I've mentioned it
here already, but it's worth it's own topic I think.
Why don't all exchanges have an optional field for us to upload a GnuPG public key? In particular, one that matches the email address registered on the account?
As in the recent Bitcoinica case, and the original Mt.Gox hack, return to service is highly dependent on verifying identity. The OpenPGP system has been around for years and works very well. What's more, the exchanges could periodically sign those keys offline for themselves -- then, in the event of a complete database breach and potential alteration they would be able to verify every single identity, detecting those that a hacker had tampered with and able to restore the original owner reliably
It sometimes takes an event like these hacks to trigger a change of culture. Perhaps this Bitcoinica hack could be the impetus for other exchanges to use digital identities, which are, let's be honest, far more secure than a scan of a passport (it's not difficult to photoshop a scan to whatever you want).
Wouldn't we all feel more secure if we had a reliable way of proving our identity to the exchange whenever they think activity is suspicious?
What would it take for the big four, Mt.Gox, Intersango, btc-e and virwox to simply add a field to their databases?
