Securing safecoin

I presume you mean every coin, bitcoin all altcoins all credit cards all fiat etc… … All records all passwords all on computer data … all drones and re-tasking them

What would you do when there was no blockchain ? design does not stop there :smiley:

What if gravity stopped, what about full scale nuclear war

Proposing a future is easy, building one is hard so best spend effort building as pontification can lead to never doing anything. Please do build some attack simulations or maths proofs of such etc. we welcome them with open arms. Even better is take some of our tests which try to emulate attacks and morph them into attacks etc. That would be worthwhile.

This will be much better than the jumping about we are seeing in this thread, which I think is not helpful as its not that well structured to make any decision on, never mind answer wild suggestions. I think you should jump onto darkwallet and zerocash forum and ask the same questions there as they have similar anonymity goals. I think I am missing your points by a long way, it seems you are claiming security requires less privacy, which may be a point, but its mixed in with a lot of assumptions that appear less well thought out than some of your other points.

1 Like

Tracking money to solve crime is lazy and an invasion of privacy. Traditional policing will be required.

If the market demands it, there will be mechanisms and institutions which will help to keep Safecoins secure too.

3 Likes

@dirvine

This will be much better than the jumping about we are seeing in this thread, which I think is not helpful as its not that well structured to make any decision on, never mind answer wild suggestions. I think you should jump onto darkwallet and zerocash forum and ask the same questions there as they have similar anonymity goals. I think I am missing your points by a long way, it seems you are claiming security requires less privacy, which may be a point, but its mixed in with a lot of assumptions that appear less well thought out than some of your other points.

My point is that information security is based around who ultimately controls the information. Privacy vs security is a false dichotomy because you can have both. It’s actually about information control and this requires empowering the users to have as much control over their information as possible. The problem is most users don’t seem to be very good at protecting their information under their control (a private key) and all of their control depends on their ability to protect that (private key). Maybe education could help but considering how bad things are in that area with Bitcoin users I don’t see how Safecoin would be any easier.

If their control rests on them remembering something like a password then they’d lose control of all their information if they either forget their password or if someone extracts it from them. So a password offers very limited security (limited by their ability to protect something they know).

http://lifehacker.com/5785420/the-only-secure-password-is-the-one-you-cant-remember

I presume you mean every coin, bitcoin all altcoins all credit cards all fiat etc… … All records all passwords all on computer data … all drones and re-tasking them

Technically yes every coin is susceptible to attack. But if someone steals your Bitcoins (unless they physically take your private key) then it will show that an event happened on the blockchain. Bitcoin transactions could be anonymous and still the blockchain can have useful properties.

I don’t say SAFE Network cannot work without a blockchain I just think there are pros and cons to not having a blockchain. You do have more privacy without a blockchain but at the same time you have less transparency. It’s not a design flaw but it’s something which would have to be worked around by app developers. If I assume most users of SAFE Network are going to be on Windows 8 or something like that then why would I believe the average user is going to be able to be able to manage their privacy if they can’t protect their computer already?

My opinion is SAFE Network doesn’t actually need a blockchain but if you’re asking me about Safecoin functioning about as a store of value currency then I think it is better off with something which serves the useful functions that a public database or blockchain can provide. It all depends on the function and I think SAFE Network is interesting but Safecoin I don’t see as being a store of value which is currently easy to secure.

To put it simply, if I don’t know if my Safecoins can be stored safely and easily then why would I put a lot of money into it beyond what I need to buy resources from SAFE Network or pay for apps? As a result I don’t predict it will attract speculative investment but if I’m proven wrong in the future then I’ll tell you I was wrong.

TITAN offers privacy because it’s impossible for anyone to see the source or destination of the transactions except for the entities involved in it. But there is also some transparency so that for example if something highly unusual were going on then it might be possible to detect it easier. There is a blockchain but it wont provide enough information for Mallory to exploit (which I think is very important).

I think Zerocash has it’s uses but once again having anonymous currency doesn’t necessarily increase the security of the users of it. If it’s easy to steal then if it’s anonymous it’s not increasing the amount of control the user has over their digital property. I think if we have anonymous currencies then it must be made much harder to steal because it’s like trying to walk around with a suitcase full of untraceable cash in a crowded city.

So I’m not making the statement that we need less privacy in favor of security. I’m making the statement that we have to figure out how to empower the user in ways so that it’s not so easy to steal from them without a trace.

No, he’s right, people can get kidnapped and robbed with a gun to their heads - massive, gaping security holes. What are you thinking Maidsafe devs - get on it. lol

2 Likes

What if the money is money someone just stole from you? Or what if the government itself confiscated your money? How can you prove it happened?

The scenario I can put forth is some agents secretly detain you, confiscate your Safecoins, and then require you by law not to talk about it. So now you’re stuck without your money and no way to tell anyone what happened?

I think for privacy we just have to make sure all the transactions are anonymous. It shouldn’t be possible to know the source or destination. Keeping a database of anonymous transactions does not endanger privacy because those transactions will not mean anything except to the people/entities involved in them.

You have faith in the market solving the problem and who knows maybe it will. I think it’s going to be technology and innovation which solves these problems rather than “traditional policing”. It has to be made easy to secure Safecoins (such as a hardware wallet with multisig or smart contract capabilities?).

I don’t think MaidSafe developers can solve all problems. I don’t think I can solve all problems. Securing Safecoin is something I recognize as a problem. I also recognize that in some contexts the strengths of SAFE Network and design features can be exploited in ways we will not be able to predict or expect in advance.

The alternative is we just don’t talk about these concerns and then let the events play out. I think that by bringing it up that maybe at least some stuff can be fixed or if there is a market solution possible then we can now determine there is a lot of money to be made in helping users to secure Safecoins.

We don’t want to repeat what happened with Bitcoin.

Look, there’s concerns and there’s concerns, some are relevant and some just so outlandish, that nothing could be done by anybody on any system to prevent. The last scenario regarding the men in black would be a case in point. All I’m saying is keep it real and have reasonable expectations. I don’t mean to berate you, I just find it funny actually.

How do you know if someone hasn’t ‘robbed’ themselves?

The blockchain only shows that a transaction took place. It doesn’t tell you who owns the accounts.

2 Likes

On SAFE Network it would be very difficult or perhaps impossible by design to determine that. That is a good point.

TITAN has memos and if Dan sends BTS to Stan there is a record of that transaction somewhere on blockchain or decentralized database. If there is no blockchain then even if both have the matching internal information there would be nothing to check it against.

I believe SAFE Network will have something like internal memos and if there is a web of trust network you might have some way to for example confirm that you sent to a certain person.

I think the issue here is looking at Safecoin with Bitcoin goggles on. They are intentionally different things with different purposes.Bitcoin is more associated with the world of accounting really where ledgers and records etc are useful. Safecoin is more like cash - think of it that way. If I give you a 20 quid note in everyday use, such as say in a shop, nobody records who gave the cash. The two things are different with different purposes.

You’re right it is like cash. And just like I wouldn’t walk around with a suitcase full of cash feeling safe, that is the same argument I’m making about securing Safecoin.

The more cash-like we make it we also end up with the weaknesses of cash as well.

Cash is notoriously difficult to secure and very easy to steal.

The point is, both systems allow you to pretend to be robbed. How can you prove otherwise?

Recently mtgox ‘found’ funds which had previously been declared ‘stolen’. Did the blockchain help to prove a theft took place? Nope!

1 Like

Both cash and safecoin are stored in vaults and they really aren’t all that easy to steal from. If you don’t trust your banks vault, then you would research who made it, how strong it is etc. I suggest you do the same research on the safecoin vault, then if you see a gaping hole, I’m sure the devs will endeavour to fix it. You can’t state a vault is insecure prior to finding out all about it. Same old same old I’m afraid.

The security of a vault is about as secure as the private key. So if it’s stored on your computer perhaps it’s not really very secure.

I don’t have a problem with SAFE Network’s vault technology itself but it’s more about whether or not the users can keep their private key safe. If multi-sig and multi-factor authentication works then that would significantly decrease the risk of being remotely compromised.

A simple on screen keyboard is a solution which would massively improve security by default. If I were entering a password I would be worried there could be keyloggers so an on screen keyboard is a simple way to defeat all keyloggers.

I don’t think Bitcoin by default is particularly secure at all. Bitcoin core devs promised multi-sig and two-factor authentication. We don’t have either of these in the core wallet that I’m aware of but if I were to make a suggestion it would be to add these into the core wallet along with an on screen keyboard.

Trezor wallet does something like this but you have to buy the device. Trezor is actually very secure and perhaps the most secure way for a user to store Bitcoins today other than paper wallets.

The core client is not what regular people will use anyway, it’s really more of a “for advanced users” client. BitPay released a very nice multisig wallet just recently though: https://copay.io

3 Likes

If something like co-pay can be done pseudo anonymously this would preserve privacy while increasing security.

Might be exactly what we need.

2 Likes

Agree

Sometimes, if we are not directly affected, we tend to put some things aside. Human nature- that’s normal. People lost a lot of money in Bitcoin and some from legitimate attacks to non-suspecting individuals. A bad press and exprecience.

I agree with @luckybit to some extent. Some sort of mechanism that will allow us to at least get an idea if did happen/didn’t, with the consent of the user would be good.

Hmmm… some sort of a block chain that will only show your part of transactions (input/output)? encrypted for your only use, then you have the flexibility to share it as read-only file to other Maidsafe users? This might be a silly idea… But I’ll give it a crack.

Cheers

We will have the ability for multi sig from day1. I think this will help a lot if people use that facility anyway. I see it as being able to send a safecoin to a group, the majority (strict majority so people do not need to understand N of P etc.)can then sign a transaction to spend the money. That may be two accounts you own (one on your phone, one on your computer) or with friends or fellow workers in a business environment.

2 Likes

How will Safecoin address look like ?

How will Safecoin private key look like ?

Can 24 seeds word contain Safecoin private key?

1 Like

32 byte array

32 byte array

Very likely you could use that to derive such a key. (possibly BLS keys on launch as it’s almost free multi-sig)

3 Likes