Bitcoin Forum

If you have to trust some people, they must at least be willing to tell their real identity information.

How do you know it's real?

I donno... I had comodo calling the office every 20 minutes asking for our Tax Identification Number, company revenue, etc etc..    eventually we worked thought the process of validation and got the greenbar SSL cert from them.

https://bank.flexcoin.com

So yes you can be sure that Yooter Interactive was verified as a valid company based in Pottsville, PA ...  it's why we opted for that version rather than just the standard SSL.

 

Class 2 digital certificates can be used to identify individuals in a similar fashion.

http://www.globalsign.com/authentication-secure-email/digital-id/index.html#tab2

Question to Flexcoin: do you have insurance in case you lose everyone's accounts in a hack attack or similar?

We initially thought that we could pay the exchanges to insure us,  until Mt. Gox was hacked themselves leaving us to question ...    Our next thought was to turn to Deepbit and perhaps insure it via a mining company.   

Any ideas?

Why not just get plain business liability insurance, and up your coverage as you increase deposits? It will cost you, and you will likely have to submit to security and business audits by the insurance company, but otherwise should be sufficient. If you lose people's money, just use insurance to buy more.
Though, you mentioned your bank will be free? So getting money for business insurance premiums (not cheap) will be tough...

I'm not sure insurance is a feasible idea for bitcoin just like loans in bitcoin are likely not to work given the nature of bitcoin.

Ultimately insurance is somewhat a ponzi scheme (a legal one at best) in which customers (investors) pay their premiums to be "insured" while you pay older investors that collect on their insurance policy.

How do you insure something that is of limited supply and that could have a vast price movement in short periods of time?

If bitcoin continues in a Bull market you will ultimately lose as an insurance company for bitcoin.

Once again there is the trust issue involved. A user has to trust the service provider. Bitcoin was designed so you don't need to trust anyone but yourself by keeping your own bitcoins safe and in YOUR possession.

What happens if your service you have described crashes in the worst possible case? Who will insure you?

The idea still does not seem practical from any angle that I can see.

lol

You say "taught" like the community absorbed the lesson it learned from this and won't make the same mistake next week with another sketchy service.

Matthew, that is basically the service we offer. We tuck away a copy of your wallet.dat and can even insurance against it. Of course trust is the biggest issue for any service like this so we'll see how it turns out!

Insurance fees will depend on the number of companies you are insuring, and the risk that those companies pose. Basically, if you have 10 companies, each insuring for $10,000 ($100,000 total), and there is a 10% chance that every year one of them will fail and file a claim (for $10,000), you need to make sure each company pays at least $10,000/10=$1,000 a year.
Your major hurdles will be
1) Getting enough people paying enough into a pool large enough to get it at least started, since insuring even just two companies means that you may need both of them to pay half of what they may be worth. If their risk is small, that may make things easier a bit.
2) Calculating the risk of each company will require some professional accounting help. They're called actuaries, there are typically 3 to 6 of those graduating from about 100 general accountants a year, so they're rare, and they are VERY expensive.
3) You will need someone doing on-site inspection of every business you are insuring to come up with initial rates, to make sure they are staying compliant, and to inspect them once they file a claim.
In short, it's not a cheap service to get off the ground. Though if you think there is a need for it, it may be something people are willing to invest in to get the initial insurance pool (of money) going.

As for how to insure Bitcoin, just issue policies in other currencies (USD/EUR), and when the business loses Bitcoin, they'll use their insurance to buy more. They would only be covered for a set amount of USD, so it will be up to the business to make sure they increase their coverage if they get more customers or the value of BTC goes up. Insurance companies aren't liable if the business can't cover all their losses because their coverage was small (ditto for you people with too little coverage on your houses or cars; if your house burns down or you hit a Ferrari, and your policy doesn't cover your losses, you're SOL).
I suspect there are already other insurance companies that insure sensitive valuable data. They may have trouble understanding what Bitcoin is for their "insurance audit" purposes (from #3 above), but they will likely come around.

Matthew... what is that pink drapery in your background?

Yea, you might need to get a new interior decorator. Maybe get someone with less NERVE ;)

interesting!

Well people can encrypt the wallet.dat file like they normally would and then send it. There is no reason for us to be "poking" around in it. The minute it arrives it is pull downed offline and stored away.

Will of course the owner of Mybitcoin took off with the coins! It would take one time of that and our service is dead on arrival what is the point? So I guess no service is to be trusted I suppose it makes sense.  We don't back it up to a server ?  I hear you what your saying! Thanks for the feedback :)

Dude, don't listen to that guy. The "UABB" is just something he made up to feel important. Anyone who trusts the "UABB" is a fool. Do your own service and build up your own reputation by your own good customer service.

Thanks Mt. Fun I'll remember that he is as much the same boat as me when it comes to a service.  I'll take your advice and build up some reputation and provide good customer service! sound advice. Thanks!

No problem-I don't like bullies. 8)

Then by all means start the service and see how much business you get following the series of bad-press events occurring around bitcoin.

See how many people trust you.

Agreed. And backup your own damn wallets yourself!

The way you are going it sure sounds like you are serious. My point was that the service you talk about is and should be the responsibility of each bitcoin user to backup their own wallet file.

Your "about us" link on the left side of your website appears to be broken.

Warning re: bitprotection

only encrypted wallet.dat should ever be sent to a 3rd party. otherwise its the equivalent of putting money inside and envelope and posting it to a stranger, and hoping no one opens it.

Just a thought. Someone's site getting compromised means the hacker can also likely force the backup system to overwrite the backed p wallet with a blank/corrupt one. Would it be better to have the site operator "backup" an encrypted wallet to a specified directory, and the external backup service to the grabbing of the file off that server themselves? Keeping it one-way from the backup side will prevent any hacker access to the backups if the whole system is compromised.

This is why many backup systems operate as a series of snapshots in a way that earlier snapshots aren't able to be overwritten.
(e.g pulled from the backup-store side rather than pushed)
It's not always immediately apparent that a problem occurred on a live system, so earlier backups may be required to reconstruct things.

Also, I wonder why Bitcoin services don't use a single address? Have customer deposits sent to a unique address to identify them, then immediately forward their money to a single central address that uses one key backed up in multiple locations. No need for continuous backups other that the database of user accounts and holdings.

My understanding is that many of the services do put customer deposits in a single aggregated account.  Of course if that account gets compromised then you've got a whole lot of customers who are going to be SOL when it comes to redeeming their deposits.  Backups aren't going to be much use once funds/Bitcoins have already been transferred out of those master accounts.

I posted some lessons here: https://bitcointalk.org/index.php?topic=33892.0 (https://bitcointalk.org/index.php?topic=33892.0)

Basically, I think the major infrastructure of the Bitcoin economy should be to designed such that people give service providers keys to their bitcoins only when they really have to, and when they do, they should use Bitcoin scripts to distribute control of them over several reputable service providers which would all have to collude in order to steal or lose them.  I also think the user experience in this model needs to be no more difficult than using Firefox sync - i.e. securely storing a single rarely used, never updated private key.

This "gentleman's" domain he chose for the UABB is only 6 days old and registered anonymously. That certainly does not say "trust me" at all. Look at his website as well. It looks like a 4th grader made it in 5 minutes. Also, "the gentleman" couldn't even other to at least put a redirect on the top level of UABCI.ORG. All of this plain says amateur and watch out.

Though, I guess in his defense he does have over 500 posts to this forum. I guess to him that all the credit he needs.

http://dl.dropbox.com/u/7219346/uabci2.png

Domain ID:D162884485-LROR
Domain Name:UABCI.ORG
Created On:27-Jul-2011 08:32:10 UTC
Last Updated On:27-Jul-2011 08:32:11 UTC
Expiration Date:27-Jul-2012 08:32:10 UTC
Sponsoring Registrar:Directi Internet Solutions Pvt. Ltd. d/b/a PublicDomainRegistry.com (R27-LROR)
Status:CLIENT TRANSFER PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:PP-SP-001
Registrant Name:Domain Admin
Registrant Organization:PrivacyProtect.org
Registrant Street1:ID#10760, PO Box 16
Registrant Street2:Note - All Postal Mails Rejected, visit Privacyprotect.org
Registrant Street3:
Registrant City:Nobby Beach
Registrant State/Province:
Registrant Postal Code:QLD 4218
Registrant Country:AU
Registrant Phone:+45.36946676
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:contact@privacyprotect.org

Matt, I don't want to be negative, but you trying to inject a regulatory agency, even one with no actual power, into this den of 'anarcho-capitalists' is probably in vain.

edit: If you are honest in your intentions, remember that you are a guppy of common sense swimming upstream a river of stupid and half-planned ideas.

Don't bite you're being trolled...

Yeah I am not buying the UABB thing either.

Establish some reputation then come and advertise yourself in such matters as an investigation of wrong doing.

Let us know if you find the guy who is responsible for mybitcoin.com, until then please stop acting like UABB is something to be trusted or that people should rely on to solve such matters.

No one elected or ask you to take charge of anything. If you want to take charge of that then great. Show us all how useful your newly created organization is once the perpetrator has been found and brought to justice.

This place is getting more like high school every day, with multiple service operators now acting like butthurt teenagers whenever they don't like a question about or a comment on their service.

Y'all need to grow up and behave like business professionals if you want the trust of the community instead of reacting like spoiled toddlers whenever someone criticises your precious ideas.

Amen.

First of all.... *knuckles crack* If you really ran 14 companies you would have hired a professional to make that site for you as your time would be too valuable creating that wonderful website.

Second of All.. You're the one asking to be "Mr Regulator" or is it "Mr Investigator" or.. "Bitcoin Policeman" so the onus to prove that you are even capable of doing this is on you. No one here asked you to do that. Maybe you would want to provide samples of your previous work? A real life resume would be nice as well, especially with all those companies you run. Though with the burden of running 14 companies your going to be pretty hard pressed to find the time to do that, along of course with the lifestyle you live.

To me and it seems a lot of the others your just another talking head, spewing shite and producing nothing.

But this is a bonus from your website that really makes me laugh. "The evidence and findings of this investigation will be public knowledge."  I really hope your not that stupid to get that close to something that might be libelous during your "investigation". Also remember, impersonating a Private Detective is illegal as well.

If you really are legit, by all means go for it. The burden however is on you to prove that.

...and remember folks... He wants funding for his 6 day old non profit startup that is completely anonymous but does ask for personal information (affidavits) from other bitcoiners about how they were scammed from mybitcoin. Sure thing Mr Anonymous. Ill get that right to you both my money as a donation and my personal info so you can steal more at a later date.

As I said before. This a scam.

As I said come back and show us your efforts once the perp is found and brought to justice. All your responding is wasted time on a matter in which you considered so important to upstart an organization to handle issues like these.

Better get to work and stop arguing with your opposition or else failure is around the corner.

Of course you're not going anywhere. You want their money,..  Oh excuse me.. I mean you want donations for your "investigation".

Hi Matthew!

Don't let yourself be discouraged by any of the negative remarks - your site looks promising and you're doing a great service to the community if you investigate the mybitcoin.com incident. This fiasco was probably the worst strike so far against the Bitcoin community as a whole.
It's always easier for people to criticize and leave negative comments than to contribute useful ideas - with an ever-growing community like the one at hand, you'll almost certainly find some negative remarks on any new idea, no matter how great it is.

I thought it might be helpful to start a poll (https://bitcointalk.org/index.php?topic=33924.0) on how many Bitcoins were stolen in total because not many people are going to be willing to give their real names and addresses out for an official investigation but an anonymous poll could help to give a clearer picture of the incident.

As for your investigation: since we're dealing with an offshore address I wonder by which jurisdiction a possible class action lawsuit would be filed and what this would mean for victims outside that jurisdiction. I'm not very familiar with international law so forgive my lack of understanding. IOW, would a detailed report by some victim outside the US be of any help to you?

Typically class actions can include plaintiffs who aren't citizens of the jurisdiction in which the action is being brought.  However, there are rules regarding the type of injuries which can be the subject of class actions, and a lawsuit doesn't become a class action until a motion for it to be designated as such has been granted.  The action needs to meet certain rules to be given that classification and they'll differ somewhat by jurisdiction, but there's often a requirement that the action be a certain size both in terms of the number of injured parties and dollar value.

One may not want to finish like Bernard von NotHaus, and for this very reason remain anonymous.

I don't think it's impossible to do business with anonymous people. You just have to take some precautions and know how much you can afford to lose.

You're blatantly wrong and that just shows your ignorance on the subject of freedom. Go learn a bit more before talking about a subject you know nothing about.