Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1134
|
|
December 04, 2012, 04:51:29 PM |
|
There are several problems with blockchain.info My Wallet which is why I don't think the project should ever officially recommend it or point users to it. I say that even though it's a really nice site and I regularly use its other services. I just don't think hosted wallets are a good idea: - If the site ever gets hacked, everyone who uses it can lose all their money. I know the owner claims it's not possible, but he's wrong. The reason is that your browser will download new code from the site silently and automatically, and that code can do anything, including sending your private keys to a bad guy. You would never even know it's happened. If you think it's unlikely that the site will get hacked, I wonder where you have been in the past couple of years! Websites get owned all the time, rootkits installed and they begin vending malware. Often they do so in ways that make it hard for the admin to notice there's a problem. Downloadable clients, for better or worse, don't currently have that problem (they have another problem which is that you have to manually fetch updates, but at least they can be given gitian-style updaters fairly easily).
- There is a Chrome extension that is supposed to fix the first issue by alerting you when things change, but that isn't going to work. It's hardly used and the failure mode is an indecipherable error message that users seem to click through without understanding (judging from previous mentions of it on this very forum).
- The site knows all your transactions, your balances and your IP addresses. So it's not very private.
- The 2-factor auth isn't really 2-factor auth as you would expect it to be.
- Although it's definitely arguable, to a financial regulator the site looks and feels like a financial institution. They let users open accounts. They process payments. They take deposits. There is a specific owner in a specific jurisdiction. The fact that the keys for authorizing transactions aren't on the servers is the sort of technical detail they're unlikely to care about. If somebody decides that blockchain.info is actually a bank, everyone on the site will be required to go through AML/KYC (at best) or the owners could be liable (at worst). I hope that doesn't happen but there's no way I'd run a hosted wallet.
Unless you're an iPhone user, I don't think there are any good reasons to use a hosted wallet. On a PC or Mac install MultiBit and use that instead. On Android install Bitcoin Wallet. Don't recommend friends to use blockchain.info because if anything goes wrong it could become the next MyBitcoin. For iPhone users, recommend they swap it for an Android device if they want to get serious about Bitcoin.
|
|
|
|
kokojie
Legendary
Offline
Activity: 1806
Merit: 1003
|
|
December 04, 2012, 04:53:16 PM |
|
I think Blockchain.info is the first place new users should be sent to who want to create a new wallet. That is disappointing, because it pushes users straight into a centralized, non-private, easy-to-monitor solution. In engineering terms, an SPOF (Single Point Of Failure). Point users to a decentralized client like MultiBit or Electrum etc. It's just an option, not a single point of failure, if blockchain.info is gone today, I have my encrypted wallet backed up in my dropbox and gmail, I can just take it to multibit or electrum and load my wallet up easily.
|
btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
|
|
|
kokojie
Legendary
Offline
Activity: 1806
Merit: 1003
|
|
December 04, 2012, 05:00:45 PM |
|
There are several problems with blockchain.info My Wallet which is why I don't think the project should ever officially recommend it or point users to it. I say that even though it's a really nice site and I regularly use its other services. I just don't think hosted wallets are a good idea: - If the site ever gets hacked, everyone who uses it can lose all their money. I know the owner claims it's not possible, but he's wrong. The reason is that your browser will download new code from the site silently and automatically, and that code can do anything, including sending your private keys to a bad guy. You would never even know it's happened. If you think it's unlikely that the site will get hacked, I wonder where you have been in the past couple of years! Websites get owned all the time, rootkits installed and they begin vending malware. Often they do so in ways that make it hard for the admin to notice there's a problem. Downloadable clients, for better or worse, don't currently have that problem (they have another problem which is that you have to manually fetch updates, but at least they can be given gitian-style updaters fairly easily).
- There is a Chrome extension that is supposed to fix the first issue by alerting you when things change, but that isn't going to work. It's hardly used and the failure mode is an indecipherable error message that users seem to click through without understanding (judging from previous mentions of it on this very forum).
- The site knows all your transactions, your balances and your IP addresses. So it's not very private.
- The 2-factor auth isn't really 2-factor auth as you would expect it to be.
- Although it's definitely arguable, to a financial regulator the site looks and feels like a financial institution. They let users open accounts. They process payments. They take deposits. There is a specific owner in a specific jurisdiction. The fact that the keys for authorizing transactions aren't on the servers is the sort of technical detail they're unlikely to care about. If somebody decides that blockchain.info is actually a bank, everyone on the site will be required to go through AML/KYC (at best) or the owners could be liable (at worst). I hope that doesn't happen but there's no way I'd run a hosted wallet.
Unless you're an iPhone user, I don't think there are any good reasons to use a hosted wallet. On a PC or Mac install MultiBit and use that instead. On Android install Bitcoin Wallet. Don't recommend friends to use blockchain.info because if anything goes wrong it could become the next MyBitcoin. For iPhone users, recommend they swap it for an Android device if they want to get serious about Bitcoin. Blockchain.info has provided the necessary security, whether the user utilize it, is not blockchain.info's problem. I for one utilize all of blockchain.info's security feature, including browser extension to check the code, and 2 factor google authenticator auth. Explain to me why "2 factor isn't 2 factor"? The site knows all my transactions? yeah so does the bitcoin blockchain. My IP address? good luck finding it, In the past 10 years, I've never browsed a website without ssh tunnel. Blockchain.info does not take deposits, since I control my own wallet, blockchain.info has no way to access it, therefore, they don't have any deposits. In a sense, blockchain.info is not a hosted wallet, it's just a tool, programmed in a web based language, to manage my own wallet.
|
btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
|
|
|
Technomage
Legendary
Offline
Activity: 2184
Merit: 1056
Affordable Physical Bitcoins - Denarium.com
|
|
December 04, 2012, 05:14:14 PM |
|
I agree with some of the points Mike Hearn raises but I think it's important to note that with the Blockchain Wallet it's not the same as with a web wallet that holds your private keys. If Blockchain became compromised, there is a very limited time window of attack, until everyone knows to not trust the site and then everyone not affected by it would use their backups to get access to the coins.
The time window is small in any case because some people do use the validator and if something fishy was going on, information about it would spread like wildfire. The security issue is a valid point and it's a real risk but compared to a service that actually has access to the private keys the risk is much smaller.
There is always going to be sort of a battle between security and convenience. Even now there are relatively easy, totally bulletproof methods, of securing your bitcoins. Using those bitcoins after you've secured them, is often not easy however. I think the Blockchain Wallet is a good mix of extreme convenience and high security. If you want a slightly less convenient and very secure wallet, Multibit and Electrum are good recommendations.
|
Denarium closing sale discounts now up to 43%! Check out our products from here!
|
|
|
Technomage
Legendary
Offline
Activity: 2184
Merit: 1056
Affordable Physical Bitcoins - Denarium.com
|
|
December 04, 2012, 05:22:57 PM |
|
I would like to add that I don't necessarily think the security of the Blockchain Wallet is adequate for very large amounts of bitcoins. I'd use something like a paper wallet or an offline wallet via Armory in that case. But if you have a user that has a small to medium amount of bitcoins and wants to actually use them, the Blockchain Wallet is a good choice. It's important to instruct people to backup the wallet though, that is very important.
|
Denarium closing sale discounts now up to 43%! Check out our products from here!
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1134
|
|
December 04, 2012, 05:25:03 PM |
|
Have you tried importing your blockchain wallet into other clients? As far as I know it's a deterministic wallet which isn't yet well supported. Maybe Electrum can do it. Other clients will catch up at some point so this is more of a practical concern than a long term issue. For the 2-factor auth on blockchain.info see here: https://bitcointalk.org/index.php?topic=64300.msg754858#msg754858It's meaningless to say "the blockchain knows all my transactions". The transactions in the chain aren't linked together. I can't see all kokojies transactions even though I have the full block chain. However if I can find your IP address and gain access to blockchain.info, now I can see all your transactions. If you use the extension, understand what it does, check what's happening every time it alerts, always use proxies, etc, you are in a tiny minority. Things need to be robust by default. I'm not saying other clients are all inherently superior - auto update in Bitcoin is an unusually hard problem. For instance the Android wallet can be updated by its author to steal all coins too, you just have to trust he won't do that (or delay accepting the update for a few days - you do get notified and can accept/reject, at least). With regards to what the site is, whether it takes deposits, etc, what you believe is irrelevant. It's really what law enforcement/the regulators believe that matters. I don't think people will really exercise restraint with these hosted wallets. They didn't with MyBitcoin, even though it was far shadier than blockchain.info is. I also don't buy the convenience angle. Why is the site more convenient than a regular downloadable app?
|
|
|
|
kangasbros
|
|
December 04, 2012, 05:29:28 PM |
|
Unless you're an iPhone user, I don't think there are any good reasons to use a hosted wallet. On a PC or Mac install MultiBit and use that instead. On Android install Bitcoin Wallet. Don't recommend friends to use blockchain.info because if anything goes wrong it could become the next MyBitcoin. For iPhone users, recommend they swap it for an Android device if they want to get serious about Bitcoin.
I don't see the point of storing any serious amount of money on a mobile phone in the first place. I myself store on my mobile phone about 150 euros worth of bitcoins. That is enough to pay for my lunch/restaurant bills and settle small debts between friends. If my phone gets stolen or the wallet gets hacked, the phone is actually more valuable than the coins.
|
|
|
|
Technomage
Legendary
Offline
Activity: 2184
Merit: 1056
Affordable Physical Bitcoins - Denarium.com
|
|
December 04, 2012, 05:38:14 PM |
|
I also don't buy the convenience angle. Why is the site more convenient than a regular downloadable app? The convenience comes from the fact that it's not device specific. That is the advantage of web wallets. You can use the same wallet conveniently from any device. Of course it's not smart to use it from "any device" but if you have multiple secure devices it's more convenient than having a native client. If a user doesn't need that feature, then I agree that there is no convenience angle. In fact a native app can be more convenient if you need the wallet on just one device.
|
Denarium closing sale discounts now up to 43%! Check out our products from here!
|
|
|
auzaar
|
|
December 04, 2012, 05:40:31 PM |
|
The answer is FU.CK YOU. Everybody is able to wait one or two days downloading the last brand new videogame in their bittorrent client, or the last blockbuster movie but is too lazy to wait a day for the blockchain to download. Only a day downloading and a new economy will be available for the user. And they still complain. very nicely put, the problem with bitcoin
|
|
|
|
|
piuk
|
|
December 04, 2012, 06:07:39 PM |
|
- The site knows all your transactions, your balances and your IP addresses. So it's not very private.
Not really, once logged out wallets are just random bytes. Queries made using the API and by the wallet interface are not differentiated and there is no differentiation made between watch only addresses and addresses with a private key which would make it difficult to record the balance if we wanted to.
|
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1134
|
|
December 04, 2012, 06:11:01 PM |
|
What I meant is you have the address queries in your logs tied to IP and so on. Or if you don't, that can change at any point (eg, if you sell the site).
Don't get me wrong, blockchain.info is a really nicely done site. But if 90% of Bitcoin users ended up on My Wallet, I wouldn't feel comfortable with that due to the aforementioned reasons.
|
|
|
|
|
420
|
|
December 04, 2012, 06:36:24 PM |
|
how will QT 0.8 reduce the time it takes to sync? will our system still be secure if people no longer download the full block chain?
|
Donations: 1JVhKjUKSjBd7fPXQJsBs5P3Yphk38AqPr - TIPS the hacks, the hacks, secure your bits!
|
|
|
Red Emerald
|
|
December 04, 2012, 06:39:34 PM |
|
What I meant is you have the address queries in your logs tied to IP and so on. Or if you don't, that can change at any point (eg, if you sell the site).
Don't get me wrong, blockchain.info is a really nicely done site. But if 90% of Bitcoin users ended up on My Wallet, I wouldn't feel comfortable with that due to the aforementioned reasons.
Most of your aforementioned reasons are not valid... Lets go over them again. There are several problems with blockchain.info My Wallet which is why I don't think the project should ever officially recommend it or point users to it. I say that even though it's a really nice site and I regularly use its other services. I just don't think hosted wallets are a good idea: - If the site ever gets hacked, everyone who uses it can lose all their money. I know the owner claims it's not possible, but he's wrong. The reason is that your browser will download new code from the site silently and automatically, and that code can do anything, including sending your private keys to a bad guy. You would never even know it's happened. If you think it's unlikely that the site will get hacked, I wonder where you have been in the past couple of years! Websites get owned all the time, rootkits installed and they begin vending malware. Often they do so in ways that make it hard for the admin to notice there's a problem. Downloadable clients, for better or worse, don't currently have that problem (they have another problem which is that you have to manually fetch updates, but at least they can be given gitian-style updaters fairly easily).
- There is a Chrome extension that is supposed to fix the first issue by alerting you when things change, but that isn't going to work. It's hardly used and the failure mode is an indecipherable error message that users seem to click through without understanding (judging from previous mentions of it on this very forum).
The chrome extensions is sufficient. Maybe it could have a better error message, but a user ignoring the error message is not the sites fault. There should probably be a bigger message telling all the wallet users to install it, but what you are saying is FUD. I keep as much coin on my phone as I do cash in my wallet. It is more likely that I get mugged than the site gets compromised and I ignore the warning message telling me its compromised and I login with my two factor auth anyway. - The site knows all your transactions, your balances and your IP addresses. So it's not very private.
I don't really see this as much of an issue, but if it is a problem for you, use a proxy to access the site and send all your funds through the anonymous mixer (a service not available to the standard the client and as easy to use as checking a checkbox). So to me, this seems MORE private than the satoshi client. - The 2-factor auth isn't really 2-factor auth as you would expect it to be.
The 2-factor mt.gox yubikey auth is limited. The 2-factor through google is perfectly secure. - Although it's definitely arguable, to a financial regulator the site looks and feels like a financial institution. They let users open accounts. They process payments. They take deposits. There is a specific owner in a specific jurisdiction. The fact that the keys for authorizing transactions aren't on the servers is the sort of technical detail they're unlikely to care about. If somebody decides that blockchain.info is actually a bank, everyone on the site will be required to go through AML/KYC (at best) or the owners could be liable (at worst). I hope that doesn't happen but there's no way I'd run a hosted wallet.
Definitely arguable. If the site does go down forever or changes in a way that makes the customer uncomfortable, everyone who has a wallet has an AES encrypted backup that can easily be imported into another client. These backups (which are incredibly easy to use) get sent any time anything in the wallet changes, so it's not like you will have to download them from a compromised site. blockchain.info is completely different than many of the other hosted wallets we have seen. It is not possible for piuk to run away with your coins. If a government seizes his servers, all of his customers are fine because they already have backups of their private keys. Additionally, the jailbroken iPhone app also does not have any of your (IMO invalid) concerns about javascript security.
|
|
|
|
jim618
Legendary
Offline
Activity: 1708
Merit: 1066
|
|
December 04, 2012, 07:20:25 PM |
|
Have you tried importing your blockchain wallet into other clients? As far as I know it's a deterministic wallet which isn't yet well supported. Maybe Electrum can do it. Other clients will catch up at some point so this is more of a practical concern than a long term issue.
It is off-topic but it might be useful to someone: The 'Tools | Import Private Keys' in MultiBit can import the blockchain.info wallet backups (This is both the single and double encrypted ones. Piuk wrote the import code and I hooked it into the UI). When you select the private key import file there is a combo box where you can choose the file extension: It takes ages as it has to sync from the genesis block but at least you get your wallet recovered.
|
|
|
|
Red Emerald
|
|
December 04, 2012, 07:25:26 PM |
|
Have you tried importing your blockchain wallet into other clients? As far as I know it's a deterministic wallet which isn't yet well supported. Maybe Electrum can do it. Other clients will catch up at some point so this is more of a practical concern than a long term issue.
It is off-topic but it might be useful to someone: The 'Tools | Import Private Keys' in MultiBit can import the blockchain.info wallet backups (This is both the single and double encrypted ones. Piuk wrote the import code and I hooked it into the UI). When you select the private key import file there is a combo box where you can choose the file extension: ... It takes ages as it has to sync from the genesis block but at least you get your wallet recovered. Super easy. Also, it is not a deterministic wallet. It's just some JSON with encrypted private keys.
|
|
|
|
mccorvic
|
|
December 04, 2012, 08:09:30 PM |
|
That fact that we have debated this topic for more than 2 posts highlights exactly the problem the reddit guy in OP had.
If we, users of bitcointalk.org and people who have a good grasp of what's going on, are debating it then new users are that much more disadvantaged. Please, continue to make whatever argument but my previous sentence is the answer to whatever humph-grumph you come up with.
|
|
|
|
kangasbros
|
|
December 04, 2012, 08:19:26 PM |
|
The thing I have told the newbies, mostly people I have met via localbitcoins:
- There are many different wallets with different security and privacy models, you can choose multiple based on which suits your different use cases - For small amounts and learning about bitcoins, web based wallets are good - For stand-alone clients, I have recommended electrum (haven't used multibit myself, but I've heard that it is good) - I don't recommend bitcoin-qt at all, unless you are experienced with computers - Offline-generated paper wallets are easy concept to understand and offer understandable security for non-computer-savvy people (put it in a safe)
Edit: and most important thing - all wallets are compatible with each other. You can send money between all the different bitcoin wallet). And the switching costs are low. This is very important point to say, because people tend to think in the old frames - they think in terms of traditional technological lock-ins.
|
|
|
|
acoindr
Legendary
Offline
Activity: 1050
Merit: 1002
|
|
December 04, 2012, 08:25:03 PM |
|
Simple solution. (at least imo) There are good arguments being made here on both sides (hosted wallet vs. non-hosted), but what I haven't seen taken into consideration is different use cases for different users. I think that is key. I agree with Jeff Garzik and Mike Hearn for the reasons all users shouldn't be told their end destination should be hosted wallets. BUT the thing is Bitcoin isn't some 'no brainer' credit card; it requires thinking and responsibility ultimately always falls on the user. Hosted wallets like Blockchain.info should be recommended to new users imo, just with a caveat of the dangers, and that it's not the truest way to use bitcoin, which should be learned at some point but is not necessary to begin getting familiar with it. EDIT: kangasbos in the directly preceding post beat me to this concept essentially
|
|
|
|
|