Securing safecoin


#1

Cryptography and the network protect your safecoin from online threat. However, that wouldn’t protect you from a physical threat that could persuade you to give up passwords and lose all your savings with no trace, no trail to follow. Something like keeping several million dollars in your safe at home. Not wise. Bitcoin has paper wallets that can be kept in a safe deposit box and various companies have offerings for multi-sig and 48 hr delay withdrawals. Do we have security solutions for high value savings that most of us will likely have and want to protect? Speculative investors that want to buy and hold will want this too.


#2

When you create your account, you’ll also be able to split it up among family and friends. Each can keep a piece of your puzzle. Btw nothing can protect you from a physical threat that could persuade you to give up passwords and lose all your savings with no trace, no trail to follow.


#3

If you don’t want to know your own password because of fear someone will force you to tell them then use a random password generator when creating an account, make sure its so long that you can’t memorize it on the spot. Copy, paste it into the account creation form. Then put it in a safety deposit box or give a company 1/2 the password and memorize the other half.


#4

These solutions are valid, but we know people in general aren’t going to follow them. Few ever understand the risks/benefits of the services they use, so really I would like SAFE to think these issues through and provide no-brainer solutions.

We see an even more ridiculous situation with bitcoin wallets where the Qt wallet is by default a little time-bomb, which after about 100 transactions means losing a backup can lose all your change (which could be most/all of your bitcoin). Few people realise this, no-one expects it. Let’s make SAFE a lot better than that!


#5

No one could instantly drain my bank account, my traditional investments, CD’s, stocks and bonds etc. The legacy banking system protects me :wink:


#6

We did have an option for a tracker identity. Works like this. it saves everything you save in real time as your own identity, except explicit data you mark as ultra private. It’s a different pin or password (you choose)

That way if you are forced to give up your account by a bad person they will see recent transactions and mails etc. but not the ones you wished to keep very private. It’s easy to do, but just watch the calls for us protecting bad actors flood in :slight_smile:

There are many options like this I think, even at the app level which would work. Main thing is to keep a tracker with recent activity, but not all.

In terms of account lock out (password lost) then N+P data dispersal will work fine. Like multisig but for any data. So the mix is good.


#7

Concepts to grasp include

  1. Self-enforcing architecture.
  2. Self-enforcing smart contracts.
  3. Selected third parties.
  4. Multi-signature wallets.

I would say Safecoin isn’t really designed for speculating, holding, or securing. It’s designed to be anonymous cash so if you do have millions of dollars in Safecoin you should put it into Bitshares, Bitcoin, or anything else imo. This will be necessary at least until biometrics and other technologies exist to allow you to attempt to use hardware wallets.

If your Safecoin gets stolen there is no trail to follow. While it’s not impossible to track down it’s so expensive that it’s unlikely anyone is going to help you do it. This is why I’m not pushing for Safecoin as a currency but merely as a means to an end to get SAFE Network bootstrapped.

If you want a currency to be able to act as a store of value it does help if it’s possible to trace even completely anonymous transactions. Having a blockchain does make it possible for example to follow the stolen MtGox coins and I think this kind of transparency is good for a lot of reasons.

At the same time privacy is very important too. You don’t want the cyber criminals to know how much money you have or what you’re buying do you?

The truth is security is a balance. If you are Alice then you need privacy from Mallory (the criminal hacker) but when you send a transaction to Bob both you and Bob should have internal records of that transaction. Alice and Bob are more secure having records of their own transactions with privacy from Mallory (malicious criminal hacker).

So a possible way to solve this problem is for Alice (you) and Bob (me) to both keep internal records of our transactions. TITAN actually does something exactly like this so that there is an internal memo to ourselves of every transaction we have made so that the data exists somewhere (just not public).

In the case of someone putting a gun to your head and forcing you to send coins to someone else with Safecoin then it’s not likely you’d ever be able to find the person. But if the wallet were sophisticated enough and multi-sig then you could allow trusted third parties to authorize transactions beyond a secret threshold which only you and they know. The wallet could be set up to send a fake transaction or otherwise attempt to fake out Mallory so that she thinks you sent the money but it doesn’t truly send if it doesn’t meet the secret threshold between you and your third party who manage the account.

Revocable privacy could come into play if you’re in that situation as Alice. Suppose Mallory points a gun to your head and forces you to send all your coins to her account. If I’m one of your trusted third parties then with revocable privacy you could set a contract aka script to watch for certain conditions/events and then send private information to me (the third party) if and only if those events are triggered.

So for instance if in your contract with SAFE Network you define a condition such as it is against your rules for you to send all your Safecoins to a complete stranger’s account then should this event ever be triggered for any reason then your privacy is revoked in the way that you specify (such as transaction history and ip logs). The record of the transaction and anything which could help track the thief down would be sent to the third party (Bob). Bob would receive an encrypted message which only he could read which would say (Alice may have been hacked!) and it would include any details you want.

You could define multiple third parties where the data gets sent to should this event occur. This would allow the network to at a minimum at least know an unusual event occurred and that you lost all your coins.

I don’t think you could get your coins back in this scenario but at least if Mallory is going around putting guns to people’s heads and robbing them we would detect the unusual events and it would be received by the third parties and documented such as (Alice sent 100% of her Safecoins to unknown on 07/30/2015). If this alert does occur and the thief were to kidnap or hurt you then we’d have time stamps and other details to work with.

Without this feature or something similar we would have nothing to work with. You would simply disappear and your coins along with you would be lost. I think that is something which we should be concerned about if we really think Safecoins will ever be something valuable enough to steal.


#8

A really simple way to secure a wallet would just be to set a transaction rule which says you’ll never trust strangers and therefore will never do large transactions with them. If there is a way to add social networking and contact features then anyone who isn’t on your contact list is a stranger and any stranger cannot be transacted with from your account in large amounts from your account.

If this rule is broken then alert your specified third parties that something is wrong (because you did something which goes against the rules you previously set in secret). The criminal isn’t going to know what rules you set in secret to trigger anything whether it be an alert or anything else.

If the criminal is logical and typical they’ll try to take all they can and that alone would trigger something if the person has it set up so that this could never happen. Coinbase has a security setup similar to this and we would have to find a way to try and mimic that in a decentralized setting. It’s a sort of spending limit or savings address feature.

This solution is worse than revocable privacy or using some sort of privacy contract. Now you can’t do anything on your account without getting the combined vote of all those people? That isn’t more secure or flexible.

Revocable privacy settings such as if something happens to me alert my family and give them access to this specific private information on the list in my opinion is far more flexible. It would still require all your family members either be on the contact list or at least have their own private keys or other method to do anything with but it could work.

I think the password system is just bad for information security in general. Passwords make it incredibly easy for Mallory. She doesn’t have to put a gun to your head when she can just remotely hack into your machine and install a keylogger.

If someone is physically behind you looking over your shoulder with a gun pointed at you then having a password generator isn’t going to help. Even if they aren’t in the same physical location if they are even moderately skilled as a hacker they’ll get into your box remotely and then wait for you to paste anything and capture everything you paste from the password generator.

The only way to securely log in is to not use passwords at all. There should be an air gap between you and your computer and a QR code is a better login mechanism. It should also be multi-factor authentication if possible.

https://www.grc.com/sqrl/sqrl.htm

SQRL is a perfect example of how to do it. If you do it like that then you’ll only be hackable if they are in the room or they steal your phone. Set your phone to backup information on your SAFE Network account and keep your phone encrypted. This might not protect you from every attack but if a hacker steals your encrypted phone they are most likely just going to wipe it rather than try to retrieve your data.

Of course even a passwordless login doesn’t protect you from someone with a gun pointed at you but it does protect you from the remote attackers due to the airgap.


#9

I don’t see how any of these schemes work because what is triggered?

You said the transaction could be faked, but Mallory will know if it gets to her wallet or not. So we would have to design this in as a feature, and I don’t see how it could be done. You would be making transactions reversible, but in a way that the recipient could not know - which just creates scenarios in which recipients could be duped.

Revoking privacy creates the same kind of issue. Solve one problem but create another - a way for people to discover the identity of innocents, not just criminals.

I think this is a hard problem - one for David Irvine maybe :slight_smile: - what would happen when an alarm is triggered and how can whatever is done not also create other problems.


#10

Anything you want can be triggered. The least that should be triggered is an alert to your friends.

If it’s a F2F (friend to friend) network which makes up some of your third parties then you might want them all to be alerted the moment you get robbed and to have specific details forwarded to each of them.

If the criminal Mallory is smart enough then you’re absolutely right. Spoofing only really works on really dumb criminals but if they happen to be the rare combination of violent while also having a deep understanding of SAFE Network then this will not work at all.

But it’s the whole idea that just as you have deniable cryptography (like Truecrypt) where if someone forced you to give your password up then they’d see whatever you want them to see there is no reason you couldn’t do something similar with transactions. There is no blockchain so it really only has to appear to send to Mallory but in actuality be reversible after a period of time.

This would probably be impossible to do even if possible in theory so ignore that solution. I was just being overly creative.

Good point. I don’t have a solution to this.
In a way not having a blockchain actually does put some limits on Safecoin which don’t exist for Bitcoin. Bitcoin using the Master Protocol actually can do reversible transactions and rate limiting.

The guardian address for example.

http://wiki.mastercoin.org/index.php/Guardian_address

[quote=“happybeing, post:9, topic:891”]
Revoking privacy creates the same kind of issue. Solve one problem but create another - a way for people to discover the identity of innocents, not just criminals. [/quote]

In theory that could happen without revocable privacy. The only difference is with revocable privacy you get all sorts of positive benefits in exchange for the risks.

It is a significantly difficult problem. I think it’s going to take a lot of brianstorming and effort to solve. I offered up some of my ideas but I realize even if I do have solutions they all come with potential trade offs. In the end though I determined that revocable privacy empowers the user, enhances security and flexibility for the user. I recognized that revocable privacy is better than nothing at all.


#11

In bitcoin i believe there are some startups that will insure deposits. They offer debit card and savings accounts. Transactions are executed internally off chain then the compamy settles with the blockchain later. I figure if it becomes profitable someone will offer the same service for safecoin.


#12

That would be impossible. In order to offer those services the business offering it would have to comply with all the AML/KYC and suspicious activity report regulations.

I don’t think regulators will accept Safecoin as they did Bitcoin because while Bitcoin has a transparent ledger there is no transparency in Safecoin.

You would have to sell Safecoin for a blockchain coin like Bitcoin and then you the customer would have to identify yourself. I think this would work fine but I also don’t see Safecoin being a coin for speculators.

The only way I see it being a coin for speculators is if Safecoin were traded on NASDAQ similar to what is planned or Bitcoin. If you can have a paper representation or security representing Safecoin then people wouldn’t have to touch actual Safecoin to speculate with it.


#13

That was not the scenario I was trying to solve.

In terms of securely creating an account. Making an account on a clean operating system or using a bootable linux usb would be enough. Make sure you do it in a safe physical location aswell. Two factor authentication is also something to be aiming for.

In the safe network, I am sure that information will be logged. As the sender and receiver are the only ones that can see the transaction.


#15

I don’t see anything is Safecoin which concerns me from a security perspective architecturally speaking. As long as the network functions as specified ofc.

Having got into Bitcoin early, I have read many similar debates before. I have little doubt that Safecoin will mature and there will be ways to create safe accounts for savings.

Moreover, nothing replaces the utility of a fully fungible money. Tainted coins may sound like a good idea to some, but it really is not desirable in the long term.


#16


#17

I see no inherent advantage of having an offline wallet in terms of ultimate security as I believe both (if correctly implemented) provide security and safety of funds. It is currently still not that easy or simple to have a 100% secure paper wallet with bitcoin which is also a consideration.

I’d agree with @happybeing in that perhaps the potential biggest risk for your safecoin is that it is tied to the network itself. Given that no public block chain exists, a potential 76% attack on the maidsafe network could be catastrophic to safecoin and any store of value held there. I’m nowhere near clever enough though to say either how likely a malicious attack would be, and to what degree the safecoins on the network could potentially be tampered with if this attack was successful.


#18

Sure it might mature eventually after the majority of people get hacked dozens of times like what happened with Bitcoin early adopters?

That doesn’t give me confidence.


#19

Rome wasn’t built in a day.

You start with the foundations and build up and out.


#20

The problem with it being anonymous and with no blockchain is if someone steals it from you or if they hack your computer it’s all theirs. There is no proof that it even happened to you so that we can know the network is being used that way so that it could go on for many years.

How would you stop botnets or trojans from stealing people’s coins without a trace? Since there is no papertrail or way to track who owned it or how they got it this presents an opportunity for hackers to exploit.

It also presents an opportunity for state actors to exploit. They can just steal your coins and force you to stay quiet without any proof that any of it happened. I guess you’re just holding onto their coins for them until they decide to confiscate it from you?

I see a lot of security holes. I’m not saying they’ll all be exploited because the market cap is too small but I do see them and I know if even a fairly small government wanted to they could start confiscating coins without a trace.

Also if I were Mallory I could even use SAFE Network to empower my botnets with super powers. I could upload all their precious information to SAFE Network in the background, and no one would even know it happened, know where I am or who I am, or whether or not I accessed it.

So to be honest SAFE Network is going to empower Mallory quite a bit, and anything that empowers Mallory also empowers states to exercise extrajudicial powers because states can buy information from Mallory just like they can from Facebook.

If we think trojans and botnets are a problem now just wait until what becomes possible with this.

The only answer to this is to empower the users. I don’t see any other way to provide lasting and evolving (sustainable) security.


#21

There’s a difference between security holes, which I take to be ways to subvert the network, and the issues you have over the network operating in the way it is designed to do.

Security holes to me means a way to subvert the intended operation (such as the 75% attack), whereas making Safecoin record only the current and previous owners (anonymously), is a design feature.

Your point about a bot being able to use SAFE to store information is an interesting scenario, but I don’t think it is a strong argument against SAFE. We already know that any tool can be used for good or ill, and it is impossible to design technology that prevents this. From the telephone, internet, web, even banking FFS! They are all exploited by criminals as well as providing value to society.

If you don’t like the features of SAFE and want it designed differently, it is fair enough to say so, but I object to you calling them security holes. Also, if you want a blockchain, there already is one so what is your problem with SAFE providing an alternative?