Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Announcements
Re: bitfloor needs your help!
by
SkRRJyTC
on 03/10/2012, 17:05:03 UTC
Quote from: shtylman on October 03, 2012, 04:08:20 AM
Quote from: SkRRJyTC on October 02, 2012, 01:16:48 PM
Quote from: SkRRJyTC on September 28, 2012, 01:07:52 PM
Quote from: SkRRJyTC on September 23, 2012, 09:19:08 PM
Quote from: SkRRJyTC on September 21, 2012, 04:14:14 PM
Quote from: shtylman on September 21, 2012, 03:29:08 PM
Bitfloor has indeed resumed trading. My official statement on the matter is here:
https://plus.google.com/109620439233076225324/posts/bLJRDHApjSP

More generally https://blog.bitfloor.com will contain official updates.

If you have specific questions please contact support@bitfloor.com and I will gladly respond.

Any reasonable way for you to prove these claims?  Or someway for users to verify these claims themselves (this would be even better)

..."In reopening, a number of improvements to both the wallet storage and website have been made. Bitfloor aims to be safe and reliable platform and as a result have changed our fund storage policy to 100% offline storage for your funds. Daily transactions through out hot wallet will be backed by Bitfloor funds, never putting client funds at risk."...

..."Bitfloor is now running on dedicated servers in a PCI compliant data center based in the US. Bitfloor services are further isolated based on exposure. Testnet and development are not located in the same data center or hosting provider to ensure further isolation. Backups are encrypted and write only on all of the servers. Hot wallet files are encrypted even further and unavailable even with physical access to the disk."...

Please?

New security continues to be unverified...

There are no reasonable ways for many of your questions to be verified. The production and testnet separation can be confirmed through a traceroute on the respective domains.

I welcome suggestions for reasonable ways in which you believe your requests can be confirmed without compromising user identities, trading activity, or balances.

Smarter people could help me out here if I dont know what I'm talking about, but how about these ideas:

In order to prove "...changed our fund storage policy to 100% offline storage for your funds. Daily transactions through out hot wallet will be backed by Bitfloor funds, never putting client funds at risk." You could sign messages from both the Bitfloor wallet and the customer funds wallet or at least show a picture of what you used to make the offline wallet or the offline wallet itself.

In order to prove "Bitfloor is now running on dedicated servers in a PCI compliant data center based in the US." you could show some sort of recipt from said data center.

In order to prove "Backups are encrypted and write only on all of the servers." why not just host them publicly?  If they are properly encrypted it shouldn't be an issue and I believe with some cyrtpo hash magic a person should be able to verify their own details are in the backup without others being able to break it.