|
Meni Rosenfeld
Donator
Legendary
Offline
Activity: 2058
Merit: 1054
|
|
December 05, 2012, 08:17:38 AM |
|
How about an "Advanced" menu which needs to be unlocked with a big warning sign in which such features can be added?
|
|
|
|
Yuhfhrh
|
|
December 05, 2012, 09:04:24 AM |
|
How about an "Advanced" menu which needs to be unlocked with a big warning sign in which such features can be added?
This. Please.
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
December 05, 2012, 02:24:37 PM Last edit: December 05, 2012, 03:09:19 PM by casascius |
|
I think import private key should not be exposed to average users. Sweep private key should be offered instead. Users are apt to believe that once they import a private key they have ownership of the funds. But someone else who has the private key can still swipe them, a rude awakening. Offering sweep solves this. https://en.bitcoin.it/wiki/SweepprivkeyOn the other hand, I see no reason why "sweep" would need to be under an advanced menu, any more than you'd expect "Redeem iTunes Gift Card" to be on the advanced menu of iTunes.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
December 05, 2012, 02:34:11 PM |
|
I think import private key should not be exposed to average users. Sweep private key should be offered instead.
Users are apt to believe that once they import a private key they have ownership of the funds. But someone else who has the private key can still swipe them, a rude awakening. Offering sweep solves this.
+1
|
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
JackH
|
|
December 05, 2012, 03:55:07 PM |
|
How about an "Advanced" menu which needs to be unlocked with a big warning sign in which such features can be added?
This. Please. This too
|
<helo> funny that this proposal grows the maximum block size to 8GB, and is seen as a compromise <helo> oh, you don't like a 20x increase? well how about 8192x increase? <JackH> lmao
|
|
|
Jan
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
December 05, 2012, 04:07:01 PM |
|
I would rather see export private key functionality. I believe that the needle is pointing in a direction where users migrate to alternative clients. Let's make the transition easier. I know that they can just move the funds elsewhere, but many users have sent the corresponding addresses to other users/web-sites and/or use vanity addresses. Also, exporting a key is much much easier, no need to have Bitcoin-QT rescan the block chain.
|
Mycelium let's you hold your private keys private.
|
|
|
cbeast
Donator
Legendary
Offline
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
|
|
December 05, 2012, 04:10:33 PM |
|
I think import private key should not be exposed to average users. Sweep private key should be offered instead.
Users are apt to believe that once they import a private key they have ownership of the funds. But someone else who has the private key can still swipe them, a rude awakening. Offering sweep solves this.
+1 +1 Yes, please.
|
Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
|
|
|
becoin
Legendary
Offline
Activity: 3431
Merit: 1233
|
|
December 05, 2012, 04:20:55 PM |
|
I'd rather vote for both import / export private key functionality under 'Advanced' menu option, reading something like 'Do only if you know exactly what you're doing!'. And may be some special marking of the imported keys to be visibly distinct to those generated by current wallet.
|
|
|
|
bitfreak!
Legendary
Offline
Activity: 1536
Merit: 1000
electronic [r]evolution
|
|
December 05, 2012, 04:24:19 PM |
|
Or perhaps... we forget about the advanced menu and just make the import private key function available, but the user is prompted with an option of sweeping the funds when they do it. Like when they go to import the key it will show a message like "If someone else had this private key before you, your funds may be stolen. You can eliminate this risk by transferring the funds into your other secure addresses. Would you like to sweep the funds into another account?". Problem solved. You're welcome.
|
XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
|
|
|
becoin
Legendary
Offline
Activity: 3431
Merit: 1233
|
|
December 05, 2012, 04:42:17 PM |
|
but the user is prompted with an option of sweeping the funds when they do it. Like when they go to import the key it will show a message like "If someone else had this private key before you, your funds may be stolen. You can eliminate this risk by transferring the funds into your other secure addresses. Would you like to sweep the funds into another account?". This is good. May be instead of 'your other secure addresses' this warning should read 'your organic addresses'? Just mark addresses to imported and organic with proper warning if imported addresses are attempted to be used as payment receipt or request payment addresses.
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
December 05, 2012, 05:34:13 PM |
|
Or perhaps... we forget about the advanced menu and just make the import private key function available, but the user is prompted with an option of sweeping the funds when they do it. Like when they go to import the key it will show a message like "If someone else had this private key before you, your funds may be stolen. You can eliminate this risk by transferring the funds into your other secure addresses. Would you like to sweep the funds into another account?". Problem solved. You're welcome. I would have that prompt off by default and not even bother with the explanation, and if anything, have an option in the advanced menu that turns that prompt on. So, by default, one can only "sweep" a private key. BUt if they go to the advanced menu, they could turn on a checkbox that gives them the choice of sweep/import each time they do it. And that's a HUGE if. I think if users can sweep keys, there is no good reason for them to import them into their wallet, and plenty of reasons for them not to. The main advantage to importing versus sweeping is a) seeing future funds in your wallet if you're expecting them, b) preserving the bitcoin-days-destroyed and number of confirmations, resulting in a far less likelihood of needing to pay a fee to immediately respend the money. Advantage A could be offered with a checkbox: "Remember this key and sweep any funds that arrive in the future?" and a boolean flag on the address that prods the client to sweep any time incoming money is seen. Advantage B is relatively obscure and only those experts who are micro-managing their wallet should care to control it, especially if the coin selection algorithm is decent. Someone with that much expertise and that much desire for control already understands the command line anyway, making it arguable that an import option is good enough when restricted to the RPC API.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
bitcoinbear
|
|
December 05, 2012, 05:40:14 PM |
|
Or perhaps... we forget about the advanced menu and just make the import private key function available, but the user is prompted with an option of sweeping the funds when they do it. Like when they go to import the key it will show a message like "If someone else had this private key before you, your funds may be stolen. You can eliminate this risk by transferring the funds into your other secure addresses. Would you like to sweep the funds into another account?". Problem solved. You're welcome. I would have that prompt off by default and not even bother with the explanation, and if anything, have an option in the advanced menu that turns that prompt on. So, by default, one can only "sweep" a private key. BUt if they go to the advanced menu, they could turn on a checkbox that gives them the choice of sweep/import each time they do it. And that's a HUGE if. I think if users can sweep keys, there is no good reason for them to import them into their wallet, and plenty of reasons for them not to. The main advantage to importing versus sweeping is a) seeing future funds in your wallet if you're expecting them, b) preserving the bitcoin-days-destroyed and number of confirmations, resulting in a far less likelihood of needing to pay a fee to immediately respend the money. Advantage A could be offered with a checkbox: "Remember this key and sweep any funds that arrive in the future?" and a boolean flag on the address that prods the client to sweep any time incoming money is seen. Advantage B is relatively obscure and only those experts who are micro-managing their wallet should care to control it, especially if the coin selection algorithm is decent. Someone with that much expertise and that much desire for control already understands the command line anyway, making it arguable that an import option is good enough when restricted to the RPC API. If the number of confirmations is important for not incurring a fee, wouldn't sending any coins put into the address to another address you control require a fee?
|
|
|
|
Elwar
Legendary
Offline
Activity: 3598
Merit: 2386
Viva Ut Vivas
|
|
December 05, 2012, 05:46:06 PM |
|
I much prefer keeping my private key written down than backing up my wallet.
I found it difficult to import my private key when I needed to spend money from that address. I could only do it from the command line and only had access to my phone and tablet at the time. I had to install the client and download the blockchain to my work computer which took a while.
I wish there was a way to import on the Bitcoin App.
|
First seastead company actually selling sea homes: Ocean Builders https://ocean.builders Of course we accept bitcoin.
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1100
|
|
December 05, 2012, 05:49:30 PM |
|
I think import private key should not be exposed to average users. Sweep private key should be offered instead.
Users are apt to believe that once they import a private key they have ownership of the funds. But someone else who has the private key can still swipe them, a rude awakening. Offering sweep solves this.
Indeed. Any sort of private key from a gift card (or casascius coin) should be import and then the funds immediately sent to another private key, to prevent the previous private key holder from touching those funds.
|
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own. Visit bloq.com / metronome.io Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
pc
|
|
December 05, 2012, 05:52:31 PM |
|
I'll agree with adding "sweep" to the GUI, and leaving "import" to the RPC API.
The import use cases are things where people are doing some crazy things managing their own offline wallets or whatnot, and I think the command line is fine for things like that. Sweep is for people handing you a physical token (or QR code or the like) to pay you for something, and is a great way for me to give people their first coins.
|
|
|
|
Sukrim
Legendary
Offline
Activity: 2618
Merit: 1007
|
|
December 05, 2012, 06:12:42 PM |
|
If private keys are being sweeped, should the client still store these keys and sweep any further payments to these addresses too?
I think yes.
|
|
|
|
JackH
|
|
December 05, 2012, 06:16:17 PM |
|
How about making this as a plugin to the bitcoin client? Then anyone that knows what they are doing would also know about the plugin, thus allowing them to install it. At the same time, all new users wont have more confusing buttons and terminologies they need to understand.
|
<helo> funny that this proposal grows the maximum block size to 8GB, and is seen as a compromise <helo> oh, you don't like a 20x increase? well how about 8192x increase? <JackH> lmao
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
December 05, 2012, 06:37:16 PM |
|
If private keys are being sweeped, should the client still store these keys and sweep any further payments to these addresses too?
I think yes.
I think checkbox. Right below the text box where they type the key. "Remember this key and sweep any future incoming payments?". The fact that MtGox has done it by default without providing any warning or notice has confused a lot of people, and confusion over money that moves by itself when you weren't expecting it is not confidence building. On the other hand, a popup box would be needed to warn them that this will only happen while the client is running and synchronized with the network. An expectation that their money "auto-forwards" like forwarding your calls when your mobile phone is off would also result in a rude awakening if someone finds that their money could be stolen by someone who was able to grab it before the sweep did.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
December 05, 2012, 06:41:48 PM |
|
How about making this as a plugin to the bitcoin client? Then anyone that knows what they are doing would also know about the plugin, thus allowing them to install it. At the same time, all new users wont have more confusing buttons and terminologies they need to understand.
I think it should be built in, and look as much like "Redeem iTunes Gift Card" does in iTunes: a simple button or menu option, and that's all you see until you go there and click it. It doesn't confuse anyone: the concept is understandable even for children and grandma. The setup infrastructure for finding and loading plugins would be far more intrusive and complex. (Just for fun, I went to look at iTunes's redemption screen, and discovered that you can actually redeem iTunes gift cards just by holding them up to the computer's web cam. The pictures in the interface suggest it does OCR on the gift card number, rather than any sort of bar code. Now, that's user friendly. Kudos to BlockChain.info for offering something similar for reading QR code private keys)
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|