Most people aren't going to want to hold their own keys as most people can't stop their computers from being constantly infected by malware. Just as people don't want to keep large amounts of cash in their safe, they will want someone else to take the responsibility of securing their coin.
Pretty much only the tech savvy will care to even understand what a key is or care to hold their own.
Bitcoin isn't a political movement to the masses, it's just a useful new technology; they aren't using it to kill banks or government and they don't care about the politics of the early adopters.
Bitcoin with central key escrow is completely and utterly pointless, unless the goal is to generate a lot of waste heat from servers.
> Most people aren't going to want to hold their own keys as most people can't stop their computers from being constantly infected by malware.
We have cheap, secure hardware crypto tokens that rely on two-factor auth. You don't need to keep millions of dollars on a Windows PC.
> Just as people don't want to keep large amounts of cash in their safe, they will want someone else to take the responsibility of securing their coin.
"Someone else" is called a bank. The bank is FDIC insured, and they and the federal government guarantee that your money will be there. They use a huge number of human, automated, and physical processes to keep money secure, and they don't just keep their entire holdings lying around in digital gold bars.
Unless Coinbase et al are going to become (heavily regulated) banks, then they're just another Paypal, and the crypto doesn't even matter.
I don't see how the regulation level of Coinbase affects anything. Some people will store their keys on Coinbase. Paranoid users will use hardware wallets like Trezor. And there's a lot of options in between. The point is that its that choice (for starters) which differentiates bitcoin from Paypal.
What if Paypal were to adopt bitcoin as a deposit/withdrawal method, right next to credit card and bank transfer? That won't change the public-private key nature of bitcoin crypto. The blockchain won't go anywhere. Coin mixers and dark markets will still be there.
Coinbase isn't going to take over bitcoin any more than MtGox did. I don't quite understand what you're worried about.
> I don't see how the regulation level of Coinbase affects anything.
There's no point to a crypto-currency with insecure crypto. If you have insecure crypto, you need centralized regulation. If you have centralized regulation, you don't need crypto-currency.
> The point is that its that choice (for starters) which differentiates bitcoin from Paypal.
Paypal moves money in a lot of currencies, and there are lots of choices other than Paypal to move currency.
> Coinbase isn't going to take over bitcoin any more than MtGox did. I don't quite understand what you're worried about.
I think the analogy you're actually looking for is:
"Coinbase isn't going to take over bitcoin any more than Google took over e-mail"
The decentralized nature of bitcoin is the entire point. If it's co-opted by cloud key escrow services, there's no point.
The decentralized nature of bitcoin is baked into the protocol, its a technical feature, not a social one. So it has less to do with market segmentation of the userbase, whether 80% of the people use bitcoin-qt, blockchain.info, or mtgox. My biggest fear was that we were going to see MtGox blow up in the early days, when it had 80% of the market. Luckily, it didn't happen until the later days (when it only had 30% of the market).
When the social/service distribution gets lopsided, it does present a huge risk. But its "only" the risk that service blows up, not a risk of the protocol getting co-opted. Even with 80% of users on MtGox, that never compromised the essential decentralized feature of bitcoin: having absolute control over your coins on the blockchain. The analogy to google mail is that Gmail users can still e-mail hotmail users (and send/receive e-mail from users on their own custom SMTP servers).
An example of a protocol getting co-opted might be Google Talk, which they announced last year was discontinuing support of XMPP. So now Gchat users can only message other Gchat users, not other XMPP users (though I'm not sure if Google has actually disabled it yet). This would be like if someday Coinbase announced that users couldn't send to any bitcoin addresses anymore, only other Coinbase usernames.
Less random than paypal when it originally started. States had to come up with laws designed just for paypal, because an e-wallet was something completely new.
“We’re in uncharted territory, so hard to say if this stuff falls under a particular state’s MTL [money transmitting license] statutes,” says co-founder Fred Ehrsam. “We’re still talking to states to figure out how each responds, but Coinbase is prepared to get licensed where a regulator deems it’s necessary.”
In the meantime, he is continuing to do business, relying on the fact that Coinbase has its AML and KYC processes established.
Google is a "random" company holding all your emails, Facebook is another one holding all the photos -and many interactions- of your lifetime (maybe not yet, but very soon), Apple is one holding all your music; etc etc.
> Google is a "random" company holding all your emails
Yes, that's a problem, and it's not even money. I don't use GMail, and it irks me that so many people willingly share our mutual correspondence with Google on my behalf.
Now, what if Google was holding my savings account and the only thing protecting me was ... what? A digital key, which they hold in escrow?
If you are interested we have an open source unminified client with independent blockchain data verification via the electrum network as well as a a quick video infographics.
The client can also verify that the P2SH belong to your HD seed and GreenAddress' all while not being identifiable as from GreenAddress externally unless explicitly requested in a coming feature within the payment protocol.
Looked at GreenAddress. Very cool. I have some relevant questions, that may be OT in this thread. Can we chat? I am at kalepune (google's email). Thanks
Most of these services fail to clarify whether they are web-based and rely on so-called "secure" javascript crypto: eg, where their servers are sending the ephemeral JavaScript code that they claim -- but can not under any circumstances guarantee should they be compromised -- will not send your private keys to the server.
Compare this to signed, native applications produced by third-parties who do not run the service in question, where code signing guarantees that the code distributed to you was validated by a responsible building party, and the signing key is not accessible from compromised front-end web servers.
1) Chrome apps can be silently updated; it's a huge security hole in Chrome's distribution model, as it removes all human oversight from the process of software distribution.
2) You control the distribution keys for the silently updating Chrome app, and your signing key, which means all you need is the end-user's signing key to empty people's wallets -- which you (or any adversary that compromises you!) can get by pushing a Chrome app update.
3) Unless you are actually pushing users to use externally downloaded, NON-AUTOUPDATING, code signed applications by default, you're making users insecure by default. An open source client on GitHub doesn't do anyone any good if your default is to strip away crypto-currency's security. This is no different than Microsoft's previous policy of shipping insecure services enabled by default.
Essentially, this boils down to "trust us" -- you control the infrastructure that protects one half of the signing keys, and you already have access to the other half.
It'd make a helluva lot more sense if a locally installed client was maintained by a trusted third-party, and it was the default user mode.
Cloud-focused web people are undermining the promise of bitcoin by simply not understanding why the cloud is so dangerous, whether we're talking about user data (creating a vast treasure trove for the government), or money.
1)The chrome app can be run from the GitHub repo as far as I know.
We are also trying to sponsor an Electrum plugin and our android app will soon work similar to the Chrome app (at the moment it uses appcache and it doesn't do the independent blockchain data verification via the electrum network.)
We are also working with hardware wallet manufacturers.
2) see (1)
3) We will update our website information to make the user aware but please keep in mind that 2FA (soon with transaction details) means malware has limited capacity. Also keep in mind that an attacker would have to attack both our service and our signing key at the store which are not in the same place and are kept encrypted when not used.
I am incredibly sick of hearing this. This is like saying "I recommend you stuff all your cash under your mattress instead of using a bank. With a bank, they are in control over your money, not you".
It simply isn't scalable. Sure, people who are on their computers 24/7 (eg. anyone who works in tech) might have the technical knowhow to deal with this, but for those who are very non-technical, Coinbase is a great way to invest in/hold Bitcoins without having to get into the technical nitty gritty.
Thanks for your answer. Using Truecrypt and saving it on Box.net or Dropbox was an idea I also had. This cheap solution only has the problem that anyone who gets access to my cloud hosting area could find that Truecrypt container if it isn't cleverly hidden or disguised. And that master password has to be very very long and very complex, as I learned from Ars Technica:
Finally here is a interesting aspect which I just found here in the comments of a Dashlane review:
Quote: "David Pogue (NYT) raved about Dashlane, too, so I took the plunge. Immediate problem was that my login information wound up permanently entered in one of my credit card sites; it was an auto-login I could not disable. So if someone DID steal my laptop, it would be a happy time for him. Trashing Dashlane had no effect; I had to do a force quit of the Dashlane agent using Activity Monitor, then trash it and other attendant files. So many of these password managers, including the incredibly wonderful 1Password that everyone swoons over, imbed themselves so deeply into browsers and other functions that I don't trust them. I will stick with Password Wallet, which sits isolated off to the side and doesn't try to do too much. I understand it and am less likely to make mistakes."
I'm speaking of the new upcoming gTLDs like for example: .business, .fashion, .mortage, .baseball, .movie, .coffee, .pizza, .fitness, .porn, .shopping, .dating, .academy, .club, .forum to name a few.
Stop asking this fine young lady math puzzles to determine her programming abilities. She is good at solving your seemingly pointless math puzzle, because she was practicing problem-solving since she was ten. But she is not anywhere near as good at programming, yet - which caused her problems at the actual jobs she had to do after she was hired.
Yes, more power to the community. Wikipedia is still alive despite its massive openness. There just need to be enough trusted watchdogs.
My idea: Have the system automatically populate the title, but allow it to be overridden by the community. Only community members with over 1K kudos can change the title. As soon as a second member (with over 1K kudos) wants to re-edit the title again, the title will automatically get locked to prevent back and forth edit-wars. Only mods and admins can then finalize title.
Minor point: flag discussion should probably be flag submission. The current flag action is more for flagging a submission not suitable for HN rather than flagging the discussion around it. Those two things are different.
With those services you hold the keys to your Bitcoin, not Coinbase. With Coinbase they are in control over your Bitcoin, not you.
GreenAddress is the only wallet for Bitcoin with a 2-2 model Multisig offering a Bip0032 wallet with nLocktime on the Bitcoin blockchain.
* https://greenaddress.it/en/