BitLox CEO: Wallets should be anonymous and completely under the user’s control
In a new interview with Dana Coe, who is the CEO of bitcoin hardware wallet BitLox, he talks about all things bitcoin, including his background and BitLox wallet security.
The interview is with BloqueZero, which is a Spanish news website focused on bitcoin, blockchain tech and digital currencies in Latin America.
BitLox is one of several bitcoin hardware wallets to come to market in the past year. Some of the more better known wallets in this space which may ring a bell are Keep Key, Trezor, and Case Wallet. This market has become somewhat competitive with new hardware wallets entering the space trying to set them apart from others, for example Open Dime which calls itself the first disposable hardware wallet of it’s kind.
The interview is transcribed below and roughly translated with some edits and omissions to make it readable to non-Spanish speakers. You can read the full untranslated version here.
Mr. Coe, so what’s your story before BitLox?
I grew up in a rural town in Maryland, United States. I’ve always been a person of science, first with encyclopedias, and later in school. I studied some science subjects at school, I attended a university in the United States, but I really started taking it seriously when I decided to go to Germany in the 90’s and learned German and studied Chemical Engineering. The second half of my internship was in China, where I first got to know this country that I have lived in now for almost 14 years.
In the late 90’s, I was in the U.S., where I worked for NCR and then for an Internet start-up. In 2002, I was able to fulfill a desire I had for a long time, to go back to China and do business there.
In 2014 an old friend suggested that we develop a hardware wallet completely with characteristics that were unheard of at the time. Ergo the genesis of BitLox. As my previous company was in a recession due to the global financial crisis, I decided on a change of course and then saw me totally committed to the development of BitLox.
So if BitLox began in 2014, it has been two years of pure development?
Right, we spent about 1 year with the hardware and 1 year for the software. Of course, there were some false starts and had to make corrections, but we managed to stay on track to make the product for end users. For example, we had to switch micro-controllers at 6 months since the original chips were not fast enough for cryptographic calculations needed. This forced us to rewrite our own layers of translation of chips in the code.
There are other hardware wallets on the market, I have the perception that each emphasizes a unique feature, so to speak. Is there a unique feature that sets BitLox apart from your competitors and match the main line of features?
I like to think that we are unique in the fact that we have all the features included in a very small format. Certainly there are smaller designs, but none of them come with full keyboards and screens full matrix. The reason why we include these features is that users never have to enter anything sensitive on their computer or mobile device, where security could potentially be compromised. The truth is that we defend the concept that a wallet should be as anonymous as possible, where the contents are completely under the user’s control, not under the manufacturer or service provider.
So the idea behind BitLox was effective in all aspects, avoiding sacrificing any features in favor of another?
When we thought about the features we wanted to include, it came down to the question, “What would I like in a hardware wallet?” Not only wanted something with an attractive and pleasant appearance in one hand, but should also be safe, something that is absolutely essential when it comes to money. For most users of Bitcoin, it is not entirely clear that if they lose their funds, there is no central bank or backup authority where to file a complaint. The user has to be fully responsible for the security of their funds. We try to make that security is reasonably simple. With BitLox, it is not sacrificing any feature.
I’ve seen the video in which the device works under water, which is just awesome. This was the first time I visited your website and there I saw that you offer three different wallet models. Seeing the price I realized we are talking about three different leagues of products, how do you explain them?
The BitLox product range so far consists of 3 levels: Advanced , Ultimate and Extreme .
The main difference lies in the materials of the case, the version “Advanced” is made of aluminum. “Ultimate ” is strongly built of titanium. This material has the advantage of being as strong as steel, and instead is only a little heavier than aluminum. Also exhibits an incredible resistance to corrosion and deformation. The idea is that no one will have to worry about throwing a pocket and take it along with other things all day.
The devices are durable enough to withstand abuse in high amounts. Metal housings, together with the fact that the electronic part is embedded in an epoxy matrix/silicon, is which allow them to support easily be pushed in a hip pocket and not deformed.
Finally, the “Extreme” version goes a step further and includes a USB with military-grade encryption auto chest. Powered with an internal battery, it has a keyboard input to unlock the contents of the flash memory – and without drivers. We ship these units preloaded with Tails OS (enhanced for privacy-enabled Tor Linux version), allowing users to boot from any computer with them for perfect privacy when Bitcoin transactions are made. Once the unit is removed from the computer, any trace of what the user was doing disappears forever, as the boot drive is read – only, leaving nothing on the computer where it runs.
Does the BitLox wallet come entirely as a stand alone (completely autonomous) device? It does not require computers? To what degree does this happen? Is it possible to use it in conjunction with other software wallets?
BitLox doesn’t necessarily need a computer or mobile app. The BitLox device can not connect to the Internet itself, it is only a signature device. Transactions must be mounted by blockchain applications using public data. At the moment we are exploring ways to connect the BitLox to wallets such as Multibit, etc.
Is BitLox open source, why?
BitLox applications are used to communicate with the blockchain (Chrome/Web/iOS/Android) and are open source. They are available on Github.
How does BitLox keep my payments safe? How good is this multi-layer system to protect my savings and my privacy?
Anyone using bitcoins should be aware that their funds are as safe as it is your private key. With the BitLox wallet any possibility that your private key becomes vulnerable to extraction and commitment of it is removed.
And if I had the misfortune to lose my device, could you recover the wallet containing my savings?
If someone steals your BitLox or it is lost or destroyed, the question is simple: rebuild your wallet from a mnemonic phrase. All funds will still be there.
Working with USB/Bluetooth: How vulnerable would be BitLox against an attacker who was trying to steal or obtain leaked information?
Anything that is transmitted via USB or Bluetooth from the host computer is built from public data. If this were intercepted and altered, BitLox would show the alteration in the display when payment information is presented.
Is there any possibility of data leakage when operating? How does the hardware work inside to avoid this? Who encrypts and decrypts the data?
The side channel attacks require an extremely close proximity to the device. In addition, the BitLox wallet does not decrypt any wallet without the correct PIN being entered – so the rightful owner must be present.
Mr. Coe, this is the last question. Would you like to share the latest BitLox developments?
There’s a great thing that we added in our last firmware update. We have implemented the code to protect mnemonic password phrases. Imagine the possibilities we get with this. A really cool feature is that you can have multiple wallets tied to the same mnemonic phrase!
For example, with a mnemonic we could restore a wallet and put some money there, but also adding a password to the same mnemonic we could rebuilding a new wallet, which guarantees many new security modes, since with varying degrees of password length new wallets could be hiding behind another we want to make visible.
