3/3 is a case where three signature is required to sign a transaction. So, if one user isn't online or able to sign, then you are going to migrate to a new multi-sig with new signers and servers because you have the backup, you said that.
So, if you hold the backup for all 3 signers and you can always change the fate of situation, doesn't that mean that all you are doing by multi-sig is that you just put transparent curtains? I mean, what's the point of 3/3 multisig if you can always do whatever you want?
Currently I am all 3 "users", the point is that if you have a 2 server setup for the whole infrastructure, like in a case where we all know for a fact this is the truth, then the entire service including funds are at risk of being hacked/seized//the list goes on. I can't disclose the exact setup that we are running for obvious reasons but there are >5 servers, and all but the clearnet frontend one are not exposed. While risk still exists with our setup too, it's mitigated to a minimum. I am not trying to pretend that I don't have access to funds or anything like that, I said multiple times that unless there will be more signers besides me in the multi-sig, then users will have to trust me and it's just how it is. But at least if you assume I am honest, then you don't have to worry about much else. I don't believe you have this luxury with many other services.
I mean, if something happens to those one or two users, you can use your backup that you hold for all 3 signers, right? This means, finally the control system is still centralized and in reality, we don't get pure 3 signers service because after all, you are capable to use those keys anytime you wish and finally it comes to whether we trust personally you or not, right? Or did I misunderstood something here?
Btw I'm not saying whether you are trustworthy or not, I'm neutral here.
It sounds complicated. If I have all cosigners seed then having a multi-sig is just giving a false security. It's again down to trusting one person. On the other hand it's risky for other two cosigners as they might be blamed for any mishandling. Their reputation will be at risk.
The mentions multi sig system, is it already implemented? I think it's not yet, in the case it's giving a false information.
Nice Ann design.
We are in the trust business, if we'd lie about something like this then we have no place doing what we do. You can read more about the multi-sig setup in the other thread I started.
I am coming from your response on the Ann. As I said, right now telling about multi-sig feature is a misinformation until it's implemented.