Scam/Loss Prevention

[bg002h]

What can we, all of us, do to help bring better security practices to the ever increasing pool of Bitcoin users?

Should we start with a thread (has one been started elsewhere?) on personal security practices? That's a huge topic. If we get a lot of good material organized on a thread, perhaps we could make a publication ready PDF?

Like I'm sure most of you, I feel deeply hurt by the fall of Gox (but no, I wasn't actively trading with them and I sure as heck wasn't storing any coins on an exchange). I don't think our community can take too many more deep blows like this...we are losing too many good people.

At the risk of personal humiliation, I'm linking to a (sophomoric) document I am working on with at least one other member of the education committee of the Bitcoin Foundation. It's here: https://bitcoinfoundation.org/forum/index.php?/topic/784-bitcoin-storage-understanding-trust-relationships/

The document is just a draft and shouldn't be taken as gospel. In fact, it needs much improvement! And there is so so much more to personal security practices than the handout above.

What major categories/concepts could we organize personal security practices around?

[1715333546]

1715333546

[1715333546]

1715333546

[bg002h]

Suggestions from the thread (scraped periodically from below)

Great ideas:
Grifferz: have wallets push security tips to users.
LRCGroup: dispel "it will be there tomorrow myth" fight "comfort factor"

Other ideas:
Franky1: bitcoins dont scam people, people do
LRCGroup: contact for fool proof scenarios.
Destroy Bitcoin (face palm)
Establish Bitcoin as reserve currency

[augustocroppo]

When a system is corrupted from top to bottom, the only thing it can be done to improve security is to replace the whole system.

[bg002h]

When a system is corrupted from top to bottom, the only thing it can be done to improve security is to replace the whole system.

Hi all. I would prefer useful contributions only to this thread. I'll leave this here as an example of a truly useless contribution though. If you don't want to help people not get ripped off, please kindly step aside without posting.

[tvbcof]

If you put a three year old on a motorcycle, you cannot blame him for crashing the thing.  Bitcoin is a powerful instrument and relatively few people have the right combination of skills to use it appropriately.  Even in the skewed sample of early adopters.  Argue this point if you must, but you (OP) started this thread which is pretty powerful evidence that I am right.

The solution is actually quite simple and solves a bunch of problems in one fell swoop:

Use Bitcoin as a reserve currency and build customized solutions to meet the needs of target classes on top of it.  This solves:

  - The looming scaling issues (since a low TPS rate will be sufficient.)

  - The theft and fraud issues (since it will be being used primarily be people who know what they are doing on a day-in-day-out basis where Joe Sixpack may still use it irregularly and carefully for cold storage as needed.)

  - The mining reward issues (since those who are using it will be fine paying large transaction fees.)

  - The decentralization issues (since a running a full node remains within the grasp of the enthusiast.)

  - The usability issues (since there would be an explosion of development built on top of Bitcoin at the second tier.)

  - The 'taint' issue (since TigerDirect et-all won't be accepting it and thus forced by govt mandate to honor a tainting authorities output.)

  - The difficulty maintaining progress on further extensions on a live system (since power users really don't need a lot of bullshit bells and whistles to use Bitcoin effectively.)

[bg002h]

If you put a three year old on a motorcycle, you cannot blame him for crashing the thing.  Bitcoin is a powerful instrument and relatively few people have the right combination of skills to use it appropriately.  Even in the skewed sample of early adopters.  Argue this point if you must, but you (OP) started this thread which is pretty powerful evidence that I am right.

The solution is actually quite simple and solves a bunch of problems in one fell swoop:

Use Bitcoin as a reserve currency and build customized solutions to meet the needs of target classes on top of it.  This solves:

  - The looming scaling issues (since a low TPS rate will be sufficient.)

  - The theft and fraud issues (since it will be being used primarily be people who know what they are doing on a day-in-day-out basis where Joe Sixpack may still use it irregularly and carefully for cold storage as needed.)

  - The mining reward issues (since those who are using it will be fine paying large transaction fees.)

  - The decentralization issues (since a running a full node remains within the grasp of the enthusiast.)

  - The usability issues (since there would be an explosion of development built on top of Bitcoin at the second tier.)

  - The 'taint' issue (since TigerDirect et-all won't be accepting it and thus forced by govt mandate to honor a tainting authorities output.)

  - The difficulty maintaining progress on further extensions on a live system (since power users really don't need a lot of bullshit bells and whistles to use Bitcoin effectively.)

I quite agree -- the three year old on a motorcycle analogy is perfect. I've also heard the idea that Bitcoin is stuck in "Linux gear" and can't move forward on the usability front (I don't buy that but I see the point).

The idea of Bitcoin as a reserve digital currency is "nice" but I just don't see how it could happen. My vague notion of what the value of an "intrinsically worthless" token on a payment processing network should be involves concepts of how big the user base is, how much economic activity takes place on the network, # of tokens, etc. While there is more to a payment processing network than transaction per second, it's hard for me to see Bitcoin as a network transferring much value with very few tps (like currently).

I'd love to see Bitcoin be in the position of not having to do much but still somehow have tremendous value. While I don't see all the pieces to that puzzle, the easy money notion seems to violate my poorly developed sense of how money and society interact.

Also, I think the social benefits of having bitcoin be used by the masses for purchases large and small is far greater than having it as a reserve currency.

That said, reserve currency status, being rarely used and used only by institutions when needed, would definitely decrease scam and theft

[DannyHamilton]

A new software, a new administration and a new user base is necessary to provide a reasonable safe utilization of this board.

Who said anything about safe utilization of this board?  I thought we were talking about safe utilization of the bitcoin cryptocurrency.

I don't think that replacing the administration of this board is going to have any effect on the safety of the bitcoin currency.

[franky1]

I'd love to see Bitcoin be in the position of not having to do much but still somehow have tremendous value. While I don't see all the pieces to that puzzle, the easy money notion seems to violate my poorly developed sense of how money and society interact.

bitcoin (the protocol) doesnt do much, which is perfect. the problem is not bitcoin (the protocol) the problem is the user interaction.

with FIAT parents spend years to teach their kids how to treat money, giving them a small pocket money amount to play with each week and try to teach them how to look after it and how to spend it.

in those years kids have been taught that money is safest wen deposited in third parties (banks) and they earn more by leaving it there.

bitcoin is the opposite
with bitcoin just having funds sitting on an exchange and not touching it (trading/spending) is the worse thing. we need to teach people to do their quick trades and then take their control of their value back from 3rd parties ASAP.

other human lessons need to be learnt. such as peer to peer trading. (due dilgence) if you dont know enough about the other peer to know how to walk up to them and slap them with a wet fish if they wrong you. dont deal with them

then along side this we need to ensure that our individual privacy and control is not taken away from us, but to ensure that businesses and services that seek to profit from our funds do so correctly, honestly and honourably. which means 3rd party services need regulation.

regulation:
if dealing with fiat then AML/KYC regulations. if just a crypto service then signing a contract that binds them to certain ethics needs to be drawn up and used in a court if breached. no 3rd party should hide behind who-is guards, if they want our business they have to be transparent and divulge their real life info that can be used in a court.

for instance.
if MTGOX formed a contract that no more then 10k BTC was in a hotwallet. 750k would not have gone missing by a presumed hacker, only 10k.
if MTGOX formed a contract that 2 factor authentication and database encryption and other stuff were present. then trying to blame a hacker  for his greed would come to light even faster.

moving the liability away from myths (lies about hackers and protocol bugs) and put it truly and absolutely all on the third party. then they would atleast make a better attempt to run a better service.
summary
bitcoins dont scam people, people do

[LRCGROUP]

The problem with this technology is the so called "Comfort Factor".  Everyone wants to have a system that is user friendly and very easy to use.  
Consider what this technology is based off of, the very basic construct of a public key (your address) and a private key.

Knowing these two points, you would have to come to a conclusion that the most important factor in all of this is the private key.  If you have created your private key on a hot machine, your setting yourself up to fail and it is your own "Comfort Factor" that is the downfall.  

If you want to get the message out, the message should be loud and clear.  Do not ever create a private key on a machine that has ever or is connected to the internet.  I could take it one step further, you should never create a private key on a machine that has been on the internet or connected to the internet and also has USB activated.  If you do a little research you will see the dangers behind active USB ports.  There is a frequency hole!!  

Your currency will always be safe on the Blockchain if you and only you are proactive with your private key and create this key in a fashion where no other person in the technology field has a chance to achieve access to this key through your network.

Anytime you create an online wallet and make a key, it is like going outside and placing money on the street and putting a rock on top of it and thinking "Tomorrow it will be there".  Wallets on cell phones with private key entry, I can only shake my head even thinking about it.  

Take your money serious and stop thinking "Comfort Factor".  The security in this technology field is not easy and will never be easy.  

If you would like some more insight on how you can be proactive, I am more than happy to share some fool proof scenarios that will ensure your investment will stay safe.

[ReCat]

I don't think it matters how many people we lose to scam/loss. The more people we lose, the more we are getting cleansed of idiots trying to manage bitcoins.

[grifferz]

Information about how to use bitcoin securely is already out there and very easy to find.

I am not convinced that making one more web page that says the same things that everyone has been trotting out for years is going to result in greed-blinded newbies (and some oldies; seems like potential profit is a hell of a drug) reading it.

I would find it more plausible if wallet developers could get together to agree on the text of a single small popup window that gives some simple golden rules for secure bitcoin use, and have that pop up every time the app is opened unless a checkbox is unticked.

People don't search for stuff. They don't read this forum. I think in their face in the client is the only way to get the message across.