Wallet Security: Cloud/Exchange Services

3½ years ago, I wrote a Bitcoin wallet safety primer for Naked Security, a newsletter by Sophos, the European antivirus lab. Articles are limited to just 500 hundred words, and so my primer barely conveyed a mindset—It outlined broad steps for protecting a Bitcoin wallet.

In retrospect, that article may have been a disservice to digital currency novices. For example, did you know that a mobile text message is not a good form of two-factor authentication? Relying on SMS can get your life savings wiped out. Who knew?!

With a tip of the hat to Cody Brown, here is an online wallet security narrative that beats my article by a mile. Actually, it is more of a warning than a tutorial. But, read it closely. Learn from Cody’s misfortune. Practice safe storage. If you glean anything from the article, at least do this:

  • Install Google Authenticator. Require it for any online account with stored value. If someone hijacks your phone account, they cannot authenticate an exchange or wallet transaction—even with Authenticator.
  • Many exchanges (like Coinbase) offer a “vault”. Sweep most of your savings into the vault instead of the daily-use wallet. This gives you time to detect a scam or intrusion and to halt withdrawals. What is a vault? In my opinion, it is better than a paper wallet! Like a bank account, it is a wallet administered by a trusted vendor, but with no internet connection and forced access delay.

Exchange and cloud users want instant response. They want to purchase things without delay and they want quick settlement of currency exchange. But online wallets come with great risk. They can be emptied in an instant. It is not as difficult to spoof your identity as you may think (Again: Read Cody’s article below!)

Some privacy and security advocates insist on taking possession and control of their wallet. They want wealth printed out and tucked under the mattress. Personally, I think this ‘total-control’ methodology yields greater risk than a trusted, audited custodial relationship with constant updates and best practice reviews.

In case you want just the basics, here is my original wallet security primer. It won’t give you everything that you need, but it sets a tone for discipline, safety and a healthy dollop of fear.


Ellery Davies co-chairs Crypsa & Bitcoin Event, columnist & board member at Lifeboat, editor
at WildDuck and will deliver the keynote address at Digital Currency Summit in Johannesburg.

Bitcoin closes in on (US) $2000; Why it matters

At the beginning of 2016, Bitcoin was fairly steady at $430. Richelle Ross predicted that it would finish the year at $650. She would have been right, if the year had ended in November. During 2016, Bitcoin’s US dollar exchange rose from $433 to $1000. In the past 2 months (March 24~May 20, 2017), Bitcoin has tacked on 114%, rising from $936 to $2000.  [continue below image]…

If this were stock in a corporation, I would recommend liquidating or cutting back on holdings. But the value of Bitcoin is not tied to the future earnings or property value of an organization. In this case, supply demand is fueled—in part—by speculation. Yes, of course. But, it is also fueled by a two-sided network built on the growing base of utilitarian adoption. And not just an adoption fad, but adoption that mirrors the shift in our very understanding of bookkeeping, trust and transparency.

Despite problems of growth, governance and regulation, Bitcoin is more clearly taking its place as the future of money. Even if it never becomes “legal tender” in any country—and is used only as a mechanism of payments and settlement, it is still woefully undervalued. $2000 is not an end-game. It is a beginning.

Ellery Davies co-chairs Crypsa & The Bitcoin Event. He is a columnist & board member at Lifeboat Foundation,
editor at WildDuck and is delivering the keynote address at the 2017 Digital Currency Summit in Johannesburg.

Distributed Consensus: Beyond POW or POS

At the heart of Bitcoin or any Blockchain ledger is a distributed consensus mechanism. It’s a lot like voting. A large, diverse deliberative community validates each, individual user transaction, ownership stake or vote.

But a distributed consensus mechanism is only effective and faithful if the community is impartial. To be impartial, voters must be fairly separated. That is, there must be no collusion enabled by concentration or hidden collaboration. They must be separated from the buyer and seller; they must be separated from the big stakeholders; and they must be separated from each other. Without believable and measurable separation, all sorts of problems ensue. One problem that has made news in the Bitcoin word is the geographical concentration of miners and mining pools.

A distributed or decentralized transaction validation is typically achieved based on Proof-of-Work (POW) or Proof-of-Stake (POS). [explain]. But in practice, these methodologies exhibit subtle problems…

The problem is that Proof-of-Work can waste an enormous amount of energy and both techniques result in a concentration of power (either by geography or by special interest) — rather than a fair, distributed consensus.

In a quasi-formal paper, C.V. Alkan describes a fresh approach to Blockchain consensus. that he calls Distributed Objective Consensus. As you try to absorb his mechanism, you encounter concepts of Sybil attacks, minting inequality, the “nothing-at-stake” problem, punishment schemes and heartbeat transactions. Could Alkan’s distributed consensus mechanism be too complex for the public to understand or use?…

While I have a concern that time stamps and parent-child schemes may degrade user anonymity, the complexity doesn’t concern me. Alkan’s paper is a technical proposal for magic under the covers. Properly implemented, a buyer and seller (and even a miner) needn’t fully understand the science. The user interface to their wallet or financial statement would certainly be shielded from the underlying mechanics.

Put another way: You would not expect a user to understand the mechanism any more than an airline passenger understands the combustion process inside a jet engine. They only want to know:

• Does it work?  •  Is it safe?  •  Is it cost effective?  •  Will I get there on time?

So will Alkan’s Decentralized Objective Consensus solve the resource and concentration problems that creep into POW and POS? Perhaps. At first glance, his technical presentation appears promising. I will return to explore the impact on privacy and anonymity, which is my personal hot button. It is a critical component for long term success of any coin transaction system built on distributed consensus. That is, forensic access and analysis of a wallet or transaction audit trail must be impossible without the consent and participation of at least one party to a transaction.


Ellery Davies co-chairs Cryptocurrency Standards Association and The Bitcoin Event. He is columnist & board member at
Lifeboat Foundation, editor of AWildDuck and will deliver the keynote address at Digital Currency Summit in Johannesburg.

Can Bitcoin Flourish with a Capped Supply?

The answer may be counter-intuitive: Not only can Bitcoin be widely adopted under a supply cap, its trust and integrity are a direct result of a provably limited supply. As a result, it will flourish because it is capped.

Everyone Can Own and Trade a Limited Commodity, IF…

…if it is both measurable and divisible. Bitcoin has a capped supply just as gold has a capped supply. Although both assets will be mined for some time into the future, there is only so much that will ever be uncovered. Thereafter, the total pie cannot grow.

But the transaction units will continue to grow as needed, because the pie is divisible into very, very tiny units:

There will eventually be 21 million BTC and each coin is divisible into 108 units. This yields (21 million * 100 million), or 21 trillion exchangeable units. And, it can be divided further by consensus.

As Bitcoin is adopted—whether as a simple payment instrument, an investment asset or even as national currencies around the world—each unit of the limited supply simply rises in value. If thought of as a currency, with a value established by supply & demand, it leads to a deflationary economy.

But, Isn’t Deflation Bad for the Economy?

It’s common to associate deflation with economic ills. One need only glance back at the the last century to conclude that deflation coincides with wars, joblessness, recession and a crippling concentration of wealth. Perhaps, just as bad, the tools used to pull a nation out of deflation often force governments to cherry pick beneficiaries of stimulus spending.

But it is important to note that deflation plays no role in causing these things. On the contrary, it is an effect rather than a cause… In fact, when a supply cap is introduced as a designed control input for monetary policy, all sorts of good things follow. I address these in various answers at Quora. Dig in:

Ellery Davies co-chairs Cryptocurrency Standards Association. He was host and producer of The Bitcoin Event in New York.

Can Bitcoin be defeated by legislation?

The question breaks down into two parts:

  1. For what public benefit?     —and—
  2. No, it cannot be achieved in this way

Governments are in the business of regulating certain activities—hopefully in an effort to serve the public good. In the case of business methods and activities, their goal is to maintain an orderly marketplace; one that is fair, safe and conducive to economic growth.

But regulation that lacks a clear purpose or a reasonable detection and enforcement mechanism is folly. Such regulation risks making government seem arbitrary, punitive or ineffective.

QR Code_CRYPSA-001«—  This is money. It is not a promissory note, a metaphor, an analogy or an abstract representation of money in some account. It is the money itself. Unlike your national currency, it does not require an underlying asset or redemption guarantee.

Bitcoin is remarkably resistant to effective regulation because it is a fully distributed, peer-to-peer mechanism. There is no central set of books, no bank to subpoena, and no central committee to pressure (at least not anyone who can put the genie back into the bottle). In essence, there is no choke point or accountable administrative party.

Sure—it is possible to trace some transactions and legislate against ‘mixers’ and other anonymization methods—but there is no way to prevent a transaction before it occurs or to know the current distribution of assets. Bitcoin can exist as a printed QR code and it can be transmitted from a jail cell with a blinking flashlight. Sending bitcoin from Alice to Bob has no intermediary. Settlement requires only that one of the parties eventually has access to the Internet. But, there is no credit authority or central asset verification.              [continue below image]…

feral_cat_mating-02-ts

If you are thinking of legislating against the use of Bitcoin, you might as well pass laws to ban the mating of feral cats or forbid water from seeping into underground basements. These things are beyond the domain of human geopolitics. You can try to shape the environment (e.g. offer incentives to cats and water levels), but you cannot stop sex or seepage.

Fortunately, Bitcoin is not a threat to governments—not even to spending or taxation. A gross misunderstanding of economics and sociology has led some nations to be suspicious of Bitcoin, but this improper perception is abating. Governments are gradually recognizing that Bitcoin presents more of an opportunity than a threat.

I have written more extensively on this issue:

Ellery Davies is co-chair of The Cryptocurrency Standards Association, MC for The Bitcoin Event in NY and monetary systems board member for Lifeboat Foundation. This fall, he will teach Cryptocurrency and The Blockchain in Massachusetts.

Governments head toward Bitcoin without realizing it

This weekend, Ecuador joined at least 5 other countries in walking toward a future that replaces paper and coins with cryptocurrency. But, are these national experiments likely to lead to the future that comes to mind when we think of Bitcoin?

AWildDuck offers this 2-sentence analysis:

  • Most governments and national banks that experiment with cryptocurrency have no intention of empowering citizens nor decoupling their monetary supply from political control
  • But in the end, that’s exactly where they are headed

Ecuador 5000 SucreThese national experiments are fascinating. Including Ecuador, there are at least 6 national efforts to embrace cryptocurrency around the world, including two in Africa, two in Latin America, Iceland and Israel.

It’s unfortunate that each potentate has created a disparate, internal and proprietary currency. Most of these territorial adopters have adopted neither a mathematical supply cap nor a permissionless blockchain. They buy into the legacy ‘wisdom’ that controlled inflation is necessary to stimulate spending and grow an economy.

Perhaps they see cryptocurrency as a an evolutionary mechanism to lower the production and distribution cost of coins and bills and thwart counterfeiting—just as  many countries have switched from paper bills to plastic. That’s a limited view of a very positive revolution in the making. The leaders and central banks of many countries seem to miss the point. It’s not just about new technology. It’s about free markets, limited supply, public trust and citizen empowerment. In fact, it’s all about growth, free markets and the expansion of wealth.

Hopefully, these experiments are just a step toward combining monetary policy with an open digital currency while fostering a grass roots revival of public trust… Eventually, governments will recognize that properly implemented cryptocurrency—one that is free to usurp the national mint—leads to increased faith in government. At least, if one’s  government demonstrates a willingness to decouple politics from monetary policy.

Ellery Davies is a founding member of CRYPSA, the Cryptocurrency
Standards Association. He is also chief editor at AWildDuck. Catch
all of his Bitcoin articles here.

Why are Governments Against Bitcoin?

bitcoin_accepted_here-aI contribute to LinkedIN community discussions on Bitcoin and other cryptocurrencies. That’s because in my day job, I am a principal at the standards organization that defines and promotes a framework of best practices and safety valves for this rapidly growing community.

You might think that a digital currency standards organization is comprised of Bitcoin miners, economic anarchists, Geeks and “bleeding-edge” adopters. If you do, then you would be mistaken. Our founders come from a background of compliance, anti-money laundering and Internet services. Interest from prospective members points to a broad cross section of government, academia, banks, brokers and exchanges.

Today, the event host for an industry forum posed this question (abbreviated version):

Why are regulators and governments afraid of Bitcoin?

Based on the elaboration, it seems that he is focused primarily on the US government.

I may be a minority voice in this particular discussion, but for what it is worth, I respectfully disagree with the fundamental assumption in the question…

Certainly, in some countries governments are concerned that Bitcoin presents a threat to banks, the reserve mechanism, commercial and consumer protection, and the centralized control of monetary policy & supply. But the US is not among these countries. The few official policies that have hit the streets advise caution (especially among banks and speculators), but recognize that Bitcoin is an asset—and in some states, even a currency. A few regulators have even suggested that in the long term, cryptocurrency may represent more of an opportunity than a threat.

Banks, card service collaboratives and regulators are warming up to Bitcoin. The evidence is legion. Influential individuals are tentatively embracing Bitcoin or waiting with an intent to jump in when they sense an alignment of interests, education, regulatory guidance and safety mechanisms.

These individuals are among the strongest voices calling for standards and well defined practices. Standards—even ones that are voluntary but verifiable—are the key to safety, and thereby to adoption and growth.

CRYPSA is an independent standards organization gaining attention within business and government. It is moving quickly on a plan that does not exclude anyone. In fact, the voluntary standards and applications that CRYPSA produce will not weaken the allure of Bitcoin to early adopters, including “Libertarians” or those who value privacy above the rule of law. That is, new standards and mechanisms do not force disclosure or impose rules on P2P transactions between trusted parties.

WildWest-3But what CRYPSA and other best-practices organizations hope to achieve is added trust, security, and even insurance—by demonstrating standards compliance in real time. Ultimately, they will make Bitcoin safe for the rest of us.

It’s not very different from the wild west. Gold, minerals, buffalo and opportunity abounded. But, in the early days, plucking this bounty was limited to the most strident thrill seeker. For all others, the risk of becoming a homesteader was too high. Threats came from all directions: Natives, rattlesnakes, gunslingers, stage coach gangs, and scam artists.

Gradually things change. The wild west was tamed.

The federal government deployed a network of sheriffs and marshals. Risk abated and productivity spread across the west. With Bitcoin, the solution won’t come from the federal government, because one of the key tenants of Bitcoin is a inherent decentralized and personally-empowering architecture. But the government is not blind to this, and a surprising number of politicians even recognize that an empowered consumer can be an asset to national financial health. For this reason, regulators are gradually moving from “wait-and-see” to “How can we help?”

WildWest-1For some, these observations defy the popular conception of government, because governments typically try to consolidate, regulate and enforce. But with Bitcoin, the CRYPSA staff is finding that representatives of government are generally receptive, and even acknowledging that the role of a Federal Reserve or of central banks may be greatly transformed in the next decade.

As with many of the members, I was surprised with the open and friendly nature of discussions. My conclusion is that a popular conception of government with its head it he sand—or one that is unwilling to work with “facts on the ground”—does not apply to US policy makers and regulators. The people in these roles are prepared to embrace change and they want to facilitate the process for everyone’s benefit.

So, the top-line question, “Why are governments (or regulators) against Bitcoin?” is a bit like asking “When will you stop beating your mother?” It is not possible to answer, because in my opinion, the question is based on a false assumption. Bitcoin is gaining steam, and legitimate objections are rapidly falling away.

WildWest-2