Topic: Can someone please explain a security aspect of BitCoin to me? (Read 1078 times)

A transfer being reversible is just as bad as it not being reversible. You can't win when it comes to selling online, either the seller takes a loss, or the buyer does, there is no middleground that fixes everything.

If it's reversible sellers will lose money, and you have to realize it being reversible would be pointless if the user had already moved the money, since you can't have a negative bitcoin balance.

Completely agree with this. I don't want every tom dick and norbert knowing what I'm buying on Silk Road

The transaction is of course visible in the blockchain for anyone to see, and since you control the sending address, you could sign a message using the key(s) of the wallet address(es) the payment was made from if you needed to prove that you are the person that sent the transaction. Unfortunately, there is nothing stopping the *recipient* from claiming that the bitcoin address you sent the funds to is the wrong address; I believe this is something that the "Signed URIs" proposal at http://electrum.org/bitcoin_URIs.html is attempting to solve, but I don't know if any online store currently implements this.

Yep, which IMO, is a major... MAJOR plus for security. Like others have said, if you want some type of extra verification service, they exist as well.

The blockchain is anonymous. It shows transactions but no way of telling who owns the addresses

It's all on the blockchain.

Interesting, thank you.

Escrow List

https://bitcointalksearch.org/topic/escrow-list-108716

Interesting. I wonder if there are any Escrow Services for Bitcoins. If not, when?

If anything Ebay is well on the side of the buyer. I have a friend who sells huge amounts on Ebay and he is often falling foul of Ebay's policies. For instance, the other day someone bought somthing he posted it out and the person contacted him saying they hadn't received the goods. Turned out that the person had moved house and hadn't updated their address information so it had been delivered to their own address. My friend had to resend it at no extra cost. He's been ripped off a couple of times by people saying they hadn't received the goods or that the goods werent as described. Ebay always sides with the buyer.

As Danny says if you were making a large transaction it would be much safer to use an escrow service

If you are going to do a transaction that size, you'll probably want to use a well known and well trusted escrow service.

I mean...heck...say I'm buying something that costs $50,000USD worth of Bitcoins. No matter how good this person's repution (who is selling me the product) do I need to resort to doing something like Recording the screen of my computer when I purchase it, essentially creating a video account of the event happening? Then if things go wrong would I show the video to the authorities?

Thanks for reading.

There may be people working on these solutions right now, there may not.  The way a free market works is that someone someday sees an opportunity to make a profit by providing a service that people want.  They then create that service, and run a business that earns them an income for providing value to others.

If there is enough need/desire for such features, they will be created eventually.  Someone will eventually want to earn a living providing that service.

Such services are separate from the bitcoin protocol.  They don't require any special "Satoshi encryption".  (I don't even know what flavius is talking about.  Bitcoin is open source and anybody can modify the code if they want.  You just have to convince everyone that they are better off using your software.)

I could start a business and call it "First International Bank of Bitcoin".  Then I could create a highly secure process for storing the bitcoins I receive and keep track of peoples "accounts".  Those who fear malware on their computer, and fear the possibility of losing their encryption passwords, could then deposit their bitcoins with my bank.  Perhaps I'd charge a small fee for keeping the bitcoins safe.  Obviously people will fear that I might be a scammer and that I might steal their bitcoins or that I'm inept and my bank might get hacked.  So I can contact a well respected international insurance company and acquire some form of insurance policy on the deposits that people make at my bank.  People will be able to file a claim with the insurance company to recover their losses if I turn out to be a thief or incapable of providing the necessary security.

Then once I have many customers, I can start to contact merchants.  Merchants are concerned about double-spend attacks, but they can't wait for 6 confirmations to allow the customer to leave with the merchandise, because that takes too long.  I can offer the merchants instantaneous transactions.  They just have to open an account with my bank.  When the customer makes a purchase, no actual bitcoins have to move on the blockchain at all.  I already have them saved in my cold storage.  All I have to do is reduce the amount I indicate in the customer's "account" at my bank, and increase the amount I indicate in the merchant's account.  I can charge the merchant a small fee to provide this instant payment service.

Now my bank is profitable.  I am generating income from both the customers and the merchants.  I can perhaps provide additional banking services.  Perhaps I can convince some of my customers to transfer their unused balances into a "certificate of deposit" that they contractually agree not to withdraw for a period of time.  I can then lend out a percentage of those bitcoin to those who are in need of a loan, and increase my profits by collecting interest on those loans.  As an incentive to convince the customers to transfer some of their balances into my "certificate of deposit", I can offer to pay them interest on those balances (rather than charging them a fee). Obviously the interest rate that I collect from the borrowers will be higher than the interest rate that I'll pay to the depositors, so I'll continue to increase my revenue.

The contract that the merchants sign with my bank for instant payments will require them to provide certain proof of delivery (perhaps a receipt signed by the customer).  If a customer makes a claim that they didn't receive the promised merchandise, and the merchant can't produce a signed receipt indicating that they did make the delivery, then per the terms of the contract, I can perform a charge-back reducing the balance of the merchants "account" at my bank and increasing the customer's account.

Your possible recourse options when dealing with Bitcoin are rather weak. Bitcoin transfers are irreversible. Police and courts cannot help you unless you can show who the counter-party that scammed you is and have reasonable records to prove your point.

It is not that difficult to protect yourself, however. Exercise common sense, do not deal with scammers (loads of them here), deal only with reputable companies and people, keep good records.

Aztec,

Good post. Since I don't use EBay, other than the feedback system, are there ways of "setting things right" if someone scams you on EBay? If so, could this sort of system be applied to BitCoin?

I guess for now it will be like Ebay where you use the feedback system to gauge how reliable a person is. I was the same about buying stuff on Ebay when that first started.

I guess my question is though, how will there be widespread adoption of BitCoin if people know that you can send BitCoin from "X" to "Z" for a service/good, but "Z" CAN lie and say they didn't receive the BitCoin, not give "X" the service/good, and there's nothing "X" can really do about it?

All transaction are viewable under their blockchain information.

Bitcoin cannot be reversible otherwise there is just too much potential for fraud, and you might as well make a paypal for bitcoins that limit every other account. The entire point, the advantages of the currency, is that there aren't these security features.

You can't go and edit how bitcoins work and what not unless you are Satoshi and have the encryption available to do so, but that would probably destroy the entire network and is not even possible at this point in time. I don't know, don't really care either.

Hi Danny,

Good to hear from you and the other guy.

So I guess the analogy of BitCoin as cash kinda works right now, makes sense.

You mentioned other possible security "features" in the future. They sound like a good idea.

It makes me wonder though (since I'm still learning more about BitCoin). Are there men "with" BitCoin that sit around tables (or have phone calls/online meetings) who want to make these security features, and have the ability to implement them? Surely they must know that these "added" security measures need to happen for the masses of people to feel more comfortable with BitCoin, right?

What I'm worried about (since I'm still a newbie) is the question of if there are actually people who can and will want to make these added enhancements to the BitCoin experience?

The tricky part comes in trying to prove that address B is the address that the intended recipient asked you to send the bitcoins to.

There really needs to be an invoicing (or payment request) system that uses digital signatures that will stand up in court.  Barring that, it would help if there were properly insured bitcoin "banks" that could act as an escrow intermediary.  They could then hold off on settling the transaction for a few days giving the buyer a chance to make a claim that they didn't receive payment.  If the "bank" had a contract with the seller, they could settle immediately and then just perform a charge-back if a customer denies the charges.

I expect that such entities will be created as bitcoin matures, but at the moment, handing over bitcoin is like handing over cash.  How can you prove that you paid someone after you hand them the cash?  It's pretty much your word against theirs, isn't it?