Author

Topic: Please put idiot proofing in all wallet software. (Read 877 times)

donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
I started this thread because I did something wrong and I don't know how I could have possibly done so. It was a no brainer, and yet something happened and I have no idea what. Bitaddress.info has a BIP 038 option that should not allow you to copy/paste passphrases. I don't think I did that, but it is possible that when I verified my passphrase before loading the wallet, I may not have typed it in like I should have.
full member
Activity: 168
Merit: 100
For example, couldn't a wallet verify that another wallet exists before sending money to that address? If it does not already exist or have any transaction history, then a simple message would pop up stating, "This wallet has never been used before. Are you sure you want to send money to it?"

Really bad example. Bitcoin explicitly incorages people to not reuse addresses.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Quote from: Rick Cook (1989)
Applications programming is a race between software engineers, who strive to produce idiot-proof programs, and the universe which strives to produce bigger idiots. So far the Universe is winning.

It is still applicable today however the core client should be more user proof. Maybe not more user friendly but more user secure.

The client does a few things implicitly which should be explicit.

Scenario: If there is no wallet file the client simply creates one.  Most applications don't work this way and it is counterintuitive to most users.
Fix:  Don't make a wallet by default.  Have the user create a wallet file (or import an existing one).  User should be able to select a different location for the wallet file.  In windows system make a folder under Documents called Bitcoin and store the wallet there.  Have user provide a name for the file and use extension .wallet.  (i.e. Johns_Bitcoins.wallet in the Bitcoin user folder is more intuitive than hiding a dat file in among other dat files in a system folder).

Scenario: Clients by default are not encrypted.  This undermines future security even if encryption is later added if an attacker obtains an unencrypted copy of the wallet.
Fix:  Make encrypted wallets the default at the point wallet is created and make user opt out by choosing an strongly worded warning.

Scenario:  Users may make a mistake at the time the wallet passphrase is created
Fix:  Take steps when possible to ensure user knows the passphrase and it is the correct one.  Detect if caps lock key is on when typing passphrase and if so prevent entering passphrase.  For the first few (say three) times the client starts after creating a new wallet prompt the user with the option to test/verify their passphrase.   Do the same for the first couple times user requests a bitcoin address (make sure user will be able to spend those coins BEFORE letting them receive those coins).  

Scenario:  Users are bad at making secure passwords
Fix: Use password strength algorithm to warn users on the likelihood that the passphrase will be insufficient to protect them from theft.

Scenario: Users are bad with making backups so make it part of the wallet creation.
Fix:  At the time of wallet creation prompt the user for a location to store a backup. By default recommend a non-system disk. For encrypted wallets offer the option to save directly to dropbox or google drive if those applications are installed.  Have the client setup transparent backups in the background.  Use the date in the filename and use a different extension (i.e. Johns_Bitcoins_Backup_2014_04_07.wallet.backup ).  At the same time make the default keypool size larger.  Even 500 keys takes a negligible amount of space and provides more safety for users which don't make frequent backups).  To some extent this issue is reduced by the use of HD wallets but we have been hearing about HD wallet in the core client for over a year now.  Even w/ HD wallet it is a good idea to periodically have user check that they have a good backup.
member
Activity: 104
Merit: 10
"If you make something idiot proof, someone will just make a better idiot."

This is true. However, you can make something "idiot better". For example, you can make something that guessing, only 20% of people can understand, use properly, and safely to something that say, 80% of people can understand, use properly, and safely with just a little bit of code. The closer you get to 100% idiot proofing, the exponentially harder it gets to completely 100% idiot proof, to the point where it becomes impossible.

When idiot proofing, one has to consider the benefit vs. the effort to code it in. For example, couldn't a wallet verify that another wallet exists before sending money to that address? If it does not already exist or have any transaction history, then a simple message would pop up stating, "This wallet has never been used before. Are you sure you want to send money to it?" This might prevent someone from sending to a bunk address unintentionally and never getting that money back again. Then put a checkbox that says "Never show me this again." (I know what I'm doing, thank you very much.) Something like this should be relatively simple to code and yet could have enormous benefit to a large number of people.

Don't debate that last paragraph. It's just a dumb example but you get the point.
legendary
Activity: 1540
Merit: 1029
"If you make something idiot proof, someone will just make a better idiot."

lol, very nicely put.
hero member
Activity: 1582
Merit: 502
Please define "idiot proof"
It's all part of the ease of use, and to protect newbies from doing something wrong. Like warning about importing private keys and advising to sweep them if they could ever be compromised. Not allowing a full address to be copy/pasted in one shot would be useful so someone doesn't use a wrong address in the clipboard. Anything to make key handling safer.

Not allowing copy/paste of a full address would be a hassle to non idiots IMO.

However, if you have other suggestions I am willing to help when it comes to the windows platform.
I have thought about creating a software that will encrypt the BTC directory but since I am a new member here nobody will use it so why waste my time?

"If you make something idiot proof, someone will just make a better idiot."
You are saying "If you make everything unsafe, everyone will be safer." I'll bet you don't ever complain when someone does something foolishly that harms you, because that would imply that you are an idiot for being careless.

He is saying that it doesn't matter how much idiot proof something is, there will just be people who are too stupid to comprehend.
full member
Activity: 168
Merit: 100
"If you make something idiot proof, someone will just make a better idiot."
You are saying "If you make everything unsafe, everyone will be safer." I'll bet you don't ever complain when someone does something foolishly that harms you, because that would imply that you are an idiot for being careless.

After 15 years of working in IT, I can safely (although sadly) say there's no way to stop people from shooting themselves in their feet when computers are involved.
Well, also when computer aren't involved, actually.

Case in point: with Outlook, when you delete a message you can restore it from the Recycle Bin. When using Outlook + Exchange, there's also an additional feature that lets you recover messages a second time, after you emptied the Recycle Bin.
Do you think this was enough to stop people from deleting their messages three times in a row and then wanting them restored from backup?
donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
"If you make something idiot proof, someone will just make a better idiot."
You are saying "If you make everything unsafe, everyone will be safer." I'll bet you don't ever complain when someone does something foolishly that harms you, because that would imply that you are an idiot for being careless.
donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
Please define "idiot proof"
It's all part of the ease of use, and to protect newbies from doing something wrong. Like warning about importing private keys and advising to sweep them if they could ever be compromised. Not allowing a full address to be copy/pasted in one shot would be useful so someone doesn't use a wrong address in the clipboard. Anything to make key handling safer.
hero member
Activity: 1582
Merit: 502
"If you make something idiot proof, someone will just make a better idiot."

LOL

So true!  Grin
full member
Activity: 168
Merit: 100
"If you make something idiot proof, someone will just make a better idiot."
hero member
Activity: 1582
Merit: 502
Please define "idiot proof"
donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
Take an extra few minutes to add something to make wallet software idiot proof whenever possible.
Jump to: