Well maybe it would be worthwhile to dig deeper into how a completely anonymous service can be trusted?
Could one pretend to have given up on doing it oneself, claim to have therefore sold the business model to some silky roady type corporation that operates only over Tor and i2p and Freenet, and recommend that people go see them for that service since you yourself lack the security bastions and armed guards and locational obscurity that they are able to deploy?
Someone claimed to pretend not to be doing the business he actually does, maybe he can throw some light on ways and means.
-MarkM-
Topic: Cold storage security - page 2. (Read 5064 times)
I believe I was understanding. I was suggesting you are not too paranoid, that rather it might merely be that you had avoided being a target so far due to not yet holding enough coins to make yourself a target; that once you hold enough coins you well might be a target thus you are not being paranoid you are wisely thinking ahead.
Joel, his problem is he insists on revealing how much he holds.
Presumably he has to actually prove it, so even if he proves it only to individuals and only to the extent of how much of that individual's money he holds, anyone capturing such an individual would be able to see for sure that he holds at least the amount he has proven to that individual he holds...
-MarkM-
Ok, that makes more sense then.Joel, his problem is he insists on revealing how much he holds.
Presumably he has to actually prove it, so even if he proves it only to individuals and only to the extent of how much of that individual's money he holds, anyone capturing such an individual would be able to see for sure that he holds at least the amount he has proven to that individual he holds...
-MarkM-
I have to show all of my addresses to the world for the service to work. So yeah, anyone and everyone could figure out (with a little work) how much I was holding.
I suppose there's always the option of doing multiple withdrawals/day to limit exposure as well.
I believe I was understanding. I was suggesting you are not too paranoid, that rather it might merely be that you had avoided being a target so far due to not yet holding enough coins to make yourself a target; that once you hold enough coins you well might be a target thus you are not being paranoid you are wisely thinking ahead.
Joel, his problem is he insists on revealing how much he holds.
Presumably he has to actually prove it, so even if he proves it only to individuals and only to the extent of how much of that individual's money he holds, anyone capturing such an individual would be able to see for sure that he holds at least the amount he has proven to that individual he holds...
-MarkM-
Joel, his problem is he insists on revealing how much he holds.
Presumably he has to actually prove it, so even if he proves it only to individuals and only to the extent of how much of that individual's money he holds, anyone capturing such an individual would be able to see for sure that he holds at least the amount he has proven to that individual he holds...
-MarkM-
Obviously, if I was tortured I might give up my Bitcoins, but I don't see how any scheme can protect you against torture or other forms of coercion.
Any scheme that makes it impossible for anyone to know the order of magnitude of the amount of coins you have would do that. Ideally, one that would allow you to reveal only a portion of your coins.With Bitcoin, if you offer an account to receive payments, anyone can tell at any time how many payments and how much you've received at that account. This means you either have to use a number of different accounts to receive payments or anyone who pays you can tell how much total you have received.
For example, any system that didn't reveal the destination address publicly would work. (I proposed such a system last year where each transaction is like a vault and each recipient tries their key on each vault to see if they can open it. There is no public record of the destination of any transaction and no way for a third party to tell which keys opened which vaults.)
But here's the problem: People know where I live (or could easily find out, as I make little effort at hiding my offline identity). If I have thousands of Bitcoins on hand, and people know that, then I fear I would be making myself a target for home invasion.
So how many visitors have you had, demanding you log in to your bank and transfer money to them?
Or demanding you drive them to an ATM and get them cash?
Or open the lock to your safe?
Depends... has it already been public knowledge for quite a while that you hold as many bitcoins as this business you are planning will hold?
Will you still hold that many of your own when you start also holding those of the business?
Maybe it merely has not yet seemed worthwhile to target you yet due to your not being known yet to hold enough to make it seem worthwhile to try?
-MarkM-
I hold like 70 bitcoins to my name. I am not a worthwhile target, and I doubt I ever will be just by my own wealth.
If the service became popular, then I could see me holding up to somewhere in the tens of thousands of bitcoins before offloading them each day.
But here's the problem: People know where I live (or could easily find out, as I make little effort at hiding my offline identity). If I have thousands of Bitcoins on hand, and people know that, then I fear I would be making myself a target for home invasion.
So how many visitors have you had, demanding you log in to your bank and transfer money to them?
Or demanding you drive them to an ATM and get them cash?
Or open the lock to your safe?
Depends... has it already been public knowledge for quite a while that you hold as many bitcoins as this business you are planning will hold?
Will you still hold that many of your own when you start also holding those of the business?
Maybe it merely has not yet seemed worthwhile to target you yet due to your not being known yet to hold enough to make it seem worthwhile to try?
-MarkM-
Problem is, this particular service does require the holding of ~15,000 different private keys. I can't just remember those in my head.
I do not think that is the real problem.
The real problem seems to me to be your desire/need to brag about how many coins you hold.
If the amount was not bragged about / published / known then you could have magic words/commands that retrieve 15,000 keys but retrieve decoy keys instead of real keys given the wrong magic words/commands.
But bragging about how many coins you hold makes it necessary for any decoy to hold as many coins as the real target, which kind of spoils the usefulness of the decoy.
Fort Knox brags about having lots of wealth on the premises, maybe the service you have in mind would be more suitable for them to offer than for you to offer...
Gosh, bragging has a downside? Who'd'a thunk?
-MarkM-
EDIT: Hey waitasec, did I just basically imply there is some security to be found in obscurity?
Also, anyone who says there is no security through obscurity is an idiot. PASSWORDS are security through obscurity.
Apologies in advance for the large quote. Isn't the threat of being coerced a fundamental problem of being publicly rich?
Absolutely, point taken. I just suppose it feels different when it is me being responsible for other people's coins, vs me being responsible for my own.You could do what I do. Run your business out of a small public storage unit. Get a wireless internet card and work as long as your laptop battery lasts. If you really need additional power take the light bulb out of the unit and replace with a light/power tap and store your inventory there as well. Get a P.O. Box to accept the mail for the business and once a day make a run to the P.O. Box. Most multi-floor storage buildings also have included on-site security if someone follows you they will not get by security. This has worked for me for years.
Oh, make sure you associate the business with another name. Don’t let it be known that you are the one running the business. If anyone suspects it's you tell them you wish you had a business like that. In other words, "play dumb." This has worked for me for years.
Interesting idea, thanks. I think I'd still prefer the deposit box route, but a storage unit WOULD accomplish the same thing. Worth consideration, at least.Oh, make sure you associate the business with another name. Don’t let it be known that you are the one running the business. If anyone suspects it's you tell them you wish you had a business like that. In other words, "play dumb." This has worked for me for years.
But here's the problem: People know where I live (or could easily find out, as I make little effort at hiding my offline identity). If I have thousands of Bitcoins on hand, and people know that, then I fear I would be making myself a target for home invasion.
So how many visitors have you had, demanding you log in to your bank and transfer money to them?
Or demanding you drive them to an ATM and get them cash?
Or open the lock to your safe?
Isn't the threat of being coerced a fundamental problem of being publicly rich?
The fundamental problem is easy/fast access to the loot.So how many visitors have you had, demanding you log in to your bank and transfer money to them?
Zero. But it's traceable.Or demanding you drive them to an ATM and get them cash?
One time, yes.Or open the lock to your safe?
Last year a gang of thugs raided a residencial building where my co-worker lives. Looking for jewelry (inside information, two dealers at the penthouses). 3 hours of action. They started 5:10 AM.I am interested in any procedure that provides deterrence protection (preferably) against extorsion. (m-n, ssss, banks with insurance, safe boxes with half a key, time lock features etc.)
But here's the problem: People know where I live (or could easily find out, as I make little effort at hiding my offline identity). If I have thousands of Bitcoins on hand, and people know that, then I fear I would be making myself a target for home invasion.
So how many visitors have you had, demanding you log in to your bank and transfer money to them?
Or demanding you drive them to an ATM and get them cash?
Or open the lock to your safe?
Just use a brainwallet. That way your bitcoins are not stored "offline"... they aren't stored anywhere at all. There would be no reason why people would come to your house looking for bitcoins, there would be no point. The only way to get them would be coerce you to give up the passphrase. I can go into more details about this (it's a pretty simple system -> you still use an offline computer to sign transactions, but the offline computer never stores the private key).
Why do you say there is no reason why people would come to my house looking for bitcoins?As I said in the OP, my name and street address are fairly easily associable with my online identities. Couple that with the fact that I would be running a business where anyone could see the exact amount of Bitcoins I am holding at any given time, and that number of Bitcoins may increase to a significant number (thousands or tens of thousands of BTC), and I can see very good reason for people wanting to "pay me a visit".
I don't understand. What would they stand to gain from paying you a visit? There is nothing to steal at your physical location.
This thread confuses me. You don't need to have wallets stored anywhere at all to use Bitcoins. You don't need an online service, you don't need an offline wallet. All you need to do is remember (somehow) your private key. If it was publicly known that I had a million bitcoins, and everyone knew my physical address, thieves could come and steal everything in my house and all of my computers... it wouldn't do them any good.
Obviously, if I was tortured I might give up my Bitcoins, but I don't see how any scheme can protect you against torture or other forms of coercion.
Problem is, this particular service does require the holding of ~15,000 different private keys. I can't just remember those in my head. Obviously, if I was tortured I might give up my Bitcoins, but I don't see how any scheme can protect you against torture or other forms of coercion.
Apologies in advance for the large quote. Isn't the threat of being coerced a fundamental problem of being publicly rich?
Problem is, this particular service does require the holding of ~15,000 different private keys. I can't just remember those in my head.
I do not think that is the real problem.
The real problem seems to me to be your desire/need to brag about how many coins you hold.
If the amount was not bragged about / published / known then you could have magic words/commands that retrieve 15,000 keys but retrieve decoy keys instead of real keys given the wrong magic words/commands.
But bragging about how many coins you hold makes it necessary for any decoy to hold as many coins as the real target, which kind of spoils the usefulness of the decoy.
Fort Knox brags about having lots of wealth on the premises, maybe the service you have in mind would be more suitable for them to offer than for you to offer...
Gosh, bragging has a downside? Who'd'a thunk?
-MarkM-
EDIT: Hey waitasec, did I just basically imply there is some security to be found in obscurity?
Just use a brainwallet. That way your bitcoins are not stored "offline"... they aren't stored anywhere at all. There would be no reason why people would come to your house looking for bitcoins, there would be no point. The only way to get them would be coerce you to give up the passphrase. I can go into more details about this (it's a pretty simple system -> you still use an offline computer to sign transactions, but the offline computer never stores the private key).
Why do you say there is no reason why people would come to my house looking for bitcoins?As I said in the OP, my name and street address are fairly easily associable with my online identities. Couple that with the fact that I would be running a business where anyone could see the exact amount of Bitcoins I am holding at any given time, and that number of Bitcoins may increase to a significant number (thousands or tens of thousands of BTC), and I can see very good reason for people wanting to "pay me a visit".
I don't understand. What would they stand to gain from paying you a visit? There is nothing to steal at your physical location.
This thread confuses me. You don't need to have wallets stored anywhere at all to use Bitcoins. You don't need an online service, you don't need an offline wallet. All you need to do is remember (somehow) your private key. If it was publicly known that I had a million bitcoins, and everyone knew my physical address, thieves could come and steal everything in my house and all of my computers... it wouldn't do them any good.
Obviously, if I was tortured I might give up my Bitcoins, but I don't see how any scheme can protect you against torture or other forms of coercion.
Problem is, this particular service does require the holding of ~15,000 different private keys. I can't just remember those in my head. Obviously, if I was tortured I might give up my Bitcoins, but I don't see how any scheme can protect you against torture or other forms of coercion.
Quote
Obviously, if I was tortured I might give up my Bitcoins, but I don't see how any scheme can protect you against torture or other forms of coercion.
There are at least two schemes to prevent torture. First one is destroying the information enemy needs and not knowing it in first place. Second one is martyrdom to prevent capture. Both of them are somewhat overkill in case of bitcoins. Thiefs are good at physical things, not purely virtual ones like bitcoins.
The solution proposed by casascius is interesting indeed. Safety deposit boxes, m-n, shamir secret, an unthrusted third-party (bank clerk) that eventually could see the box's contents but unable to spend the keys, while spotting for a possible "coercion" and trigger an alarm. All this can help you to be a Donald Trump of Bitcoins and still protected by the need of physical presence at a secure site to sign transactions. Without dealing with a thrusted second person. One-man operation.
Great thread.
Great thread.
I am working on my crazy notion as a sort of credit union web-of-trust using multiple forms of multisig transactions. It's a social networking model of storing and lending, while building limited trust status.
This thread confuses me. You don't need to have wallets stored anywhere at all to use Bitcoins. You don't need an online service, you don't need an offline wallet. All you need to do is remember (somehow) your private key. If it was publicly known that I had a million bitcoins, and everyone knew my physical address, thieves could come and steal everything in my house and all of my computers... it wouldn't do them any good.
Obviously, if I was tortured I might give up my Bitcoins, but I don't see how any scheme can protect you against torture or other forms of coercion.
Obviously, if I was tortured I might give up my Bitcoins, but I don't see how any scheme can protect you against torture or other forms of coercion.
I don't know why Bitcoins can be more attractive target for home invasion robbers than other expensive things such as jewelry or paintings or exotic cars. Some people in your area might be known to have them. They probably cost more than your Bitcoins and most boneheads have no idea what bitcoins are. So don't worry!
Those items are desirable because they have the property of being easily converted to USD cash. As do Bitcoins.
Just use a brainwallet. That way your bitcoins are not stored "offline"... they aren't stored anywhere at all. There would be no reason why people would come to your house looking for bitcoins, there would be no point. The only way to get them would be coerce you to give up the passphrase. I can go into more details about this (it's a pretty simple system -> you still use an offline computer to sign transactions, but the offline computer never stores the private key).
Why do you say there is no reason why people would come to my house looking for bitcoins?As I said in the OP, my name and street address are fairly easily associable with my online identities. Couple that with the fact that I would be running a business where anyone could see the exact amount of Bitcoins I am holding at any given time, and that number of Bitcoins may increase to a significant number (thousands or tens of thousands of BTC), and I can see very good reason for people wanting to "pay me a visit".
I don't understand. What would they stand to gain from paying you a visit? There is nothing to steal at your physical location.
1. just outside the vault of my safe deposit box at my bank is a small private room with electric plugs where customers can view the contents of the box or sign offline tx's in your case.
2. some guy on etotheipi's thread came up with a very cool USB solution: https://bitcointalksearch.org/topic/m.1182346
2. some guy on etotheipi's thread came up with a very cool USB solution: https://bitcointalksearch.org/topic/m.1182346
I don't know why Bitcoins can be more attractive target for home invasion robbers than other expensive things such as jewelry or paintings or exotic cars. Some people in your area might be known to have them. They probably cost more than your Bitcoins and most boneheads have no idea what bitcoins are. So don't worry!
Jump to: