Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: Bounty for the MyBitcoin.com hacker (~25BTC)
by
llama
on 08/08/2011, 02:13:13 UTC
Bitbills here, want to address a few things.
I won't address the security of our products or their manufacturing process, as we've covered this elsewhere.

On the topic of our SSL certificate, we find it hard to believe that a community as skeptical as Bitcoin holds much faith in the security theater that is the modern Public Key Infrastructure. Recent events have shown that none of the "authorities" can be absolutely trusted. We believe that a CACert, WOT based certificate is better than any commercial offering, but due to requests from the community we've moved to a commercial solution. If anybody has any doubts about whether the public key is truly ours, I'd be happy to personally send them a postcard with a copy of our public key.

Regarding bitcoin storage, there is absolutely no perfect solution. There are advantages to home-grown storage solutions, but also to solutions that do include an element of trust. While there's certainly a risk of a webwallet turning criminal, there's also a risk that you accidentally left the bitcoin client open when you backed up your wallet and corrupted your coins. Indeed, others have lost nearly as many bitcoins as Bruce did to MBC simply because they didn't encrypt their home-stored wallet.dat file, or made some other small mistake. At some point, people need to honestly ask themselves whether its more likely that a reputable bitcoin service will turn out to be a massive conspiracy, or that their flash drive will get stolen.

There's a very good historical precedent here: traditional currencies. There's no theoretical reason why somebody couldn't store their entire net worth in their basement as cash, but they don't do it. Why? Trusted banks provide services that they need, and probably more security too. Being a digital currency, bitcoin doesn't have many of the problems that banks solve (e.g., bitcoin has no need for huge storage vaults or ACH). But bitcoin is not a miracle currency. For example, offline transactions between parties untrusting of each other are not generally possible with bitcoins, but with Bitbills this becomes possible.

I'm sorry I didn't have time to make this post shorter, but here's the big idea: every method of using bitcoins has risks, and sometimes trusting somebody else just a little bit is actually the least risky solution. Choice is better than no choice.

On a different, but related note, we're working very hard on a new product that we think will be a huge step forward for bitcoin storage: trustless bank cards. Details are forthcoming.