ChainLock your online accounts using a bitcoin address

[cloverme]

So, right, anyone can implement this pretty easily, it doesn't take that much effort. It's maybe <20 lines of code, minus the user interface, or database code to get the users address and locking amount.

Code:

function getBalance($address) {
    return file_get_contents('https://blockchain.info/en/q/addressbalance/'. $address);
}
$balance_address =  getBalance('12c6DSiU4Rq3P4ZxziKxzrL5LmMBrzjrJX');
$locked_amount = '1000000';
if ($balance_address < $locked_amount) {
	// Allow withdrawal
	echo 'allow';
}
else {
	// Do not allow withdrawal
	echo 'deny';
}

I'm failing to see the reason to use your product 

[ChainLock]

So, right, anyone can implement this pretty easily, it doesn't take that much effort. It's maybe <20 lines of code, minus the user interface, or database code to get the users address and locking amount.

Code:

function getBalance($address) {
    return file_get_contents('https://blockchain.info/en/q/addressbalance/'. $address);
}
$balance_address =  getBalance('12c6DSiU4Rq3P4ZxziKxzrL5LmMBrzjrJX');
$locked_amount = '1000000';
if ($balance_address < $locked_amount) {
	// Allow withdrawal
	echo 'allow';
}
else {
	// Do not allow withdrawal
	echo 'deny';
}

I'm failing to see the reason to use your product 

Are you saying that because the basic concept is fairly easy to implement... that it's not valuable? Not useful? Or are you saying that because the basic concept is fairly easy to implement, that banks and other service providers will just implement the idea without help from us?

It would be much more interesting to hear people's opinion on whether banks should implement the idea? Do you think it is a good idea? Do you think the idea is better than existing 2FA approaches? If not... why not?

Instead of demonstrating how to implement the idea... can you demonstrate why the idea won't be adopted? Or why it should not be adopted?

Do you like the current state of 2FA? Do you consider SMS texting safe? Do you like token OTP? Do you still have to log into your bank account to verify your balance? Are you worried about losing your phone? Are you worried a lost phone may end up in the hands of a hacker? Do you know how to disable token OTP on a lost or stolen phone?

Are service providers paying companies like Authy for their infrastructure? For their servers? For their programmers and support staff? Are the Authy servers safe? Are you sure? Is the bitcoin blockchain safe?

This thread could be so much more interesting. We get it. The basic concept is fairly easy to implement once you understand it. Most everything is easy once you understand it. Does anyone have anything else to say about the idea? Anything that might be interesting to read?

By the way... we have developed many, many additional enhancements to the basic concept. If the basic concept is adopted, then our multitude of enhancements will also be adopted.

But if the basic concept is not adopted... the multitude of enhancements don't really matter.

So again. Can anyone please tell us why the basic concept won't be adopted? Or should not be adopted?

[cloverme]

Concept vs Project vs Business.... Yes, it's an interesting concept, but as a business it's flawed because your concept requires a developer to implement. If the developer is going to implement your concept, they don't really have to use anything you've developed to do it. In essence, you're selling lemonade to lemon farmers.  Is OTP foolproof, sms, or email? No... but your system is still dependent on other systems with a wide attack surface as well. The server, database, network, dns, code, ports, etc can be probed for vulnerabilities.

The major problem though (for me to implement this into my own apps) is that most people don't understand the relationship between an account/wallet with a single bitcoin address. Most people would likely use an address that they either A) already know and have used or B) generate a new address from an existing wallet. The majority of bitcoin users don't really understand the concept of inputs and outputs, so they're going to unintentionally "unlock" some account when they buy alpaca socks. It's not something for your casual user, it's something that needs to be used by an experienced and educated bitcoin user.

It's obvious you're passionate about this, so keep going, creating, and plugging holes you find along the way.

[ChainLock]

Concept vs Project vs Business.... Yes, it's an interesting concept, but as a business it's flawed because your concept requires a developer to implement. If the developer is going to implement your concept, they don't really have to use anything you've developed to do it. In essence, you're selling lemonade to lemon farmers.  Is OTP foolproof, sms, or email? No... but your system is still dependent on other systems with a wide attack surface as well. The server, database, network, dns, code, ports, etc can be probed for vulnerabilities.

The major problem though (for me to implement this into my own apps) is that most people don't understand the relationship between an account/wallet with a single bitcoin address. Most people would likely use an address that they either A) already know and have used or B) generate a new address from an existing wallet. The majority of bitcoin users don't really understand the concept of inputs and outputs, so they're going to unintentionally "unlock" some account when they buy alpaca socks. It's not something for your casual user, it's something that needs to be used by an experienced and educated bitcoin user.

It's obvious you're passionate about this, so keep going, creating, and plugging holes you find along the way.

Concept vs Project vs Business.... Yes, it's an interesting concept, but as a business it's flawed because your concept requires a developer to implement. If the developer is going to implement your concept, they don't really have to use anything you've developed to do it. In essence, you're selling lemonade to lemon farmers.

Of course we have addressed this issue. There are many, many businesses that face this same issue, yet they are profitable.

Is OTP foolproof, sms, or email? No... but your system is still dependent on other systems with a wide attack surface as well. The server, database, network, dns, code, ports, etc can be probed for vulnerabilities.

This is probably the strangest comment yet because it is posted on a site dedicated to bitcoin. The comment claims "our system" is insecure, but the security of our system is not "ours."  The security of "our" system is bitcoin. If someone can hack a bitcoin address used to unlock an account, then that same person can hack any bitcoin address. That person could just steal $10 billion. But of course no person has or will.

The major problem though (for me to implement this into my own apps)

ChainLock is not going to be implemented by individuals into their own "apps." ChainLock will be implemented by service provider websites such as banks.  

is that most people don't understand the relationship between an account/wallet with a single bitcoin address.

ChainLock does not limit the user in any way as to what bitcoin address they can use to lock an account. We used a "single" bitcoin address in the Mycelium wallet for the demo video so that the bitcoin address remains static. No doubt there is some complexity to bitcoin. Some amount of learning. But again, this is a bitcoin site. Doesn't everyone reading these posts already agree the complexity of bitcoin is about the same as a website browser? Doesn't everyone agree that the complexity of bitcoin will eventually be a non-issue?

Most people would likely use an address that they either A) already know and have used or B) generate a new address from an existing wallet.

Our response to this comment is... what? First this commenter argues ChainLock is so simple the banks will just implement it without our help... then this comment which clearly shows an inability to understand the basic concept. Of course it doesn't matter what bitcoin address is used to lock an account. The user can use any bitcoin address. One they "already know and have used" or "generate a new address from an existing wallet" or whatever. In the demo video, we use a "single address" account generated by the Mycelium app. Generating a "single address" account really is not that difficult, but even if it turns out to be difficult for users, certainly wallet apps like Mycelium can make it easier to generate a "single address" account used to lock an online account. For example, they could change the menu command from "generate single address account" to "generate ChainLock address." Again, the complexity of our system is no more than the complexity of bitcoin. If users cannot figure out our system, then they cannot figure out bitcoin. Like most companies working in this space, we are counting on the ability of users to understand how to use bitcoin.

The majority of bitcoin users don't really understand the concept of inputs and outputs, so they're going to unintentionally "unlock" some account when they buy alpaca socks.

Finally someone has made a comment that is interesting to read. Yes! You are right! There is a possibility that a user might unintentionally spend bitcoin from a ChainLock address, thereby potentially unlock an online account. We have designed ChainLock so that this scenario is not possible. It's one of the enhancement features we talk about in the above comments, as well as in our demo video.

It's not something for your casual user, it's something that needs to be used by an experienced and educated bitcoin user.

If this comment is true, then bitcoin is doomed. If a user cannot understand how to use ChainLock, then they will of course not understand how to use bitcoin in general. Further, if a user cannot understand ChainLock, they probably should not be using bitcoin at all. Similarly, if an old person has dementia, they should not be allowed to carry a paper wallet because they no longer understand how to use paper money. Bitcoin is not that hard to use.

[ChainLock]

We published a shorter version of the ChainLock demo video which can be seen here:

http://chaintightsecurity.com/content

[ChainLock]

We posted a video addressing the frequently asked questions about ChainLock which can be seen here:

http://chaintightsecurity.com/content

[bittraffic]

Its an interesting concept but like the said, security flaw is an issue. Allowing a third party to hold bitcoin is a security flaw it self. We even move our money back from exchanges to our wallets if we don't expect something to happen in the market due to security.

Chainlock can probably lure users if they give interest if users store their btc. But most probably can turn into scam

[ChainLock]

Its an interesting concept but like the said, security flaw is an issue. Allowing a third party to hold bitcoin is a security flaw it self. We even move our money back from exchanges to our wallets if we don't expect something to happen in the market due to security.

Chainlock can probably lure users if they give interest if users store their btc. But most probably can turn into scam

Yet another comment that makes absolutely no sense. It's almost like people don't want a product like ChainLock to succeed.

Imagine if ChainLock does succeed. It will rocket bitcoin into the mainstream. It will introduce the actual use of bitcoin to hundreds of millions of people. These new users will learn how to perform bitcoin transactions with a very low monetary value but with a very high significance value.

We have already addressed this nonsense comment in our FAQ video for anyone that wants to take a few minutes to actually learn about how ChainLock works:

http://chaintightsecurity.com/content

[cloverme]

We're trying to give you some feedback on what our thoughts are on your concept. If you don't want feedback, you can post in the Announcement subform or contact Bank of America since that seems to be who you want to use it.

I appreciate your passion for the product, but if you're looking for that... "Ah ha! This is genius and going to disrupt the multifactor authentication market!" you still need to listen to the feedback, improve your product/service, and try again.  Or, don't listen to us and continue on your own path. You drive your own success.

[ChainLock]

We're trying to give you some feedback on what our thoughts are on your concept. If you don't want feedback, you can post in the Announcement subform or contact Bank of America since that seems to be who you want to use it.

I appreciate your passion for the product, but if you're looking for that... "Ah ha! This is genius and going to disrupt the multifactor authentication market!" you still need to listen to the feedback, improve your product/service, and try again.  Or, don't listen to us and continue on your own path. You drive your own success.

We do appreciate thoughtful, meaningful feedback that might help us improve ChainLock, and that is what we are hoping for from this thread.

We do not understand feedback that is nonsense.

Your suggestion to "improve the product and try again" is also nonsense given that no one has made a coherent comment that would warrant improvement (other than the inadvertent spending out of a ChainLock address which we have already addressed).

Again, we are actually encouraged by the inability of anyone to demonstrate cracks in the ChainLock protocol.

If commenters on this site want to be critical, we simply appreciate a little effort to at least understand ChainLock before posting a comment.

Posting comments like "it will take 2 hours for a ChainLock transaction to post to the blockchain" is simply wrong. These types of critical, technically incorrect comments merely demote ChainLock for no reason.

Everyone interested in the success of bitcoin should be interested in the success of products like ChainLock because they promote the use of bitcoin.

[ChainLock]

We have posted another video that explains how ChainLock compares to popular two-factor authentication (2FA), such as SMS and token one-time-password (OTP) authentication.

http://chaintightsecurity.com/content

The most important point we make in this new video is that ChainLock will cause the adoption of Bitcoin to explode. This is the most important benefit of ChainLock with respect to the Bitcoin ecosystem.