Yesterday I received my free COBO tablet, compliments of buying the $100 COBO Vault airgapped hardware wallet. My review of the Vault itself was an arduous disaster. However, this tablet is absolutely amazing and I'll probably end up using it for the rest of my days. I'll come right out and say at the beginning of the review that this thing is an A+ for sure.
https://cobo.com/hardware-wallet/cobo-tablet
Yeah, I don't know what 304-grade stainless steel is exactly, but this thing is extremely heavy and study for its small size.
Though the stainless steel 304 alloy has a higher melting point, grade 316 has a better resistance to chemicals and chlorides (like salt) than grade 304 stainless steel. When it comes to applications with chlorinated solutions or exposure to salt, grade 316 stainless steel is considered superior.
I imagine higher melting point is what you want for a fireproof option.
This thing survives heat up to 2550 degrees Fahrenheit.
House fires only get up to 1500 max.
There are 4 solid steel plates on this thing. Two of the plates slide apart and house the steel tiles that protect the seed phrase. The other two plates create a steel housing widow that lock the tiles into place and let you view the seed without unscrewing the 5 screws that secure it. All four plates are hinged together with a very solid rivet with good friction.
They also give you a nice little screwdriver in order to disconnect the face-plates, arrange the tiles, and the reattach the face-plates to secure the tiles. The screwdriver is small and cheap and doesn't give you a lot of leverage, but I actually view this as more of a feature than a bug because this makes it basically impossible to strip the screws or over-tighten them.
The steel tiles are also impressive. They give you more than enough letters for any possible 24-word seed phrase. They end up giving you 4 sheets like the one above.
https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
Apparently the standard for BIPS master-password seeds is that you only need the first 4 letters of the word, as they are unique.
Each word-slot in the tablet allows for the first four letters, which is apparently all you need. There are also a few 3-letter words, but you can just flip any tile around to create a blank at the end in those cases.
There's also a small hole drilled through all 4 sheets of steel that allow you to lock it physically like you would a diary. I just purchased a luggage cable padlock to secure it.
https://www.amazon.com/gp/product/B07NSX2MD9/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1
Apparently it's approved by the TSA, and we all know how trustworthy they are :D
Conclusion
There's really not much more to it than that. After all, it's only meant to keep 24 words secure. Is it worth $40? I'm not sure. However, I don't really have to worry about that considering I got it for free. At the same time, I'm leaning toward buying another one for real so I have a backup for whatever reason.
It feels stupid to discuss how one secures their cryptocurrency on a public blog, but I guess I just can't help myself. I've created a new seed and secured it into my tablet. I wonder if I can memorize these 24 words. I guess I'll get back to you all on that front.
More on the vault
Because my seed phrase will be connected to my Vault, it becomes less secure. Before I could even create a new seed I was forced to agree to the Terms of Service and Privacy Policy.
The Privacy Policy basically states that they can share information they collect on you for whatever reason, from law enforcement to basic datamining. So what kind of information are they collecting on me?
I decided to take a look at what kind of data is being broadcasted from by vault through the airgap. I used a third-party app to read one of the QR codes used to sync my phone to the Vault.
Very alarming
It appears that this data is encrypted and I can not read it. I knew these QR codes were too big for their own good. The only data my hardware wallet needs to broadcast in order to sync to my phone are the public keys. I'm using 3 different cryptocurrencies (BTC, LTC, ETH) so there are 3 QR codes that cycle.
My third party app obviously caught the 3rd QR code because the index is labeled "3". However, that's about the only data it gives you, as the rest appears encrypted. There is no reason for this kind of encryption. The only information my phone needs is the index, the name of the coin, and the public key. All of that info is non-secure information.
So what is the Vault broadcasting? The serial number of my device? Other random data? Private keys themselves? I would have no idea because of the encryption. So shady. This is especially true considering they can force a firmware upgrade and I would have no idea what code changes were made and no way to filter the data being broadcast by the Vault.
Not to mention all the data that the phone app itself is broadcasting to whatever servers.
It does have access to my camera any many other variables, after all.
What I originally thought would be a foolproof device that I could store all my crypto on without worry has turned into a solution that I only feel comfortable holding 5%-10% of my assets on... which is fine and still totally worth $100, but still somewhat disappointing.
Blockchain Fees
Another interesting little aside on this journey was revisiting the fee structures of BTC, LTC, and ETH. Originally the other day I showed this graph:
https://peakd.com/bitcoin/@edicted/inevitable-overflow-on-the-horizon-revisiting-trickle-down-theory
These numbers are totally wrong. It seems like all the websites that calculate fees aren't actually calculating what the blockchain charges, but rather what centralized exchanges are charging. This is a difference of x10.
These websites say the average Litecoin fee is $0.016, yet I was able to do it on chain for a tenth of a penny. Likewise with Bitcoin, it says the average transaction is $2 but the COBO app tells me I can get away with 21 cents (50 sats per byte). I think it's strange that these websites aren't actually calculating the fees that are being generated on-chain. Very weird.
To be fair, COBO customer service has been very good, especially considering they are a company out of Hong Kong and English is clearly not the default language. Also, as we can see, they actually read my review on Steemit (even though I gave them a peakd address, lol wtf). They even responded to it on the Steem blockchain. That's cool I guess.
Of course, I won't be responding to that email directly because I don't believe in just handing corporations free information that they can in turn profit from. But still, yes, the customer service was great, even if I can't trust the product nearly as much as I thought I could.
However, we can always trust cold hard steel.
Seriously though this tablet is awesome. It's funny that the most excitement I got out of this little adventure was due to a lifeless piece of steel made out of 4 stainless plates for the low low price of zero.
Wow! I must admit this thing sounds pretty bad ass!
I wasn’t sure what this was until after I clicked your link.
I share your concern about what they are broadcasting on you behind that encryption. Perhaps if the government decides your a crook or a terrorist, those are your keys? Or it could be your shoe size or some other mundane shit...but this is crypto...who fricking knows.
I been studying this stuff two years and I continue to be impressed with how deep and wide this crypto rabbit hole is...who can possibly master it all?
Thanks for the info
Posted Using LeoFinance
Truly, no one.
However I'm sure many will try.
People like us will end up lifers.
As for the encryption, everything broadcast by a hardware wallet should be public information, that much should be obvious. They really have no excuses for this except to hide some shady shit they are doing. So annoying.
The stainless steel plates have an embedded camera, computer and broadcasting array!
Well, i wouldn't doubt it could be done if you really really wanted to get keys that bad, but that's a lot of work and cost...
I like the metal case. Your seed phrase won't be destroyed very easily by anything.
However, it screams seed phrase holding device.
So, what do you do with it?
You put it in a place that will be secure to most fire and theft anyways...
To who? I could show it to 100 people on the street and no one would know what it was, even if I opened it. By the time we go mainstream I'll have plenty of seeds memorized or money locked in smart-contracts like Hive Power and CDP, or even multi-key sigs.
Probably to the 0.001% of people like me who are engineer-type crypto-lovers.
I would recognize one of these laying on a junk filled desk in an instant.
I forgot everyone is not like me.
What i haven't ever figured out is a storage method that lets you know quite quickly that it has been breached.
That’s cool, I wouldn’t mind getting a steel wallet to store shit like that. It’s damn fireproof lol if you have to worry about corrosive chemicals instead of fire you’re fucked anyways.
That is pretty shitty you have no idea what the hell is being transmitted out from the app or the encrypted things they are sending. I guess that’s what happens with some companies. They give you a way to do something but they take things they don’t tell you anything about.
Yes, it's obnoxious, but all this greed leaves plenty of opportunity for the little guys like me to come in and do it right (Open-source do-it-yourself Raspberry Pi solution).
Yeah since reading your raspberry post I am planning on buying one for sure! I don’t know when but it’s on the list of things to get.
Need to upgrade some home work infrastructure, I might be transitioned to permanent work from home so that could be really sweet! Don’t want to get my hopes up but fuck does Comcast hate me, I was getting 5mb download speeds the other day trying to work it was brutal.