Last July, payments startup/giant (can you be both?) Square announced that it would be developing a hardware cryptocurrency wallet. The prospect of a wallet designed by the same folks who build the world’s fastest-growing point-of-sale technology promised exciting advances in ease of use and adoption. And that was months before Jack Dorsey flipped the tech world table by resigning from Twitter to focus on Square (now Block) full time, even further upping the stakes.
But, for perhaps the first time in Dorsey’s yearslong flirtation with Bitcoin (“crypto,” not so much), there’s a significant disconnect between his plans and crypto long-timers’ preferences. In a Friday blog post, Block announced that its hardware wallet would make fingerprint identification the primary and default method for users to access their funds. Block does say it will “evaluate additional access methods that customers could opt into.”
At least in the case of consumer goods like cellphones, the motivation for adding biometric access control is usually simple convenience, but the ultimate implications could be dire. Another Web 2.0 holdover, Sam Altman, a former president of Y Combinator, a firm that helps funds tech startups, introduced a token called Worldcoin over the summer of 2021, and critics including Edward Snowden pointed out that the scheme would risk exposing users’ biometric data with potentially severe and permanent consequences for victims. When the ruthless capitalists at the American Enterprise Institute think your plan is anti-social, you know you’re in trouble.
To be fair, the Block plan is different from Worldcoin’s in crucial ways that make it more defensible. In part because the planned wallet is a single-user device, it will be able to create and store its biometric credentials locally, as your phone does. Worldcoin, by contrast, seemed likely to require a centralized database of iris-scan hashes, an absolute five-alarm fire of poor security architecture.
But even local processing and storage is a real risk – ultimately, no local data that can be reached via the internet should ever be considered truly secure. And the literally lifelong consequences of a compromised fingerprint make even the remotest exposure worth seriously interrogating.
Equally worrisome, making a fingerprint the main way of authorizing a crypto wallet could mean less emphasis on private key management. That could introduce an added risk vector for users: if your hardware wallet is the only home of your private keys, and that hardware is controlled by a fingerprint, the risk of losing all your money just went up rather than down.
Block seems well aware of the risks here, based on both the content and timing of the announcement. “We’re aware of limitations [of fingerprint security] we’ll need to design around,” the announcement states. And in the communications business, Fridays are when you drop news you don’t want anyone to pay too much attention to – reporters are largely finishing up their assignments and looking forward to a blissful weekend. So it’s a good bet Block was seeking to minimize blowback here.
All that said, Block is trying to thread an extremely tricky needle, and its current plans deserve a thoughtful rather than knee-jerk response. The announcement post makes clear the priority was to design a wallet that can be used “securely, but with ease,” balancing user experience with safety.
“We don’t want to force new behaviors on customers with a novel interface on the hardware component of the wallet we’re building,” the announcement continues. “Instead, making the mobile application the center of the experience will lead to familiar, intuitive interactions.”
For better or worse, we’re very used to using fingerprint unlocks on smaller devices. So using them makes absolute sense from a Silicon Valley hardware designer’s perspective. The presumption that something should be a mass-market product, ideally usable by even the slowest kids on the bus, is baked into the business models and culture of even relatively agile entities like Block.
