Topic: The Bank of Bitcoin- The World's Most Secure Bitcoin Service- Unhackable! - page 5. (Read 6864 times)

Get a well known and respected company to issue a verifiable certificate after auditing your code and security practices.  Then get a well known and respected insurance company to insure the deposits.  If you can do both of those, I'll consider using your "bank".  Until then, you are just another wallet service that is likely to disappear with the funds like so many similar services have done in the past.

surfin01- Thanks! Actually, one of the best features, which we haven't talked about much on here, is the ability to send BTC to other Bank members instantly, without needing to wait for any sort of confirmation from the Bitcoin p2p network.  (These are Bitcoins stored in Active Storage, not in Paper Vaults, just for clarification.) We think that this has the potential to really advance Bitcoin commerce in the future.  Imagine going to a store and trying to buy something with Bitcoin, but having to wait at the register for confirmation.  It's just not practical.

We imagine, instead, moving a certain amount of BTC from your Paper Vault to Active Storage before your visit to the store, anticipating the amount you will spend.  Then, at the register you just move BTC from your Active Storage to the store's Bank of Bitcoin Account, instantly! And not only is it instant, but even the small Bitcoin p2p network fee would be eliminated.  As this practice became widespread, not only would it increase the acceptance of Bitcoin as an alternate currency, but we feel it would serve to increase the monetary value of Bitcoins.

sounds like a good idea, if it isn't a scam..

BitWulf- This is NOT a bank in the traditional, government-controlled bank.  It is a bank in that it is a way to store Bitcoins, and it would be impossible for even the government to confiscate Bitcoins from a Paper Vault from The Bank of Bitcoin (or for anyone else to steal them for that matter) so in that sense it is even more secure than a traditional bank.

AzureEngineer and saudibull- yes, our Paper Vaults are unhackable.  As I have said before in this thread, it is impossible to hack a piece of paper with Bitcoins Addresses and Private Keys hidden in your sock drawer.  It is specifically these Paper Vaults which are unhackable.

EmperorBob- No we don't store passwords in plaintext.  Our programmers are fanatical about even the possibility of security flaws, and have simply disallowed certain characters which have been associated with security breaches on other websites in the past.  They have told me that in reality allowing these character would probably not be a problem at all...but why take a chance with security?  I was surprised myself some time back when I was sending a test message from our Contact form, and I received the notification that a certain character was not allowed in the subject line.  Again, our programmers just disallowed certain characters that could be used as "escape" characters or could be used to execute or inject "rogue code," even when the possibility of this happening is small to non-existent.

+1

Hmm, so why dont people just keep their own btc on paper instead of giving it to you... lol

this certainly looks interesting

Hi Veronica,
The quote above (I have yet to verify it for myself) suggests that you guys may be storing passwords in plaintext. I certainly hope you don't because the kinds of users you're targetting, who are less technologically inclined, will reuse the same password over and over. Since you also store their email address, this leads to them quickly getting their fiat online banking, email account and other accounts compromised if you do get hacked. If you don't know, please ask your developpers. If they say they're storing passwords in plaintext (or using anything other than bcrypt), please refer them to this http://codahale.com/how-to-safely-store-a-password/.

A friendly reminder to to anyone considering using the site: Use a different password, it protects you against malicious websites and incompetent ones alike.

I don't think a bitcoin bank is really needed.. Isn't a bitcoin bank contrary to what BTC stands for?

Explodicle- We are not hosted by GoDaddy. They are our registrar, i.e, where we registered our domain name.  They are also where we purchased our SSL certificate.  I don't think GoDaddy has the capability of actually hosting such a technically demanding site as ours, but I could be wrong.  In any event, they are not our webhost.

As for a Government order, there is no sensitive personal information kept on our server.  All that is needed to register is a valid email address (which are easy enough to create anonymously) and a password.  We don't ask for anyone's name or other personal information. 

The way that our Paper Vaults are designed an operate prevents us from knowing your Paper Vault addresses, or from being able to access your Paper Vaults in any way, because we don't have the Private Keys.

Because there are many other websites which actually DO store your Bitcoins/Private Keys on their server while we encourage our Members to store the majority of their Bitcoins in offline Paper Vaults there is much less incentive to attempt to hack us, compared to other online services.

Also, to address the issue of a hacker trying to modify any of the javascript involved with our Paper Vaults we have created a page with pretty simple instructions for checking the md5 checksum of the source code for our Paper Vault pages.  Essentially, this allows our users to tell if the code for these pages is ever modified in a fairly simple way.  It also allows us to regularly check this as a part of our own daily routine, and take any needed countermeasures should the need arise.  This page is available at
https://thebankofbitcoin.com/docs/check_for_yourself.php?lang=en.

WBlaylock- You are probably right about the word "bank."  But as I have said earlier in this thread, the term "bank" does have meaning outside of government controlled banks.  And in this case, with regard to our Paper Vaults, they are even more secure, because no government can control your spending of Bitcoins from your Paper Vault, and no government can confiscate your Bitcoins from a Paper Vault.

My unqualified, probably not fully educated (as I have only been about this a year or so) opinion:

The word "bank" in any connotation where "anonymous" and "not controlled by any government" are tossed about like candy at the Thanksgiving Parade is probably much more a liability than a help, even with TBoB's lengthy missives on that subject.

Next, it is entirely likely that what you are offering is pretty much the same as having a wallet somewhere for "instant access" (or as close as possible depending on the fees, etc.) and Armory software.

Next the convenience you offer between other "members" may be a bonus point.

I strongly suspect that only time will tell one way or the other, but for now I am a bit more skeptical than ready to jump on the bandwagon.

I admire your entrepreneurial spirit.  The risk/reward ratio of bitcoin related businesses is HUGELY positive and with the right idea you could make a fortune, but I'm not sure if a bitcoin bank is that idea.

In this day and age the word "Bank" has almost become a four letter word and the idea of one brings out strong negative emotions in most people that like bitcoin, and a strong negative feeling is not a good first impression for a person to have that you're trying to sell your product/service to. 

The people on this forum are both your target market (bitcoiners) and your greatest critics, so if an idea can pass the "acid-test" of this forums unofficial peer review process then you can put serious money behind your idea with even more confidence.

What is the problem that you are offering a solution to that can't be solved by simply using Armory?

First of all, the Paper Wallet is hackable. If someone can hack your GoDaddy site, then they can modify the javascript to share keys with the hacker. The average person might skim over the code once, but not every time from every device. This is inherently less secure than downloading the client once per device.

Second, the part which actually makes you a bank - the active storage - is just as hackable as MtGox.

Third, you are government-regulated. You're hosted by GoDaddy and they'll comply with a court order. If you don't want regulations you'd better be certain of your anonymity and should probably move to Tor. But that also makes it much harder for anyone to trust you.

Papaminer- Well I hope any good points we make aren't overshadowed by GoDaddy 

i wanted to lol but some claim makes a good point...

until i saw GODADDY SEAL...

now i can LOL...

TimeofMind, you can absolutely use the standard Bitcoin client. There are problems with that though for a lot of people, although it may not be a problem for you.

One disadvantage of using the Bitcoin client to store your BTCs is that you have to spend them from the same device the client is being run on, or another device that is running the client. The Bank of Bitcoin makes it where you can spend your BTCs from any internet-connected device, anywhere in the world. That device does not need to be running the standard client. You could pick up your friend's iphone and spend your BTCs from there. Being able to pay someone in BTCs from your cell phone is a convenience that not many people have right now (or unfortunately need, but we're hoping to help change that). You could receive BTCs on your cell, and spend them from your work computer without any special software.

Running the client is also a huge drain on memory and bandwidth, which may not be a problem for you but is a problem for many people- and is a barrier in terms of BTC being adopted by the world. Running Bitcoin software on your own computer or other device typically requires downloading the full Bitcoin "block chain". The block chain is the full history of all Bitcoin transactions which have occured since the inception of Bitcoin. This is currently about 7GB of data and growing quickly. Maintaining a full copy of the block chain requires an ever-increasing allocation of memory, and the constant downloading of new transactions makes it impractical (and essentially impossible for people with slower Internet connections).

Our solution is to download and store the block chain on our server. We use our memory and bandwith, thus freeing up your resources, making Bitcoin easily accessible to all. This is in large part an effort to make this a more convenient (and therefore viable) currency. Thanks.

We are absolutely using BTCs to get away from government-regulated banks, and we are certainly not a government-regulated bank. We believe the word "bank" has meaning outside of regulated banks. In our case, it is bank in the sense that we deal in financial services; more specifically, we simplify BTC ownership, as well as make it secure. Paper vaults are like a piggy bank, and much like a personal piggy bank someone would have to quite literally break into your house, your safe, wherever you keep your Private Keys and Bitcoin Addresses and steal them that way.

I appreciate your input and questions folks.

Why do I need a website service in order to print out the private keys associated with my bitcoin addresses on a piece of paper? Is there something I am missing here? What is the point of having your site at all? Because you serve a javascript application that can generate private keys for people? Why would I run a javascript application given to me by some server when I can just use the standard bitcoind client? Also, anyone can load their private keys into any wallet on any computer and spend them from there, what does this have to do with your online service? You sound like you are providing all the services that are already available inherently in bitcoin to anyone with a bitcoin client.

Okay, great questions. There are two different types of storage. One is the Paper Vault, where you store your Private Keys yourself. We never see your Private Keys, never have access to them, and your Private Keys are never seen or sent over the internet. It is the safest way to store your BTCs.
 
Then there is Active Storage, which is less secure but more convenient than Paper Vaults. We advise you keep as few BTCs there as needed, and the lionshare in your secure Paper Vault (much like you would typically keep smaller amounts of spending cash in your back pocket, and keep your life savings in a bank). When you want to spend your BTCs out of the Paper Vault, you can either spend them directly out of your Paper Vault (which requires going through the network)- or if you want to transfer BTCs to another Bank member for free and instantly, you can log in, enter your Private Key on the clientside javascript page we provide (so your Private Key is never revealed online, and your BTCs are never made vulnerable- only the transaction string is sent) and you can send the amount you need to your Active Storage for spending. In Active Storage, your Private Keys are kept on our server like Gox does it, which is how you can send to other Members free and instantly. You can always just transfer BTCs into Active Storage when you're going to immediately spend them, significantly decreasing any changes of anyone hacking our server, and therefore gaining access to your BTCs. Each type of storage has it's own benefits and disadvantages, but the tradeoff of storing your BTCs in Paper Vaults is pretty small- it's just the time it takes you enter your Private Key.