[lanstin]

good luck building a good UX for a financial system where a small OpsSec error can wipe out your family's fortune.

And you need the private keys to conduct business so obvi they can exit the HSM

And if my 1M USD bitcoin is in some hardware wallet, won't that just incentivize someone to kidnap my kids until i send bitcoin, much like bitcoin breathed new life into ransonware economy after banks mostly shut it down?

Perhaps, despite the examples of ICOs, EVM smart contracts, NFT rugs, and the general flood of fake discords and so on, people assume the central banks and retail banks are a bigger threat than the criminal minds attracted to untraceable and unreversable payment methods?

[lmm]

> And you need the private keys to conduct business so obvi they can exit the HSM

While I agree with you in general, this is false; the whole point is that the HSM can sign transactions using the keys inside it but will never expose them to outside.

[lanstin]

Touché on the use, but you propose a non transferable wallet? Or will it replicate to other HSMs with certain credentials? Will the car dealership owner people them replicated cross availability zones or to diverse geolocations? And will the HSM replicate the keys to a hacked HSM if I get the signing keys from an employee of the HSM with a promise of 10% of the winnings?

[lmm]

I'm not proposing anything, and I think these are hard problems. Potentially there are solutions to some of the things you say, but ultimately it's hard to escape the choice between trusting some entity and being able to lose your keys.

[lanstin]

My point is that for large important financial amounts, irrevocable transactions are terrible UX.

For instance, my retirement now such as it is, remains pretty safe. I would have to read some financial meme (in the old sense of reproductive ideas) online and go thru a number of complex paper work steps to remove it from the boring fiat place it is now and send it to a much riskier place. The massive too big to fail institution could fail and not have 401ks bailed out, or society could collapse.

If it were some digital wallet, I could loose it just by signing something unrelated to “take all my money” with my private key and boom my wife and my self and my kids and other dependents are SOL.

Given that I have to trust society not to fail anyways to enjoy “stored value” where all value is embodied in and protected by society, i can’t find a way in which the irrevocable transactions benefit me more than the risk of my own laxness and occasional errors endangers the well being of my loved ones.

[_xrp0]

I don't understand your response. I wasn't debating the intricacies of self-sovereignty. I was pointing out that your understanding of hardware wallets is wrong.

> good luck building a good UX for a financial system where a small OpsSec error can wipe out your family's fortune

Define "small" lol

[lanstin]

You are correct that the key need not leave the HSM to transact, touché. However it is an essential property of valuable keys that they can be extracted for backup or replacement of the HSM, and often for availability. At least the various HSM systems I have worked with.

As I understand it, people have lost their wallet contents due to trusting email, Discord, DNS and SSL protected websites. So if there is no basis for trusting the other parties in an online transaction, it seems any action whatsoever could lead to financial ruin. Even moving my assets to cold storage makes the scenario that my heirs forget how multiparty sig recovery works or just some eager relative throwing away the box of USB drives away.