Wednesday, June 29, 2011

Proactive engagement

One of Bitcoin's major challenges is the legal uncertainty surrounding it.

It is really no different from other new Internet technologies (should Skype be regulated like a phone company? Does google's deep-linking violate copyright? ... to give two examples from a few years ago...), but because it is money there are a lot more laws and regulations that may or may not apply.

It'd be easy to ignore that and just damn the torpedoes, full steam ahead with the technology. And given the nature of geeks on the Internet, that is what is going to happen anyway... but I decided it wouldn't hurt to try to be proactive and start a conversation with my representatives in Washington, DC about the Bitcoin Project.

So I met briefly with staffers from Rep. Olver and Sen. Brown's offices yesterday. I gave a very brief overview of bitcoin, mentioned Senator Schumer's "eradicate Silk Road" press conference, and stressed that Bitcoin is meant to be a stable, secure, international currency for the Internet, NOT a currency for criminals.

I also mentioned that the legal uncertainty is a barrier to innovation, and asked for advice on what, if anything, could be done about that. There is no good answer-- government moves really slowly, and they're wedging newfangled Internet ideas into legal structures that were created when telephone were the latest and greatest technology.

However, the house of representatives staffer I talked with did suggest that encouraging you-all to introduce yourselves to your congressperson's staff is a good idea. If they know that interesting, job-creating bitcoin businesses are happening in their districts and they've met the person making it happen, then they're much more likely to support bitcoin-friendly legislation.

So, if you're an upstanding, law-abiding, clear-thinking citizen doing interesting things with Bitcoin, I encourage you to take a little time and introduce yourself to your representative's staff. I wouldn't bother talking to the representative-- they're probably too old to really understand bitcoin ("Tubes! Money through the tubes I say!"). Talk to a 20-something staffer who grew up with the Internet and is likely to be a lot more sympathetic to the idea of a peer-to-peer Internet money.

(cross-posted from the Bitcoin Forums)

Monday, June 27, 2011

Worth more than the computer they are stored on...

Reporters sometimes ask me how many bitcoins I own; I think they assume that I'm a bitcoin millionaire.

I wish!

I don't feel comfortable telling the world exactly how many bitcoins I own (I don't feel comfortable saying how many dollars I have in the bank either), so I tell them I own thousands of bitcoins-- not tens or hundreds of thousands. At about $17 each, that means my bitcoins are worth a lot more than my computer, and I worry about them being lost or stolen.

Here's how I keep them safe:

First, I have an advantage because I'm a geek who keeps track of the latest security threats and know the ways malware can worm its way onto my system. I keep my operating system and web browsing software up-to-date, never open email attachments I'm not expecting to get, am very careful about what programs I allow to run on my computer.

Even so, I'm human so I expect that sooner or later I'll click the wrong link or view a YouTube video containing a zero-day Flash exploit and my desktop computer will be compromised.

So I keep most of my bitcoins on an old Mac laptop that I don't use for anything else. It is turned off most of the time; I only turn it on when I need to move some bitcoin from 'cold storage' because I will want to use them soon. I turn it on, let bitcoin run for a while to catch up with the block chain, and then send as many coins as I think I'll spend in the next week or so. I'll wait for the transaction to get a confirmation or three, then shut it back down.

I use a long, strong pass-phrase to login, and my home directory is encrypted using the OSX's built-in FileVault protection, so even if somebody manages to find out where I store that machine and steals it they won't be able to decrypt the wallet without the pass-phrase.

To make sure I don't lose the bitcoins if I lose the laptop, I also encrypt and back-up the wallet "to the cloud" -- I use gpg to encrypt and Amazon's S3 for storage, but there are plenty of great file encryption and online backup services.

All of this is much more complicated than it needs to be and is still vulnerable to "rubber-hose cryptanalysis"; bitcoin is still at the do-it-yourself bleeding-edge-technology stage. I expect there to be ultra-secure, low-cost, easy-to-use, "you don't have to trust us" services or devices for storing bitcoins within the next year or so, and when there are I'll switch, and I'll write a blog post encouraging you to switch.

Friday, June 24, 2011

Why aren't bitcoin wallets encrypted?

Now that bitcoins are worth stealing, virus writers and scammers are busy trying to steal them.

The current bitcoin software that you can download and run on your computer makes no attempt to keep your bitcoins safe from malware infecting your computer. None. Nada. Zip.

Your wallet.dat file is sitting right there on your hard disk, unencrypted. A big, juicy target for viruses and malware.

So why didn't we encrypt it up the wazoo and require that you type six passwords to unlock it? Well, two major reasons:

First, losing your wallet or forgetting your password is (arguably) as big a threat as theft. There is a reason every online service has some 'recover/reset lost password' feature.

Second, encryption might give users a false sense of security. If you use a weak password then encryption doesn't help; bad guys can steal the encrypted wallet and, in a few seconds, try decrypting it with the most popular passwords. And if your machine has malware running on it, then it can easily install a keylogger and get your password when you type it in.

Bitcoin could start playing whack-a-mole with the bad guys-- they implement dumb keyloggers, so we implement an on-screen keyboard and you use your mouse to enter your password. So they implement a screen+keyboard+mouse logger, we come up with some complicated one-time-password scheme involving you printing out pieces of private keys the first time you start bitcoin. So the bad guys wait until you send some coins, and then modify the transaction after you've typed in the information from the piece of paper.

If your computer is infected, then it cannot be trusted, and there is no software in the world that can keep your bitcoins safe if they are stored on it.

However... wallet encryption is planned for the next version of bitcoin. It won't protect you from viruses, but it will stop your cousin from walking up to your computer and helping himself to all of your bitcoins while you're out walking the dog. And if you use a strong password you won't have to worry about somebody stealing a backed-up copy of your wallet and spending all your coins. I just hope users DO use strong passwords and DO NOT lose them.

The real solution is multi-device confirmation of big bitcoin transactions. You'd send coins starting on your computer, but the transaction wouldn't be valid until it was signed by another device, which would somehow contact you (NOT through your computer) and ask you for your OK before sending it along. The guts of bitcoin supports that (and a whole lot more), but it will take a fair bit of work to make it all fool-proof and easy to use.

Monday, June 20, 2011

That which does not kill us makes us stronger

The login database for the largest (and second-oldest) Bitcoin Exchange site got loose. The site wasn't hacked:
It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised.
The good news is Mt.Gox had layered security, so your money or bitcoins stored at Mt. Gox are safe. And if you chose a strong password (my Mt.Gox password is 12 random characters, chosen and remembered by LastPass and not used for anything else) you don't have to worry, because of the way Mt. Gox stored the passwords in the database.

The bad news is lots of people still choose really bad passwords, even for financial sites.

Coming right on the heels of the discovery of bitcoin-wallet-stealing malware, that's a lot of disturbing bitcoin-related news, and I'm getting asked "what does it all mean for Bitcoin?"

I hope it means the bitcoin hype starts to calm down. The insanely rapid growth of both the number of users and the value of a bitcoin over the last month or two was unsustainable, and both the core system and all of the surrounding infrastructure (like the exchanges) need more time to "grow up."

I've said it before, and I'll say it again: Bitcoin is an experiment. Treat it like you would a promising Internet start-up company: maybe it will change the world, but realize that investing your money or time in new ideas is always risky.

Thursday, June 16, 2011

Thoughts on the Great Bitcoin Heist

Drugs last week, a half-a-million-dollar heist this week... all Bitcoin needs now is a celebrity sex scandal to make the hype-meter go from 8 to 11.

So: what happened and what does it mean for Bitcoin?

Apparently, 25,000 bitcoins worth almost half a million dollars were stolen from somebody's machine.

Ouch.

First thought: to be clear, they didn't spend half a million dollars on those bitcoins; they were an early adopter who managed to generate them back when bitcoins were nearly worthless and generating bitcoins was hundreds of thousands of times easier than it is today. That makes me feel a little better; if it was somebody who lost their life savings I'd be much more upset. I'll say it again: DO NOT PUT YOUR LIFE SAVINGS IN BITCOIN. That is risky and a bad idea at this point.

Second thought: this was not a failure or breach of the bitcoin payment network. It isn't yet clear exactly how the bitcoins were stolen; the most likely explanations are either malware infecting their system or somebody finding a backed-up copy of their wallet file. I'll be writing a blog entry about how I keep my bitcoins safe soon, and wallet security is the second thing on my bitcoin development priorities list (the first thing is making sure we handle any "scaling up" problems that might make it impossible for EVERYBODY to use their bitcoins).

Final thought: we can see where the bitcoins are going, so it is possible the person will be tracked down and caught as they spend the coins. They can try to 'hide their tracks,' but the big bitcoin exchangers have said that they'll cooperate with law enforcement to help catch criminals. Like stealing a famous painting, the crooks might have a hard time actually spending their ill-gotten loot.

Monday, June 06, 2011

But you can use it to buy DRUGS!

Senators Schumer and Manchin are upset about Silk Road, a hidden website that is an "Ebay for illegal narcotics." They accept only bitcoin as payment, because bitcoin is the closest thing to cash on the Internet. Watching the press conference, I get the impression they're also upset at bitcoin; Sen. Schumer says bitcoin is "an online form of money laundering."

First, that's just not true! The biggest bitcoin exchanger (Mt Gox) is careful to comply with all anti-money-laundering laws and regulations. If the operators of Silk Road make lots of bitcoins then if or when they try to exchange them for dollars or euros they're going to have to tell Mt Gox who they are, Mt Gox will be required to report the transaction to the government, and the Silk Road folks might find themselves explaining to an IRS agent how they managed to earn so many bitcoins. It is no different from any other financial institution.

Second, nobody can control what is purchased with bitcoins, just like my local bank cannot control what I do with the cash I withdraw from their ATM machine. I wonder if Senators Schumer and Manchin would like to replace all cash with a government-issued smart card; after all, that would make it much harder for criminals to get away with buying illegal goods anonymously, and if we are all law-abiding citizens then we shouldn't worry about the government knowing about all of our purchases... right?

Finally, I hope that the Senators realize that trying to ban an innovative new technology like bitcoin will put the United States at a competitive disadvantage versus the rest of the world. The US government tried to control strong encryption in the 90's, and only succeeded in driving a lot of cryptographic product development overseas. This is supposed to be the Land of the Free; I think we should learn the lessons of the past and be brave about taking advantage of new technologies like bitcoin, instead of fearing them.