What advantages does this service provide over bitcoin itself? My suggestion would be to make this very clear, and definitely make sure it is explained on the About page.
Definitely agree with making the advantages clear. I can see how this could be a pretty useful interface to BTC for non-technical users. I might have to try it out myself :)
Agreed. "Without coinbase, this is how you would use bitcoins _____..., with coinbase it looks like this instead ____." Dont assume any knowledge of bitcoins.
My guess is that you can send bitcoins to people who don't give a shit about it or know how to use the client and they can in turn pay for things with the coins you sent. I'm thinking of sending my dad a couple just to see if he can figure it out. :)
I like the idea, kind of a PayPal for Bitcoin. My issues would be the usual: I don't trust a new service with my bitcoins, don't know anything about their policy for data loss, etc. The about page and support pages don't really instill any confidence. If I knew I could trust them it would seem like a great service.
It's very cool to see that after posting looking for a co-founder to get into YC, it looks like Brian has gotten into YC as a solo founder and by the looks of it, is doing great.
I sent his previous post looking for a co-founder to friends because Brian looked seriously formidable. Best of luck to him.
I think that this could be the hero that Bitcoin needs. If they make it super simple / super clean they could revolutionize Bitcoin.
To the creators, have you considered adding a USD (or other currency) funding option? Since getting the Bitcoins is probably the biggest obstacle for most everyday consumers.
Any technical details on how wallets are protected? I think we've seen how previous bitcoin websites have fared on HN, it would be cool to know some of the details on how the BTC are going to be protected so that the problems of the past don't happen again.
Yep - sorry we should really add a page on that. We're storing wallets in the cloud so this is an important concern. Private keys are encrypted in the database. bcrypted passwords. We also offer two factor authentication for your logins:
http://blog.coinbase.com/post/25677574019/coinbase-now-offer...
We'll start keeping a majority of funds in cold storage as deposits grow (we're still in beta at the moment). I worked on fraud prevention at Airbnb previously and we had lots of money flowing through the site and stored with us, so I'm familiar with best practices around this. I also have a healthy respect for what can go wrong, and I think as we grow we'll go through regular security audits (and much more scrutiny as we pursue licensing as a money transmitter). You certainly shouldn't trust us on face value though, it's something we'll have to earn over many years.
It's that they all look similar and you like the look. You also might be looking at websites built more by hackers than by web designers. Bootstrap is great for visually clean rapid development, but that comes at the cost of individuality.
Props to Coinbase for changing the looming black top bar anyway.
How is this different than MtGox? I don't trust MtGox, but at least they've made mistakes and have spoken publicly about how they've fixed those mistakes.
On the other hand, are these guys storing my wallet safely? How about my balance (please god, don't store it as a float)? How about my password? If they're not launching with two-factor auth I won't even give it a chance (and likely ever, honestly).
I've gotten progressively more and more pessimistic about these sorts of sites even though I like the idea of BitCoin as a currency. If security isn't heavily discussed and visible (2FA, do it!) at the launch, it will be hard for me to take this seriously.
And what happens if someone gains access to your server or social engineers their way in with your hosting company? As far as I can tell, this has been the biggest problem with such services so far.
Haven't signed up, but http://blog.coinbase.com/ does mention 2FA is supported through SMS or an app called Authy. In case the founder sees this, was there any reason why Verisign's VIP app (which has native apps on more devices and seems to be the de-facto standard for banking sites) was not used?
Personally, I have no idea why they didn't just use Google Authenticator and implemented OATH/TOTP on their own servers.
Relying on a third-party for authentication seems a very bad idea, specially when there's an open algorithm that is essentially just feeding a secret and the current unix time to an HMAC-SHA1.
What's wrong with storing it as a float? I'm not saying you're wrong, I just genuinely don't know. If you could explain/point me to relevant literature I'd be grateful.
That's okay. I don't think I'm really representative anyway, as I'm not a professional/schooled programmer. Thanks for the link, I did try googling it myself but I didn't think to use the word "currency" so I just got a bunch of irrelevant results.
Some numbers with a finite representation in base 10, 0.2, for example, don't have a finite representation in base 2.
They are rounded, and doing arithmetic on such numbers leads to compounded rounding errors that you don't want to see when dealing with money.
Another problem is that the mantissa of floating point numbers is limited (52 bits for doubles), which can lead to truncated numbers, another big no no.
Storing BTC balances as floats is something a few services have done in the past so it makes sense to ask/bring up. Since BTC have 8 decimal precision, rounding can become noticeable very quickly even in addition and subtraction even though in real, today's value, it's not such a big deal.
It looks nice, but I don't see anything addressing safety and security. How does this service guarantee that any money you transfer to them will be kept safe? Also, do they guarantee that if a break-in occurs like the Bitcoinica disaster, that users' monies will be returned?
Nope. They can't get federal insurance since they aren't a bank. The "bank transfers coming soon" - I've yet to see a bitcoin exchange actually allow bank transfers, so that will be a welcome thing.
Still, you should be storing your money in your wallet, not leave it sitting around on a site.
I think that games should use litecoin or something instead of <insert name of fake in-game currency here>.
Yep - sorry we should really add a page on that. We're storing wallets in the cloud so this is an important concern. Private keys are encrypted in the database. bcrypted passwords. We also offer two factor authentication for your logins:
http://blog.coinbase.com/post/25677574019/coinbase-now-offer...
We'll start keeping a majority of funds in cold storage as deposits grow (we're still in beta at the moment). And I think you're right a firm policy on this would be needed about loss of funds and what is covered. I'm interested in the idea of getting insurance through Lloyds of London or something along those lines, but haven't pursued it yet (we've just been building the prototype).
I worked on fraud prevention at Airbnb previously and we had lots of money flowing through the site and stored with us, so I'm familiar with best practices around this. I also have a healthy respect for what can go wrong, and I think as we grow we'll go through regular security audits (and much more scrutiny as we pursue licensing as a money transmitter). You certainly shouldn't trust us on face value though, it's something we'll have to earn over many years.
Google's 2FA wasn't hacked, it was bypassed. Essentially, there was a second "door" (the account recovery flow) that wasn't protected by 2FA, and that's what the attacker used.
It doesn't matter. The point of that story is, the weak link is going to be exploited. Bitcoinica is a good example. Zhoutong said at the start he understands application security, and in fact the big attacks didn't result from exploits in his code, but from third-party vulnerabilities.
What do you mean by "We'll start keeping a majority of funds in cold storage as deposits grow"?
Are you re-investing some of the deposits, and the ones that you don't touch are in this so-called "cold storage"? If yes, what percentage do you keep in cold storage, and why don't we get interest if you reinvest some of our deposits?
"Cold storage" in Bitcoin parlance is a wallet that is completely disconnected from the network. Since a "wallet" is really just a collection of private keys, one example of cold storage is to scatter pieces of the wallet (M of N splitting) in physically secure locations like safe deposit boxes.
Unless I'm misunderstanding him, what he's describing is simply "cold storage", not a fractional reserve. The putative bitcoins are still under the person's control, even if they are offline. It would only be fractional reserve lending if the person were actually lending a portion of their reserve.
But very cool site. Bitcoins are one of the things that drew me back into programming, and I'm grateful for that. (btw, are they still using json rpc for interprocess communication? it got a lot of flack, but I liked the API) But I got fed up with the volatility and the people it was attracting about a year ago and left it behind. It's good to see a legitimate business like yours getting involved (and with the ycombinator name, too!). Maybe I'll check it out again. There's a huge amount of potential there.
EDIT: My bad, I see that the parent comment was talking about fractional reserve lending. I only looked at the comment directly above your remark about reserve lending. Yeah, I'd stay away from fractional reserve lending since it's an anathema to almost everyone who uses bitcoins.
The potential was always there ever since Satoshi released the specs. The volatility is because of the nail-thin market depth, and the bubble was unavoidable (Hello 20/20 hindsight) because of that combined with some media attention and the first time occurence of a digital limited resource... Well, most people probably only thought as far as "OMFG the price is going up, I expect great returns on investment". Thankfully the price fluctuations are smaller now and we can all focus on building infrastructure and a market.
As for legitimate businesses there´s plenty. We´ve (mullvad.net) been accepting bitcoins for two years, but then again we were probably the first corporation and full-time business to do so :)
Oh, I totally agree that there are plenty of legitimate businesses using Bitcoin. I've sent you guys a lot of bitcoins over the past 1-2 years (great service, btw).
I've also paid some very professional developers and designers for high-quality work using bitcoins. Personally, I'd love for btc to take off more, since I'm a freelancer and do lots of work for overseas clients, and get hit with lots of banking fees. Btc is a fast and easy way to pay freelancers, and could be a great way to get paid by clients.
Nonetheless, I an easyjust got sick of all the hoopla surrounding Bitcoin and the constant Bitcoin heists, combined with the cluelessness of so many Bitcoin developers regarding security (not the core developers, but all the devs trying to build Bitcoin-related businesses). But perhaps it's time to give it another try.
Do my bitcoins stay as my bitcoins OR do I transfer my coins to coinbase and when I want to use them you transfer the same value back? I would feel a lot more comfortable with the later where your company was liable if you got hacked.
I don't believe it would be the possible to do the former with Bitcoin, short of telling them your private keys and erasing them from your storage I guess?
Please encrypt the private keys with a key K derived from the users' passwords. When a user logs in, your server-side code can compute K and access the bitcoins. When a user logs out, the server should forget K, erase it from RAM, thus leaving the bitcoins securely encrypted on-disk. Not even an attacker getting access to your infrastructure, not even you(!), could steal the bitcoins when the user is not logged in.
Not a single online wallet service actually does it this way, the right way, sigh... This mechanism could have prevented numerous thefts: MtGox, MyBitcoin, Bitcoinica, etc.
Like file system encryption is done. You don´t encrypt the hard drive with your pass phrase. You encrypt the encryption key to your hard drive with your passphrase. Your problem is solved with an extra key in offline storage.
In this case instead of just encrypting private keys with K (derived from user's password), you encrypt private keys with K and encrypt K with user's password. You also encrypt K with your own master key which is stored offline. You could either retrieve K manually or through a rate-limited API.
However, Estragons point about it only slowing down the attack still holds, although in Bitcoinicas case the loss would be much less, since they discovered the attack early. "not even you(!)" however is false.
For power users, if they forget their pw, they lose their coins. Period. That's the option I would use, as someone who never lost an important pw thanks to my use of redundant password safes.
For other users, when creating an account, coinbase.com could email them a "key recovery" file (or mail them a physical QR code), with instructions to keep it permanently stored in a safe place. This key recovery file would be K encrypted with a unique IV and a key known by coinbase.com, who would not keep a copy of the key recovery file. This would satisfy all my requirements: coinbase.com would be unable to steal/access the users coins, and an attacker merely getting access to the key recovery file would be unable to do anything with it.
At least for the MtGox and Bitcoinica thefts, this would only have slowed the attack down. All it would take is adding a password logger. Still might be a worthwhile extra line of defense, though.
I'm not a security expert, but at least I have first hand experience with the Bitcoinica hack. It seems that all the security features you have mentioned are present in many Bitcoin sites, including Bitcoinica,r and they don't prevent the easiest ways of losing wallets.
Storing in the cloud is especially dangerous because for most (NOT all) cloud service providers, the front-end security (concerning authentication and authorization) is probably much weaker than your own implementation. For example, anyone can reset the password with an email, and change the root passwords of the servers. There isn't likely an option for second factor authentication.
This does not apply to cloud services with serious security considerations, such as AWS. It has IAM as well as second factor authentication. However, in Bitcoinica's case, both Linode and Rackspace don't seem to be a good choice to host wallets: Linode hack was actually a result of their customer service system compromise (i.e. possibly any support agent can reset the root passwords). While Rackspace Cloud's support staff couldn't log out the hacker and preserve the servers even when the hack was detected and password being changed.
These are really basic security features that cloud services are lacking.
You made a good point that things can be upgraded as you grow. Please do that. It's exactly what I intended to do when I launched Bitcoinica last year. But after I sold the company last year, no one really think it's an urgent thing to do because there were no performance issues, no availability issues and everything went just fine. It's important to stick to the plan, and preferably allocate a fixed portion of revenue for upgrading security features and doing audits.
I'm glad to give you more information so that you can make better decisions (just drop me an email). I have been leading Bitcoinica for half a year (until the handover in April) and I had some experience in running a Bitcoin site that scaled quite well. I'm working on a non-Bitcoin project at the moment but I really want Bitcoin to succeed.
Intent is not the same as action, and as you said, no one (including you) thought it was urgent to upgrade your security. Shortly thereafter you discovered that there are black swans.
The above is also very easy for someone (like me) to say when you´re not in the middle of it. You want to grow your business, and the benefits of working on security are hard to measure. I get it. That´s when you need to ask yourself what your priorities are, and if you´re in the business of selling turnips, or handling valuables such as bitcoins.
Brian, you are where Zhou Tong was a while ago, although there´s no hype around your service yet. It has great potential, especially with the backing of PG et al. Please don´t make the mistake of putting security on the back burner. If anything you should use it as your primary selling point.
If you´re comfortable with it, subject your internal architecture to public scrutiny. If you´re not, think really hard before you say "trade secret".
That's nice and all, but you're loading arbitrary javascript from Olark, CloudFront and Google on your login page. So no matter how much you secure your own systems, you're reliant on several third parties securing there's too.
"Widespread Adoption"About $2 million a day (USD) is already being transacted in bitcoin. It's quickly becoming an international currency of the world.
WoW gold is a multi bullion dollar economy with daily transactions worth around around 10-100 times what BitCoin is currently doing depending on how and what you count.
ahem. There is already a large international currency that is way bigger than bitcoin (and maybe bigger than USD). Euro. (Though then we get into semantic arguments about "international")
BTC transactions are all public in the blockchain so they're not as anonymous as many think.
But as for preventing your identity from being linked to your BTC wallet? There's probably no way to prevent that if the service provider is under US jurisdiction.
You can certainly be fully anonymous with bitcoin but care must be taken... Mainly, you need to isolate your change to an identity wallet - a wallet used for specific purpose under a dedicated pseudonym. Identity of the pseudonym is protected by plausible deniability - "I bought those coins on MTGOX, but I sold some of them to some guy for cash on the street corner, that purchase wasn't me"
The more hops through a wallet (which can be created dozens of times), adds more plausible deniability and separation to any purchase.
Since you auto-focus on the email address input field... it erases the default text that reads "Your Email" so it is initially quite confusing to know what you should enter.
I had to click on the page to de-select the input, see that it said "Your Email", and then enter my email.
The way it is now, it looks like you might simply want two passwords.
I asked the following downthread but I'm afraid its going to get buried in the muck:
"Zero Transaction Fees"???
Are you refunding the bitcoin transaction fees that are builtin to the protocol[1]? If you are going to eat that cost you should say so, it seems like a good marketing point.
So we aren't including any bitcoin transaction fees by default. If you try to send a transaction below 0.01 it will never get confirmed without the fee, so we added this user interface improvement a few days ago which gives the option of including the fee if people want to:
Coinbase will make money more like an exchange down the road, 0.5% to convert money into our out of bitcoin, but once you have your money in bitcoin there are no transaction fees (it mentions this on the homepage, but admittedly it's still a bit confusing). I wish there was a better way to distinguish between an exchange fee and transaction fee (to the average consumer these may be the same thing, I'm not sure).
In general, I would like to abstract out the idea of btc fees to the average user (I think it's an unnecessary complication for someone new to bitcoin). It would be much easier to just say "no fees" - this is simple and shows a clear benefit of using bitcoin. If you have to explain to people that "sometimes there are fees, but they are a lot lower, etc" it loses some of it's punch. Right now we can do zero fees and transactions still get confirmed. In the future we may be able to do it by eating the cost and have this be a cost of doing business, but that is a decision for later.
While I'm not a big fan of BitCoin, I don't think this is a very good argument. You could use the same argument for banks and "get robbed". Why doesn't this happen to banks?
The difference between the bitcoin banks/cloud wallets has been that the bitcoin counterparts seldom have any law or big organization to back them but only a few hackers with a bitcoind and a web servers. Some, like the old mybitcoin.com, have been hacked mysteriously with little data released, but only millions of $ worth of bitcoins gone forevermore.
He's echoing the many, many scandals of centralized bitcoin banks that had the same thing happen over the past year. It's like the wild west out there.
If Joe Blow rents a $20/mo. VPN and opens up the "First Federated Bank of Joblovia", chances are he isn't going to be able to take a whole lot of wire transfers to his Bank of America account before the feds move in and shut him down. In fact this is basically what happened to some of the earliest Bitcoin exchanges who were less sophisticated with how they moved currency in and out; guys like Jered from Tradehill used their personal bank accounts to take money from people, and gave them Bitcoins online. The cashflow problems and subsequent collapse stemmed more from the constant shutdown of bank accounts than from the "misunderstanding" with Dwolla as to the nature of Dwolla's chargeback policy. I think.
In any case, Bitcoin offers the ability to do exactly this: Open a completely unregulated financial institution with no accountability. Looking at this site, the first question in my head was "Where are your coins stored?" Second was, "What are the limits, and how, exactly, do you guarantee funds will transmit since every country in the world has different limits, regulations and KYC disclosures required to make that possible?"
The answer for Bitcoin businesses thus far has mostly been "don't worry about it". In Bitcoin that's slang for "I'm using my bank account, my buddy's bank account, my girlfriend's bank account...and I swear you'll get your money on time until you don't, and I'm gone, and you're fucked."
I going to pretend you are actually serious about this. Let's make a strawman that actually makes it easier to suggest that this is "the same as banks".
Let's pretend for a minute that we're dealing with a non-FDIC insured bank (like some of the original online banks), with none of the regulatory controls that obviously provide a lot of protections.
Let's pretend for a minute that the bank stupidly keeps all of its holdings as cash that are held on site at the bank. It doesn't use notes or other securities for transactions, only cash. Let's pretend that the bank also self-insures those holdings (which basically means no insurance).
Okay, so I compromise the bank's security, take every bit of cash. I disappear to some island in the Pacific with every last cent.
How badly is the bank screwed? How badly are the customers of the bank screwed?
Actually, not that badly. I only wiped out the bank's reserves. That means both the bank and its customers have a short term liquidity problem, but not necessarily a significant asset problem.
A regulated bank would have 10% of all deposits in its reserves. Unregulated banks often have far less, but let's pretend it is 10%. The bank loses 10% of its value. If it can stay solvent, then nobody loses any money, but it might take a few days before people can make withdrawals (which could cause a bank run, but that's a whole different problem). If the bank can't stay solvent, it goes bankrupt, and depositors become creditors. It'll take a while to resolve the legal process, so liquidity is killed, but when it all ends, depositors are going to get back something close to 90% of their money back.
The key thing is that the bank lends out most of the money it takes in. Even if you rob the bank of all its cash, the bulk of the "assets" of the bank are all the IOU's from lendees, which is value that is really hard to "steal", because lendees tend to only pay their lender, and then tend to do so in installments over a great deal of time.
THIS IS WRONG: Hacking Coinbase would be more akin to hacking say Visa, and redirecting all payments to you instead of the intended merchant.... if Visa's transactions were all cash based, instead of credit based... and Visa was unregulated... and even then it is kind of different because Visa is a middle man between two banks...
UPDATED: Okay, I just read they are actually storing the bitcoins in the cloud, rather than just exchange the coins between the two parties.... So actually, it's not like hacking Visa, unless Visa didn't reconcile their transactions with its customers for extended periods of time and held all of the float as cash.
So what you're saying is that banks are more stable because only a small portion of their assets are kept as reserve? In that case, what's stopping bitcoin "depositories" such as this converting the bulk of their assets to something else as well?
Well, it doesn't make them more stable, but it makes them more resilient to criminal theft.
Bitcoin "depositories" open up a pretty big can of worms if they convert their assets. Part of the point of using bitcoin is not to have to use other assets.
They could start lending bitcoins, but that's going to invite a lot of scrutiny, particularly from the regulators.
They can't do that because there is nowhere really safe to put the BTC. They cannot loan it out because nobody needs that much BTC, and it's unwise to invest it in USD or anything else because the currency's fickleness compared to USD(you could lose a lot of money, or possibly make some).
The problem is that the current Bitcoin "banks" aren't really banks. They're more akin to socks under a mattress than a bank.
At a very basic macro economist level, banks have two functions:
1. They are a place for clients to place their money. To incentiveize this behavior, they pay those clients interest on the money in their accounts to keep it there.
2. They take that money and give out loans to people, and charge interest over the time it takes to repay the loan.
In a healthy economy, the two feed each other. Broadly speaking, the circulation of currency works like this: People/businesses take out loans. That money is used to buy things (houses, cars, short term equipment expenses, etc.). The businesses that are paid for the goods/services pay their employees, who put the money into the bank. Note that even in this situation, banks aren't entirely necessary, because people could just buy stuff, which goes to employers, who pay employees, who buy stuff...
Bitcoin does not have either economy yet. Right now, it's used just to buy things, with BTC being converted to a "real" currency(USD, Euro, etc.) on both ends. So it's really just a single directional currency. So, right now, if I wanted to operate a Bitcoin bank, I'd have to convert it to USD or some other currency, and keep it totally separate from my liquid BTC wallets to mitigate the risk of getting hacked and the wallets getting stolen. Unfortunately, that's incredibly risky, because I would then have to deal with the exchange rate between BTC and USD.
That isn't necessarily the fault of BTC banks though. Let us be honest here - if we (the viewing public of HN) collectively wanted to put in every effort to supplant flat currencies for BTC so nobody can print it anymore, all of us combined would not have the financial assets required to sway the supermassive giants of the world like Walmart, Amazon, Google, Apple, the big 3 car manufacturers, realtors, and more importantly than anything else, the stock markets to start trading in BTC would take the financial efforts of pretty much the entirety of the top 400 wealthiest Americans.
The markets are more resistant to currency shift than enterprises are to getting off XP and IE6. BTC will always fail because everyone is to lazy to get rid of the dollar as the reserve currency.
This is not exactly true. I believe MTGox uses offline wallets for the storage of the funds, and I'd expect any other sane bank use it as well.
If someone breaks into the MTGox, they'll be only able to steal the "reserve". To get to the real money, the MTGox admin has to physically go into a vault (safe), and retreive its contents.
Since many people use Bitcoin specifically because it is unregulated, they won't complain to the government when their Bitcoins are stolen. What trotsky is really saying is that a Bitcoin company can just embezzle its customers' money and blame it on hackers. It's hard to know whether this has ever happened, but there have been some fairly sketchy incidents.
The truth is that all your money has already been stolen from the banks but we pretend it's still there via devaluing savings via money printing in an attempt to maintain the illusion each time the banking debt pyramid is about to collapse.
google "scare quotes'' + ''dan bloom" to see inside skinny on the meaning and origins of the scare quotes term, first coined in 1934.... ! but why is SCARE part of the term? if know, email me at danbloom AT gmail
That pretty much sums up the demise of Bitcoin, pretty much every bitcoin "exchange" seems to be created by high school kids doing their first steps in PHP and Javascript. Wake me up when a real bank (or a renowned exchange like Ameritrade, Intrade etc) starts trading Bitcoins.
That and for me the main blocker of Bitcoin is how to exchange my currency (MXN or EUR) into Bitcoins.
If I want to sell something, how can I get my Bitcoins converted to cash, safely and reliably? I don't trust MtGox, and I don't want to long-term forex risk exposure. Is there someone who could settle Bitcoin to USD, daily in San Francisco?
A reliable BTC<->USD exchange is going to be a key requirement for any meaningfully large BTC adoption.
A year ago, when I was looking around, there was none. I have no real qualms about dropping a few bucks into BTC, but I have to be confident that I can exchange it for the ability to pay my bills.
bit-pay.com offers a service where you can accept payment in Bitcoin, which is then immediately converted to USD at the average market rate (of the last 15 minutes) and sent to your bank account. I believe the funds are available next day, I forget.
So, this is essentially yet another cloud-based bitcoin wallet?
Also, how will you comfort your customers when you get hacked and their funds are gone? That is not a hypothetical thing to ask, but very real and has happened before in the cloud-wallet bussiness.
Anyone who wants to get started with bitcoin, I suggest using the client Electrum. Written in python, light, quick and secure.
I'm not sure why, but I find the term "for the masses" horribly insulting and elitist. It instantly turns me off on whatever it is you're talking about and tells me absolutely nothing about the product other than you think your target market is a mass of people that aren't as smart as you.
171 comments
[ 2.2 ms ] story [ 209 ms ] threadThe AllThingsD article linked from the page mentions that the company is part of the current Y Combinator class.
I sent his previous post looking for a co-founder to friends because Brian looked seriously formidable. Best of luck to him.
To the creators, have you considered adding a USD (or other currency) funding option? Since getting the Bitcoins is probably the biggest obstacle for most everyday consumers.
We'll start keeping a majority of funds in cold storage as deposits grow (we're still in beta at the moment). I worked on fraud prevention at Airbnb previously and we had lots of money flowing through the site and stored with us, so I'm familiar with best practices around this. I also have a healthy respect for what can go wrong, and I think as we grow we'll go through regular security audits (and much more scrutiny as we pursue licensing as a money transmitter). You certainly shouldn't trust us on face value though, it's something we'll have to earn over many years.
Props to Coinbase for changing the looming black top bar anyway.
On the other hand, are these guys storing my wallet safely? How about my balance (please god, don't store it as a float)? How about my password? If they're not launching with two-factor auth I won't even give it a chance (and likely ever, honestly).
I've gotten progressively more and more pessimistic about these sorts of sites even though I like the idea of BitCoin as a currency. If security isn't heavily discussed and visible (2FA, do it!) at the launch, it will be hard for me to take this seriously.
http://blog.coinbase.com/
Personally, I have no idea why they didn't just use Google Authenticator and implemented OATH/TOTP on their own servers. Relying on a third-party for authentication seems a very bad idea, specially when there's an open algorithm that is essentially just feeding a secret and the current unix time to an HMAC-SHA1.
And I really don't mean to pick on you, but that this isn't better known is why I worry when I see random sites popup offering financial services.
Also, all Bitcoin calculations are supposed to be done in integer Satoshis.
They are rounded, and doing arithmetic on such numbers leads to compounded rounding errors that you don't want to see when dealing with money.
Another problem is that the mantissa of floating point numbers is limited (52 bits for doubles), which can lead to truncated numbers, another big no no.
Still, you should be storing your money in your wallet, not leave it sitting around on a site.
I think that games should use litecoin or something instead of <insert name of fake in-game currency here>.
We'll start keeping a majority of funds in cold storage as deposits grow (we're still in beta at the moment). And I think you're right a firm policy on this would be needed about loss of funds and what is covered. I'm interested in the idea of getting insurance through Lloyds of London or something along those lines, but haven't pursued it yet (we've just been building the prototype).
I worked on fraud prevention at Airbnb previously and we had lots of money flowing through the site and stored with us, so I'm familiar with best practices around this. I also have a healthy respect for what can go wrong, and I think as we grow we'll go through regular security audits (and much more scrutiny as we pursue licensing as a money transmitter). You certainly shouldn't trust us on face value though, it's something we'll have to earn over many years.
How do you seceure yourself for something like that?
Probably by being careful.
Are you re-investing some of the deposits, and the ones that you don't touch are in this so-called "cold storage"? If yes, what percentage do you keep in cold storage, and why don't we get interest if you reinvest some of our deposits?
What you're describing is called fractional reserve lending and we definitely aren't doing that.
What? Why not?
But very cool site. Bitcoins are one of the things that drew me back into programming, and I'm grateful for that. (btw, are they still using json rpc for interprocess communication? it got a lot of flack, but I liked the API) But I got fed up with the volatility and the people it was attracting about a year ago and left it behind. It's good to see a legitimate business like yours getting involved (and with the ycombinator name, too!). Maybe I'll check it out again. There's a huge amount of potential there.
EDIT: My bad, I see that the parent comment was talking about fractional reserve lending. I only looked at the comment directly above your remark about reserve lending. Yeah, I'd stay away from fractional reserve lending since it's an anathema to almost everyone who uses bitcoins.
As for legitimate businesses there´s plenty. We´ve (mullvad.net) been accepting bitcoins for two years, but then again we were probably the first corporation and full-time business to do so :)
I've also paid some very professional developers and designers for high-quality work using bitcoins. Personally, I'd love for btc to take off more, since I'm a freelancer and do lots of work for overseas clients, and get hit with lots of banking fees. Btc is a fast and easy way to pay freelancers, and could be a great way to get paid by clients.
Nonetheless, I an easyjust got sick of all the hoopla surrounding Bitcoin and the constant Bitcoin heists, combined with the cluelessness of so many Bitcoin developers regarding security (not the core developers, but all the devs trying to build Bitcoin-related businesses). But perhaps it's time to give it another try.
Please encrypt the private keys with a key K derived from the users' passwords. When a user logs in, your server-side code can compute K and access the bitcoins. When a user logs out, the server should forget K, erase it from RAM, thus leaving the bitcoins securely encrypted on-disk. Not even an attacker getting access to your infrastructure, not even you(!), could steal the bitcoins when the user is not logged in.
Not a single online wallet service actually does it this way, the right way, sigh... This mechanism could have prevented numerous thefts: MtGox, MyBitcoin, Bitcoinica, etc.
In this case instead of just encrypting private keys with K (derived from user's password), you encrypt private keys with K and encrypt K with user's password. You also encrypt K with your own master key which is stored offline. You could either retrieve K manually or through a rate-limited API.
However, Estragons point about it only slowing down the attack still holds, although in Bitcoinicas case the loss would be much less, since they discovered the attack early. "not even you(!)" however is false.
For power users, if they forget their pw, they lose their coins. Period. That's the option I would use, as someone who never lost an important pw thanks to my use of redundant password safes.
For other users, when creating an account, coinbase.com could email them a "key recovery" file (or mail them a physical QR code), with instructions to keep it permanently stored in a safe place. This key recovery file would be K encrypted with a unique IV and a key known by coinbase.com, who would not keep a copy of the key recovery file. This would satisfy all my requirements: coinbase.com would be unable to steal/access the users coins, and an attacker merely getting access to the key recovery file would be unable to do anything with it.
This does not apply to cloud services with serious security considerations, such as AWS. It has IAM as well as second factor authentication. However, in Bitcoinica's case, both Linode and Rackspace don't seem to be a good choice to host wallets: Linode hack was actually a result of their customer service system compromise (i.e. possibly any support agent can reset the root passwords). While Rackspace Cloud's support staff couldn't log out the hacker and preserve the servers even when the hack was detected and password being changed.
These are really basic security features that cloud services are lacking.
You made a good point that things can be upgraded as you grow. Please do that. It's exactly what I intended to do when I launched Bitcoinica last year. But after I sold the company last year, no one really think it's an urgent thing to do because there were no performance issues, no availability issues and everything went just fine. It's important to stick to the plan, and preferably allocate a fixed portion of revenue for upgrading security features and doing audits.
I'm glad to give you more information so that you can make better decisions (just drop me an email). I have been leading Bitcoinica for half a year (until the handover in April) and I had some experience in running a Bitcoin site that scaled quite well. I'm working on a non-Bitcoin project at the moment but I really want Bitcoin to succeed.
The above is also very easy for someone (like me) to say when you´re not in the middle of it. You want to grow your business, and the benefits of working on security are hard to measure. I get it. That´s when you need to ask yourself what your priorities are, and if you´re in the business of selling turnips, or handling valuables such as bitcoins.
Brian, you are where Zhou Tong was a while ago, although there´s no hype around your service yet. It has great potential, especially with the backing of PG et al. Please don´t make the mistake of putting security on the back burner. If anything you should use it as your primary selling point.
If you´re comfortable with it, subject your internal architecture to public scrutiny. If you´re not, think really hard before you say "trade secret".
Er... bit of a stretch
But as for preventing your identity from being linked to your BTC wallet? There's probably no way to prevent that if the service provider is under US jurisdiction.
The more hops through a wallet (which can be created dozens of times), adds more plausible deniability and separation to any purchase.
I had to click on the page to de-select the input, see that it said "Your Email", and then enter my email.
The way it is now, it looks like you might simply want two passwords.
I asked the following downthread but I'm afraid its going to get buried in the muck:
"Zero Transaction Fees"???
Are you refunding the bitcoin transaction fees that are builtin to the protocol[1]? If you are going to eat that cost you should say so, it seems like a good marketing point.
[1] https://en.bitcoin.it/wiki/Transaction_fees
So we aren't including any bitcoin transaction fees by default. If you try to send a transaction below 0.01 it will never get confirmed without the fee, so we added this user interface improvement a few days ago which gives the option of including the fee if people want to:
http://blog.coinbase.com/post/26452774981/confirming-small-t...
Coinbase will make money more like an exchange down the road, 0.5% to convert money into our out of bitcoin, but once you have your money in bitcoin there are no transaction fees (it mentions this on the homepage, but admittedly it's still a bit confusing). I wish there was a better way to distinguish between an exchange fee and transaction fee (to the average consumer these may be the same thing, I'm not sure).
In general, I would like to abstract out the idea of btc fees to the average user (I think it's an unnecessary complication for someone new to bitcoin). It would be much easier to just say "no fees" - this is simple and shows a clear benefit of using bitcoin. If you have to explain to people that "sometimes there are fees, but they are a lot lower, etc" it loses some of it's punch. Right now we can do zero fees and transactions still get confirmed. In the future we may be able to do it by eating the cost and have this be a cost of doing business, but that is a decision for later.
Hope it helps.
https://en.bitcoin.it/wiki/MyBitcoin
In any case, Bitcoin offers the ability to do exactly this: Open a completely unregulated financial institution with no accountability. Looking at this site, the first question in my head was "Where are your coins stored?" Second was, "What are the limits, and how, exactly, do you guarantee funds will transmit since every country in the world has different limits, regulations and KYC disclosures required to make that possible?"
The answer for Bitcoin businesses thus far has mostly been "don't worry about it". In Bitcoin that's slang for "I'm using my bank account, my buddy's bank account, my girlfriend's bank account...and I swear you'll get your money on time until you don't, and I'm gone, and you're fucked."
This looks to be yet another one. No news here.
Let's pretend for a minute that we're dealing with a non-FDIC insured bank (like some of the original online banks), with none of the regulatory controls that obviously provide a lot of protections.
Let's pretend for a minute that the bank stupidly keeps all of its holdings as cash that are held on site at the bank. It doesn't use notes or other securities for transactions, only cash. Let's pretend that the bank also self-insures those holdings (which basically means no insurance).
Okay, so I compromise the bank's security, take every bit of cash. I disappear to some island in the Pacific with every last cent.
How badly is the bank screwed? How badly are the customers of the bank screwed?
Actually, not that badly. I only wiped out the bank's reserves. That means both the bank and its customers have a short term liquidity problem, but not necessarily a significant asset problem.
A regulated bank would have 10% of all deposits in its reserves. Unregulated banks often have far less, but let's pretend it is 10%. The bank loses 10% of its value. If it can stay solvent, then nobody loses any money, but it might take a few days before people can make withdrawals (which could cause a bank run, but that's a whole different problem). If the bank can't stay solvent, it goes bankrupt, and depositors become creditors. It'll take a while to resolve the legal process, so liquidity is killed, but when it all ends, depositors are going to get back something close to 90% of their money back.
The key thing is that the bank lends out most of the money it takes in. Even if you rob the bank of all its cash, the bulk of the "assets" of the bank are all the IOU's from lendees, which is value that is really hard to "steal", because lendees tend to only pay their lender, and then tend to do so in installments over a great deal of time.
THIS IS WRONG: Hacking Coinbase would be more akin to hacking say Visa, and redirecting all payments to you instead of the intended merchant.... if Visa's transactions were all cash based, instead of credit based... and Visa was unregulated... and even then it is kind of different because Visa is a middle man between two banks...
UPDATED: Okay, I just read they are actually storing the bitcoins in the cloud, rather than just exchange the coins between the two parties.... So actually, it's not like hacking Visa, unless Visa didn't reconcile their transactions with its customers for extended periods of time and held all of the float as cash.
Bitcoin "depositories" open up a pretty big can of worms if they convert their assets. Part of the point of using bitcoin is not to have to use other assets.
They could start lending bitcoins, but that's going to invite a lot of scrutiny, particularly from the regulators.
The problem is that the current Bitcoin "banks" aren't really banks. They're more akin to socks under a mattress than a bank.
At a very basic macro economist level, banks have two functions:
1. They are a place for clients to place their money. To incentiveize this behavior, they pay those clients interest on the money in their accounts to keep it there.
2. They take that money and give out loans to people, and charge interest over the time it takes to repay the loan.
In a healthy economy, the two feed each other. Broadly speaking, the circulation of currency works like this: People/businesses take out loans. That money is used to buy things (houses, cars, short term equipment expenses, etc.). The businesses that are paid for the goods/services pay their employees, who put the money into the bank. Note that even in this situation, banks aren't entirely necessary, because people could just buy stuff, which goes to employers, who pay employees, who buy stuff...
Bitcoin does not have either economy yet. Right now, it's used just to buy things, with BTC being converted to a "real" currency(USD, Euro, etc.) on both ends. So it's really just a single directional currency. So, right now, if I wanted to operate a Bitcoin bank, I'd have to convert it to USD or some other currency, and keep it totally separate from my liquid BTC wallets to mitigate the risk of getting hacked and the wallets getting stolen. Unfortunately, that's incredibly risky, because I would then have to deal with the exchange rate between BTC and USD.
The markets are more resistant to currency shift than enterprises are to getting off XP and IE6. BTC will always fail because everyone is to lazy to get rid of the dollar as the reserve currency.
All it takes is enough people using it.
If someone breaks into the MTGox, they'll be only able to steal the "reserve". To get to the real money, the MTGox admin has to physically go into a vault (safe), and retreive its contents.
That and for me the main blocker of Bitcoin is how to exchange my currency (MXN or EUR) into Bitcoins.
It's one of those ambitious projects, that, even if failure is in the future, it's still a worthwhile project.
A year ago, when I was looking around, there was none. I have no real qualms about dropping a few bucks into BTC, but I have to be confident that I can exchange it for the ability to pay my bills.
Also, how will you comfort your customers when you get hacked and their funds are gone? That is not a hypothetical thing to ask, but very real and has happened before in the cloud-wallet bussiness.
Anyone who wants to get started with bitcoin, I suggest using the client Electrum. Written in python, light, quick and secure.
Also did you mean shopping card or shopping cart? I can't resolve either from context and shopping card is not commonly used.