They do not emphasize wallet security issues enough.
Before buying any serious amount of BTC user must ensure:
1. Software that he uses actually encrypts wallets (BitcoinQT by default does not!).
2. His wallet is backed up in 3 places.
3. Backups actually work and he tried them.
4. His computer is not infested with malware.
5. He has multiple wallets and money is spread across all of them.
So that if he one days makes a payment, enters a password and virus steals his coins, he will not lose everything.
Blockchain.info is a great service, but only when you enable 2-factor authentication (otherwise your encrypted wallet can be bruteforced offline) and make sure you get backups by email.
Finally, everyone should remember:
THERE IS NO "FORGET MY PASSWORD" BUTTON.
If you own your coins, be it in BitcoinQT, Electrum or Blockchain.info, you must own your password. You lose it - you are done. People are not used to it. They should be.
Paper wallets using offline-created Bitcoin addresses are the safest means of storage. I etched my keys onto metal dogtags and have them stored in a fireproof box.
> Blockchain.info is a great service, but only when you enable 2-factor authentication (otherwise your encrypted wallet can be bruteforced offline) and make sure you get backups by email.
2-factor auth does not and cannot protect against offline bruteforcing, quite the contrary, it's only relevant for online authentication with a service provider.
In your example it would be for authenticating with blockchain.info so they could perform an action on your behalf. Assuming they use your actual password as a master key to unlock a wallet they store on your behalf, the 2-factor piece is just extra security they are providing for actions performed through their site. 2-factor auth does nothing to prevent someone from trying to brute force the private key or pass phrase for your wallet.
I'm all for using 2-factor auth (I personally have it enabled on every site/service that supports it) but it's only for securing online access to an external service.
In case of Blockchain.info, wallet decryption happens in browser. The server sends you an encrypted wallet if you know user ID and provide 2-FA code. Without the code, anyone who knows your user ID will get the encrypted wallet and bruteforce it offline. With 2-FA they'd have to hack into your email or phone to get the code or hack into your email or computer to get your encrypted backup.
My interpretation of offline is if someone had access to their stored data (ex: blockchain.info is hacked, database is leaked, etc). In that case then 2-FA is pointless. It's only valid when interacting with them as an online service.
Usually you send your password to a service, but in this case encrypted data is "leaked" to a person requesting it. 2-FA prevents from giving this data to strangers (and won't help if the service is hacked, yes)
Fully agreed. The website delivers Bitcoin as a average-consumer-frienldy. If bitcoin becomes mainstream, it will soon collapse under the weight of careless users.
I would rather see a site solving some of the critical concerns raised by average-user's ignorance.
My point is about current state of affairs. And it sucks the way it is today. I want a wallet app for my parents which will make sure it is backed up and the key is split via SSSS and sent out to 5 of their friends before they even see the address to move money into. That would be better UX.
Today you can launch the wallet, send money to it right away and then immediately forget your password or have a disk crash. This sucks and people will be hurt.
I mean, seriously, I tried, but all my attempts were futile.
Why can't I just use a credit card or similar and buy bitcoints?
Back when they were $100, I really wanted to buy a bitcoin, spent half a day on it, but didn't manage to. I gave up everytime I needed to do something strange involving permissions with my bank.
Is there an easier way to get them? I live in Europe by the way.
Its hard because it's easy to own and secure Bitcoins, but impossible to own money in USD, bank accounts or paypal. It's all a huge network of promises based on debt. When you transfer bitcoin, you really transfer ownership forever. When you transfer digital dollar, you just rely on a bunch of intermediate agreements to hold true unless judge decides another way. Paypal payments are reversible, CC payments too. Even bank wires can be reversed sometimes because it's still based on an agreement between banks. Even laws regulating these agreements are also promises to punish or reward people based on other people's decision.
Bitcoin is the only money you can really own. Other currencies are fragile and ephemeral.
You can't. But you also can't make a cash transfer in 99.9% of global transactions (in volume) for many reasons. One of them is cash is physical. So cash does not really count.
No intelligent person will sell you Bitcoins with a credit card because the transaction could be charged back and they wouldn't be able to recover the coins.
If you want to buy bitcoins and you are in the US go to Coinbase.com you can crate an account link it to your bank account and buy some coins very quickly. If you use an exchange like Mtgox or similar it could take weeks to get all the identity verification stuff approved. If you decide you want to day trade later get an account on CampBX, bitstamp.net or similar and use that but to start out Coinbase is the way to go.
I would guess because coinbase doesn't allow you to keep a USD balance on their servers, its either pulling out of your bank account or pushing into your bank account. Both have pretty big delays if you are trying to day trade in the USD/BTC market.
The fact that it is hard to buy bitcoins is ironically the very problem bitcoin solves. Once you have some bitcoins, then no credit card company, bank, or government can prevent you from spending them on anything you want.
> Why can't I just use a credit card or similar and buy bitcoints?
Chargebacks are the reason. If you buy a bitcoin with a credit card and I send you a bitcoin, you can get your money back from the credit card company and keep my bitcoin.
What about Paypal? It seems to me they could really advantage of this by becoming the defacto way people use to buy Bitcoins (or at least one of the most popular methods). It's too bad they are so shortsighted about it, and only see Bitcoin as a threat.
Yes, Bitcoin is a threat, for the whole financial system for that matter, but it's much more of a threat for those who don't adopt it than for those who do. At least if Paypal adopted it, they could remain relevant in the future, and people would still use them.
I'm also from the EU and used to have BTC (now I'm into LTC), so here is how I do it:
Register in Bitstamp or Kraken (my favourite exchanges).
Validate your account. You have to provide some sort of proof of identity and address. This is asked by governments and if they don't comply with them they can be closed without any previous notice, like it happened with the exchange bitcoin24. It can take up to 1 week.
Deposit cash. Companies like Visa/Mastercard/PayPal don't want to deal directly with BTC, that's why a bank transfer is more convenient. Being European you probably have cash in a SEPA bank, which is an advantadge because most exchanges accept SEPA deposits at a very low fee (much cheaper than a Wire Transfer) and they are usually very fast (1-2 working days).
The main thing that's kept me from making a deposit with one of these services is the fact that I have to hand over a complete proof of my identity. Seeing how many of these services seem to get hacked lately I'd be too worried about somebody stealing my documents and a hacker getting ahold of these personal documents that could easily be used to impersonate me...
But on the other hand I also understand that these services have to be very careful so they don't get abused themselves.
My problem with the exchanges is that they are not transparent, the people behind them are either unknown or rather incompetent (how many snafus has MtGox had in the last 3 years?). So as an European I have to send funds with SEPA to some unknown entity in UK/Slovenia/Bulgaria AND provide all my private information? Meanwhile, the owners could take off any day tomorrow with the BTC and the information.
BTC exchanges are operating in EVE like territory, the only reason to trust them is because they have not run away with the money YET. Ironically, this benefits MtGox the most, who despite/because of the ridiculous withdrawal limits have managed to stay in the business the longest.
The only exception that I would be willing to trust is Coinbase and that is only because of YC connection, and that is no guarantee either but the best for now.
BTC will only take off for the masses, when there is a reputable company offering banking/trading services with BTC.
Localbitcoins have to do for now, but is not something that scales very well.
Edit: Just noticed you live in Europe. They do have a SEPA option for European customers, but I imagine the process is somewhat different, and SEPA listings are relatively sparse. Sorry!
www.bitquick.co
Prerequisites: A bitcoin wallet to receive the coins, and some cash.
1: Click Buy, browse through the offers and pick one that has a reasonable price and uses a geographically convenient bank.
2: Submit your bitcoin address and your desired amount, write down the bank account info that appears, go to the bank, and deposit the specified amount of cash into the seller's account.
3: Take a picture of the deposit receipt and email it to BitQuick.
4: Bitcoins will be sent from escrow to the address you specified earlier. Done!
I was the same. I tried to use BTC-e, Canadian one, and coinbase. None worked and took too long. So... I got a forex account and bought a position on BTC. It's the fastest way in.
Let me know if you want a referral.
Also it's more liquid than buying actual BTC and then selling them I think. Just be careful about using leverage.
I left finance in 2009. I never thought I'd get back into trading...
I'm not an expert in forex, but as far as I know, high volatility commodities can quickly wipe out forex accounts, especially with such low amounts.
It does seem like a very interesting strategy though, that can probably make one even more money than investing directly in Bitcoin, but for that to work I think you need a sizable ($10,000?) amount, and only invest a few hundred dollars at most in that position. That way you can still make a lot of money if Bitcoin keeps increasing, but if it does happen to drop quite a lot, at least there's a much smaller chance of losing all the money.
Put in $300 and they give you $300. I opened it yesterday got a position on BTC same day (would be fun to get real BTC though). You can buy .01 lot with $300.
How do they take a position in BTC? Or is it just a casino? i.e. if I put 50K into an account there and used it to buy $250K of BTC, that should have a pretty drastic impact on the market looking at mt gox's order books, does that actually happen?
I live in the Netherlands. I use Bitstamp with a bank transfer to their bank, wait for the funds to clear, buy the BTC. Usually takes 1-2 days for the whole process.
"The nature of Bitcoin means that, compared to credit cards or other financial tools, your identity is safer from theft. Your level of privacy is up to you, and in the online world privacy and protection are an asset."
This is hilarious. Right now basically every week we have news of millions of dollars worth of bitcoins being stolen from sites. In contrast, with a credit card every client has full protection including fraud, charge-backs, returns, etc.
Saying CC's have robust fraud protection is equally misleading, imo. They require you trust every merchant, website, waiter, etc to not abuse your information. Chargebacks just shift the cost of the merchant, most of the time, and as best I can tell PCI exists mostly to shift liability around.
In the USA, credit cards don't do anything protect anybody from fraud.
However, they have extremely robust mechanisms in place for shuffling around the consequences of all the rampant fraud that results from their complete failure to offer even the barest minimum of fraud protection. So as a consumer I get to feel protected all the same.
At the same time, seems like the credit industry was kind of asking for this kind of thing when they decided to muddy the waters by spin doctoring "credit card fraud" into "identity theft"
> Right now basically every week we have news of millions of dollars worth of bitcoins being stolen from sites.
Rule 1: If you store your bitcoins with someone else, they'll most likely get stolen. People need to learn how to store their own bitcoins or they'll end up not having any.
How about having your funds sliced by sort of Cyprus scenario? How about getting ill for half a year and finding out that the inflation has eaten most of your savings away?
I'll take my chances on a major currency (Euro/USD/GBP) over BTC in terms of volatility any day. You could find out that your BTC savings have become nearly worthless in six months. Or if you are unlucky enough to have a debt in BTC you could find out your debt has skyrocketed because of more BTC speculation (imagine you had a 1000BTC loan back when it was $10 a coin).
I wonder how Mt. Gox dares to spend their time creating this (which is nice by the way) instead of solving their withdrawal issues and finishing their new trading engine integration, which is pissing off many of their customers.
The only reasonable explanation is that they have given up on decreasing their churn rate and instead they are focusing on acquiring newbies into their platform. Actually this is kind of sad...
No, but I guess this affects the public image of the company.
My understanding is that any serious company with issues of this magnitude would solely focus on sorting that out first and doing nothing else than that.
A friend copied an e-mail that MtGox sent to them today:
<snip>
Dear MtGox Customers,
Thank you for your patience during an incredible year for Bitcoin and MtGox. We’ve not been able to communicate as we may have wanted, but we’ve been working tirelessly in the background and we’re looking forward to even more progress in the coming weeks, which we’ll be announcing soon.
We have four developments that we are proud to announce today:
Introduction of the MtGox OTP Card
Increased limit for SEPA withdrawals from Poland
A modified trading interface
Trade with no fees from Bitcoin Black Friday through Cyber Monday
...
Additional Points:
To increase the speed of Bitcoin transactions, we will now require all Bitcoin transfers to pay the standard 0.001 BTC network fee. The fee will be charged separately from your balance.
For what it's worth, at the moment any bitcoin transaction is required to pay a 0.0005 BTC transaction fee in order to make sure it's gonna be included by miners into the blockchain.
The idea of using Bitcoin at this point in time to physically purchase goods and services is ridiculous given the speed of speculation. Hypothetically, why should I pay someone 0.5 BTC at $1000/BTC if in a couple of days I know it's going to rise to $1000+/BTC? Obviously the seller is betting on their value going up, but at this point, there's no reason to do anything except hold onto your BTC until the market actually stabilizes or even crashes.
Well, why do you buy anything instead of putting all your money in bitcoin? If your money is bound to increase, then why spend any of it? I mean - why eat?
This question comes up frequently. The best thing to do if you want to buy something for $500, is buy $500 in bitcoin and then pay with bitcoin. This way your 'stash' isn't eroded and you contribute to the bitcoin economy.
Then what you're proposing eliminates the fundamental purpose of using Bitcoin over existing currency. Why pay transaction fees to an exchange if I can pay zero fees with cash or use a service like Dwolla in which the fee is significantly cheaper than an exchange fee?
Because the 3% credit card fee is already baked into the price of goods you buy. You just don't realize it because merchants are not allowed to visibly offer a cash discount or charge a credit card fee.
Because you want to support bitcoin. If you don't want to pay with bitcoin, don't. If you do want to support bitcoin but don't want to erode your savings, then do this.
Which is precisely my point. What incentive is there for the buyer to spend their BTC if the future value will dwarf the present value of the good they are spending it on?
Its just a shameless attempt to advertise mtgox, who by now pretty much pissed off everyone in the bitcoin community with their crap.
Remember it was mtgox who caused the last crash and have since continued to screw users while getting into all sorts of trouble in US for dodgy going ons
,,We’ve recently released the launch version of bitcoins.com, an information site for all things Bitcoin. The site is not centered on MtGox specifically and we've tried to keep it as neutral as possible in order to promote Bitcoin."
How about they process things faster. Maybe add direct deposit like coinbase from bank but make it faster with less fees. Bitcoin wiki is already very good.
Can we automatically downvote all Bitcoin news please? Seems like every owner of Bitcoin these days is either busy writing a blog or making a Bitcoin related webpage? - Ponzi
Before buying any serious amount of BTC user must ensure:
1. Software that he uses actually encrypts wallets (BitcoinQT by default does not!).
2. His wallet is backed up in 3 places.
3. Backups actually work and he tried them.
4. His computer is not infested with malware.
5. He has multiple wallets and money is spread across all of them.
So that if he one days makes a payment, enters a password and virus steals his coins, he will not lose everything.
Blockchain.info is a great service, but only when you enable 2-factor authentication (otherwise your encrypted wallet can be bruteforced offline) and make sure you get backups by email.
Finally, everyone should remember:
THERE IS NO "FORGET MY PASSWORD" BUTTON.
If you own your coins, be it in BitcoinQT, Electrum or Blockchain.info, you must own your password. You lose it - you are done. People are not used to it. They should be.