An Open Letter to NVK and Coldcard

An Open Letter to NVK and Coldcard

I wrote this blog post almost three years ago. I decided not to publish it at the time because it seemed like NVK was backing down, and I don't do drama.

Now though, with mainstream influencers like Matt Odell publicly weighing in on Foundation's origin story, I think it's time to put this matter to rest by publishing my original post.

When developing Passport Founder's Edition, we originally intended to fork the Coldcard repo. Instead, we ultimately created a fresh MicroPython project and ported over numerous open source files from Coldcard's repo. This has been noted on our Github since release.

Passport proudly builds upon excellent open source projects like MicroPython (the OS), LVGL (graphics), Trezor (crypto libraries), Quirc (QR decoding), QRCode (QR creation), and Blockchain Commons' UR standard (for separating data into multiple QR codes). Open source is core to our ethos – we contribute upstream as we build, and everything we create is open-sourced in return.

Over the last three years we've shipped thousands of Passport hardware wallets, launched a second-generation Passport with amazing improvements, and released our Envoy mobile app (soon to be a standalone Bitcoin mobile wallet!). We've raised $10M of venture funding and are working on new hardware and software offerings. We are just getting started.

Below is the blog post I wrote in August 2020, unedited and unmodified.

Dear NVK and the Coldcard team,

I’ve admired you and your work for many years — and have purchased numerous Opendimes, the Coldcard Mk1, and the Coldcard Mk3. We’ve interacted on Twitter since the beginning of 2017, when you helped educate us Bitcoiners on how to signal for UASF.

I’ve watched your talks, retweeted your Tweets, and have learned a lot from you as an early Bitcoiner. I’ve given Opendimes as birthday and wedding gifts. I’ve recommended Coldcard and used it to safeguard my sats.

You and your Coldcard team have developed what is, in my opinion, the most secure Bitcoin hardware wallet with the best security architecture and tradeoffs. And you made the firmware open source under GPLv3, which helped me understand the importance of open source hardware to Bitcoin and the world. You helped shape my worldview.

Notably, back in 2018 when you brought Coldcard to market, I defended you against criticism from Trezor about your GPLv3 firmware.

By adding some of Trezor’s GPLv3 code to your firmware, and properly open sourcing your firmware as GPLv3, you respected and honored their FOSS license and were 100% in the right moral position.

In April of this year, I and some of my teammates quit our jobs to start Foundation Devices. We left in the middle of a pandemic (which is a pretty awful environment for starting a new company) and worked our asses off to scrape together some angel investor capital in order to fund development of an open source hardware wallet targeting nontechnical consumers.

Over this decade, we hope to release numerous open source hardware products — including wallets, nodes, semiconductors, phones, and computers — and ultimately compete with the giants like Apple. It’s a very long-term mission, and we are in it for the long term.

We’ve built our entire company brand, strategy, and philosophy around FOSS and FOSH (free and open source hardware) and have worked to educate the Bitcoin community on the importance of open source.

Our first blog post discussed why we launched Foundation Devices:

This is why we started Foundation — to make beautifully designed, open source hardware for Bitcoin and the decentralized Internet. To bring great design and UX to hardware wallets, nodes, and more. To allow mass consumers to securely use and store Bitcoin while maintaining their sovereignty. To help our industry cross the chasm while staying true to our founding ideals.

We call this open hardware. And we are excited to bring it to the world.

Our second blog post discussed the importance of open source hardware:

Closed, trusted hardware security models no longer work in a Bitcoin world!

So what do we do? We build open source hardware. We start by designing products with more trustable components, assembled in a more trustable USA-based facility. We produce open source, legible circuit schematics using a respected license like CERN’s Open Hardware License. We publish all firmware as open source under MIT or GPL3 licenses. We clearly identify the components that require trust, such as the processor and secure element, and we work to source or build our own components that are more open and trustable.

Over the last four months, our team at Foundation Devices designed an elegant and secure Bitcoin hardware wallet called Passport. The electronics and industrial design are completely from scratch. The only key part in common with Coldcard is Microchip’s 608a secure element. Even the STM processor is different and has a different pinout (though it is from the same family). We summarized Passport’s novel hardware features in a thread:

When deciding how to approach the firmware, we had two key options. Option #1 was to do the firmware from scratch. Option #2 was to fork an existing FOSS firmware base (GPLv3 or Apache 2.0) from Coldcard, Trezor, or BitBox.

We chose Option #2 because it would allow us to get to market faster and would hopefully allow us to deliver something more secure — as whatever firmware we chose to fork would have been battle-tested on the market for at least a couple years.

Our team chose Coldcard’s firmware because it’s simply the best security model, is respected by the Bitcoin community, and is PSBT-based. We set out to make many changes, which are still in progress — and we have about four more months to build on your firmware base before our target ship date in December. We still have a ton of work ahead of us, but here’s a summary of what we’ve done so far:

Our firmware is on Github here, licensed as GPLv3. Our hardware is on Github here, licensed as CERN-OHL-S v2.

When we announced Passport publicly, both on our website and on some podcasts, we noted that we are using the same firmware base as Coldcard and the same security architecture. This is accurate — we use an STM processor and a Microchip 608a secure element. This does not guarantee that Passport’s will be as secure as Coldcard, however, since we have made and are making numerous changes.

We expected criticism. We thought you’d call us out on being new to the hardware wallet space, or that making changes to your firmware base does not guarantee that Passport will be as secure as Coldcard.

But what we weren’t expecting is libel and attacks on our character, calling us a “pure clone” and “leeches” and accusing us of “affinity scamming” — while also telling your community that we are closed source, only changed the UI, and cloned the bootloader.

Official Coldcard Telegram group
Official Coldcard Telegram group
Official Coldcard Telegram group

As a hardware expert, you know that Passport is not a clone. It looks nothing like a Coldcard. The keypad and navigation are different, the screen is different, there are integrated batteries and a camera, and much more. With these different components, it’s impossible for even the bootloader to stay the same. You know that our novel design necessitates massive changes to Coldcard’s base firmware. Yet you chose to spread falsehoods.

Passport looks nothing like a Coldcard and only shares one key component

Moreover, Coldcard’s firmware is licensed as FOSS under GPLv3! Anyone is welcome to fork the code and make any desired changes, as long as they in turn open source their code as GPLv3. We are saddened that you are planning to move away from GPLv3 — we are sticking to it, and anyone is welcome to fork our hardware designs (months of work) or our firmware and use them as they wish, for commercial or noncommercial use.

We are not expecting an apology. But we’ve worked day and night over the last four months to design Passport, and we’ve taken a lot of risk by quitting our jobs to dive into the Bitcoin ecosystem full-time as startup founders. This is not the right way to treat new entrepreneurs in the Bitcoin space who are working on FOSS and FOSH. This is toxic and hurtful, especially when it comes from a leader we’ve admired for many years.

Our team would appreciate if you lay off the character attacks and untrue statements. Let us know if we’ve done something wrong. But in an open source world, we need to build on each other’s work in order to bring Bitcoin to the masses.