
Coinbase introduces Vault - mihar
http://blog.coinbase.com/post/90552757447/the-future-of-bitcoin-storage-wallets-vaults
======
kolev
How about fixing the web app before adding more features? Their Ajax page
loading hangs most of the time. Going straight to the URL works immediately,
but it's not always possible.

~~~
flexo0r
I thought I was the only one experiencing this. My feeling is that the
sometimes extreme slowness of their website is not unintentional, kind of like
their arbitrary canceling or delaying of transactions and blaming it on false
positives in their "high risk detection algorithm".

~~~
kolev
I honestly doubt that. For example, I tried to create a new wallet yesterday.
The line indicator bar took its time (over 5 minutes) and never completed.
Refreshed the page, it was there. Renamed another wallet - same thing. I'm not
sure how this UI that never confirms that some operation completed can be
intentional! This always happens to me - at least on Firefox as haven't used
Chrome recently. Switching from Buy to Sell, for example, is the same. Any
navigation, which is using history.pushState(), obviously, takes minutes, and
almost never completes. I just know the routes by heart and key them in (no
kidding), or click to get the route updated and then refresh. Honestly, I
can't wait for Circle to grant me access... or Buttercoin or whatever
alternative as we need redundancy. expresscoin seems nice, but its fees are
much higher.

------
sejje
I'm assuming the vault doesn't improve security at all in the event that
coinbase gets hacked and loses all of their btc?

~~~
white_eskimo
What makes you so sure that Coinbase even has all of our bitcoin in the first
place?

~~~
sejje
I said all of _their_ bitcoin. Coinbase certainly doesn't have all of my
bitcoin.

I didn't intend to make a conspiracy theory out of my question.

~~~
kordless
The question means _all of our Bitcoin at Coinbase_. He's not making a
conspiracy theory out of it - he's asking a legitimate question about whether
or not Coinbase has all deposits accounted for or not.

~~~
sejje
Perhaps legitimate, but not in response to my comment.

~~~
kordless
That's a rationalization around the original blaming statement you made. You
asked how we should know if they are secure. He said how do you know they
haven't been hacked already? Both legitimate, up to the point you said he was
making conspiracy theories.

~~~
sejje
I think it's a jump to say "hacked already."

I assumed he was talking like they had just spent the bitcoin (Mt Gox stylee).
Even if they were hacked, I would expect Coinbase to disclose that information
--to presume that they've been hacked, lost bitcoin, and are hiding that from
everyone is a pretty wild theory in my book.

------
white_eskimo
Why is multi-sig in quotes? Is Coinbase providing its users with a '3' address
that is on-block chain, or does this "multi-sig" approach still reside
entirely off-block chain.

Edit: I presume that Coinbase still holds on to all of the private keys for
Vault accounts. Can someone verify otherwise?

~~~
michaelt
Some people use quotes to imply "this is not my term" \- this is sometimes
used for jargon and words you won't find in a dictionary.

For example: The economist said I should consider my "BATNA" or GPS receivers
measure "pseudoranges".

Just as using jargon can indicate you are part of an group, putting quote
marks around jargon indicates you stand apart from that group.

------
vijayboyapati
Multi-sig is a very powerful innovation for corporate use of bitcoin. Not
because you can have arbitrarily many M of N signing a transaction, but that
you can outsource complex policy in a trusted way. E.g., create policy that
lower level employees can control a small percentage of a company's holdings,
while higher level employees can control a higher percent. It allows you to
implement flexibility that exists in the credit system, without giving up the
trust/control that comes from the blockchain system.

------
woah
What's up with the cold storage? That is absolutely no security, it is purely
an operational detail on Coinbase's side. You are still trusting them with all
your coins. Once they get multi-sig, that might actually be something
interesting. For all we know, the "Vault" might just be a new menu item and
some css.

------
PabloOsinaga
I wonder how well Xapo is doing - because this seems like a copycat.

~~~
kanzure
> I wonder how well Xapo is doing - because this seems like a copycat.

And there's going to be even more copycats than there already are. Making APIs
on top of Bitcoin's API is going to get way, way more competitive because
that's basically the first idea that every player entering the market has.
It's extremely low capital to spin up a new API, so everyone and their mom's
dog have been doing it. Transaction fees will be driven down by the copycats,
and many of them will probably cut their transaction fees to zero for a long
time (ahem, Coinbase).

------
enra
Actual launch page and a video about how it works
[https://coinbase.com/vault](https://coinbase.com/vault)

------
peteretep
If it's not insured, what's the point?

~~~
josu
From a customer's perspective a false sense of security. From Coinbase's point
of view, it decreases their need for liquidity and their chances of a run.

------
state
Is this where Tim is going to store his coins?

~~~
wmf
Obviously not if he bought them to provide liquidity for competitor Vaurum.

------
xfour
Is anyone else picturing the digital equivalent of this Al Pacino snl video?
[http://kristenwiigdaily.tumblr.com/post/27009841161/mygiftis...](http://kristenwiigdaily.tumblr.com/post/27009841161/mygiftismysongand-
snl-al-pacino-checks-his)

------
spacefight
In other news - "use vault, the regular wallet is insecure".

~~~
kolev
Yes, there shouldn't be degrees in security - a system is either secure or
not.

~~~
wmf
The threat model here is people leaking their own Coinbase passwords (via
phishing, compromised PC, etc.), so the 48-hour delay and out-of-band
verification ought to actually help.

~~~
kolev
So, 72-hour delay is even more secure?

~~~
AndrewGaspar
Yep, and if you dump all your coins into an account with no private key,
nobody can get your bitcoins ever, so that's really what everybody should do.

~~~
kolev
All sarcasm aside, Bitcoin is becoming more and more centralized everyday.

------
arasmussen
I disagree with the direction Coinbase is going. Of all the things they could
have built next, this is what they chose? Why not develop a button that says
"Pay with Bitcoin by Coinbase" that allows one-click payments on third party
websites/mobile apps? Or why not compete with Bitstamp and btc-e on the
exchange front? There's definitely tons of room for competition there.

Consider a traditional USD/EUR bank account. If your bank offers you a "vault"
option to store your large balance to offer better reassurance that it won't
get stolen from your "regular account"/wallet, aren't you going to have some
serious concerns about security of the regular account? Instead of offering a
"more secure account" why don't think just work on the fact that people feel
that their regular accounts are insecure. This seems like a bandaid on the
problem rather than the proper fix.

It's also overcomplicated. Now I have two account types and have to worry
myself over what the differences are for accessing my money in each and how to
use each. They're increasing the amount of friction it takes to get started
rather than basing their model off a bank's model of "your account is as
secure as it needs to be, just use one".

~~~
mangoman
They have the pay with bitcoin button

[https://coinbase.com/docs/merchant_tools/payment_buttons](https://coinbase.com/docs/merchant_tools/payment_buttons)

I've used it on overstock.com and it's pretty incredible. I think it's the
least amount of information I've ever had to enter to buy something online.
All I entered was the shipping address and my email address.

~~~
superuser2
That's essentially the same as having a Paypal account, though.

