[COLDKEY] Project status on the 25th Augu 2022 -- revving up after the crisis 🚀

[n0nce]

Do we make a group decision on how makers/creators should proceed with keys?
 Can we?

Unfortunately, I don't think there is a technical way to make such a product secure, without taking away its main feature (being pre-funded and spendable by anyone who owns it).
Even non-funded collectibles have the same issue that the private key is known to the creator.

I believe the only way to increase security / reduce required trust would be if there was a 'ceremony' (similar to zcash) where the keys are generated, embedded into the physical object and destroyed, right there on the spot.
If this was not live, but only e.g. through a video call, then they would also need to be posted to the post office in that same uninterrupted call, to prevent the designer to swap them out.

Now, another thing comes to mind: if creators of such products aren't very security-conscious and / or technical, there is the risk of them not following security best practices. Such as creating those keys on a hot Windows machine. While it is obvious that it wasn't the case here, it is possible for coin creators to be infected with malware and for someone else to steal collectors' coins years later.

[minerjones]

Do we make a group decision on how makers/creators should proceed with keys?
 Can we?

Unfortunately, I don't think there is a technical way to make such a product secure, without taking away its main feature (being pre-funded and spendable by anyone who owns it).
Even non-funded collectibles have the same issue that the private key is known to the creator.

I believe the only way to increase security / reduce required trust would be if there was a 'ceremony' (similar to zcash) where the keys are generated, embedded into the physical object and destroyed, right there on the spot.
If this was not live, but only e.g. through a video call, then they would also need to be posted to the post office in that same uninterrupted call, to prevent the designer to swap them out.

Now, another thing comes to mind: if creators of such products aren't very security-conscious and / or technical, there is the risk of them not following security best practices. Such as creating those keys on a hot Windows machine. While it is obvious that it wasn't the case here, it is possible for coin creators to be infected with malware and for someone else to steal collectors' coins years later.

.....Is to generate your own keys

Stop trusting other people's keys.... no matter how "securely" they were generated

NOT YOUR KEYS, NOT YOUR COINS

"then they would also need to be posted to the post office"........  why would you mail private keys? this seems a bit insane..... 

[n0nce]

I believe the only way to increase security / reduce required trust would be if there was a 'ceremony' (similar to zcash) where the keys are generated, embedded into the physical object and destroyed, right there on the spot.

.....Is to generate your own keys

Stop trusting other people's keys.... no matter how "securely" they were generated

NOT YOUR KEYS, NOT YOUR COINS

"then they would also need to be posted to the post office"........  why would you mail private keys? this seems a bit insane..... 

Because people like collectibles.
Never said 'absolute' security buy just some ways to reduce trust. It is not eliminated.
You even bolded that phrase.

[WhyFhy]

I believe the only way to increase security / reduce required trust would be if there was a 'ceremony' (similar to zcash) where the keys are generated, embedded into the physical object and destroyed, right there on the spot.

.....Is to generate your own keys

Stop trusting other people's keys.... no matter how "securely" they were generated

NOT YOUR KEYS, NOT YOUR COINS

"then they would also need to be posted to the post office"........  why would you mail private keys? this seems a bit insane.....  

Because people like collectibles.
Never said 'absolute' security buy just some ways to reduce trust. It is not eliminated.
You even bolded that phrase.

This is the in-your-face solution. When I posted this the topic died.
It's not about "My" service it's about the process.
There's no exploiting this.
Anything outside of this is just prolonging the inevitable.
Here's how it works to the uninitiated.

https://github.com/JeanLucPons/VanitySearch#generate-a-vanity-address-for-a-third-party-using-split-key

creator could have all data provided by the customer. pubkey

creator then generates wallet, now they have wallet address and the half the 1/2 privkey under holo.

but that one key half that the client keeps is your chain of logistics. A COA if you will.

If you want to auth, you have to destroy it the coin's holo.  

There would be no point in keeping a key as it would be a stalemate like multi-sig escrow situations.

The "paper" key half and the intact coin with the wallet visible and the other half the key under the holo from OEM.

The only way bad acting can occur is if OEM/issuer got coin in hands again with a COA original purchaser issued and resold it.

(They have seen the "COA" now and have the other half of the key or possibility of having them stashed away)

Then an intercept scenario could occur so a situation such as this should just be treated as a zero day of the right off the rip,

 just like it should be now and isnt. So with that being said, this creates a new layer of security at least from OEM issuer fraud in bulk scenarios.


This isn't a new or foreign concept at all, it's called the "Idea Attribution Effect" or "Sender-Receiver Effect".

40mm x 3mm 30g Bitcoin Coin (loadable and customizable coin)
Truth is @Willi9974 is the only one that's done anything like it.

 When I saw Willi doing this, I immediately reached out to him to offer our services as we were already doing them since 2019.

With this process a maker could compromise 1 coin at a time, not the entire batch. this would be a rare situation as well.

[n0nce]

This is the in-your-face solution. When I posted this the topic died.
It's not about "My" service it's about the process.
There's no exploiting this.
Anything outside of this is just prolonging the inevitable.
Here's how it works to the uninitiated.

https://github.com/JeanLucPons/VanitySearch#generate-a-vanity-address-for-a-third-party-using-split-key

There's one big problem with this. It destroys its collectible value. You can't trade split-key collectibles, because the 'original buyer' will be able to collude with the designer to scam a future buyer. Or am I missing something?

[bestcoin_59]

Also, please remember that if you subscribed for CK History from the CK website at the very beginning, credit cards were the only payment method. I think CC numbers were stored in Yogg server's due to recurring payments. That being said, it is likely that CC from most customers have expired since.

That apart, just curious, did the forum members cards really existed? I ordered two of them (among other things like CK Q2 2021) and never got them, nor did i receive CK Q2

[MoparMiningLLC]

Also, please remember that if you subscribed for CK History from the CK website at the very beginning, credit cards were the only payment method. I think CC numbers were stored in Yogg server's due to recurring payments. That being said, it is likely that CC from most customers have expired since.

That apart, just curious, did the forum members cards really existed? I ordered two of them (among other things like CK Q2 2021) and never got them, nor did i receive CK Q2

I had 22 of them on order - was told in October that they were ready to ship - never received.

[TopTort777]

Do I get it right, the coldkey I've got from [FREE RAFFLE - 5 Lots] ColdKey Buyer Funded Cards🎄🔑💳🎅 FREESHIPPING WORLDWIDE isnt safe to use, and I'd better keep it just as a plastic card (that I would use to open notebooks lol)?

[WhyFhy]

This is the in-your-face solution. When I posted this the topic died.
It's not about "My" service it's about the process.
There's no exploiting this.
Anything outside of this is just prolonging the inevitable.
Here's how it works to the uninitiated.

https://github.com/JeanLucPons/VanitySearch#generate-a-vanity-address-for-a-third-party-using-split-key

There's one big problem with this. It destroys its collectible value. You can't trade split-key collectibles, because the 'original buyer' will be able to collude with the designer to scam a future buyer. Or am I missing something?

Right now designers are sweeping entire series,
people can go for the same level of trust they have now, but with one coin at a time, if the designers honest we have nothing to worry about.

the other partial priv can go on a buyer made certificate , everyone can see it. the only one that could merge it is the creator if they kept the other partial.
but like i said everyone already uses this good faith system in letting the designer keep all the keys (hoping they nuked/airgapped ect)
at least this way it reduces breach percentage from current standing. (%100) breach possibility down to a % / MINT returned to designer odds.  so this way if they made lets say 100 coins and they ended up with 5 back in hand there's only a 5% breach possibility. 0% if they truthfully got rid of original keys.
right now everyone's banking on a pretty big 100% possibility blindly

[owlcatz]

Do I get it right, the coldkey I've got from [FREE RAFFLE - 5 Lots] ColdKey Buyer Funded Cards🎄🔑💳🎅 FREESHIPPING WORLDWIDE isnt safe to use, and I'd better keep it just as a plastic card (that I would use to open notebooks lol)?

It's a buyer-funded collectible.... Do people actually load those? I never do. But yeah, I wouldn't load it just in case. Those were created a while back before he went scam so likely 65% safe IMO, but still, don't fund buyer-funder stuff unless you use your own keys ...

Anyhow, it was a free raffle before the scam blew everything up, sorry! We all lost serious funds in premium values, so don't feel too bent over it..  

[TopTort777]

Do I get it right, the coldkey I've got from [FREE RAFFLE - 5 Lots] ColdKey Buyer Funded Cards🎄🔑💳🎅 FREESHIPPING WORLDWIDE isnt safe to use, and I'd better keep it just as a plastic card (that I would use to open notebooks lol)?

It's a buyer-funded collectible.... Do people actually load those? I never do. But yeah, I wouldn't load it just in case. Those were created a while back before he went scam so likely 65% safe IMO, but still, don't fund buyer-funder stuff unless you use your own keys ...

Anyhow, it was a free raffle before the scam blew everything up, sorry! We all lost serious funds in premium values, so don't feel too bent over it..  

I am asking because I wanted to keep this card as a memory, as a collection, or have an idea to load this card and give it to someone as a present. I thought it might be cool and original present. But now, just imagine how embarrassing I would look if give it as a present, and someone take funds from there 

[cygan]

✂
I am asking because I wanted to keep this card as a memory, as a collection, or have an idea to load this card and give it to someone as a present. I thought it might be cool and original present. But now, just imagine how embarrassing I would look if give it as a present, and someone take funds from there 

as a collector's piece and as a 'dark' memory in the crypto collector's history i would definitely keep this one
as a loaded/funded gift i would not consider this product anymore ... there will soon be other cards for these occasions

[krogothmanhattan]

  Everytime I see this title now I think it should be called

     [SCAMKEY] Project status on the 25th Augu 2022 -- revving up for the SCAM   

[TheBeardedBaby]

Do you guys think yogg will get away with it?
People have met him in person, they know his name etc. ...

[WhyFhy]

Do you guys think yogg will get away with it?
People have met him in person, they know his name etc. ...

This is a good question.

[owlcatz]

Do you guys think yogg will get away with it?
People have met him in person, they know his name etc. ...

This is a good question.

There's already a thread in investigations on this.

[JayJuanGee]

Do you guys think yogg will get away with it?
People have met him in person, they know his name etc. ...

This is a good question.

There's already a thread in investigations on this.

Link or it didn't happen.

[seek3r]

There's already a thread in investigations on this.

Link or it didn't happen.

You can find that thread right here: Lawsuit against yogg (patrick)

Do you guys think yogg will get away with it?
People have met him in person, they know his name etc. ...

No I dont think so. He just pissed off too many people who know too much about him for that. (including me).