People have been asking (rightly so) why they should trust us with their IOTAs? After all we are not members of the IOTA Foundation.
“Perhaps the IOTA Watch is unsafe, perhaps it is a scam and it does not generate truly random seed words. Such a scam would be fairly easy to implement and hide in the watch because the watches firmware is stored in encrypted flash memory. Or it could be programmed to randomly hijack hi value IOTA sends in the future sending them to a Silicon Droid collecting address etc.”
If we were to attempt a theft of IOTAs from one or more of our IOTA Watches then we would have to do it without being caught. It would be impossible to steal any IOTAs without the user noticing something was wrong. We are an incorporated Canadian business and this website has organizational level SSL certification. The Canadian police would immediately find a SiliconDroid Inc. shareholder or our passports would be flagged and Interpol would be notified.
We choose (Like Ledger) to keep the firmware closed source and encrypted, we do this to prevent second hand IOTA watches being “backdoored” and sold on. Or even new backdoored IOTA watches appearing as the blank watch hardware can be purchased from China. Such a backdooring event would damage our reputation and brand.
Having said all of this, remain cautious; Treat the IOTA watch as you would a spending cash wallet, not a bank vault, after some years our reputation and trust will increase. The most secure method to store larger crypto amounts is on distributed paper wallets; split your 24 word list into 2 x 12 word lists and keep each list half at a different trusted location.
Even if you choose to be super cautious, and not use the wallet function, the IOTA Watch can still be useful for you:
Monitor one or more IOTA addresses real time, the watch gives you alerts when the sum IOTA value changes.
Monitor any IOTA node real time, the watch gives you alerts if the node becomes unhealthy.
Monitor IOTA price and charts real time, the watch gives alerts on price and rank changes.
The watches firmware is pretty much fully tested and nearly ready to ship. We are working only part time at the moment, taking advantage of the summers warmth before the long Canadian winter. Things still to do:
 Add the fourth (and final before release) front watch face option, this is the address monitor, allowing you to monitor the IOTA value sum of any one or more addresses from your own receiving addresses and/or your contacts addresses. You get audio alerts if the value goes up or down.
 Finish development and testing the secure OTA (over the air) update function. OTA enables you to update your watches firmware securely with the tap of a button when an update is available, just like you do with your mobile phone.
 Obtain language files for French, Italian, Spanish. We already have English and German.
 Create a PDF instruction manual for the watch (English only).
The entire IOTA watches firmware is written in C++ for efficiency and speed. Our source code (45,000 lines) obeys best OOP practices of abstraction and encapsulation. We take our time to write good embedded code, code that does not leak memory, code that can run in 320kb of RAM without any heap corruption, it even looks pretty. For the end user it simply means a stable system.
Here’s a screenshot of some of our source code, because it also looks tidy 🙂 :
We recently got our site (www.SiliconDroid.com) SSL-OV certified, It involved having a local registered lawyer who knows us write an “opinion letter” proving that we are a legitimate registered company (Silicon Droid Inc.)
What exactly is OV SSL? Here it’s explained by Sectigo:
“Organization Validation (OV) SSL certificates provide an extra level of online trust by authenticating the business identity and legitimacy. Organizations must prove it owns the domain name it wishes to secure and confirm that it is a legally registered business. This extra level of confirmation makes OV SSL certificates an ideal option for public-facing websites representing companies and organizations as well as sites requesting money or information from users, such as e-Commerce.”
You can audit our certificate yourself; just click the padlock icon in your browsers address bar to view the certificate information.
The IOTA Watch was slow to get HTTPS data from any server during the first call and connection to the server. This has been fixed and reading over HTTPS now happens very quickly. The fix involved migrating to a new ESP32 library namely WiFiClientSecure. What does this mean for the end user?… It means that you don’t have to wait multiple seconds when your watch makes first contact with an IOTA node, it connects instantly (<1 second).
The IOTA watch has a very responsive and functional but very small touchscreen. You can enter an IOTA address using a tiny scrolling keyboard on the watch, but it’s fiddly! To help prevent address typos the watch will warn you if an address you have entered has zero IOTAs on it.
So we’ve been working hard on an IOTA watch companion app; written in Microsoft Blazor (WASM) it should hot launch in the browser of any device with a camera. It allows you to use that devices camera to scan an IOTA address QR code and then send the address (via LAN) to your IOTA watch contact book. You can also paste or type a new address and send it to the IOTA watch.