Topic: The Bank of Bitcoin- The World's Most Secure Bitcoin Service- Unhackable! - page 2. (Read 6864 times)

My understanding is that using the word "bank" in your name can lead to regulatory problems down the road.  

Sure I'd accept that answer. At this point the only way for them to begin redeeming the reputation of the site is to retract the e-wallet features... while consulting with us on how to actually construct a viable business model.

If they had done any sort of market research (like talking to one of their IT guys for 10 mins =P) they would have been told that best way to build a name would have been to provide the paper wallet download alone... then take advice on making it as secure as possible... then in a 6 months or a year... deploy whatever the rest of their services would be. At least that way you've got some name recognition. So the average user can think 'oh yah, I remember looking at the paper wallet site... cool they've got a wallet service now... I might try that out.'

Nothing is unhackable

You do realize that calling yourself a bank and taking peoples money holds certain legal ramifications, right?

Or rushed in without fully researching the marketplace. Quite possible considering the complexity.

  looks interesting

QFT. I'm sick of arguing about this, so in case anyone needs it spelled out for them:

BoB knows when Alice loads the page.
BoB knows when Alice broadcasts a transaction.
If the difference between these times is <30s, BoB knows Alice didn't check the hash.
If Alice hasn't checked a hash during the last 10 logons, she probably won't do it on the 11th logon.

So much this. So much time has been spent on their paper wallets, that there hasn't been much discussion of the features they offer with their active wallets, and how those should be viewed with all of the caution a normal online wallet warrants (quite a bit).

I'm willing to give BoB the benefit of the doubt and assume they really do believe that simply combining two existing services, a hot wallet and the ability to print paper wallets, is a viable business model. My problem is with the way they choose to promote it. It seems that they are attempting to conflate the two separate services in the mind of customers, giving the impression that their hot wallet service is unhackable.

Now I'm sure Veronica will reiterate that they aren't making the claim that their server is unhackable. However, by continuing to define themselves as "The World's Most Secure Bitcoin Service" without clarifying that this does not in fact refer to themselves but to paper wallets in general, the BoB will continue to be criticized.

All you've done is glue a banana to a shoe and called it "the world's most edible footwear"; it's deceptive and condescending and you should stop.

That's basically an invite for everyone to go and try it

Mad claims...

I really wasn't going to chime in on this thread again. But It's been sitting there taunting me all day.

The ironic thing is: we aren't the ones being obtuse. We'we pointing out legitimate points of weakness and flaws in your concept. We also have no doubt that you "take security VERY seriously" but that doesn't make you any good at securing your site. At best your inept at worst your attempting to pull something.

~

If I were malicious - I might do something exactly like what you've done... including making multiple mdm5 documents on how to 'verify' the authenticity of the paper wallet generation code. Then I'd set my server up to monitor get requests from the same clients. Whenever my software felt someone wasn't being diligent checking - it would then deliver altered code that would deliver a copy of the private key back to my server. Assuming that you could kick the can down the road for awhile with some less experienced users claiming your legitimacy... in a few years you'd have access to hundreds or thousands of cold storage wallets that you could then clean out for massive profit. Total time invest - six to eight hours it would take to put together your website and 2 years of hosting fees.

~

One reason nobody is taking you seriously is because you aren't offering anything (except a bit more hassle) to do the same things we can do already using established software and services. There's no way for you ever make much of a profit offering 'clones' of other services. This means that you must have some other plan for how to make a bitcoin off the venture... otherwise why bother.

Another reason is when security issues and flaws in concept are pointed out you imply we're being obtuse... if you were legitimate you'd be trying to get our input on how to fix these issues instead.

~

When it comes to the bitcoin world there are a couple hundred thousand geeks and fiscal wizards (at least) who're more than willing to help you develop a good product or service for the fun of it... or simply for whatever it might add to the growth of bitcoin. My advice to you would be to start listening to us about the issues with your 'service'.

Actually, we have no way of knowing who is or is not checking hashes.  And actually, it takes less than 30 seconds once you get the hang of it.


The SAFEST place to keep your coins is OFFLINE, in paper form, hence our Paper Vaults, which are created and printed using client-side javascript on the user's computer.  The coins in your Paper Vault aren't sent off to our "bank," but remain OFFLINE in your Paper Vault.  The Bitcoins and Private Keys in your Paper Vault are in YOUR hands, NEVER ours.  And that's the point.

Don't be confused or mislead by the term "Bank" in our name...perhaps we should have called ourselves The "UnBank" of Bitcoin...because we are unlike any other Bank, reflecting the unique nature of Bitcoin itself.


Actually, nothing could be further from the truth.  Running your own client only allows you to spend Bitcoins from the same device where you stored them, while The Bank of Bitcoin allows you to spend them from any Internet connected device.  Furthermore, there is no need to drain your own memory, cpu resourses, or bandwidth, or to back up wallets.  Just create your Paper Vault, print as many copies as you like, and store your coins there, in the most secure form of Bitcoin storage possible.


Paper Vaults, like paper wallets, ARE unhackable.  We have never stated that ANY site is unhackable, just that Paper Vaults are.  And no problem about the language.   

BitCoin was created to get away from banks, not to create new, supposedly unhackable shit sites. Srry the language but that's my opinion...

"Unhackable" generally translates into "famous last word" even without the exclamation...

Pretty much this. You don't have to use the qt wallet, but any of the main wallets: Armory, Electrum, Multibit, or the Qt client are all good choices. The Android Bitcoin Wallet app is good too (make sure you find the right one, it uses the same backend as Multibit). Even Blockchain.info isn't a bad choice.

This site actually seems like more of a hassel than just running your own client...

The safest place to keep your coins is in your own qt wallets, back them up - Plain and simple, no need to send your coins off to some "bank", if MTGOX and other exchanges and sites get hacked, this will too, keep your coins in your own wallets -

One has to spend those 2-3 minutes EVERY TIME they log on. Since you know the IP and time of page loads, and when the next transaction is sent to you from that IP, you can tell who hasn't been checking hashes and how many coins those poor careless souls have in their wallets.

nnyld, ScaryKubiak, pluh, r3wt (and others) -

I have said before that although we have done literally everything we can think of to make our site as absolutely secure as possible, we know that there is always a possibility of any site being hacked...even the White House's site has been hacked in the past.

The Paper Vaults that The Bank of Bitcoin allows its Members to create CANNOT be hacked.  They are literally just as secure as any paper wallet.  I have stated this so many times, in so many ways, that I am reminded of the scene in "The Shawshank Redemption" where the lead character called the warden "obtuse" for seeming to deliberately misunderstand what he was being told.

Even if our site were hacked, any Bitcoins in your Paper Vault would be absolutely safe.  This is quite unique for an online Bitcoin Service: when other online services are hacked your Private Keys and Bitcoins are gone; with us, it would be an inconvenience, but the Bitcoins and Private Keys in your Paper Vaults would remain safe.

Furthermore, to combat the possibility of the injection of malicious code into the client-side javascript used to manipulate your Paper Vaults we have described a two- or three-minute method to check that our code has not been altered (either by a hacker or otherwise).

It should be obvious that we take security VERY seriously, and have created an online Bitcoin service which handles that security by putting YOUR Private Keys and YOUR Bitcoins in YOUR hands, and yet STILL allowing you to send your Bitcoins from any javascript-enabled Internet-connected device.  This is a very unique, valuable and secure service - and I am proud of what we have accomplished.

Everyday non-technical users might never check the MD5 at all, or so infrequently that many of them could feasibly lose coins during a website breach.

Newbies would probably have better perspective on this than I do... which is more daunting?
A) Download a program like Armory, check its hash once, and learn how to use it. Must re-check the hash on every new computer.
B) Go to an easy website, but write down an MD5 and check it every time you visit the site.