 |
November 05, 2014, 12:18:11 PM |
|
There's a new trend of Tor exit nodes MITMing bitcoin sites, and even using self-signed certs, which fool users who don't know better into thinking that they are now "safe" because they have an https connection.
I propose that web wallets and exchanges officially publish hidden services. Because the service is listed on your site and otherwise verified to be yours, users will know that it's the correct site. Because it's a hidden service, exit nodes can't fuck over users.
It's a win-win. The exchanges can still have full AML/KYC/whatever other privacy invading things they need, because they know who the users are when the users log in. And the users can be confident it's the right site because you the site have widely publicized the correct official hidden service URL.
To their detriment, many Bitcoin users are simply not tech-savvy enough to use Bitcoin safely. To attempt to mitigate their incompetence, they often hold their funds with websites they trust. They also attempt to use privacy software that is uncomplicated enough that they can figure out how to make it work.... Like the Tor Browser Bundle or the TAILS live OS. So when they are on an unsecured wifi or using another computer and they are scared about their bitcoins being hacked, they turn to such things in the hopes and expectations that they will help protect them.
These users may not fully understand the limitations of these tools-- what they can do, what they can NOT do, and where the potential risks and threats may be.
Having common Bitcoin sites have official Tor hidden services protects users. It's a very obvious step that needs to be done in order to increase user security, at no extra cost to anybody.
It's frankly shameful that more sites haven't done it already. (And kudos to those that have.)
|
