Topic: You think you don't need to trust blockchain.info ? Think again - page 2. (Read 14113 times)

+1
I could not agree more. It seems that OP was trying to get the message across how relative these different perceptions of trust or trust model are.

Hosted wallets like paytunia or instawallet have been the target of biased and uneducated criticism.

I have said before how damaging it can be for an emerging technology like bitcoin to be subjected to an ideological stance regarding security and trust models when usability and reliability are equally important factors of adoption.

OP does not deserve accusations of being biased or uneducated, quite the opposite.

After sleeping on this something else has occured to me on the topic.

Certain hosted walelts that "do it right" (namely strongcoin and blockchain.info) may actually be *more* secure for many of the reasons stated in this thread aginst them.

The biggest one, that I have yet to see mentioned, is the isolation imparted by the browser. 

I think it has been hashed to death and we all agree that unless you are implementing your own bitcoin clcient 100% from scratch or you review each and every line of library code each time it changes that you are imparting some level of trust on someone.

In this regard the browser/javascript based wallets are acutally more secure IMHO because they are isolated and can only access the funds I give them the private keys for.  As opposed to a desktop client that feasbly could capture every bit-cent that flowwed through that system.

I just think the whole FUD against the managed wallets (again those who "get it right") is unbiased.  If you want to take a walk down the road of "what could happen if a solution provider woke up evil this mornign" then consider...

Most people install the desktop clients in binary form, and even those who compile their own don't check the source code.  Lets say that the Armory/Electrum/Satoshi (seems how we are picking clients with absolutly no proof or knowledge) developers decided tthey were evil and deployed slightly modified client that say for the enxt six months gathered every private key that ever passed through it, even paper wallets.

Then on a "bitcoin black friday" the evil dooers decided to empty all of those addresses.  Most people wouldn't even know until it was WAY too late, and the few people that were actually taking the propper precautions to prevent this would be inconsiquential compared to the funds they would actually capture.  Furthermore because they are desktop clients there are about 1000 and 1 ways that they could capture the wallet.dat files of other applications and exfiltrate them.

My point is: Unless you are one of a very few people in the community who write this from scratch, you are trusting someone.  That doesn't really matter if you are trusting them to write a library, a desktop client, or a website.

Also web clients have certain features I find very attractive such as:
 - There is no wallet.dat on any of my systems to steal.
 - I have two factor authentication to my wallet, so even if my password if compromised I still have a window of protection from my two factor which would be impossible to do correctly in a non-hosted solution.
 - I have access to my wallet on all of my devices, including my un-jailbroken iDevices.
 - It looks better than any of the other desktop clients I have tried.
 - I don't have to wait 2+ hours for the blockchain to download
 - Payment notifications

These are just a few of the things I can count off the top of my head.  If you decide that you would rather use a desktop client then that is great.  That is the great thing about choice, and we have alot of great (and for the record I believe trustworthy) sources to choose from.  But to spread FUD that is opinionated and uneducated is just irresponsible.

He said http://blockchain.info/address/1FrtkNXastDoMAaorowys27AKQERxgmZjY was Instawallet cold storage address.


In my view it's best to plan for the worst - The best laid plans of mice and men often go awry. Bitcoin doesn't exactly have a stelar history of services operators not making mistakes.

Client side encryption puts much less risk on the operator. Individually encrypted wallets, operator has no access to funds, User's balances are stored in the blockchain rather than an SQL db and users can backup their own wallets etc.

Davout did not say he was using just one address, did he ?
Even he was using one address why would you assume carelessness one his part more than on the part of piuk or any other bitcoin service operators ?
If one does not believe in the possibility to manage safely a cold storage address, one might as well keep using traditional bank services..

A Hash collision isn't inpossible.  Imagine a noob installing Bitcoin and upon downloading the block chain he sees 20,000 BTC ready to roll in his client?  Will he know what to do?

It may be better in terms of detection.  If hacked and rooted and poison code sent which scoops up wallet.dat maybe it would be noticed before it got them all.  Hosted wallet, crack the box, get all wallets.  No time to detect and evade.  but you are right, code must be signed.  Maybe an app through the app store?

i think it depends on the situation.

first of all, i'm assuming we're talking about rarely accessed savings wallets here where most of one's coins would be stored as in the $100K example piuk presented.

second, i'm assuming one has enough security knowledge to store these encrypted coins offline.

third, lets ignore rubber hose techniques for now.

thus, in this scenario, it wouldn't matter if one had the $100K worth of coins in one vs. many different addresses as the only possible attack vector would be a brute force attack of SHA 256 which is currently impossible.

With multiple wallets/addresses you need to capture multiple private keys tO spend the coins. As Ben said: mistakes happen in the worse way. If you only have one address run onmistake and EVERYTHING is gone.

what's the difference btwn holding that amount in one vs. many addresses?

"The safest" assuming you are better/equal at security than the guys running the web services.

How many non-techies do you know with computers?  How many of them have had viruses?  Should any of them rely on their local wallet installation to protect them?  Desktop computers are, statistically, far more likely to be compromised than servers.

Anyway, nothing is zero-trust in life... Except death.

Everything is about risk management and not putting all your eggs in the same basket.

I agree with davout in that no one should be touting any online wallet as a zero-trust service, regardless of how the private keys are dealt with.  But, I also agree with others that blockchain.info is one of the most secure and trustworthy platforms I've seen.

No one should be touting blockchain.info as a zero-trust site.  But it needs a heck of a lot less trust than other online wallet sites.

+100k

people know the difference between the cash they carry around for routing spending, vs. their checking account, vs. their savings account, vs. their retirement accounts.

bitcoin can fulfill all those needs in various forms. pick the right service for the right function and it will be fine.

That's probably the safest option for YOU. Because you have an offsite backup of your wallet right ?

I'm targeting people who are new to bitcoin, who might not be aware that they need to make backups including offsite backups. People who don't want to wait for the blockchain to download and all the other things that make the client unusable.

I think you're right to bring attention to this and I think the hybrid wallets bring value to the community. If there was a way to close the operator risk issue that would be great.

e.g. A third party trusted service that monitors changes to the site and reports issues.

Agree that the title is too sensational.

I don't consider leaving $100k in one bitcoin address a wise security decision, I don't care how "offline" it is. Mistakes happen in the worst ways possible.


There is no way to correlate the balance in that public address with full balance of instawallet users. There could be 50% missing and nobody would be any the wiser.

Yes, as you say cold storage doesn't make sense on JS wallets.

I'm impressed by the code monitoring setup you advertise.

But I disagree on the safest option to store coins. The safest is to use a full client or light client (light client that doesn't get served any code whatsoever). That's the only way to not have to trust anyone.

There's not much need for cold storage with a JS wallet as all the private keys are encrypted anyway. If the servers are compromised the hacker still can't spend coins.

On StrongCoin a hacker has about a 1 minute window to change the JS before it's detected and I get an SMS. In that time the probability of a payment going through is not large. They would be lucky to catch 1 password.

So that leaves the owners as the biggest risk, however that risk is far less then the old style e-wallets because we would be held accountable. We wouldn't be able claim that someone hacked the site, it would obviously be us.

So I think hybrid e-wallets are the safest and most convenient way to store your coins.

What I mean by cold storage is using offline addresses.
Typically, the minimum possible is left on the server to reduce the consequences of a theft, should the server ever be compromised.
It requires monitoring to either send excess funds to cold storage, or reload the server if the amount of withdrawals largely exceeds the amount of deposits.

When your cold storage address is public, you cannot lie about getting hacked in order to steal user funds for yourself.
You can only lie about a hack and steal the funds that are in the hot wallet.

The same way, in the JS wallet model, an operator can claim having been hacked in order to steal a percentage of the funds using client-side code poisoning.

In both cases, a rogue operator can steal a percentage of the funds by claiming that a hack occurred.

You've mentioned it a couple of times but I don't know what sense you're using it in. Please explain what you mean by "cold storage" and how it is made public in a way that stops it being stolen.