edicted Blog Banner

edicted

COBO Tablet Review

Yesterday I received my free COBO tablet, compliments of buying the $100 COBO Vault airgapped hardware wallet. My review of the Vault itself was an arduous disaster. However, this tablet is absolutely amazing and I'll probably end up using it for the rest of my days. I'll come right out and say at the beginning of the review that this thing is an A+ for sure.

t2.png

https://cobo.com/hardware-wallet/cobo-tablet

Yeah, I don't know what 304-grade stainless steel is exactly, but this thing is extremely heavy and study for its small size.

Though the stainless steel 304 alloy has a higher melting point, grade 316 has a better resistance to chemicals and chlorides (like salt) than grade 304 stainless steel. When it comes to applications with chlorinated solutions or exposure to salt, grade 316 stainless steel is considered superior.

I imagine higher melting point is what you want for a fireproof option. This thing survives heat up to 2550 degrees Fahrenheit. House fires only get up to 1500 max.

There are 4 solid steel plates on this thing. Two of the plates slide apart and house the steel tiles that protect the seed phrase. The other two plates create a steel housing widow that lock the tiles into place and let you view the seed without unscrewing the 5 screws that secure it. All four plates are hinged together with a very solid rivet with good friction.

They also give you a nice little screwdriver in order to disconnect the face-plates, arrange the tiles, and the reattach the face-plates to secure the tiles. The screwdriver is small and cheap and doesn't give you a lot of leverage, but I actually view this as more of a feature than a bug because this makes it basically impossible to strip the screws or over-tighten them.

steeltilescobo.jpg

The steel tiles are also impressive. They give you more than enough letters for any possible 24-word seed phrase. They end up giving you 4 sheets like the one above.


https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

Apparently the standard for BIPS master-password seeds is that you only need the first 4 letters of the word, as they are unique.

Each word-slot in the tablet allows for the first four letters, which is apparently all you need. There are also a few 3-letter words, but you can just flip any tile around to create a blank at the end in those cases.


There's also a small hole drilled through all 4 sheets of steel that allow you to lock it physically like you would a diary. I just purchased a luggage cable padlock to secure it.

https://www.amazon.com/gp/product/B07NSX2MD9/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1

Apparently it's approved by the TSA, and we all know how trustworthy they are :D

Conclusion

There's really not much more to it than that. After all, it's only meant to keep 24 words secure. Is it worth $40? I'm not sure. However, I don't really have to worry about that considering I got it for free. At the same time, I'm leaning toward buying another one for real so I have a backup for whatever reason.

It feels stupid to discuss how one secures their cryptocurrency on a public blog, but I guess I just can't help myself. I've created a new seed and secured it into my tablet. I wonder if I can memorize these 24 words. I guess I'll get back to you all on that front.

More on the vault

Because my seed phrase will be connected to my Vault, it becomes less secure. Before I could even create a new seed I was forced to agree to the Terms of Service and Privacy Policy.

The Privacy Policy basically states that they can share information they collect on you for whatever reason, from law enforcement to basic datamining. So what kind of information are they collecting on me?

Screenshot_20200606142241.png

I decided to take a look at what kind of data is being broadcasted from by vault through the airgap. I used a third-party app to read one of the QR codes used to sync my phone to the Vault.

Very alarming

It appears that this data is encrypted and I can not read it. I knew these QR codes were too big for their own good. The only data my hardware wallet needs to broadcast in order to sync to my phone are the public keys. I'm using 3 different cryptocurrencies (BTC, LTC, ETH) so there are 3 QR codes that cycle.

My third party app obviously caught the 3rd QR code because the index is labeled "3". However, that's about the only data it gives you, as the rest appears encrypted. There is no reason for this kind of encryption. The only information my phone needs is the index, the name of the coin, and the public key. All of that info is non-secure information.

So what is the Vault broadcasting? The serial number of my device? Other random data? Private keys themselves? I would have no idea because of the encryption. So shady. This is especially true considering they can force a firmware upgrade and I would have no idea what code changes were made and no way to filter the data being broadcast by the Vault.


Not to mention all the data that the phone app itself is broadcasting to whatever servers.

It does have access to my camera any many other variables, after all.


What I originally thought would be a foolproof device that I could store all my crypto on without worry has turned into a solution that I only feel comfortable holding 5%-10% of my assets on... which is fine and still totally worth $100, but still somewhat disappointing.

Blockchain Fees

Another interesting little aside on this journey was revisiting the fee structures of BTC, LTC, and ETH. Originally the other day I showed this graph:

t1.png

https://peakd.com/bitcoin/@edicted/inevitable-overflow-on-the-horizon-revisiting-trickle-down-theory

These numbers are totally wrong. It seems like all the websites that calculate fees aren't actually calculating what the blockchain charges, but rather what centralized exchanges are charging. This is a difference of x10.

These websites say the average Litecoin fee is $0.016, yet I was able to do it on chain for a tenth of a penny. Likewise with Bitcoin, it says the average transaction is $2 but the COBO app tells me I can get away with 21 cents (50 sats per byte). I think it's strange that these websites aren't actually calculating the fees that are being generated on-chain. Very weird.

t3.png

To be fair, COBO customer service has been very good, especially considering they are a company out of Hong Kong and English is clearly not the default language. Also, as we can see, they actually read my review on Steemit (even though I gave them a peakd address, lol wtf). They even responded to it on the Steem blockchain. That's cool I guess.

Of course, I won't be responding to that email directly because I don't believe in just handing corporations free information that they can in turn profit from. But still, yes, the customer service was great, even if I can't trust the product nearly as much as I thought I could.

However, we can always trust cold hard steel.

Seriously though this tablet is awesome. It's funny that the most excitement I got out of this little adventure was due to a lifeless piece of steel made out of 4 stainless plates for the low low price of zero.


Return from COBO Tablet Review to edicted's Web3 Blog

COBO Tablet Review was published on and last updated on 07 Jun 2020.