Thursday, September 15, 2011

Bitcoin security

One major drawback of bitcoin is the technology level that's required from it's users. Now it's not that hard to download the client. But the average user will have difficulty figuring out what to do next. Coinpal was a way around this problem, but alas paypal closed this business model.

My experience was grand. I bought bitcoins with coinpal and was playing poker that evening. I used the bitcoin faucet as a test of the client, but it was not enough to play poker. I still had to deal with issues of downloading the whole block chain. In a world where everything is instantaneous. I had to learn about, and wait on, confirmations.

I then learned about the bitcoin over the counter market. Luckily I had used PGP encryption before. That got me on the web of trust, witch is quite useful if you want to deal in medium size transactions quickly. There I was a target of a scam. Someone proposed going into business. I asked for a business plan, and never got one. This was clearly suspicious, and I halted communication. Only later did I hear that the scammer did take advantage of someone. I felt bad, and tried to announce to the room that there was a scammer. The scammer had not registered his identity, a clear give sign of fraud potential. The user that had been duped would have needed to issue a command to know this though. This experience is no different than real life. If you want to go into business with someone, ask for something in writing first. Make sure the business plan is sound.

When I started with bitcoins, using Mt Gox. bitcoin exchange was difficult. Especially if you wanted to turn cash into bitcoins. Today, with Dwolla, this is much easier. Mt. Gox did a good job advertising that it was the target of a phishing attack. I was humbled to be taken by such an attack. I received an E-mail that said my account was suspended. I clicked a link hoping to find out why. There I was prompted for my user-name and password, which I entered and then I saw no notice about why my account had been suspended. I thought this was funny and looked at the address bar. Oh Crap, I thought as I saw the wrong address. I knew enough to immediately change my password. I even withdrew everything for good measure. So I was not a victim, but I was close. Again, I am left with sorrow for anyone who was actually a victim of such an attack.

One development is the emergence of panhandlers on the internet. There was a random chat applet on some page where one person was asking if anyone could "spare a few bitcents." This was funny and sad at the same time. The cyber-panhandler is much easier to ignore than the real world counterpart. This is just a dynamic that bitcoin brings.

The lesson that we should take away from this is that the best security for bitcoin is learned in real life. If someone pulls you into a dark alley and asks for $25 to execute a business plan, don't give it to him. If you receive a letter requesting personal information, verify the identity of who you respond to. Bitcoin does introduce new technical difficulties, like keeping a encrypted backup wallet, increasing virus protection. However, most security situations you can protect yourself against by being observant, and judicious with your trust.

No comments: