Topic: Safe way to send a bitcoin address (Read 232 times)

Exactly. With my solution there's nothing to delete. The server will have a knowledge that a transaction took place between particular end users, but not the plaintext content of what was exchanged.

Usually the sender has more at stake, because he is disclosing information to the recipient. It may not be true with sending a bitcoin address for payment, though. But in general, if you are sending secret data to someone, it's because you have it, and they don't have it yet. Therefore, I expect the sender to put more effort into it.

Also, when I say difficult, I don't mean it to be as difficult as PGP. I mean more like installing something, creating an account at a service, creating a password, getting through a configuration wizard, etc. The sender can be a person in his prime years, the recipient can be your grandma.


Assymetric cryptography is not well suited for some applications at all. In the last 25 years no assymetric solution for encrypted email took the market.

well that is the basis of any asymmetric cryptography scheme working with public keys. that is what the whole idea of "web of trust" comes from. you first have to communicate the public key in some way before you could open up a secure way for future communications.

If Alice is going to receive 10 BTC illegally, she could just create a new email address and ask the other illegal operator to use different names. She could also ask Bob to deposit the 10 BTC in a mixing server directly and share the privatekey with her.

There are some possible solutions for this, all of them for free. But you didn't point out any? You just asked fof investors and pointed a problem which already has some solutions. Noneof them are 100%, and yours isn't 100% either  (probably)

Ehh, I would personally not use Privnote actually, you never know what they save since it's a centralized service.
Something like Signal would be a better option, I think. Or there are also a bunch of messenger apps that work on the Tor network.

Well, another method that people use to steal people's coins, is to hijack their email account and to look for emails where you request payment for services rendered and then to send a new email to inform the sender that you changed your initial address and that they must rather send it to that address.

People are doing this currently with Bank account details and invoices that are send or received in mailboxes. So, if you can hide the Bitcoin address, then hackers cannot replace it with hijacked emails and the recipient can validate the senders Bitcoin address by phoning you or with Sms verification or WhatsApp. 

You just need to change your concept to help protect people from things like that. 

I agree, you have to give up something. The question is what, and in what form.  Your own suggestion to share your own key doesn't work. You have to have the key of the recipient, not your own key. Most likely he will not have that. But even if he does, you will need to have a way to verify that you are getting the right key from the public server.  In the PGP world, this amounts to either having a chain of signatures in Web-of-Trust, or you would have to verify a key fingerprint with the recipient directly.  Verifying a fingerprint is relatively hard, because it is cryptic and long. PGP users came up with a "phonetic alphabet" to do it by telephone. You'd need your recipient to be savvy to expect him to do that.  My solution tries to be easy on the recipient, assuming only that the sender is computer savvy.

Keybase.io made good process with this method. But, again, there's unlikely chance that your recipient will have keybase installed. For example, I installed it to try it out, and uninstalled it. I don't have a regular use for it.

Monero is a good solution to this problem. Bitcoin still dominates the market, and most people convert all their crypto to bitcoin at some point. For example, often you need to use bitcoin to fund an exchange, and to withdraw money from an exchange. zCash is another good solution for this.

I am not competing with Monero or zCash, I'm just offering a different solution, if the crypto doesn't have such inherent anonymity, and you still want to send an address.

To "bitmover": consider this scenario,

Alice Smith emails Bob a new address with zero balance. He sends her 10btc. Eve observes this email in transit, or by hacking into Alice's or Bob's mailbox. Now, Eve knows that person [email protected] received 10btc.  By inspecting other info about [email protected] she learns of her identity as Alice Smith, her address and so on.  She blackmails Alice to report her to police for receiving so much money over crypto. Alice is forced to take a week holiday from her day job, in order to talk with her accountant. She pays to the accountant $1000 in fees and looses a week of work, causing about $3000 of damage.  After that Eve targets Bob, blackmailing him that he got the money from engaging in an illegal business. Etc.

Now, let's say Alice instead created 20 addresses, and asked Bob to send 0.5 btc over each address. Then Eve can still collect this information by scanning all of the emails in her mailbox.

To BrewMaster:

In the other thread I explained what's lacking in ProtonMail.  PGP would work according to your scheme, but PGP is hard to use. Also, physically giving Bob a flash drive is hard and slow if they can't physically meet in person. For example, to mail a flash drive, you will need a mailing address of Bob. Bob is forced to reveal details of his identity to Alice, that he may not want to reveal. Even transferring the mailing address is not that simple.

asajapheth: that means both Alice and Bob should use the same P2P messenger, and must known each other usernames or phone numbers (if this is WhatsApp or Signal).  Furthermore, the must verify their identity public keys, before they can be sure that there is no MITM between them. The fingerprint of Alice-Bob public identity key pair in WhatsApp is 12*5=60 digits.  How will Alice communicate 60 digits to Bob?

OmegaStarScream: PrivNote can not guarrantee that the record is deleted after the message was received.  The message is on their server, and they may be obligated to keep it around.


The revenue model is to sell usage licences to corporate employees, while individuals can use it for free.  Another source of revenue is to sell physical things related to the security scheme, on sites like Amazon. For example USB flash drives preloaded with authentic data.


I am not going to reveal anything about my solution to these problems without a signed NDA.  If you are interested, begin by writing me a private message.






 

Privnote is also another solution to give someone your address without having to worry about it being found online afterward. It's still unclear how your service is going to work, but If you're looking for investors, it's probably going to be paid and monetized? I suggest looking more into this, as I doubt anyone is looking (at least not the average user) for something that can be done and obtained for free.

Any P2P messenger would serve that purpose perfectly.

you can't expect any interest in a project while you don't explain anything about it at all. for starters why would anybody choose the project you linked (Secure Email) over the systems that already exist such as ProtonMail as the centralized while end to end encryption mail service with high respect to privacy. or a decentralized method such as already existing Bitmessage or other similar projects? (all of which are free by the way)

as for sending bitcoin addresses, there are much easier ways. for starters as bitmover said you create a new address and send that. if you are so concerned about MITM attacks you simply add a layer of encryption on top of it. for example share a PGP public key with the other party through a different way (physically giving him your key on a flash drive) and then sign each address with that! again for free and won't need a third party application you don't know.

You can just create a new address, which you never used before.

It will have zero balance and no past transactions.


Why can't you  just mail him your public address newly generated? What is the advantage that your service offer over this solution?

If you are very paranoid you can just encrypt a file with your address inside and give him the password. No need for investors

I have been working on a secure messaging solution (email and one-off messages).  I have posted about it here, https://bitcointalksearch.org/topic/secure-email-looking-for-investors-or-clients-5159958

Here I just want to highlight one important use case, relevant to cryptocurrency users. How would you send someone your Bitcoin address? (Or any crypto coin wallet address)?

Even though your wallet address is public, you don't want people to know your addresses, so that they wouldn't know how much money you have received on it. Afterall, you don't publish your bank statement on your Twitter page.

What you need is a way to send the address that can't be linked to you.  I have a way you can do this so that

- the recipient of your address (someone who is supposed to pay you) will get exactly your address, rather than an impostor's address
- there will be no trace on the internet of the address, so that an adversary can't figure out that it's yours.

Looking for investors or clients.