Trust No One

[molecular]

I will not trust anyone but myself :p

Sometimes I don't even trust myself.

[1714295506]

1714295506

[1714295506]

1714295506

[molecular]

You can trust banks though, right?

But of course! You can trust them to overcharge or otherwise screw you out of your hard-earned money.

[TheHeroMember]

How secure is Mt. gox? Are they the most secure of the online currency converters?

They were hacked a while ago, so idk.

really?

[TheHeroMember]

Is there a list in this forum for trustworthy people?

[zameek]

dont trust anyone

[LoWang]

noob question: how do I create a wallet without a network connection? You guys are full of bold and supposedly clear statements about security, but it may not be that clear for everybody! Sadly there is not a word about creating a new wallet on an official bitcoin wiki, so I can only guess I understood the pieces of information on this forum well enough...This is how I thought it works:
to create a new wallet you need to start a bitcoin-qt (or bitcoind?) and let it download the whole block-chain. Or is it not needed and the valid wallet will be created even when I install Bitcoin while offline? Well I just tried that on my second laptop: copied a bitcoin install file onto it, disconnected it from network, installed Bitcoin and checked "run bitcoin client" while clicking "finish" button. Then I checked the data folder and was surprised there is already about 350MB of data Where did this come from? Wallet.dat was also there...but no what? Is that complete? Bitcoin client is still not starting, but I see it in the task manager doing something. OK so finally the window appeared after a minute or so and is trying to synchronize with a network even when I am offline. No error message, so now tell me what should I think? Is this wallet.dat OK to use? Why is the file continuously being changed (modify time) even when there is no network connection? I guess I will now send some BTC to this wallet address, then move it to my another computer, load it in bitcoin-qt and see if the balance updates...

[Stephen Gornick]

noob question: how do I create a wallet without a network connection?

The fastest method is to use a copy of the html file from BitAddress.org
 - http://BitAddress.org
That will generate private and public key pairs in your browser, regardless of whether you are online or offline.  You can then print that out and have a paper-based wallet.  You can then import that private key into an exchange (e.g., Mt. Gox) a javascript wallet (e.g., My Wallet from http://BlockChain.info/wallet ) or with a third-party utility, into the Bitcoin client wallet.

to create a new wallet you need to start a bitcoin-qt (or bitcoind?) and let it download the whole block-chain.

The bitcoin-qt client will create a new wallet the first time it is launched, and it will create a pool of addresses which can be used to start receiving bitcoin payments at but you cannot spend those coins until the blockchain has caught up.

If you are wanting to create an offline-only wallet (i.e., an "air gap network" wallet) for security reasons, that is a special use-case and is described here:
 - http://en.bitcoin.it/wiki/How_to_set_up_a_secure_offline_savings_wallet

tl;dr: Bitcoin is a network-dependent technology.  The Bitcoin client is not necessarily functional to end-users without it being connected to the network.

[Zombie]

 True that bro! You can't trust no one on this forum or any forum! 

[TheHeroMember]

Cool posts. I don't trust anyone here neither.

[B4THC4t]

So how can one safely obtain bitcoins if there is no trust anywhere?  When the money changes hands there must be some protection?

[koin]

So how can one safely obtain bitcoins if there is no trust anywhere?  When the money changes hands there must be some protection?

looks like this is the only way to trade bitcoins then:


photo from z1xwitch: http://z1x.dk/

simply, there is trust necessary but that can be managed to minimize your risk.   i trust an exchange for the day or two while a little bit of my funds were sent there before i do a trade.  then i withdraw.  if the exchange closes (or is forced to) the chances of me having any funds there when that happens are fairly small.

[zorbus]

Is there a list in this forum for trustworthy people?

I'd like to know too.

[silverbox]

Thanks!

[xminer]

How secure is Mt. gox? Are they the most secure of the online currency converters?

Yes, they've been hacked in the past; maybe more than once or twice.

But most problems with crypto currency exchanges come down to "how secure is your password&the computer you use to access the services". Typical hack looks like "someone logged in and sent my btc to *address*". No, keeping funds in usd will not help either. For some reason exchanges don't implement additional auth for money transfers which could partially help in such situations

[FullFathom5]

The title of this thread is provocative, but is a bit of nonsense too. I view it more as rhetorical questions being posed.

Trust.
The majority of users engaged in BTC related activity haven't audited the source code of the programs they rely on to 1) generate 2) store and 3) exchange their BTC with. By audit I mean they have read the source code and understand the implications. Thoroughly. I certainly haven't.

So fundamentally this isn't about a lack of trust, just who/what do you trust? What criteria are we using to determine that something is deserving of our trust? Fanboy forum posts? Paranoiacs with aversions to sunlight, pop music and anything smacking of public policy? We all have our "reasoning" but is it consistent? Why does it work? Given that the technologies we rely on to "guarantee" trust in BTC have been created by competent programmers who understand the minutiae of their work, we are by default already trusting quite a few people before we even get started. Complete strangers in most cases. BTC was "founded" by who exactly? Satoshi Nakamoto?  And it doesn't ultimately matter as the process has begun and now we (collectively) are its users, owners, developers, detractors, consumers.

So by participating in BTC you all trust a fictitious character. Didn't your mother ever tell you not to accept candy from strangers? In order for BTC to continue we as participants in this experiment have to trust each other. Otherwise the coin won't flow. However we don't want to give it away for free and have all those hard earned BTC disappear in a poof of misspent kilowatt hours so...

Security.
How to prevent digital pickpockets? Networked resources are more vulnerable than non-networked. Keeping that thumb drive off networked resources might be a reasonable start. Is it enough? Probably not. Encryption might be worthwhile too. Ghost partitions seem like a nice touch. These are still susceptible to the original, old school brute force attack: some thug standing over you threatening your life or that of loved ones if you don't provide access to your wealth. Good thing for us, this is highly unlikely as the intellectual/cultural barrier makes the general public fairly ignorant of the ins & outs of this community (and I'm a 1337th level paladin who can see the future). If you really want to establish an index of risk for losing your cryptowealth by threat of violence, perhaps you can start here http://www.fbi.gov/about-us/cjis/ucr/ucr/. I think healthy paranoia is useful, unqualified paranoia is science fiction. I'm a fan of scifi but there has to be a reasonable limit. I guess the question here is what's reasonable? I think we can park threat of violence and safe deposit box theft in the "low risk" category for the most part.
 
My guess is that the biggest threat of digital pickpocketing comes from within the BTC community itself. This is the population that actually knows 1) of BTC and 2) more about the tools of the trade and how they work (though perhaps I shouldn't give too much credit on that second point, see comment on auditing above under "Trust". An aside here: aren't we vulnerable to the programmers of these tools we use to the extent that we trust them?). The system at present puts a premium on anonymity. I like that feature, not sure if it helps in terms of knowing who just pilfered my BTC wallet. Also seems easier to prosecute someone with a name instead of a hash string with a series of associated dotted quads. How to audit the system to ensure that the BTC I claim were stolen were actually stolen? How to ensure that they were legitimately released from my wallet? How to determine that I am not lying in order to cheat the system? Even if a copy of my BTC wallet is liberated without my consent, can good encryption buy me enough time to reset all my passwords and recover my dough? Which tools do we trust? Truecrypt? Gnupg? RSA (proprietary I know)?

Seems like a rehash of some points others here have more concisely stated. Am interested in your thoughtful responses.

[TheHeroMember]

Now check this out https://bitcointalk.org/index.php?topic=67137.msg783854#msg783854

[Serenata]

Nice post dacoinminster and I agree with most of your points, though I believe that there are levels of trust. All depends on the "volume". I wouldn't go to the supermarket carrying 10000 euros on me so the same goes with Bitcoin... I wouldn't use the "big" (or "savings" if you prefer) wallet to make transactions all over the internet. A hosted wallet service is quite OK as well, if you use it for "pocket money" transactions.

[TheHeroMember]

Be Careful would be the best advice instead of trust no one.

[Sovereign Investor]

People should exercise prudence and trust no one.  Both are vitally important. 

Let us also not forget what the ancients enjoined "Know thyself." 

[rizzy]

Thanks good advice