# Lifestyles & Discussion > Bitcoin / Cryptocurrencies >  Is mtgox trustworthy.

## RonPaulIsGreat

I don't think they are. 

Reason. They will allow anyone to deposit bitcoin without any verification. At least they let me.  However, once they have your bitcoin they hijack it and won't let you simply move the same bitcoin out without, being given a copy of your drivers license, and like a power bill. Essentially the documents a real bank wants BEFORE they will let you open an account. Banks don't let you open an account  and take your money THEN demand information to let you withdrawal it. 

Anyway, looks like I'm out 50 bucks. IMO, that place is going to end badly, they don't need all that information. Other sites I've looked at don't want all that, and on top of it, they've been hacked before, just imagine them getting hacked again, and getting copies of your drivers license and recent power bills, they or the hackers could do whatever they want to you. 

Anyway, Lesson learned. This $#@! is way shady, IMO. 

I guess not really out of 50 bucks, as got the bitcoin for free.

Essentially having a mtgox account is equivalent to giving your entire financial life to a stranger. They really could sell your identity complete with signature, and photograph of you to anyone. Why do they need all that? I don't think they need it. They might want it. But they don't need all that for verification. 

Anyway, I'm not giving it to them.

----------


## newbitech

> I don't think they are. 
> 
> Reason. They will allow anyone to deposit bitcoin without any verification. At least they let me.  However, once they have your bitcoin they hijack it and won't let you simply move the same bitcoin out without, being given a copy of your drivers license, and like a power bill. Essentially the documents a real bank wants BEFORE they will let you open an account. Banks don't let you open an account  and take your money THEN demand information to let you withdrawal it. 
> 
> Anyway, looks like I'm out 50 bucks. IMO, that place is going to end badly, they don't need all that information. Other sites I've looked at don't want all that, and on top of it, they've been hacked before, just imagine them getting hacked again, and getting copies of your drivers license and recent power bills, they or the hackers could do whatever they want to you. 
> 
> Anyway, Lesson learned. This $#@! is way shady, IMO. 
> 
> I guess not really out of 50 bucks, as got the bitcoin for free.
> ...


//nvmd

----------


## PaulConventionWV

> I don't think they are. 
> 
> Reason. They will allow anyone to deposit bitcoin without any verification. At least they let me.  However, once they have your bitcoin they hijack it and won't let you simply move the same bitcoin out without, being given a copy of your drivers license, and like a power bill. Essentially the documents a real bank wants BEFORE they will let you open an account. Banks don't let you open an account  and take your money THEN demand information to let you withdrawal it. 
> 
> Anyway, looks like I'm out 50 bucks. IMO, that place is going to end badly, they don't need all that information. Other sites I've looked at don't want all that, and on top of it, they've been hacked before, just imagine them getting hacked again, and getting copies of your drivers license and recent power bills, they or the hackers could do whatever they want to you. 
> 
> Anyway, Lesson learned. This $#@! is way shady, IMO. 
> 
> I guess not really out of 50 bucks, as got the bitcoin for free.
> ...


You're right, it's shady, but I just want to point out, they haven't been hacked before.  It was a DDOS attack, I believe, and that's far from anything you could consider a hack.  Also, withdrawal is a noun, not a verb.  Please use it accordingly.  The word you were looking for is "withdraw".

----------


## amonasro

If you're going to be trading bitcoins, at some point you're going to have to give proper ID (passport/utility bills) to an exchange to verify who you say you are. 

AML/KYC regulations are a bitch. I don't think Coinbase requires such documentation for smaller purchases.

----------


## RonPaulIsGreat

I withdrawal my hacked comment. 

I guess it was when their database was allowed to be stolen, I was thinking that it was hacked for some reason.

----------


## amy31416

> You're right, it's shady, but I just want to point out, they haven't been hacked before.  It was a DDOS attack, I believe, and that's far from anything you could consider a hack.  Also, withdrawal is a noun, not a verb.  Please use it accordingly.  The word you were looking for is "withdraw".


You've made many grammatical errors while posting on this forum, would you prefer I point it out publicly or privately? I rarely read your posts anymore, but I think there are others around who do who wouldn't mind making a post publicly about your shortcomings.

That said, I hope it made you feel better about yourself, especially since you assumed a grammatical mistake when it could have easily been a typo. I'm sure you know that though.

----------


## RonPaulIsGreat

> You've made many grammatical errors while posting on this forum, would you prefer I point it out publicly or privately? I rarely read your posts anymore, but I think there are others around who do who wouldn't mind making a post publicly about your shortcomings.
> 
> That said, I hope it made you feel better about yourself, especially since you assumed a grammatical mistake when it could have easily been a typo. I'm sure you know that though.



LOL. No wars please. I type fast, and don't check for spelling.  If someone wants to follow my posts, they will be correction heaven.

----------


## amy31416

> LOL. No wars please. I type fast, and don't check for spelling.  If someone wants to follow my posts, they will be correction heaven.


No worries. As I said, I rarely read his posts anymore.

----------


## acptulsa

I issued a correction earlier.  Someone typed 'succession' when they meant 'secession'.  I consider that minor error important on a site dedicated to liberty literacy.

I typed it in a +rep.  That's private enough, and seems to make it painless enough to be taken in the spirit in which it's intended...

----------


## PaulConventionWV

> You've made many grammatical errors while posting on this forum, would you prefer I point it out publicly or privately? I rarely read your posts anymore, but I think there are others around who do who wouldn't mind making a post publicly about your shortcomings.
> 
> That said, I hope it made you feel better about yourself, especially since you assumed a grammatical mistake when it could have easily been a typo. I'm sure you know that though.


Please do point them out.  The truth is, I know when I'm making them, and I've decided that my comments are still coherent, regardless.  It's when the grammatical mistakes obfuscate the meaning of the post that I find issue.  If you don't like grammar nazis, then don't read or respond to my posts.  

The fact that the grammatical mistake contained two letters that just happened to form the end of an actual word significantly limits the chances that it was a typo.

----------


## PaulConventionWV

> No worries. As I said, I rarely read his posts anymore.


Good for you.  The next step is to stop making snarky responses to them.

----------


## dannno

I'm confused - I just moved some bitcoin out of mt. gox over to another wallet by going to funding options, withdraw, bitcoin option.. From there I could go to localbitcoins.com and sell somebody my bitcoin without a driver's license. I guess the big difference is that I got my bitcoin into mt. gox by transferring the bitcoin over from coinbase.

Do they really put additional restrictions on your account if you obtain your bitcoin a certain way from them?

----------


## newbitech

Actually, I just had nearly 6 BTC stolen from my Mt. Gox account.  No, not trustworthy at all.

----------


## PaulConventionWV

> Actually, I just had nearly 6 BTC stolen from my Mt. Gox account.  No, not trustworthy at all.


What confuses me is why people apparently still trust them.

----------


## newbitech

> What confuses me is why people apparently still trust them.


They were the only way to get going in the beginning.  I held off for a while on getting the account verified.  I planned on moving my BTC out, but had no way to do so since they required personal info.  I just got my account verified with my id and internet bill last Friday.   Immediately the BTC is gone. 

Unbelievable.  I have completely lost any confidence in BTC as any sort of valid monetary system at this point.  

The system isn't ready for prime time at all.  I was concerned that my account was potentially insecure since in reality it was only protected by the strength of my exchange password.  Clearly that wasn't enough.  

BTC unfortunately doesn't have the security to authorize transaction built in and there is clearly no recourse for unauthorized transactions, since the entire concept of "authorization" is non existent.  

I am really ashamed of the fact that fell for some illusion of a secure system.  Unfortunately, I believe the added layer of security required to restore my confidence in BTC as a viable median of exchange will erase all of the benefits of the system.  

Ultimately, I only lost about 160 bucks.  But learning the lesson, "if it's too good to be true" again was probably worth it.   

I'm off the BTC bandwagon.  It's a joke that a system that is based on basically cracking sha256 is secured by nothing more than a plain text user string.

----------


## amy31416

On topic:

Mt. Gox is totally effed--do not use. Has been so for months. I've never used it, but my resident "expert" said to avoid, if that's not apparent already.

----------


## newbitech

> On topic:
> 
> Mt. Gox is totally effed--do not use. Has been so for months. I've never used it, but my resident "expert" said to avoid, if that's not apparent already.


BTC in it's current iteration is effed.  Adoption rates are going to hit the wall once people realize that securing a BTC wallet is tantamount to putting your cash inside of a bank vault and burying it below a nuclear reactor.  

I am sure sooner or later the market will figure this out and come up with a new iteration of BTC that makes it inherently secure.  The reality is right now, that BTC doesn't provide inherent security.

Take cash for example.  What makes cash inherently secure is that it's always in my possession until I use it.  It's in my pocket.  My biggest risk is that I might get robbed at gun point, or be pick pocketed in a crowded market.  I can mitigate those risks without loosing my ability to transact quickly and efficiently in cash.

With BTC, my only mitigation is to build technological layers of security around my wallet.  The problem is that for each later of security, I increase the complications with my transaction.  On top of that, layered security isn't really security, its just a way to stall the potential thief.  And what's more is that each new layer of complexity diminishes my chances of recovering from a successful attack.  At the root level, there is just no way for me to complete stop an attacker.  

In my cash example, I stop the attacker by identifying and facing the attacker.  Impossible with BTC without highly skilled and specialized knowledge.   I kind of realized this when I first had my doubts, now it's crystal clear.  

It's not so much that Mt. Gox allowed this to happen.  They just happen to be the weakest link right now, so naturally that is where the attackers are gonna be.  If Mt. Gox shuts down tomorrow, the attackers will migrate somewhere else.  

At least with my credit card, if I have an unauthorized transaction due to a highly sophisticated attack, I have a chance to identify the attacker and put a stop to the attacks while getting my funds returned to me.  Impossible with BTC.

Attackers can hack away with no chance at getting caught.  Nothing to link the identity of the attacker.  Inherent flaw in the current concept that will require a different approach to resolve. 

Sucks cause BTC is close to being a solution, but it falls short in the most important aspect of property ownership.  There must be a way to identify the rightful owner of that property.  I don't think BTC is really property.  And that's the problem.

----------


## kpitcher

I would say Mtgox is trustworthy overall. However they had a few million grabbed by the US Gov in a US bank account because the new rules of requiring a bitcoin exchange to be a money servicing business came out requiring everyone to instantly comply. Since then any fiat currency is a huge hassle with them. Because of that I haven't bothered. Personally I'd go with the US exchanges such as coinbase or campbx.

mtgox has the ability to require 2 factor authentication. You can use a yubikey or I believe a google 2 factor. By default this isn't required tho so it's just one password keeping you safe. If you lost 6 bitcoin I'd open a trouble ticket. Perhaps it's a glitch on their system.

Btc-e is the exchange I use the most and they also have added security. Every withdraw is required to be authorized by email also and you can do even further with yubikeys and other 2 factor systems.

To me this is more secure than using a pre-paid credit card.

----------


## newbitech

> I would say Mtgox is trustworthy overall. However they had a few million grabbed by the US Gov in a US bank account because the new rules of requiring a bitcoin exchange to be a money servicing business came out requiring everyone to instantly comply. Since then any fiat currency is a huge hassle with them. Because of that I haven't bothered. Personally I'd go with the US exchanges such as coinbase or campbx.
> 
> mtgox has the ability to require 2 factor authentication. You can use a yubikey or I believe a google 2 factor. By default this isn't required tho so it's just one password keeping you safe. If you lost 6 bitcoin I'd open a trouble ticket. Perhaps it's a glitch on their system.
> 
> Btc-e is the exchange I use the most and they also have added security. Every withdraw is required to be authorized by email also and you can do even further with yubikeys and other 2 factor systems.
> 
> To me this is more secure than using a pre-paid credit card.


Two factor authentication is the same as trusting a third party with your details.  Ultimately, an attackers are going to defeat every layer of security that is added on top.  There is no way to personally protect a BTC wallet without completely removing all the other features that make having a wallet better than carrying fiat or holding a bank account.  

BTC was not designed with security in mind.  BTC is inherently insecure.

----------


## PaulConventionWV

> Two factor authentication is the same as trusting a third party with your details.  Ultimately, an attackers are going to defeat every layer of security that is added on top.  There is no way to personally protect a BTC wallet without completely removing all the other features that make having a wallet better than carrying fiat or holding a bank account.  
> 
> BTC was not designed with security in mind.  BTC is inherently insecure.


Doesn't that flaw rely on the existence of exchanges, though?  If there were no exchanges, then people would still be able to store their BTC offline and create backups, etc without trusting a third party to keep their wallet for them.  It's just the fact that people now have to constantly trade in and out of USD that makes it insecure.

----------


## brandon

I'd be comfortable trading most magic cards with them. Probably wouldn't trust them with some of the rares like beta black lotus etc

----------


## newbitech

> Doesn't that flaw rely on the existence of exchanges, though?  If there were no exchanges, then people would still be able to store their BTC offline and create backups, etc without trusting a third party to keep their wallet for them.  It's just the fact that people now have to constantly trade in and out of USD that makes it insecure.



2 things
1.) storing BTC offline defeats the purpose of convenient online payments from anywhere to anywhere
2.) BTC adoption is (so far) relying almost exclusively on purchasing online at an exchange to an intermediate wallet.

----------


## PaulConventionWV

> 2 things
> 1.) storing BTC offline defeats the purpose of convenient online payments from anywhere to anywhere
> 2.) BTC adoption is (so far) relying almost exclusively on purchasing online at an exchange to an intermediate wallet.


1.  How so?  Your bitcoin is only online for a few minutes while you're sending it.  If you store it offline, it takes away the thief's convenience of knowing when and where your bitcoin is going to be at any given moment.  You are in control.  
2.  That's true right now, but it's ultimately up to the bitcoin market to decide if that risk is worth it to get this thing off the ground, where it may not rely on online exchanges.  That flaw is not insurmountable.

----------


## amonasro

> Two factor authentication is the same as trusting a third party with your details.  Ultimately, an attackers are going to defeat every layer of security that is added on top.  There is no way to personally protect a BTC wallet without completely removing all the other features that make having a wallet better than carrying fiat or holding a bank account.  
> 
> BTC was not designed with security in mind.  BTC is inherently insecure.


Surprised to hear you say this. 2FA codes are encrypted phone-side, so a hacker would need physical access to the device.

----------


## newbitech

> Surprised to hear you say this. 2FA codes are encrypted phone-side, so a hacker would need physical access to the device.


or a piece of software running on the device, like a compromised mail client, is what I suspect the attack vector is in my case.

----------


## amonasro

> or a piece of software running on the device, like a compromised mail client, is what I suspect the attack vector is in my case.


this is only possible if you give the compromised piece of software on said device root access. iOS, Android and Linux are built upon Unix, which needs "permissions" to access just about anything. It's built into the OS. Windows, not so much. This is why you hear about Windows viruses/malware problems. Unix is basically immune and far more secure.

----------


## dannno

> I'm confused - I just moved some bitcoin out of mt. gox over to another wallet by going to funding options, withdraw, bitcoin option.. From there I could go to localbitcoins.com and sell somebody my bitcoin without a driver's license. I guess the big difference is that I got my bitcoin into mt. gox by transferring the bitcoin over from coinbase.
> 
> Do they really put additional restrictions on your account if you obtain your bitcoin a certain way from them?


Can anybody answer this question? 

I don't understand what the problem is, I've never had to give mt. gox my information, this thread got me freaked out and I went and transferred some BTC out of mt. gox and had no problem. Do they have different rules on transferring BTC out if you fund through them? Why not just not fund through them? 

Of course newbitech's issue is a different category of issues.

----------


## amonasro

> this is only possible if you give the compromised piece of software on said device root access. iOS, Android and Linux are built upon Unix, which needs "permissions" to access just about anything. It's built into the OS. Windows, not so much. This is why you hear about Windows viruses/malware problems. Unix is basically immune and far more secure.


I suppose my point is that nothing is 100% secure, not even your bank website, which uses a similar (but weaker) form of public/private key encryption as Bitcoin. We take risks crossing the street. But I don't sit at home and miss out on a ridiculously excellent opportunity because there's a 1/100000 chance I'll get hit by a car. I'd say there's a better chance that Bitcoin will fail entirely rather than someone breaking the encryption, or sneaking a virus into my offline wallet in cold storage.

----------


## amonasro

> Can anybody answer this question? 
> 
> I don't understand what the problem is, I've never had to give mt. gox my information, this thread got me freaked out and I went and transferred some BTC out of mt. gox and had no problem. Do they have different rules on transferring BTC out if you fund through them? Why not just not fund through them? 
> 
> Of course newbitech's issue is a different category of issues.


You should be ok. I know Bitstamp requires AML ID for Bitcoin withdrawals, but for small amounts Gox doesn't. It's been awhile since I've traded there so I'm not 100% on this.

----------


## newbitech

yeah, the problem with BTC is there is no way to track the thief.  At least if I am ganked on the street I can track the mofo's.

----------


## newbitech

but yeah, im done with crypto as money until someone can figure out how to secure it.  Don't think that is possible tho without gutting all the great things about it.  Stacking layers of security on top of it is like putting lipstick on a pig.  It's still a pig, and bitcoin is still inherently insecure.

----------


## RonPaulIsGreat

> Can anybody answer this question? 
> 
> I don't understand what the problem is, I've never had to give mt. gox my information, this thread got me freaked out and I went and transferred some BTC out of mt. gox and had no problem. Do they have different rules on transferring BTC out if you fund through them? Why not just not fund through them? 
> 
> Of course newbitech's issue is a different category of issues.


My situation is I had a small amount of btc from a long time ago, on a wallet I found on my computer when cleaning it up. So, I figured I'd use that small amount to test out trading. So, I transferred it to mtgox. I have never purchased a bitcoin from them, or anywhere, the fraction of a bitcoin I had was free from when they where giving them away years ago. I traded it a bit, and decided I did not want to be exclusive to trading bitcoin to usd, and wanted to trade more types of coins. So, I wanted to move it. When I wanted to move it, it won't let me, and says I need to verify my account. 

That's my situation, maybe they only do that on new accounts, yours may be grandfathered or something. I don't know. 

I wrote them about it, and they didn't reply yet, I doubt they will, as I asked them a question before and received no response.

----------


## RonPaulIsGreat

Your account is currently pending review, please visit https://mtgox.com/forms/verification 


That is the exact line that displays, when I click the confirm button, after entering the amount and bitcoin address to send it to.

----------


## PaulConventionWV

> but yeah, im done with crypto as money until someone can figure out how to secure it.  Don't think that is possible tho without gutting all the great things about it.  Stacking layers of security on top of it is like putting lipstick on a pig.  It's still a pig, and bitcoin is still inherently insecure.


I still don't understand how, but I'm sure you have your reasons.  They don''t seem like very good reasons since amonraso has been answering them pretty well.  To me it still seems like offline storage would be able to prevent most of this stuff since the thief doesn't know when you're going to put your BTC back online, or where... It's like being able to convert it between physical cash that you can carry and protect yourself to instant money anywhere in the world, and that is better than just being one or the other, contrary to what you stated.

----------


## newbitech

> I still don't understand how, but I'm sure you have your reasons.  They don''t seem like very good reasons since amonraso has been answering them pretty well.  To me it still seems like offline storage would be able to prevent most of this stuff since the thief doesn't know when you're going to put your BTC back online, or where... It's like being able to convert it between physical cash that you can carry and protect yourself to instant money anywhere in the world, and that is better than just being one or the other, contrary to what you stated.



Offline storage is a layer on top of the protocol.  Since the protocol is inherently insecure, we have to stack layers of security on top of it.  We can attempt to mitigate the vulnerabilities of the protocol by burying it beneath layers of security.  We will constantly be identifying new failure points and weaknesses in security layers, and we will patch those vulnerabilities with even more layers.  Adding layers increases complexity to a protocol that is already difficult to understand at its core.

The value in BTC over the last 6 months has been based on it's adoption rate.  The adoption rate of a monetary system that is not only difficult to understand but is also inherently insecure will never reach a point to justify the current values we see much less potential values.  BTC solve many issues, but ignored one very important key issue in it's conception.  It had to, because what BTC ultimately solved was the symptoms, not the problem.  

Our current monetary system and banking system does some things really well out of necessity.  For instance, if someone steals my bank card information, I have the ability to quickly shut that card down and get a new one.  I also have the ability to track the theft, and have any stolen funds returned to me.  There is a limit to what a thief can do with my account information.  

That is not really possible with BTC since those transactions are final and anonymous.  There is no way for a merchant to validate that the BTC she received was not stolen "property".  There is no way to tie a purchase to a real person.  This was by design.  In very niche circumstances, this may be important.  But it would be a fundamental flaw in a monetary system that spans the globe in all it's languages and all it's exchange valuations.  There needs to be accountability for any financial system to be viable.  BTC puts all the focus on responsibility and basically ignores accountability in terms of people.  The protocol itself is highly accountable, to itself, but its not accountable to people. 

Sure we can stack layer upon layer upon layer of security as a preventative measure, but just like today's mainstream financial with all it's security measures, breaches will occur.  

When a BTC security breach occurs, there is nothing anyone can do about it.

The layers we are piling on top of the BTC protocol are nothing new or innovative BTW.  These are borrowed from the current failing monetary system.

----------


## PaulConventionWV

> Offline storage is a layer on top of the protocol.  Since the protocol is inherently insecure, we have to stack layers of security on top of it.  We can attempt to mitigate the vulnerabilities of the protocol by burying it beneath layers of security.  We will constantly be identifying new failure points and weaknesses in security layers, and we will patch those vulnerabilities with even more layers.  Adding layers increases complexity to a protocol that is already difficult to understand at its core.
> 
> The value in BTC over the last 6 months has been based on it's adoption rate.  The adoption rate of a monetary system that is not only difficult to understand but is also inherently insecure will never reach a point to justify the current values we see much less potential values.  BTC solve many issues, but ignored one very important key issue in it's conception.  It had to, because what BTC ultimately solved was the symptoms, not the problem.  
> 
> Our current monetary system and banking system does some things really well out of necessity.  For instance, if someone steals my bank card information, I have the ability to quickly shut that card down and get a new one.  I also have the ability to track the theft, and have any stolen funds returned to me.  There is a limit to what a thief can do with my account information.  
> 
> That is not really possible with BTC since those transactions are final and anonymous.  There is no way for a merchant to validate that the BTC she received was not stolen "property".  There is no way to tie a purchase to a real person.  This was by design.  In very niche circumstances, this may be important.  But it would be a fundamental flaw in a monetary system that spans the globe in all it's languages and all it's exchange valuations.  There needs to be accountability for any financial system to be viable.  BTC puts all the focus on responsibility and basically ignores accountability in terms of people.  The protocol itself is highly accountable, to itself, but its not accountable to people. 
> 
> Sure we can stack layer upon layer upon layer of security as a preventative measure, but just like today's mainstream financial with all it's security measures, breaches will occur.  
> ...


I'm confused.  What's so different about offline bitcoin from cash?  Why is it a "layer of security" when it's bitcoin and not "a layer of security" when it's actual cash?  I thought you were concerned about being able to "face the thief" when they steal something?  If bitcoin is not always online, then it makes it like cash in that regard, but the advantage is that you still have the ability to put it online and send it across the world in no time.

What you are essentially doing right now is arguing for a centralized currency and against a free market because there is too little recourse for someone who gets stolen from.  You have every opportunity to make your bitcoin as safe as is humanly possible with anything else, and you are worried about the fact that we can't go run to some central bank and ask them to track our card?  I thought this was the stuff we hated about the US dollar.  If it's so great to have something like that, then why are we trying to get rid of it?  Surely the benefits of having a decentralized currency outweigh the fact that, if you do get stolen from, you have very little chance of getting your money back... After all, being careful is half of what freedom is about.  It's not like you're put at any disadvantage, you just have to protect yourself.  

Nothing is ever 100% secure, so if you're so worried about these tiny, tiny holes in security, then you're expecting the impossible.  No system or currency can ever offer you enough layers to completely prevent the possibility of theft, and nothing claims to.  I don't know about you, but I'm not going to completely give up on BTC because there is no recourse in the very unlikely event that you get stolen from.  If you take all the security measures necessary, then you're no more likely to be stolen from than if you used cash.  

I just can't understand your reasoning.  It seems like a very minor point compared to the possible benefits that it can offer.  If someone steals your cash (or gold/silver for that matter), you're not likely to get that back either, but that doesn't stop people from using it regardless of that potential risk.  Just like anything, those who take the most precautions are less likely to suffer such losses.

----------


## newbitech

> I'm confused.  *What's so different about offline bitcoin from cash?  Why is it a "layer of security" when it's bitcoin and not "a layer of security" when it's actual cash?*  I thought you were concerned about being able to "face the thief" when they steal something?  If bitcoin is not always online, then it makes it like cash in that regard, but the advantage is that you still have the ability to put it online and send it across the world in no time.
> 
> What you are essentially doing right now is arguing for a centralized currency and against a free market because there is too little recourse for someone who gets stolen from.  You have every opportunity to make your bitcoin as safe as is humanly possible with anything else, and you are worried about the fact that we can't go run to some central bank and ask them to track our card?  I thought this was the stuff we hated about the US dollar.  If it's so great to have something like that, then why are we trying to get rid of it?  Surely the benefits of having a decentralized currency outweigh the fact that, if you do get stolen from, you have very little chance of getting your money back... After all, being careful is half of what freedom is about.  It's not like you're put at any disadvantage, you just have to protect yourself.  
> 
> Nothing is ever 100% secure, so if you're so worried about these tiny, tiny holes in security, then you're expecting the impossible.  No system or currency can ever offer you enough layers to completely prevent the possibility of theft, and nothing claims to.  I don't know about you, but I'm not going to completely give up on BTC because there is no recourse in the very unlikely event that you get stolen from.  If you take all the security measures necessary, then you're no more likely to be stolen from than if you used cash.  
> 
> I just can't understand your reasoning.  It seems like a very minor point compared to the possible benefits that it can offer.  If someone steals your cash (or gold/silver for that matter), you're not likely to get that back either, but that doesn't stop people from using it regardless of that potential risk.  Just like anything, those who take the most precautions are less likely to suffer such losses.


I'll respond to the rest later, just want to address this part real quick.

1.) Offline BTC can't be "spent".  Sure you could show someone your BTC wallet offline on a USB stick and then trade the USB stick.  BUT, that BTC is invalid until the new owner takes it online and validates it.  Either way, it's still not "spent" in the sense of the protocol since there would be no record of the transaction in the block chain.  That is as close to cash as BTC offline can be.  
2.) There are many problems with the comparison above, for starters, offline BTC as a medium of exchange is still insecure since the receiving party has absolutely no way of validating that wallet offline.  With cash, there is no need to validate the funds actually exist.  Basically offline BTC is more like a check than cash.
3.) My cash never needs to go "offline".  My cash is always "online".  When you take BTC online, you will need to implement security layers or run a higher risk of loosing your BTC with no chance at recovery.  You may implement as many security layers as you feel comfortable with, but you will never remove the risk online.  The primary risk being, no chance of recovery once it's gone.  
4.) With my cash, the security is built in to my personal security.  There are no layers of security needed to reduce the risk to near non-existent with cash other than your personal presence.  You could reduce the risk of holding cash to 0 by not holding the cash personally.  But then this completely destroys the purpose of carrying cash.  You could put the cash in a bank, or you could bury it yourself in your back yard.  There is no risk in being robbed of your cash if you do not carry your cash with you.  The same can be said of BTC.  Holding BTC offline reduces the risk of being robbed online to 0, but then it also reduces your ability to actually use it to 0 as well.  

The biggest difference is, with cash I can physically defend with my life.  The thief cannot perpetrate the crime without physical contact.  This is the inherent security built in to physical cash, whether it's gold or paper or whatever currency, since it is physical, it may be physically secured.  It is impossible to physically secure BTC since BTC does not physically exist. This is why BTC is inherently insecure.

----------


## PaulConventionWV

> I'll respond to the rest later, just want to address this part real quick.
> 
> 1.) Offline BTC can't be "spent".  Sure you could show someone your BTC wallet offline on a USB stick and then trade the USB stick.  BUT, that BTC is invalid until the new owner takes it online and validates it.  Either way, it's still not "spent" in the sense of the protocol since there would be no record of the transaction in the block chain.  That is as close to cash as BTC offline can be.


I don't see why it needs to be "spent" in the protocol.  Even if the transaction is not validated in the block chain, it's still valid because you knew what you were doing.  If you show someone that the BTC exists offline, that's good enough to prove it's there and it's not like that erases the ability to use it online as well.




> 2.) There are many problems with the comparison above, for starters, offline BTC as a medium of exchange is still insecure since the receiving party has absolutely no way of validating that wallet offline.  With cash, there is no need to validate the funds actually exist.  Basically offline BTC is more like a check than cash.


If you show someone the BTC offline, how does that not prove it exists?  If you pull it up on your computer from a hard drive and show them that it's in there, then why is not valid?  




> 3.) My cash never needs to go "offline".  My cash is always "online".  When you take BTC online, you will need to implement security layers or run a higher risk of loosing your BTC with no chance at recovery.  You may implement as many security layers as you feel comfortable with, but you will never remove the risk online.  The primary risk being, no chance of recovery once it's gone.


That is certainly a risk, but I think many people would argue that it's worth it.  As I have mentioned before, the fact that BTC *can* be taken offline helps to largely mitigate the online risks.  If you store your BTC offline, then the thief doesn't know when or where your BTC is going to be online, so there is a very, very low risk of having it stolen in the few minutes it takes to put it online and make a transaction.  




> 4.) With my cash, the security is built in to my personal security.  There are no layers of security needed to reduce the risk to near non-existent with cash other than your personal presence.  You could reduce the risk of holding cash to 0 by not holding the cash personally.  But then this completely destroys the purpose of carrying cash.  You could put the cash in a bank, or you could bury it yourself in your back yard.  There is no risk in being robbed of your cash if you do not carry your cash with you.  The same can be said of BTC.  Holding BTC offline reduces the risk of being robbed online to 0, but then it also reduces your ability to actually use it to 0 as well.


You can do the same things with BTC, like you pointed out, but it still keeps its online capabilities, so just because it doesn't have both at the same time, I don't see why that's such a big flaw.  It can have the same security risks as cash for storage but can also be put online where you can use it to do things that you are not capable of doing with cash, so the fact that it's convertible, to me, means you get the best of both worlds.  Just because you have the very miniscule risk of having it stolen online, that doesn't make the whole system impractical.




> The biggest difference is, with cash I can physically defend with my life.  The thief cannot perpetrate the crime without physical contact.  This is the inherent security built in to physical cash, whether it's gold or paper or whatever currency, since it is physical, it may be physically secured.  It is impossible to physically secure BTC since BTC does not physically exist. This is why BTC is inherently insecure.


But you just said that BTC can be taken offline and stored on a flash drive.  Therefore, although it doesn't have a physical form itself, I fail to see how that makes it any worse just because it's not identifiable.  You can still defend it with your life if need be, and if anything, it is even more safe offline than cash because you can have multiple backups and nobody can tell if any of the flash drives actually have BTC on them, whereas paper currency is immediately recognizable.  The fact that you can do this doesn't negate the fact that you can also use it in the ways that BTC is meant to be used, it just means that you can convert it between online and offline, thus largely mitigating if not eliminating the risk that the thief is going to know where your BTC is going to be at any given moment.  It's impossible for the thief to know when and where you are going to send your BTC online unless they follow you and know the most intimate and precise details about your financial life.

The whole process of sending and receiving BTC doesn't have to take more than a minute.  Just put the BTC online, send it, and it's out of your hands.  The person who receives it can watch it arrive and take offline within a minute, where it is just as secure, if not more so, than cash.

----------


## newbitech

> I don't see why it needs to be "spent" in the protocol.


Just a quick point on this.  One problem that BTC solved was the double spend problem.  Offline BTC is not legitimate currency since I can make hundreds of copies of my 1 BTC wallet.  If I show you my wallet offline, and you agree to trade for it on the thumb, how do you know that I haven't done that 100 times already?

You don't.

----------


## PaulConventionWV

> Just a quick point on this.  One problem that BTC solved was the double spend problem.  Offline BTC is not legitimate currency since I can make hundreds of copies of my 1 BTC wallet.  If I show you my wallet offline, and you agree to trade for it on the thumb, how do you know that I haven't done that 100 times already?
> 
> You don't.


Oh, I see.  That doesn't really mean anything, though.  You can still make the transaction online and then quickly take it offline again.  Like I described, the thief is going to have a hard time doing all the things it takes to break a 2FA encryption and steal your BTC if they don't know when or where the BTC is going to be online.

----------


## dannno

I don't want to sound like I'm blaming newbitech for what happened because I'm not convinced it is his fault and I think it really sucks that happened and I wish mt. gox would give him more answers regarding exactly what happened.

But there are going to be plenty of companies involved in bitcoin that will realize that the longterm value of their services is more valuable than the value of the bitcoin being stored on their systems in the short term. I think that security will be enhanced beyond what it is today. Part of the reason the original bitcoin users are getting to profit from this is because we are apart of the experiment and getting it ready for 'going live' on a broader scale - part of that may mean losing some bitcoin, but if you have it spread around enough then the profits from the rest of your bitcoin investment should hopefully more than cover any losses in case you happen to store some with a service that ends up being less than secure.

I think the idea is that storing bitcoin offline would be like keeping it 'safe' in a savings account at your bank - you can't spend it but you can hold it there. You would put your spending cash in your online wallets. Sort of like how people keep credit cards and cash in their wallet. Although highly unlikely, the money in your wallet might get stolen, but it is even less likely that the money on your thumb drive in your fire proof safe at home, backed up and encrypted on your hard drive and another thumb drive locked in your desk at work perhaps would be safer than what is being kept in your wallet. 

Why did you have 6 BTC in mt. gox? Were you storing it there or were you actively trading 6 BTC on mt. gox? I mean, you should be able to keep that much there and trust them with it... but I really hope you have a bit more bitcoin laying around and you didn't have the majority of it stolen

----------


## PaulConventionWV

> I don't want to sound like I'm blaming newbitech for what happened because I'm not convinced it is his fault and I think it really sucks that happened and I wish mt. gox would give him more answers regarding exactly what happened.
> 
> But there are going to be plenty of companies involved in bitcoin that will realize that the longterm value of their services is more valuable than the value of the bitcoin being stored on their systems in the short term. I think that security will be enhanced beyond what it is today. Part of the reason the original bitcoin users are getting to profit from this is because we are apart of the experiment and getting it ready for 'going live' on a broader scale - part of that may mean losing some bitcoin, but if you have it spread around enough then the profits from the rest of your bitcoin investment should hopefully more than cover any losses in case you happen to store some with a service that ends up being less than secure.
> 
> I think the idea is that storing bitcoin offline would be like keeping it 'safe' in a savings account at your bank - you can't spend it but you can hold it there. You would put your spending cash in your online wallets. Sort of like how people keep credit cards and cash in their wallet. *Although highly unlikely, the money in your wallet might get stolen, but it is even less likely that the money on your thumb drive in your fire proof safe at home, backed up and encrypted on your hard drive and another thumb drive locked in your desk at work perhaps would be safer than what is being kept in your wallet.* 
> 
> Why did you have 6 BTC in mt. gox? Were you storing it there or were you actively trading 6 BTC on mt. gox? I mean, you should be able to keep that much there and trust them with it... but I really hope you have a bit more bitcoin laying around and you didn't have the majority of it stolen


The bolded sentence was a mouthful and contains contradictory elements, but I think I get what you're saying and I agree.  What's more, you don't have to keep any of your BTC online until it comes time to actually spend it.  If you are going to spend some BTC, just carry a flash drive with you like you would your wallet and quickly put it online before the transaction.  The online thief doesn't have anywhere to look unless he knows you're going to be spending BTC at that very moment and where you plan on putting it in the very tiny time frame before you spend it.

----------


## newbitech

> Oh, I see.  That doesn't really mean anything, though.  You can still make the transaction online and then quickly take it offline again.  Like I described, the thief is going to have a hard time doing all the things it takes to break a 2FA encryption and steal your BTC if they don't know when or where the BTC is going to be online.


Yeah but you are focusing on one attack vector.  I am really looking at a host of attack vectors including those we do not know of yet.  Some popular ones that impact the current banking industry are man in the middle and fishing. 

both will be bypassing your security layer.

----------


## dannno

> The bolded sentence was a mouthful and contains contradictory elements, but I think I get what you're saying and I agree.  What's more, you don't have to keep any of your BTC online until it comes time to actually spend it.  If you are going to spend some BTC, just carry a flash drive with you like you would your wallet and quickly put it online before the transaction.  The online thief doesn't have anywhere to look unless he knows you're going to be spending BTC at that very moment and where you plan on putting it in the very tiny time frame before you spend it.


Well newbitech was keeping $4k-$6k+ on mt. gox, which is ok if he was actively trading it but if it was his primary stash then I would have put maybe 4-5 BTC offline and keep 1-2 BTC online either in gox or a wallet ready for spending. In other words, most people don't carry around $4-$6k in their regular wallet, so why keep that much online in a wallet or an exchange unless you're actually doing something with it.

----------


## PaulConventionWV

> Yeah but you are focusing on one attack vector.  I am really looking at a host of attack vectors including those we do not know of yet.  Some popular ones that impact the current banking industry are man in the middle and fishing. 
> 
> both will be bypassing your security layer.


Are you talking about attack vectors that already exist no matter what currency you use?  Then why is that such a problem?  If you're going to spend so much time worrying about what you don't know, then you might as well give up on life.  The point is, what makes BTC so much more insecure than any other form of currency?  From what I can tell, there is nothing inherently insecure about it unless it required you to keep it online all of the time.  To be honest, I'm not even sure I know what you mean when you say "attack vector."  What other attack vectors are there that make BTC different from other currencies besides the one I mentioned?

From a quick google search, the "attack vectors" you mentioned are more like scams, and those happen all the time.  They're not specific to any kind of currency.

----------


## PaulConventionWV

> Well newbitech was keeping $4k-$6k+ on mt. gox, which is ok if he was actively trading it but if it was his primary stash then I would have put maybe 4-5 BTC offline and keep 1-2 BTC online either in gox or a wallet ready for spending. In other words, most people don't carry around $4-$6k in their regular wallet, so why keep that much online in a wallet or an exchange unless you're actually doing something with it.


Right, but the point I was making is that you don't have to keep any online if you are really that worried about having it stolen.  Plus, the fact that he had it on an exchange makes it more insecure than a simple wallet because he was entrusting it to a third party, and it turns out that that third party could not be trusted.  I'm really sorry about your luck, newbi, but it doesn't invalidate the whole system.  Sometimes these things happen and you have to learn to move past them and see things for what they are instead of letting a bad experience ruin the whole thing for you.

----------


## newbitech

> I don't want to sound like I'm blaming newbitech for what happened because I'm not convinced it is his fault and I think it really sucks that happened and I wish mt. gox would give him more answers regarding exactly what happened.
> 
> But there are going to be plenty of companies involved in bitcoin that will realize that the longterm value of their services is more valuable than the value of the bitcoin being stored on their systems in the short term. I think that security will be enhanced beyond what it is today. Part of the reason the original bitcoin users are getting to profit from this is because we are apart of the experiment and getting it ready for 'going live' on a broader scale - part of that may mean losing some bitcoin, but if you have it spread around enough then the profits from the rest of your bitcoin investment should hopefully more than cover any losses in case you happen to store some with a service that ends up being less than secure.
> 
> I think the idea is that storing bitcoin offline would be like keeping it 'safe' in a savings account at your bank - you can't spend it but you can hold it there. You would put your spending cash in your online wallets. Sort of like how people keep credit cards and cash in their wallet. Although highly unlikely, the money in your wallet might get stolen, but it is even less likely that the money on your thumb drive in your fire proof safe at home, backed up and encrypted on your hard drive and another thumb drive locked in your desk at work perhaps would be safer than what is being kept in your wallet. 
> 
> Why did you have 6 BTC in mt. gox? Were you storing it there or were you actively trading 6 BTC on mt. gox? I mean, you should be able to keep that much there and trust them with it... but I really hope you have a bit more bitcoin laying around and you didn't have the majority of it stolen


trading.  the sad part is, I got to a point where I was ready to move my BTC.  As soon as I validated, I mean within days, this happens.  

6 BTC seems like a lot but really I started with 160 bucks.  I didn't lose that much, just my trading activity.  

Somehow the attacker knew I had an account, knew my email address and knew my password.  I haven't scanned for root kit yet, but I literally just rebuilt by system due to a particularly nasty new strand virus that slipped in thru a flash update while I was working.  

I hadn't changed my passwords everywhere yet, but I suspect the attacker knew my password by grabbing it from stored passwords in the browser, or security vulnerabilities in other sites. 

Regardless if I am able to make sure to plug this security hole, there are plenty more attack vectors outside of my control.  Including insider theft at the exchange, or insider theft at a vendor where I might keep an automatic recurring payment etc.. 

The simple non debatable fact is, once a thief is successful at stealing BTC, it's gone.  Period, end of story.  And what is more, a thief can anonymously all day long 24/7 sit there an attempt to break in, in broad daylight and never be found.  This is particularly nerve racking because even as someone with above average computer skills, just trying to mitigate risks is time consuming.  The best I can do is keep a back up of my data and do my online banking with an institution that respects property ownership.

BTC really doesn't respect property ownership as a protocol.  What I mean by this is that there isn't a concept of property ownership built in to the protocol.  Ownership requires and owner.  With BTC the owner is whoever has control over the wallet.  This is the same as with cash, except that with cash, in order to steal it, you have to physically be there and expose your identity.  With BTC, there is no risk of identity exposure for the thief.  This makes BTC impossible to be legitimately owned since you may not audit your purchases or transaction history to make sure you are not giving and receiving in stolen goods.  IOW, you have no valid claim on your BTC holdings other than you control it.  It is impossible for me to initiate a suit against your claim since BTC does not allow personal accountability.

----------


## newbitech

> Are you talking about attack vectors that already exist no matter what currency you use?


It is a problem because while those attack vectors are a real risk, BTC offers no mitigating services to offset the risk when the attack is successful.  In fact BTC is just the opposite.  BTC encourages further exploitation of those attack vectors including rapid discovery of new vectors with impunity.

The current financial apparatus offers the ability to recover from the loss.  It will be impossible to implement this with BTC.  The risk is simply impossible to mitigate.  This is inherent and built in to the protocol BY DESIGN.  

Let me be clear, BTC will have it's uses.  It has it's niche.  Unfortunately the adoption of the protocol as any sort of standard or replacement is going to be severely curtailed by the inherent insecurity of the protocol.

BTC may very well reach the "pockets" of everyone,  but only as a very tiny fraction, a niche fraction of total habitual usage.  As more and more regular folks see their BTC disappear with no recourse, as this issue of inherent insecurity hits mainstream, the public will quickly recoil and the hungry investors will find no use in their superior ability to reservoir the BTC pool.

----------


## PaulConventionWV

> trading.  the sad part is, I got to a point where I was ready to move my BTC.  As soon as I validated, I mean within days, this happens.  
> 
> 6 BTC seems like a lot but really I started with 160 bucks.  I didn't lose that much, just my trading activity.  
> 
> Somehow the attacker knew I had an account, knew my email address and knew my password.  I haven't scanned for root kit yet, but I literally just rebuilt by system due to a particularly nasty new strand virus that slipped in thru a flash update while I was working.  
> 
> I hadn't changed my passwords everywhere yet, but I suspect the attacker knew my password by grabbing it from stored passwords in the browser, or security vulnerabilities in other sites. 
> 
> Regardless if I am able to make sure to plug this security hole, there are plenty more attack vectors outside of my control.  Including insider theft at the exchange, or insider theft at a vendor where I might keep an automatic recurring payment etc.. 
> ...


An exchange isn't a necessary part of the BTC protocol.  You don't need an exchange in order to make transactions with BTC.  If you keep your BTC offline, then there is no amount of attack vectors that can get to it in the way you described unless someone convinces you to hand it over by consent.  

As scary as it is that a hacker can hack all day long and never be found, it doesn't matter if the hacker doesn't know when or where your BTC is even going to be online.  He can't steal it if it's only online for a very short time and he doesn't know when that is or where to look.  The attacker would have to know very specific details about your life in order to do that.  

As far as exchanges, those really aren't a necessary part of the BTC protocol.  We don't need exchanges in order for transactions in BTC to occur.  As far as recurring payments to a vendor go, those aren't necessary either.  I don't even make automatic payments as it is, so I still don't see why any of this would be a problem that specifically affects BTC over anything else.

----------


## PaulConventionWV

> It is a problem because while those attack vectors are a real risk, BTC offers no mitigating services to offset the risk when the attack is successful.  In fact BTC is just the opposite.  BTC encourages further exploitation of those attack vectors including rapid discovery of new vectors with impunity.
> 
> The current financial apparatus offers the ability to recover from the loss.  It will be impossible to implement this with BTC.  The risk is simply impossible to mitigate.  This is inherent and built in to the protocol BY DESIGN.  
> 
> Let me be clear, BTC will have it's uses.  It has it's niche.  Unfortunately the adoption of the protocol as any sort of standard or replacement is going to be severely curtailed by the inherent insecurity of the protocol.
> 
> BTC may very well reach the "pockets" of everyone,  but only as a very tiny fraction, a niche fraction of total habitual usage.  As more and more regular folks see their BTC disappear with no recourse, as this issue of inherent insecurity hits mainstream, the public will quickly recoil and the hungry investors will find no use in their superior ability to reservoir the BTC pool.


So you're saying the market will be spooked out of existence by consumers who don't know how to protect their money?  That sounds quite speculative to me.  We don't know what's going to happen in the marketplace until it actually takes place.

----------


## newbitech

> An exchange isn't a necessary part of the BTC protocol.  You don't need an exchange in order to make transactions with BTC.  If you keep your BTC offline, then there is no amount of attack vectors that can get to it in the way you described unless someone convinces you to hand it over by consent.  
> 
> As scary as it is that a hacker can hack all day long and never be found, it doesn't matter if the hacker doesn't know when or where your BTC is even going to be online.  He can't steal it if it's only online for a very short time and he doesn't know when that is or where to look.  The attacker would have to know very specific details about your life in order to do that.  
> 
> As far as exchanges, those really aren't a necessary part of the BTC protocol.  We don't need exchanges in order for transactions in BTC to occur.  As far as recurring payments to a vendor go, those aren't necessary either.  I don't even make automatic payments as it is, so I still don't see why any of this would be a problem that specifically affects BTC over anything else.


No an exchange is just the distribution/accumulation point for this particular product.  It is a natural occurrence in the market place.  Going to an exchange is simply a way of visiting the largest group of miners who are distributing their product. 

No an exchange is not required for the protocol to function, but it is required for efficient economic distribution and accumulation of the product.  Not so much a requirement I suppose but a natural order.  I could just as easy sit around and wait for someone to finally pay me in BTC, which may never occur, or I could get into it by seeking out people who have it and are willing to trade it for something.  The genesis period definitely needed an exchange as an entry point to the market.  

A hacker ultimately knows you have to go online for your BTC to be worth anything at all.  He doesn't need to break in. You must enter his domain for your BTC to have any value at all. The internet is just the next dark alley for the mugger to hide in.  

I concede the fact that doing anything financially online is risky.  The difference is, BTC transactions are an unmitigated risk, CC transactions have protection built in by design to prevent unauthorized transactions.  BTC protocol has no concept of transaction authority.  Sure your wallet access is authorized, but once access is granted, the security vanishes.  You become at the mercy of the thief who has gained unauthorized access by whatever means.  

You must concede the fact that BTC has inherit insecurity, with no means to mitigate the insecurity within the protocol itself, otherwise you are arguing from an indefensible position.  The simple proof is, you must hide from your adversary in the dark while your adversary is free to roam the light.  In other words, it is the legitimate users of BTC who are forced into the shadows while the illegitimate users are given free reign of the domain. 

We have evidence that the market is not spooked by large scale security breaches with their card purchases.  Take the latest target breach for example.  People are not going to stop using their credit cards and bank accounts to shop until something better comes along.

For now, people are willing to sacrifice that security for convenience.  However, with BTC, investors are betting on the wide scale adoption of BTC to increase the demand of their accumulated pools.  It will not be the at large consumer who is spooked, since using BTC will be pushed as an alternative to conventional banking methods.

What advantage does BTC have over a debit card transaction at this moment in time for the at large consumer?  None really.  In fact it has a couple of severe disadvantages.  And I can think of a couple of inherit disadvantages that can maybe be masked, but will always be there and always have consequences.  

1.) the protocol is severely complicated
2.) the protocol is inherently insecure

At it's core, BTC cannot compete with the security offered by modern banking.  As much as I wish there would be a solution, there is no point in being able to transact free of fractional reserve fiat state controlled banking if it means transacting in a criminally dominated institute with no accountability and no recourse for unmitigated systemic failures.  You are basically jumping out of the frying pan into the fryer.

As much as I hate the banking system, it's not flawed because of its core design, it's flawed because of the layers of crap piled on top of it and because of the people pulling the strings.  If you can navigate the layers of BS in the current banking/ financial system, you can thrive.  But if you misstep, the system has in place processes to recover from losses, to insure against theft, to not only prevent a thief but to prosecute a thief.  

BTC is pretty much the opposite of that.  And for what?  Anonymity?  Protection against currency manipulation including inflation?  The trade off, at least for me, doesn't seem as productive and beneficial as I hoped.  

I personally have the ability to take measures to secure my self with BTC but at an unknown cost (no idea if my security schematics will be successful on a day to day hour to hour minute to minute level).  With the current financial system, the cost of protecting my finances is known and even tho the financial landscape may be evolving rapidly around me, I don't have to constantly keep up with the latest in technological innovation to keep my finances secure.   Even tho I think it's cool to keep up with stuff like that, I don't think it's going to work out too well for many folks who wouldn't know the difference between a cipher and a siphon.

----------


## dannno

I think the biggest industry related to bitcoin may be creating a trustworthy bitcoin sandbox (or sanboxes) that help deal with some of these security problems. If you store or transact within the sandbox you would be partly or wholly protected and can make secure transactions that could possibly even be reversed within the sandbox, run by a trusted organization(s), sort of like PayPal. So this Paypal type company would hold the bitcoins in a secure wallet and transact bitcoin receipts that all represent real verifiable bitcoins within the sandbox. Would need some transparency there to avoid obvious pitfalls of this company creating more bitcoin receipts than it has in the wallet

----------


## newbitech

> I think the biggest industry related to bitcoin may be creating a trustworthy bitcoin sandbox (or sanboxes) that help deal with some of these security problems. If you store or transact within the sandbox you would be partly or wholly protected and can make secure transactions that could possibly even be reversed within the sandbox, run by a trusted organization(s), sort of like PayPal. So this Paypal type company would hold the bitcoins in a secure wallet and transact bitcoin receipts that all represent real verifiable bitcoins within the sandbox. Would need some transparency there to avoid obvious pitfalls of this company creating more bitcoin receipts than it has in the wallet



yeah, i've thought about something like that.  But honestly I see that as just creating the layers of bull$#@! on top of the "failed" system.

In my mind, I don't see why the protocol can't be updated to require a wallet signature that is tied to personally verifiable information.  This way, If I flag my BTC in the header as being personally verifiable, I could trace my transaction back to the next person who has flagged as personally verifiable.  At that point, I could then begin mitigating unauthorized transactions. 

This could already be true to the extent that I can track the wallet transactions on the block chain until it reaches an exit point that requires identity validation to exchange BTC, like what mt gox does and probably others.  

The sad part about the way it's getting set up now is like you said, it's just like having that third party there.  There is no inherent way to do this without forking the code.  

To be clear, I am not saying that this flag has to be set by default.  It would be optional to flag your btc as identity verified.  This would similar to a signed SSL certificate.  Where i can flag my wallet to only transact with know and trusted wallets.  

Anyways, there could conceivable be this layer added on top of the protocol, but the degree of difficulty in maintaining such a system that is not native to the protocol would probably make that solution not particularly scaleable.  BTC did handle scaling pretty good, but just think of all the other layers on top that do not handle scaling well.  Security being the biggest.  

Just a minor (tsk tsk) in the protocol that early adopters probably should have patched before deciding the thing was worth 10's of dollars, much less hundreds or thousands. 

I do not accept the "solutions" of offline storage and multi-layered _access_ authentication as a patch for the huge security hole inherit in _transacting_ BTC.  Access and transacting are two different security beasts.  You have to assume that access security will be bypassed in order to effectively deal with transaction security.  

Anyways, I knew in the back of my head that I would probably lose my 165 bucks.  But I thought it would be for something else, other than a hacker.  I think I could set a trap now because of the bitcoin frenzy, stupid hackers are doing stupid $#@!.  

So maybe I could be a bitcoin robin hood, heh.  right.

----------


## PaulConventionWV

> yeah, i've thought about something like that.  But honestly I see that as just creating the layers of bull$#@! on top of the "failed" system.
> 
> In my mind, I don't see why the protocol can't be updated to require a wallet signature that is tied to personally verifiable information.  This way, If I flag my BTC in the header as being personally verifiable, I could trace my transaction back to the next person who has flagged as personally verifiable.  At that point, I could then begin mitigating unauthorized transactions. 
> 
> This could already be true to the extent that I can track the wallet transactions on the block chain until it reaches an exit point that requires identity validation to exchange BTC, like what mt gox does and probably others.  
> 
> The sad part about the way it's getting set up now is like you said, it's just like having that third party there.  There is no inherent way to do this without forking the code.  
> 
> To be clear, I am not saying that this flag has to be set by default.  It would be optional to flag your btc as identity verified.  This would similar to a signed SSL certificate.  Where i can flag my wallet to only transact with know and trusted wallets.  
> ...


I'm still not sure if I understand why these things are such big problems.  The security risk doesn't seem that bad.  Offline storage is a fail-safe method of storage, right?  It only needs to be online temporarily in order to carry out its function.  At least, however, I think I understand why you have issues with it.  Perhaps I don't understand what it takes to transact BTC, but I would certainly be open to an explanation.  If offline storage is not a solution for transaction security, then what is the inherent flaw in transaction security?  

That said, however, you've been pretty supportive in the past.  What made you change your mind?

One other question, though, do you think BTC will become widely adopted, or at least moderately so despite this supposed flaw?

----------


## newbitech

> I'm still not sure if I understand why these things are such big problems.  The security risk doesn't seem that bad.  Offline storage is a fail-safe method of storage, right?  It only needs to be online temporarily in order to carry out its function.  At least, however, I think I understand why you have issues with it.  Perhaps I don't understand what it takes to transact BTC, but I would certainly be open to an explanation.  If offline storage is not a solution for transaction security, then what is the inherent flaw in transaction security?  
> 
> That said, however, you've been pretty supportive in the past.  What made you change your mind?


essential to the process of creating a valid BTC transaction is getting confirmation in the hashing function of the block chain.  Basically, when you submit a BTC transaction, you are notifying the network that there is a change in the block chain.  The process of "mining" a BTC is to make sure that the change you submitted is consistent with the "location" of those particular BTC involved in the transaction in relationship to all the rest of the BTC in existence.  

That is all the security you get.  The protocol does that one thing really well.  The transaction is valid if the location of your BTC in relation to the rest of the block chain is consistent across the network.  If the validating nodes finds that your transaction creates an inconsistent entry in that location on the chain, your transaction is rejected (unconfirmed).   

All valid transactions must connect to the block chain.  All valid wallets must connect to the block chain.  

I know you aren't a new user, but take a look, it just makes it easier for me to explain.

http://bitcoin.org/en/how-it-works




> *Transactions - private keys*A transaction is *a transfer of value between Bitcoin wallets* that gets included in the block chain. Bitcoin wallets keep a secret piece of data called a _private key_ or seed, which is used to sign transactions, providing a mathematical proof that they have come from the owner of the wallet. The _signature_ also prevents the transaction from being altered by anybody once it has been issued. All transactions are broadcast between users and usually begin to be confirmed by the network in the following 10 minutes, through a process called _mining_.


Question, WHO is the owner of the wallet?

Tell me the last time you entered your private key to do a transaction?  Go back and read the first part.




> In fact, this is pretty similar to how email works, except that Bitcoin addresses should only be used once.


Which means that private keys should only be used once.  This is the basis for what passes as "transaction security" in the protocol.  This is awesome if you are a computer.  But as human beings, we are going to rely upon other software to handle this particular functionality for us.  That is the difficulty issue.

Then on top of that, this particular signature is meant to be a throw away signature.  It doesn't actually relate any ownership information.  As human beings owners are people, with names, addresses, faces.  There is nothing in a bitcoin signature that actually does what is claimed here.  


> providing a mathematical proof that they have come from the owner of the wallet.


.  There is no mathematical proof of ownership.  Only mathematical proof that this particular transaction is valid on the block chain.  The block chain by design is anonymous.  Yes the information is public, but there is no way to attach or otherwise enforce ownership validation _within_ each transaction.  This would again require some other 3rd party software to be layered on top of the protocol. 

I have been supportive of adoption because I see the niche.  I have calculated very carefully, valuations based upon adoption rates.  I do support concept, but I believe that the implementation needs a couple of more iterative cycles to address the glaring roadblocks to an adoption rate that supports exchange rate valuations. 

I wasn't quite sure how that would play out, which is why I have invested in other protocols.  However the lesson that was driven home to me with the loss of control of the hash codes that represented the value I placed into those codes is quite obvious to me now. 

1.) Competing protocols will need to address 2 core issues.  Complexity and Security.  
2.) The protocol that is able to address those two issues synergetically will be much more valuable than the original protocol.
3.) The fewer layers needed on top of the protocol, the longer the protocol will survive in the wild. 
4.) The protocol itself must be able to adapt and absorb the emerging protocols

points 3 and 4 are besides the point, but because of the nature of markets, there will be reluctance to cycle out of BTC into a different protocol that is more suited for mass appeal and adoption.  

Ignoring points 1 and 2 however puts the entire concept in jeopardy and is a serious risk to many millions and even billions of investment dollars.  

The sooner a serious re-write of the protocol is proposed, tested, and implemented to incorporate simplicity and security, the sooner the current exchange valuations may be validated and the sooner market stability may be realized.  

I am still supportive as always, just no longer interested in supporting financially, as I believe it is a losing proposition.  For me, the value of BTC went to 0 instantaneously, without warning, and without appeal. 

This can never happen again, or the protocol itself is worthless.

----------


## kpitcher

I see bitcoin working as designed, as close to digital cash as possible.  As bad as you losing a few thousand worth of bitcoin is I don't see it invalidating the existing system.

You got the equivalent of being mugged. Now to prevent a RL mugging I could take a serial number off every note in my wallet but that won't help track down who did that if I got mugged as no one tracks those in any sort of manner until it hits a bank. The mugger could spend it at a store without ever being caught.

Security for bitcoin is much like other banking security - making sure no one gets your password and/or your private key. I know I do normal banking with wire capabilities online. The whole protection for adding a new designation for wiring is giving some basic information for the company that anyone could get if my systems are compromised (My accounting software has company FED IDs, account information, etc) I could possibly lose money this way. I will still continue to have that online account as it's part of business.

I will give you that bitcoin is still rough around the edges and could be improved. The idea of wallets and transferring bitcoins from one to another can be complex for a new user. Coinbase is making the buying/selling easy and the blockchain and coinbase app make usage simple for in person purchases. With their latest funding they'll make it even easier to use. However that's a usability issue and not an underlying system problem. 

What your experience shows is that there is still room for improved UI or an improved service for wallets. I could see it like those lifelock or verisign security options to keep your credit score intact and stop identity thieves. Some of us get by fine without them, others prefer knowing they're more secure without them. 

All this said you've got some decent ideas that I could see offered as a service. Build on top of the existing infrastructure that is there to improve it and you may have a very good service offering. Even with free email nowadays scores of people still pay for email services, etc.

----------


## newbitech

> I see bitcoin working as designed, as close to digital cash as possible.  As bad as you losing a few thousand worth of bitcoin is I don't see it invalidating the existing system.
> 
> You got the equivalent of being mugged. Now to prevent a RL mugging I could take a serial number off every note in my wallet but that won't help track down who did that if I got mugged as no one tracks those in any sort of manner until it hits a bank. The mugger could spend it at a store without ever being caught.
> 
> Security for bitcoin is much like other banking security - making sure no one gets your password and/or your private key. I know I do normal banking with wire capabilities online. The whole protection for adding a new designation for wiring is giving some basic information for the company that anyone could get if my systems are compromised (My accounting software has company FED IDs, account information, etc) I could possibly lose money this way. I will still continue to have that online account as it's part of business.
> 
> I will give you that bitcoin is still rough around the edges and could be improved. The idea of wallets and transferring bitcoins from one to another can be complex for a new user. Coinbase is making the buying/selling easy and the blockchain and coinbase app make usage simple for in person purchases. With their latest funding they'll make it even easier to use. However that's a usability issue and not an underlying system problem. 
> 
> What your experience shows is that there is still room for improved UI or an improved service for wallets. I could see it like those lifelock or verisign security options to keep your credit score intact and stop identity thieves. Some of us get by fine without them, others prefer knowing they're more secure without them. 
> ...


to prevent a real life mugging, I arm myself with weapons that forces an attacker to face potential consequences for his actions.  Impossible with BTC.  To prevent a real life mugging, the attacker must expose his identity.  Not even a nuisance with BTC for the attacker.  In fact, BTC completely disarms a victim since the protocol removes any chance at identifying an attacker and discourages defensive weapons that may cause any real consequences for an attacker. 

It's nice to think of BTC as being the equivalent to an online cash system.  It's not tho.  It fails in 2 key points.  1.) BTC is incredibly difficult to understand in relation to cash.  2.) BTC is incredibly difficult to secure in relation to cash.

What makes cash useful is 1.) it's easy to use, you just have to know to count to 10 and multiple by 10.  2.) cash is useful because its personally secure. 

No, I wasn't e-mugged.  No one forced my to give up ownership, no one threatened my life.  I wasn't physically harmed.  The fact is, I never really had ownership of that string of digits.  I just paid for the right to control it as long as I could before someone else found a way to control it without the need for cash.  

Just think, sitting here all this money pouring in to BTC.  All it would take would be for someone or some group to create a stuxnet type virus that infects the block chain and all the miners on the network.  The BTC would go poof over night and there would be absolutely no evidence of who or what did it.  It would just be gone, and all the money and investment and everything built on it would be gone.  

The smart hacker would just siphon the BTC off into his own wallets 1 satoshi at a time.  no one would notice, no one could notice and even if they did notice not a damn thing could be done about it.  

Inherit security flaw.  BTC, impossible to actually own it without making it undesirable to own. 

And the #1 reason why BTC security is NOT like banking security is because there is no BTC bank.  There is no way to possibly insure against theft and fraud since it is impossible to recover stolen BTC and impossible to prosecute the thief.  There can be no BTC banking functionality because the larger the pool of BTC the larger the inherit risk grows.  The risk exposure would be impossible to insure, and there is no fraud prevention that could occur with the multitudes of anonymous "depositors" each having the potential to be the thief.  

Solving the inherit insecurity of BTC needs to happen within the protocol, not with 3rd party solutions like the laughable multi-factor authentication, or the relic of cold storing a commodity that exists only when the lights are on. 

BTC doesn't need layer upon layer of 3rd party services to make is usable.  It needs to be re-conceived and re-written based on the knowledge gleaned from this beta test.

If it can be done without forking awesome!  I don't think it can be, which is why people who are heavily invested are going to push for layers to be added rather than core updates. 

Some things cannot be done in the core without rebuilding the block, and the bigger the block gets the less likely rewriting the bitch becomes.

Just don't feel like the entire thing was thought thru before the money started pumping into it.  Easy come easy go.  I've learned that one a few too many times by now.

----------


## dannno

> And the #1 reason why BTC security is NOT like banking security is because there is no BTC bank.  There is no way to possibly insure against theft and fraud since it is impossible to recover stolen BTC and impossible to prosecute the thief.  There can be no BTC banking functionality because the larger the pool of BTC the larger the inherit risk grows.  The risk exposure would be impossible to insure, and there is no fraud prevention that could occur with the multitudes of anonymous "depositors" each having the potential to be the thief.


I dunno, would I still be able to buy drugs with your new design?

What if there was a BTC app wallet that required your iris and a thumb print, or a combination of whatever security features you wanted to use?

----------


## newbitech

> I dunno, would I still be able to buy drugs with your new design?
> 
> What if there was a BTC app wallet that required your iris and a thumb print, or a combination of whatever security features you wanted to use?


yeah, what I am thinking is that I need a way to tag my BTC with my ownership.  I need that to happen within the protocol so that I may choose to only transact those BTC with others who accept the tagged coins. 

You can keep your underground coins, but I prefer the security of doing my business in the open where everyone can see my transaction and know that it is I who have authorized the funds to be transferred.  

In this way, I can create a wallet that stores authenticated coins and that wallet may only transact with others who have authenticated wallets.  

It doesn't have to have a 3rd party.  In fact, I don't want there to be a third party.  Just users who agree to transact in the open with a protocol option.  The more successful transactions I have with my identity, the more trustworthy the BTC coming from any of my wallets are.  

No option for that in this protocol.  It caters to the underworld and criminals.  It's like prescribing the most powerful antibiotic for the common cold right now.  BTC is killing security by hiding everyone with no option to have an identity inside the block chain.  The block chain needs identities of human beings to give it human being legitimacy.   Not "math proofs" to define ownership.

as far as your suggestion, it doesn't solve the problem of identity inside the transaction.  And the biggest problem I see with that is that now the thief has the incentive to kill me for my eye balls and fingers to gain access to my account, or some other creative way of getting those personal features of myself.  He will still be able to transfer my funds to an account with no identity.  Yes, he may have to expose himself physically if he wants to do it the hard way.  Or he could find other ways of bypassing multi-factor authentication for access.

----------


## RonPaulIsGreat

This seems like it would be easy to solve the stealing issue on exchanges.  

Mtgox, and other willing exchanges, could simply join an alliance. The function of the alliance is to allow free flow of bitcoins/ltc/etc within the alliance of users, but restrict moving btc/ltc out of the network, until a phone verification took place, or some other real world verfication took place. 

Example: You had your btc in mtgox, you set your daily external transfer limit to whatever amount you feel comfortable with, as in 1 btc/day. So, that would be the max that could be transferred out into the "wild" untracked area of the bitcoin economy not in the "Alliance" of exchanges that track 1 to 1 real world information for each btc movement in the network. So, essentially you get to select your exposure versus convenience level. So, with that basic limit, you'd have lost 1 btc, or none potentially if you selected to only to be able to trade btc in network. Now, in network trades in this scenario, would be only with other fully verified members. So, in network trading would function instantly without limits, but could be reversed, as all the wallets and bitcoins are in network. 

If you decide to up your transfer limit higher, then their would be a mandatory 24 hour wait period, and an automatic real world notification, via phone, sms, e-mail or all if you chose. 

If your account got hacked you'd simply notifiy them and they would simply lock your bitcoins entirely, until you provided information to prove you are you.  If the hacker moved bitcoins, and your account was set to not allow out of network transfers, all transfers could be reversed, or partially reversed. (If they traded in your name for example in the market, that would be difficult to reverse, but you'd still have something at least, and they wouldn't directly receive anything, though they could indirectly pump another coin, and sell into that pump, or deliberately sell at a bad time). 

Anyway, you wouldn't be out of everything is the point, and the reward to steal would be greatly diminished. 


This wouldn't solve everything, as in if someone in your house got your password, and had access to your phone, but it'd stop the random stranger attack. 


IMO, that would work, as most of the trading is on exchanges. So, it wouldn't restrict the liquidity of bitcoin much. And merchants obviously already store the real world information of buyers to some degree, it would take very little modification to simply store the rest relating to the actual bitcoin, and do a look up against the db of the alliance. As in I'm a online store, I receive a bitcoin, I would then post to the alliance, a physical address (from the purchase order) related to the bitcoin I received, if that didn't match, the bitcoin would be frozen in the merchants account, until the issue was resolved, or the bitcoin would be returned.. 

Anyway, seems the exchanges could mitigate theft really easily. By simply taking on some of the role credit cards occupy now.  

That also doesn't force a change to the basic system, just allows a potential complete opt out from anonymous transactions, and therefore allows reversible transactions.

----------


## RonPaulIsGreat

YEah, I know, I was complaining about mtgox verification. The difference is mtgox isn't protecting me with the present verification. If I verified my account, right now, then someone logged in, they could send all my money to a Nigerian Prince. So, the present system, treats you like you are the criminal, then offers no protection to you. It's funny actually.

----------


## Madison320

> Take cash for example.  What makes cash inherently secure is that it's always in my possession until I use it.  It's in my pocket.  My biggest risk is that I might get robbed at gun point, or be pick pocketed in a crowded market.  I can mitigate those risks without loosing my ability to transact quickly and efficiently in cash.
> 
> ...
> 
> Sucks cause BTC is close to being a solution, but it falls short in the most important aspect of property ownership.  There must be a way to identify the rightful owner of that property.  I don't think BTC is really property.  And that's the problem.


I agree. My thinking is Bitcoin skips the "root" step of an asset. There needs to be something tangible to physically possess. Even though we do most of our transactions electronically, you can always trace the transactions back to physical possession.

----------


## nayjevin

I hear alot, cryptocurrencies are secure if you just take the steps to secure your wallet.  Then I go to find those steps, and people are saying 2FA and then I'm on wikipedia and it tells me it uses a cellphone/smartphone and I need to make sure my cellphone is secure.  Then I laugh, because the person at the cellphone store had my phone in his hands before I bought it, and I don't program computers, so, no, I'm not much into cryptocurrencies.

----------


## nayjevin

It also took me months to get bitcoin, and when I did, it was 'pending' or something.  It's been fun to see how much my net worth would have increased if I knew how to use computers, but that's about it.

----------


## nayjevin

> this is only possible if you give the compromised piece of software on said device root access.


LOOOLOLOLO

"Getting mugged is only possible if you lose the fight." -- Mike Tyson

----------

