People are still using web wallets really? Did we not learn from instawallet, inputs.io, and blockchain.info. I see a couple problems with this one. How are they generating the 3 keys? If it isn't client side, it isn't safe. If they are holding on to the 3 keys even indirectly they are not safe. It isn't open source, so there is no way to verify or run this services on my own. Also all web wallets will be consider not safe until they implement trezor support.
So again don't use web wallets none of them are safe unless you are using a trezor or hardware option to sign the transaction.
The blanket answer of "all web wallets are unsafe" is too black-and-white. And it's just not true that the only safe way to secure bitcoin is with a Trezor. (I love the Trezor, by the way, and look forward to getting mine).
But BitGo isn't really a web wallet anyway. Sure you access it from the web, but it requires 3 independent devices to transact. So unlike a client-side wallet, where compromising a single machine will steal your bitcoin, BitGo requires 3 machines get hacked before your funds can be taken. If you consider that 30% of home computers are infected already (source:
http://www.infoworld.com/t/cyber-crime/malware-infects-30-percent-of-computers-in-us-199598), this is a pretty important point. As bitcoin grows, the incentive to steal bitcoin keys grows. Anyone relying on a single system to host the keys to their bitcoin will be vulnerable, and common users aren't security experts enough to keep away the malware.
So to answer your questions, BitGo strongly believes we should never hold the keys to your account. We're a backup, and a cosigner, but we never see enough keys to transact. BitGo today allows you to create one in your browser, import one (public key only) from a 3rd source of your choosing (offline, your existing wallet, etc), and one is created on the BitGo service. If you use this option, you've used 3 independent sources for key generation which means that your wallet starts out in great shape. To transact on it with BitGo, you'll need to provide one key, and BitGo provides the second key. On top of that we use 2FA to your phone to protect against any keylogger type attacks. This bitcoin address creation process is hard to do - its a lot of work, and we're still working on making it simpler - but we will stick to our security principles that we should never hold your keys. So there are options for small bitcoin accounts to create two keys in your browser and send one to paper backup. This is a tradeoff the user can make.
There is another great advantage to the 2-of-3 system which a single key system can't do. The server can audit who is requesting a transaction by looking at IP addresses, access patterns, enforcing velocity limits, notifying stakeholders of the pending transaction, etc. All of these features are made possible by being a "web wallet" with a server assisting. Single key systems simply can't do this.
Regarding open source - you can find some of our source code out here:
https://github.com/BitGo. The client software is already open source by its very nature - it runs 100% in your browser.
Anyway, I am not stating that BitGo is perfect by any means, so I hope it doesn't sound that way. With security, you just constantly need to 'raise the bar', and I hope that this solution materially raises it.
If you do see any specific flaws or want to audit our code, I welcome that very much!
Best,
Mike
