I’ve been taking a look at the new BlockStream Jade Plus and honestly it looks quite neat.
Could the Foundation team or some of our lovely community members speak to some of the features, design choices, pros and cons and how they stack up against the Passport Prime and/or the Batch2.
I’m especially interested in hearing your thoughts about the blind oracle (PIN protection), Anti-Exfill and the so-called ‘Genuine check’.
At the end of they day there are probably trade-offs for any solution and in a multi-sig setup it could make sense to combine the Passport with other HW wallets but I would be very happy to hear your opinions.
I have the Blockstream Jade Plus (and original Jade). In my opinion, I do think the Blind Oracle is an interesting concept – but one problem with it is that it runs on Blockstream servers, and you need to trust that Blockstream servers or your firmware isn’t tampered with. In theory, the genuine check could help with that, but still, you need to trust Blockstream. I setup my own Blind Oracle using an umbrel node, and it is still very new/in beta – there are a few differences/loss of functionality when you use your own blind oracle compared to using Blockstream’s, which I don’t like.
One thing I will say after having the device in my hand is that it is still very much a hassle to type in your recovery phrase on their new device, unless you use seed QR (which, who uses that? It can be lost/destroyed in a fire). The value of a touchscreen is extremely underrated, both for key recovery and also for adding a passphrase. The Jade Plus has a nicer screen and camera compared to the Jade, but I think the Passport Prime will be in it’s own category compared to the Jade/Jade Plus. The Prime is much more expensive though.
The Prime could potentially support more assets in the future other than just Bitcoin (compared to the Jade, which is only BTC / Liquid). And while there are some chips in it that are not fully open source – the rest of the device is, allowing for proper protection and verification that your OS is running what you expect.
Prime has tamper protection, so that should be equivalent to the Jade’s anti-exfil. I’m not sure about the Genuine check – so maybe someone else could comment on how that’s done for Foundation. I’ll say that it’s assembled in the USA, which is better than most other products – the Jade is made in China from what I’ve read.
+1 to all @RadRedRover said. Regarding the “Genuine verification”, I am not sure how Jade does it, but I presume our equivalent would be the Supply Chain Verification, you can read more about it in our documentation. Essentially, we install a private key in our US manufacturing facility that only our trusted manufacturer knows. Doing a QR scan and check with Envoy, you can verify if the device come out of the factory untouched, or if it has been tampered with.
I personally find the blind oracle pin on the Jade Plus slower than a regular PIN entry and it becomes even slower when you need to use a web page or Green app. This really degrades the user experience, in my opinion. Additionally, I’d prefer the largest practical screen to avoid errors; and the ability to save more than one seed. I got the Jade to play around with and am not happy and will be giving it to child in the family.
Jade’s anti-exfil does not provide the same benefit as a device with an SE. You can read about anti-exfil from Blockstream or Bitbox docs and blog posts. AFAIK, anti-exfil key building/stealing from spending is a theory that has not been found in the wild.