Bitcoin Forum
December 10, 2016, 08:53:02 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: best ewallet  (Read 5753 times)
heavyb
Full Member
***
Offline Offline

Activity: 217



View Profile WWW
August 04, 2011, 10:54:10 PM
 #1

Now that MyBitcoin.com has  been shown to be a thief, what is the best and most trustworthy ewallet? Anyone have reviews on bit-bank.org?


thanks

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481403182
Hero Member
*
Offline Offline

Posts: 1481403182

View Profile Personal Message (Offline)

Ignore
1481403182
Reply with quote  #2

1481403182
Report to moderator
1481403182
Hero Member
*
Offline Offline

Posts: 1481403182

View Profile Personal Message (Offline)

Ignore
1481403182
Reply with quote  #2

1481403182
Report to moderator
1481403182
Hero Member
*
Offline Offline

Posts: 1481403182

View Profile Personal Message (Offline)

Ignore
1481403182
Reply with quote  #2

1481403182
Report to moderator
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
August 04, 2011, 10:57:34 PM
 #2

Can't vouch for them, but at least bit-bank charges a withdraw fee. - this is actually a good thing towards legibility, "free for all" (as mybitcoin was) is suspicious unless you believe there's such thing as a free lunch.
jackjack
Hero Member
*****
Offline Offline

Activity: 882


May Bitcoin be touched by his Noodly Appendage


View Profile
August 04, 2011, 11:11:02 PM
 #3

"free for all" (as mybitcoin was) is suspicious
Shocked

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
August 04, 2011, 11:26:03 PM
 #4

Now that MyBitcoin.com has  been shown to be a thief, what is the best and most trustworthy ewallet?

No reviews, but a list of known ewallets:
 - http://en.bitcoin.it/wiki/Category:EWallets

evoorhees
Legendary
*
Offline Offline

Activity: 994


Democracy is the original 51% attack


View Profile
August 05, 2011, 01:05:45 AM
 #5

I've had nothing but great experiences with Instawallet.org.  It's very fast and convenient, BUT you must be sure to bookmark or copy your special URL, because that is your password. I'm amazed how quickly transactions show up there after sending coins to the address.
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
August 05, 2011, 01:15:48 AM
 #6

I've had nothing but great experiences with Instawallet.org.  It's very fast and convenient, BUT you must be sure to bookmark or copy your special URL, because that is your password. I'm amazed how quickly transactions show up there after sending coins to the address.

Except their way is 100% unsafe, don't even know why in hell they use https if the request url is the password... use it for spare change, but keep in mind it's way too unsafe.
Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
August 05, 2011, 01:20:16 AM
 #7

Is there a reason not to use Tradehill for something like this?  Don't they now have fixed addresses available?  

I do not recommend putting substantial amounts of bitcoin anywhere but on your own properly secured computer.  Once you are talking about an amount of money that would really hurt you to loose, you need to think about offline only storage and multiple secured backups.  

Hint:  a Windows computer is not secure unless it is OFF.  (not just offline, I mean turned off, no power)

  


Rassah
Legendary
*
Offline Offline

Activity: 1624


Director of Bitcoin100


View Profile
August 05, 2011, 01:23:52 AM
 #8

I'd say at this point, of all the choices, your best one is probably MtGox. Not only have they been through security test hell, and came out on the other side with better security in place, but they've also shown that they, as a company, are willing to take a personal loss to make their users whole again.

Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
August 05, 2011, 01:26:43 AM
 #9

I'd say at this point, of all the choices, your best one is probably MtGox. Not only have they been through security test hell, and came out on the other side with better security in place, but they've also shown that they, as a company, are willing to take a personal loss to make their users whole again.
Agreed, add mtgox to my recommendation.  Also with both companies you can pay for two factor authentication as well. 

jackjack
Hero Member
*****
Offline Offline

Activity: 882


May Bitcoin be touched by his Noodly Appendage


View Profile
August 05, 2011, 01:27:46 AM
 #10

I'd say at this point, of all the choices, your best one is probably MtGox. Not only have they been through security test hell, and came out on the other side with better security in place, but they've also shown that they, as a company, are willing to take a personal loss to make their users whole again.
Agreed
It's even more worth it if you had the Yubikey for free

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
westkybitcoins
Legendary
*
Offline Offline

Activity: 980

Firstbits: Compromised. Thanks, Android!


View Profile
August 05, 2011, 03:27:03 AM
 #11

I use Instawallet. Jav hasn't run off with my money, and I haven't been hacked. I trust it with A FEW bitcoins.

(I also like the way the site operates, including the fact that there's no password to slow you down. Yeah, it may be less safe, but since you shouldn't be trusting an online site with the bulk of your bitcoins anyway, it doesn't impact my risk assessment much.)

Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
...
...
In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber
...
...
ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)
...
...
The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
mrb
Legendary
*
Offline Offline

Activity: 1120


View Profile WWW
August 05, 2011, 04:40:36 AM
 #12

Except their way is 100% unsafe, don't even know why in hell they use https if the request url is the password...

If the InstaWallet page contains no link to / does not redirect to third party sites, then the URL is safe and cannot leak via a Referer header. HTTPS is a perfectly fine solution in this case.
See https://www.owasp.org/index.php/OWASP_Application_Security_FAQ#What_is_all_this_about_.22referrer_logs.22.2C_and_sensitive_URLs.3F
Binford 6100
Hero Member
*****
Offline Offline

Activity: 504


PGP OTC WOT: EB7FCE3D


View Profile
August 05, 2011, 06:47:05 AM
 #13

why do you have such a resistance against having an older pc at home, accessible through a logmein (works from a browser)  to have a bitcoin client running at a desktop you fully control?

as it is at home, you can make weekly backups to usb stick, you can spend coins any time as it is always up to date with the blockchain, your wallet is yous (you control the keys and can spend what's yours)

it comes at the cost of an older pc and electricity. if it's an old notebook, the power consumption is like 60 watt and if you only run the OS + bitcoin + keep it behind a firewall at home it could be pretty much safe.

not recommending any web wallet, i've been using mybitcoin myself but majority of my coins were at home (split offline usb wallet and a similar notebook + logmein.com web accessible "web" wallet)

You can't build a reputation on what you are going to do.
markm
Legendary
*
Offline Offline

Activity: 1792



View Profile WWW
August 05, 2011, 07:56:46 AM
 #14

Apparently there are people who do not want their home accessible from the net / do not want at-home to actually be really on the net, for whatever reasons, it doesn't matter what their reasons are, they are their reasons.

Thus we basically have to be able to provide a way they can store data on third party servers and we should do it without those third parties being trustable. It is mind-boggling how many employees of how many huge corporations seemingly do not succumb to amazing amounts of temptation but relying upon an apparent rarity of villains is pretty much just a variety of "security by obscurity" thus should probably be avoided.

So we need something where the user's own hand-held device (or possibly their actual hand itself by some kind of clever counting on their fingers if they cannot rely upon some kind of glorified pocket-calculator to do it) can sign things in a way the third parties cannot fake or duplicate or counterfeit etc.

The wallet should therefore probably be thought of as totally separate from the "keyring" of "private keys". It should present to the user a transaction ready to be signed but be totally unable to sign it itself in lieu of the user or as an agent of the user. It can hold the transaction records maybe if privacy of those is not a concern. The actual coins reside on many many computers all over the world, the p2p network, so all the user (and NOT some other user such as a "wallet provider") should need is one or more private keys, or a way of re-creating (from mnemonics or algorithmically) a sufficient collection of private keys to sign transactions proposed by the "online wallet".

We shouldn't even call it a wallet, that leads to bad thinking. We should think of it as a transaction ledger and/or transaction processing tool. The blockchain is the real wallet, as in, the container in which the actual money resides. The thing the user uses should be keyring, and maybe the "online wallet" service could be regarded as at least partly a "public-key ring".

Open transactions could so nearly do this if only it used the math it claims it should be using instead of some apparently kiddie mockup version or "insufficient for real use" version of the math it claims it should be using. Darn, so close...

-MarkM-


Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
Binford 6100
Hero Member
*****
Offline Offline

Activity: 504


PGP OTC WOT: EB7FCE3D


View Profile
August 05, 2011, 10:09:45 AM
 #15

@markm as long as the enduser does not have a copy of his/hers keyring (private keys), s/he is not in control of the bitcoins.

no matter how you want to prevent the wallet operator from signing for you any outgoing transactions, as long as the ewallet operator has the only copy of the keys, you're vulnerable to the loss of such wallet.

just for the record, obvious note:
wallet is just a collection of private keys + addresses derived from those keys + data on available balances
to reconstruct a wallet and spend available bitcoins only the keys are needed.

that's why imo those keys should be kept privately (at own hardware and offline for bigger amounts)
if i cant' have my keys at home, how to proceed?

You can't build a reputation on what you are going to do.
markm
Legendary
*
Offline Offline

Activity: 1792



View Profile WWW
August 05, 2011, 10:46:55 AM
 #16

Carry a private-key keyring.

I think the term wallet is becoming misleading, because the wallet.dat file does not actually contain any coins. To do it's job it needs to contain your public keys so it can 24/7 monotor your balance so as to send you any email alerts you might want based on transactions or balance, and so as you limit how long you need wait for it to re-balance in the event it somehow got out of touch with the live blockchain, and so it can show correctly all your transactions and balances with a minimum of delay when you un-minimise it / choose to view it.

If it loses its live connection it starts to get out of date, and build up a larger and larger backlog of how long it will take it to catch up.

But, at least if it is not on hardware you control and secure yourself, it should not have your private keys. Those should be on a private keyring that you and and it does not have and never gets.

Conceivably you might give it a private key occassionally, for it to expend and destroy, but to minimise the number of private keys you need to lug around or remember how to generate or carry a generation/memory tool for, it might be better that it never sees your private keys, instead it hands to you any transactions that need to be signed with a private key and you sign them, by counting on your fingers or rubbing your asic coder/decoder ring or whatever. So all it seems is that you validly signed, not they key you used to sign.

Maybe check-book (not cheque-book) might maybe work, in the sense of a book-keeping record in which you record transactions so as to "balance the check-book". Ultimately what you balance it against is the block-chain, which is partly a kind of p2p "distributed wallet", or a huge "communal wallet" in which every "locks" their own coins so that other users of that vast distributed wallet cannot spend each other's coins without somehow getting hold of a key from someone else's private-key keyring.

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
Binford 6100
Hero Member
*****
Offline Offline

Activity: 504


PGP OTC WOT: EB7FCE3D


View Profile
August 05, 2011, 11:51:29 AM
 #17

Carry a private-key keyring.

I think the term wallet is becoming misleading, because the wallet.dat file does not actually contain any coins.

yes, coins 'live' in the blockchain. but we got used to wallet referring to the collection of keys/addresses/balance_info. the private keys that can sign transactions are the real issue. getting back to the proposal of carrying the keyring with the 'bitcoin holder' we somehow deviate from the current design of an ewallet, requiring only a password and username, doing the rest of the work for user.

a webservice monitoring incomming transactions for a given set of addresses is not an ewallet imo. it's a step in good direction, keeping keys separated from the service operator, it would enable reporting on current available balance and it would prevent the service operator from unauthorized spending and no damage would be done, if the service disappears.

I have, however, no idea how the average non-tech user could carry a keyring around yet alone upload a specific key to sign a spending / sending transaction. it would be safe at the cost of the user who to manage keys by himself (mainly maintaining a key/address pool & backup activities). to avoind the extra work on user side is probably why people choose ewallets in the first place.

You can't build a reputation on what you are going to do.
markm
Legendary
*
Offline Offline

Activity: 1792



View Profile WWW
August 05, 2011, 12:32:26 PM
 #18

I have, however, no idea how the average non-tech user could carry a keyring around yet alone upload a specific key to sign a spending / sending transaction. it would be safe at the cost of the user who to manage keys by himself (mainly maintaining a key/address pool & backup activities). to avoind the extra work on user side is probably why people choose ewallets in the first place.

That merely means you are not currently the entrepeneur or developer currently most likely to bring a killer solution to market.

It might well be technologically feasible to construct a nice big gaudy pair of rings which "mate" with each other so that they act like one of those password dongles MtGox is issuing on the one hand and one's own private personal thing-that-the-password-activates on the other.

You could maybe even use them as wedding rings, so only when you and your spouse are togther and plug your rings into each other will the combination work as a voice-recogniser that parses your voice commands - or, okay, maybe initially your morse code commands or your personal private code you make up commands, or becomes able to read the bar-codes on your cufflinks and shirtbuttons, or whatever, so as to sign a transaction proposed to you for signing by the blockchain-and-transaction-services provider.

In principle it is not particularly complicated unless the user wants to make it complicated.

You could have resin or silicone or whatever personal to you refillable/rewritable cents, dimes, quarters, you could have your own personal paper money in your physical wallet you rub your ring over, you could even have a crucifix you have to say a certain private prayer to, whatever. That can get very personal. You could have entire lego sets that kids can use to build family money-machines that can charge any brick or construct of bricks with any amount up to the family balance.

You could even have a laptop or somesuch - a portable device, miniaturised to whatever extent you personally feel the expense of such miniaturisation justifies, that runs your own personal Open Transactions server.

Probably best would be to do ergonomics studies, finding out specific handwaves or finger-motions or verbal or nonverbal utterances or manipulations of fetishes such as pieces of paper or disks of metal, various people think they would like to use to convey to sensors of some kind how much if anything to pay to who or what.

Some people might not worry about lead pipe attacks some might not worry about wireless digital intrusion attacks some might not care much what happens to the trivial amounts of funds they actually move about with during a single daytrip. So solutions will have to vary according to the user's perceptions and preferences.

-MarkM-

(The best solution might simply be to create so much affluence, for all, that no-one will care about a few grand here and there being purloined by kids or the street-performers known as pickpockets who enliven some interesting tourist spots and so on, figuring hey, its purpose is to maximise the forward creature-days of healthy life for all living things on spaceship earth...)

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
heavyb
Full Member
***
Offline Offline

Activity: 217



View Profile WWW
August 05, 2011, 02:19:51 PM
 #19

I had been using mybitcoin, but luckily had nothing in there when this recent wipe out went. I downloaded the client and send .01 btc to my client on my home computer yesterday, and it still has not arrived. Does trade hill use dwolla?

Thanks for all the input!

bitcon
Legendary
*
Offline Offline

Activity: 1050


www.bit-exo.com


View Profile WWW
August 05, 2011, 02:44:37 PM
 #20

funny how after all the hacking and jacking, people are still eager to put their wallets out there into cyberspace.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!