Bitcoin Forum
December 04, 2016, 04:19:03 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: List of Bitcoin Companies with Adequate Backup--Please Submit  (Read 4951 times)
ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
May 28, 2012, 09:27:50 PM
 #21

And this ladies and gentlemen is how a market regulated by strictly market consumers (i.e. a free market) regulates itself. Isn't it beautiful?  Cool
It is beautiful, yes, but we're not even getting the best part.

Many of the people who would be this market's honest players are frightened off by the fear that Bitcoin might be (or might be declared) illegal. Dishonest players, of course, don't care about this. So the distribution of market participants is inevitably skewed somewhat.
1480868343
Hero Member
*
Offline Offline

Posts: 1480868343

View Profile Personal Message (Offline)

Ignore
1480868343
Reply with quote  #2

1480868343
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480868343
Hero Member
*
Offline Offline

Posts: 1480868343

View Profile Personal Message (Offline)

Ignore
1480868343
Reply with quote  #2

1480868343
Report to moderator
1480868343
Hero Member
*
Offline Offline

Posts: 1480868343

View Profile Personal Message (Offline)

Ignore
1480868343
Reply with quote  #2

1480868343
Report to moderator
1480868343
Hero Member
*
Offline Offline

Posts: 1480868343

View Profile Personal Message (Offline)

Ignore
1480868343
Reply with quote  #2

1480868343
Report to moderator
repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
May 28, 2012, 09:51:29 PM
 #22

And this ladies and gentlemen is how a market regulated by strictly market consumers (i.e. a free market) regulates itself. Isn't it beautiful?  Cool
It is beautiful, yes, but we're not even getting the best part.

Many of the people who would be this market's honest players are frightened off by the fear that Bitcoin might be (or might be declared) illegal. Dishonest players, of course, don't care about this. So the distribution of market participants is inevitably skewed somewhat.

In the short-term, the risk is more that Bitcoin will be brought under existing regulations related to currency, e-currency, commodities, payment transmission etc.  Many players in the Bitcoin game would be unable to afford the cost of licensing, insurance, and other compliance requirements if that happens, and no-one wants to be forced to close down before their initial investment has become profitable (the majority of small businesses aren't profitable in their early years).

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
ssaCEO
Hero Member
*****
Offline Offline

Activity: 568



View Profile WWW
May 28, 2012, 10:02:47 PM
 #23

I certainly understand the level of suspicion, after what's happened lately where we took people's word for something and got shafted ourselves. It's the same in the online casino industry, maybe more so. There's a whole bunch of ways people have tried to solve that trust problem, none of them completely successful:

1) crowd-sourced reputation monitoring, regulation-by-complaint, let-the-market-decide, etc. which doesn't always work (this is where most Bitcoin commerce is presently)
2) a few trustworthy independent sources emerging to act as magnets for the better operations, writing their own standards and stepping in personally to mediate casino/player disputes (like http://casinomeister.com with their pitch-a-bitch complaint resolution procedure, where they contact casinos on the player's behalf; and their dreaded "rogue casino" list). The danger here is that power corrupts.
3) relatively weak government licensing jurisdictions which do a few audits and sign off, in some rare cases making good on defaults of companies in their orbit,
4) large governments like the US where the solution has been to nuke the industry completely, using the history of unaccountability as an excuse to curtail freedom.

There are a few outlying examples, like Galewind Software Co. paying out a player and shutting down an operator's casino when the operator running their software refused to pay; as great as it was, this was barnyard justice and no way for an industry to run.

So take your pick. It ain't pretty. IMHO, option #2 works best. Before we launched I spent almost a year on casinomeister talking to players, reading complaints against other casinos and trying to figure out how to build a site that would be safe, responsive to players, and would make sure that even under catastrophic circumstances we would always have enough backups and funds to cover it and never land on the rogue list. To me, this site isn't just a one-off little league Bitcoin casino, it's a platform I'm constantly improving that isn't limited to this market. So our site was built to casinomeister's standard, which is actually a lot higher than what most licensing jurisdictions ask for; and far higher than anyone in the Bitcoin community has ever asked for out loud. This is probably the first step in that direction, and I support it.

So. While we won't post details of our security procedures in a public forum, we would be willing to share some information with the OP, in confidence, based on which he can make a well-informed recommendation as to whether what I've said here is true. This obviously sets a precedent that gives Phineas a fair amount of power, potentially. But I do think his intentions are honest. I've been approached by certain scammers on this board out of the blue, saying they wanted access to our systems to "audit" us. Good luck. But if we can prove to Phineas that we are what we say we are, then hopefully that will set people at ease, and it would set my mind at ease if more Bitcoin companies were willing to be forthcoming with those kinds of details.

Specifically I'm proposing to show the following:
* List of servers we control
* Hourly cron backup scripts (redacted for usernames)
* Screenshots of daily offline backups in progress/completed (only 71 Mb!)
* A more thorough explanation than I'm willing to give here.

repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
May 28, 2012, 10:12:09 PM
 #24

Before we launched I spent almost a year on casinomeister talking to players, reading complaints against other casinos and trying to figure out how to build a site that would be safe, responsive to players, and would make sure that even under catastrophic circumstances we would always have enough backups and funds to cover it and never land on the rogue list.

This is critical.  Many businesses are dangerously under-capitalised at start-up and don't have enough financial reserves to cover catastrophic loss (and few are profitable enough in the short term for a business to set aside adequate reserves as the customer base grows - at some stage, an expanding enterprise will reach the point where taking out a HELOC or the owner selling their home would be inadequate to cover the amount owed in the event of catastrophic loss).

It's important to remember that the best technical security in the world isn't going to help if the majority of user funds are held in currency and an exchange's bank accounts get frozen.  In some cases, the loss of Bitcoins would be less catastrophic to a business and it's users than bank or payment processor accounts being frozen.

WBX customers, for example, would have been better off had the exchange's Bitcoins been stolen rather than anything affecting user funds being held in the bank account.  Had the funds been intact but the Bitcoins lost, the return to users would be significantly higher.

Quote
Using the numbers that Andre recently provided, on top of my most recent backup shows that WBX should currently be holding
1,769.0417 BTC and 25,779.49 AUD.  If we assume a price of $5 AUD/BTC then that's a total of 1,769.0417 + 5,155.898 = 6,924.9397 BTC.

Users have no real idea of how the risk is spread with most Bitcoin entities and whether the loss of Bitcoins or funds held in bank accounts would be more catastrophic. 

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
malevolent
can into space
Staff
Legendary
*
Offline Offline

Activity: 1624



View Profile
May 28, 2012, 10:28:29 PM
 #25



Glad to hear, if you are unsure whom to trust I suggest you contact one of the moderators or admins here, not everyone is technically competent and trustworthy.

Meanwhile, I'll check your site with nmap + w3af + my brain & google Wink
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
May 29, 2012, 04:08:55 AM
 #26

As part of running Casascius Physical Bitcoins, I am occasionally in the position of holding others' funds, typically for overseas or large orders.

Bitcoins aren't kept online.  Payments to my website actually go to an offline wallet.  The web server knows only a list of pre-generated addresses and dispenses one with each order.  The offline wallet was generated deterministically and therefore could be recovered with just the seed.

In addition to regular database backups, I make sure my e-mail contains everything I would need to recover in the event of data loss, the e-mail being completely independent from the web server and database of course.  I receive e-mails with order details, and whenever I send unfunded coins, I send a complete list of addresses to the recipient at the time I fill the package.  While there's nothing high-tech about using e-mail, it's effective as a secondary measure.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 29, 2012, 04:14:44 AM
 #27

Quote
So. While we won't post details of our security procedures in a public forum, we would be willing to share some information with the OP, in confidence, based on which he can make a well-informed recommendation as to whether what I've said here is true. This obviously sets a precedent that gives Phineas a fair amount of power, potentially. But I do think his intentions are honest. I've been approached by certain scammers on this board out of the blue, saying they wanted access to our systems to "audit" us. Good luck. But if we can prove to Phineas that we are what we say we are, then hopefully that will set people at ease, and it would set my mind at ease if more Bitcoin companies were willing to be forthcoming with those kinds of details.

I don't need to see anything to satisfy the purpose of this thread.

As I've said, simply stating that a backup system is in place protecting your clients is good enough for all extent and purposes of this thread. At the moment, I'm taken aback that some of the major players have yet to publically disclose, i.e. Mt Gox. Does anybody know as a fact that they currently have a backup system in place, protecting valuable data? What about the other exchanges? Anybody concerned enough to fire them a PM or email, kindly asking for the information, or do you feel 100% sure that your investment is in good hands, thus having no need to worry?

The list on Post #2 of this thread sure does look mighty thin. Maybe that's all the companies that deal with Bitcoin that have adequate backups. Maybe I'll just go ahead in a couple days and create that second list I mentioned earlier on this thread. I can easily removed a name from the bad list and place the linked company's name on the good list but, of course by then, Google may already have the bad list indexed. This is not a threat! But it is looking more like a promise.

~Bruno~
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 29, 2012, 04:20:19 AM
 #28

As part of running Casascius Physical Bitcoins, I am occasionally in the position of holding others' funds, typically for overseas or large orders.

Bitcoins aren't kept online.  Payments to my website actually go to an offline wallet.  The web server knows only a list of pre-generated addresses and dispenses one with each order.  The offline wallet was generated deterministically and therefore could be recovered with just the seed.

In addition to regular database backups, I make sure my e-mail contains everything I would need to recover in the event of data loss, the e-mail being completely independent from the web server and database of course.  I receive e-mails with order details, and whenever I send unfunded coins, I send a complete list of addresses to the recipient at the time I fill the package.  While there's nothing high-tech about using e-mail, it's effective as a secondary measure.


Good enough to be added to the list, casascius. I'm sure the community thanks you.

Reader: What other company would you like to see on the list? Simply ask on this thread.

~Bruno~
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
May 29, 2012, 04:21:29 AM
 #29

Therein lies the value of a company getting an independent SAS 70 / SSAE 16 audit.

This is something I've begged MtGox to do for over a year and is a reasonable request.  It gives third party credence to the claims a company makes about numerous things, including backups.

In the payroll business, I have to do this for my customers... it's about a $10-$20k a year expense.  It is worth every penny.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 29, 2012, 07:09:03 AM
 #30

The list is growing! I've added Mr. Bitcoin to the list in Post #2 of this thread. (ref. https://bitcointalk.org/index.php?topic=84031.msg927914#msg927914)

~Bruno~
Nejc Kodric (BitStamp.net)
Member
**
Offline Offline

Activity: 62



View Profile WWW
May 29, 2012, 02:28:50 PM
 #31

I will name some of the features and safety precautions that ensure stability of our system:

* Operating system from prominent North American Enterprise Linux vendor
* Secured by National Security Agency guidance for hardening OS
* Tape storage backup
* Bitcoin cold storage on separate server and location
* Backups of database and wallet every hour 24/7
* Industry standard router and network switches
* Industry standard servers


Best regards,
Nejc Kodrič
Bitstamp.net




www.BITSTAMP.net
Trade USD to BTC in EU SEPA
Follow us on Twitter: http://twitter.com/Bitstamp
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
May 29, 2012, 02:37:59 PM
 #32

I hope this thread is the beginning of this.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 29, 2012, 03:57:23 PM
 #33

Data Center is the most secure in Australia by far ( Location & Name Will NOT be released for security reasons )

Not to be a prat, but it took about two seconds to penetrate your STO.  Location and name are quite easily found.
Easy way to fix that is a proxy in one dc and the important stuff in another.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
cryptoxchange
Sr. Member
****
Offline Offline

Activity: 305


Crypto X Change


View Profile WWW
May 29, 2012, 05:05:10 PM
 #34

Just want to say thanks for the distinction. I wish this information had been available a couple months ago.

+1

Crypto X Change Global Bitcoin Exchange - Deposit & Withdraw to and from Our Exchange now for a $5 Flat fee - No Wire Costs or Bank Fee's - 100% Automated Banking System & Extremely fast transfers. We can send out Withdraws to over 120 Currencies. www.cryptoxchange.com
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 29, 2012, 06:21:42 PM
 #35

I will name some of the features and safety precautions that ensure stability of our system:

* Operating system from prominent North American Enterprise Linux vendor
* Secured by National Security Agency guidance for hardening OS
* Tape storage backup
* Bitcoin cold storage on separate server and location
* Backups of database and wallet every hour 24/7
* Industry standard router and network switches
* Industry standard servers

Best regards,
Nejc Kodrič
Bitstamp.net


Bitstamp is now on the list.

Any others?

I hope this thread is the beginning of this.

I went to that thread and upon reading the word certificate I immediately thought of Matthew's UABB. May be time to revisit his ideas.

~Bruno~
hazek
Legendary
*
Offline Offline

Activity: 1078


View Profile
May 29, 2012, 06:34:04 PM
 #36

Hey Phinnaeus Gage, have you thought about contacting the http://bitcoincounsel.com/ guys and ask them if maybe they'd be willing to add a page for a security standard testimony list or something like that which could be updates once more businesses come forward in this thread?

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 29, 2012, 07:02:06 PM
 #37

Hey Phinnaeus Gage, have you thought about contacting the http://bitcoincounsel.com/ guys and ask them if maybe they'd be willing to add a page for a security standard testimony list or something like that which could be updates once more businesses come forward in this thread?

Now we're getting somewhere! Here's their thread: https://bitcointalk.org/index.php?topic=79575.0

I'm going to PM this post/thread to them.

~Bruno~
Nejc Kodric (BitStamp.net)
Member
**
Offline Offline

Activity: 62



View Profile WWW
May 29, 2012, 07:16:03 PM
 #38


Bitstamp is now on the list.


Thank you Phinnaeus Gage.

Best regards,
Nejc Kodrič
Bitstamp.net

www.BITSTAMP.net
Trade USD to BTC in EU SEPA
Follow us on Twitter: http://twitter.com/Bitstamp
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
May 29, 2012, 11:58:43 PM
 #39

I've opt to list companies (so far only one) whose owners have yet publically stated to this community that they have an adequate backup system in place protecting their data and, moreover, their client's funds.

I've devised a simple process so that no company is placed on the bad list--simply state publically that your data is secure. That is all! If any entity is not able to do even that, then they'll have to prove otherwise once they are on the second list.

This 21s video should sum up where I'm currently coming from: http://www.youtube.com/watch?v=dkupn-XKxpM

~Bruno~
imsaguy
General failure and former
VIP
Hero Member
*
Offline Offline

Activity: 574

Don't send me a pm unless you gpg encrypt it.


View Profile WWW
May 30, 2012, 04:58:50 AM
 #40

This is a waste of time.  You're asking owners for a statement saying their stuff is adequately backed up and that's how they get on the list?  No verification or auditing, just that they think their procedures are adequate.  Similar to how people thought it was adequate to go with cheap hosting on vps providers to hold thousands of btc only to have it stolen right out from under them?

Coming Soon!™ © imsaguy 2011-2013, All rights reserved.

EIEIO:
https://bitcointalk.org/index.php?topic=60117.0

Shades Minoco Collection Thread: https://bitcointalk.org/index.php?topic=65989
Payment Address: http://btc.to/5r6
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!