Western Union to begin accepting Bitcoin (WSJ)

[Piper67]

So what's making me raise my eyebrows is that WU has not come out to explicitly deny any of this 

[1714141519]

1714141519

[1714141519]

1714141519

[1714141519]

1714141519

[Rassah]

If Bitcoin becomes really big, all that will happen is that the normal Bitcoin-Qt client will only be used by big companies and people who are obsessed with controlling their own wallet like not losing money, and web-wallets will end up being used all the time, by people who like being stolen from with (smart) people using offline or hardware wallets downloading their wallet.dat file daily just in case something goes wrong with their particular web-wallet.

Fixed.

Did a piss poor job fixing that. Blockchain.info can't steal your wallet, since they never get your private keys in unencrypted form (it gets encrypted in your browser before it's sent to their servers).
To add to Kazu's list, people who don't want to run the full client will also run things like Electrum wallet, which uses a central service to store the blockchain and uses the local client just to store keys and sign transactions, or a light bitcoin client, which Bitcoin-qt is working on developing, and which is already available on Android.

[Piper67]

If Bitcoin becomes really big, all that will happen is that the normal Bitcoin-Qt client will only be used by big companies and people who are obsessed with controlling their own wallet like not losing money, and web-wallets will end up being used all the time, by people who like being stolen from with (smart) people using offline or hardware wallets downloading their wallet.dat file daily just in case something goes wrong with their particular web-wallet.

Fixed.

Did a piss poor job fixing that. Blockchain.info can't steal your wallet, since they never get your private keys in unencrypted form (it gets encrypted in your browser before it's sent to their servers).
To add to Kazu's list, people who don't want to run the full client will also run things like Electrum wallet, which uses a central service to store the blockchain anduses the local client just to store keys and sign transactions, or a light bitcoin client, which Bitcoin-qt is working on developing, and which is already available on Android.

Oh, please, Rassah, don't let the truth get in the way of some good old FUD 

[justusranvier]

Blockchain.info can't steal your wallet, since they never get your private keys in unencrypted form (it gets encrypted in your browser before it's sent to their servers).

Blockchain.info can send malicious javascript to grab the private keys of anyone not running the verifier plugin.

They can push an update to the verifier plugin that renders it ineffective.

They can use code obfuscation to insert the malicious code into their GitHub repository so that even people running with a good verifier plugin won't know there's a problem. They can steal keys until somebody notices the problem via code review.

Their design is better than most web wallets, but it is not impervious.

[Kazu]

I don't get what you have against web-wallets.

Mostly it's about how they all eventually lose coins. [/qutoe]
How do they lose coins? You can't just stand up and declare that they will lose coins. There has to be a reason. They will lose coins in 3 situations:
1) The person using the wallet was an idiot.
2) The person operating the website hosting the web-wallet got hacked and wasn't using blockchain.info style encryption.
3) The person operating the website hosting the web-wallet was a scammer and wasn't using the blockchain.info style encryption.

Its easy to say "they all eventually lose coins, the ones that are currently live haven't, but they will sooner or later." Thats because the ones that don't loose coins have no reason to stop working, and the ones that do lose coins tend to stop.

Everybody already has to trust the banks.

Not anymore.

I'm talking about non-bitcoin users. They are used to trusting the banks. Trusting a web-wallet isn't any different.

I trust things like blockchain.info much more than the banks considering they actually don't have control over my wallet file.

Because of their superior design compared to other web wallets, I consider them to be suitable for holding small amounts of funds on the same order as the amount I am willing to carry around as physical cash.

Oh please. They are just as secure as any 'normal' wallet. The blockchain.info design is the future for the vast majority of people in this world. Only, probably with significantly fewer long strings of numbers.

The vast majority of people out there simply aren't going to have the knowledge needed to control their own wallet.

They will eventually obtain that knowledge. It's only a matter of how much money they will have to lose before they decide to learn.

If a honest company comes out, like WU, and starts providing non-sucky wallets, they won't have to learn, because they won't have to lose. And if they don't trust WU? Then by all means, use your own wallet. Unlike banks, WU isn't stopping you.

[justusranvier]

2) The person operating the website hosting the web-wallet got hacked and wasn't using blockchain.info style encryption.
3) The person operating the website hosting the web-wallet was a scammer and wasn't using the blockchain.info style encryption.

One of these two things will happen to every web wallet operator, regardless of whether or not they use blockchain.info style encryption. Every time the value of Bitcoin goes up the incentive to steal from a conveniently centralized repository increase. Eventually the incentive to steal overcomes any safeguards that can be put in place. This has happened over and over again throughout the history of Bitcoin. Web wallets are a scammer's paradise.

If a honest company comes out, like WU, and starts providing non-sucky wallets, they won't have to learn, because they won't have to lose. And if they don't trust WU? Then by all means, use your own wallet. Unlike banks, WU isn't stopping you.

Laiki Bank was a honest company too.

[Rassah]

Blockchain.info can't steal your wallet, since they never get your private keys in unencrypted form (it gets encrypted in your browser before it's sent to their servers).

Blockchain.info can send malicious javascript to grab the private keys of anyone not running the verifier plugin.

They can push an update to the verifier plugin that renders it ineffective.

They can use code obfuscation to insert the malicious code into their GitHub repository so that even people running with a good verifier plugin won't know there's a problem. They can steal keys until somebody notices the problem via code review.

Their design is better than most web wallets, but it is not impervious.

So... what's to stop someone from doing the exact same thing with Bitcoin-qt, and inserting a malicious version of the client into the download section that will send a copy of your private keys to them, allowing a whole slew of newbies to download and use it before it gets noticed and fixed?

[Kazu]

2) The person operating the website hosting the web-wallet got hacked and wasn't using blockchain.info style encryption.
3) The person operating the website hosting the web-wallet was a scammer and wasn't using the blockchain.info style encryption.

One of these two things will happen to every web wallet operator, regardless of whether or not they use blockchain.info style encryption. Every time the value of Bitcoin goes up the incentive to steal from a conveniently centralized repository increase. Eventually the incentive to steal overcomes any safeguards that can be put in place. This has happened over and over again throughout the history of Bitcoin. Web wallets are a scammer's paradise.

The issue here is, obviously, that they CAN'T STEAL FROM SOMETHING THEY DON'T HAVE ACCESS TO. How exactly are they going to go about stealing from your wallet that only you have the encryption key to, huh? About the only thing they could try is to get you to pass to them your key by modifying the JS upon login.

If a honest company comes out, like WU, and starts providing non-sucky wallets, they won't have to learn, because they won't have to lose. And if they don't trust WU? Then by all means, use your own wallet. Unlike banks, WU isn't stopping you.

Laiki Bank was a honest company too.

Laiki Bank is part of the EU.

[justusranvier]

So... what's to stop someone from doing the exact same thing with Bitcoin-qt, and inserting a malicious version of the client into the download section that will send a copy of your private keys to them, allowing a whole slew of newbies to download and use it before it gets noticed and fixed?

Nothing. That's one reason I tell people to use an offline Armory wallet for their savings and why that recommendation will probably change to some kind of hardware wallet once those become available.

[justusranvier]

The issue here is, obviously, that they CAN'T STEAL FROM SOMETHING THEY DON'T HAVE ACCESS TO. How exactly are they going to go about stealing from your wallet that only you have the encryption key to, huh? About the only thing they could try is to get you to pass to them your key by modifying the JS upon login.

Yes, that's exactly right. There are known failure modes via which they can get access to your private keys. Those failure modes are not as easy to trigger as a typical hot wallet theft are, but sooner or later the economic incentive to make the attempt will exist.

[Kazu]

So... what's to stop someone from doing the exact same thing with Bitcoin-qt, and inserting a malicious version of the client into the download section that will send a copy of your private keys to them, allowing a whole slew of newbies to download and use it before it gets noticed and fixed?

Nothing. That's one reason I tell people to use an offline Armory wallet for their savings and why that recommendation will probably change to some kind of hardware wallet once those become available.

Oh my goodness, talk about a conspiracy theorist.

Its open source. When money randomly disappears, people will notice "hey, wtf, my money disappeared, maybe I aught to look at source." Then they will see the fact that it is a scam, and nobody will use the web-wallet or software any more.

Furthermore people are very slow when it comes to switching to new software (http://www.ie6countdown.com/). The bitcoin community being what it is, people would probably find a change like that in less than a few days. The scammy developers would thus lose much more than they gain.

[moni3z]

Read this if you still think WU is awesome
https://bitcointalk.org/index.php?topic=125257.0

Also google 'western union complaints' and read about immigrants having no money because WU held their transfers for 60days, even after WU screwed up and gave people the wrong MTCN (it happens). Agent fucks up, wait 60 days for refund, and everytime you phone you get a 3rd world call center rep who knows nothing except scripted responses.

WU should die, Bitcoin is perfectly suited to kill them and all the other money transfer cash rackets who've been fleecing us for decades. I thought that was the point of decentralized currency so we don't have to rely on these asshole payment corporations telling us what we can and can't do anymore.

EDIT.. offtopic, javascript browser encryption is not secure whatsoever. don't believe me, believe Moxie Marlinspike
http://www.forbes.com/sites/andygreenberg/2013/01/21/researchers-warn-megas-new-encrypted-cloud-cant-keep-its-megasecurity-promises/

This is also why FireGPG was abandoned because it was found to be junk

[justusranvier]

Its open source. When money randomly disappears, people will notice "hey, wtf, my money disappeared, maybe I aught to look at source." Then they will see the fact that it is a scam, and nobody will use the web-wallet or software any more.

Only if the thieves are stupid. A smart thief would collect private keys as long as possible and wait to transfer any bitcoins at all until the vulnerability was discovered.

Oh my goodness, talk about a conspiracy theorist.

The fact that you so readily downplay the motivation and ingenuity of thieves and scammers in the bitcoin community, after history has shown us such an ample supply of both, does nothing but make me suspect you of being one.

[Kazu]

Read this if you still think WU is awesome
https://bitcointalk.org/index.php?topic=125257.0

Yay, spooky stories!

Also google 'western union complaints' and read about immigrants having no money because WU held their transfers for 60days, even after WU screwed up and gave people the wrong MTCN (it happens).

Also google 'Liberty Reserve complaints' and read about how LR is 'stealing peoples money.'
Also google 'Egold complaints' and read about how E-Gold exists only to support ponzi schemes.
Also google 'Bitcoin complaints' and read about how Bitcoin was 'hacked' and how some transfers 'never confirm.'

You can find some person that feels like complaining about anything.

Agent fucks up, wait 60 days for refund, and everytime you phone you get a 3rd world call center rep who knows nothing except scripted responses.

This is pre-bitcoin technology. You know, when there are people doing work, not computers, and where those people occasionally make mistakes, and where money takes time to transfer (time, as in days, not minutes). Just because they haven't adopted Bitcoin technology that will solve these problems yet doesn't make them 'evil' it just means that they haven't used Bitcoin yet.

WU should die, Bitcoin is perfectly suited to kill them and all the other money transfer cash rackets who've been fleecing us for decades. I thought that was the point of decentralized currency so we don't have to rely on these asshole payment corporations telling us what we can and can't do anymore.

You don't 'have to' rely on WU any more than you 'have to' rely on MTGOX. WU will (may) provide an easy way of exchanging to/from BTC, as well as potentially instantly-confirmed transactions using BTC. If you don't want to use it, then thats fine. I fail to see how WU getting involved is any different than, say, Microsoft implementing a new proprietary Bitcoin wallet in Windows Blue or any other corporation trying to make money off of bitcoin. They are corporations, they try to make money. Bitcoin is a good opportunity for them to do this. If you want to use their services, and pay for them, then thats fine. And if you don't, then I dont give a fuck TBH.
[/quote]