nnyld, ScaryKubiak, pluh, r3wt (and others) -
I have said before that although we have done literally everything we can think of to make our site as absolutely secure as possible, we know that there is always a possibility of any site being hacked...even the White House's site has been hacked in the past.
The Paper Vaults that The Bank of Bitcoin allows its Members to create CANNOT be hacked. They are literally just as secure as any paper wallet. I have stated this so many times, in so many ways, that I am reminded of the scene in "The Shawshank Redemption" where the lead character called the warden "obtuse" for seeming to deliberately misunderstand what he was being told.
Even if our site were hacked, any Bitcoins in your Paper Vault would be absolutely safe. This is quite unique for an online Bitcoin Service: when other online services are hacked your Private Keys and Bitcoins are gone; with us, it would be an inconvenience, but the Bitcoins and Private Keys in your Paper Vaults would remain safe.
Furthermore, to combat the possibility of the injection of malicious code into the client-side javascript used to manipulate your Paper Vaults we have described a two- or three-minute method to check that our code has not been altered (either by a hacker or otherwise).
It should be obvious that we take security VERY seriously, and have created an online Bitcoin service which handles that security by putting YOUR Private Keys and YOUR Bitcoins in YOUR hands, and yet STILL allowing you to send your Bitcoins from any javascript-enabled Internet-connected device. This is a very unique, valuable and secure service - and I am proud of what we have accomplished.
I really wasn't going to chime in on this thread again. But It's been sitting there taunting me all day.
The ironic thing is: we aren't the ones being obtuse. We'we pointing out legitimate points of weakness and flaws in your concept. We also have no doubt that you "take security VERY seriously" but that doesn't make you any good at securing your site. At best your inept at worst your attempting to pull something.
~
If I were malicious - I might do something exactly like what you've done... including making multiple mdm5 documents on how to 'verify' the authenticity of the paper wallet generation code. Then I'd set my server up to monitor get requests from the same clients. Whenever my software felt someone wasn't being diligent checking - it would then deliver altered code that would deliver a copy of the private key back to my server. Assuming that you could kick the can down the road for awhile with some less experienced users claiming your legitimacy... in a few years you'd have access to hundreds or thousands of cold storage wallets that you could then clean out for massive profit. Total time invest - six to eight hours it would take to put together your website and 2 years of hosting fees.
~
One reason nobody is taking you seriously is because you aren't offering anything (except a bit more hassle) to do the same things we can do already using established software and services. There's no way for you ever make much of a profit offering 'clones' of other services. This means that you must have some other plan for how to make a bitcoin off the venture... otherwise why bother.
Another reason is when security issues and flaws in concept are pointed out you imply we're being obtuse... if you were legitimate you'd be trying to get our input on how to fix these issues instead.
~
When it comes to the bitcoin world there are a couple hundred thousand geeks and fiscal wizards (at least) who're more than willing to help you develop a good product or service for the fun of it... or simply for whatever it might add to the growth of bitcoin. My advice to you would be to start listening to us about the issues with your 'service'.