Topic: My first experience with bitcoin was NOT positive :( - page 3. (Read 6537 times)

Not really, once logged out wallets are just random bytes. Queries made using the API and by the wallet interface are not differentiated and there is no differentiation made between watch only addresses and addresses with a private key which would make it difficult to record the balance if we wanted to.

http://bitcoin.org/clients.html

very nicely put, the problem with bitcoin

The convenience comes from the fact that it's not device specific. That is the advantage of web wallets. You can use the same wallet conveniently from any device. Of course it's not smart to use it from "any device" but if you have multiple secure devices it's more convenient than having a native client. If a user doesn't need that feature, then I agree that there is no convenience angle. In fact a native app can be more convenient if you need the wallet on just one device.

I don't see the point of storing any serious amount of money on a mobile phone in the first place. I myself store on my mobile phone about 150 euros worth of bitcoins. That is enough to pay for my lunch/restaurant bills and settle small debts between friends. If my phone gets stolen or the wallet gets hacked, the phone is actually more valuable than the coins.

Have you tried importing your blockchain wallet into other clients? As far as I know it's a deterministic wallet which isn't yet well supported. Maybe Electrum can do it. Other clients will catch up at some point so this is more of a practical concern than a long term issue.

For the 2-factor auth on blockchain.info see here: https://bitcointalksearch.org/topic/m.754858

It's meaningless to say "the blockchain knows all my transactions". The transactions in the chain aren't linked together. I can't see all kokojies transactions even though I have the full block chain. However if I can find your IP address and gain access to blockchain.info, now I can see all your transactions.

If you use the extension, understand what it does, check what's happening every time it alerts, always use proxies, etc, you are in a tiny minority. Things need to be robust by default.

I'm not saying other clients are all inherently superior - auto update in Bitcoin is an unusually hard problem. For instance the Android wallet can be updated by its author to steal all coins too, you just have to trust he won't do that (or delay accepting the update for a few days - you do get notified and can accept/reject, at least).

With regards to what the site is, whether it takes deposits, etc, what you believe is irrelevant. It's really what law enforcement/the regulators believe that matters.

I don't think people will really exercise restraint with these hosted wallets. They didn't with MyBitcoin, even though it was far shadier than blockchain.info is.

I also don't buy the convenience angle. Why is the site more convenient than a regular downloadable app?

I would like to add that I don't necessarily think the security of the Blockchain Wallet is adequate for very large amounts of bitcoins. I'd use something like a paper wallet or an offline wallet via Armory in that case. But if you have a user that has a small to medium amount of bitcoins and wants to actually use them, the Blockchain Wallet is a good choice. It's important to instruct people to backup the wallet though, that is very important.

I agree with some of the points Mike Hearn raises but I think it's important to note that with the Blockchain Wallet it's not the same as with a web wallet that holds your private keys. If Blockchain became compromised, there is a very limited time window of attack, until everyone knows to not trust the site and then everyone not affected by it would use their backups to get access to the coins.

The time window is small in any case because some people do use the validator and if something fishy was going on, information about it would spread like wildfire. The security issue is a valid point and it's a real risk but compared to a service that actually has access to the private keys the risk is much smaller.

There is always going to be sort of a battle between security and convenience. Even now there are relatively easy, totally bulletproof methods, of securing your bitcoins. Using those bitcoins after you've secured them, is often not easy however. I think the Blockchain Wallet is a good mix of extreme convenience and high security. If you want a slightly less convenient and very secure wallet, Multibit and Electrum are good recommendations.

It's just an option, not a single point of failure, if blockchain.info is gone today, I have my encrypted wallet backed up in my dropbox and gmail, I can just take it to multibit or electrum and load my wallet up easily.

There are several problems with blockchain.info My Wallet which is why I don't think the project should ever officially recommend it or point users to it. I say that even though it's a really nice site and I regularly use its other services. I just don't think hosted wallets are a good idea:

• If the site ever gets hacked, everyone who uses it can lose all their money. I know the owner claims it's not possible, but he's wrong. The reason is that your browser will download new code from the site silently and automatically, and that code can do anything, including sending your private keys to a bad guy. You would never even know it's happened. If you think it's unlikely that the site will get hacked, I wonder where you have been in the past couple of years! Websites get owned all the time, rootkits installed and they begin vending malware. Often they do so in ways that make it hard for the admin to notice there's a problem. Downloadable clients, for better or worse, don't currently have that problem (they have another problem which is that you have to manually fetch updates, but at least they can be given gitian-style updaters fairly easily).
• There is a Chrome extension that is supposed to fix the first issue by alerting you when things change, but that isn't going to work. It's hardly used and the failure mode is an indecipherable error message that users seem to click through without understanding (judging from previous mentions of it on this very forum).
• The site knows all your transactions, your balances and your IP addresses. So it's not very private.
• The 2-factor auth isn't really 2-factor auth as you would expect it to be.
• Although it's definitely arguable, to a financial regulator the site looks and feels like a financial institution. They let users open accounts. They process payments. They take deposits. There is a specific owner in a specific jurisdiction. The fact that the keys for authorizing transactions aren't on the servers is the sort of technical detail they're unlikely to care about. If somebody decides that blockchain.info is actually a bank, everyone on the site will be required to go through AML/KYC (at best) or the owners could be liable (at worst). I hope that doesn't happen but there's no way I'd run a hosted wallet.

Unless you're an iPhone user, I don't think there are any good reasons to use a hosted wallet. On a PC or Mac install MultiBit and use that instead. On Android install Bitcoin Wallet. Don't recommend friends to use blockchain.info because if anything goes wrong it could become the next MyBitcoin. For iPhone users, recommend they swap it for an Android device if they want to get serious about Bitcoin.

This is to bad. Just makes you wonder how many others have had the same issue.

I'm having a hard time wrapping my brain around that growth rate. I had no idea that many new wallets are being created there each day. Hopefully it represents entirely new Bitcoin users and not conversions from stand alone clients to web wallets.

That is disappointing, because it pushes users straight into a centralized, non-private, easy-to-monitor solution.  In engineering terms, an SPOF (Single Point Of Failure).

Point users to a decentralized client like MultiBit or Electrum etc.

This.

It's also very easy to create a safe paper wallet with Blockchain.info website when disconnected from the web. Then only redeem the private key when needed. No need to download the whole blockchain.

https://blockchain.info/wallet/paper-tutorial

The webpage need to be updated but you can ask the forum if you get a problem for creating your offline paper wallet for safe storage.

Version 0.8 can't come soon enough. We need it. Also this again opens the question of how do we market alternative wallets at bitcoin.org.

I think Bitcoin Foundation needs to think about this aspect as well. Bitcoin-Qt is not that great unless you're a power user.

I like the answers at Reddit though and the guy who wrote this is genuinely interested. He didn't quit after the lousy first experience, he wants to learn.

But I rather have the devs working on the backend then making the interface pretty. Again this is why it is beta. Also the devs are working on the blockchain downloads, which isn't that big of an issue. I think if newbies are coming here with out knowing anything about computers or anything like that, they probably should be put off until it is a little bit more cleaner experience.

It is if you are a newbie.

Yes, if you already know everything about bitcoin then it's ok. We use it and we survive with it, but it's far far far from being "decent"

Just copy-pasting the interface and features of multibit in the standard client would make it much much better.

Consider that for a newbie to find a lightweight client like multibit takes a lot of time, they first go on the bitcoin website and find the standard client. Maybe later they discover the forum and inside it a thread speaking about lightweight clients and different interfaces. But probably after they spent more than a day downloading a blockchain wich, for them, is useless

But that is why it is in beta, and plus who cares about the interface at this point, the UX isn't horrible and isn't that bad.

I think Blockchain.info is the first place new users should be sent to who want to create a new wallet.

Luckily about 500 new users are signing up per day,  but that rate needs to increase even more:

http://blockchain.info/charts/my-wallet-n-users