Author

Topic: Do you think Coinbase wallet is safe? (Read 17430 times)

sr. member
Activity: 252
Merit: 250
December 09, 2013, 08:00:11 PM
#56
It's good enough for hundreds of thousands of people (458,000 source).

That's not an argument whatsoever. Inputs.io and bips was good enough for thousands of people. Yet see how that turned out.
Coinbase is probably 100 times more professional but still...
You can only protect a thing to a certain level, after that it is not possible considering cost, time , reliability and assessability. Any hacker or attacker takes advantage of this part. Thus at the moment coin base seems to be best. But you can't say it will remain so.

What do you mean considering cost, time, reliability etc. If online security isn't the top priority for online wallets then what is? For all i know they can even try to buy some insurance from insurance companies.
full member
Activity: 198
Merit: 100
December 09, 2013, 02:53:04 PM
#55
They have highly-paid engineers with Bachelor's and Master's degrees in Computer Science & Economics from some of the most respected universities in the world.

They use cold storage.

They have $6M+ in investments.

I have met way too may individuals with Masters in computer science from respected universities who are bad at what they do...
legendary
Activity: 1302
Merit: 1007
November 26, 2013, 11:39:00 PM
#54
To break the quote chain...
It all really depends on the user. If the user has 6 viruses and 81 potential threats in their hard drive, Coinbase is probably going to be more secure.

LOL??? You think it is not trivial to steal funds from online wallets with malware? It's even easier.
If the user has 2FA disabled, then malware will pretty much affect both, whether the user is using an online wallet or a local one. If the user does have it enabled, then it becomes harder for the malware to hack into the user's account. I really don't see how it is easier, though. Care to explain/quote? Before you start attacking me like Stake, I'm not "debating" against you, I just want to know Tongue.

EDIT: Posting "LOL???" sounds immature and like a troll, might want to leave that out just for the sake of it.
hero member
Activity: 756
Merit: 522
November 26, 2013, 04:07:49 PM
#53
Thanks for all the input guys. I know (we all know) nothing is 100% safe. I just wanted to get a sense of what everyone thought about Coinbase's wallet. I like the convenience of their service. I like that they keep 90% of their btc in cold storage. I would feel even better if they guaranteed our btc. Say they got hacked, it would only be a fraction of their/our holdings and they could keep a reserve to refund any loss.

If you're earnestly researching the viability of a given service, read up on the history of its reception by authoritative parties. Then read the body of material available on the service, on this forum and off of it. Following these steps would leave you without doubt. Listening to a few people hmm and haww over philosophical concepts approached for the first time may be fun but has little to do with your stated goal.
legendary
Activity: 4760
Merit: 1283
November 26, 2013, 03:15:02 PM
#52
I like that they keep 90% of their btc in cold storage.

That is an unproven allegation, nothing more, just like all the other services that have made similar claims and still been hacked with far more than their "hot wallet" worth of BTC getting stolen.

'allegation' is not an appropriate term.  'claim' would be closer.  But yes, anyone can claim anything, and the countless scams over the years have claimed all kinds of crap about how secure they are so your point is quite valid.  As I mentioned above, the ecosystem badly needs a way to verify such things.

One of the things I do these days is to see if people running a venture try to keep their identities hidden.  This seems to be one of the most reliable markers of a scam.  In the case of Coinbase they seem to have produced a believable and open bunch of information about who they are on an 'about us' page.  So happens that it includes former co-workers of mine which also lends credibility in my mind.

legendary
Activity: 3038
Merit: 1032
RIP Mommy
November 26, 2013, 03:04:29 PM
#51
I like that they keep 90% of their btc in cold storage.

That is an unproven allegation, nothing more, just like all the other services that have made similar claims and still been hacked with far more than their "hot wallet" worth of BTC getting stolen.
legendary
Activity: 4760
Merit: 1283
November 26, 2013, 02:49:22 PM
#50
Thanks for all the input guys. I know (we all know) nothing is 100% safe. I just wanted to get a sense of what everyone thought about Coinbase's wallet. I like the convenience of their service. I like that they keep 90% of their btc in cold storage.

In certain kinds of transactions it can be useful, and in some cases required, to have the ability to 'sign' arbitrary messages with a secret key associated with a paying address.  Coinbase seems thus-far to not implement this feature.  I don't consider it to be a competitive 'wallet service' until they do.

Actually, I don't consider any service which does not use 'user controlled encryption' (like blockchain.info) to be a very good service for general spending wallet work.  UCE, if reasonably implemented, shifts the risk to the customer's own platform, and in some ways that is even less safe.  But I personally would rather manage my own security.

I would feel even better if they guaranteed our btc. Say they got hacked, it would only be a fraction of their/our holdings and they could keep a reserve to refund any loss.

I am looking forward to the day when 'bonding' is in more wide-spread use.  Say, for instance, Coinbase posts a bond for the amount of funds which they hold in hot-storage.  Since the bonding agent has their own ass on the line, they will be likely to do high quality audits of the vendor with the appropriate non-disclosure agreements and such.

I've never felt any desire to 'put my BTC to work' and draw them out of cold storage.  If an opportunity to invest them in a well designed and verifiable bonding and/or insuring effort came about, I might change my tune.  In part because I believe that this is a market segment that the Bitcoin ecosystem badly needs in order to develop.  But mostly to make some money to be honest.

sr. member
Activity: 448
Merit: 250
November 26, 2013, 08:52:09 AM
#49
It's good enough for hundreds of thousands of people (458,000 source).

That's not an argument whatsoever. Inputs.io and bips was good enough for thousands of people. Yet see how that turned out.
Coinbase is probably 100 times more professional but still...
You can only protect a thing to a certain level, after that it is not possible considering cost, time , reliability and assessability. Any hacker or attacker takes advantage of this part. Thus at the moment coin base seems to be best. But you can't say it will remain so.
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
November 26, 2013, 08:46:20 AM
#48
http://au.news.yahoo.com/thewest/a/-/breaking/19942994/australia-police-central-bank-websites-hacked/

http://slashdot.org/story/13/08/21/027243/three-banks-lose-millions-after-wire-transfer-switches-hacked

http://www.computerweekly.com/news/2240208933/More-than-half-top-bank-websites-hacked-study-shows

http://articles.latimes.com/2013/jun/13/business/la-fi-mo-banks-allegedly-hacked-in-cyberheist-20130613

Believe me, banks getting hacked are a weekly occurrence, and I know many incidents with detail. Wink

Banks can recover from hacks as they have the government and FDIC to bail out from. Coinbase does not.

Quote
Satoshi designed bitcoin so YOU have control of your money, not a trusted financial provider. That is literally why he made bitcoin - read his whitepaper.

http://bitcoin.org/bitcoin.pdf

Online wallets are never the solution. You either agree, or learn it the hard way.

You are right indeed and it would be unwise to argue head-on against what you say. But just as bank accounts are hacked, so are the personal computers in-house. And it still remains to be seen what makes an easier target. Thus it is a moot point actually...

Cold storage is not an option if you make transactions on a daily basis
hero member
Activity: 826
Merit: 501
in defi we trust
November 26, 2013, 07:58:23 AM
#47
Nothing which is run by a human is 100% safe.
And nothing made by a human is 100% safe.

Shit can happen with everything , all it matters is the amount of luck you have when choosing services
sr. member
Activity: 252
Merit: 250
November 26, 2013, 07:47:14 AM
#46
It's good enough for hundreds of thousands of people (458,000 source).

That's not an argument whatsoever. Inputs.io and bips was good enough for thousands of people. Yet see how that turned out.
Coinbase is probably 100 times more professional but still...
member
Activity: 102
Merit: 10
Crypto Pros
November 26, 2013, 06:51:50 AM
#45

Prior to and after this discussion I still believe that online wallets will never be as safe as desktop wallets.

With that said, they do have pros and cons.

Good night.

Yes, murdering has pro and cons. And I repeat, we are talking about coinbase specially, not online wallets.
legendary
Activity: 3038
Merit: 1032
RIP Mommy
November 26, 2013, 06:51:41 AM
#44
They are human.

NOT GODS.

Yup, but neither am I Wink

Yeah, pulling the "people aren't perfect card" is fail. TBZ honestly sucks at debating.

When the implication is that people are for all intents and purposes perfect, you're damn right I'm going to shitcan your argument and set it on fire.
full member
Activity: 194
Merit: 100
November 26, 2013, 06:51:00 AM
#43
I bought up blockchain and electrum in COMPARISON to coinbase.

Discussing online wallets in general and making the statement that online wallets COULD take as much security features as possible FOR an online wallet is completely meaningless, not a solid argument, and not even related to what the topic is about.
newbie
Activity: 56
Merit: 0
November 26, 2013, 06:49:29 AM
#42
Great.  Reread my post.  I quote "Not necessarily that Coinbase does do this, but that HTTP based wallets can do this."

This thread is about coinbase, and all of your initial posts have been about coinbase until you realized you can't win.

You are not allowed to change the subject in the interim. We are talking about coinbase. If you want to talk about online wallets in general, make a new thread.

So now you're saying we can't mention other wallets?

z3r0 brought up BlockChain and Electrum...

Anyway this is a great argument but it's 3:48 AM where I am and I am off to sleep.

Prior to and after this discussion I still believe that online wallets will never be as safe as desktop wallets.

With that said, they do have pros and cons.

Good night.
member
Activity: 102
Merit: 10
Crypto Pros
November 26, 2013, 06:49:06 AM
#41
They are human.

NOT GODS.

Yup, but neither am I Wink

Yeah, pulling the "people aren't perfect card" is fail. TBZ honestly sucks at debating.
legendary
Activity: 2324
Merit: 1125
November 26, 2013, 06:48:27 AM
#40
They are human.

NOT GODS.

Yup, but neither am I Wink
member
Activity: 102
Merit: 10
Crypto Pros
November 26, 2013, 06:48:20 AM
#39
Great.  Reread my post.  I quote "Not necessarily that Coinbase does do this, but that HTTP based wallets can do this."

This thread is about coinbase, and all of your initial posts have been about coinbase until you realized you can't win.

You are not allowed to change the subject in the interim. We are talking about coinbase. If you want to talk about online wallets in general, make a new thread.

+1. You only diverted the topic so you can plug your wallet.
full member
Activity: 194
Merit: 100
November 26, 2013, 06:47:25 AM
#38
Great.  Reread my post.  I quote "Not necessarily that Coinbase does do this, but that HTTP based wallets can do this."

This thread is about coinbase, and all of your initial posts have been about coinbase until you realized you can't win.

You are not allowed to change the subject in the interim. We are talking about coinbase. If you want to talk about online wallets in general, make a new thread.
newbie
Activity: 56
Merit: 0
November 26, 2013, 06:46:40 AM
#37
"We take careful measures to ensure that your bitcoin is as safe as possible." - Coinbase

That is what I agree with.  Not necessarily that Coinbase does do this, but that HTTP based wallets can do this.

It is the best they can do when comparing HTTP based wallet's security with electrum or Qt.

Coinbase would use client sided signing like Blockchain.info. Coinbase does not. Your bitcoin on coinbase is not as safe as possible.

You need to stop bringing up new points unless you have addressed existing ones me or z3ro has bought up.

For the second time I agree that HTTP based wallets present a larger attack surface...

I am not arguing that they don't..
newbie
Activity: 56
Merit: 0
November 26, 2013, 06:45:51 AM
#36
"We take careful measures to ensure that your bitcoin is as safe as possible." - Coinbase

That is what I agree with.  Not necessarily that Coinbase does do this, but that HTTP based wallets can do this.

It is the best they can do when comparing HTTP based wallet's security with electrum or Qt.

Coinbase would use client sided signing like Blockchain.info. Coinbase does not. Your bitcoin on coinbase is not as safe as possible.

Great.  Reread my post.  I quote "Not necessarily that Coinbase does do this, but that HTTP based wallets can do this."
legendary
Activity: 3038
Merit: 1032
RIP Mommy
November 26, 2013, 06:45:33 AM
#35
The word "safe" should not appear within googolplex light years of the term "online wallet". Every single online wallet is as UNsafe as you can possibly store your BTC.

Even 458,000 people displaying their private keys on 458,000 billboards would be safer than any online wallet whatsoever in past, present, or future use.
member
Activity: 102
Merit: 10
Crypto Pros
November 26, 2013, 06:44:56 AM
#34
"We take careful measures to ensure that your bitcoin is as safe as possible." - Coinbase

That is what I agree with.  Not necessarily that Coinbase does do this, but that HTTP based wallets can do this.

It is the best they can do when comparing HTTP based wallet's security with electrum or Qt.

Coinbase would use client sided signing like Blockchain.info. Coinbase does not. Your bitcoin on coinbase is not as safe as possible.

You need to stop bringing up new points unless you have addressed existing ones me or z3ro has bought up. You have not sufficiently done that, and therefore I will no longer be responding until you do so. I'm sure everyone else has already disregarded everything you said due to your affiliation.
full member
Activity: 194
Merit: 100
November 26, 2013, 06:44:13 AM
#33
To break the quote chain...
It all really depends on the user. If the user has 6 viruses and 81 potential threats in their hard drive, Coinbase is probably going to be more secure.

LOL??? You think it is not trivial to steal funds from online wallets with malware? It's even easier.
newbie
Activity: 56
Merit: 0
November 26, 2013, 06:43:53 AM
#32
"We take careful measures to ensure that your bitcoin is as safe as possible." - Coinbase

That is what I agree with.  Not necessarily that Coinbase does do this, but that HTTP based wallets can do this.

It is the best they can do when comparing HTTP based wallet's security with electrum or Qt.
legendary
Activity: 1302
Merit: 1007
November 26, 2013, 06:42:45 AM
#31
To break the quote chain...
It all really depends on the user. If the user has 6 viruses and 81 potential threats in their hard drive, Coinbase is probably going to be more secure.
member
Activity: 102
Merit: 10
Crypto Pros
November 26, 2013, 06:41:46 AM
#30
No. Go respond to the attack surface first or acknowledge you are wrong.
newbie
Activity: 56
Merit: 0
November 26, 2013, 06:40:35 AM
#29
You present valid arguments.

One huge difference is that Coinbase provides 2-Factor Authentication.

Bitcoin user is infected with malware -> Bitcoin funds stolen.

Bitcoin user is infected with malware -> 2-Factor saves user's Coinbase funds.

Outdated. Two factor authentication is getting built into the Bitcoin protocol. In addition, there was a exploit for GOOGLE that let you bypass 2FA 10 days ago. Not just bypass 2FA, but let you access into anyone's account remotely.

Just think about it. Coming in from the field, unless you're a POI, nobody cares about your emails, nobody cares about your photos, nobody cares about your facebook. If you get hacked, it's not personal. But we DO care about your bitcoins, and honestly, I cannot thank you enough if you use an online wallet.

http://thegenesisblock.com/bitcoin-protocol-analysis-native-two-factor-authentication/

Also keep in mind that malware can bypass 2FA already (hint: I've written one that bypasses blockchain.info, would be happy to adapt it for coinbase too but from "market research" the big BTC is stored locally or bc.info). And blockchain.info (which is a hybrid wallet, IE offline wallet running in your browser) has a shit ton more security measures than coinbase.

To recap: it is impossible for online wallets to be safer than offline wallets simply because there is a bigger attack surface (web stack, employees, legal compliance, etc), and rational attackers always target the most lucrative target.

Online wallets don't magically have some bulletproof glass - they are running the a local wallet too, PLUS overhead (the online parts), PLUS employees, PLUS legal issues.

@Stake STOP. I have raised a point you cannot address. Instead of acknowledging defeat, you ignore it and jump onto something else. That is not how a rational discussion works, and I will no longer be responding to you.

You are not acting by rational rules of rhetoric, and we cannot continue.

Didn't see your post.

They both offer pros and cons.

What it really comes down to is convenience vs. security.

Usually technical-oriented people will choose security, average people or users will choose convenience especially with Coinbase flaunting their security measures.

They have an entire page dedicated to security...

They convince the clueless people they are just as secure.

You have not read what I said. Online wallets have a bigger attack surface than offline wallets and it is NOT POSSIBLE for it to be more secure. I have also proven offline wallets can be as convenient, if not more convenient, than online wallets earlier.

Oh and their security page is a joke.

I agree.  Read the above post.
full member
Activity: 194
Merit: 100
November 26, 2013, 06:39:36 AM
#28
You present valid arguments.

One huge difference is that Coinbase provides 2-Factor Authentication.

Bitcoin user is infected with malware -> Bitcoin funds stolen.

Bitcoin user is infected with malware -> 2-Factor saves user's Coinbase funds.

Outdated. Two factor authentication is getting built into the Bitcoin protocol. In addition, there was a exploit for GOOGLE that let you bypass 2FA 10 days ago. Not just bypass 2FA, but let you access into anyone's account remotely.

Just think about it. Coming in from the field, unless you're a POI, nobody cares about your emails, nobody cares about your photos, nobody cares about your facebook. If you get hacked, it's not personal. But we DO care about your bitcoins, and honestly, I cannot thank you enough if you use an online wallet.

http://thegenesisblock.com/bitcoin-protocol-analysis-native-two-factor-authentication/

Also keep in mind that malware can bypass 2FA already (hint: I've written one that bypasses blockchain.info, would be happy to adapt it for coinbase too but from "market research" the big BTC is stored locally or bc.info). And blockchain.info (which is a hybrid wallet, IE offline wallet running in your browser) has a shit ton more security measures than coinbase.

To recap: it is impossible for online wallets to be safer than offline wallets simply because there is a bigger attack surface (web stack, employees, legal compliance, etc), and rational attackers always target the most lucrative target.

Online wallets don't magically have some bulletproof glass - they are running the a local wallet too, PLUS overhead (the online parts), PLUS employees, PLUS legal issues.

@Stake STOP. I have raised a point you cannot address. Instead of acknowledging defeat, you ignore it and jump onto something else. That is not how a rational discussion works, and I will no longer be responding to you.

You are not acting by rational rules of rhetoric, and we cannot continue.

Didn't see your post.

They both offer pros and cons.

What it really comes down to is convenience vs. security.

Usually technical-oriented people will choose security, average people or users will choose convenience especially with Coinbase flaunting their security measures.

They have an entire page dedicated to security...

They convince the clueless people they are just as secure.

You have not read what I said. Online wallets have a bigger attack surface than offline wallets and it is NOT POSSIBLE for it to be more secure. I have also proven offline wallets can be as convenient, if not more convenient, than online wallets earlier.

Oh and their security page is a joke.
newbie
Activity: 56
Merit: 0
November 26, 2013, 06:39:23 AM
#27
It's good enough for hundreds of thousands of people (458,000 source).

Accounts != active users.

Still a large amount of people regardless.

Your logical fallacy is assuming that because a lot of people do it, that is right. I hope I don't have to explain why this is wrong.

Also, respond to z3r0 first who has made a pretty much conclusive argument. I'm going to ignore you too unless you rebut to what z3r0 has said (namely, online wallets have a bigger attack surface than offline wallets and it is not *possible* for online wallets to be more secure), or acknowledge you agree.

I'm not arguing that online wallets are safer.

I'm arguing that they can be as safe as can be.

I never said that because a lot of people do it, that it is right.

I simply stated that a lot of people put their faith into it which speaks volumes.

Just because many people murder doesn't make it right.   Same concept.
member
Activity: 102
Merit: 10
Crypto Pros
November 26, 2013, 06:37:22 AM
#26
It's good enough for hundreds of thousands of people (458,000 source).

Accounts != active users.

Still a large amount of people regardless.

Your logical fallacy is assuming that because a lot of people do it, that is right. I hope I don't have to explain why this is wrong.

Also, respond to z3r0 first who has made a pretty much conclusive argument. I'm going to ignore you too unless you rebut to what z3r0 has said (namely, online wallets have a bigger attack surface than offline wallets and it is not *possible* for online wallets to be more secure), or acknowledge you agree.
newbie
Activity: 56
Merit: 0
November 26, 2013, 06:35:49 AM
#25
You present valid arguments.

One huge difference is that Coinbase provides 2-Factor Authentication.

Bitcoin user is infected with malware -> Bitcoin funds stolen.

Bitcoin user is infected with malware -> 2-Factor saves user's Coinbase funds.

Outdated. Two factor authentication is getting built into the Bitcoin protocol. In addition, there was a exploit for GOOGLE that let you bypass 2FA 10 days ago. Not just bypass 2FA, but let you access into anyone's account remotely.

Just think about it. Coming in from the field, unless you're a POI, nobody cares about your emails, nobody cares about your photos, nobody cares about your facebook. If you get hacked, it's not personal. But we DO care about your bitcoins, and honestly, I cannot thank you enough if you use an online wallet.

http://thegenesisblock.com/bitcoin-protocol-analysis-native-two-factor-authentication/

Also keep in mind that malware can bypass 2FA already (hint: I've written one that bypasses blockchain.info, would be happy to adapt it for coinbase too but from "market research" the big BTC is stored locally or bc.info). And blockchain.info (which is a hybrid wallet, IE offline wallet running in your browser) has a shit ton more security measures than coinbase.

To recap: it is impossible for online wallets to be safer than offline wallets simply because there is a bigger attack surface (web stack, employees, legal compliance, etc), and rational attackers always target the most lucrative target.

Online wallets don't magically have some bulletproof glass - they are running the a local wallet too, PLUS overhead (the online parts), PLUS employees, PLUS legal issues.

@Stake STOP. I have raised a point you cannot address. Instead of acknowledging defeat, you ignore it and jump onto something else. That is not how a rational discussion works, and I will no longer be responding to you.

You are not acting by rational rules of rhetoric, and we cannot continue.

Didn't see your post.

They both offer pros and cons.

What it really comes down to is convenience vs. security.

Usually technical-oriented people will choose security, average people or users will choose convenience especially with Coinbase flaunting their security measures.

They have an entire page dedicated to security...

They convince the clueless people they are just as secure.
newbie
Activity: 56
Merit: 0
November 26, 2013, 06:34:11 AM
#24
It's good enough for hundreds of thousands of people (458,000 source).

Accounts != active users.

Still a large amount of people regardless.
full member
Activity: 194
Merit: 100
November 26, 2013, 06:33:57 AM
#23
You present valid arguments.

One huge difference is that Coinbase provides 2-Factor Authentication.

Bitcoin user is infected with malware -> Bitcoin funds stolen.

Bitcoin user is infected with malware -> 2-Factor saves user's Coinbase funds.

Outdated. Two factor authentication is getting built into the Bitcoin protocol. In addition, there was a exploit for GOOGLE that let you bypass 2FA 10 days ago. Not just bypass 2FA, but let you access into anyone's account remotely.

Just think about it. Coming in from the field, unless you're a POI, nobody cares about your emails, nobody cares about your photos, nobody cares about your facebook. If you get hacked, it's not personal. But we DO care about your bitcoins, and honestly, I cannot thank you enough if you use an online wallet.

http://thegenesisblock.com/bitcoin-protocol-analysis-native-two-factor-authentication/

Also keep in mind that malware can bypass 2FA already (hint: I've written one that bypasses blockchain.info, would be happy to adapt it for coinbase too but from "market research" the big BTC is stored locally or bc.info). And blockchain.info (which is a hybrid wallet, IE offline wallet running in your browser) has a shit ton more security measures than coinbase.

To recap: it is impossible for online wallets to be safer than offline wallets simply because there is a bigger attack surface (web stack, employees, legal compliance, etc), and rational attackers always target the most lucrative target.

Online wallets don't magically have some bulletproof glass - they are running the a local wallet too, PLUS overhead (the online parts), PLUS employees, PLUS legal issues.

@Stake STOP. I have raised a point you cannot address. Instead of acknowledging defeat, you ignore it and jump onto something else. That is not how a rational discussion works, and I will no longer be responding to you.

You are not acting by rational rules of rhetoric, and we cannot continue.
member
Activity: 102
Merit: 10
Crypto Pros
November 26, 2013, 06:32:10 AM
#22
It's good enough for hundreds of thousands of people (458,000 source).

Accounts != active users.
legendary
Activity: 3038
Merit: 1032
RIP Mommy
November 26, 2013, 06:31:00 AM
#21
They are human.

NOT GODS.

You are right.

But they do the best they can.

"The best they can" is NEVER NEVER NEVER NEVER EVER EVER EVER EVER MOTHERFUCKING EVER GOOD ENOUGH.

It's good enough for hundreds of thousands of people.

Who will lose all their BTC in a Coinbase hack JUST LIKE EVERY OTHER ONLINE WALLET.
newbie
Activity: 56
Merit: 0
November 26, 2013, 06:29:41 AM
#20
They are human.

NOT GODS.

You are right.

But they do the best they can.

"The best they can" is NEVER NEVER NEVER NEVER EVER EVER EVER EVER MOTHERFUCKING EVER GOOD ENOUGH.

It's good enough for hundreds of thousands of people (458,000 source).
legendary
Activity: 3038
Merit: 1032
RIP Mommy
November 26, 2013, 06:29:03 AM
#19
They are human.

NOT GODS.

You are right.

But they do the best they can.

"The best they can" is NEVER NEVER NEVER NEVER EVER EVER EVER EVER MOTHERFUCKING EVER GOOD ENOUGH. You are playing Russian Roulette with a FULLY LOADED AND FULLY FUNCTIONAL GUN. THEY WILL BE HACKED, JUST LIKE EVERY OTHER ONLINE WALLET.
member
Activity: 102
Merit: 10
Crypto Pros
November 26, 2013, 06:28:39 AM
#18
No online wallet is ever safe, period. You are aware that people have been hacking into routers and transparently redirecting paypal.com, banks, to their servers, and it won't take too long before they do the same for online wallets, right? SHODAN makes identifying targetable routers incredibly easy, and so is HTTPS (or just stripping https out).
full member
Activity: 194
Merit: 100
November 26, 2013, 06:07:19 AM
#17
You present valid arguments.

One huge difference is that Coinbase provides 2-Factor Authentication.

Bitcoin user is infected with malware -> Bitcoin funds stolen.

Bitcoin user is infected with malware -> 2-Factor saves user's Coinbase funds.

Outdated. Two factor authentication is getting built into the Bitcoin protocol. In addition, there was a exploit for GOOGLE that let you bypass 2FA 10 days ago. Not just bypass 2FA, but let you access into anyone's account remotely.

Just think about it. Coming in from the field, unless you're a POI, nobody cares about your emails, nobody cares about your photos, nobody cares about your facebook. If you get hacked, it's not personal. But we DO care about your bitcoins, and honestly, I cannot thank you enough if you use an online wallet.

http://thegenesisblock.com/bitcoin-protocol-analysis-native-two-factor-authentication/

Also keep in mind that malware can bypass 2FA already (hint: I've written one that bypasses blockchain.info, would be happy to adapt it for coinbase too but from "market research" the big BTC is stored locally or bc.info). And blockchain.info (which is a hybrid wallet, IE offline wallet running in your browser) has a shit ton more security measures than coinbase.

To recap: it is impossible for online wallets to be safer than offline wallets simply because there is a bigger attack surface (web stack, employees, legal compliance, etc), and rational attackers always target the most lucrative target.

Online wallets don't magically have some bulletproof glass - they are running the a local wallet too, PLUS overhead (the online parts), PLUS employees, PLUS legal issues.
newbie
Activity: 56
Merit: 0
November 26, 2013, 06:06:09 AM
#16
If you're going to bring in DDoS, it's easier to DDoS a person to disable them from their funds as opposed to a myriad of servers.

You just listed another easy to use wallet.  I can't access my funds on electrum from my phone.

You need an outlet buy & sell if you want Bitcoin to become big.  The average joe won't know how to mine and hold their funds themselves.  Coinbase solves that problem allowing people to buy & sell along with transferring easily.

Honestly, you are an idiot. You're obviously defending online wallets as you run one. It is recognized practice to disclose that. Is it easier to DDoS 1 website, or DDoS 100,000 Bitcoin users? Is a hacker going to try and hack one website with millions, or hack a user with half a bitcoin?

Yes, you can use electrum on your phone. http://electrum.org/android.html

Buy and sell is irrelevant as we are talking about wallets, not trading. I use coinbase to purchase coins too, but I will never leave any coins there for more than a day.

You present valid arguments.

One huge difference is that Coinbase provides 2-Factor Authentication.

Bitcoin user is infected with malware -> Bitcoin funds stolen.

Bitcoin user is infected with malware -> 2-Factor saves user's Coinbase funds.

Please don't think I believe HTTP based wallets are safer, I'm just playing devil's advocate for people to know the differences and pros and cons.

Someone has to argue the more difficult side! Tongue

Edit

The objective of my wallet is to provide a bitcoin & litecoin integrated wallet.

We support Google Authenticator and we are an on-the-chain wallet.
full member
Activity: 194
Merit: 100
November 26, 2013, 06:02:20 AM
#15
If you're going to bring in DDoS, it's easier to DDoS a person to disable them from their funds as opposed to a myriad of servers.

You just listed another easy to use wallet.  I can't access my funds on electrum from my phone.

You need an outlet buy & sell if you want Bitcoin to become big.  The average joe won't know how to mine and hold their funds themselves.  Coinbase solves that problem allowing people to buy & sell along with transferring easily.

Honestly, you are an idiot. You're obviously defending online wallets as you run one. It is recognized practice to disclose that. Is it easier to DDoS 1 website, or DDoS 100,000 Bitcoin users? Is a hacker going to try and hack one website with millions, or hack a user with half a bitcoin?

Yes, you can use electrum on your phone. http://electrum.org/android.html

Buy and sell is irrelevant as we are talking about wallets, not trading. I use coinbase to purchase coins too, but I will never leave any coins there for more than a day.

The only person defending web wallets is someone who runs a similar web wallet. Think about this for a moment. Also, hire a pentester (this means paying a respected company in advance) before your wallet gets too tempting for me to exploit a security vulnerability in it.
newbie
Activity: 56
Merit: 0
November 26, 2013, 06:01:01 AM
#14
Availability. If coinbase gets DDOS'd or their service is down, you don't have access to your coins. You ALWAYS have less livability with a online wallet than local. ALWAYS. No exceptions.

Ease of use. I'm sorry but this is extremely subjective. Personally Electrum is the easiest to use wallet.

Outlet to buy & sell. That's completely different. We are talking about wallets. You can buy/sell (you should trade on a real exchange, by the way) without keeping coins in their wallet for long durations.

Just a few reasons. I can list you dozens of downsides, but I will not as it is clear you will not listen.

Satoshi designed bitcoin so YOU have control of your money, not a trusted financial provider. That is literally why he made bitcoin - read his whitepaper.

http://bitcoin.org/bitcoin.pdf

Online wallets are never the solution. You either agree, or learn it the hard way.

If you're going to bring in DDoS, it's easier to DDoS a person to disable them from their funds as opposed to a myriad of servers.

You just listed another easy to use wallet.  I can't access my funds on electrum from my phone.

You need an outlet buy & sell if you want Bitcoin to become big.  The average joe won't know how to mine and hold their funds themselves.  Coinbase solves that problem allowing people to buy & sell along with transferring easily.
full member
Activity: 194
Merit: 100
November 26, 2013, 05:59:51 AM
#13

Personally, I don't think they are any less safe than an average on-line banking system out there, provided you are using two-step verification...

http://au.news.yahoo.com/thewest/a/-/breaking/19942994/australia-police-central-bank-websites-hacked/

http://slashdot.org/story/13/08/21/027243/three-banks-lose-millions-after-wire-transfer-switches-hacked

http://www.computerweekly.com/news/2240208933/More-than-half-top-bank-websites-hacked-study-shows

http://articles.latimes.com/2013/jun/13/business/la-fi-mo-banks-allegedly-hacked-in-cyberheist-20130613

Believe me, banks getting hacked are a weekly occurrence, and I know many incidents with detail. Wink

Banks can recover from hacks as they have the government and FDIC to bail out from. Coinbase does not.

Quote
Satoshi designed bitcoin so YOU have control of your money, not a trusted financial provider. That is literally why he made bitcoin - read his whitepaper.

http://bitcoin.org/bitcoin.pdf

Online wallets are never the solution. You either agree, or learn it the hard way.
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
November 26, 2013, 05:58:11 AM
#12
With all the news of different services being hacked it makes me wonder?

Personally, I don't think they are any less safe than an average online banking system out there, provided you are using two-step verification...
full member
Activity: 194
Merit: 100
November 26, 2013, 05:57:52 AM
#11
Availability. If coinbase gets DDOS'd or their service is down, you don't have access to your coins. You ALWAYS have less livability with a online wallet than local. ALWAYS. No exceptions.

Ease of use. I'm sorry but this is extremely subjective. Personally Electrum is the easiest to use wallet.

Outlet to buy & sell. That's completely different. We are talking about wallets. You can buy/sell (you should trade on a real exchange, by the way) without keeping coins in their wallet for long durations.

Just a few reasons. I can list you dozens of downsides, but I will not as it is clear you will not listen.

Satoshi designed bitcoin so YOU have control of your money, not a trusted financial provider. That is literally why he made bitcoin - read his whitepaper.

http://bitcoin.org/bitcoin.pdf

Online wallets are never the solution. You either agree, or learn it the hard way.
newbie
Activity: 56
Merit: 0
November 26, 2013, 05:55:15 AM
#10
The issue is not their technical ability but their business interest. Imagine if Coinbase started coinvalidation and marked some of your coins as "suspicious", maybe because they have been used on the Silk Road before you received them. The feds can easily pressure Coinbase do to something like that, but the feds cannot pressure open source software to take away control of your money.

You have the power to be your own bank. Why let someone else do it for you?

Convenience.

Availability.

Ease of use.

Outlet to buy & sell.

Just a few reasons.

There are pros and cons to both sides.
full member
Activity: 194
Merit: 100
November 26, 2013, 05:53:26 AM
#9
The issue is not their technical ability but their business interest. Imagine if Coinbase started coinvalidation and marked some of your coins as "suspicious", maybe because they have been used on the Silk Road before you received them. The feds can easily pressure Coinbase do to something like that, but the feds cannot pressure open source software to take away control of your money.

Google, with 40,000 employees, many of them very experienced, has had a major crippling flaw in their account recovery setup that essentially allowed anyone to steal your account. That wasn't ages ago. That was 10 days ago.

You have the power to be your own bank. Why let someone else do it for you?
newbie
Activity: 56
Merit: 0
November 26, 2013, 05:51:42 AM
#8
They are human.

NOT GODS.

You are right.

But they do the best they can.
legendary
Activity: 3038
Merit: 1032
RIP Mommy
November 26, 2013, 05:48:58 AM
#7
They are human.

NOT GODS.
newbie
Activity: 56
Merit: 0
November 26, 2013, 05:46:44 AM
#6
They have highly-paid engineers with Bachelor's and Master's degrees in Computer Science & Economics from some of the most respected universities in the world.

They use cold storage.

They have $6M+ in investments.
legendary
Activity: 3038
Merit: 1032
RIP Mommy
November 26, 2013, 05:44:27 AM
#5
No private key out of your exclusive control can ever possibly be safe. Humans and their computers are not infallible.
hero member
Activity: 742
Merit: 502
Circa 2010
November 26, 2013, 12:18:38 AM
#4
If you want to have small amounts to use for online transactions then online wallets are fine. But if I were you I wouldn't store more than 1 BTC online. You can just store the rest on your HDD or a paper wallet or in cold storage which is far safer.
sr. member
Activity: 252
Merit: 250
November 25, 2013, 04:22:13 PM
#3
I wouldn't hold to many coins in any online wallet whatsoever even though coinbase looks quite professional.
sr. member
Activity: 448
Merit: 250
November 25, 2013, 04:09:21 PM
#2
No, nothing is, in these days. Put most of your coins in offline wallet or paper wallet..
NCM
jr. member
Activity: 40
Merit: 100
November 25, 2013, 11:25:20 AM
#1
.
Jump to: