Want to invest in bitcoin but don’t want to trust the security of your coins to a third party? You need to set up your own personal bitcoin vault! Follow the steps in this guide to get started. If you … Continue reading
This post was originally published on my LinkedIn account here.
With Microsoft recently joining the ever-growing list of companies that accept bitcoin payments for goods and services, the fledgling global currency and payment network is once again in the headlines and on the minds of people everywhere who are curious about this increasingly popular digital phenomenon. While Microsoft and thousands of other merchants that accept bitcoin have opted to convert at least some of the bitcoin they receive into local currency using a merchant payment processor, that is increasingly going to be the exception and not the rule as bitcoin gains usage and acceptance worldwide.
Earlier this year, the CEO of online retailer Overstock revealed that the company keeps 10% of the bitcoins it receives rather than converting them to local currency. Also revealed were plans to offer financial incentives to Overstock partners that choose to accept bitcoin, including better rates and faster settlement for vendors and larger bonuses for employees. As acceptance grows worldwide and the supply chain loop begins to close around the bitcoin economy, there will be less and less reasons to convert bitcoin into local currency. With this in mind, if you still need convincing as to why you should at least consider accepting bitcoin at your business or using bitcoin to pay for things you buy online or in-store, here are ten reasons why bitcoin is better than previous payment technologies:
- Bitcoins are impossible to counterfeit. The supply of bitcoins is limited not by the corruptible laws of man, but by the incorruptible laws of mathematics.
- Bitcoin gives you more freedom. As a peer-to-peer payment network, bitcoin lets you send money to anyone, anywhere, at any time, with the possibility for more privacy than is offered by a bank account, credit card, or traditional remittance service.
- Bitcoin is fast. Payment confirmations using bitcoin take on average just ten minutes compared to the hours, days, or even weeks that payment confirmations can take using traditional money transfer services. Bitcoin payment processors often offer merchants instant confirmation, so there’s no need for customers to wait in the checkout line – it’s just tap and go.
- Bitcoin payments are irreversible. The more confirmations a payment receives on the network, the more certain it becomes that the funds are “good,” thereby eliminating chargeback fraud for recipients. Services such as programmable escrow and insurance can be layered on top of bitcoin to provide senders protection in cases of a dispute.
- Bitcoins can be secured inexpensively. Using a combination of encryption, cold storage, and multisignature addresses, bitcoins can be secured for a small fraction of the cost of storing and transporting paper currency or precious metals in vaults and armored cars.
- Bitcoin units are scalable. Despite the limited supply of bitcoins in existence, their digital nature means they can be divided into an infinite number of smaller denominations. Right now, people are spending “whole bitcoins” for large purchases and “bits” for smaller ones, but those units could get smaller as market liquidity increases to service the global economy.
- Bitcoin is always open for business. Unlike banks, which are notorious for holding inconvenient hours, bitcoin, and the global network of online exchanges that trade the digital currency for local currency, is “open” all day, every day.
- Bitcoin has low fees. There is no fee to receive bitcoins, and senders only have to pay on average .0001 bitcoin, or about $0.035 USD as of this writing, to send a payment. There are no annual fees, no overdraft fees, and no dormant account fees – owning bitcoin is the same as having cash in hand.
- Bitcoin makes money more accessible. With bitcoin, there is no need to wait in long lines to send and receive money. Instead, all that is needed is a mobile phone to send and receive bitcoin anywhere in the world where there is a cellular or Internet connection.
- Bitcoin is apolitical. Because bitcoin is decentralized, it cannot be abused by governments or corporations to stifle political debate or discriminate against legal businesses, nor can it be arbitrarily debased to fund empires, wars, or the extravagant lifestyles of the political elite.
As a payment system, bitcoin is admittedly far from perfect, but it is still demonstrably better than the legacy value transfer and storage methods in use today. The Bitcoin software continues to be updated as improvements are made to the underlying code, and more developers are joining the open source effort every day.
For better or worse, money is an integral part of our lives which gives us the ability to communicate value to others, and in an increasingly globalized world it is becoming increasingly important that our money and payment systems be global as well. What bitcoin offers is an opportunity to have a global currency and payment network without the delicate diplomacy that would be necessary to impose one through the top-down political process, instead achieving worldwide adoption through bottom-up consensus among people about how to best communicate value. Bitcoin is truly democratic, a currency of the people, for the people, and by the people. Bitcoin is better.
This was originally posted on the Money and Tech blog on Thursday, February 27, 2014.
This week, the headlines of tech, business, and mainstream news organizations have been filled with rumors, doom, and gloom regarding the failure of one of the most well-known bitcoin exchanges, Mt. Gox. This follows a long history of instability at the exchange, which was once the largest by volume but has within the past year dropped to the single digits as a percentage of global bitcoin exchange volume. Mt. Gox recently halted withdrawals from their exchange on February 7, 2014, attributing a problem with their web wallet implementation to a long-known quirk in Bitcoin called “transaction malleability.” Then, after deleting all of their tweets over the weekend, on Monday February 24, 2014, the Mt. Gox website began returning a blank screen. After an uproar in the Bitcoin community and media, MtGox.com currently shows this message from CEO Mark Karpeles:
Dear MtGox Customers,
As there is a lot of speculation regarding MtGox and its future, I would like to use this opportunity to reassure everyone that I am still in Japan, and working very hard with the support of different parties to find a solution to our recent issues.
Furthermore I would like to kindly ask that people refrain from asking questions to our staff: they have been instructed not to give any response or information. Please visit this page for further announcements and updates.
There has indeed been much speculation as to what has actually gone wrong with Mt. Gox, and this post is not meant to add to this speculation, but rather to clarify the situation for readers and provide advice for how to prevent or avoid such incidents.
As mentioned above, Mt. Gox has a long history of inconsistent service stemming from outside attacks as well as internal failures due to being “a victim of [their] own success.” It is almost an annual event for them to crash catastrophically, taking the price of bitcoin down with them. For those who have been paying attention these last few years, this latest failure is not a surprise. For the many newcomers to Bitcoin since the boom of 2013 who failed to do any due diligence whatsoever, it comes as a complete shock. There are also long-time bitcoiners who have had money stuck in Gox, and others who simply trusted them to continue operating and acting as a responsible custodian of their coins. Here are my suggestions for readers who are wondering how to avoid a similar situation in the future:
- Do your due diligence before giving money to strangers. What is the reputation of these strangers? Have they been known to shut down their service sporadically, or experience theft from criminals public and private? Are there better options out there? These are important questions to ask and answer before depositing money at a cryptocurrency exchange.
- Keep as little of your money stored on exchanges as possible, for as short a period of time as possible. If you must keep money on an exchange (for instance, if you are actively trading and waiting for orders to fill), use two-factor authentication (2FA) to secure your account. Note that 2FA will not protect you from “inside jobs” or a technical failure on the part of the exchange service.
- If your exchange needs aren’t urgent, try using local exchange methods instead. Attend a cryptocurrency meetup to trade with enthusiasts in your area, or use a service like localbitcoins.com to meet traders at a local library or coffee shop.
- For storage of your coins, use an encrypted wallet service that gives you control of the private keys that allow your coins to be spent. Blockchain.info offers a great mix of security and convenience, as does the Mycelium mobile wallet. Regardless of what service you use, make sure YOU control the private keys and ALWAYS use 2FA or a secondary PIN for access and withdraws. For longer-term storage needs, I recommend using an offline encrypted Bitcoin Armory wallet.
- Self-regulatory associations in the Bitcoin ecosystem such as DATA (edit: and C4) are developing security and transparency best-practices that existing and would-be Bitcoin businesses should adopt to mitigate abuse and fraud. In the mean time, exchanges can hire a security auditor or offer bug bounties to white-hat hackers.
For those who have been directly affected by the issues at Mt. Gox, my best hope is that all wrongs are righted and everyone is made whole again, and soon. If you are feeling depressed due to loss and need someone to talk to, please email me. I never had any money at Gox but still know the feeling of deep loss and will gladly provide comfort during this difficult time. For more recommendations on securing your cryptocurrency assets, check out my blog post entitled “Securing Your Bitcoins.”
Throughout my time researching and participating in the cryptocurrency economy, I have seen a lot of hacks and a lot of fraud. Though the old saying “a fool and his money are easily parted” could apply here, I’d like to think that it is not completely the fault of end users. It is also about the tools that are available, and how easy it is for people to use them. Though cryptocurrency is a new technology, there are a growing number of options for you to secure your bitcoins.
Offline “Cold Storage” Wallets
The gold standard in cryptocurrency security, cold storage is the process of keeping private keys offline to make them unreachable to hackers via the internet (private keys allow cryptocurrency to be spent). The solution for this that I recommend to clients is the Bitcoin Armory Wallet – to me, nothing else comes close in terms of features, usability, and support from the development team. They have an excellent step-by-step guide on their website to help you set up the wallet and transfer your investment safely offline. You will need two computers for this, one which is kept permanently disconnected from the internet to keep the private keys safe, and one to keep online for broadcasting signed transactions to the network. The offline machine can be a cheap netbook or Raspberry Pi setup (hint: going the Raspberry Pi route will take some patience and/or technical skills). After creating encrypted wallet backups on multiple forms of media (CD, USB drive, and paper), add full disk encryption to the offline computer. I recommend full disk encryption for your online computer as well.
For the cryptocurrency that you want to keep readily accessible, it’s important to have the wallet encrypted to prevent unauthorized spending. Reputable client-side Bitcoin wallets such as Bitcoin QT, Electrum, KryptoKit, and blockchain.info all have the option to encrypt the wallet, and this option should be exercised if you want to protect your wallet from wallet-stealing viruses and physical intruders. Blockchain.info is unique in that it is both a client-side wallet and a web wallet; the encryption is performed locally on your computer, but the encrypted wallet file is stored in the cloud for convenient access. While you can’t easily protect encrypted desktop clients from keyloggers yet, it is possible to protect an encrypted blockchain.info wallet by using Two Factor Authentication which requires not only a password to decrypt the wallet, but also another one-time code which is sent via email, SMS, or an app like Google Authenticator. I can’t emphasize this enough: use Two Factor Authentication on every account possible. Not just Bitcoin accounts, but email, social networks, and banking too. Short of encrypting everything client side, there is almost nothing else more you can do to protect your personal and financial data than to secure your accounts with Two Factor Authentication.
Aside from blockchain.info, I am not aware of any Android mobile wallets that offer encryption. However, all of the ones I have used do let you set a PIN to prevent unauthorized spending. The difference between encryption and a PIN is that if there’s just a PIN, an attacker could pull the raw unencrypted wallet.dat file off your phone and steal the funds. The best you can do is to use full disk encryption if your phone offers it, and only keep small amounts of cryptocurrency on your phone – no more value than you keep in your physical wallet. Make a backup of your wallet, encrypt it using an app like Crypt4all, and store the backup somewhere safe. Then, if you lose your phone, you have a chance that someone who finds it won’t be able to access the wallet before the phone dies and you have a backup to restore the wallet and move the funds to a new wallet.
A relatively recent security innovation is the invention of open source hardware wallets. These USB wallets store your private keys in a secure offline environment. Raw transaction messages are sent to the wallet for signing, then the signed transaction is returned to the computer for broadcasting. As public key cryptography becomes more prevalent in every day life, expect to see professionally produced open hardware wallet devices proliferate in the marketplace.
Though the concept has been around since the early days of Bitcoin, wallets supporting multisignature transactions (multisig, for short) have yet to be widely used. Multisig is a way of providing Two Factor Authentication via the Bitcoin protocol itself; rather than simply requiring one signature from a wallet to spend a Bitcoin transaction, multisig transactions require multiple signatures from different private keys.
An oft-cited example is that of the simple escrow transaction between a merchant, a customer, and an arbitrator. The customer initiates a multisig transaction with the merchant and adds an arbitrator who steps in in cases of a dispute. Instead of having to trust the arbitrator with actually holding the bitcoins in escrow, a multisig transaction makes it so that the arbitrator can only add their signature to the transaction to determine whether the coins are sent to the merchant or back to the customer. This is just one possible use-case of multisig. The other is having two multisig wallets, one on the desktop or in the cloud and one on a smartphone. The user would require two signatures in order to spend bitcoins from them, one from the desktop or web wallet and one from the smartphone. This way even if the desktop is hacked, the attacker would need access to the smartphone in order to take full control of the wallet. This isn’t perfect, but is much better than the current situation.
Multisig wallets are not just great for casual users and investors, they’re great for businesses as well. In addition to the previously mentioned escrow scenario, multisig wallets would help protect businesses that store large amounts of bitcoins from having their inventory stolen by hackers. Businesses could use multisig wallets to protect funds both internally as well as in customer accounts. Exchanges and gateways could use multisig voting pools to boost customer confidence and protect against unauthorized withdrawals.
Some Last Minute Advice
Make copies of the backup codes for all of your Two Factor Authentication accounts. Write down your encryption passwords and store them with your wallet and 2FA backups in a safe place – a private vault or home safe will do. It’s also possible to split up your passwords using a cryptographic sharing technique which allows you to share pieces of your password with trusted parties, to be recombined later in case something happens to you. Bitcoin Armory supports this capability natively with the Fragmented Backups feature.
When you first decide to start downloading and using cryptocurrency software, make sure your machine is malware-free, and use up-to-date anti-virus software to prevent future infections. Don’t click on random links from strangers, or friends for that matter (they could be hacked!), and avoid the seedier parts of the internet. Use browser plug-ins like No Script to prevent malicious scripts from executing just in case you accidentally open an infected website, and HTTPS Everywhere to make sure you’re logging into sites securely whenever possible. No Script will temporarily break most of the websites you try to visit; just add an exception for scripts that you trust.
And please, use Two Factor Authentication on your accounts.
- Store the private keys for your long-term savings wallet offline.
- Encrypt your wallet files and machines whenever possible.
- Set a PIN on your mobile wallets.
- Install good antivirus software and keep it up-to-date
- Don’t click on random links from strangers or friends.
- Install No Script and HTTPS Everywhere browser plugins.
- Use Two Factor Authentication whenever possible.