Hacker Newsnew | comments | show | ask | jobs | submitlogin

The largest problem with Bitcoin has always been how insecure peoples computers are. WoW accounts where only worth a few dollars and yet account hacking was incredibly common unless you used a physical authenticator tied to your account. Thus, to securely use Bitcoin you really need a third party either a 'bank' or a vary secure device.

PS: Banking websites have their own issues. But because they tend to use multitiple forms of authentication the are significantly harder to break into on the client side.




This problem is not insolvable. As you pointed out, a secure device can be built to securely transact. Or use a "bank" (but I don't like it because any centralization is against the design principle of Bitcoin).

For example, Bitcoins could be stored on a smartcard having a flexible e-paper display, flexible built-in keypad, and flexible LiPo battery [1]. Withdrawing coins from the card could require a user typing in an amount and a pin code, and then using a smartphone to scan a QR code shown on the e-paper display (or sliding the card in the merchant's payment terminal, which would scan the QR code). The QR code would represent a signed Bitcoin transaction to a pre-programmed address whose private key sits on some online server, which is only used as an intermediary step before forwarding the coins to the final merchant. The smartcard would effectively never connect to an online device during its entire life, making it un-hackable without having physical access to it. Smartcards could also be manufactured in pairs, or triplets, etc, to have clones of them in order to have redundant backups of the Bitcoins in case of a loss of one of the cards. If you know about the Bitcoin blockchain, you might ask how the smartcard can sign transactions without access to the current blockchain. Well it is mathematically possible, because a transaction just consists of ECC-signing a few bytes representing the destination addresses.

Don't discard a technology because you are unable to comprehend it enough to think of solutions to address some of its flaws. (I do agree that addressing the security of Bitcoin wallets is of utmost importance.)

[1] The technology for this already exists. I own one of those: http://gallery.drfaulken.com/d/8752-1/IMG_1466.JPG

-----


That's not really true. You can store Bitcoin keys on paper with QR codes (or even just in your brain), and sign transactions on devices that have never touched the internet and never will. It's just the infrastructure that hasn't been built yet, but there is a lot of development going on to enable the average user to utilize these possibilities. That's not even mentioning multi-signature transaction support.

-----


I don't mean to suggest that Bitcoin can't adapt. Just that most of the advantages it has over physical / digital cash or credit disappears once you add such things. Once you have a bank or physical device governments will get into the game and start regulating with the express goal of eliminating anonymity for large transactions.

-----


"... most of the advantages it has over physical / digital cash or credit disappears once you add such things. Once you have a ... physical device governments will get into the game and start regulating"

Not sure what you mean. By 'device' I didn't mean some special hardware developed by some special company, where the government can then regulate that industry. I just meant any computer. I'm saying that signing a transaction can be done offline on devices that are never connected to the Internet, such as an old laptop, or yes even a special device. There's no fundamental requirement to have the keys on your virus-ridden home PC at any time. This doesn't remove any of Bitcoin's advantages from what I can see.

And multi-signature transactions will allow for multi-factor authentication at a protocol level.

-----


That's significantly worse from a user perspective than giving Amazon a credit card number to enable one click checkout or downloading a book from my kindle. It's true you could do anonymous transactions online, but while it's better than mailing people cash it's something of an edge case and I could also buy a Visa gift card and get the same sort of anonymity. Again, I like Bitcoin, but the problem IMO is how to make it both as convenient as a credit card and secure.

PS: Your also describing an adhock solution. As soon as you want to mass produce them to allow significant and convenient adoption you get into regulation issues. And by 'device' I am including just the software to manage your account from a cheap netbook.

-----


Carrying around your life savings in your wallet or memory doesn't really make it more secure, it just increases your odds of suffering bodily harm.

-----


>Thus, to securely use Bitcoin you really need a third party either a 'bank' or a vary secure device.

Things like the BitcoinArmory client [1] + upcoming multi-sig transactions should make it secure enough relative to traditional currencies. Use a a *nix instead of Windows (much easier for the mainstream these days with OS X/iOS/Android) + secure wallet.dat backup like SpiderOak or Tarsnap and you're in good shape security-wise.

1. http://bitcoinarmory.com/

-----


> Use a a *nix instead of Windows (much easier for the mainstream these days with OS X/iOS/Android)

And ubuntu...

-----


I almost mentioned it, Ubuntu has been my primary OS since 2007 and I continually re-evaluate options - Fedora, Cent, SUSE, Mint, and Arch mainly - but Ubuntu always comes out on top. I just have no experience converting people over to Ubuntu from Windows, so not personally sure how well that works.

-----


Services like StrongCoin https://strongcoin.com secure bitcoins by doing the signing in the browser. No private ket stored to your hard disk or their site.

-----


The big problem with banking is how insecure people's computers.

To secure your 'real' bank account, you need your computer that you do your online banking to be secure, your need the computer in the card reader at the store to be secure, you need the computer in the POS to be secure, you need the stores back office system to be secure, you need the computers at the credit card processing company to be secure (yes you VISA) and you need your bank to be secure.

To secure bitcoin all you need is your bitcoin wallet to be on a USB key in your pocket.

-----


Your overstating the need to secure a credit card. I could post photo's of my credit card here or hand it to a waitress, and at worst I would have to make one phone call. Yet, I can make a 5,000$ purchase without fear. Because, unlike Bitcoin I can dispute transactions after the fact yet people still accept credit cards.

Now, plug in that bit-coin wallet into a unsecured computer and within 5 seconds your account could be drained and there is no way for you to ever recover your money. Your PC and wallet might be secure, but you have literally no way of knowing that. Worse yet as soon as large numbers of people start having a few thousand $ worth of bitcoins zero day attacks are going to take on a hole new meaning.

PS: I don't do online banking or use a debit card, the entire system is horribly and fundamentally insecure. But, I only need to pay off my CC every month and suddenly I have near total safety. Or, I can walk up to any ATM and suddenly have total anonymity at the cost of some risk.

-----


But you still end up paying for the possibility of those disputes in terms of higher prices. If you make a dispute because somebody stole your card and bought stuff, the damage isn't simply undone by a chargeback. The merchant loses out. Chargebacks from identity theft, as you describe, are a massive source of risk to merchants, and they have to factor that into the price of their items. What's more, the credit card companies impose large fees on merchants who get too many disputes against them (even if they aren't engaging in fraud themselves, but instead they are the ones getting defrauded through the process you described).

-----


What your describing are reasons for merchants to adopt Bitcoins not consumers. Because, merchants charge people paying with cash the same price as those paying with credit cards and distribute the costs between them. So, as a system you might have a point, but as with a classic prisoner's dilemma there is zero advantage to me for giving up that protection. And, if I have a rewards credit card I can extract money from those who pay with cash or theoretically Bitcoins.

PS: I still think Bitcoins are an interesting idea. I am just describing why their adoption has been so slow. There is simply no compelling reason for significant legal transactions to use Bitcoins, which covers for their inherent risks.

-----


One reason for consumers is built-in deflation. Money has to be scarce; 21million is a ridiculously low number, and bitcoins are very scarce.

-----


This comes up pretty often, but it's worth noting that it's built-in scarcity. Deflation in the sense of increasing purchasing power will only happen if it is more widely adopted as a medium of exchange (which is definitely possible.) It its use as a medium of exchange diminishes, it could actually see inflation in the sense of decreasing purchasing power.

-----


Unlike cash and gold, Bitcoin can be divided down to 8 decimals. So it doesn't really matter how many millions of bitcoins there are. The important thing is that bitcoin can't be printed by central banks.

-----


For most people this is a negative.

-----


"most people"

This is a baseless statement.

I, for one, don't want my bank controlling my money supply or telling me how I can and can't spend it.

-----


Children don't like their parents forcing them to eat vegetables but that doesn't mean it isn't good for them. You may not like the bank controlling the money supply but that doesn't mean you haven't benefited from it.

And my claim is hardly "baseless". You can reject the orthodox views but please don't claim to be in the majority -- whether we use the polite term "heterodox" or the less polite "crank" the fringe nature of such views is apparent.

-----


You can dispute transactions because of your legal agreement with the credit card company - not because of any technical reason. For example your bank also insures itself against having untraceable cash stolen by robbers.

You could have a bank account where the bank claims no liability if your debit account was emptied by a hacked chip+pin reader - they just wouldn't have many customers!

Similarly a bank could decide to offer a bitcoin account where it will offer you the option of a chargeback. It will simply charge a commission on the transaction to cover itself.

-----


Not true!

Merchants would have never come up with that on their own. It was forced on them with credit cards by consumer protection laws. Debit cards don't have that legal requirement, but consumers have come to expect it.

-----


The point is it's a legal invention - introduced by the banks so that people would actually trust credit cards - it's not a necessary feature of a traceable transaction.

-----


It's a feature of having a 3rd party as part of the transaction. A random merchant trusts Visa to ban people who abuse the system. And merchants are threatened by with being banned if they don't keep quiet about the occasional charge back. However with a pure digital currency there is no independent party, so all transactions are either provisional or finalized with the merchants and customers having total power at different parts of the process.

PS: I am not going to sue if some random website fails to ship a 200$ graphics card. So reputation becomes even more important, but only because fraud will also become far easier.

-----


P2P currency doesn't preclude 3rd party (escrow) transactions. In fact, it will likely be a popular option for large transactions and it will cost less than CC/debit card security overhead.

-----


the genius of the credit card system is that not all of its features rely on what programmers would think of as technical mechanisms. legal and contractual constructs can be highly effective.

-----




Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: