Q - How much do you have to put in escrow to recover an account?
A - It's up to the user but they'll probably set it at a percent of the amount at stake. Or if it's a self-sovereign identity then it'd vary based on how important the account is to the person.
Q - What if you're too poor to initiate a recovery?
A - See the earlier question; the amount is configurable but would likely scale with the account size.
Q - What if I go on vacation?
A - You should be able to enable/disable this as a recovery process, and also configure the duration. So if you go on a month vacation, perhaps set your recovery duration to two months, or disable it entirely while on vacation.
Q - If multiple challenges, do you go with the challenge issued first?
A - Yes.
Q - Can't someone just make Escrovery requests for a whole lot of accounts and hope to earn enough back to make it worthwhile?
A - Profitability would depend on the amount you have to put into escrow and the percent of accounts that are lost. You want to set the amount accordingly so that isn't profitable.
Q - Can I use it to steal Satoshi's account now?
A - Since it didn't exist back then, no. In fact, it'll likely never be default on Bitcoin, but could be opt-in with smart contracts on something like Ethereum. One could also build it into other decentralized systems, for instance a decentralized and self-sovereign identity system that wants to have an account recovery mechanism.
Q - Can't I just attack/kidnap/detain the person for their challenge duration to steal their account?
A - It's not secure against kidnapping, jailing, etc. but if someone's willing to physically attack you, they're likely also willing to steal your laptop or beat you up to get your keys already: https://www.xkcd.com/538/
Q - What about front-running the challenge?
A - It uses a two-phase commit and reveal procedure to prevent front-running, like was used with name registration on Namecoin.
It's an interesting idea but ultimately it doesn't work in the real world. It simply incentivizes too much fraud.
There are simply too many real-world corner cases that will fail. What if someone dies? Can you go and raid people's accounts before their estate's executors can find them?
If used for something like unclaimed money from the state, it's a very easy way for people to fraudulently make an enormous amount of money.
> A - You should be able to enable/disable this as a recovery process
What if I'm, say, injured in a car accident and unconscious for 2 weeks, and didn't update the time or disable this? I'll just wake up to the gift of losing my possessions as well?
Can a user make honeypot accounts? They'd have $1 in them and a $5 recovery fee and a bot that accepts challenges. Nice way to earn a few bucks off thieves.
Q - How much do you have to put in escrow to recover an account?
A - It's up to the user but they'll probably set it at a percent of the amount at stake. Or if it's a self-sovereign identity then it'd vary based on how important the account is to the person.
Q - What if you're too poor to initiate a recovery?
A - See the earlier question; the amount is configurable but would likely scale with the account size.
Q - What if I go on vacation?
A - You should be able to enable/disable this as a recovery process, and also configure the duration. So if you go on a month vacation, perhaps set your recovery duration to two months, or disable it entirely while on vacation.
Q - If multiple challenges, do you go with the challenge issued first?
A - Yes.
Q - Can't someone just make Escrovery requests for a whole lot of accounts and hope to earn enough back to make it worthwhile?
A - Profitability would depend on the amount you have to put into escrow and the percent of accounts that are lost. You want to set the amount accordingly so that isn't profitable.
Q - Can I use it to steal Satoshi's account now?
A - Since it didn't exist back then, no. In fact, it'll likely never be default on Bitcoin, but could be opt-in with smart contracts on something like Ethereum. One could also build it into other decentralized systems, for instance a decentralized and self-sovereign identity system that wants to have an account recovery mechanism.
Q - Can't I just attack/kidnap/detain the person for their challenge duration to steal their account?
A - It's not secure against kidnapping, jailing, etc. but if someone's willing to physically attack you, they're likely also willing to steal your laptop or beat you up to get your keys already: https://www.xkcd.com/538/
Q - What about front-running the challenge?
A - It uses a two-phase commit and reveal procedure to prevent front-running, like was used with name registration on Namecoin.