Topic: Lavabit— A best case outcome for blockchain.info? (Read 2060 times)
Right. Don't trust cloudflare sites if you think the NSA is interested.
Or if you think anyone they offer parallel construction to is interested.
Eventually it seems likely to be that hosted wallet services like blockchain.info's my wallet will encounter a similar interaction with the relevant authorities intent on seizing some funds.
No need. Bitpay and all the bitcoin exchanges surrendered their SSL keys to cloudflare months ago. NSA isn't going to waste their time on the actual websites.
Mtgox appears to have recently switched to Akamai. I'm not sure how they handle SSL, but it can't possibly be as reckless as what cloudflare is doing.
Eventually it seems likely to be that hosted wallet services like blockchain.info's my wallet will encounter a similar interaction with the relevant authorities intent on seizing some funds.
No need. Bitpay and all the bitcoin exchanges surrendered their SSL keys to cloudflare months ago. NSA isn't going to waste their time on the actual websites.
Mtgox appears to have recently switched to Akamai. I'm not sure how they handle SSL, but it can't possibly be as reckless as what cloudflare is doing.
To be honest, I think what happened with Lavabit IS the best case outcome... At least, this way, we don't continue using the service while they are giving information to the Government.
This is an issue that needs to be addressed - wallet providers are an easy target for anyone trying to take Bitcoin down, yet few know how to properly generate a paper wallet & even fewer practice cold storage... Ideas?
That more people wake up to the inherent danger of centrally-based organizations that tyrannical states dislike. We should use our own local wallets/nodes as much as possible. Likewise, Bitmessage sets the standard for encrypted decentralized communications along the Bitcoin model.
That's not to say that centralized hosts such as Lavabit or blockchain.info never have their place. But we should be vigilant and wary of the counterparty risks should we decide to use them.
That's not to say that centralized hosts such as Lavabit or blockchain.info never have their place. But we should be vigilant and wary of the counterparty risks should we decide to use them.
Lavabit was a web-based email service which kept all email encrypted a key protected by the user's password to how mywallet works. Today lavabit shut down without any advance notice. Details are scarce, but they are claiming that they were being ordered by the us government to do things which they considered wrong. Many believe they were ordered to intercept users (such as Edward Snowden) passwords, or send specific users zero-day exploit code, and chose to shut down rather than comply with the order.
Many other services would and have just simply captured the passwords and gone on with life, many many more are not designed in such a way that they could even resist such an order. The operators of lavabit appear to have taken a remarkably principled position.
Eventually it seems likely to be that hosted wallet services like blockchain.info's my wallet will encounter a similar interaction with the relevant authorities intent on seizing some funds.
It's possible that they could just comply completely, perhaps they could shutdown like lavabit rather than attempt to betray their user's trust, or maybe there is some other possibility.
What would be a best case outcome there?
Edit:And now silentmail has preemptively shut down rather than be placed in the same position.
Many other services would and have just simply captured the passwords and gone on with life, many many more are not designed in such a way that they could even resist such an order. The operators of lavabit appear to have taken a remarkably principled position.
Eventually it seems likely to be that hosted wallet services like blockchain.info's my wallet will encounter a similar interaction with the relevant authorities intent on seizing some funds.
It's possible that they could just comply completely, perhaps they could shutdown like lavabit rather than attempt to betray their user's trust, or maybe there is some other possibility.
What would be a best case outcome there?
Edit:And now silentmail has preemptively shut down rather than be placed in the same position.
Jump to: