Open Source Security and Hardware Obsolescence | by SatoshiLabs | Trezor Blog


Throughout the last few decades, hardware standards have changed at a rapid pace. From VHS tapes to 6-pin PS/2 ports for computer peripherals, lots of technologies have become obsolete and been replaced, which can be a problem when you need to retrieve something precious stored on them.

Hardware obsolescence is a consequence of intensive technological innovation. This phenomenon doesn’t always have positive effects. For instance, let’s say that you bought a vinyl record of your favorite pop singer in 1983, but the music was never remastered for digital formats. So you possess a physical analog copy which wears out over time and requires hardware that’s increasingly hard to find. This means that at some point in the future, you will not have any means to enjoy the content and everything will be lost forever.

The issue here is the reliance on intellectual property holders to remaster and re-release their catalog on new hardware. Millions of vinyls and VHS tapes have never been digitized for our modern times, and it would be illegal to reproduce and distribute the content without the consent of the intellectual property owners. While the work of individuals who bring something of value into the digital era is admirable, their unauthorized efforts may get sanctioned by piracy laws. Even institutions focused on preserving our digital legacy face constant legal hurdles related to their collections.

Hardware obsolescence, accompanied by patents and licenses, is detrimental for our culture and evolution. A lot of information gets left in the dust and we may never know what we’re missing out on. We rely too much on corporate curators to determine what should get re-released and what should be forgotten.

This is why, in the corporate world, the relationship between hardware and software is complicated. This is something that open-source software fixes. When the content is available for free and can be distributed, modified, cloned, and stored on millions of devices without any legal repercussions, it’s far less likely for the information to ever disappear.

Furthermore, the software will be available on the hardware devices of the future and, if there are compatibility issues, then any coder can create a port or some kind of emulation. Trezor spearheads this movement by focusing on industry-leading software security standards that anyone can use for free. This is one of the best ways to advance science and research in a way which best benefits the end user.

The devices themselves are open source to the point that official DIY guides exist for the purpose of enabling anyone to build their own hardware wallet. And to accomplish this feat, you can use affordable, common and general-purpose parts that are easy to find and verify.

Why is Trezor doing this instead of applying for patents? First of all, it’s because the founders believe in the power of open source and also have backgrounds in Linux development. If anyone can contribute by suggesting improvements and even by launching competing products, the hardware and software designs become stronger. Everything gets tested by a greater number of experts, and this results in more feedback that only strengthens the security.

Speaking of security, Trezor always believed in offering a product that can prove it does what it claims to do. How can anyone trust in something that can’t be verified by anyone, with the exception of the manufacturers? Would anyone knowingly install a security camera whose live feed and storage can potentially leak data? Would you secure your house with a lock that nobody knows how to fix or break, and might as well lock you out, too? There’s a lot of value in universal standards whose limitations are known and can be supplemented in other ways that don’t add unnecessary sophistication.

Now let’s get back to the issue of hardware obsolescence. What happens if Trezor somehow goes out of business and you aren’t able to buy any more hardware wallets? Well, the hardware schematics will always be there so you can build your own device.

What happens if the USB ports become just as obsolete as Firewire and PS/2? To fix the connectivity issue according to the latest technologies, any engineer can modify the external port while preserving the rest of the schematic.

If the hardware were to disappear for various reasons, the free open-source software will exist for as long as the internet is still around and people are willing to host data from their computers. You will never need anyone’s license or permission to use it, modify it, and share it around.

Trezor’s mix of open source hardware and software removes the need for blind trust and nurtures security innovation. Just like Bitcoin, the code is completely open source, has been verified by thousands of security experts, and has been subjected to many forks and upgrades. The same spirit of transparency is also applicable to the hardware, as you can independently verify what every part does.

For various reasons, today’s Trezor hardware wallets may become obsolete in a few decades — just like VHS tapes or audio cassettes. Hopefully, Trezor will still be around to provide easy updates which allow you to switch from the old security standard to the new one. But, even if Trezor somehow ceases to exist, everything is still open source. There will always be someone who can maintain the software to make it compatible with the latest hardware, and the software itself can be operated on custom hardware and computers.

When you make something useful open source and let it spread in the wild, it’s pretty safe to say that it will probably never die. The recent youtube-dl software scandal shows how easily controversial code can be immediately preserved, in this case by preservationists at the Internet Archive, while rights groups defend the software’s legal applications in court.

But what if you can no longer purchase a Trezor hardware wallet? It may be due to Trezor shutting down for some reason, or it may happen due to trade restrictions that won’t allow us to send you a new hardware wallet.

Let’s say that your government becomes authoritarian and bans Bitcoin. By extension, Trezor hardware wallets also become illegal. So what if the Trezor that you already own happens to break or you must destroy it during a government raid?

Well, you can still source the parts to build your own Trezor and recover your BIP39 or Shamir wallet. The good news is that the electronic components are general-purpose and fairly easy to find. To build your own Trezor Model T, you’re going to need a dev board, the STM32F429I micro controller unit (MCU), a capacitive screen, a bunch of USB and micro SD connectors (which are very common), and the patience to put it all together.

The parts are common and can be used for all sorts of DIY projects. So when you purchase them, you have some plausible deniability if your government turns against Bitcoin. You could even order some purposely-misleading parts to imply that you’re working on something else or have no idea what you’re doing.

After you assemble the parts and build your own Trezor hardware wallet, it’s time to add the most important part: the software. To protect your privacy, you should try to use the Tor browser for all of your Bitcoin interactions. So clone or fork our code from GitHub, make sure that your connection is safe and preferably store the files in a computer that’s not connected to the internet (or an external hard drive that you unplug when your computer is offline). The Trezor Suite wallet works natively with Tor so you can mask your connection with a single click.

Hardware obsolescence may affect the majority of your electronic devices, but as a transparency-first security company, Trezor is exempt from the consequences. The hardware wallets can easily receive upgrades to the latest connection port specifications, and the code will always exist for you to download and build your own device. Thanks to our open source ethos, accessible Bitcoin security is here to stay.



Source link

Comments (No)

Leave a Reply