flow when a user incorrectly enters a passphrase and notices the fingerprint does not match.
Improved copy on the account details screen regarding the derivation path.
Improved the way top icons are displayed on Founder’s Edition.
Improved battery level detection and display on Founder’s Edition.

BUG FIXES

Fixed a rare bug that wouldn’t properly display the message after a device is bricked after 21 failed PIN attempts.
Passport now properly displays an error when an unusable QR code is scanned that the user can close.
Passport now properly resumes saving a file if a microSD card is inserted at the “Missing microSD card” screen.
Fixed a display issue when canceling a transaction before signing.
Fixed a rare bug where big transactions would occasionally prevent Founder’s Edition from displaying the signed QR code transaction.
Fixed a minor display issue with specific, long-form error messages.
Fixed a minor issue when exporting to Sparrow under rare circumstances.

VERIFYING, REPRODUCING, AND INSTALLING PASSPORT FIRMWARE

If you’d like to verify and install the latest version of Passport manually, you can follow our guide on the topic here: Firmware Update support page

If you’d like to take the additional step of testing the reproducibility of Passport’s firmware, you can follow our guide on the topic here: Reproducibility Guide

Envoy version 1.5.1 is now live!

Posted on January 2, 2024 - 12:50 pm by Zach

We’re excited to announce that the latest version of Envoy – 1.5.1 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

Please note that there can be a significant lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

What’s changed

Note: v1.5.1 is a bug-fix release that resolves an issue updating firmware via Envoy on iOS. We’ve replicated the release notes here from 1.5.0 with the additional bug fix.

With this release of Envoy, we’ve focused on bringing you fully-featured support for Taproot! This not only expands the use-cases and access for Envoy as a mobile wallet, but it also paves the way for full Taproot support to be added to Passport in the upcoming v2.3.0 firmware. We’ve also included a proper Spanish translation to Envoy, and many quality of life improvements and bug fixes.

For more details on each of the changes, keep reading below!

New Features

Envoy now has full Taproot ???? support, allowing you to easily send and receive with the latest and greatest features in Bitcoin!
- For those who want to use Taproot, simply enable support from the settings under the “Advanced” drop-down and a new Taproot-specific account will be created for you.
- This also paves the way for full Taproot support in Passport, coming in firmware v2.3.0 very soon!
Envoy now has a Spanish translation available to all of our Spanish-speaking users!

Improvements

Envoy now allows users to select a preferred language in settings on iOS and Android.

Upgrade Flutter to the latest stable release, v3.16.1.
Envoy now automatically excludes coins that are too low of a value to spend in the current high-fee environment.
- We’ve noticed that in the current fee environment, a native behavior of BDK that is designed to protect you from wasting sats could get a bit confusing. If you have coins that are relatively low value, it’s possible that they could cost more to spend than the value of the coin, meaning spending them would just be burning precious satoshis.
- We still leverage the BDK default to help protect you from losing satoshis sending coins that are too low of value, but now we give you a clear warning when this would happen via a shiny new modal.
You can now hide amounts on an account while in the detailed account view.
Improved how the bottom sheet shows amounts when using coin control when minimized.
Users who have previously used Magic Backups and then manually restore the same seed now get the option to restore their previous Magic Backup or simply use a manual wallet.
Improved how selecting coins works when switching views.
Added a warning when a user manually selects coins and then changes the fee on the transaction review screen, as it can cause Envoy to automatically re-select coins for the user.
Updated our Tor library to the latest version of Arti, v1.1.11.

Bug Fixes

Fixed an issue unselecting an entire tag in coin control if some coins in that tag are locked.
Fixed a minor display issue when deleting a mobile wallet.
Fix an issue with units displayed on the send screen showing sats even when denominated in BTC.
Fixed an issue where redeeming an Azteco voucher could show duplicate entries in the activity screen.
Corrected the informational text on the unsigned PSBT screen.
Fixed an issue where the firmware update button would be slightly off-center.
Fixed a minor padding issue on the tag details card.
Fixed a rare issue that could cause a blank screen when pairing an existing Passport account.
Fixed an issue where an address could display incorrectly in the transaction details screen when receiving multiple outputs in a single transaction.
Fixed a display issue where excessively long device names could break the version pill on the devices tab.
Fixed an account renaming issue.
Fixed various minor display issues.

Verifying Envoy on Android

If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

Foundation: The Secret Master Plan

Posted on December 21, 2023 - 12:50 pm by Zach

There was a time when Apple shipped the schematics alongside the computer, a time when they encouraged us to “think different.” There was a time when Google lived by the guiding principle of “don’t be evil.” No longer.

We believe technology is progressing in the wrong direction. Rather than offering freedom, technology is used to surveil and control.

Ledger knows how much money you store on your hardware wallet and sees your transactions. Google knows everything about you. Your TV monitors what you watch and sells your data. Your car knows where you are at all times and will soon integrate breathalyzers and kill switches.

Technological progress in the physical world has slowed. An overwhelming majority of hardware and manufacturing innovations are closed source and proprietary. Open source software propelled us to the Internet, to Bitcoin – but open source hardware is a rarity.

At Foundation we believe that technology can be used as a tool to empower the individual with freedom, with sovereignty, with privacy. We believe that building superior open source hardware and software is the key to unlocking an era of prosperity and permissionless innovation.

As in Asimov’s Foundation trilogy, we’ve asked ourselves – what can we do to help navigate this period of chaos and usher in a new era of freedom and prosperity?

This brought us to our beginning. To Bitcoin.

Bitcoin

It all started with Bitcoin. It is our strong belief that a transition to Bitcoin as the global monetary standard will re-align society and fix our most important problems. In short, we believe that “Bitcoin fixes this!” So this is where we’ve chosen to begin our journey.

Foundation believes that Bitcoin itself is at a crossroads. On one side are ETFs, exchanges, custodial providers, intense and crushing regulations – maybe even 6102 orders. On the other side is custody, decentralization, permissionless innovation, strong financial privacy, and even an end to central banking as we know it.

This is why our first product was Passport, the best-in-class Bitcoin hardware wallet. The most fundamental aspect of Bitcoin is to hold your own keys, to control your own money and your own destiny. Passport makes that possible for more people than ever before.

During the 2024-2028 epoch, Foundation will build a cohesive ecosystem of Bitcoin devices, tied together by our Envoy mobile app.

Freedom Tech

But we aren’t stopping at Bitcoin. As the world achieves global Bitcoin adoption during the 2028-2032 epoch, Foundation will broaden our approach and focus on expanding our freedom tech ecosystem to more platforms. Smartphones and computers running a next-gen, ultra-secure, privacy-preserving operating system. Self hosted smart home products with integrated AI. Maybe even a car?

The Secret Master Plan

Below is Foundation’s master plan through 2032.

2020-2024: Build a hardware wallet and mobile app.
2024-2028: Use that money to build an ecosystem of Bitcoin devices.
2028-2032: Use that money to build a freedom-tech computing ecosystem.
While doing above, release everything as fully open source, vertically integrate manufacturing, and – most important – hold true to our principles.

Don’t tell anyone.

Envoy 1.4 – Say Hello to Coin Control

Posted on December 4, 2023 - 7:30 am by Zach

With the release of Envoy version 1.4 today, we’ve taken the next big leap forwards in our goal with Envoy — to bring the best of Bitcoin to you, simplified. Since the release of Envoy’s full mobile wallet functionality with Magic Backup, we’ve been working tirelessly to bring you the next phase focused on giving you full control over your Bitcoin. Say hello to the most intuitive and approachable coin control to date.

Coin Control Made Easy

Taking control of your money has been a part of our mission from day one, and the ability to control exactly how you spend your bitcoin through Envoy is a key part of that. In this release of Envoy we’ve spent countless hours taking the concept of coin control that has existed in other Bitcoin wallets back to the drawing board, as coin control should be within reach of everyone, not just “techy” Bitcoiners. We think coin control should be something even grandma can use.

The concept of coin control can often be a foreign one to new Bitcoiners, but quite simply it’s a tool that allows you to choose what coins get spent in each transaction. The standard functionality of a wallet is to use a coin-selection algorithm to intelligently select the best coins to spend when you send bitcoin, but without some form of coin control there is no way for the algorithm to know what history each coin carries with it. When you combine coins with different histories, you reveal information about your financial activity you may not be intending to share!

When you use coin control, you can tag coins and add notes to transactions as you use Envoy, allowing you to spend only the coins which you want to each time you spend your bitcoin. Don’t want to reveal how much you get paid to your grocer? Only pay him using coins from your previous visits to the grocery store. Tired of your barista seeing how much you paid for dinner last night? Only pay him using coins you just got peer-to-peer. Coin control gives you total control over what information you choose to reveal each time you use Bitcoin — the very definition of privacy.

Using coin control on Envoy is just a tap away behind the new “Tags” icon inside of each account, where you can easily select to spend from an entire tag or get into the weeds and select individual coins to spend. You can keep things as simple as you want or get as granular as you want — you’re in control now. And if the concept of coin control seems like too much for you today, you can simply never touch it and still benefit from a smart coin-selection algorithm in the background that does its best to reduce fees while preserving your privacy.

All of this functionality gets added on top of the 60 second onboarding that Envoy brings via Magic Backups, the seamless integration with Passport, and the fully customizable privacy settings across the board. It’s time you experienced Bitcoin, simplified by downloading Envoy today.

If you want to deep dive into how you can use coin control we’ve got you covered with our new docs on the topic: Tags, Notes + Coin Control | Foundation Docs

Redesigned Learn Center

We have a deep passion for user education and empowerment, and want to make the output of that passion more accessible through Envoy. When you have questions about how Envoy or Passport works, want to learn more about Bitcoin, or simply want to pass the time with the sound of BitcoinQnA’s voice in the background, we’ve got you covered. We’ve started from scratch and improved every aspect of the Learn center, starting with a drastically improved video player and a new video host. Videos are faster to load, easier to control, and are now automatically marked as watched afterwards.

We’ve also added full support for reading our blog posts directly in Envoy without ever leaving the app or opening your browser. Blog posts also get marked as read immediately after viewing them, making it simple to keep up with the latest in Foundation announcements and education. In addition, we’ve revamped our FAQ section at the bottom and updated it with all of the recent changes in Envoy and Passport.

Privacy Shield Joins the Toolbar

We’ve always held preserving user privacy as one of our chief values at Foundation, and that starts with the options available to our Passport and Envoy users. With this version of Envoy, we’re taking things a step further and improving the visibility and usability of all of those privacy settings in Envoy with a new standalone section we’re calling the “Privacy Shield.” Quickly connect to your own Bitcoin full node, switch back to Foundation’s, use Tor for improved privacy, or turn Tor off for better performance when necessary.

Everything you need to know about preserving your privacy while using Envoy can be found in our documentation: Privacy | Foundation Docs

Activity Center, Reborn

In addition to launching coin control and revamping our privacy settings, we’ve taken the time to overhaul the activity center in Envoy and give it a new home in the toolbar. Everything you need to keep up with your Bitcoin activity, Passport firmware updates, and more can be found in the Activity Center now. We plan on expanding this in the near future to encompass more things as well, so keep an eye out for future Envoy updates!

Want to learn more? Dive into our docs here: Activity | Foundation Docs

So Much More

If this has piqued your interest, head on over to our full release notes to learn more about what we’ve added, improved, or fixed with this release of Envoy:

https://foundationdevices.com/2023/12/envoy-version-1-4-0-is-now-live/

We can’t wait to hear your feedback on this latest iteration of Envoy, and if you have any questions or run into any issues, please don’t hesitate to reach out:

https://foundationdevices.com/2021/12/support-where-and-when-you-need-it/

Envoy version 1.4.0 is now live!

Posted on December 4, 2023 - 7:30 am by Zach

We’re excited to announce that the latest version of Envoy – 1.4.0 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or check for updates on your platform of choice.

Please note that there can be a lag from publishing to general availability due to Apple App Store and Google Play Store review policies and delays.

What’s changed

In this version of Envoy we’ve implemented intuitive and easy-to-use coin control, a new Activity Center and Privacy Shield, a redesigned Learn tab, broad user experience and user interface improvements, and squashed bugs across the board.

We’re especially excited about our implementation of coin control in Envoy, as there has been a lack of intuitive coin control on mobile for Bitcoin users in the past, even though coin control is vital for giving you control over your privacy. We’ve spent countless hours building coin control in Envoy from the ground up to be as easy to use, as powerful, and as privacy-preserving as possible. Coin control isn’t just for technical users anymore.

For more details on each of the changes, keep reading below!

New Features

Say hello to the most intuitive and approachable coin control in any Bitcoin wallet to date ????
- Coin control is a vital feature that allows you to preserve your privacy on Bitcoin and choose what information to reveal about your financial activity to those you interact with, but has been a feature only accessible to technical users in the past.
- We’ve been working tirelessly to bring you an implementation of coin control that even grandma can use. Easily tag your funds as you receive them, lock or unlock individual coins, choose exactly which coins to spend, or simply spend from a single tag with just a few taps.

Redesigned the Learn tab from the ground up, with an entirely new UI, improved video player, the ability to read blog posts directly in Envoy, and an improved FAQ section ????
- Videos and blog posts now also get marked as watched/read when opened, and can be manually marked as unread by long-pressing on the item in the Learn tab.

Implemented a new Activity Center and Privacy Shield in the bottom toolbar ???? ????️
- We’ve broken out our privacy settings into their own new home on the toolbar, as well as migrated the activity center from the bell icon to it’s own page.
- The new Activity Center will now show transactions, firmware update announcements, and more in the future!

Implemented full support for BRL fiat conversion. Welcome, Brazil! ????????
Implemented new “sat” and “btc” icons for units instead of text.

Improvements

Migrate Tor support to use the new Arti Tor client, implemented in an open-source Flutter library.
- Our use of Arti has shown solid improvements in Tor connectivity, and when paired with the implementation of DDoS protection in the Tor network has made Tor far more usable than it previously has been for the average user!
Greatly improved performance and resolved rare crashes for users with wallets that are heavily used, i.e. Samourai Wallet post-mix accounts.
Automatically add a note on Azte.co voucher redemption transactions indicating that they were from Azte.co.
Updated to support the latest azte.co API and voucher changes.
Long pressing on the delete button now deletes all entered text when constructing a transaction.
Envoy now automatically backs up the Envoy Backup file to Foundation servers every hour.
- Only applicable when Magic Backups are opted into by a user.
Improved the responsiveness of the “Backup Now” button for Magic Backups to show when a backup is successful.
Broad updates and improvements to the frequently asked questions (”FAQs”) in the Learn tab.
Improved descriptions and copy in pairing screens.
Implemented new “hamburger” menu icon with open/close animations.
Improved the firmware update flow when firmware is downloaded but not properly copied to microSD for any reason.
Made it easier to use Envoy purely as a Passport companion app for those who don’t want Envoy as a mobile wallet.
- It’s now easier to add additional Passport accounts without accidentally triggering the mobile wallet setup flow.
Improved screens across iOS, specifically those around pairing with Passport and downloading firmware.
Added the ability for Envoy to use the system locale to better display units and times throughout the app.
Added a shiny new animation to the manual mobile wallet setup flow.
Improved the way transactions display in the Activity tab.
Migrated video hosting for the Learn tab to Vimeo.

Bug Fixes

Corrected some minor issues with settings not being properly backed up and restored as a part of Magic Backups.
Removed fiat value for testnet coins – they have no value!
Properly display an error when an invalid Envoy Backup file restore is attempted.
Properly decode BIP 21 URIs with empty amounts.
Updated several dependencies to resolve inherited minor security issues.
Fixed several app freezes and crashes on iOS when a user had many accounts or deep wallets.
Fixed a rare backup conflict when using QR recovery with Magic Backups.
Resolved an issue with the previous Tor library where local network access would be requested in iOS (but not used).
Resolved several minor issues with how Envoy interprets the native Android back button.
Resolved lag when the app was opened while in Airplane Mode.
Fixed some minor text centering issues.
Resolved an issue where an account renaming would revert on iOS without the users input.
Resolved a rare bug when screen recording Envoy usage.
Resolved an issue where a user that ops into manual setup gets shown Magic Backup settings incorrectly.
Fixed an issue where the shield would stay red after a successful manual recovery.
Fixed a display issue possible when repeatedly adding and removing accounts.
Fixed a display issue where the + button could disappear.
Resolved some issues with account renaming when certain keyboard functions are used.
Resolved issues with screen sizing on smaller phones (i.e. iPhone 7).
Fixed an issue where saving a custom node would occasionally not persist.
Resolved a bug where prompts could appear where they shouldn’t.

Verifying Envoy on Android

If you’d like to take the optional additional step of verifying Envoy binaries on Android, follow our guide: Verifying Envoy on Android

Say Hello to Freedom.Tech

Posted on October 9, 2023 - 2:11 pm by Zach

Freedom.Tech is a global hub championing Bitcoin builders, open-source developers, educators, and privacy tech pioneers, and we see it as an invaluable addition to the Foundation family.

We’ve been working hard behind the scenes over the past few months to launch a new content hub that lets you find content on the bleeding edge of technology, learn how you can take actionable steps in the fight for freedom, and amplify your own voice by writing unique content.

Freedom.Tech gives us a place to broaden our educational efforts that still aligns closely with what we’ve been doing on the Foundation blog, with our “This Month in Sovereignty” newsletter, and with the “Journey to Sovereignty” podcast. As such, we’ve gone ahead and added our existing email subscribers to the Freedom.Tech email list, as a good portion of our existing content will now flow to Freedom.Tech.

Don’t want to get emails about Freedom.Tech? Feel free to reply to an email and let us know, or simply unsubscribe once you get the first email from Freedom.Tech.

What is the “Freedom Tech” Movement?

From the earliest days of the Internet, an ongoing struggle has existed between those who would use the immense potential of this new technology to control or suppress human freedom, and those who would use it to empower the individual and promote human flourishing. This struggle has taken many forms over the decades, starting with the cryptoanarchists in the 1980’s and the cypherpunks of the 1990’s, both of which shared a common goal of enabling individual freedom through the use of cutting-edge technology.

Founders of the Cypherpunk movement: Timothy C. May (author of *The Crypto Anarchist Manifesto*), Eric Hughes (author of *A Cypherpunk’s Manifesto*), and John Gilmore (co-founder of the EFF). Source

Just as us humans strive for freedom, information in the digital age “longs to be free.” The “freedom tech” movement is a burgeoning grassroots movement that aims to encourage the optimistic, untethered development and use of technologies by people from all backgrounds, languages, and cultures across the globe. Freedom tech allows us to slow a rise in authoritarianism, fight back against encroaching surveillance capitalism, and empower journalists, dissidents, and activists everywhere.

We believe that the freedom tech movement closely aligns with that of the open source movement, and we hold the ideals of free and open-source software closely. While the freedom tech movement has no central authority or leader to dictate its aims, we have laid out the aspects of technology we consider vital to the movement below. Freedom tech should be:

✅ Free and open source

✅ Without usage restrictions

✅ Privacy-preserving

✅ Resistant to censorship

Quite simply, “freedom tech” is technology that empowers you.

What does this mean for Foundation content?

As Freedom.Tech gives us an excellent platform to focus content efforts outside of our products, we’ll be splitting our existing “This Month in Sovereignty” newsletter. Company updates, firmware releases, and similar posts will be packaged concisely in a new “Foundation Updates” monthly newsletter, while broader content around FOSS, freedom tech, and important news in the space will migrate to a monthly Freedom.Tech newsletter.

Similarly, we’ll be broadening the scope of our “Journey to Sovereignty” podcast and relaunching with a set of fantastic guests, covering a much wider variety of freedom tech topics as a result. We’re still in the process of revamping the podcast, so keep an eye out for more announcements there in the near future.

Learn more

With this launch we’ve included a few original blog posts, and are working hard to get some of the best writers in the space involved and amplifying their content on Freedom.Tech. We’ll be running some fun competitions (including giving away a free Passport!) over the next few weeks as a part of this launch, so be sure to follow us on X and/or Nostr as well:

How Passport protects your Bitcoin

Posted on August 23, 2023 - 10:00 am by Zach

Take a minute and ask yourself two simple questions: who or what are you trying to protect your Bitcoin from? How far are you willing to go to protect it?

These two questions are the root of a concept called “threat modeling”, and should be the basis for deciding what steps you take to secure your Bitcoin. Answering these two questions properly requires an understanding of what threats are out there to your Bitcoin and how they can be prevented.

In today’s blog post we’re going to walk through the most common threats to a Bitcoiner’s sats and break down how Passport helps to keep your savings safe.

Loss of funds

The threat: While this isn’t an intentional attack by a bad actor, it’s by far the most common way that people lose their Bitcoin. If proper backups aren’t kept, frequently tested, and broadly distributed, loss of funds is an ever present risk.

Losing your Bitcoin can certainly happen due to unforeseen events like house fires and floods, but it most often comes as a result of over-complicated setups and unplanned inheritance. It’s easy to want to always be on the cutting edge of security and wallet setups in the Bitcoin space, but it often pays to follow the old “KISS” (”keep it simple, stupid!”) adage when it comes to storing your Bitcoin!

Be sure that you thoroughly test the recovery process of whatever setup you do decide, and ensure that those you want to pass your Bitcoin on to can follow the recovery process without any additional help or input from you. It pays (in sats!) to be thorough and diligent when it comes to storing your Bitcoin.

An example: Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes | NY Times

How Passport protects you: Passport takes two major approaches to helping you preserve access to your Bitcoin: (1) providing users the necessary tools to write down their seed phrase and/or backup PIN code safely, and (2) providing encrypted microSD backups as the default option. Our goal with Passport backups is to prevent losing Passport from being a life altering event, instead equipping you to easily and safely restore funds anytime.

Encrypted backups in particular provide a uniquely powerful backup method, as you can easily distribute encrypted backup files broadly, be it your favorite cloud service, your password manager, or many different microSD cards or USB flash drives. As the backup file itself is encrypted, even if an attacker stumbles upon it they won’t be able to tell what it is, much less access the seed phrase within it without the associated backup PIN code. Then simply make multiple, geographically distributed copies of your backup PIN code (never together with your encrypted backup file!) and you’ll always have the ability to recover funds.

For the more traditional Bitcoiner, you can choose any number of backup methods for the seed phrase itself, including steel backups to ensure that fire and weather can’t harm your backups.

Learn more: Why we love encrypted microSD backups

Social engineering

The attack: The idea of social engineering is as old as time, but has become even more rampant in the digital age. When it comes to Bitcoin, often the largest risk to a user’s funds is someone online tricking them to install malicious firmware or enter their seed phrase directly into malicious software.

How Passport protects you: Passport prevents the installation of any firmware that is not signed by Foundation’s developer keys, ensuring that even if you get a malicious firmware file from an impostor site or fake support agent, there is no way for you to install the firmware onto your Passport.

When it comes to scams centered on tricking users to enter their seed phrase, while there is no technical way to prevent this (a user always needs to be able to access their seed phrase for backup purposes), Passport forces a user to go through several prompts warning them not to share or reveal their seed phrase to anyone else.

Malware on your computer or phone

The attack: Malicious software wallets are a constant, ongoing battle in the Bitcoin space and have claimed many sats from good Bitcoiners over the years. The common attack is to use advertisements on Google Search or use similar names on platforms like the Google Play Store to trick users into installing malicious versions of popular wallets.

An example: Electrum Bitcoin wallets under siege | Malwarebytes

How Passport protects you: One of the biggest benefits to a hardware wallet that utilizes an air-gapped design like Passport is that it is practically impossible for malware to steal funds in any way if the user is observant. Passport’s air-gapped design means that no matter what software wallet you’re using, you always have to scan in the transaction and verify the transaction details on Passport’s large, color screen before signing.

Even if the wallet attempts to provide Passport with a fake change address, a common and stealthy attack, Passport will check the change address and warn if it does not belong to your wallet. As the malware on your computer has no way to access Passport via USB or Bluetooth, it cannot infect Passport and make Passport display false transaction details, either. This is an immensely powerful defense and one that protects you against many different threats!

The next time you send a transaction, take a bit of extra time and be sure that you’re verifying the address and amount properly to protect your sats. In addition, make sure to bookmark the legitimate sites for your favorite Bitcoin wallets, never trust a random DM on Telegram, and verify software that you download whenever possible.

“Evil maid” attacks

The attack: An “evil maid” attack is a category of attacks encompassing any time an attacker gains physical access to a device that’s off. This can happen when you’re at home (i.e. someone you trust), when you’re traveling (i.e. an actual maid at a hotel), or when the device is in transit (i.e. checked baggage while flying). A whole new world of risk opens up as soon as an attacker has physical access to your Bitcoin wallet as they can perform a host of attacks.

The most common evil maid attack is to swap your Bitcoin wallet with a malicious wallet that records your PIN code and then recover the malicious device and use the captured PIN code to steal funds from your wallet.

How Passport protects you: Passport provides two main mechanisms to help protect yourself against a malicious device swap attack. Security words are easily enabled in Passport’s settings and make Passport show you two unique security words that can not be seen or replicated without knowledge of your PIN. You can learn more on how to use this feature in our documentation here.

The second defense is to check the boot count under Firmware in settings and compare with what you’d expect. While it’s a simple and less fool-proof check, it does add an additional layer of difficulty for any device swap.

Learn more: Security Code & Security Words

Physical theft

The attack: This one is quite straight forward, and involves an attacker simply stealing your Bitcoin wallet. Stealing your hardware wallet gives the attacker more time to attempt physical attacks or a PIN brute-force attack, though the fact that your wallet is missing can give you a chance to move funds if you have proper backups available.

An example: Kraken Identifies Critical Flaw in Trezor Hardware Wallets | Kraken

How Passport protects you: Passport has been built from the ground up to provide an extremely strong defense in the case of a stolen device. Passport’s security architecture leverages a secure element to best protect against physical attacks, making successful physical attacks that steal funds infeasible.

Passport’s secure element provides a strong hardware-based PIN code rate limiting, allowing only 21 attempts to enter the correct PIN before the device is intentionally bricked and no seed is able to be recovered from the device. The secure element also prevents an attacker with strong electronics expertise from being able to extract the seed from the processor or memory, as the secure element would also have to be compromised to retrieve a working private key.

Learn more: Maximum PIN Attempts

Supply chain attacks

The attack: Last but not least, we have supply chain attacks where an attacker intercepts the device before you receive it. The attacker could tamper with the hardware of the device and re-assemble it with some form of backdoor or transmission of the private key built in.

An example: Case study: fake hardware cryptowallet | Kaspersky

How Passport protects you: With Passport we’ve engineered a novel supply chain verification system that leverages the secure element on Passport. Every Passport device has a secret key locked away in the secure element that is used when you setup your Passport to perform a challenge-response check with our servers that will only be valid on devices we have provisioned directly at the factory that have not been tampered with.

If the secure element is tampered with in any way, or if a malicious device was swapped out for a legitimate one it would be unable to pass supply chain verification.

Learn more: Passport Supply Chain Validation

Conclusion

While seeing many of the potential threats to your Bitcoin can feel overwhelming, note that the vast majority of these threats are mitigated by simply using Passport as intended. Secure self-custody doesn’t have to be complex and daunting, though we do have to be vigilant and responsible when taking back control of our money via Bitcoin.

Announcing our Early Access Rewards program

Posted on August 17, 2023 - 9:54 am by Zach

One of the powerful use-cases that Bitcoin unlocked with it’s peer-to-peer nature is the ability to incentivize and reward contributions without any middlemen or hoops to jump through. This movement has come to be known as “value4value,” and has provided an immensely powerful new tool for content creators, Nostr users, and now community members. Today we’re excited to unveil a new program implementing the value4value philosophy into our existing beta testing process — Early Access Rewards.

tl;dr — Be the first to report any reproducible issue for Passport or Envoy beta releases and get a 10k Satoshi bounty in Bitcoin per issue reported!

Early Access Rewards Highlights

The premise of the Early Access Rewards program is quite simple: contribute meaningful bug reports for Envoy or Passport releases while they’re in open beta, and get rewarded for each individual contribution. No middleman, no lengthy ToS, no Foundation login or account necessary.

How to participate:

Test the beta releases for Passport firmware or Envoy app.
Report issues on Github.
All issues (the first time they are reported) are eligible for the 10k Satoshi reward.
Foundation team members will validate the issues for eligibility.
Rewards sent directly to your provided Bitcoin address or Lightning invoice.

Join Early Access Rewards today

Want to earn sats for your important contributions to our open-source projects? Simply join our beta testers Telegram room below and keep an eye out for beta release announcements. Once a release is announced, you can submit any issues you find via Github and earn 10k sats per validated issue.

@foundationbeta Telegram Room

Once you discover an issue with the beta release, submit it via Github using the following links with the “Bug Report” option. Note that this does require a Github account:

Passport firmware issues: Github – Passport
Envoy app issues: Github – Envoy

Join the community, help us improve, and get rewarded in Bitcoin for your valuable contributions! ????

The future of Early Access Rewards

We’re excited to see how well this program works to incentivize important feedback and contributions from our fantastic community, but we also have plans to expand the program in the future. We’re currently considering creating a hardware Early Access program to get our newest products in the hands of invaluable community members first, and top contributors to this Early Access Rewards program will be first in line.

We have multiple new products in the works, and we can’t wait to watch each of you help us to build and improve as we bring freedom tech to more and more people around the globe. As one of the top contributors to our Early Access Rewards program, you’ll get the chance to test our new products for free as a thank you for your contributions in exchange for feedback and bug reports.

The (not so) fine print

If you have more specific questions on how the program will work, you can read the detailed rules below. Have a question? Don’t hesitate to ask in the Telegram room or email us at [email protected].

Eligibility for Rewards: a. The first reporter of any reproducible issue for Passport or Envoy beta releases is eligible for a 10k Satoshi bounty, paid in Bitcoin. b. Issues must be reported only once, and once made public, they are no longer eligible for additional 10k Satoshi bounties.
Reporting Process: a. All issues should be reported on Github in the appropriate repository:
- Passport firmware issues: Github – Passport
- Envoy app issues: Github – Envoy
Reproducible Issues: a. Issues must be reproducible, meaning that Foundation team members can accurately recreate and validate the issue in the Envoy app or Passport firmware.
Judgement and Reward: a. Foundation reserves the right to make the final judgment on whether issues are eligible for the 10k Satoshi reward. b. Once an issue is verified and confirmed as eligible, the reward will be sent to the reporter’s provided Bitcoin address or Lightning invoice.
Rewards Distribution: a. The rewards will be distributed in Bitcoin (BTC). b. The amount of the reward will be 10,000 Satoshi for each eligible issue. c. All rewards will be paid out at the end of the beta period.
Confidentiality: a. While issues will be made public upon reporting, beta testers should avoid sharing sensitive or personal information in public discussions about the issues.
Compliance: a. All beta testers must comply with the rules and guidelines set by Foundation Devices during the beta testing period. b. Any violation of the rules may result in disqualification from the beta testing program and forfeiture of rewards.
Changes to the Rules: a. Foundation Devices reserves the right to modify the rules or terminate the beta testing program at any time without prior notice.
Disclaimer: a. Beta testers participate in the program at their own risk, and Foundation Devices shall not be liable for any damages or losses incurred during beta testing.

Why reproducibility matters

Posted on August 7, 2023 - 2:02 pm by Zach

The ability to reproduce and verify firmware for Passport has always existed, but in recent weeks we’ve ramped up our efforts to make it easier for anyone to be sure that the code running on their Passport exactly matches what is on Github. That culminated last month in the release of a new step-by-step guide to reproducing Passport firmware, making it easier than ever for you to verify firmware yourself, along with updates to the validation of our firmware’s reproducibility on Wallet Scrutiny.

While those resources are more of the “how” for reproducing firmware, we wanted a place to walk through the “what” and the “why” as well.

What are “reproducible builds?”

While there are many open-source projects out there today, the ability for you to validate that the binary (the actual piece that you install or run) is actually a bit-for-bit match with the code on Github is quite rare. The main reason for this is that ensuring binaries for a given project are reproducible requires a massive amount of work up front for the developers and maintainers, as well as additional documentation, maintenance, and customer support. Here at Foundation we view the trust minimization that reproducible builds bring as vital, so we’ve put in the hours to enable easy reproducible builds for everyone.

Reproducible builds allow you, the user, to build the binaries for Passport directly from the source code in a repeatable, “reproducible” way and validate the results match exactly what we ourselves publish. The way these builds actually function under the hood can differ widely from project to project, but always rely on building the binaries in exactly the same way no matter the users operating system, computer, etc. The rough process for Passport’s firmware looks like this:

Thanks to the magic of cryptography, we can compare the binaries we build with those Foundation releases by computing a hash of the binary, something that will change completely if even one bit of data is different in our binaries versus Foundation’s. This makes it trivial to compare and verify binaries, the ultimate goal of reproducible builds.

You can get a quick walk-through of what to expect in this short video of the entire process, start to finish:

Why does this matter?

The ability to not only see, read, and verify the open-source code published for Passport, but also to take it one step further and ensure that the firmware you run exactly matches that code provides the highest level of trust minimization possible. When you can be sure that the code actively running on Passport matches exactly what you would expect, it reduces the potential threat of Foundation releasing malicious firmware as there is no way for us to include code in the firmware that isn’t publicly visible and scrutinized on Github.

We don’t want you to have to trust us at all, and reproducible builds are the full embodiment of the phrase “don’t trust, verify.”

Try reproducible builds today

If this piqued your interest, you can dive in and reproduce Passport firmware yourself today! Following the guide below will take you through every step of the process:

Reproducibility Guide | Github

While the guide is focused on Linux, the commands and steps will be very similar on operating systems like Windows and MacOS, and we’ve linked out to the relevant guides for dependencies on those respective operating systems.

If you do try out reproducible builds, we’d love it if you’d share your results publicly! Post the output of the process to Twitter or your favorite social media platform, tag us @FOUNDATIONdvcs, and we’d love to share your post out ourselves.