Microsoft rejected my Bitcoin wallet app. How long can Windows Phone afford to remain the only mobile OS that doesn't allow bitcoin management?
I recently started to develop a Bitcoin wallet app (Blockchain.info client) for Windows Phone, as it's currently the only OS that doesn't have one. Here's an introduction to Bitcoins Here's the original Windows Phone Bitcoin wallet thread on /bitcoin. Here are some early screenshots of the app. Two weeks ago, I submitted the application to the Windows Phone marketplace for certification. Unfortunately, Microsoft rejected my app. They said that they wouldn't allow any kind of transaction to be made natively (all transactions must be done in an https browser view, which defeats the purpose of an app). I argued that many other apps did allow payments to be made directly from the app experience (no browser view), but they still refused. They simply rejected my submission, without providing reference to any specific certification requirement. Based on what they told me, it seems like there's no way Microsoft is going to accept a bitcoin wallet (or any app allowing transactions) which does not rely on web views. iOS allows bitcoin wallets. Android allows bitcoin wallets. Why can't Windows Phone allow them too? With bitcoin adoption increasing as quickly as ever, how long can Windows Phone afford to remain the only mobile OS that doesn't allow native bitcoin management? EDIT: Just to make things clear, Microsoft did not explicitly prohibit Bitcoin apps. They simply reject apps that make third-party transactions natively. Such transactions can only be made in a browser (embedded or not) with a visible andfully editable HTTPS/SSL address. Other major mobile OSes, such as iOS and Android, don't have such limitations. Coinbase for iOS or Blockchain for Android, like they currently behave, would not pass Microsoft certification. EDIT 2: Here's the latest reply they sent me:
Applications which process or allow payments must do so external to the application, as yours does, via web control. However, the address bar must be visible to users so they may verify the secure connection (https://). We will be updating our public facing Policy soon, to make these requirements clear before developers submit their applications. In it's current form, Blockchain will not pass certification. You will need to update the application to make the address bar visible to users.
With Microsoft Now Accepting Bitcoin How About Some Wallet Apps For Windows Phone
Even though Microsoft now accepts Bitcoin there are still no high quality wallet apps in the Windows Phone Store. This app simply called 'Bitcoin' integrated both Blockchain.info and Coinbase, however the developer has now delisted it (more on that here) I would expect Microsoft to include Bitcoin in the Windows Phone Wallet, however that probably won't happen until around September next year when Windows10 & Windows Phone 10 are released. How should we encourage the likes of Blockchain.info, Coinbase, Circle, and Coinjar to develop apps for Windows Phone? I'm sure Microsoft will be happy to help.
AT CES 2015, BitPay Announces The First Multisig Bitcoin Wallet App for Windows Phone, CoPay in an Interview with Tony Galippi, Executive Chairman of BitPay and did you know Bitcoin has had a presence at CES thanks to BitPay over the last 4 years?
AT CES 2015, BitPay Announces The First Multisig Bitcoin Wallet App for Windows Phone, CoPay in an Interview with Tony Galippi, Executive Chairman of BitPay and did you know Bitcoin has had a presence at CES thanks to BitPay over the last 4 years?
My CoinbasePro got compromised, and my $$$$ is gone.. (I don't have enough KARMA to post this in the Coinbase Sub)
Last Friday, I found out all my limit buying orders in CoinbasePro were gone, so I went 'Yay!', but soon I realized there is nothing in my portfolio - My USD balance of $8,800 had just disappeared. So I called Coinbase, but all I could do was suspend my account, and I filled out the complaint form online. Then I looked through my Gmail, and found an email from Coinbase sent on Thursday, saying "Congratulations! You have successfully transferred 0.8970 BTC to xxxxxxxxxxxxxxxxxxxx (I removed the address after my post got deleted by the moderator)." That email was the only message from Coinbase regarding this transfer. No verification request, no Google Authentication confirmation, nothing. I would like to see the Coinbase transaction record, but I couldn't because I had just suspended my account. As of now (Monday P.M.) I did not receive any response from Coinbase. Can someone PLEASE help? That money is like 70% of my asset. (sob)
The state of cryptocurrency in China. If anyone tells you otherwise, they are lying.
It's been a while since I outlined the state of cryptocurrency in China, but I should probably tell you guys why this is important first: Journalists will do anything to shill you their "news" so they can get their sponsor dollars. Crypto YouTubers who comment on the story without reading the original news story or transpiration of events in Chinese further distort this message. With that out of the way, let's dive in to free knowledge. -Mining is just fine, so long as miners have all of their documents properly registered. The Chinese government thinks, "Whatever, sell this stuff to foreigners. We'll gladly let more USD flow in to our economy in exchange for thin air." -Most Chinese-owned exchanges set up offices abroad, usually in Singapore. Some have dev teams in Malaysia / Taiwan. -The Chinese government hasn't really out-right BANNED crypto ownership as far as I know, but they have certainly made it very difficult to own it. Which leads me to these two points: -I tried sending an APK file for an android phone wallet app to an American buddy of mine and his Chinese-made phone with a specialized Chinese distro of android would not allow him to install it. He sent me a screenshot that showed his phone basically displayed, "Unable to install application." or something similar. -I wouldn't be surprised to learn that Chinese-made distros of Windows, Linux, or Macintosh-specific operating systems do not allow users to install wallets to their desktops either - but I have not verified this. -These last two points can be circumvented by buying phones and operating systems made for foreign countries on China's ebay equivalent, Taobao. -There have been previous court-rulings where bitcoin was recognized as PROPERTY. -My view is that the CCP's attitude is, "Less crypto, less headache. Turn it in to USD and bring it in to China." -I would not be surprised to learn that later down the road the CCP makes a list of present cryptocurrencies that may be bought and sold legally in China in the future. I would only be shocked if bitcoin were not on that list. -It is commonplace for employees of exchanges to get paid in crypto in China. This is usually done with a stablecoin. -I have an undergraduate degree in Chinese and previously worked for a Chinese-owned exchange. This is where my knowledge comes from. -Everything listed here to this point in time should be treated like "law" unless Xi Jinping himself or another government official say otherwise in the near future. Any questions? Fire away.
Edit: Currently writing a new version of this, dont know when it will be done. Edit: Since first post I have updated a few sections with additional information. I recommend reading it all even if it is very long, I might have placed some relevant info in different sections while thinking about what else needed to be added, plenty of steps remains mostly the same except when I comment directly on it. It is not necessary to do 100% security all the time, unless you absolutely need it, combining some high and some lower security ideas for a balance of security and convenience is useful. I will base this mostly on Windows, Linux users probably know this, and I have no idea how apple machines work (tho many things in here are still relevant for other operating systems, as they are just general tips) Disclaimer: There are certainly other steps that can make you more anonymous or safer, however I think for most people this will surfice. Any software I recommend should be independently verified for security, and examples of software are not to be taken as endorsements. I simply use examples and give recommendations when I believe it necessary, or helpful. I will not really differentiate between anonymity and security, they are often the same thing. As such the word security can mean either more anonymous, less vulnerable, or both. -------- Everyday Simple Info Sec:
Password for the device is an obvious one (8+ characters minimum, best if over +12), if there is sensitive information on any of the drives, either encrypt the entire drive or just the sensitive files, and make encrypted backups on a different memory storage device (There many programs to encrypt files and drives I'm sure a search will figure it out)
-There could be a hidden administrator user on your PC, make sure to change its password
Always use the device on a non admin account
a VPN that doesn't log (use with kill switch on, should be enough for everyday stuff, more safe stuff in the high security section) (VPNs that claim they don't log sometimes do, it's bad, but I would like to point out that not using a VPN will always expose your traffic to your ISP and also remove additional encryption. Even if the VPN tracks, there is no downside because your ISP would track anyways, and VPNs can be more anonymous, and also add extra encryption)
disable location tracking (preferably make all your privacy setting to release minimal info, get rid or cortana, change privacy settings in all of your accounts as well, there's no reason why you should allow Facebook to give you target ads. Use the setting they give you.
TOR, Firefox or similar browser, stay the fuck away from Google Chrome.
your preferred search engine should be duckduckgo (other privacy focused search engines exist as well)
use an adblocker that also prevents the adding of tacking cookies
Use pgp with all your friends or messaging services that implemented end to end encryption (Implemented services can still be bypassed, but are way more convenient so for everyday use they should suffice, some examples should be Telegraph, Signal, WhatsApp etc) (more info on pgp in high security section)
(Snapchat msgs, reddit dms, discord msgs, are just a few examples of msgs that are never encrypted) -Any info even send in encrypted msgs (and obviously non encrypted) should still be kept with possible deniability, don't say "I'm gonna do MDMA", say "I'm going out with molly."
use software (like ccleaner) that purges cookies and other data after every use, before shutting down your device
use a virus scanner daily (I like spy bot Search and destroy, many other options also exist)
never use the same password/passphrase twice (I will address what passphrase are below) (Better yet use randomized passwords that are stored in a master key chain, make them as long as possible (tho it is okay to go with the minimum of 12 never go below 7, I recommend 15+ depending on how often you have to manually enter the password instead of copying/pasting it) Don't generate too long keys for things you need to access regularly without copy/paste, except your master key ring)
its ideal to never use the same email or username as well, especially username, email is obviously tricky and also very annoying, but it would be best to always change the email.
-DO NOT STORE ANY PASSWORDS ON GOOGLE, IF GOOGLE LOGIN IS AUTHENTICATED IT WILL AUTFILL ALL PASSWORDS IT HAS SAVED (same with other similar services) (This means if you are logged in to chrome and someone has access to your machine, they can auto fill passwords without entering a single password) -use a rememberable passphrase, especially for your master key ring aka password manager A long sentence that is memorable makes an okay password (decent example,: "I met my wife at Little Ceasers for the first time on 07/09/20" better even if it's just something you know, if its impersonal, and if you can add special characters or numbers that you won't forget) (A better example for a passphrase is: "There is 0nly 0ne letter that d0esn’t appear in any U.S. state nameQ")
for your main password manager(key ring), I highly recommend Keepass 2, make backups of the file save to separate devices and drives (Flash drives, phone, PC, laptop, etc, if you loose that file, you lose all of your passwords) (Other good password managers exist as well, I don't recommend online password managers as you lose the control over passwords)
-Purge your internet activity frequently, there's a reason why I only have one post, and a few comments appearing in my account, but thousands of kama. Exposing information needlessly is not good. -Never post private information publicly, and if you do, do it vaguely as possible. (Example: Not "I'm 15", say "I'm a teenager") Do not post any vital information ever, no birthdays, mother's maiden name, age, or anything you have ever seen in a security question. Never post your current activities while they are ongoing. You going on a vacation? Don't announce it to the world, taking picture there? Post them when you are home.
Any account that is supposed to remain anonymous and as secure as possible should only be used on secured devices. A unsecured device can link you to the account.
always shutdown your machine when leaving it (To prevent access, and to prevent a possible attack vector)
2 factor factor authentication is not great anymore. Unless you can do it over a anonymous source. A cell phone is usually directly connected to you, so it is not a anonymous device. There might still be secure/anonymous 2 factor authentication methods that won't expose you, for example over a secure email. (If there is 2FA that doesn't need a device that removes anonymity and is secure, use it.) (Please don't misunderstand, 2FA is great, however it can remove the anonymity that you worked hard to establish)
-Rethink how you do security questions. Many answers to security questions can be found in your internet history. One could use the first word of the security question as an answer, or a different sceme that will mean you always remember it. (Security question need to go, the amount of personal info an average person puts on the internet makes it easy to attack anything using security question) -------_ High level crimimal information security: The motto here is, "All the Security, All the Time" As one fuck up can end with you leaving a lick of traceability, and you could be fucked. Pre Note: All of your software should always be up to date. Also even perfect info sec does not guarantee you are completely safe, a new zero day (exploit) can still fuck you, but good info security makes you significantly safer, by eliminating as many attacks as possible. -Get a new device (or make a already owned device seem like you never owned it, do this only if you know how to, there's a lot of stuff that goes into that, like changing your mac adress etc) buy with cash, and your face covered, preferably far away from where you live. (Do I need to specify to not bring your phone or anything else that tracks your location to anywhere you want to go anonymously?) (Be aware that even hardware can have vulnerabilities, many cpus have known vulnerabilities, I can't list them all, do some research before buying)
Do not EVER use a high security device at any lower level of security. There are unique identifiers to your device, exposing them once can expose you for everything you do.
-If you know how to use Tails (A linux distro designed for Info sec) use that, preferably on a USB. (Or learn how to use tails, its better, but complicated) Otherwise a clean copy of windows (make sure its not in any way associated with you) can do the job too, tho not as well. (Using a VM might give extra security, since VMs usually erase all data and RAM they were using on shutdown) -Get a non tracking VPN, Enable the kill switch (a setting that disables all traffic that doesn't go through the VPN) (change your firewall settings to only allow the traffic from the VPN, windows guide (Change settings so only traffic from the tor application is send) Edit: (Due to complaints: do not use vpn over tor, use tor over vpn. tor over vpn has no notable downside, if the VPN logs it makes no difference, your ISP will always log anyways, and vpns remove other attack vectors and also provide backup security should tor fail. Again even if the VPN tracks you only change the people doing the tracking, but now you are further removed making it more anonymous and also with less vulnerabilities) -rember privacy settings, cookie cleaner, and antivirus, password (There could be a hidden administrator user on your PC, make sure to change its password) -Always use the device on a non admin account
-Ideally use this device only on networks that are not connected with you. Such as public networks (try to never use the same public networks twice, move around) (a home network should be fine now, as it should never be exposed, but more security is always better) (Its just a conveniences vs security trade) -Never use accounts that have been exposed to lower security on higher security machines -your browser is now TOR (or your preferred security focused browser, if you dont plan on using onion ) Make sure you get the standalone version of tor not the addon build (the standalone is safer, because there are less settings and options to tweak) -Change your tor settings, to safest mode, enable a bridge (to my knowledge there's no difference in security between the build in bridges in tor), enable automatic updates, set duckduckgo onion as your primary browser. Set dark.fail onion page as your home page. (Or your preferred privacy search engine and onion directory)
set up a new pgp (can't use the same one you use for regular use, again less safer accounts are never used on safer devices) Cleopatra is my choice, its simple to use. Make sure you back up the private key multiple times, on safe devices. (Dont let the private key fall into anyone's hands) Give it a generic name like "HighSecurityPGP" do not give the pgp key pair a name that could identify you. (No initials etc) (Some pgp key pair programs want an associated email for a key pair, you can create a safe email, or which I recoend you can use a different program (like Cleopatra) (Feds & LEOs are known to copy private keys if they have your machine, so you will need to set up a new key pair if they ever take a device with a private key copy)
a high security machine that facilitates criminal activity can not use many programs. Many programs collect your devices mac adress, which is a unique identifier, amongst other things. It's should be used only for the activity you want to do.
-------_ How to use dark net markets (DNMs) If you finished your High Security setup, we can dive right in. Otherwise go do that. This is where all that is essential. Quick info on Tor, and onion sites. There is no search engine. It's all based of directories and addresses you are given by others. Tor will likely not be very quick, it has to pass through multiple networks to get to the destination. DNMs sometimes exit scam, an exit scam is when a market shuts down completely and takes all the money, this is a risk when using DNMs, it's not too common but happens maybe 0-4 times a year. The admins of thoese servers need to get out at some point, before they get jailed, so they exit the game, and scam everyone out of their money. -A very useful onion directory is dark.fail it has a lot of links, for all kinds of stuff. News, email, DNMs, Psychonautwiki (harm reduction website), forums etc. (Other directories also exist) -Pick a market, preferably one that handles secure connection server side instead of requiring you to establish the secure connection. Then create an account. Your account once created should include an entry box in your profile for a pgp key, post your PUBLIC key in there. (Verify the link is not a scam, most markets should provide a pgp signature) -Next is currency setup. All major cryptocurrency exchangers can be used, I can recommend coin base but there could be better ones out there. Unless you find a small non U.S., exchange, they will always ask for your identity. So unless you can find a trustworthy exchange that doesn't ID, you will need to give it to them. (Side note, all major crypto exchangers report to the IRS, if the IRS asks you if you bought cryptocurrency and you bought while having IDed yourself SAY YES, DO NOT COMMIT TAX FRAUD WHEN THEY KNOW YOU DID)
I recommend using Monero, it's hard to track, so it makes your job a lot easier. (If you use bitcoin you should run it through a scrambler, because BTC is tracable to anyone who knows what they are doing)
-Transfer (monero you can send directly, btc you should scramble) to your wallet. There are two options a cold wallet (physical) or a software wallet. Software wallets usually dont cost anything so I recommend them, even if often less safe. Electrum is easy to use, and pretty safe. You can also do your own research and find a wallet that fits your needs.
decide where you want to ship it. You can send to your home, to a PO box, to a PO box that you opened with a fake ID (I don't recommend), an abandoned house, general mail (sending to a post office instead of a street adress) pickup up with fake ID, use a remailing service. These are some options, sending it to your own home, isn't ideal, but its pretty much the only easy way.
-now you are ready to buy, only buy using escrow (it means the money is held by the market as a middle man until the product is delivered, they will also handle any issues like wrong quantity, cuts, etc), judge the reviews for a product, and if available look at the history of the vendor, until you find a product from a vendor you trust. (I recommend to buy within your country as much as possible, so it doesn't go through customs, it's very rare that something is found, but it can happen) -now you get to buy, depending on market, you either have cryptocurrency stored in their wallets (not recommend, you will lose it in an exit scam) or you can send it every order. When you send your delivery adress (or the one you want it to go to) encrypt the adress using the sellers public key. Make sure the adress is correct. -wait for the product, make sure to extend the escrow until the product arrives, if you can't extend it anymore dispute the order, and a moderator will step in -test the product, use it, and leave a review. PLEASE LEAVE A REVIEW, DNMs only work because of reviews. Edit: Didn't imagine I would write over 15000 words. Oh well, it was fun. Hope it helps, if you have any questions feel free to ask. No idea how long this will stay up, I might purge it in 7 days, or never.
d down, k up, everybody's a game theorist, titcoin, build wiki on Cardano, (e-)voting, competitive marketing analysis, Goguen product update, Alexa likes Charles, David hates all, Adam in and bros in arms with the scientific counterparts of the major cryptocurrency groups, the latest AMA for all!
Decreasing d parameter Just signed the latest change management document, I was the last in the chain so I signed it today for changing the d parameter from 0.52 to 0.5. That means we are just about to cross the threshold here in a little bit for d to fall below 0.5 which means more than half of all the blocks will be made by the community and not the OBFT nodes. That's a major milestone and at this current rate of velocity it looks like d will decrement to zero around March so lots to do, lots to talk about. Product update, two days from now, we'll go ahead and talk about that but it crossed my desk today and I was really happy and excited about that and it seemed like yesterday that d was equal to one and people were complaining that we delayed it by an epoch and now we're almost at 50 percent. For those of you who want parameter-level changes, k-level changes, they are coming and there's an enormous internal conversation about it and we've written up a powerpoint presentation and a philosophy document about why things were designed the way that they're designed. Increasing k parameter and upcoming security video and everybody's a game theorist My chief scientist has put an enormous amount of time into this. Aggelos is very passionate about this particular topic and what I'm going to do is similar to the security video that I did where I did an hour and a half discussion about a best practice for security. I'm going to actually do a screencasted video where I talk about this philosophy document and I'm going to read the entire document with annotations with you guys and kind of talk through it. It might end up being quite a long video. It could be several hours long but I think it's really important to talk around the design philosophy of this. It's kind of funny, everybody, when they see a cryptographic paper or math paper, they tend to just say okay you guys figure that out. No one's an expert in cryptography or math and you don't really get strong opinions about it but game theory despite the fact that the topics as complex and in some cases more complex you tend to get a lot of opinions and everybody's a game theorist. So, there was enormous amount of thought that went into the design of the system, the parameters of system, everything from the reward functions to other things and it's very important that we explain that thought process in as detailed of a way as possible. At least the philosophy behind it then I feel that the community is in a really good position to start working on the change management. It is my position that I'd love to see k largely increased. I do think that the software needs some improvements to get there especially partial delegation delegation portfolios and some enhancements into the operation of staking especially. E-voting I'd love to see the existence of hybrid wallets where you have a cold part a hot part and we've had a lot of conversations about that and we will present some of the progress in that matter at the product updates. If not this October certainly in November. A lot of commercialization going along, a lot of things going on and flowing around and you know, commercial teams working hard. As I mentioned we have a lot of deals in the pipeline. The Wyoming event was half political, half sales. We were really looking into e-voting and we had very productive conversations along those lines. It is my goal that Cardano e-voting software is used in political primaries and my hope is for eventually to be used in municipal and state and eventually federal elections and then in national elections for countries like Ethiopia, Mongolia and other places. Now there is a long road, long, long road to get there and many little victories that have to begin but this event. Wyoming was kind of the opener into that conversation there were seven independent parties at the independent national convention and we had a chance to talk to the leadership of many of them. We will also engage in conversation with the libertarian party leadership as well and at the very least we could talk about e-voting and also blockchain-based voting for primaries that would be great start and we'll also look into the state of Wyoming for that as well. We'll you know, tell you guys about that in time. We've already gotten a lot of inquiries about e-voting software. We tend to get them along with the (Atala) Prism inquiries. It's actually quite easy to start conversations but there are a lot of security properties that are very important like end-to-end verifiability hybrid ballots where you have both a digital and a paper ballot delegation mechanics as well as privacy mechanics that are interesting on a case-by-case basis. Goguen, voting, future fund3, competitive marketing analysis of Ouroboros vs. EOS, Tezos, Algorand, ETH2 and Polkadot, new creative director We'll keep chipping away at that, a lot of Goguen stuff to talk about but I'm going to reserve all of that for two days from now for the product update. We're right in the middle, Goguen metadata was the very first part of it. We already have some commercialization platform as a result of metadata, more to come and then obviously lots of smart contract stuff to come. This update and the November update are going to be very Goguen focused and also a lot of alternatives as well. We're still on schedule for an HFC event in I think November or December. I can't remember but that's going to be carrying a lot of things related multisig token locking. There's some ledger rule changes so it has to be an HFC event and that opens up a lot of the windows for Goguen foundations as well as voting on chain so fund3 will benefit very heavily from that. We're right in the guts of Daedalus right now building the voting center, the identity center, QR-code work. All this stuff, it's a lot of stuff, you know, the cell phone app was released last week. Kind of an early beta, it'll go through a lot of rapid iterations every few weeks. We'll update it, google play is a great foundation to launch things on because it's so easy to push updates to people automatically so you can rapidly iterate and be very agile in that framework and you know we've already had 3500 people involved heavily in the innovation management platform ideascale and we've got numerous bids from everything. From John Buck and the sociocracy movement to others. A lot of people want to help us improve that and we're going to see steady and systematic growth there. We're still chipping away at product marketing. Liza (Horowitz) is doing a good job, meet with her two three-times a week and right now it's Ouroboros, Ouroboros, Ouroboros... We're doing competitive analysis of Ouroboros versus EOS, Tezos, Algorand, ETH2 and Polkadot. We think that's a good set. We think we have a really good way of explaining it. David (David Likes Crypto now at IOHK) has already made some great content. We're going to release that soon alongside some other content and we'll keep chipping away at that. We also just hired a creative director for IO Global. His name's Adam, incredibly experienced creative director, he's worked for Mercedes-Benz and dozens of other companies. He does very good work and he's been doing this for well over 20 years and so the very first set of things he's going to do is work with commercial and marketing on product marketing. In addition to building great content where hope is make that content as pretty as possible and we have Rod heavily involved in that as well to talk about distribution channels and see if we can amplify the distribution message and really get a lot of stuff done. Last thing to mention, oh yeah, iOS for catalyst. We're working on that, we submitted it to the apple store, the iOS store, but it takes a little longer to get approval for that than it does with google play but that's been submitted and it's whenever apple approves it or not. Takes a little longer for cryptocurrency stuff. Wiki shizzle and battle for crypto, make crypto articles on wiki great again, Alexa knows Charles, Everpedia meets Charles podcast, holy-grail land of Cardano, wiki on Cardano, titcoin Wikipedia... kind of rattled the cage a little bit. Through an intermediary we got contact with Jimmy Wales. Larry Sanger, the other co-founder also reached out to me and the everpedia guys reached out to me. Here's where we stand, we have an article, it has solidified, it's currently labeled as unreliable and you should not believe the things that are said in it which is David Gerard's work if you look at the edits. We will work with the community and try to get that article to a fair and balanced representation of Cardano and especially after the product marketing comes through. We clearly explain the product I think the Cardano article can be massively strengthened. I've told Rod to work with some specialized people to try to get that done but we are going to work very hard at a systematic approval campaign for all of the scientific articles related to blockchain technology in the cryptocurrency space. They're just terrible, if you go to the proof of work article, the proof of stake or all these things, they're just terrible. They're not well written, they're out of date and they don't reflect an adequate sampling of the science. I did talk to my chief scientist Aggelos and what we're gonna do is reach out to the scientific counterparts that most of the major cryptocurrency groups that are doing research and see if they want to work with us at an industry-wide effort to systematically improve the scientific articles in our industry so that there are a fair and balanced representation of what the current state of the art are, the criticisms, the trade-offs as well as the reference space and of course obviously we'll do quite well in that respect because we've done the science. We're the inheritor of it but it's a shame because when people search proof of stake on google usually wikipedia results are highly biased. We care about wikipedia because google cares about wikipedia, amazon cares about wikipedia. If you ask Alexa who is Charles Hoskinson, the reason why Alexa knows is because it's reading directly from the wikipedia page. If I didn't have a wikipedia page Alexa would know that so if somebody says Alexa what is Cardano it's going to read directly from the wikipedia page and you know and we can either just pretend that reality doesn't exist or we can accept it and we as a community working with partners in the broader cryptocurrency community can universally improve the quality of cryptocurrency pages. There's been a pattern of commercial censorship on wikipedia for cryptocurrencies in general since bitcoin itself. In fact I think the bitcoin article is actually taken down once back in, might have been, 2010 or 2009 but basically wikipedia has not been a friend of cryptocurrencies. That's why everpedia exists and actually their founders reached out to me and I talked to them over twitter through PMs and we agreed to actually do a podcast. I'm going to do a streamyard, stream with these guys and they'll come on talk all about everpedia and what they do and how they are and we'll kind of go through the challenges that they've encountered. How their platform works and so forth and obviously if they want to ever leave that terrible ecosystem EOS and come to the holy-grail land of Cardano we'd be there to help them out. At least they can tell the world how amazing their product is and also the challenges they're having to overcome. We've also been in great contact with Larry Sanger. He's going to do an internal seminar at some point with with us and talk about some protocols he's been developing since he left wikipedia specifically to decentralize knowledge management and have a truly decentralized encyclopedia. I'm really looking forward to that and I hope that presentation gives us some inspiration as an ecosystem of things we can do. That's a great piece of infrastructure regardless and after we learn a lot more about it and we talk to a lot of people in ecosystem. If we can't get people to move on over, it would be really good to see through ideascale in the innovation management platform for people to utilize the dc fund to build their own variant of wikipedia on Cardano. In the coming months there will certainly be funding available. If you guys are so passionate about this particular problem that you want to go solve it then I'd be happy to play Elon Musk with the hyperloop and write a white paper on a protocol design and really give a good first start and then you guys can go and try to commercialize that technology as Cardano native assets and Plutus smart contracts in addition to other pieces of technology that have to be brought in to make it practical. Right now we're just, let's talk to everybody phase, and we'll talk to the everpedia guys, we're going to talk to Larry and we're going to see whoever else is in this game and of course we have to accept the incumbency as it is. So, we're working with obviously the wikipedia side to improve the quality of not only our article but all of the articles and the scientific side of things so that there's a fair and accurate representation of information. One of the reasons why I'm so concerned about this is that I am very worried that Cardano projects will get commercially censored like we were commercially censored. So, yes we do have a page but it took five years to get there and we're a multi-billion dollar project with hundreds of thousands of people. If you guys are doing cutting-edge novel interesting stuff I don't want your experience to be the same as ours where you have to wait five years for your project to get a page even after government's adopted. That's absurd, no one should be censored ever. This is very well a fight for the entire ecosystem, the entire community, not just Cardano but all cryptocurrencies: bitcoin, ethereum and Cardano have all faced commercial censorship and article deletions during their tenure so I don't want you guys to go through that. I'm hoping we can prove that situation but you know you don't put all your eggs in one basket and frankly the time has come for wikipedia to be fully decentralized and liberated from a centralized organization and massively variable quality in the editor base. If legends of valor has a page but Cardano didn't have one until recently titcoin, a pornography coin from 2015, that's deprecated, no one uses it, has a page but Cardano couldn't get one there's something seriously wrong with the quality control mechanism and we need to improve that so it'll get done.
What I currently use for privacy (after almost 2 years of long investing into it)
Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses. Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes. First, some background. Here is a summary of how custodians make us more secure: Previously, we might give Alice our crypto assets to hold. There were risks:
Alice might take the assets and disappear.
Alice might spend the assets and pretend that she still has them (fractional model).
Alice might store the assets insecurely and they'll get stolen.
Alice might give the assets to someone else by mistake or by force.
Alice might lose access to the assets.
But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
Alice can't take the assets and disappear (unless she asks Bob or never gives them to Bob).
Alice can't spend the assets and pretend that she still has them. (Unless she didn't give them to Bob or asks him for them.)
Alice can't store the assets insecurely so they get stolen. (After all - she doesn't have any control over the withdrawal process from any of Bob's systems, right?)
Alice can't give the assets to someone else by mistake or by force. (Bob will stop her, right Bob?)
Alice can't lose access to the funds. (She'll always be present, sane, and remember all secrets, right?)
See - all problems are solved! All we have to worry about now is:
Bob might take the assets and disappear.
Bob might spend the assets and pretend that he still has them (fractional model).
Bob might store the assets insecurely and they'll get stolen.
Bob might give the assets to someone else by mistake or by force.
Bob might lose access to the assets.
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are! "On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid". "Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since." "As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!" "Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?" "Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party." "Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!" "What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven." "Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!" "We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies. And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often". How many holes have to exist for your funds to get stolen? Just one. Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so? If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security. The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle. And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet? Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds. So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
ANY CERTAINTY BALANCES WEREN'T EXCLUDED. Quadriga's largest account was $70m. 80% of funds are in 20% of accounts (Pareto principle). All it takes is excluding a few really large accounts - and nobody's the wiser. A fractional platform can easily pass any audit this way.
ANY VISIBILITY WHATSOEVER INTO THE CUSTODIANS. BitBuy put out their report before moving all the funds to their custodian and ShakePay apparently can't even tell us who the custodian is. That's pretty important considering that basically all of the funds are now stored there.
ANY IDEA ABOUT THE OTHER EXCHANGES. In order for this to be effective, it has to be the norm. It needs to be "unusual" not to know. If obscurity is the norm, then it's super easy for people like Gerald Cotten and Dave Smilie to blend right in.
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
First report within 1 month of launching, another within 3 months, and further reports at minimum every 6 months thereafter.
No auditor can be repeated within a 12 month period.
All reports must be public, identifying the auditor and the full methodology used.
All auditors must be independent of the firm being audited with no conflict of interest.
Reports must include the percentage of each asset backed, and how it's backed.
The auditor publishes a hash list, which lists a hash of each customer's information and balances that were included. Hash is one-way encryption so privacy is fully preserved. Every customer can use this to have 100% confidence they were included.
If we want more extensive requirements on audits, these should scale upward based on the total assets at risk on the platform, and whether the platform has loaned their assets out.
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever. Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see. It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation. A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7. History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance. Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.) Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive. Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today. Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well. Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do. Facts/background/sources (skip if you like):
The inspiration for the paragraph about splitting wallets was an actual quote from a Canadian company providing custodial services in response to the OSC consultation paper: "We believe that it will be in the in best interests of investors to prohibit pooled crypto assets or ‘floats’. Most Platforms pool assets, citing reasons of practicality and expense. The recent hack of the world’s largest Platform – Binance – demonstrates the vulnerability of participants’ assets when such concessions are made. In this instance, the Platform’s entire hot wallet of Bitcoins, worth over $40 million, was stolen, facilitated in part by the pooling of client crypto assets." "the maintenance of participants (and Platform) crypto assets across multiple wallets distributes the related risk and responsibility of security - reducing the amount of insurance coverage required and making insurance coverage more readily obtainable". For the record, their reply also said nothing whatsoever about multi-sig or offline storage.
In addition to the fact that the $40m hack represented only one "hot wallet" of Binance, and they actually had the vast majority of assets in other wallets (including mostly cold wallets), multiple real cases have clearly demonstrated that risk is still present with multiple wallets. Bitfinex, VinDAX, Bithumb, Altsbit, BitPoint, Cryptopia, and just recently KuCoin all had multiple wallets breached all at the same time, and may represent a significantly larger impact on customers than the Binance breach which was fully covered by Binance. To represent that simply having multiple separate wallets under the same security scheme is a comprehensive way to reduce risk is just not true.
Private insurance has historically never covered a single loss in the cryptocurrency space (at least, not one that I was able to find), and there are notable cases where massive losses were not covered by insurance. Bitpay in 2015 and Yapizon in 2017 both had insurance policies that didn't pay out during the breach, even after a lengthly court process. The same insurance that ShakePay is presently using (and announced to much fanfare) was describe by their CEO himself as covering “physical theft of the media where the private keys are held,” which is something that has never historically happened. As was said with regard to the same policy in 2018 - “I don’t find it surprising that Lloyd’s is in this space,” said Johnson, adding that to his mind the challenge for everybody is figuring out how to structure these policies so that they are actually protective. “You can create an insurance policy that protects no one – you know there are so many caveats to the policy that it’s not super protective.”
The most profitable policy for a private insurance company is one with the most expensive premiums that they never have to pay a claim on. They have no inherent incentive to take care of people who lost funds. It's "cheaper" to take the reputational hit and fight the claim in court. The more money at stake, the more the insurance provider is incentivized to avoid payout. They're not going to insure the assets unless they have reasonable certainty to make a profit by doing so, and they're not going to pay out a massive sum unless it's legally forced. Private insurance is always structured to be maximally profitable to the insurance provider.
The circumvention of multi-sig was a key factor in the massive Bitfinex hack of over $60m of bitcoin, which today still sits being slowly used and is worth over $3b. While Bitfinex used a qualified custodian Bitgo, which was and still is active and one of the industry leaders of custodians, and they set up 2 of 3 multi-sig wallets, the entire system was routed through Bitfinex, such that Bitfinex customers could initiate the withdrawals in a "hot" fashion. This feature was also a hit with the hacker. The multi-sig was fully circumvented.
Bitpay in 2015 was another example of a breach that stole 5,000 bitcoins. This happened not through the exploit of any system in Bitpay, but because the CEO of a company they worked with got their computer hacked and the hackers were able to request multiple bitcoin purchases, which Bitpay honoured because they came from the customer's computer legitimately. Impersonation is a very common tactic used by fraudsters, and methods get more extreme all the time.
A notable case in Canada was the Canadian Bitcoins exploit. Funds were stored on a server in a Rogers Data Center, and the attendee was successfully convinced to reboot the server "in safe mode" with a simple phone call, thus bypassing the extensive security and enabling the theft.
The very nature of custodians circumvents multi-sig. This is because custodians are not just having to secure the assets against some sort of physical breach but against any form of social engineering, modification of orders, fraudulent withdrawal attempts, etc... If the security practices of signatories in a multi-sig arrangement are such that the breach risk of one signatory is 1 in 100, the requirement of 3 independent signatures makes the risk of theft 1 in 1,000,000. Since hackers tend to exploit the weakest link, a comparable custodian has to make the entry and exit points of their platform 10,000 times more secure than one of those signatories to provide equivalent protection. And if the signatories beef up their security by only 10x, the risk is now 1 in 1,000,000,000. The custodian has to be 1,000,000 times more secure. The larger and more complex a system is, the more potential vulnerabilities exist in it, and the fewer people can understand how the system works when performing upgrades. Even if a system is completely secure today, one has to also consider how that system might evolve over time or work with different members.
By contrast, offline multi-signature solutions have an extremely solid record, and in the entire history of cryptocurrency exchange incidents which I've studied (listed here), there has only been one incident (796 exchange in 2015) involving an offline multi-signature wallet. It happened because the customer's bitcoin address was modified by hackers, and the amount that was stolen ($230k) was immediately covered by the exchange operators. Basically, the platform operators were tricked into sending a legitimate withdrawal request to the wrong address because hackers exploited their platform to change that address. Such an issue would not be prevented in any way by the use of a custodian, as that custodian has no oversight whatsoever to the exchange platform. It's practical for all exchange operators to test large withdrawal transactions as a general policy, regardless of what model is used, and general best practice is to diagnose and fix such an exploit as soon as it occurs.
False promises on the backing of funds played a huge role in the downfall of Quadriga, and it's been exposed over and over again (MyCoin, PlusToken, Bitsane, Bitmarket, EZBTC, IDAX). Even today, customers have extremely limited certainty on whether their funds in exchanges are actually being backed or how they're being backed. While this issue is not unique to cryptocurrency exchanges, the complexity of the technology and the lack of any regulation or standards makes problems more widespread, and there is no "central bank" to come to the rescue as in the 2008 financial crisis or during the great depression when "9,000 banks failed".
In addition to fraudulent operations, the industry is full of cases where operators have suffered breaches and not reported them. Most recently, Einstein was the largest case in Canada, where ongoing breaches and fraud were perpetrated against the platform for multiple years and nobody found out until the platform collapsed completely. While fraud and breaches suck to deal with, they suck even more when not dealt with. Lack of visibility played a role in the largest downfalls of Mt. Gox, Cryptsy, and Bitgrail. In some cases, platforms are alleged to have suffered a hack and keep operating without admitting it at all, such as CoinBene.
It surprises some to learn that a cryptographic solution has already existed since 2013, and gained widespread support in 2014 after Mt. Gox. Proof of Reserves is a full cryptographic proof that allows any customer using an exchange to have complete certainty that their crypto-assets are fully backed by the platform in real-time. This is accomplished by proving that assets exist on the blockchain, are spendable, and fully cover customer deposits. It does not prove safety of assets or backing of fiat assets.
If we didn't care about privacy at all, a platform could publish their wallet addresses, sign a partial transaction, and put the full list of customer information and balances out publicly. Customers can each check that they are on the list, that the balances are accurate, that the total adds up, and that it's backed and spendable on the blockchain. Platforms who exclude any customer take a risk because that customer can easily check and see they were excluded. So together with all customers checking, this forms a full proof of backing of all crypto assets.
However, obviously customers care about their private information being published. Therefore, a hash of the information can be provided instead. Hash is one-way encryption. The hash allows the customer to validate inclusion (by hashing their own known information), while anyone looking at the list of hashes cannot determine the private information of any other user. All other parts of the scheme remain fully intact. A model like this is in use on the exchange CoinFloor in the UK.
A Merkle tree can provide even greater privacy. Instead of a list of balances, the balances are arranged into a binary tree. A customer starts from their node, and works their way to the top of the tree. For example, they know they have 5 BTC, they plus 1 other customer hold 7 BTC, they plus 2-3 other customers hold 17 BTC, etc... until they reach the root where all the BTC are represented. Thus, there is no way to find the balances of other individual customers aside from one unidentified customer in this case.
Proposals such as this had the backing of leaders in the community including Nic Carter, Greg Maxwell, and Zak Wilcox. Substantial and significant effort started back in 2013, with massive popularity in 2014. But what became of that effort? Very little. Exchange operators continue to refuse to give visibility. Despite the fact this information can often be obtained through trivial blockchain analysis, no Canadian platform has ever provided any wallet addresses publicly. As described by the CEO of Newton "For us to implement some kind of realtime Proof of Reserves solution, which I'm not opposed to, it would have to ... Preserve our users' privacy, as well as our own. Some kind of zero-knowledge proof". Kraken describes here in more detail why they haven't implemented such a scheme. According to professor Eli Ben-Sasson, when he spoke with exchanges, none were interested in implementing Proof of Reserves.
And yet, Kraken's places their reasoning on a page called "Proof of Reserves". More recently, both BitBuy and ShakePay have released reports titled "Proof of Reserves and Security Audit". Both reports contain disclaimers against being audits. Both reports trust the customer list provided by the platform, leaving the open possibility that multiple large accounts could have been excluded from the process. Proof of Reserves is a blockchain validation where customers see the wallets on the blockchain. The report from Kraken is 5 years old, but they leave it described as though it was just done a few weeks ago. And look at what they expect customers to do for validation. When firms represent something being "Proof of Reserve" when it's not, this is like a farmer growing fruit with pesticides and selling it in a farmers market as organic produce - except that these are people's hard-earned life savings at risk here. Platforms are misrepresenting the level of visibility in place and deceiving the public by their misuse of this term. They haven't proven anything.
Fraud isn't a problem that is unique to cryptocurrency. Fraud happens all the time. Enron, WorldCom, Nortel, Bear Stearns, Wells Fargo, Moser Baer, Wirecard, Bre-X, and Nicola are just some of the cases where frauds became large enough to become a big deal (and there are so many countless others). These all happened on 100% reversible assets despite regulations being in place. In many of these cases, the problems happened due to the over-complexity of the financial instruments. For example, Enron had "complex financial statements [which] were confusing to shareholders and analysts", creating "off-balance-sheet vehicles, complex financing structures, and deals so bewildering that few people could understand them". In cryptocurrency, we are often combining complex financial products with complex technologies and verification processes. We are naïve if we think problems like this won't happen. It is awkward and uncomfortable for many people to admit that they don't know how something works. If we want "money of the people" to work, the solutions have to be simple enough that "the people" can understand them, not so confusing that financial professionals and technology experts struggle to use or understand them.
For those who question the extent to which an organization can fool their way into a security consultancy role, HB Gary should be a great example to look at. Prior to trying to out anonymous, HB Gary was being actively hired by multiple US government agencies and others in the private sector (with glowing testimonials). The published articles and hosted professional security conferences. One should also look at this list of data breaches from the past 2 years. Many of them are large corporations, government entities, and technology companies. These are the ones we know about. Undoubtedly, there are many more that we do not know about. If HB Gary hadn't been "outted" by anonymous, would we have known they were insecure? If the same breach had happened outside of the public spotlight, would it even have been reported? Or would HB Gary have just deleted the Twitter posts, brought their site back up, done a couple patches, and kept on operating as though nothing had happened?
In the case of Quadriga, the facts are clear. Despite past experience with platforms such as MapleChange in Canada and others around the world, no guidance or even the most basic of a framework was put in place by regulators. By not clarifying any sort of legal framework, regulators enabled a situation where a platform could be run by former criminal Mike Dhanini/Omar Patryn, and where funds could be held fully unchecked by one person. At the same time, the lack of regulation deterred legitimate entities from running competing platforms and Quadriga was granted a money services business license for multiple years of operation, which gave the firm the appearance of legitimacy. Regulators did little to protect Canadians despite Quadriga failing to file taxes from 2016 onward. The entire administrative team had resigned and this was public knowledge. Many people had suspicions of what was going on, including Ryan Mueller, who forwarded complaints to the authorities. These were ignored, giving Gerald Cotten the opportunity to escape without justice.
There are multiple issues with the SOC II model including the prohibitive cost (you have to find a third party accounting firm and the prices are not even listed publicly on any sites), the requirement of operating for a year (impossible for new platforms), and lack of any public visibility (SOC II are private reports that aren't shared outside the people in suits).
Securities frameworks are expensive. Sarbanes-Oxley is estimated to cost $5.1 million USD/yr for the average Fortune 500 company in the United States. Since "Fortune 500" represents the top 500 companies, that means well over $2.55 billion USD (~$3.4 billion CAD) is going to people in suits. Isn't the problem of trust and verification the exact problem that the blockchain is supposed to solve?
To use Quadriga as justification for why custodians or SOC II or other advanced schemes are needed for platforms is rather silly, when any framework or visibility at all, or even the most basic of storage policies, would have prevented the whole thing. It's just an embarrassment.
We are now seeing regulators take strong action. CoinSquare in Canada with multi-million dollar fines. BitMex from the US, criminal charges and arrests. OkEx, with full disregard of withdrawals and no communication. Who's next?
We have a unique window today where we can solve these problems, and not permanently destroy innovation with unreasonable expectations, but we need to act quickly. This is a unique historic time that will never come again.
How to buy Bitcoin and Deposit on Roobet Full Tutorial
Hello! In this thread I will do my very best to explain how to purchase Bitcoin safely and deposit it onto Roobet.com ! If anything is too confusing or you need further instructions feel free to message a mod for help!Be very aware of other users offering to sell you bitcoin or purchase on your behalf.If you are new to Bitcoin in general I strongly recommend watching this quick video on the basics of bitcoin safety https://www.youtube.com/watch?v=2z2xggmeW1AAfter you have watched that or you already understand bitcoin skip to down below! Buying Bitcoin Step 1 Chosing an exchange Ok so you want to buy bitcoin to play on roobet? No problem! Bitcoin is super easy to use once you understand it! The first thing you need to do is pick an exchange to purchase from. I would recommendcoinbaseas it is a very large and trusted exchange.If coinbase does not work in your region then I would recommendBinance The last option if buying online doesn't work would be a local Bitcoin ATM use google to find one close to you. Step 2 Signing up -coinbase Sign up using https://www.coinbase.com/join/carava_zo to get a bonus 10$ btc on your first purchase Once you create an account you will be prompt to verify both a Email & Phone Number *Sometimes a photo id is required* *(It is recommend to add one as it will improve account security and increase your buying limit)* Follow the on screen prompts until you get to Add Payment Method Add your method of payment Once you link a Bank/Credit Card you will now be in the main page https://preview.redd.it/a58hftutv8d51.png?width=1892&format=png&auto=webp&s=9ce87ba198fdcaad10a2da4725c1030fca4d1741
Copy the Bitcoin Address (Your bitcoin address not the one in the screenshot)
Head back to coinbase
You should still have the Sent/Receive tab open if not open it back up
Put in the amount of BTC you wish to send
I like to add a note to keep my purchases organized this is optional
PASTE THE ROOBET DEPOSIT ADDRESS WE COPIED FROM STEP 1
DOUBLE TRIPLE QUADRUPLE CHECK THE ADDRESS IS CORRECT YOU ONLY GET 1 SHOT AT THIS GO SLOW
If everything looks good click send
TRIPLE CHECK BEFORE CLICKING SEND You will be given a confirmation screen again take note of the fees It is easy to get confused especially with currency conversion its always best to look at the BTC amount not the $ amount. (pro tip) Last chance to check everything Once you confirmed everything click send and the BTC is on its way! Go back to roobet and keep an eye on your notifications. Thanks to Roobet Instant funding you only need 1 confirmation before your funds are ready to go! https://preview.redd.it/14x2wwmo59d51.png?width=524&format=png&auto=webp&s=d40212fd1b67555fecb6e7f69c78d47c1abe569f Thats it!!!!You have successfully purchased and added BTC to your roobet account! Things to note Bitcoin is risky be safe take time to learn it Gambling is risky... Crpto is risky this website combines both please take the appropriate steps to ensure not only your financial safety but also your metal health Play Smart Play Safe Thank you for reading!if this helped you at all I would love it if you used my links above when signing up This was my first reddit guide I apologize if it is messy/confusing I will work on the formatting any Feedback is appreciated -Dom
Updated list of Global Beermoney opportunities (+180!) - June 2020
Updated list of Global Beermoney opportunities (+180!) - June 2020
The current, and now previous, Beermoney Global list started nearly 5 years ago. It’s been updated and has grown over all that time, but it also became a hassle to keep current. It was time to build a new list from scratch based on my experience in the Beermoney world over all these years and all the contributions all of you have been making in this sub. The lists consist of opportunities that are available in at least one country that is not the US. This means there are sites which only work in Canada or the UK. There’s sites which are open to the whole world, but this does not mean everyone can really earn something on it. It’s all still very demographic and therefore location dependent. This list should give you a starting point to try out and find what works for you. I’m not using everything myself as I prefer to focus on a few, so not all are tested by me. They are found in this sub, other subreddits and other resources where people claim to have success. I’ve chosen the format of a simple table with the bare minimum of information to keep things clean. It includes a link, how you earn, personal payment proof if available and sign-up bonus codes if applicable. Some of these bonuses are also one-time use codes specifically made for this sub! For the ones I don’t have payment proof (yet) feel free to provide some as a comment or via modmail so others know it’s legit. I am working on detailed instructions for each method that I personally use which will include things like cashout minimum, cashout options, tips & tricks,... For now I’ve split things up based on the type of earning like passive or mobile. Because of this there’s sometimes an overlap as some are both passive and on mobile or both earning crypto and a GPT (Get Paid To) website. The lists are obviously not complete so I invite you to keep posting new ones in the sub, as a comment to this post, or in modmail. Especially if you have sites or apps which work for one single specific country I can start building a list, just like I did for The Netherlands and Belgium. If you recognize things which are in fact scams or not worth it let me know as well.
Get Paid To (Surveys, tasks, offers, videos, clicking links, play games, searching)
For The Netherlands there are a few very good options next to a bunch of ‘spaarprogramma’s. There ‘spaarprogramma’s are all the same where you receive and click a bunch of e-mails, advertisements, banners,... I advise you to create a separate e-mail address or use a good filter in your inbox as you will be spammed to death. I believe they can be a nice piece of beermoney but they take quite the effort.
Bitkingz Casino 20 free spins and no deposit bonus code!
Bitkingz Casino Review & Free Spins Every new player to Bitkingz Casino get 20 No Deposit Free Spins via our exclusive landing page! Click on the link below, create your account and play for free. Also, enjoy 3000 EUR welcome bonus pack that is a perfect offer for high-rollers! Australia WELCOME! >>Get Your Free Spins Here<<
Bitkingz Casino Full Review
Bitkingz is a brand new 2020 casino that is launching exclusively through NewCasinos.com. Their one main goal is to satisfy all your player needs. And despite being so new it already has over 3,000 games to tempt you in with, from some of the best software developers in the world. You can sign up in minutes and get your hands on a seriously good Bitkingz casino bonus up to €3,000. And regular players can enjoy amazing reload deals, packages of Bitkingz free spins, unlimited cashback, and loads more rewards. Crypto users are fully catered for as well as standard currencies. Payments are instant and free, and your security is looked after by the latest encryption methods.
Exclusive Bitkingz Casino Bonus
Sign up and claim our exclusive welcome bonus, which will give you far more for the money you deposit. They have pushed the ordinary 100% bonus up to a 150% bonus. Not bad, ay? This is the offer: FIRST DEPOSIT150% up to €300 + 50 Bonus Spins Exclusive
Minimum deposit: €20 for standard offer
Wagering requirements: 45x
Relevant T&C’s:One welcome offer per player, only available to new players. All bonus funds are forfeited after 14 days. Not all games count towards 100% towards wagering. Max bonus bet€5. Live dealer games excluded from wagering of any bonuses. Please read all other terms before claiming offer. >>Get Your Free Spins Here<<
Other Bitkingz Bonuses and Promotions
Get some real value for money at Bitkingz, with a range of exciting promos to keep you happy all week long. With rewards and gifts to be claimed such as Bitkingz no deposit bonus, unlimited cashback, and loads more!
Banish the midweek blues with a glorious 50% deposit deal – every week. Choose either the standard offer for a return of either €100 or a massive €1,000 with the high roller deal.
Get involved with a different tournament every week. And be in with a chance of winning cool hard cash prizes and Bitkingz free spins no deposit required. Bitkingz also hosts the network software developer tournaments too. Giving you access to the best competitions and the biggest of prize pools that sometimes reach into the millions.
You’ll collect points through your wagering in this simple scheme, and there are 3 levels to progress through. Giving some simply awesome rewards like Bitkingz 20 free spins every Friday, Saturday, and Sunday. And unlimited weekly cashback, big deposit deals, and invites to exclusive events. >>Get Your Free Spins Here<<
Bitkingz Withdrawal Review
Your winnings will be processed in a speedy 4 hours and casino payments can be made in a variety of currencies. Bitcoin is available and hopefully, other cryptos will be added soon too. Your verification documents will be requested from you at some point during your experience. And Curacao licensed casinos are no different from any other when it comes to these. So it’s best to have them to hand, ready to send over to the team.
Standard currencies accepted: EUR, CAD, JPY, NOK, PLN, RUB, USD, and ZAR.
Cryptocurrencies accepted: BTC.
Minimum deposit amount: €20
Minimum withdrawal amount: €20
Deposits & Withdrawal Methods Available at Bitkingz
There are over 15 payment options available, though this may be less depending on which country you reside in. Every option is covered, with eWallets, bank transfers, and credit/debit cards. You can even enjoy superior security by using one of the virtual credit cards. The minimum payment amounts are both set at a standard of €20, and there are no fees to deposit or withdraw at any time. Unlike many other online casinos, Skrill and Neteller users can claim the welcome offer and any other bonuses on site. >>Get Your Free Spins Here<<
Enjoy 3,365 Bitkingz Games
Launched in August 2020, Bitkingz has a superior amount of slots and live casino games. All found in a well laid out lobby that’s easily accessible to new players. If a quality slot site and live dealer games aren’t your thing then there are plenty of table games, scratch cards, dice, and instant win titles to choose from.
With over 2,000 slots on offer, there’s something here to satisfy even the thirstiest of fans. And you can filter out your favorites by provider as well as seeing all the new casino games on offer, just one click away. You’ll easily find popular games like Starburst, Gonzos Quest and Dead or Alive as well as all your other favorites. There are lots of different themes to choose from, as well as bonus buy-in games, various volatilities, and mechanics. Each of the slots are available to play in demo mode first, for some Bitkingz no deposit fun! Jackpots are in good supply and you can view the total pot of cash up for grabs in the main lobby. With various games to suit all budgets and tastes.
This lobby features a few hundred games, with specially chosen live poker tables for your pleasures. All the traditional table games are there like blackjack, sic bo, roulette, and baccarat too. And there are also some twists on old school favorites, like money wheel and lotto based games.
Software Developers Found at Bitkingz
With over 20 quality software developers working in collaboration with Bitkingz, you can expect to find some of the most popular games in online casinos. The team states that they work hard to bring players the very best in entertainment, and this really shows in the variety of developers on offer. You’ll find lots of Yggdrasil casino games, as well as NetEnt, Quickpsin, and Push Gaming. The live casino is predominantly powered by Evolution and Authentic Gaming so you can enjoy superior quality tables. >>Get Your Free Spins Here<<
Look & Feel of Bitkingz
The site has a really welcoming feel to it, and you’ll see lots of lucky symbols and leprechauns as you explore. There’s a green theme running through, with pleasant visuals. Everything is organized well and as a new player, it’s easy to find your way around. All the help you’ll need is just one click away with menus at the bottom of the pages. You can also open up a chat window whilst you’re playing any of the games, so there’s no need to interrupt your fun at any point.
Licenses & Restricted Countries
Bitkingz is registered and licensed by the Curacao gambling authority. Which offers some protection to players and opens up many overseas markets to those wishing to sign up. Restricted countries: USA, UK, Spain, France, Netherlands, Israel, Lithuania, and Curacao.
As the platform is so new there aren’t any Bitkingz reviews yet from customers. But when we tested out the casino customer service, we were really impressed. Response times were fast and agents freely gave us the information we requested. So you’ll be in for some royal treatment here! You can contact the team around the clock, by email or the live chat function at the right-hand side of each page. Check out all the options:
Unfortunately there isn’t, due to the Curacao license UK players aren’t able to sign up at Bitkingz.
2. Is Bitkingz legit?
Yes, it is and you can be sure that any of our reviewed casinos are safe to play at. Bitkingz is licensed under the Curacao jurisdictions and uses the latest SSL encryption methods to keep you safe and sound.
3. What is the minimum withdrawal amount?
4. Where is Bitkingz based?
5. What’s the maximum deposit amount?
Up to €6,000 per deposit but it depends on the payment method you are using.
6. Is there a Bitkingz mobile app?
There isn’t at the moment, though the platform is fully enabled for mobile use on all devices. A number of us tested the site for our Bitkingz casino reviews and we were pleasantly surprised. You’ll be able to play hundreds of games and carry out all your account activities just as you would on a desktop.
7. Do I need a code to claim any of the Bitkingz bonuses?
No, these are available at the point of deposit so that you can choose which one you’d like to claim. Bonuses are then added automatically after deposit. >>Get Your Free Spins Here<<
Wallet for Windows phones (self.Bitcoin) that’s assuming Windows Phone apps can run Java there used to be a windows phone bitcoin wallet but it sadly is gone. Choose your Bitcoin wallet. Find your wallet and start making payments with merchants and users. Download this app from Microsoft Store for Windows 10, Windows 8.1, Windows 10 Mobile, Windows 10 Team (Surface Hub), HoloLens. See ... Best BTC Bitcoin wallet for windows phone / Windows 10 Mobile. There are 3-4 bitcoin wallets available on windows phone store but not all of them can be termed secure since they do not have desktop counterparts and are mobile-only. This is something we do not recommend for storing crypto currency that can go into thousands. The best bitcoin wallet is BitPay and it is not just a wallet but a ... Blockchain has been available on Windows Phone for some time, but we've failed to cover it until now. Billed as the first app on the platform to support Bitcoin, the app enables you to carry out ... Bitcoin app for Windows Phone will be launched on the Windows Store. The company has planned to launch the app in the coming weeks. Bitcoin is a cryptocurrency and a digital payment system. The Blockchain Wallet enables you to buy, sell, send, receive, earn interest, store, exchange, and swap between cryptocurrencies without ever having to leave the security of your wallet. This functionality separates us from the competition and is why you should download the wallet from the App Store today! Cryptocurrencies we support: Bitcoin (BTC)
Blockchain Pairing Your App with Your Wallet - YouTube
Today we are going to compile the latest Bitcoin wallet for Windows Windows 10 has an Ubuntu 16.04 Terminal app in the Microsoft Store that we use to comp... Super Legit App Win upto 0.1 BTC Instant Payment App Boolwallet App Best Instant Earning App LIKE SHARE COMMENT SUBSCRIBE Join Telegram Group C... Check out Storyblocks here: http://storyblocks.com/MikeBilligTech_1217 — Bitcoin is a great way to get started in cryptocurrency investments. Check out Coinb... #bitcoin #bitcoinwallet #bestbitcoinwallet Whats The BEST Bitcoin Wallet (BTC) In 2020? On Computer, IOS, android and more. Bitcoin wallet that is secure, de... Unless you have been hiding in the sand..... You have heard about Bitcoin, In this video I display a cool app for Windows Phone and for windows PC that mine...