'ello, everyone!
I will have my money stuck on your exchange forever if the exchange decides not to sign my withdrawal request?
Yes. Just like any other exchange. Except now you can prove our shenanigans to the world. Which means we won't do shenanigans. Unlike other exchanges.
The main idea assumes that exchange can be trusted, which is, in fact, a questionable assumption.
Yes. Just like any other exchange. Except now, as we earn trust, we are further incentivized to make sure everything goes perfectly for you. Because if it doesn't, you can prove it to the world.
If we're a billion-dollar company, and we screw with someone, they can prove it to the world, which ruins our reputation and hurts us financially. It's not just a random complaining user on reddit saying "the exchange scammed me" any more, because now they have cryptographic proof. So our incentive of course is to not screw with people.
The incentive for other exchanges is... well, nothing. They can do what they want to you, more or less.
In essense, this is a solution to the "Selective Scamming" problem.
I think 2FA is enough for that
What if the exchange is the one hacking you? How many people got hacked by hackers, and how many just think they did? There's no way to tell. Except with personal blockchains, of course.
We aren't solving the problem of a hacker hacking you. We're solving the problem of the exchange taking your money and saying you were hacked. ...Among other things
the multi-signature system can't enhance the way the exchanges operates.
Yes it can. Via incentive. Just like mining rewards can change how miners operate.
It provides a strong incentive to "make things right ASAP" for you. It provides a strong incentive to be as transparent as possible about the issues you're referring to. It also incentivizes us not to cause these issues in the first place.
Other exchanges do not have this incentive.
DEX are more secure, scalable than any other centralized Exchange...
Yeah, maybe. Opens up a larger conversation, but let's save it for another time. We're proposing a new way for centralized businesses to operate.
I can not understand why launch all new and new cryptocurrency exchanges
Actually, it started with Personal Blockchains. The exchange is just an example of how we'll implement personal blockchains. It'll be open source. We hope to show how easy it is to be *actually accountable*, and that other exchanges will pick it up for themselves, too.
We suspect many won't. At some point, the question "Why?" will become more poignant.
they want to make profits
CONFIRMED.
How many customers will know how to sign a transaction or request
Automatic. Built into the browser or app. The experience for the end-user should be the same as what they're used to.
how do they secure their private key or do you still manage that?
It's encrypted before sent to us, we store it as a blob and don't have access to their private key. We also have some pretty cool safeguards to avoid people getting an encrypted blob just by typing someone's username, etc. We'll explain that later - it'll be easier once we've pushed things to github and launched everything.
FYI: We intend to support pure hardware solutions too, so that we don't even get the encrypted key blob.
Since most electronic signatures I see are all pre-signed
Each request requires a signature. A signature can't be reused. You might be thinking of solutions where you provide a signature and then going forward, everything's "authenticated". You're right - that would be very bad! But that's not how we do it. You can think of it more like a bitcoin transaction signature, in that every time you send a bitcoin transaction, you need a new signature.
Does this not expose your service to added risk if FDU's <Fkn Dumb Users> decrypt their own keys and then blame you when someone else steal their coins or fiat money with those keys?
We're not trying to solve the problem where a hacker tricks you into giving up your password/keys. The risk profile here is essentially the same as any other exchange. Although we do have some cool security features coming to mitigate risk.
Is there any extra "safety net" in place in case somebody has lost his private key and somebody else is trying to empty the account with it?
A lost private key does not mean a hacker can definitely steal all your money. Just because you sign a request saying "Withdraw to ..." doesn't mean we have to actually do it. If we see your withdrawal request came from a different continent, our security systems might tell us "hey, check on this before proceeding".
Same as any other exchange. Except of course, we're super incentivized to make things right ASAP for you.
Also, a lost private key does not mean you lose all your money, either. More on that another time.