Would anyone want a wallet with geofencing?

[o_e_l_e_o]

It would be very ill-advised to prevent someone from being able to spend all of their coin that is in their wallet unless a criterion is met (being within a geofence) as they could potentially mean the end-user is unable to spend all of their coin.

Isn't that the whole point of the proposal - to stop the end user from spending all of their coin in a certain situation? It really isn't any different to any other criterion you need to be able to spend your coins. For my mobile wallet, I need my phone, it must be charged, I must have data, and I must remember my password. For my cold storage paper wallets, I cannot spend them unless I physically go to their storage location, which is not unlike a geofence. For my multi-sig cold storage, I must physically go to multiple locations.

[PrimeNumber7]

It would be very ill-advised to prevent someone from being able to spend all of their coin that is in their wallet unless a criterion is met (being within a geofence) as they could potentially mean the end-user is unable to spend all of their coin.

Isn't that the whole point of the proposal - to stop the end user from spending all of their coin in a certain situation? It really isn't any different to any other criterion you need to be able to spend your coins. For my mobile wallet, I need my phone, it must be charged, I must have data, and I must remember my password. For my cold storage paper wallets, I cannot spend them unless I physically go to their storage location, which is not unlike a geofence. For my multi-sig cold storage, I must physically go to multiple locations.

The geolocation is dependant on a third party agreeing you are in a specific location. So if for whatever reason apple (in the case of iPhones) does not agree you are in the geolocation of your home, you will be unable to access your coin. Or, an adversary could steal your phone and take it it to your front yard in order to steal all of your coin (without even having to break into your house).

There is also the risk of tricking your phone that the price of 1 bitcoin is $0.01, which would allow an unlimited amount of coin to be spent.

[o_e_l_e_o]

The geolocation is dependant on a third party agreeing you are in a specific location. So if for whatever reason apple (in the case of iPhones) does not agree you are in the geolocation of your home, you will be unable to access your coin.

Which is not unlike 2FA with Electrum wallets, or any web wallet or exchange in existence. I don't use these services and I don't want a third party to have any say whatsoever in how I spend my coins, but you can't deny that there are millions of users who do use such services. And you can always recover your wallet from your seed phrase and bypass the geolocation entirely.

Or, an adversary could steal your phone and take it it to your front yard in order to steal all of your coin (without even having to break into your house).

I had assumed the geolocation was in addition to the usual security precautions of a password/PIN, not in place of them.

There is also the risk of tricking your phone that the price of 1 bitcoin is $0.01, which would allow an unlimited amount of coin to be spent.

I don't understand where you are coming from here. Just set the geolocation to restrict to x amount of bitcoin. Or as in my proposal above, geolocate restrict a whole wallet while keeping another wallet free.

[Pmalek]

I am not against the idea, but it's not something I would use. If I have a mobile wallet with bitcoin in it, I would want to be able to spend it wherever I am. That's why it's mobile. It does make sense in certain situations, but it also prevents me from making a conscious decision to spend my coins when and where I want to.

You are in a store looking at some new sneakers and there is an announcement over the loudspeakers that happy hour is starting. All gear will be sold at a 40% discount during the next hour. The store takes bitcoin, but unfortunately your geofencing won't allow you to spend it.   

Imagine if you find yourself in a $5 wrench attach scenario and a robber is looking for anything valuable. You have no cash on you, no jewelry or a watch to give him, but you have some bitcoin. Happy that the attacker won't test the quality of the wrench against your head, you take out your phone only to remember that the geofence won't allow you to send it to him. Or you can only send a small amount that will make him furious. Very few robbers would agree to accompany you to your home where you can send the rest of the coins. 

[n0nce]

It would be very ill-advised to prevent someone from being able to spend all of their coin that is in their wallet unless a criterion is met (being within a geofence) as they could potentially mean the end-user is unable to spend all of their coin.

What about this?

Regarding something like servers breaking, phone GPS sensor malfunctioning etc., keep in mind you could always have either an emergency passphrase or directly use the seed words to restore that wallet in e.g. BlueWallet or Electrum.

Just restore from seed maybe?

[PrimeNumber7]

The geolocation is dependant on a third party agreeing you are in a specific location. So if for whatever reason apple (in the case of iPhones) does not agree you are in the geolocation of your home, you will be unable to access your coin.

Which is not unlike 2FA with Electrum wallets, or any web wallet or exchange in existence. I don't use these services and I don't want a third party to have any say whatsoever in how I spend my coins, but you can't deny that there are millions of users who do use such services. And you can always recover your wallet from your seed phrase and bypass the geolocation entirely.

Sure, there are always risks when using third-party services. The difference in my eyes is that Coinbase (for example) is in the specific business of handling coin on behalf of their customers, which includes processing crypto withdrawals. if Coinbase screws up too much, they will eventually go out of business.

Relying on geofencing on the other hand will rely on your phone's GPS. Apple is not in the business of handling their customer's coin. They are not even in the business of providing precise location data to phone owners, or even location data in general. It is also possible that your phone's location is currently wrong, and when this gets fixed by Apple, your phone will think it is not in the correct geolocation when it is in the intended correct location.

Or, an adversary could steal your phone and take it it to your front yard in order to steal all of your coin (without even having to break into your house).

I had assumed the geolocation was in addition to the usual security precautions of a password/PIN, not in place of them.

Fair enough. Although if your security model is that you need a geolocation in addition to a PIN, you are assuming a PIN is insufficient.

There is also the risk of tricking your phone that the price of 1 bitcoin is $0.01, which would allow an unlimited amount of coin to be spent.

I don't understand where you are coming from here. Just set the geolocation to restrict to x amount of bitcoin. Or as in my proposal above, geolocate restrict a whole wallet while keeping another wallet free.

For some reason I was thinking the amount allowed outside of a particular geolocation would be $50 in BTC. Fixing the amount to x amount of BTC, rather than $x worth of BTC would address this issue.

It would be very ill-advised to prevent someone from being able to spend all of their coin that is in their wallet unless a criterion is met (being within a geofence) as they could potentially mean the end-user is unable to spend all of their coin.

What about this?

Regarding something like servers breaking, phone GPS sensor malfunctioning etc., keep in mind you could always have either an emergency passphrase or directly use the seed words to restore that wallet in e.g. BlueWallet or Electrum.

Just restore from seed maybe?

Yes, that would work. Although you would need one additional backup if you were to rely on this.

I do think a LN wallet with a channel open with your home computer that automatically sends/receives a LN tx when you leave a location would be best. If you have the private key to the address where your phone's channel will end up at when the channel is closed, you can simply broadcast an old channel state if you lose your phone.

[o_e_l_e_o]

It is also possible that your phone's location is currently wrong, and when this gets fixed by Apple, your phone will think it is not in the correct geolocation when it is in the intended correct location.

Well then you could change the geofence to instead of being based on GPS it is instead within range of your home WiFi, the bluetooth on your home PC/computer/speaker/whatever, or something similar, although I concede those all still require the correct operation of a third party device.

Although if your security model is that you need a geolocation in addition to a PIN, you are assuming a PIN is insufficient.

Agreed, unless you are using the geofence to protect your coins from yourself.

I do think a LN wallet with a channel open with your home computer that automatically sends/receives a LN tx when you leave a location would be best.

But if you are going to go to all the effort of setting up a wallet on your home computer and setting up a Lightning channel and associated scripts just to send your coins to your phone when you arrive home so you can presumably then spend them online, then why would you not just spend them directly from your home computer in the first place?

I still think the best solution to all this is to simply only hold on your phone coins that you would want to spend when you are out and about anyway. If you are going to geofence off some of your coins so you can only spend them when at home, then better to just remove those coins from your phone and store them at home permanently.

[PrimeNumber7]

It is also possible that your phone's location is currently wrong, and when this gets fixed by Apple, your phone will think it is not in the correct geolocation when it is in the intended correct location.

Well then you could change the geofence to instead of being based on GPS it is instead within range of your home WiFi, the bluetooth on your home PC/computer/speaker/whatever, or something similar, although I concede those all still require the correct operation of a third party device.

Relying on WiFi or Bluetooth of your home computer would reduce the risks I described, although there is the potential any of these could be spoofed.

I would not describe relying on my WiFi as relying on a "third-party" device, as I control my wireless router, and if it stops working, I can trivially create a new WiFi network with the same name.

I do think a LN wallet with a channel open with your home computer that automatically sends/receives a LN tx when you leave a location would be best.

But if you are going to go to all the effort of setting up a wallet on your home computer and setting up a Lightning channel and associated scripts just to send your coins to your phone when you arrive home so you can presumably then spend them online, then why would you not just spend them directly from your home computer in the first place?

I still think the best solution to all this is to simply only hold on your phone coins that you would want to spend when you are out and about anyway. If you are going to geofence off some of your coins so you can only spend them when at home, then better to just remove those coins from your phone and store them at home permanently.

My setup would automate the keeping an appropriate amount of coin on your phone. Since you are interacting with a direct channel to your home computer, you would not pay any transaction fees sending coin to/from your phone. Once you have the scripts written, there would be no additional setup each time you leave your house, provided your home computer is on and online.

If you are spending coin with your phone, you are presumably planning on spending them at a physical location, and you wont necessarily know the specific amount you are going to spend, or who you are going to send the coin to.

[o_e_l_e_o]

My setup would automate the keeping an appropriate amount of coin on your phone.

It's actually a nice set up for a different consideration from geofencing/security, in that it means I don't have to manually top up my mobile wallet every time I spend from it. It would be cool to know that every time I leave my house I always have, say, 0.01 BTC on my phone. It doesn't matter if I didn't spend anything last time I was out, or I spent $10 worth, or I spent it all - when I leave my house tomorrow, I know I'll have 0.01 BTC on my phone.

The limiting factor at the moment is that not enough merchants accept Lightning, so I would find myself closing the channel frequently so I could spend coins on chain, and then having to set up a new channel every time I went home, which entirely defeats the purpose of the set up as being automated. But maybe in the future.

[PrimeNumber7]

The limiting factor at the moment is that not enough merchants accept Lightning, so I would find myself closing the channel frequently so I could spend coins on chain, and then having to set up a new channel every time I went home, which entirely defeats the purpose of the set up as being automated. But maybe in the future.

There are on-off ramps between LN <--> on-chain BTC in which you can send(receive) a LN payment to(from) the service, and the service will make an on-chain(LN network) payment on your behalf. There is generally a cost to this that exceeds on-chain TX fees (the service is aiming to make a profit). This may or may not result in a net savings over sending coin back and forth between your phone and your home computer, and absent these net savings, the cost may be sufficiently low that the value gained from only having a specific amount of coin on your phone is worth the additional cost.