Topic: Safety revision after the Hacks going around these days (Read 1751 times)
It is debt. It isn't a loan but it is a liability. Optimally the assets and liabilities balance but when the thief (or insider) takes the assets all that is left is the liabilities. If the company can repay that liability out of its own pocket well they can make you whole but more times then not the loss is far greater than their ability to repay and depositors are left holding worthless IOUs.
You can add #0 to your list.
Bitcoin Axiom #0 - If you do not have the private keys for your bitcoins, then you have no bitcoins.
If you deposit your bitcoins with an exchange then although their site may display an amount of bitcoins what you have is an IOU for a certain amount of bitcoins. An IOU is a form of debt, it only has value as long as it is honored. A significant portion of debt is never repaid. Bitcoin has no counterparty risk, a bitcoin IOU does have counterparty risk.
If you deposit your bitcoins with an exchange then although their site may display an amount of bitcoins what you have is an IOU for a certain amount of bitcoins. An IOU is a form of debt, it only has value as long as it is honored. A significant portion of debt is never repaid. Bitcoin has no counterparty risk, a bitcoin IOU does have counterparty risk.
That argument is is both illogical and false.
Saying it multiple times, louder, and with pretty colors only make it wrong on many different levels.
Start with an exchanges terms of service to see what it is that they are contractually offering, align their terms and definitions with your understanding and how those square with actual law. Then you have the proper premises from which to argue one way or another.
Use of terms like 'debt', 'iou', and 'repaid' all imply some sort of loan agreement, which is far from the case.
#11- never trust anyone with your BTC, if you cant control the address then you don't own the BTC, any non reputable, non regulated online service can go offline, and you will lose all your funds (the new term is Goxed)
The part in red is a growing and pervasive fallacy.
When you place your coins in the care of another, particularly for any specific purpose set forth by either of you and acknowledged by the other, you don't lose ownership to the coins. You don't need an account, or terms of service, to make a donation.
When you place your money in the care of an exchange, they have a responsibility for the care of those funds, the responsibility is actually higher than what they have for their own funds, nevertheless you don't lose ownership, just like you don't lose parental rights when you take your kids to school.
The part in red is a growing and pervasive fallacy.
When you place your coins in the care of another, particularly for any specific purpose set forth by either of you and acknowledged by the other, you don't lose ownership to the coins. You don't need an account, or terms of service, to make a donation.
When you place your money in the care of an exchange, they have a responsibility for the care of those funds, the responsibility is actually higher than what they have for their own funds, nevertheless you don't lose ownership, just like you don't lose parental rights when you take your kids to school.
While I agree with you ... however you losing signing ability, which means it becomes very difficult to prove a transaction that originated from there is yours, especially with exchanges that don't put customer service very high on their to do list.
I always withdraw from an exchange and send from my wallet if I'm "buying" something.
M
I'm 100% for your efforts to improve community standards and safety.
I just don't want exchange responsibilities to shift to user responsibility, like teachers and schools blaming parents for their kids academic performance. The exchange is the fiduciary responsibility to care for the money placed in their care. That's the cased even if there is no terms of service. They are an exchange not a charity, they are supposed to get paid for their professionals service as detailed in their terms of service and fee schedule. My money ONLY becomes their money when they have earned it.
BTC, as we have seen has tremendous price potential however we are where we are at because of the real and present insecurity of the whole marketplace, but mainly the exchanges. Once the exchanges step-up responsibly the btc rates will find those 4 digit heights yet again.
You can add #0 to your list.
Bitcoin Axiom #0 - If you do not have the private keys for your bitcoins, then you have no bitcoins.
If you deposit your bitcoins with an exchange then although their site may display an amount of bitcoins what you have is an IOU for a certain amount of bitcoins. An IOU is a form of debt, it only has value as long as it is honored. A significant portion of debt is never repaid. Bitcoin has no counterparty risk, a bitcoin IOU does have counterparty risk.
If you deposit your bitcoins with an exchange then although their site may display an amount of bitcoins what you have is an IOU for a certain amount of bitcoins. An IOU is a form of debt, it only has value as long as it is honored. A significant portion of debt is never repaid. Bitcoin has no counterparty risk, a bitcoin IOU does have counterparty risk.
it is on the list #11
You can add #0 to your list.
Bitcoin Axiom #0 - If you do not have the private keys for your bitcoins, then you have no bitcoins.
If you deposit your bitcoins with an exchange then although their site may display an amount of bitcoins what you have is an IOU for a certain amount of bitcoins. An IOU is a form of debt, it only has value as long as it is honored. A significant portion of debt is never repaid. Bitcoin has no counterparty risk, a bitcoin IOU does have counterparty risk.
If you deposit your bitcoins with an exchange then although their site may display an amount of bitcoins what you have is an IOU for a certain amount of bitcoins. An IOU is a form of debt, it only has value as long as it is honored. A significant portion of debt is never repaid. Bitcoin has no counterparty risk, a bitcoin IOU does have counterparty risk.
#11- never trust anyone with your BTC, if you cant control the address then you don't own the BTC, any non reputable, non regulated online service can go offline, and you will lose all your funds (the new term is Goxed)
The part in red is a growing and pervasive fallacy.
When you place your coins in the care of another, particularly for any specific purpose set forth by either of you and acknowledged by the other, you don't lose ownership to the coins. You don't need an account, or terms of service, to make a donation.
When you place your money in the care of an exchange, they have a responsibility for the care of those funds, the responsibility is actually higher than what they have for their own funds, nevertheless you don't lose ownership, just like you don't lose parental rights when you take your kids to school.
The part in red is a growing and pervasive fallacy.
When you place your coins in the care of another, particularly for any specific purpose set forth by either of you and acknowledged by the other, you don't lose ownership to the coins. You don't need an account, or terms of service, to make a donation.
When you place your money in the care of an exchange, they have a responsibility for the care of those funds, the responsibility is actually higher than what they have for their own funds, nevertheless you don't lose ownership, just like you don't lose parental rights when you take your kids to school.
While I agree with you ... however you losing signing ability, which means it becomes very difficult to prove a transaction that originated from there is yours, especially with exchanges that don't put customer service very high on their to do list.
I always withdraw from an exchange and send from my wallet if I'm "buying" something.
M
and use firefox without any plugins.
You mean, use Tor
to people who think that they do take security seriously, please it is time to do some revision, I am reading around and I see a shocking amount of hacks and fraud going on for the last couple of days.
so you may consider:
1- check if you have all security features that your exchange offers already activated.
2- make sure that you use one of the best antivirus programs on the computer you use to browse around and make sure it is up to date.
3- don't leave funds on exchanges, if you daily trade and you have leave any funds there, then make sure to use e-mail confirmations and that your e-mail also has 2FA.
4- make sure that you use only one phone/device which is not rooted, and do not install garbage bitcoin apps or any other app games/garbage.
5- use paper wallets for your long term investment and save them in a safe place.
6- keep the for-daily use coins on an offline computer, use Armory, sign offline transaction and broadcast them on an online pc.
7- use different passwords on all sites, make them complicated and long (capital letters small letters, numbers and special characters)
8- don't keep any track of your passwords, keys or anything else on your computer, do it the old fashion way, write on a paper and save it somewhere safe.
9- encrypt about anything, I would recommend you to encrypt your entire dist as well, if you use linux this option is offered when installing the system, if you use windows then try PGP whole disk encryption, I use it and I recommend it.
10- use avg anti virus on your phone/device, activate the relocation option, there is also an option to wipe-out the device by sending a SMS to your phone if lost or stolen.
11- never trust anyone with your BTC, if you cant control the address then you don't own the BTC, any non reputable, non regulated online service can go offline, and you will lose all your funds (the new term is Goxed)
12- dont click on links without being sure where they direct, you can simply put the mouse cursor on it without clicking and check the address bar if it is a legit link, deactivate automatic redirection in your browser so you cant be tricked.
13- don't open e-mails from unknown sources, especially don't open spam e-mail, if you have to do so, then make sure to not open any executable attachment or any .pif extension, judge any site asking you to install "java plugin" or a "flash player" if YouTube works for you than you don't need any flash player or additional extensions, you are being a victim of a phishing attempt.
14- don't install any opensource software if you don't know what the code does, if can review the code your self then don't install without verifying the signature, especially don't install wallets of the daily created scam coins, some might be created just to steal your coins.
these are just some of the safety practices I can think about now, any user is welcome to add anything I might have forgotten to this list.
so you may consider:
1- check if you have all security features that your exchange offers already activated.
2- make sure that you use one of the best antivirus programs on the computer you use to browse around and make sure it is up to date.
3- don't leave funds on exchanges, if you daily trade and you have leave any funds there, then make sure to use e-mail confirmations and that your e-mail also has 2FA.
4- make sure that you use only one phone/device which is not rooted, and do not install garbage bitcoin apps or any other app games/garbage.
5- use paper wallets for your long term investment and save them in a safe place.
6- keep the for-daily use coins on an offline computer, use Armory, sign offline transaction and broadcast them on an online pc.
7- use different passwords on all sites, make them complicated and long (capital letters small letters, numbers and special characters)
8- don't keep any track of your passwords, keys or anything else on your computer, do it the old fashion way, write on a paper and save it somewhere safe.
9- encrypt about anything, I would recommend you to encrypt your entire dist as well, if you use linux this option is offered when installing the system, if you use windows then try PGP whole disk encryption, I use it and I recommend it.
10- use avg anti virus on your phone/device, activate the relocation option, there is also an option to wipe-out the device by sending a SMS to your phone if lost or stolen.
11- never trust anyone with your BTC, if you cant control the address then you don't own the BTC, any non reputable, non regulated online service can go offline, and you will lose all your funds (the new term is Goxed)
12- dont click on links without being sure where they direct, you can simply put the mouse cursor on it without clicking and check the address bar if it is a legit link, deactivate automatic redirection in your browser so you cant be tricked.
13- don't open e-mails from unknown sources, especially don't open spam e-mail, if you have to do so, then make sure to not open any executable attachment or any .pif extension, judge any site asking you to install "java plugin" or a "flash player" if YouTube works for you than you don't need any flash player or additional extensions, you are being a victim of a phishing attempt.
14- don't install any opensource software if you don't know what the code does, if can review the code your self then don't install without verifying the signature, especially don't install wallets of the daily created scam coins, some might be created just to steal your coins.
these are just some of the safety practices I can think about now, any user is welcome to add anything I might have forgotten to this list.
One of these should be made for exchanges as well so that they know how to secure the btc in their care.
https://bitcointalk.org/index.php?topic=492776.0;topicseen
#11- never trust anyone with your BTC, if you cant control the address then you don't own the BTC, any non reputable, non regulated online service can go offline, and you will lose all your funds (the new term is Goxed)
The part in red is a growing and pervasive fallacy.
When you place your coins in the care of another, particularly for any specific purpose set forth by either of you and acknowledged by the other, you don't lose ownership to the coins. You don't need an account, or terms of service, to make a donation.
When you place your money in the care of an exchange, they have a responsibility for the care of those funds, the responsibility is actually higher than what they have for their own funds, nevertheless you don't lose ownership, just like you don't lose parental rights when you take your kids to school.
.
How about a second OS for Paper Wallets or a VMWare-Image?
Having a second PC just for that, seems a bit much.
Having a second PC just for that, seems a bit much.
Most important advice, IMO.
Get exclusive control of your private keys. Until you have that, you do not own bitcoins. Back your wallet up and put most in a wallet that stays off the internet. Put it in a safe deposit box or something that safe.
Get exclusive control of your private keys. Until you have that, you do not own bitcoins. Back your wallet up and put most in a wallet that stays off the internet. Put it in a safe deposit box or something that safe.
I think what would be ideal is to dual boot a linux distribution on your computer, encrypt the filesystem, disable ssh or any other network services, and use firefox without any plugins.
Or buy a laptop exclusively for cold storage only.
Why would a laptop be desired over using paper wallets for cold storage? ... To send BTC, I use the loaded paper wallets that I need to cover the transaction, scan in the private keys ...
into the malware infected computer and the attacker steals them the second the system becomes aware of the private key.
It might be overkill for a couple bitcoins but if you are talking hundreds or thousands it is well worth the money to have an secure dedicated laptop to perform offline signing. The private keys never touch a computer connected to the internet .... ever. Not just in storage but also in use.
This doesn't mean you can't also have paper backup as a backup to the offline signing device.
Quote
no more a burden than copying keys from a cold storage laptop to a hot wallet on an online computer via a usb drive -- and keep in mind that you would only copy the keys you would need, otherwise, you would be exposing your "cold storage" private keys to be possibly read by malicious software.
The keys NEVER leave cold storage. The only thing copied to the hot wallet is the complete digitally signed transaction. The hot wallet could be a cesspool of infection and the attacker would get nothing that isn't already public information anyways.
Hi, I currently don't have much coins to need a laptop as a cold storage, but can you please explain this process to me?
I am currently using an encrypted drive to store my wallet, but in case I get Bitcoin rich I would like to know how to do this
Why wouldn't a simple blank CD be suitable for a poor man's cold storage? If you were really worried about damage, buy an offline CD duplicator.
Also by monitoring the directory file(s) size wouldn't that be a way to detect malware?
Also by monitoring the directory file(s) size wouldn't that be a way to detect malware?
store your coin on a secure offline storage - www-pi-wallet.com
nope, Wrong practice, read #11
store your coin on a secure offline storage - www-pi-wallet.com
Paper wallet to mobile phone feels safe enough for me, but then I'm not dealing in thousands of bitcoins.
I have an offline Raspberry Pi running Electrum (cheaper than a dedicated laptop!) but I worry about it failing. Then there is the question of how to back up the seed for the Electrum wallet.
I have an offline Raspberry Pi running Electrum (cheaper than a dedicated laptop!) but I worry about it failing. Then there is the question of how to back up the seed for the Electrum wallet.
As it was already said the best way is to use separate computer only for this purpose, I totally agree with it.
these are just some of the safety practices I can think about now, any user is welcome to add anything I might have forgotten to this list.
Use Armory to store all but petty cash offline. You would still have the burden of transferring the address (from an online source) to the signing computer and then back to the online computer to send the transaction without a direct connection.
It isn't that complex although when I am not working 60 hours a week I have been experimenting with alternate methods of passing infromation between the offline and online computers. One method involves using animated QR codes and web cam, the other involves transfering it as an encrypted sound stream using mic-in port (same method square uses for their card reader dongle). Quote
I'd still be uncomfortable with leaving private keys to a large amount of BTC on a device that could be hacked onsite.
Paper can be "hacked" onsite as well. Quote
If keeping bitcoin safe becomes too difficult, then it will impede bitcoin's adoption amongst non-technical people.
Your grandma won't be using a laptop. What can be done with a laptop can later be done with a dedicated hardware wallet which is mass produced at a nominal cost and can provide her a level of security she could never possibly hope to achieve if she keeps clicking on lolz_cats.exe attachments. Or buy a laptop exclusively for cold storage only.
Why would a laptop be desired over using paper wallets for cold storage? ... To send BTC, I use the loaded paper wallets that I need to cover the transaction, scan in the private keys ...
into the malware infected computer and the attacker steals them the second the system becomes aware of the private key.
True, but my assumption is that I will have done due diligence in checking that the online computer is clean. I'm pretty tech-savvy, but I'm not arrogant enough to think that I can prevent every attack. The idea would be that I would limit my losses to only the exposed keys; a mugging versus a steal-my-life-savings scenario. A malicious software that instantly steals your bitcoin would be pretty impressive. Most malicious hacks that I have read about involve stealing your encrypted wallet data, subject it to dictionary attacks or get your password from a key logger, all which would take time to process. A private key would only be valuable for a short time, from the time the paper wallet is loaded until the remainder of the transaction is swept from the hot wallet.
When bitcoin merchant pay terminals become widespread, I would hope to be able to use a hot wallet on my phone and only put the amount that I think I might spend from a paper wallet. I'll sweep it all back to a paper wallet once I'm done shopping. I see it similar to only carrying around a $100 of cash vs. carrying around a roll of $100 bills.
Quote
It might be overkill for a couple bitcoins but if you are talking hundreds or thousands it is well worth the money to have an secure dedicated laptop to perform offline signing. The private keys never touch a computer connected to the internet .... ever. Not just in storage but also in use.
This doesn't mean you can't also have paper backup as a backup to the offline signing device.
I like the idea, but it's something I'd only do if transacting large amounts of BTC. You would still have the burden of transferring the address (from an online source) to the signing computer and then back to the online computer to send the transaction without a direct connection. I'd still be uncomfortable with leaving private keys to a large amount of BTC on a device that could be hacked onsite.
If keeping bitcoin safe becomes too difficult, then it will impede bitcoin's adoption amongst non-technical people. I am confident I could teach my mother how to transfer a paper wallet to a hot wallet app, spend some bitcoins, then sweep the remainder to a fresh wallet. I am sure I'd get a glassy-eyed response explaining why should and how to transfer bitcoin from a cold-storage computer to an online computer.
Jump to: