Ryder: introducing the first functional wearable hardware identity wallet
Over the course of the past months I have experienced increased interest in my hardware identity wallet project. In my last post I expanded on why we need separate devices to carry our decentralised identities and gave a preview of what such an authentication flow might look like. Since then, I started receiving multiple messages per week with comments and feedback, but also questions regarding the direction of the project and how & when people can get their hands on one. I am very appreciative of the continued interest and support. I held off on giving details as was still evaluating whether the concept I had in mind was viable. Sometimes no news is good news, but today I can finally reveal my vision of what such a device could look like in the very near future.
That vision is “simple”: a wearable hardware wallet with a great user experience.
The image above is not a concept rendering, it is a real physical device that exists today and is fully functional. Here is a video of it in action:
The Ryder prototype 2 communicates securely over Bluetooth and performs the authentication key exchange after explicit approval by the owner. It is possible to use a USB connection as a fallback in case the battery is low. Authenticating is easy and secure, anywhere and on any machine.
Commonly asked questions
Why a hardware device?
See my previous post, some software solutions may be good intermediary options but users should not be trained that it is OK to enter their private keys or seeds into any website. The Blockstack Browser and Blockstack Connect are no different. We learn time and time again that it is a bad idea:
If you run a website, web extension, or something else, do not allow users to enter raw private keys, mnemonic phrases, or keystore files into your product. It is harmful to allow it and users need to learn from the very beginning of their journey that it’s not a safe method of accessing their funds.
It is a fundamental issue that is arguably even more important when it comes to decentralised identities as these will serve as the gateway to vast amounts of highly private data. It has to be addressed right from the start.
Does a separate hardware device not lead to a worse user or on-boarding experience?
It depends on who you ask. I concur that using a hardware device generally does not provide the same streamlined user experience as using a web wallet. It always comes down to the trade-off between security and usability. Current crypto hardware wallets have a very heavy focus on security and are thus willing to sacrifice some user experience. Still, that gap can be bridged, which is what I am aiming to do with the Ryder device. Far removed from the relentlessly insecure web wallets but not as extreme as air-gapped stateless crypto hardware either; thus (hopefully) arriving at the desirable middle-way. As seen in the video, authentication demands nothing but a tap.
Does using a hardware device not necessarily lead to increased user input to authenticate or perform other actions?
It does not have to. The answer to this question comes down to the user flow of the device. You do not need to login continuously when using most websites. Casual websites keep an active session whereas banking websites mandate enhanced security practices. In the same way, the Ryder can stay unlocked for a user-definable period of time. Security policies can further restrict the unlocked state to specific dapps and connected devices. It is conceivable that dapps may suggest a security policy to the device with the user having the final say.
Why not simply use a smartphone?
Using a smart phone is definitely a big step up from simply storing your identity wallet in the browser and it will be good enough for most people. However, the attack-vector of smartphones is a few orders of magnitude larger than that of a dedicated device with a very limited instruction-set. It is possible that future smartphones could offer an interface to insert identity devices, taking the role of external trusted platform modules.
But in the end, users still have to purchase a hardware device which is a hurdle to adoption.
True, having to spend money and carry a separate device is always an added hurdle over simply using software. Whether this is acceptable comes down to the user. Some identities are simply not as important as others. With the Ryder, I am also looking at the future and long-term goals of web3. The first televisions did not have remotes and people thought it to be ridiculous when these where introduced. One could simply get up and walk over to the television to change the station. Nowadays, people cannot imagine a television without one. Similar parallels can be drawn regarding mobile phones and smartphones. Right now, you and other people carry conventional wallets containing your ID cards and bank cards. The shift to digital ID wallets is likewise only a matter of time. Once people start storing highly sensitive private information in dapps, casually keeping private keys in web storage will be a thing of the past. Blockstack is at the forefront of web3 development and such devices are a vital part of that movement.
The device fulfils the minimum required functionality to provide a good indication of a what the final product could look like. Matters such as PIN unlock, paired device management, security policies, and so on, are not the highest priority at this time. Naturally, a wearable wallet is but one way to do it. Others might prefer something they can stick in their pocket or traditional wallet. The next step is to start exploring options for user testing. I would love to get more of these prototypes out there for those with serious interest in building on the Ryder.
I have arrived at the point where I will need some form of funding to move forward. If you want to help make it a reality, consider spreading the word on social media or expressing your support for the project to the Stacks Foundation. There is still a way to go but the technology has been proven, now we just have to put in the resources. The final product can then be fully open-sourced for the benefit of the entire web3 space. In the future, devices such as these will be able to deploy and interact with smart contracts, securely unlock your front door, start your car, and other things we cannot even imagine at this point.
Contact me on Twitter via @MarvinJanssen if you want to help or learn more.
Sign up now
Interested in getting your hands on an early prototype? Please sign up for updates on https://ryder.id.