Topic: Need a good Non-Shared Wallet (Read 975 times)

OK, Mister High Roller...

I carry no irreversible currency on a daily basis. If my credit card (which I pay in full every month) gets stolen or miraculously leaves my secure control, it's reversible, so I don't fret over it. BTC and cash isn't, so I rarely put it in a place where I need to fret over it - and when I do, whoever tries to take it will be suicidal. What you described is a "medium" amount of cash for me.

AFAIK, there is no final determination what happened with blockchain.info, nor have any steps been taken to prevent it from happening again in the future, nor any indication they will ever be taken (other than my not using Gli.ph Marketplace until they allow users to keep all their BTC in non-web wallets, and only using bc.i as a watch-only wallet).

I would further define 'small' as an amount equal to or less then what you would expect to spend on things like a coffee, lunch at work and dinner for two (what you would spend in one day) and be an amount that you would not fret over if an equal amount of cash were to fall out of your pocket, ect.. (it must meet both criteria), in other words be roughly equal to or less then an amount of cash you would expect to carry around with you.

Obviously if you lost an amount via a web wallet one day, you should not replenish your funds the next day without first determining what happened and then taking steps to prevent that from happening again in the future.

"small" is a subjective term.



I think it means: "a fraction of BTC that would cost more in fees than the entire amount of BTC in the wallet, to meet the minimum fee rule to be relayed let alone included in a block".

I don't commit economic suicide, "small", "medium", or "large".

Like I said, you should only use small amounts with any web wallet and you should take precautions to ensure that you have personal control of a backup prior to using a new address.

I think it is intentional that access to the private keys are lost once you are logged out of your wallet as a security measure. I think it is fair to say that once you log out of your wallet that you no longer want access to your private keys stored in your browser that an attacker could potentially steal.

However you could possibly explain the method of private key loss, ALL parties deny ANY fault.

The buck stops with the code that DOES NOT preserve all private keys no matter what. Who published the code? Blockchain.info

It wouldn't be that the are deleted. You can't actually delete your private keys from the web interface on BC.I as it is now, you can only prevent a private key from showing up on the current and future backups as previous backups will still contain your private keys.

What could have happened is:
1 - the API generated the private key
2 - before the encrypted backup that includes the new private key is transmitted to BC.I, the API looses connection to BC.I
3 - before a connection is reestablished to BC.I, the API times out, forcing it to "forget" any private keys that it was storing in memory
4 - when the API reconnects to BC.I it retrieves the most recent backup which was created prior to step 1

I would agree that web wallets are not good to store large amounts of money on and that people really should not rely on them as heavily as they do, however in my experience if you take care to ensure that you have acquired a backup of the wallet each time you create a new private key (you should have personal control over the backup, be it in our email or a download to your computer, or in your dropbox) prior to using the associated address then I have considered it to be safe for small amounts of my own personal funds. For larger amounts, absolutely not, and for your own money - that is up to you to make that determination yourself.

And yes, my experience does not mean it is the same for everyone else, and past performance dos not guarantee future results.

Rob at Gli.ph swore up and down that the private key could not have been deleted by Gli.ph's side of the API. Is that true? IDK. It's an 8 step process outside the API (user logs into own wallet) which I couldn't have executed. When Blockchain.info coded its API, it should have 1) had all API-generated private keys backed up instantly 2) never allowed private key deletion by API, regardless of backup status.

If even 'the best web wallet available' can't be coded so as to preserve all private keys
no matter what,
you shouldn't use it.


YES.

Hmmm. From the looks of it, your situation had something to do with Gilph with your BC.I wallet via an API and for some reason the private key was not saved (in encrypted format) after it was created. If you look at the link in your post to BurtW's thread, it appears that he created (in his case imported) a private key, for some reason the browser did not sync with BC.I's servers, then the private key was only stored in the browser until he logged out (in his case the session timed out), and were lost.

You could prevent an experience similar to your from recurring by either
a) Generating a new private key in your BC.I wallet, logging out of your BC.I wallet, log back into your BC.I wallet and check to make sure the private key is still there prior to using the address associated with it.
b) Heavily reuse addresses* so that you know once you have used an address once, you will be able to use it again later multiple times

*although I think this is a bad idea for a number of other reasons, it would solve your specific issue

While I am not a huge fan of any web wallets, I do think that BC.I is probably the best one available.

---

---

One way to get the majority (if not all) of the positives of using a web based wallet (ability to access your funds from multiple locations/computers) would be to use some kind of deterministic wallet. Although any labels you set for each address would not transfer from wallet to wallet, you would be able to 'restore' your wallet from your seed on an unlimited number of computers, and your funds would be available on all of your computers that you have a wallet containing your seed for.

In my case, despite it being marked "Solved", there was no reimbursement to me, no reimbursement to the sender/API admin (AFAIK), the API admin was not brought in to help fix, and so the API was not fixed (AFAIK).


https://www.youtube.com/watch?v=yAWpqz9EztE

I don't use the API, I'm aware there were some problems in the past, I was just never affected by them.

Bear in mind that when there a problem with generating addresses in Blockchain.info caused by some bug in android that affected quite a few Android users Blockchain.info reimbursed those users.

The willful ignorance/economic suicidal advice in this thread, it burns. /unwatch


Nope. 3 months ago. Your experience is not a substitute for anyone else's.


Nope. See here.


Nope. Your experience is not a substitute for anyone else's.

What you said have higher chance but this is not true in all cases. They have pushed a buggy code earlier and their wallet also generated signatures with low randomness. This is very dangerous. Who knows they won't push a buggy code again? However, till now, they are very trustworthy and that is one of the main reasons I suggest Blockchain.info over other online wallets. It is possible they are doing a long con.

I appeciate all of the help. The only reason I am asking for an online wallet is because I am not too sure how an offline wallet works as farr as set-up, moving coin back and forth and so on... I am definitely going to read up on all of that and try to learn it. I do understand the risks involved with online wallets, which is why I have like 15 of them and never allow any of them to have a large amount (.2-.3) in them at any time.. I am not dealing with large amounts of BTC yet, but am getting more into investing and looking into some possible mining opportunities that are legit and one of these opportunities requires that certain types of payouts they make must be returned to the sending address. I Did not understand the whole shared wallet thing and localbitcoins was not on the list of examples they gave and it cost me .005 to learn that lesson; not the end of the world, it is only a buck, but want it fixed.

I will sign up for bitchain right away and read the suggested material and try and figure out offline wallets and get myself one soon. Again, thanks for the information and help.

Well they could change the JavaScript so that when you log into your wallet, your private keys are decrypted in your browser and then sent to them. Most people would probably not be able to detect this due to lack of technical expertise.

Their wallet is open source so if they were to attempt to do this someone could use a previous version of their wallet to access their Bitcoin. Additionally you are able to download your private keys locally so if you are afraid they have changed their code to steal your funds once you access their wallet you can use another wallet.

so if they turn evil and decide to steal every people's money they won't be able

It is new for me

Is the reason behind that is the fake emails that is sent to most users that redirect the link to phising sites?  Personally i dont encounter any problem on my wallet so far

My understanding of how BC.I works is that the private keys are generated locally in your browser, are encrypted and then sent to BC.I to be backed up. When you later log into your BC.I your private keys are then sent to you in encrypted format and they will be decrypted locally in your browser.

It is my understanding that the primary reason for most BC.I thefts and losses is due to various MITM and social engineering attacks.

It is my understanding that BC.I never is in any kind of control of your private keys.

I use blockchain.info for 2 years now and never experience such a thing, you may be describing some old bug that affect very few users.

The user of a blockchain.info wallet DOES NOT "control the keys". blockchain.info does, and generates then subsequently deletes your funded private keys before they can possibly be backed up.
blockchain.info wallet is NOT "decent". Google the massive amount of thefts and BTC loss from them!

https://bitcointalksearch.org/topic/m.10604333

AFAIK, trezor wallet isnt an online one. Op is asking for an online wallet.


@op i suggest to use blockchain.info wallet, you have the control for your privates keys and you can transfer and recieve funds with your address