Blockchain.info/wallet is the BEST Bitcoin client as-of-date.

[Jon]

https://blockchain.info/wallet

It's the easiest and safest client to use. You load the webpage, enter your credentials and you have access to your funds. Your coins are not stored anywhere but your head through your password and possibly your email account, if you so choose. You only need to trust your memory and your email account, nothing more.

You don't need an over-engineered feature such as multi-signature transactions. You don't need to keep a Bitcoin private key on your phone, on your computer and with a third-party. You only need yourself. This is sensible design at its finest.

While the interface is far from intuitive and accessible to everyone (especially to newer users), it meets all the functionality that a Bitcoin user needs.

I think Blockchain.info should serve as THE example of what all Bitcoin client developers should strive for in features and functionality. Though, again, the interface needs a lot of work. However, the fact that it works solely in the browser and works on every internet-connected device with no need for any installation is the step forward that everybody needs to take. Blockchain.info has taken the greatest leap forward by using only the browser.

I suggest everybody else do the same. Desktop-based clients are a dead-end path. The browser is the inevitable future.

What are the community's thoughts?

[1713911844]

1713911844

[1713911844]

1713911844

[pirateat40]

Agreed

[Stephen Gornick]

Using a nickname during sign-up (or adding it later) is useful then so you don't need to know the exact URL or wallet identifier to access from another computer.

e..g. if your nickname to the account is "satoshi" you would access your wallet at
  https://blockchain.info/wallet/satoshi

Don't forget though -- blockchain.info doesn't store the password so there is no password recovery.

As is stated on the site: 'To avoid any possible monetary loss due to a forgotten password it is recommended you make a paper backup of your wallet's private keys."

[MORA]

+1

Very handy to be able to choose sender and change address.
A few interface kinks here and there, but the client for windows isnt perfect in that aspect either.
Also gets around the "First relayed by" sniffer, so its possible to use bitcoin without having to proxy the client.

The fee is abit steeper than the standard client, fixed at 0.01 even for TX that would be ok without any fee at all (goes to blockchain.info if none is needed for the network afaik).

[Jon]

The fee is abit steeper than the standard client, fixed at 0.01 even for TX that would be ok without any fee at all (goes to blockchain.info if none is needed for the network afaik).

It may encourage competition which is always a good thing if .01 ever becomes significant enough.

[fornit]

I suggest everybody else do the same. Desktop-based clients are a dead-end path. The browser is the inevitable future.

good idea. except that the bitcoin network is gone then. very sad. but we still have our cool browsers to look at meaningless numbers...

[Jon]

I suggest everybody else do the same. Desktop-based clients are a dead-end path. The browser is the inevitable future.

good idea. except that the bitcoin network is gone then. very sad. but we still have our cool browsers to look at meaningless numbers...

No, miners will still charge fees and have incentive to maintain the network through servers. It shouldn't be up to the user to waste their computing power on the network to manage and view their funds. The cost is better burdened upon those managing transactions and mining the currency. It's simply more efficient that way and people can use Bitcoin from any device.

[piuk]

Thank You for the good feedback. I still have big plans for it, wait until Split key is done then it will be easy to use and zero-trust.

I suggest everybody else do the same. Desktop-based clients are a dead-end path. The browser is the inevitable future.

I think Desktop clients will still have their place. But the blockchain is reaching a size now where merkel tree pruning or an unspent ledger needs to be implemented ASAP.

[niko]

This looks great. I'm not an expert, and would like the community to comment on the security of browser-side encryption (I guess this is Javascript based...?)

[joulesbeef]

considering it is up and down today... at least from my location... I'm not so sure an online wallet is the best. But of course there is plenty of room to debate that issue

[Portnoy]

And a one button click to do a dropbox backup... seems to be working today. 

I point new users, who I tell about bitcoin, to here and StrongCoin as good options to keep any bitcoins they get, if they are uncomfortable with installing a client on their own computer. 

[Wintermute]

I remember something about a 1% fee for their service, but could not find anything on their webpage. Is there a fee?

[gnar1ta$]

I remember something about a 1% fee for their service, but could not find anything on their webpage. Is there a fee?

Yes. Currently .01 BTC. http://blockchain.info/wallet/faq Great price for all the features available.

[memvola]

You load the webpage, enter your credentials and you have access to your funds. Your coins are not stored anywhere but your head through your password and possibly your email account, if you so choose. You only need to trust your memory and your email account, nothing more.

You don't need an over-engineered feature such as multi-signature transactions. You don't need to keep a Bitcoin private key on your phone, on your computer and with a third-party. You only need yourself. This is sensible design at its finest.

I really don't get what you mean by this. You enter what's on what's on your memory, it's intercepted, your funds are gone. It's not only your memory that you need to trust, but also, for instance, the device you are entering those "credentials".

I like blockchain.info's wallet, but these are two unrelated concepts. Multi-signature transactions allow you to utilize the network's power to protect yourself from those attacks. I can't think of any other way to create a fool-proof measure against compromised devices, can you?

[Jon]

You load the webpage, enter your credentials and you have access to your funds. Your coins are not stored anywhere but your head through your password and possibly your email account, if you so choose. You only need to trust your memory and your email account, nothing more.

You don't need an over-engineered feature such as multi-signature transactions. You don't need to keep a Bitcoin private key on your phone, on your computer and with a third-party. You only need yourself. This is sensible design at its finest.

I really don't get what you mean by this. You enter what's on what's on your memory, it's intercepted, your funds are gone. It's not only your memory that you need to trust, but also, for instance, the device you are entering those "credentials".

I like blockchain.info's wallet, but these are two unrelated concepts. Multi-signature transactions allow you to utilize the network's power to protect yourself from those attacks. I can't think of any other way to create a fool-proof measure against compromised devices, can you?

There's the method of not using a compromised device and not making it probable for your device to be compromised in the first place. If you're not spreading how much money you have along with your IP address everywhere, you shouldn't have to worry about people putting keyloggers on your computer and phone.

A hacking independent from this is extremely unlikely if you have sensible security practices...

Maybe this wallet isn't for morons. However, getting multi-signature protection to the average user and morons is a problem unto itself.

As for a simple solution to a compromised device, you can always use a javascript-based virtual keyboard.

[memvola]

If you're not spreading how much money you have along with your IP address everywhere, you shouldn't have to worry about people putting keyloggers on your computer and phone.

Infections don't need to be directed at specific targets, if there is enough incentive it could be common for malicious programs to have this secondary functionality. It's not like there is a limit to how many viruses a machine can hold.

Maybe this wallet isn't for morons. However, getting multi-signature protection to the average user and morons is a problem unto itself.

Yes, that's a problem. I think wallets like what bitcoin.info currently provides will be more popular for the near future. However, it's likely that easy solutions for multi-signature transactions will be provided at some point. It would be as easy as current two-factor authentication of bitcoin.info, and I'm sure it will be introduced by them in parallel at some point.

As for a simple solution to a compromised device, you can always use a javascript-based virtual keyboard.

Anything going from your brain into the software can be intercepted. (I suspect mouse+screen-capturing loggers are already all over the place.)

I'm guessing technically you could create a transaction without having to hold the private key in one place at any given time with some cryptographic tricks, but it would be as complicated from the user's perspective. Though it might carry a lower transaction cost. So, you could do without multi-sig I guess...

[oOoOo]

Silk Road   1GxBF2Ps8UWhzwFeEiKf4i9QuQwKDgSmCs

LOL! srsly!

[RoloTonyBrownTown]

Interesting idea, I like it.   The more security the better as far as I'm concerned, so multisig will be great once it's up and running.

Good job so far

[hashcoin]

How is this any more secure than any other e-wallet that actually stores the users keys?

You are still dependent on a third-party for security.  Anyone who hacks the server can just serve different JS that records the information
entered into the client and submits it somewhere, then steal all the coins.

It seems to do this securely, one would need to be able to "pin" the code that sees the passphrase.  E.g. a browser extension rather than a web page.

Moreover, just like mybitcoin and other web-wallets, if such a thing happens, there is no way you can know if the service was really hacked or the owner is just running with the coins.

tl;dr wallet security will only come if all the code that sees the passphrase is pinned and cannot be modified easily without approval from many people (e.g. the bitcoin client itself)

[Jon]

How is this any more secure than any other e-wallet that actually stores the users keys?

You are still dependent on a third-party for security.  Anyone who hacks the server can just serve different JS that records the information
entered into the client and submits it somewhere, then steal all the coins.

It seems to do this securely, one would need to be able to "pin" the code that sees the passphrase.  E.g. a browser extension rather than a web page.

Moreover, just like mybitcoin and other web-wallets, if such a thing happens, there is no way you can know if the service was really hacked or the owner is just running with the coins.

tl;dr wallet security will only come if all the code that sees the passphrase is pinned and cannot be modified easily without approval from many people (e.g. the bitcoin client itself)

This applies to any software that can be altered at the server level. No client protects from this.

You can do an MD5 checksum of the JS if you are that paranoid.