What It Really Means to Be Sovereign | SeedSigner - What Bitcoin Did

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
I think it's important to think of security as a journey and not a destination.

(00:07):
With hardware wallets, there's this, because they've created the easy button,
you don't really understand what is going on behind the curtain, so to speak.
Be skeptical and go into that with your eyes open and think around the corner as to the
implications of some of the information you're sharing or the trust you're putting in a firmware

(00:28):
update. The nature of security seems to be the sort of cat and mouse thing. I wanted to put my
trust into the math that underlies the Bitcoin protocol rather than a third-party device.
It's just not quite the same. It's nice looking into your glasses.

(00:48):
How are you doing, Mr. Seatiner?
I am well today.
Bitcoin's teasing all-time highs.
I know. What are we at right now?
Above 125, barely.
And I'm here talking to you, so if I'm nervous as shit, it's still a good day.
There's no need to be nervous.

(01:09):
This is a safe space.
But yeah, Bitcoin's absolutely flying.
It's great to see.
It is.
I think we're in for a good end of the year.
It's all the stars are aligning with the usual kind of, well, you probably follow this stuff
more than me, but November and December are typically, October, November, and December
are typically pretty bullish. So even the shutdown, I guess, is bullish at this point.

(01:32):
100%. Bitcoin doesn't shut down, even if the US government does. No, I'm excited. October is real.
I think cycles are broken, maybe. Maybe. But we don't need to talk about price. That's not why
you're here. I mean, we can talk about price. The views will be better if we talk about price.
I'll never turn down some, yeah, bull child. But no, I think October is definitely a thing. I'm

(01:57):
excited to see where it goes. But anyhow. So let's start off by introducing you. You've not
been on the show before, new or old. Who are you? So I am a NIM on the internet. I go by,
Initially, I went by the NIMS SeedSigner. Now, a lot of people just refer to me as Seed when they see me in public.
But I was, let's see, been a Bitcoiner for about 12 years.

(02:22):
I was a police officer for 15 years, and I created this little open source software project called SeedSigner that's kind of been my introduction as a public Bitcoiner.
So that's me.
So we're going to get into the SeedSigner stuff today, but I do want to talk about your background because it's pretty interesting.
You were a police officer, but not just a normal police officer by the end of your career, at least.

(02:44):
So why don't we start with that whole journey?
How did you go from being a police officer to working in forensics?
Yeah, so my background, you know, bachelor's degree in English literature, minor in philosophy.
Then I studied management information systems some during my undergraduate career and kind of bounced around between a lot of jobs when I was younger.

(03:07):
I was actually a flight attendant for a year in 2001.
So I was in the air on 9-11.
And after that was laid off.
I worked for an airline called TWA that no longer exists.
What was it like being in the air in 9-11?
So we were, it was as crazy as you would think it'd be.
We were close enough to St. Louis,
which was where I'm domiciled out of,

(03:29):
that we got to land in St. Louis.
So I didn't end up stranded in another city,
but I flew out of Atlanta that morning
on the busiest airport in the country.
And then, you know, once we landed,
I think one of the towers had been hit by the time we landed.
And it was just more confusion after we got on the ground.

(03:49):
You know, at first they wouldn't taxi to the gateway,
and then we did taxi to the gateway,
but you weren't permitted to leave the plane.
And then you had to leave the plane,
but you couldn't leave the terminal.
And it was, you know, the same confusion
that everyone else, I'm sure, experienced.
That's insane. That must have been pretty wild.
Where were you meant to be going or were you meant to be going to St. Louis?
No, it was back to St. Louis.
I probably had a turn to go somewhere else too that day, but yeah, it wasn't meant to be.

(04:13):
That's pretty scary.
Yeah.
What a scary time to be in the air.
I'm sorry, I interrupted you there though.
No, not at all.
So after laid off from TWA, I had worked some private security jobs when I was younger and
ended up working at a university in St. Louis as a basically a campus security officer.
and it occurred to me that it wasn't in a great neighborhood. It occurred to me I could make more

(04:37):
money and have a safer working environment if I just went to the police academy. So I figured out
how to do that and got admitted to the academy and got hired on by a local, I'm from St. Louis,
so a small municipality in the county around St. Louis. And for the first three years, I was just
a road cop, like writing tickets, answering calls, domestic fight in progress, that kind of stuff.

(05:00):
and by virtue of my background in information systems,
the chief of the department where I worked
knew that I was a little bit of a geek
and this would have been in what, like 2006, 2007?
So digital forensics was still a young
and growing part of law enforcement
and there was a task force or a working group

(05:24):
in the area that was looking to add people
and they asked me if this is something
that I would be interested in and looking into or potentially joining at the Digital Forensic Lab.
So I worked over there part-time for a few months, just kind of learning the super basics about
digital forensics and I guess perform well enough that they offered me a full-time,

(05:45):
you know, a full-time assignment, I should say. I stayed with the same police department the whole
time, but was assigned, you know, every day from nine to five during business hours. Instead of
driving a police car, I'd go to the forensic lab and was assigned casework where I'd take apart
computers or try to obtain data acquisitions from cell phones and data recovery from thumb drives

(06:07):
and all sorts of digital media type stuff. Okay. So you're basically looking for information on a
crime. What year was this? This would have been 2007. Okay. So you would have been working there.
You did that for a few years, I assume. The next 12 years. So until 2019. So you would have been
working there during like the Silk Road days where people were sending drugs around. Did you ever

(06:28):
encounter any of those cases? So that was actually my introduction to Bitcoin was a case that I guess
more than tangentially touched on the Silk Road. It wasn't actually my investigation. It was another
examiner at the lab who I was talking to, I don't know, in the break room or water cooler talk or
whatever. And he had been assigned a case that involved a local high school kid who had been

(06:52):
given a nice gaming computer for Christmas
that had two decent GPUs on it.
And this, I don't remember if it was late 2012, early 2013,
but you could still competitively mine Bitcoin with GPUs at that point.
FPGAs were probably in play and ASICs were coming soon.

(07:13):
But anyhow, this kid was mining a decent amount of Bitcoin
and he would buy marijuana on the Silk Road.
It'd be shipped to his house and then he'd break it down into dime bags
or whatever smaller divisions.
He'd take it to school and was making a nice little hustle as an entrepreneur selling weed at school.
Of course, a teacher or somebody found out, and they called the police,

(07:33):
and that's how his computer ended up at the forensic lab.
But I had never heard of Bitcoin before talking to this coworker about it.
So that's what sent me to Google and down the rabbit hole of just trying to figure out what was this thing,
what did all the compute that was associated with it, what was that good for?
Why did it need that? And, you know, the white paper. And I joined Bitcoin Talk and, yeah, just started learning about it.

(08:00):
You know, when you have cases like that, it's like a young kid selling weed at school, like kids shouldn't do that because they're going to get in trouble.
But do you also think like, kind of cool, he's a bit of an entrepreneur.
Yeah, I mean, I definitely didn't have that kind of sense of opportunity when I was, you know, a kid mowing lawns at his age.
Mo lawns is a better option, kids. No kids listen to this, but if you do, don't sell weed,

(08:21):
mo lawns. So that's the first time you found Bitcoin. I think given the context, if I was you
in that situation, police officer, find this through a guy who's selling weed at school,
I would probably, especially back in 2012, whenever it was, I would jump to the assumption
that this was just money for criminals. Like many people are even still falling into this pit trap.

(08:42):
What did you think of it?
No, that was probably becoming the predominant narrative at the time.
I think Bitcoin was probably transitioning from quirky nerd money to a tool for money
launderers and drug sellers on the darknet.
But they say, I don't know if it was D++ or somebody else, I think it was her who said,

(09:07):
Bitcoin kind of hits you where you're at at a given stage in your life.
And at that point, I was a young father with a big mortgage.
And I was trying to pick stocks and make investments in different things.
And I was looking for a way to make the money that I earned through my employment work harder for me.
And so I tended in the beginning to see Bitcoin as an investment.

(09:30):
I saw the permissionlessness of it.
And what really resonated with me was the scarcity of it, the hard cap on supply.
And so as I started to think about the market cap of Bitcoin, it really seemed like it could potentially be significantly undervalued.
So that was probably, you know, number go up in that day and age is what drew me into it.

(09:53):
But at the same time, that was, you know, the original generation of altcoins, you know, Litecoin, Feathercoin, all that kind of stuff.
And so it wasn't, Bitcoin was the top dog, but it wasn't, Bitcoin only wasn't a thing back then.
And so it was this opportunity to speculate and make money that probably first brought me in.
This episode is brought to you by River, and they've just launched a very cool new product

(10:16):
where you can automatically buy every price dip.
Their zero fee recurring buys are a proven way to build wealth with Bitcoin,
and you can now supercharge them and buy up to 100% more Bitcoin
if the price is dipping at the time of your order.
It's a great tool to buy more Bitcoin at lower prices,
and while your cash is waiting to be deployed, you earn 3.75% interest on it,

(10:36):
paid in Bitcoin. River is built to last with security at its core and is the only Bitcoin
exchange in the US with proof of reserves. To open an account go to river.com forward slash wbd
and earn up to $100 in Bitcoin when you buy. That's river.com forward slash wbd.
What if you could lower your tax bill and stack Bitcoin at the same time?

(10:57):
Well by mining Bitcoin with blockware you can. New tax guidelines from the big beautiful bill
allow American miners to write off 100% of the cost of their mining hardware in a single tax year.
That's right, 100% write off. So if you have $100,000 in capital gains or income,
you can purchase $100,000 of miners and offset it entirely.
Blockware's mining as a service enables you to start mining Bitcoin right now without lifting

(11:21):
a finger. Blockware handles everything from securing the miners to sourcing low-cost power
to configuring the pool, they do it all. You get to stack Bitcoin at a discount every single day
while also saving big come tax season. Get started today by going to mining.blockwaresolutions.com
forward slash WBD. Of course, none of this is tax advice. Speak to your accountant or tax advisor

(11:42):
to understand how these rules apply to you and then head over to mining.blockwaresolutions.com
forward slash WBD and you'll get one week of free hosting and electricity with each hosted miner
purchased. What Bitcoin did is brought to you by the massive legends, Iron, the largest Nasdaq
listed Bitcoin miner using 100% renewable energy. IREN are not just powering the Bitcoin network,

(12:04):
they're also providing cutting-edge computing resources for AI, all backed by renewable energy.
We've been working with their founders Dan and Will for quite some time now and have been really
impressed with their values, especially their commitment to local communities and sustainable
computing power. So whether you're interested in mining Bitcoin or harnessing AI compute power,
IREN is setting the standard. Visit iren.com to learn more, which is I-R-E-N.com.

(12:27):
I mean, I think that gets everyone, right? It's number go up first. Everyone thinks it's a get
rich quick scheme, and then you learn it's a don't get poor slowly scheme.
Right. But I also had those misgivings given my role in law enforcement and stuff. And somebody,
the majority of my work in forensics dealt with crimes against children. And so the possibility

(12:48):
of Bitcoin being used to sell illicit material online and that sort of thing, like that was
a part of how I viewed it. And there were like, I remember being a bit conflicted about it. There
was a Bitcoin podcast at the time called Let's Talk Bitcoin. And it was, I think Adam B. Levine

(13:09):
was the host. And it turned into like a network of podcasts, right? I think. It grew into a network,
but originally it was that Adam B. Levine, Andreas Antonopoulos, and another person,
Stephanie Murphy. And they were actually a daily Bitcoin podcast for a while. And I remember
Andreas bringing up the whole boogeyman factor of child sexual assault material being sold for

(13:36):
Bitcoin. And I really wrestled with that a lot early on because Bitcoin is permissionless and
to a degree, depending on how you use it, private. And so it was something that you eventually
realize cars are dangerous too, and cars kill a lot of people around the world. But the value we
get from cars above people dying in car crashes dramatically exceeds the number of sad deaths

(14:02):
that occur. So the possibility of it is just so much bigger than the people who misuse it or,
you know. I think I actually saw this stat recently. I think it's 40,000 Americans die
every year through traffic accidents.
And as society, we've decided to accept
that that's a worthwhile trade-off.
Obviously, people are doing everything they can

(14:22):
to bring that number down as much as possible.
But it is a harsh reality that you have to face
when you actually understand what Bitcoin is.
Bitcoin is freedom money.
It's permissionless.
It's money for enemies.
People are going to use it in ways you don't like,
and you have no ability to stop that.
You just have to come to terms with it.
And again, weigh up the benefits against the negatives
and realize that it's a worthwhile trade-off.

(14:43):
Yeah, same story with firearms.
Obviously, that's an analogy that people make a lot of the time.
But yeah, guns are dangerous and they kill a lot of people,
but they also protect a lot of people's homes and serve as a deterrent
and help people defend themselves.
So when you discovered Bitcoin, you saw it as an investment first.

(15:05):
Obviously, I'm sure that's changed since then.
Well, it is still an investment, but it means certainly more to me
and I think more to you than that.
Did you manage to hold on through all the hype mania phases?
Yeah, I alluded to this briefly when we were talking the other day in preparation for this.
So I had a severe weak hands incident in 2017.

(15:28):
Not that I was a Bitcoin baron or anything by any means, but I had in early 2017,
so the majority of the Bitcoin I acquired early on were like in 2013 and 2014.
I remember buying Bitcoin for as little as like $65 on Coinbase in the summer of 2013 as they were kind of crashing before the run-up in the end of that year.

(15:52):
But after the peak in 2013, the Mt. Gox incident happened, and there was just a long, brutal bear market through 2014 and 2015.
and that was, I think everybody's first bear market
is like the worst one.
And that was a bad one.

(16:13):
Yeah, and you don't have the experience
of Bitcoin resurrecting itself after it falls.
You know, it comes back up.
So you think like maybe I'm the idiot
and I bought close to the top
and, you know, I'm the greater fool.
So I'm dealing with all this kind of uncertainty
through 2014, 2015, 2016.

(16:34):
And in late 2016, I don't remember the timeline exactly, but the price started to perk up.
And it got past the peak of $1,200 or in that neighborhood.
And then the Bitcoin price is approaching like $2,000, between $2,000 and $2,500.
And with the mortgage we had on our house, if at that particular moment, I sold all of

(17:01):
the Bitcoin and legitimately paid the taxes, which were a gut punch, I was at a point where
we could pay off the mortgage of our house and be completely out of debt and kind of have a fresh
start financially in life. And at the same time, you know, in early 2017, what's going on is
actually reminiscent of what we're going through now. There was the four cores were kind of in full

(17:25):
swinger coming to it at that time. And I had this anxiety or worry or whatever you want to call it
that, you know, the conventional wisdom is if Bitcoin forks, no big deal. You just hold all
the forks. And eventually when everything sorts itself out, you know, you're not hurt.

(17:46):
But I was concerned with the number of forks that were happening, that if the network fragmented too
much, the whole concept would lose its perceived value.
So people might actually not remember the history of that, but would that have been things
like Bitcoin Unlimited and-
Bitcoin Gold.
Bitcoin Gold, yeah.
And Bitcoin Cash.
Yeah.

(18:06):
And all those at the time.
And another factor of it is like, I'm a modest means coming from the middle class kind of
guy.
And when you've put, I don't know what I put into my initial investment of Bitcoin, whether
It was like probably between $10,000 and $20,000 of money that we had saved up when we were bringing in as revenue.

(18:27):
My wife, God bless her, was very understanding about buying Bitcoin.
And some of the, like, I was on the, like, early on when ASICs were just becoming available,
if you wanted to buy one, it was never just like buy it off the shelf and they ship it to you.
It was always some kind of like pre-release or funding campaign where you send in money

(18:48):
and it was a pre-order for something that would hopefully come through a few months later.
And then when you got it, it wasn't efficient.
Yeah. And because so much new hash is coming online,
it didn't produce maybe what you'd expected it to when you'd initially ordered it.
So at one point I went to my wife and I was like,
I'd like to buy this magic machine that makes Bitcoin for $3,000 or something like that.

(19:09):
And she's like, oh, okay.
So anyhow, so in 2017, given what the Bitcoin I was holding, what it was worth, and what it started from, I think people who are from modest financial means are just not mentally equipped for that kind of financial gain.
In your mind, you start to second guess whether it's real.

(19:30):
And there's this huge temptation to very binary thinking where you don't sell a little bit.
If you're going to sell, you just get out and sell it all.
And there's, I was, I guess the best way to say it is I was very financially unsophisticated at that point in my life.
Not that I'm super sophisticated now, but even more so back then.
And so one day I remember being in the forensic lab and it always seemed like I had on my computer that was connected to the internet, which was a separate computer.

(19:58):
I always had like a price ticker or a exchange chart or something up.
And I see the number kind of like fluttering around my magic number of like get out of debt.
And I remember that day very clearly.
Like I just got up, told my boss I was going home for the day.
It was still like mid-morning.
And I went home and I just started pulling out.

(20:21):
I didn't have a hardware wallet at that point.
We can talk more about that.
Was that paper wallet era?
It was still paper wallet.
When I set it up initially it was definitely still the paper wallet era but Harder Wallets had subsequently come out but it was um yeah Trezor must been around then and Ledger probably wasn its early form I don know when um Trezor I think was like late 2013 early 2014 if

(20:43):
my timeline's right. Um, but, uh, when I had set things up initially, um, uh, hopefully
I don't blank on the, I had used a web wallet, but it wasn't, it was like a web paper wallet.
So it was an open source project.
And I'll think of the name of it.
It wasn't like Electrum Wallet or something like that, was it?

(21:04):
No, no, no.
So it was basically a website.
And it was a GitHub repo.
All of the code that underlied the website was published in the repo.
And what you would do is basically download the HTML associated code that makes up the website from the repo.
And they provided an authentication hash.
So if you're trusting the person who publishes that website, what the hash was supposed to be.

(21:28):
And this was actually a forensically sound process.
You would boot up a separate computer offline, not connected to the internet, with a fresh Linux installation.
And you would use that to generate new private keys.
And it's called bidaddress.org.
People who have been around in Bitcoin, I'm sure, recognize it.
The guy who created it, his first name is Peter.

(21:50):
I won't say his last name because he's kind of private, but super great Bitcoiner.
He's actually known as BTC Curacao, who's promoting Bitcoin adoption there.
But anyhow, went through this very methodical process using an offline computer that was
completely in line with my forensic training and bought an inkjet printer that I used to

(22:14):
print out the private keys for the paper wallets.
Never used that inkjet printer again for anything else.
It was a USB connected one, so it never touched the internet.
Went through this very carefully thought out process.
But in the end, what am I doing?
I have a list of private keys printed on eight and a half by 11 computer paper, you know, that's in my underwear drawer at home.
Yeah.
Because when I first put it in there, it was worth like a few thousand dollars, you know.

(22:39):
And over time, as Bitcoin started to appreciate more, my security setup, I think, is eventually what was part of the genesis of SeedSigner because of all of the contributing factors to this weak hand experience, which I'm not in the league of Laszlo, the guy who bought pizza for Bitcoin way back when.

(23:02):
But when you think about the amount of Bitcoin you previously owned before you sold everything, it's not an easy memory.
and so to tell the story in 2017 like i and i awkwardly sold the bitcoin it wasn't even like
set a sell order like it there's probably i was i was i had an account on gemini that day and
there's probably this awkward like blip on the chart of gemini that day from me just market

(23:26):
selling a bunch of bitcoin i didn't even know gemini was around by then uh 2017 yeah they were
still pretty small. But yeah, it was on Gemini. And so went home, you know, started sweeping all
of these paper wallets, awkwardly dumped everything on Gemini, and then had this big dollar balance,

(23:49):
which I didn't really believe it was real until I'd moved it, you know, did the wire transfer into
my personal bank account, and was making preparations to pay off the mortgage loan.
But boy, did I not want to hear about Bitcoin for the rest of the year.
I bet.
Like in 2017.
Because the price rise was pretty dramatic from $2,200 or whatever that I sold that up until $18,000 or $20,000.

(24:14):
I mean, even in that year alone, you could have basically 10X'd it.
Yeah.
And it's like, even if I hadn't held on to the Bitcoin, if I had had better timing when I sold, it would have meant a much bigger.
Well, like I said, I wasn't very financially sophisticated, so it is what it is.
And for the rest of the year, I didn't want to hear about Bitcoin.
Like, I decided me being able to pay off our mortgage was kind of the first step to me thinking about stepping away from my career in law enforcement.

(24:43):
And so I started focusing on that.
My wife has always been better at bringing money home than I had been as a cop.
So we started to talk more about me being a stay-at-home dad with our kids.
And I kind of went on this self-improvement spree.
I started reading a lot of self-help books and trying to improve things about myself that I thought were suboptimal.

(25:08):
So I deleted Twitter.
I got off of Bitcoin Reddit and all the other ways I'd been following Bitcoin at the time.
And I just started to focus on making sure that I was a good enough person to retire early from my job and not end up like Mr. Mom where I'm sitting on the couch, like watching TV and drinking wine at 2 p.m.

(25:28):
Yeah, exactly.
So for the rest of 2017, like I'm reading my self-help books, getting up in the morning and, you know, going through my miracle morning routine and stuff like that.
And in 2018, I don't remember what the catalyst was,
but as painful as it was sometimes,
I started peeking at the Bitcoin price.

(25:49):
And in 2018, it started to come down.
I bet you were the only person happy to see it come down.
One of the few.
And Bitcoin gets its hooks in you.
It's like the meme from The Godfather.
Like, once you think you're out, they pull you back in.
I don't know if that's Goodfellas or The Godfather.
And so I started paying attention to the price again.

(26:11):
I probably created a new Twitter account because I deleted the old one.
And as the Bitcoin price got to like, I didn't catch the absolute bottom, but I was like kind of good.
I started buying more around $4,000 as it had come down from 20.
And this is like in 2018 and in 2019.
So I started accumulating more Bitcoin.

(26:34):
And this is like Bitcoin is different for me now.
It's still an investment to some degree.
But if you think about 2017, 2018, 2019, that is really the time when the U.S. national debt starts to ramp up.
And my kids are getting a little bit older.
And maybe I'm maturing a little bit.
But I'm starting to think about, like, what world am I leaving for them?

(26:56):
Where is this debt going?
What kind of country are my kids going to be left with?
And so Bitcoin took on additional significance beyond just being an investment for me as I was starting to rebuy it.
Again, still love number go up, especially relative today to where it was then.
But my Bitcoin journey was different at that time.

(27:19):
And after I'd started buying more Bitcoin, I started to think about cold storage.
And I was still at work in the forensic lab.
and I started to think about the reasons
why I just so awkwardly had the lettuce hands experience.
Well, I understand it though.
I think one thing that's probably true

(27:41):
for almost all Bitcoin is,
well, there's a few things in what you said that's true.
One, that it gets its hooks in you.
Probably from the first day I ever read about Bitcoin,
there's likely not been a single day since
that I've not read more about Bitcoin.
But the thing that I think people aren't prepared for
and never can be when you first buy Bitcoin
is the fact that you have to consider
what you will do when it 10Xs

(28:02):
because at some point it's going to 10X on you.
And that comes down to both psychologically
what you do with getting that much wealthier,
but also when you're thinking about
how you secure your Bitcoin,
you need to think about securing 10X the value of today.
And luckily I've had no mistakes
that have meant I've lost Bitcoin in that way,

(28:23):
but I've had very janky setups
compared to what I should have had.
So I guess for you,
going from using paper wallets back then,
like it's interesting just to hear,
it's easy to think since 2017 to now,
not that much has changed.
But when you actually think about
the infrastructure side of Bitcoin,
the hardware that's available,
it's a world apart.

(28:46):
So when you were thinking of like
your initial paper wallet setup
and you came back to Bitcoin,
how did you view sort of the hardware wallet market at that time?
Right. So I consciously avoided the hardware wallet market.
And part of it, you know, to be candid,
was that I already had a setup that I was reasonably comfortable with.

(29:10):
It turned out, like, I think as I bought Bitcoin
and started to think about what I could,
what my preferred setup for long-term cold storage was,
I started to think about my background in forensics and what about my background might inform an approach or a strategy that would make sense for me and kind of calm my unique sort of anxieties.

(29:35):
One thing I can say about my time in forensics is I grew up in forensics during a very unique period in time where, you know, initially when I started doing forensics, it was all what's called dead box forensics,
where you take a computer that's been powered down,
you basically remove the hard drive from it,

(29:55):
and that's your primary,
almost your only exclusive source of information
about that computer and what it was used for.
But early on in my career,
at first we started seeing flip phones,
and then the rise of cell phones occurred.
The iPhone, I think, came out in 2006 or 2007.
Maybe it was a little bit before that.
And so I got to watch mobile phones start from these awkward devices that you flip open and press the number three eight times to get a lowercase e or whatever it is, grow into these supercomputers that we all carry in our pocket and we rely on for not just being able to call people and not just browsing the internet, but personal authentication and accessing our bank accounts and all sorts of payments and other things.

(30:43):
I mean, they've replaced computers for a massive amount of the population.
Yeah, and over that time, like forensics, in terms of the workload that the average digital forensic examiner sees,
it was actively transitioning from desktop computer to laptop and then to phones and tablets.
Mostly phones, but you still see some tablets.
And so the mobile phone industry, you know, the first kind of smartphone you can think of is a Blackberry.

(31:11):
You can remember when President Obama took office, it was like he kind of said something effective, you can pry this BlackBerry out of my cold dead hands because iPhones were becoming more popular, but we're all creatures that have it.
People like the buttons.
He really liked his BlackBerry.
And BlackBerry had some pretty crude security measures in terms of what's baked into the device.

(31:37):
And so some of the earliest forensic challenges that we had in the forensic lab were getting a device like a BlackBerry and trying to figure out if it was pin enabled.
How do we get into this to observe?
At that point, there weren't apps per se.
You're just trying to get into somebody's call history.
In BlackBerry, you could get some emails off of it potentially.
But shortly after BlackBerry came the iPhone and then Android not too long after that.

(32:02):
And as the smartphones grew up, you know, Apple and Samsung and the other companies, they want to sell more smartphones.
And they really wanted to get access to government and corporate markets.
and government and corporate markets had a certain threshold of security requirement

(32:24):
that they needed Apple to be at before Apple could, you know, before they would buy,
you know, 5,000 iPhones for distribution to government employees or whatever it was.
So Apple started adding security features that were basic and clumsy at first,
but that got increasingly sophisticated.
And what I observed as someone doing forensics over that time period

(32:46):
was this ongoing cat and mouse game
between Apple trying to up its security game
and then an increasing number of researchers
and then startups who would examine, you know,
the underpinnings of iOS and Android
and come up with security exploits that could be used
to get around the gold standard,

(33:10):
or what you really try for is being able to authenticate
to log into the device, you know, whether that's,
Now it's face ID, but at the time, you know, it was a lock pattern or a pin code or whatever
it was.
And so Apple would implement a new security feature.
Six months later, an individual who's doing research or as it became more likely a company

(33:32):
that contracts with the federal government and other local governments would develop
an exploit to get around what Apple had done.
Apple would do something new six or nine months later, you know, and it's this cat and mouse
game.
So with my experience with mobile phones, I got a lot of phones that were locked when they arrived to me at the forensic lab.

(33:55):
And as a rule of thumb, if you could either turn the phone off or keep it powered and offline, for a lot of phones within 12 to 18 months, if you just waited it out, and court cases take a long time anyway.
the criminal justice system isn't fast. So if you were willing to wait it out, a lot of times

(34:16):
an exploit would be developed that could defeat a given security mechanism that was in place
on a phone that you were starting to work with. So to circle back around to Bitcoin,
harder wallets, as I saw them emerging with the mobile phone industry and then harder wallets,
when I saw harder wallets, I thought I've seen this movie before. I kind of understand how this
is going to work. And when you consider, you know, the Apple has, you know, it's a, I don't know,

(34:43):
it's a trillion dollar company or whatever the market cap of Apple is, the amount of money that
they spend on these security exploits, and they're still not practically able to keep government
contractors out of their phones. I don't know if that's contrived, if that's a real thing or if it's,
But the nature of security seems to be the sort of cat and mouse thing.

(35:04):
And so, number one, I just had ambivalence about hardware wallets because of that cat and mouse game that I observed with mobile phone security.
And then at the time, it's changed since then.
But at the time, most hardware wallets required that you connect them to your laptop.
Yeah.
And those USB connections, I just never felt comfortable with that.

(35:26):
because if you have the wrong software conditions in place,
like, you know, bad things can happen over that wire.
So never trusted USB.
And so I just, during that period of my time as a Bitcoin
and that's why I stuck with the paper wallets.
If you're already self-custody of Bitcoin,
you know the deal with hardware wallets.
Complex setups, clumsy interfaces,

(35:48):
and a seed phrase that can be lost, stolen, or forgotten.
Well, BitKey fixes that.
BitKey is a multi-sig hardware wallet
built by the team behind Square and Cash App.
It packs a cryptographic recovery system
and built-in inheritance feature
into an intuitive, easy-to-use wallet
with no seed phrase to sweat over.
It's simple, secure self-custody without the stress.

(36:08):
And Time named BitKey one of the best inventions of 2024.
Get 20% off at bitkey.world when you use the code WBD.
That's B-I-T-K-E-Y dot world and use the code WBD.
This episode is brought to you by Anchor Watch.
The thing that keeps me up at night is the idea of a critical error with my Bitcoin cold storage
and this is where Anchor Watch comes in. With Anchor Watch your Bitcoin is insured with your

(36:32):
own A-plus rated Lloyds of London insurance policy and all Bitcoin is held in their time-locked
multi-sig vaults. So you have the peace of mind knowing your Bitcoin is insured while not giving
up custody. So whether you're worried about inheritance planning, wrench attacks, natural
disasters or just your own silly mistakes you're protected by Anchor Watch. Rates for fully insured
custody start as low as 0.55% and are available for individual and commercial customers located

(36:57):
in the US. Speak to AnchorWatch for a quote and for more details about your security options and
coverage. Visit anchorwatch.com today. That is anchorwatch.com. Do you wish you could access cash
without selling your Bitcoin? Well, Ledin makes that possible. They're the global leader in Bitcoin
backed lending and since 2018 they've issued over $9 billion in loans with a perfect record of

(37:18):
protecting client assets. With Ledin you get full costly loans with no credit checks or monthly
repayments, just easy access to dollars without selling a single sat. As of July 1st, Ledin is
Bitcoin only meaning they exclusively offer Bitcoin backed loans with all collateral held by
Ledin directly or their funding partners. Your Bitcoin is never lent out to generate interest.

(37:40):
I recently took out a loan with Ledin, the whole process was super easy. The application took me
less than 15 minutes and in a few hours I had the dollars in my account. It was really smooth.
So if you need cash but you don't want to sell Bitcoin, head over to leaden.io forward slash
WBD and you'll get 0.25% off your first loan. That's leaden.io forward slash WBD.

(38:02):
This episode is brought to you by Bitcoin Mina. On December 8th and 9th, I'll be in Abu Dhabi for
Bitcoin Mina along with 10,000 other Bitcoiners. There's an amazing lineup of over 200 speakers
sharing Bitcoin insights and innovation from all over the world.
And if you're looking for the ultimate VIP experience
with exclusive networking plus premium food and drink,
then grab the Whale Pass and the Whale Night Party

(38:23):
even include surfing, so you know I'm going to be there.
Tickets are on sale now.
Use code WBD to get 10% off at checkout on all pass types.
The website is mina.b.tc
and use code WBD for 10% off.
So what do you think then of the hardware wallet industry now?
Because as far as I know, all the major companies don't require you to plug your hardware wallet into a device physically.

(38:46):
And I wish I had someone who was more technical on this than me.
Maybe you can explain.
But I don't know the implications of the secure elements on all of these devices and what that means in terms of the cat and mouse's security.
So this is, for me, this is disclaimer time.
Yes, I was a forensic examiner for 15 years.
But I am not super deep into security research where I'm the person who's evaluating secure platforms and a secure element platform in terms of being able to develop exploits for it.

(39:14):
I was someone who learned and executed exploits that other people did.
So in terms of the hardware wallet industry right now, I can't comment on specific modules that one company is using versus another one.
It's more kind of the general adversarial landscape
and my experience with mobile phones
who are able to spend, even at this point,

(39:35):
a lot more money on security audits and stuff
than the hardware wallet makers are.
So maybe then, just for context,
I've used basically all the major hardware wallets.
I feel very secure in my setup using them.
Do you necessarily have an issue with the hardware wallets today?

(39:59):
Because I can believe that this is going to be a cat and mouse game.
There's no way that people aren't going to be trying to exploit these.
And Ledger, for example, have their dungeon where they continually test all the devices,
trying to find exploits and then disclose them.
And they found a number of them.
But even still, even with the cat and mouse game that will happen with this,

(40:19):
that's the place that I feel comfortable storing my Bitcoin.
Why do you not?
Because you can assume that maybe you have to update
your hardware every few years.
There is going to be improvements and changes
and things that need addressing.
And when you say update, you mean refresh the hardware.
It's not just a firmware.
Yeah, maybe both.
I mean, definitely the firmware.
And I think at some point, hardware is going to get better,

(40:40):
and you might want to upgrade to superior security.
So part of it for me is, well, to tell a little bit
about my time in forensics.
So very frequently when you're dealing with people who are storing and accessing contraband information
and they know that there is some possibility of them being caught by law enforcement their computers being seized like people take countermeasures whether it be you know activating BitLocker on their computer or using some kind of software encryption or whatever

(41:16):
So when I think about the two sort of avenues you can go down, one is trusting a hardware
device and physically some sort of access controls that are on a hardware device, like
a pin code or like facial recognition or fingerprint or whatnot.

(41:38):
I would call that you're putting more of your trust in the hardware.
And in my experience in forensics, if I let that hardware sit there for 18 months, there's
a good chance I may be able to get into it.
However, I also had a number of cases where people, in an attempt to secure information
that could have led to their indictment and prosecution,

(42:04):
read child porn into that,
they would use encryption,
like some of the kind of gold standard encryption tools
that are out there that are software encryption,
but still.
So I had certain cases that someone used TrueCrypt, say,

(42:26):
just to throw one out. Someone using a good version of TrueCrypt with a sufficiently complicated
password, unless something happens with quantum computing, it's going to be the heat death of
the universe before I'll be able to guess the password that they set up with their particular

(42:49):
version of TrueCrypt and the encryption algorithm they used, versus this iPhone that's totally
you know, supposedly secure that if I wait 24 months, I'll probably be able to get into.
So I can appreciate what you're saying about the harder wallet industry. I think a lot of that
comes through as marketing. And I think there are absolutely, I don't want to be a complete
naysayer. I think there are absolutely use cases and places where harder wallets can deliver value.

(43:14):
But for me, I wanted to put my trust into the math that underlies the Bitcoin protocol rather than
a third-party device.
Okay. I do want to get into that
because I have questions around that as well.
But just to be fair here,
you're talking about the most adversarial environment possible.
This is like law enforcement having access to your devices.

(43:38):
And you also, this is assuming there's a reason they want access.
If you have just lawful Bitcoin on a hardware wallet,
your risk isn't really that.
It's a different risk.
Well, to me, the number one risk
is always you screwing yourself in terms of...
Yes, I totally agree.
I think I would imagine that's the most likely way
that anyone ever loses their Bitcoin.
So there's one part of it,

(43:59):
which is you want to keep these things
as simple as possible
while retaining as much security as possible.
But also like what's the real risk?
It's that someone breaks into your house
and steals a device
if the device is at your house
or breaks into wherever the device is and steals it.
And it's not necessarily thinking about law enforcement
having access to it.
No, not law enforcement.

(44:20):
Akin to law enforcement,
We could also think of a dedicated adversary who knows how much Bitcoin you own and has some amount of resources to spend on that.
Someone breaking into your house is definitely a concern.
But what I worry more about is, let's say I set up a hardware wallet and I set it up using a private key that wasn't generated with sufficient entropy that was somehow guessable or predictable by someone else.

(44:48):
and you think you've got X number of sats in your wallet,
and then one day you wake up and go to check your balance,
and because someone else owned your key before you did
or was able to guess it somehow, your Bitcoin's gone.
That is a nightmare scenario and something that some people have experienced.
This is escaping me right now, but you may know.

(45:10):
Isn't there a case of that happening right now with a wallet,
like an old Bitcoin wallet that was generating stuff
with poor entropy in Bitcoins being taken.
Was it something bleed is the name of the exploit?
I don't know if it was key bleed or something similar.
I can't think of the name,

(45:31):
but it was some sort of online software wallet
where it wasn't anything malicious,
just technically there was not enough entropy.
It was using like a poor random number generator.
The RNG was insufficient or who knows what,
but that sort of thing.
But it also, for someone who's not sophisticated, that problem can manifest itself with harder wallets.

(45:54):
Like with some harder wallets, you can roll dice a number of times to create a private key.
And there have been, sadly, instances where some of the platforms did not require enough dice rolls.
And people not really understanding what they're doing, they might roll the dice, you know, a half dozen times and think that's great for a private key.

(46:16):
only as soon as they make a deposit,
there's some bot out there looking to sweep
a particular number of known addresses,
and poof, the money goes.
I mean, this is one of the things that I think is really important
for everyone to have a good understanding of.
I love that these devices have products like that,
and you can do 100 dice rolls to create your entropy,

(46:36):
but done poorly, it's more dangerous than just not doing it at all.
And I think people sometimes overcomplicate their setup
when they don't really have to.
And I know Odell's on this all the time,
but the idea of multi-sig is great for people,
especially if you're maybe a public figure in Bitcoin
or you're a corporation or whatever.
But for a lot of people,
just a simple single-sig setup is okay.

(46:58):
It's okay.
But I think it's important to think of security
as a journey and not a destination.
So maybe we were talking before
about your Bitcoin 10xing from where it is now.
So maybe right now you're comfortable a single-sig
but after a 3 or a 4x, it's like that meme where multi-sig is walking down the street looking pretty hot

(47:23):
and single-sig's like, where are you checking him out?
Yeah, I think of security as a journey, and I also think we need to be careful about addressing those nagging concerns
in the back of our minds.

(47:43):
Things that, you know, when you're laying in bed at night,
you think about your sats and what you hope they're going to be worth
and how you're storing them.
What are the little things, if any, that make you a little uncomfortable
that maybe you haven't thought through
or maybe you don't understand completely about your setup?
I think it's important to pay attention to those.
And multi-sig, for me, so admittedly, my vantage point is a little bit different.

(48:06):
Having been someone who's actually helped execute search warrants
and gone into people's houses and businesses looking for things on behalf of government,
I just naturally have a more adversarial take on things.
But Multisig was like a through-the-looking-glass moment for me
when it finally started to be available to everyday Bitcoin.

(48:27):
Originally, it was like BitGo and some institutional service providers.
But when SpecterWallet came out, it was really, to my knowledge,
the first average Bitcoiner-facing tool that made Multisig possible.
Because if you have a single say wallet, like you got to keep that wallet at your house.
And then, of course, you have to, you know, back up your seed phrase, right?

(48:49):
So you it wouldn't make sense to keep that with a wallet.
So you got to find a second hiding place, whether that's a bank deposit box or your best friend's gun safe or under a tree in your grandma's backyard or wherever it is.
And if someone finds the seed phrase, you know, if they know what it is, game over.
If they find your harder wallet, like there's also the issue of people are really bad at choosing pins.

(49:12):
Like I've gotten more mobile phones than I think I should have just by, you know, there's like five or 10 things that you go through.
Last four of social security number, birthday, spouse's birthday, you know, the numerics of the street they live on and all this kind of stuff.
People are just bad at choosing pin numbers.

(49:33):
So if you can get into that person's house and either find their backup or their hardware wallet, I mean, they could be cooked.
But with multi-sig, like even if you have a nation state level adversary who has significant resources and it turns it from just going to your house and finding that one thing and potentially trying to exploit that one thing to maybe.

(49:59):
first of all, you don't know, is it a two of three? Is it a three of five? Is it a,
you know, six of seven? Who knows? And then it becomes this
treasure hunt of figuring out where the pieces to the puzzle are hidden
and how many of them you need to be able to get access. So multi-stake was really
when I was, had reaccumulated some Bitcoin, I was looking for that level up for my cold storage.

(50:25):
multi-stake for me was where it was at. And that is a big part of the journey that I took
eventually to SeedSigner, but just my initial journey in trying to re-secure the Bitcoin that
I bought. Yeah. The thing that I would reiterate there is, we kind of touched on it already,
is the fact that you're most likely to lose your Bitcoin, not have it stolen from you. And the

(50:47):
thing that people need to be fully, fully confident in is that they can access that Bitcoin if
anything goes wrong. And sometimes I think multi-sig maybe is a step too far for right now
for some people. But like you say, this is a journey, not a destination. It's one of those,
for me, with great power comes great responsibility. And it's the same with even

(51:09):
with your single-sig hardware wallet, if you choose to add a BIP39 passphrase to it.
So you're effectively, with that, creating a two of two multi-sig, because if you lose either the
passphrase or the seed phrase, without the both of them, you don't have access to your funds.
So same with multi-sig. And we talked about this a little bit beforehand as we were discussing

(51:35):
this conversation, that there are tools like cars and firearms and knives that if you're going to
use and you're not going to cut yourself or shoot yourself, you have to invest a basic level of
training into understanding what is powerful about that tool and what's dangerous about that tool

(51:58):
and how to properly use it. And multi-sig is definitely a level up from single-sig in terms of
the information storage requirement because you have to, I don't want to get too technical, but
you have to keep versions of all of the public versions of the private keys. You have to have
those on hand to be able to make the threshold spend, unless you have all the private keys.

(52:22):
But to dumb it down a little, there's some additional information you have to keep.
That information, I think, can be classified as private but not secret, which is confusing
because we say private keys and not secret keys. But if someone gets the information about your
your wallet setup. They can see your money. They can see your balance in the transactions you made,

(52:43):
but without the private keys, they can't steal your money. So enhanced information storage
threshold, but it's a diminished requirement in terms of the private versus secret thing. So you
can secure that a little differently. Like I think for a wallet descriptor, maybe we're getting a
little technical here, but for a wallet descriptor, you know, encrypted and cloud storage is potentially

(53:03):
okay if you're comfortable with the trade-offs or keeping multiple copies of it. But anyhow.
But I think it obviously is getting a little technical there. I think the important thing
for people to know, though, is that there are different products out there for people who have
different needs. And so Bitkey responds to the show. But I think that's a perfect entry-level
thing for people to be using who may not... This might all be going over their heads. But something

(53:28):
like that is a great option. And then if you want to do multi-sig, you might... There's a ton of
hardware out there, and obviously the SeedSigner, which we can talk about now. So when did you
first come up with SeedSigner? Can I take a step back? Absolutely.
So in terms of, I do think BitKey is potentially a great solution. And I think what people,

(53:48):
kind of the paradigm is how much of the easy button do you want? If you, I keep going back
to this knives metaphor, but if you want to dice an onion, you can use one of these auto dicing
things that you just tap on it a few times, but you may not like the way it dices your onion. So
you may want to invest in learning how to use a knife properly and how to dice an onion properly.

(54:12):
And it's always this trade-off in security of, we'll probably keep coming back to this,
but in security, it's always a trade-off. And so that easy button means that you're giving up a
certain amount of trust with the people that create the easy button. So for people, yeah,
or privacy. So for people who are comfortable with the increased trust or privacy threshold,

(54:34):
those kinds of solutions may be, are great for them. But for people who aren't comfortable with
the trade-off, there are other options for them as well. But to jump back to your question about
SeedSigner. And just one, sorry, just one thing on that. It's like, I think the important thing as
well is that like, in my opinion, at least everything's a step in the right direction,

(54:55):
as opposed to just keeping it on an exchange or with an ETF or anything like that. At least,
at least you're making a step in the chain. Yeah, no, a hundred, even, even, you know,
you wouldn't want to put a huge amount of money on a hot wall, but even a hot wall is better than
Coinbase or, uh, you know, BlackRock. Yeah. A hundred percent. Okay. Let's get on to SeedSigner.
So SeedSigner came about as I was reestablishing my new cold storage setup.

(55:22):
And like I said before, I became aware of a wallet called Spectra Desktop.
And I don't know if you're familiar, if people listening would be familiar.
It was very similar to what Sparrow is right now, if people are familiar with Sparrow.
Sparrow is kind of the gold standard of wallet coordinators that you can use on a laptop or desktop computer.

(55:43):
It's brilliant.
So I discovered Spectre Desktop, and Spectre had kind of a companion project that is called the Spectre DIY,
which is kind of a single board computer device.
It's a handheld computer that's microcontroller based that you build from off-the-shelf parts.

(56:03):
and with this one device,
you can actually use it to create and manage multiple private keys.
And so I was really enthusiastic about Spectre Desktop
and Spectre Desktop supports multiple hardware wallets,
even not at the very beginning, but after on.
Keith McKay did a bunch of work to implement hardware wallets

(56:26):
on Spectre Desktop.
out. This Spectre DIY was this super powerful tool that resonated with me because it applied
some of the foundational concepts that I'd learned about while using digital forensics. Like it was
completely offline, you know, didn't connect to Wi-Fi, didn't connect to Bluetooth. And you could

(56:50):
use it in such a fashion that it didn't store your private keys after you'd use it to create
one or more private keys. It didn't persistently store them, which is a technique that we often
use in forensics to conduct an examination of a computer. And so I'm enchanted with Spectre
Desktop. I build one of these Spectre DIYs, and I'm getting my new multi-sig setup, and it's so

(57:14):
awesome. I started interacting with the, his name's Stepan Snigarev, who was the primary architect
of Spectre. And I also dabbled in 3D printing. And at the time, they didn't even have, like,
it was just a circuit board that you bought and you held in your hands kind of awkwardly
with a scanning module attached to it. So I had done a little bit of stuff with 3D printing. So

(57:37):
I designed a very simple rudimentary enclosure for this thing and offered to send them one. And I
started interacting with some of the people who were behind that project. And that also put me in
touch with a Bitcoiner called Michael Flaxman, who's, I guess he would call himself a cryptographer.
But he wrote this guide for Bitcoin cold storage called the, I believe it's called the 10x Bitcoin

(58:02):
security guide. It's actually, it's hosted on GitHub. You can just Google that and it's evergreen.
It's still completely applicable, but it's about making upgrades to your security posture in
different ways where you get the most bang for your buck. And I started interacting with him and
And he was telling me about an idea he had to use a Raspberry Pi, a specific version

(58:23):
of a Raspberry Pi that didn't have Wi-Fi, didn't have Bluetooth, as basically a private
key generator.
It's this naturally very isolated environment where you could create private keys and then
you'd write down the seed words and you wouldn't have concerns that the key was leaked or had
a chance to be on any other device.

(58:44):
So it's a very secure way to create private keys.
And I stepped away from work.
I don't have a background as a programmer, but I like projects.
And so I bought this hardware that he had told me about, the Raspberry Pi,
and just a simple screen and controls to put on it.
And this was before AI or ChatGPT or anything.
So I had Udemy Python videos for a week just to relearn enough programming to be able to do it.

(59:10):
but I wrote this very simple proof of concept that showed with this Raspberry Pi setup,
you could do basically what the Spectre DIY thing could do,
but at a fifth of the cost or something.
It was a super cheap thing, like less than 30 bucks.
And I started sharing that on Twitter,
and I realized if I attached a $5 camera to it,
I could fully replicate all of the functionality, again, from the Spectre DIY.

(59:35):
And so being a cheapskate, that was satisfying to me.
And I started posting about it on Twitter,
and people seem interested.
And it was in, let's say, April or May, I guess,
of 2021, Bitcoin conference in Miami.
Not sure if that was the first year they had it.

(59:56):
Anyhow, they had this Fostome in the tent
that Matt Odell had done a great job of organizing.
And I contacted them ahead of time
and asked if I could have 20 or 30 minutes
to talk about SeedsNider.
and just as serendipity kind of happened um there were a few people in the audience that day
who uh listened to my kind of high level explanation what seed center was and subsequently

(01:00:21):
been began contributing to it so in the beginning it was just me with this horrible spaghetti code
proof of concept thing um and then shortly thereafter other people started discovering
the project, people who are much better programmers than me. And it just kind of started to take on a
life of its own. It really started to improve rapidly, both in terms of the security assurances

(01:00:45):
and the user interface and the usability of it. And so that was kind of, that's how SeedSigner
came to be. So I've never actually used a SeedSigner. I was given one about six months ago,
but I've never used it.
So maybe it's worth explaining how they actually work.
Because you're creating your private keys on there

(01:01:06):
and then presumably incentivizing people
or asking people to put them on steel
and then you put them away safely somewhere.
Right, right.
And you can differentiate a seed signer as,
I refer to it as a signing device
rather than a wallet or a hardware wallet
because it doesn't persistently store the private keys.
You can use it to create keys.

(01:01:27):
Once it's powered on, you can load keys onto it.
But when you remove power from it,
all of the software is running in RAM.
And the nature of computer memory,
at least random access memory,
is that when you remove power from it it loses its state That where the term stateless comes from So it loses its state and it resets to its natural beginning point

(01:01:49):
So that's kind of the basis of seed signers.
Instead of obtaining a device that is used as kind of this mini digital Fort Knox
that puts access restrictions around your private key
and tries to keep it stored persistently over time,
as well as tries to keep prying eyes away from it,

(01:02:10):
we kind of flip that on its head with SeedSigner
and intentionally operate the device in such a fashion
that it doesn't store the keys at all.
So that, as you allude, puts onus on the user
to really take ownership of the analog copies of their keys
and think very carefully about,
do I use this in the context of a multi-sig?

(01:02:34):
Is this a wallet that I'm going to be spending
from multiple times a month or maybe a long-term savings wallet that I'm only going to visit
once or twice a year, if that.
Am I storing my keys in paper or metal?
And am I keeping them?
Where am I keeping them in terms of who has access to them?
Am I going to use a Bit39 passphrase?

(01:02:54):
And so it encourages you because you're not relying on the security assurances of the
device.
It really encourages you to lean into the game theory
around your cold storage setup,
especially, I can't say this enough,
with multi-sig in mind,
because that's a key part of the whole project.
But so where my hesitation from that would come from

(01:03:17):
and where a lot of the criticism at SeedSigner comes from
is the fact that you do have to be able to
constantly access your private keys if you want to spend.
Like with a normal hardware wallet,
you can put your backup in a safe in a different location
in a safety deposit box, wherever it might be.
And you don't have to access that
unless you lose access to the wallet.
Right.
With this, you need to have them on hand to spend.

(01:03:39):
Right.
So why is that trade-off worthwhile to you?
Because it allows you to forego
all of the trust that's wrapped up
in the commercial hardware wallet sort of space.
Do you sell these devices whole built like this?
I do.
So how do people who buy it
not know that you've not tampered with it?
So there's this, again, we talked about trade-offs all the way down, and that's another trade-off.

(01:04:03):
So all of the information to build a seed signer is published in the repo, all the software, even the designs for the 3D printable enclosures.
If someone is going to purchase a seed signer, I always encourage them to buy it as a kit.
And when they receive the devices, just compare them with photos online.
A Raspberry Pi 1.3 has a small amount of firmware that's permanently etched into the board of the factory.

(01:04:27):
But if you compare the device that I or someone else who resells seed signers has sent you with what you've seen online, you can get a pretty good degree of assurance that, you know, the device hasn't been tampered with.
Because as we've yet to discover, anyone who has or can describe a way to change the firmware that's burned in at the factory on those Raspberry Pis.

(01:04:49):
Now, what I think is in terms of we're kind of jumping forward to what if you bought a seed signer from somebody else.
But what I think is more of a risk when you buy a seed signer, particularly from another person, is them steering you in a direction that would cause you to allow them to exploit your wallet in terms of pointing you to an unofficial software repo.

(01:05:14):
Because that's another thing with the seed signer that is dangerous like a knife is dangerous.
It's off-the-shelf hardware that does not have software authenticity assurance built into it so that you can run any code you want to on there.
And so if someone tricks you into going to a counterfeit software repository that doesn't contain our sanctioned version of a given release that contains something potentially with malicious code in it, you can get hurt that way.

(01:05:48):
And that's why this constant process of people who are interested in seed signers has to come with a good degree of education in terms of the risks and the parts of the process that you absolutely have to pay attention to.
So I think somebody who buys a seed signer or buys a seed signer kit is more likely to be tricked via the documentation into doing something stupid rather than I'm sending you malicious hardware kind of a thing.

(01:06:15):
obviously if someone's selling seed signers
we never recommend that the software
that gets loaded onto the micro SD card
is shipped with the device
people need to be absolutely comfortable
sourcing software from the right place
and then verifying cryptographically
that it's a sanctioned release
so they need to be going to your GitHub

(01:06:36):
and getting the official open source release
they either go to the seed signer GitHub repo
or this is drifting into technical,
but the seed center releases are what's referred to
as reproducible software.
So if you don't download it from us,
it's actually a more simple process than you'd think.

(01:06:57):
But you can build the software release yourself
from source code and open source repositories
within a few hours with a laptop computer.
But again, because it will run any code
that you load onto it, you just have to make sure that you're loading good code. And once you learn
that process, you realize it's not that big of a deal. And anytime you want to deploy new software

(01:07:20):
to it, you can, but it all comes back to that educational process. Okay. So that makes sense.
And like you say, security in any capacity like this is trade-offs. But I kind of interrupted you
on your point there about having the private keys in an easily accessible place and what the trade-off
there is. So we know that there's going to be a backup with harder wallets. I won't say no matter

(01:07:47):
what, but with most people with a harder wallet, either whether they're using it as single SIG
or a multi-SIG, they're going to want to do a backup. CASA, I think, gets around this a little
bit by doing health checks to make sure that the devices that are storing keys still have them.
But most people are going to want to absolutely put their seed phrase, which for people who aren't
where your seed phrase is just a human readable version of your private key.

(01:08:10):
You're going to want to keep those in paper or metal.
Metal.
Yeah, metal.
Although with multi-sig, you can make an argument for paper storage
because they're in different geographically distributed locations,
but we won't go too far down that road.
So with a hardware wallet, you're going to be storing your key
in an analog format somewhere else.

(01:08:31):
So if this is a long-term cold storage use case,
like this is the money I'm setting aside for my kids' tuition
or to buy a house in 10 years or just to leave to my heirs.
You're not going to be touching those private keys very often.
You can get around the trust that's tied up in hardware wallets
and all those copies of private keys that you have to keep around

(01:08:53):
with instead of, so if you have a hardware wallet with a backup,
you have two copies of your private keys.
You have the analog version that's stored at the safe deposit box, we'll say.
And then you have a digital version that is on the hardware wallet that's in your desk drawer or your gun safe at home or wherever it is.
But you still have two copies of the private keys.

(01:09:14):
So even with a simple two of three setup, you kind of have to come up with six hiding places, right?
Because you have for each member of the quorum, you have the digital copy that's on the hardware wallet, and then you have the analog copy.
For long-term cold storage, we're not going to be accessing the keys, especially in multi-sig.
I think it makes sense to just forego the digital copy of the keys and just focus on those analog copies of the keys and keeping them private, safe, redundant, tamper-evident, protected in whatever ways you think are appropriate.

(01:09:51):
Because you're going to have to store the backups anyway for your long-term savings.
I think that got to your original question, did it not?
Yeah, yeah. No, that makes sense.
Because if you are putting Bitcoin away for 10, 20, 30, 40 years,
who knows if the device is even going to turn on in that time?
So that does make sense.
But you do still have the additional redundancy,

(01:10:14):
I don't know if that's the right word,
of the actual physical hardware wallet.
So if you're thinking of this as a multi-sig solution,
do you still need six hiding places, essentially?
You want a backup of a backup?
up? Well, I mean, the alternative is, and like a lot of, this is another whole avenue that we can
talk about, but a lot of people don't even understand what those seed words represent.

(01:10:35):
Like when I do talks or, you know, individual walkthroughs of seed signer, I'll say,
you know, most, not most people, but a lot of people end up keeping their, because when you
set the device up, write down these 12 words, write down these 24 words or whatever it is,
And most people end up writing them on the card and then storing that card with the hardware wallet, not even understanding that that's the holy grail.

(01:10:58):
That's what the whole device exists to protect.
So a lot of people don't even understand that anyway.
But with what you allude to, so if we're going to store the analog version of the private keys, the seed words, with the device, and the devices over the long term, let's say, you know, two, five, ten years,
the device, just by virtue of it being a digital storage medium, is more prone to failure anyway.

(01:11:22):
Why are we even messing with it?
There are some trade-offs that I'd like to talk about that a lot of people sign up for
that maybe they don't realize they're signing up for when they decide to use a retail hardware wallet.
So I'd probably break those down into three broad categories, like supply chain risk, trust, and then privacy.

(01:11:53):
So when you use a retail hardware wallet, there's this issue of supply chain risk, meaning that from the earliest time that the subcomponents that are going to go into that thing, it becomes known that they're going to be used in a Bitcoin product.
That is where risk begins.
And risk lasts the entire time until that device is delivered to you in your home or

(01:12:14):
you buy it from the store, wherever you take delivery of that device.
At each point in the journey, there's the potential for exploits to happen.
And I think exploits at the hardware level, they require a sophisticated actor.
But as Bitcoin 10Xs, I think we're going to see some wild stuff.

(01:12:35):
If presumably the Mossad can get into the supply chain of Hamas and make a bunch of pagers explode in someone's pocket all at once, all over different geographic locations, I think infiltrating the hardware wallet supply chain is well within the bounds of reason, given how much money that the hardware wallet ecosystem is intended to safeguard.

(01:13:03):
So there's this issue of supply chain risk.
There are ways that some hardware wallet companies have got,
at least in my knowledge, around that.
So with Coldcard, for example, it comes in a tamper-proof bag
which has a string of numbers and letters
that has to match the hardware wallet.
So you know that it's not been interfered with
between Coldcard and you.
Right. And what you're describing is

(01:13:24):
what some people refer to as the fake Rolex
sort of challenge with hardware wallets.
And there are some ways that you can authenticate the hardware.
But I would argue that if you've taken delivery of a box in the mail and you've opened this up and you're following the documentation that's come with the device, like the opportunity to capture you has already happened.

(01:13:47):
Because if you're reading the instructions that are packaged with a cold card, they can say, scan this QR and go to this website and now enter these digits and we'll help you determine that this is truly a genuine device.
um it that's obviously a social engineering attack but that's frankly like probably a more
likely attack than someone you know being able to infiltrate the supply chain i mean yeah you've

(01:14:12):
probably seen them on twitter the the trezor um devices that show up and they're completely fake
on the inside like they crack them open and compare them to a standard trezor and it's very obvious
that it's just different hardware components that's like the classic fake Rolex thing but i think
there are also nuanced exploits that like there are harder wallets that show up with a seed phrase,

(01:14:35):
you know, printed on a card and people don't understand what they're doing. And it says,
enter the seed phrase during the initiation process to set up your card. And of course,
someone else already owns that seed phrase. Yeah. I think though with things like that,
I don't mean to minimize it like, cause that is a risk, but people who are, as you said earlier,

(01:14:55):
an example, putting their seed words with the hardware wallet, or are going to fall for a trick
like there being a card in there with your 24 words ready for you. They're the people that should
be using Bitkey. And I don't mean this as a shill, but they've obviously pushed this seedless version
of their hardware. They don't want you to know your seed word. And I think for people who are that
early in their journey of learning about this, it's just a better option

(01:15:19):
than trying to overcomplicate it too quickly if you don't already understand the very basics like
that. It's a better option, but when you're just starting out, I would tend to agree with you it's
a better option. If you're that desirous or needing the easy button and the trust issues
aren't as important to you and you just want to get it done, that's fair. But Bitcoin works on you

(01:15:45):
as you own it. You probably experienced this too. There's a certain amount of cypherpunk ethos that's
embedded in Bitcoin. And so as you buy some Bitcoin, you put it on your BitKey,
you start to think about like, who has access to these different shards of my private key?
What if, or you see something online about what if the BitKey app no longer becomes available?

(01:16:09):
Am I going to be able to recover my funds? And I don't remember the circumstances exactly. I'm not
super versed in BitKey, but BitKey has acknowledged that at some point, the recovery process may
require an on-chain transaction. So for somebody like me, if the recovery process of me taking
custody of the coins requires an on-chain transaction, that's already a deal breaker.

(01:16:32):
But I'm someone who has a more advanced view of the environment, I guess. I won't argue with you
that for a beginner, it's a great onboarding tool and it's a first step, but I hope that it's a
first step in a larger journey. I don't want to get too far because of the three things I initially

(01:16:54):
brought up, there's the supply chain risk that Seed Center helps you get away from. Then there's
the overarching issue of trust. So when you purchase a retail hardware wallet, you're putting
a fair amount of trust that, say, BitKey has implemented their system in such a way that
sophisticated attackers won't be able to, when you get into keys being stored online

(01:17:19):
or remotely accessible, which as I understand it, they are with BitKey, that opens the doors up to
larger scale exploits where not just somebody coming into your house and stealing your hardware
wallet, but like lots of private keys could be potentially stolen all at once. Now the BitKey
people would argue that they have a belt and suspenders model and that this is not possible.

(01:17:43):
But I mean, unless you're super versed in the underlying mechanisms and have a thorough
understanding of them, we've heard that story before that it's just not possible until it
becomes possible. Yeah. I think this all comes down to like, it's come up over and over again,
but it's trade-offs. Because I think the, don't get me wrong. I'm not, I'm not trying to have a

(01:18:06):
Gerox E-Sign or Hero in the slightest.
But I think it's where you put your trust.
And do you trust Ledger and Trezor and CoinKite
or BitKey or whoever to build this in a more secure way
than you could yourself?
And there'll be a lot of people,
and I'd include myself in that, that would say, yeah.
But if you feel confident in yourself to go out,
verify everything, build this yourself,

(01:18:27):
then it seems like a worthwhile trade-off.
It's just the access to private keys,
it obviously can't be a spending wallet in that way.
I wouldn't imagine.
What do you mean?
You know, so I have a hardware wallet
that I use multiple times a month.
Like, I wouldn't want my private keys lying around
in the sense that I could access them
to send Bitcoin, you know,
10 times a month or whatever it is.

(01:18:48):
And in that particular use case,
I would argue that it's a fabulous use case
for a conventional retail hardware wallet
because you want the accessibility of the keys nearby.
You're not going to be storing your life savings on there.
So the trust trade-off makes sense
and you have the convenience of the access controls
in place on the device that are going to restrict, you know, if it does fall into someone's hands at

(01:19:10):
home, regardless of where you're keeping it, unless, you know, they have a knowledge of the
credentials that you put in place. I'm not going to argue with you that that's a perfectly valid
use case. Again, which is why we frame SeedSigner as this is for your long-term life savings,
the money you're going to hand down to your kids or that you're saving for something on the horizon.

(01:19:31):
That makes sense. Okay. So I interrupted you before you got to your third point there.
Yeah, yeah. So supply chain risk, trust. And I do want to say a little bit more about trust. You're trusting that they've implemented the secure modules or whatever's baked into their particular hardware device. You're trusting they've implemented that in a secure way, that there are no low-hanging fruit kind of exploits to it.

(01:19:53):
you're trusting that whatever firmware updates that they deliver are going to be authentic and
that no one has gotten access to the firmware signing keys that are associated with that company
because malicious firmware could be released and properly signed and it would still run on the
device and it could be released in such a way that no one knew it was compromised until months or

(01:20:16):
years later. Which is, I mean, then there's another reason to not necessarily rush to upgrade firmware
on any device. Yeah, 100%. And that's a good segue in terms of the trust that's baked into,
this trust is linked in with the third reason, privacy. So let's just say offhand,

(01:20:41):
most people who purchase a hard wallet probably do it the exact wrong way.
So they go to the manufacturer website or some sort of authorized reseller,
There's not a big problem with that.
But then when they order the device, they typically will enter.
A lot of people aren't sophisticated.
They'll use their real name.
They'll have it shipped to their home.

(01:21:01):
They'll enter payment information.
And they'll enter some sort of email address that's their regular email address.
And then when you give that information to the company, you're trusting that they'll behave responsibly with it and safeguard it, which we found not always the case.
especially with Ledger, but some of the other, not just hard to wallet companies,

(01:21:25):
but service providers have gotten themselves into trouble with this
because then the motivations of that company are to sell you as many devices
as they can sell you.
They're a for-profit company and that's just their natural inherent motivation.
So they're going to email you about firmware updates,
but they're also going to send you marketing emails about their latest products
and new features that they've implemented in the latest versions of their software

(01:21:51):
or trying to potentially point you to partners that they work with and this kind of stuff.
So you just don't know who that information is going to get handed off to.
And especially with the ledger disclosure that myself and a lot of others,
I mean, like people's real home addresses got out in there.
And there was trust in that company to keep your private details private.

(01:22:13):
So if you do buy a harder wallet, and I can acknowledge there are absolutely
some legitimate use cases for them, do it the right way.
Best case scenario is go to a Bitcoin conference or some other event and buy it from the vendor's booth.
So you can, in the easiest possible way, just hand cash over, buy it with Lightning and not have to provide any personal details whatsoever.

(01:22:34):
But if you do have to buy it through the mail, you know, consider using a disposal email address.
PO box.
right use a p.o box to have it shipped to buy with lightning or use some other enhanced you know
privacy with your wallet and um yeah do it in a more a more secure private way so

(01:22:56):
that's one element of the privacy issue the other aspect of harder wallets that i have
a challenge with is um a lot of them try to as the default if you get that device and you start
to set it up, a lot of them try to channel you into their companion app. So with Ledger, it's

(01:23:17):
Ledger Live. With Passport, I think it's Envoy. With Trezor, it's Trezor Suite. They all kind of
have their own thing. And first, from just a theoretical security perspective, that's just
bad practice because the company that makes the device and software that's interacting with your
private keys really shouldn't be the company that's also making the software that interacts

(01:23:40):
with the larger Bitcoin network and the internet itself. It's theoretical, but there is this
opportunity for collusion. If someone who has fingers in both of those different aspects of
the tech stack wanted to exploit something, enough said about that. But the other thing is,
and we've especially seen this with Ledger. The important thing to point out there, though,

(01:24:02):
is that you don't have to use Ledger Live or Trezor Suite
or any of these things.
You can go and use Wasabi Wallet or Sparrow
or any of the other completely separate desktop apps.
You don't have to, but as you've pointed out,
a lot of people are looking for that easy button.
They're going to do what the recommended workflow is.
I have no idea what the percentages would look like,
but I wouldn't be surprised if it was 90 plus percent.
Yeah, which is, you know, we as Bitcoiner should rail against that.

(01:24:25):
And then the other thing is, when you use something like Ledger Live,
and this is something that's been documented,
There's ways in which Ledger has sought to surveil balances and transactions, and they do the sharding thing with the private keys.
They don't do that by default, I don't think.
So I don't own a Ledger, so I can't.

(01:24:46):
But I have been told by multiple people that if you were using your Ledger with Ledger Live, you got to a point where you could not use the device anymore unless you updated the firmware.
and the update of the firmware included the new sharding feature.
Oh, interesting. I didn't think that was the case, but I actually don't know.
I apologize if I'm wrong.

(01:25:06):
I'll put something on screen if that's not correct.
Right, right, right.
But anyhow, I have to give props to CoinKite
in that they claim to delete customer information
even if people buy it the wrong way and give them personal information.
they claim to delete it. You're still trusting them to delete it, but at least they're-

(01:25:29):
You get the email saying it's been deleted, provably deleted things hard, but if you trust
the company, you can trust that. I don't hear any other companies making that noise. So I have to
give them props for that. And I also have to give CoinCut honestly props for they haven't to date
produced a companion app. Whereas all of the other big wallet companies appear to have. So

(01:25:49):
I always said for a long time, if I had to use a harder wallet, if SeedCenter wasn't a thing,
it would be a cold card or a CoinKite product. So yeah, props to them for those decisions.
Yeah, they, I mean, MBK is great. I know you guys don't necessarily get along, but

(01:26:10):
he's built some cool stuff. They've actually, they've just brought in a couple of new features.
I don't know if you've seen this, but you now can use like a traditional authenticator with your
cold card. Oh, like a YubiKey or something? Or yeah, or like an authenticator on your phone.
which I think is quite cool.
And as far as I know,
I actually don't 100% know how this works,

(01:26:32):
but I can only assume that if you lose access
to that authenticator,
you can just restore the wallet from the seed
and that won't be the case.
But I think that's kind of an interesting
additional security feature.
Yeah, I wouldn't argue with that.
I think if I'm going to critique Coldcard
where they get themselves into trouble
is sometimes that feature creep

(01:26:53):
that unless you're a sophisticated Bitcoin
and you truly understand the features that you're using.
Like there's a guy in our Telegram chat for SeedSigner
who was using, I think BIP85 is the one I'm thinking of
where you can create child keys from a parent key.

(01:27:13):
And they, you know, one night they were setting some,
working on their Bitcoin setup
and got two generations deep into BIP85 derivation
and they were doing not just the first child,
but some subsequent child derivation

(01:27:34):
and somehow locked themselves out of their Bitcoin.
So I think keeping it simple, yeah, there's...
I agree with that.
I don't think that's CoinKite's fault.
I think it's cool that they give you access
to as many advanced features as possible.
People just need to be aware of what they're actually doing.
And they do hide a lot of those features
in the advanced settings.

(01:27:55):
I think there's, like, you have to be careful with guardrails.
Like, where I was talking about before,
where someone, you know, rolled the dice five times
and set up a wallet with that, that was on a cold card.
Yeah.
And so you can give people a lot of power,
but I also think there's, you know, it would be,
It's very simple to require a minimum number of roles

(01:28:15):
that would prevent that from happening.
And you can say, the person has to know what they're doing.
But at the same time, as someone who is architecting that device,
you also can put some reasonable guardrails in place
to help people out if they come to own themselves.
I obviously can't speak for MVK,
but I'm pretty sure he's said numerous times

(01:28:36):
that these features aren't for everyone.
Maybe don't use them unless you absolutely know
what you're getting yourself into.
I mean, this is cypherpunk technology, right?
I think people should be able to do everything possible
if they want to.
And understand that, in general, for most people,
just keeping things simple is the best way of doing it.

(01:28:57):
Simple well we have different versions of simple Like simple in bitkey or simple in terms of I personally think I mean like if you using a cold card like just understand where your technical limits are You should know the consequence of every action you take on it And sometimes
like things like creating your own entropy with dice rolls might be to advance some people and
just know what you're getting yourself into. Right. Yeah. It's, there's a balance, I think.

(01:29:22):
there's a balance. Yeah, there's a balance. I don't want to get into too much nanny stuff
because I do believe that people should have the freedom to burn their hand on the stove.
Yeah. I mean, it's the best way of learning, that's for sure.

(01:29:43):
Yeah. Painful as it is sometimes. Okay. So with Seed Siner, what do you want people to know about
it. So SeedSigner, again, DIY cold storage. The kind of secret sauce of SeedSigner is that we take

(01:30:03):
a very careful selection of hardware components and then a very kind of thoughtful selection of
software features to create a highly secure system using very inexpensive off-the-shelf
components.
Do you have the components?

(01:30:24):
Can I see them?
I do.
So I have some assembled here and then I have the components I can kind of just show you.
The version I got looked nothing like the ones you have here.
Well, that's another part of the beauty of open source is that they're all kind of the same skin or the same core components with different skin around them.

(01:30:50):
So that is just the simple display screen and buttons.
It's funny.
The guy who gave me, I mean, first of all, shout out.
I don't know if he's private.
I'm curious to know who gifted you a seed sign.
I don't know if he's private, so I wouldn't want to necessarily say.
But the reason that I wouldn't use it, though,
is because it was the first time I'd met him.

(01:31:12):
I'm sure he's a lovely person.
I have no malintent, but it makes me a little bit nervous
to use anything like that.
Maybe I should just play around with it with a little bit.
I mean, just as a matter of, like, I'm curious
and open to learning about this.
It would be a good test.
I'll put some Bitcoin on there and see if he robs me.
But anyhow, the components you have there are,
That's just a simple Raspberry Pi compatible camera.

(01:31:36):
There's the Raspberry Pi, the green board that you're holding in your hands, which is a very specific version of Raspberry Pi called a 1.3.
And all that designation means is that it doesn't have wireless communication capability baked into it.
So no Wi-Fi, no Bluetooth, no NFC.
And then the display hat on it is just how you interact with the device.

(01:31:56):
the usb ports on there one of those ports which with most of the enclosures is the port that we
leave exposed is hardwired for power only so you could even plug it into your laptop and have
assurance that it's not leaking any information because data can't even travel through that port
um but so it's this very simple very isolated private little environment where the only way

(01:32:24):
that it can receive input from the outside world
is through the camera and then the buttons on the front of it.
And the only way it can output data to the world
is through the screen.
So it creates this very naturally constrained protocol
by which you can move data in and out of it,
which is intentionally so,

(01:32:45):
because it would be really challenging
to move enough data to execute some sort of exploit
if you're doing it with QR codes.
You just can't pack a lot of binary data into them.
So that's a natural part of the kind of almost friction of the device.
It forces you to slow down and think about what you're doing.
And if I received...

(01:33:06):
Okay, cool.
If I received this from you,
like looking at it, apart from comparing it to another one,
like the only way to know this hasn't been tampered with
is by comparing it to another one.
Is that correct?
Right.
For me, that's...
At least physically.
The bar is pretty high to add some sort of hidden or undesirable functionality on that device without changing the way it looks in some way, like adding an additional module or something would be out of place. And it's a very simple board with a minimal amount of firmware on it.

(01:33:40):
So that's relatively trivial.
Right.
And then this, I assume here, the SD card runs the firmware.
The SD card runs the firmware.
Which you load yourself.
To be precise with the language, it's a combination of firmware and software.
So running on that device, it's basically a small handheld single board computer.

(01:34:02):
You've heard how some core developers have talked about, people are initially going to think of Luke, of course,
but people talk about, I wouldn't use a hardware wallet.
I would just have a Linux laptop that I have removed the communications, the wireless communications capability from, and I would just keep that in a safe.

(01:34:24):
This is kind of a version of that because it's a simple handheld computer that we're using it in such a way that it doesn't remember anything.
So there's high-level firmware and software on the memory card.
When you apply power to it, you turn it on.
and then as soon as the user interface comes up,
you can actually remove the micro SD card
because as I said before,

(01:34:45):
all the software and firmware is running in RAM.
Okay, so everything's loaded as soon as you turn it on
and then you can take that out.
You remove the memory card
so you can have that additional assurance.
Of course, our software doesn't run anything
but settings information to the memory card.
But because you're physically removing it,
you're going to have that assurance
that my seeds aren't somehow being leaked onto this thing.
And at some point, I should probably talk about like,

(01:35:07):
there's probably four target audiences for seed signer in terms of the type of bitcoiners
who it makes sense for because i i'll grant you like it's not for everybody um and it's probably
not even for most people but um one group is just geeks like me people who like to build and tinker

(01:35:28):
with things people who might want to experiment with a new feature or a new you know aspect of
the protocol and they're savvy enough to be able,
our code is highly,
most of our app level code is written in Python
and it's a very simple language to work with.
So you can prototype things and there are there are other forks of our project that implement different features that we choose not to implement So it a device that you can play with if you a technologist kind of person

(01:36:02):
Second would be people who live in parts of the world that are less free.
And that for whatever reason, like in Russia right now because of the Ukraine war,
because most of the hardware wallets come from countries that are associated with the West
that are, you know, manufacture and ship them. It's really hard to get a hardware wallet in Russia

(01:36:25):
right now. But I'm in contact with people there who can get the parts to build a seed signer.
And there are some number of Bitcoiners who really like seed signer and use it because they
don't have access to commercial hardware wallets. In other parts of the world,
let's say, and I've been in contact
with Bitcoiners in Iran. There's a Bitcoiner called Zia Sadir,

(01:36:49):
who is in the custody of the Iranian regime, and he's, I think,
in exile now. Bitcoiners in that part of the world
may not even have access just because of commercial restrictions to hardware wallets. Or
if you wanted to get a hardware wallet, you'd have to buy it from a black market source.
And you really can't verify what you're getting.
Which is really not the way you want to buy a security-critical piece of hardware.

(01:37:11):
And then in some place like China, where hardware wallets are legal, you can get them.
But if you're going to buy one through the mail, it's like...
Mail is routinely searched, as I understand it, in China.
And you're not worried about the Chinese Communist Party coming and taking you to the gulag because you're using Bitcoin.
there you're more worried about um so i've been told local police departments that are

(01:37:37):
to some degrees corrupt yeah and might know that you're using bitcoin because you ordered
a trezor in the in the mail or something and with that information they would come to you and try to
invent some sort of crime that you committed to try and shake you down to seizure bitcoin so
seed center allows you to have you know secure bitcoin cold storage with parts that are not you

(01:37:58):
If you order these parts, you could be building a mini retro gaming console, or you could be doing any one of other sort of DIY software projects.
So it helps people who can't get access to hardware wallets or who, for whatever reason, are trying to fly under the radar.
So that's like group two.
And then group three, I would say, are people who are really concerned with, as I've already talked about, the amount of trust that goes into using a retail hardware wallet.

(01:38:33):
Maybe we're wired a little bit differently.
Maybe we're freedom and sovereignty maximalists or whatever, tinfoil hat types or whatever.
whatever, but the model of using a seed signer, the mental model of understanding what the
components do is something that once you've learned it, for whatever reason, it's very
grokkable for people. With hardware wallets, there's this, because they've created the easy

(01:38:59):
button, you don't really understand what is going on behind the curtain, so to speak. So I've heard
this from multiple people to where when they're looking to make a spend using their hardware wallet
and they set the transaction up, they've entered the recipient address in and the fee and the amount
they're going to send and everything. Right before they click the send button, there's this

(01:39:21):
apprehension because they don't know what they're going to do if it doesn't work.
Because they don't have confidence that they understand what's happening under the hood
or that they would be able to reconstitute their wallet and get access to their funds if they were
just had the source material, the seed words in their hands.
With SeedCenter, the way we take you through the process of setting up a Bitcoin wallet,

(01:39:47):
and because every time you make a spend, you are dealing with the seed material,
you have a much higher understanding of what the process looks like.
And if something were to go wrong with your laptop where you had Sparrow,
or if you're using Nunchuck or Blue Wallet on your phone,
and your phone, you dropped it in the pool
or it got stolen from you on the street or whatever,

(01:40:09):
you have just a higher degree of confidence
that with the key material and your wallet backup,
you'd have access to your funds much more quickly.
That makes sense.
I think this is cool.
I need to have a play around with the one I've got
and see what I think of it.
Like I say, what I don't want this to sound like

(01:40:29):
is an attack on hard all this.
Because I think, like you say,
I can understand why someone would want to use this.
I can understand the reasoning.
I think the audience is not everyone.
It's not every Bitcoiner.
And I think people should still feel confident
in using hardware wallets.
So I don't want anyone to go away from this,
like freaking out that their hardware wallet's compromised.

(01:40:50):
But it's a cool project.
And I would, just to push back on that a little bit,
because I don't want to deter people from solutions
that could potentially do them good.
But I would encourage people just to go into that relationship of purchasing a hardware wallet and using it because that's what it is.
It's a relationship.
Be skeptical and go into that with your eyes open and think around the corner as to the implications of some of the information you're sharing or the trust you're putting in a firmware update or any of that kind of stuff.

(01:41:23):
Just trust, don't verify.
We talk about that in Bitcoin, I think, right?
Absolutely.
Trust, don't.
No.
Don't trust, verify.
We do talk about that in Bitcoin.
I think the key theme of this interview is probably it's just all trade-offs.
Figure out what works for you best.
You should think adversarially and make your own decision on this stuff.

(01:41:46):
But this has been cool.
Anything we didn't talk about that you want to?
um i i one kind of aspect that's sort of squishy is uh just my experience with seed signer and
being the lead and the facilitator of an open source software project and experiencing

(01:42:07):
kind of this as a community driven uh project of how i referenced before as i started out
early on, not being a coder and writing this horrible code, but producing enough of a proof
of concept that other people stepped in and built it, it has just been, for me, super

(01:42:29):
satisfying to interact with Bitcoiners in that kind of way building something together that provides real value and something that because we have to have different strokes for different folks We have to have tools for
everybody. And we don't want to have a Bitcoin ecosystem where we only have just one thing,

(01:42:53):
not the other. We don't want everything to be a DIY. And we don't want everything to be just,
you know, commercial and retail solutions that are available. So we serve,
Seed Center serves as this ideological counterbalance to some of the other things, not just
hardware wallet boogeyman, but just in terms of what if there was some sort of
aggressive nation state maneuver to co-opt Bitcoiners and attempt to maybe not go full

(01:43:21):
out 6102 and seize Bitcoin, but to try to just start to encourage people to register
and declare whatever amount of Bitcoin that they own.
It's been important to me to be involved in something
that kind of is a bulwark to tyranny
and pushes back at all of that.
And just the camaraderie of, I would be remiss

(01:43:43):
if I did not give shout-outs to some of the people
that have helped build SeedSigner to what it is.
Like our lead maintainer,
who was the first external contributor to SeedSigner,
and I love how he found it.
Like I, when I made this proof of concept and I'm all on Twitter, like posting videos of how it works and, you know, the richness of the concept or whatever, like he just goes on to GitHub and searches Bitcoin wallet and is not active on social media.

(01:44:08):
And that's how he found our project and started contributing to it, to our lead software developer who's called Keith Mukai, who's a good friend of mine as well, who I mentioned before is the one who his initial open source.
contributions were to Spectre Desktop and integrating harder wallet support into Spectre

(01:44:29):
Desktop because it didn't exist. And he was a technical guy and wanted to have it there. And
so he just stepped up and built it. And then I mentioned people who saw that initial presentation
I made at Bitcoin Miami. There's an amazing UI UX designer. He's a NIMH who goes by Easy or Easy

(01:44:51):
UXD. And he was one of the people that saw that first presentation and then circled around
and contacted me. And his daytime job is a UI UX designer for, I don't want to give the field he
works in, but he works on a national level with products that millions of people have their hands

(01:45:14):
on. And in his spare time, with no expectation of financial reward, has leaned into Seed Signer
and really turned it from this clunky thing that feels like an almost DOS-like interface
to once you build it, it's kind of one of those, the sum is greater than the parts kind of thing
because of the magic and the software and the UI.
We really have a first-class UI if you haven't worked with a seed signer.

(01:45:37):
After you've built one, it feels more like something you've bought than what you've built.
And that's feedback that I consistently get from people all the time is just the beauty of the UI,
the simplicity of it, the graphic-driven nature of it. And we've really put a lot of thought into
the decision tree of using a seed signer in terms of what we give access to and what we,

(01:46:02):
as you talked about with CoinKite, what you kind of hide and make available under advanced settings.
But we really try to pare down the decision tree and make it to where using the device is as much
of a process of securing your Bitcoin is, you know, when you're initially using it, it's also
an education process because it teaches you how to, you know, how you collect entropy to create a

(01:46:26):
private key and then how you create the public version of that private key that you need to set
up a wallet. And then when you import a partially signed Bitcoin transaction, what the elements of
that are and what you need to pay attention to to verify that your coordinator's not trying to
tricky when you're doing something you don't want to do. So I'd just encourage anybody who hasn't

(01:46:48):
used one, SeatSigners is a grassroots thing. And that's okay, because it's generally passed along
from one Bitcoin or to another, primarily at meetups. And it's like you, people who build one
and use it get so excited about it, that they want to build one and give it to a random podcaster
that they've never met before. Like it's just, it's one of those very Bitcoin-y Bitcoin things

(01:47:12):
that you get excited about.
So I'd encourage people to,
maybe it doesn't end up being
your go-to cold storage device.
Maybe you keep using harder wallets
and that's totally fine.
But if one day you wake up
and you plug in your harder wallet
and it says Bricked,
you're going to be super glad
you have that seed tower around
that you can type your seed words into

(01:47:32):
and prove you have access to your funds.
So yeah.
Very cool.
I mean, Bitcoin is building things
is always good.
So where do you want to send anyone
to find you on Twitter or find out more about SeedSigner,
contribute to the project, anything?
Yeah. No, just at SeedSigner on Twitter
is kind of our marquee social media presence.
We're on Noster as well.

(01:47:53):
And you can find a verified SeedSigner account on Noster.
SeedSigner.com.
Please don't go to ne.edu.variance, just SeedSigner.com.
And from there, you can find a link to the GitHub repo,
which is where we provide documentation.
We've also, within the GitHub repo, I've written an independent custody guide that kind of explains in probably a much better well-thought-out format some of the issues that we've been talking about throughout this conversation.

(01:48:22):
It lays it all out in terms of making a case for our vision of cold storage.
yeah through the and we also have on the dot com website a link to all sorts of explainer videos
made from everyone from bcc sessions to all sorts of other people who do educational bitcoin content

(01:48:42):
in a variety of languages that feature seed signer and explain the value of one and how to use it how
to build one how to set it up and all that kind of stuff yeah i can i've not seen it but i can be
almost positive that sessions setup video is probably the best one out there.
He just did a refreshed one within the last couple of months.
So, yeah.
Nice.

(01:49:02):
Well, thank you for this.
It's been great.
Appreciate the time.
Yeah.
Appreciate the invite.
Thanks so much.
No, thank you.

(01:49:23):
Thank you.

All Episodes

What It Really Means to Be Sovereign | SeedSigner

Episode Transcript

Popular Podcasts

Las Culturistas with Matt Rogers and Bowen Yang

Crime Junkie

Stuff You Should Know

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}What It Really Means to Be Sovereign | SeedSigner