In my experience, geeks didn't realize mtgox and the like weren't a secure way to store your money, while non-geeks did simply by using common sense (ie. Do they have insurance? Can I sue them locally should something go wrong?).
I know that's not even the proper way to store your coins. But only security experts knew better.
The main point is having your keys secure from theft and loss.
No wallet software can keep your coins safe if it has to store your keys in the same machine you use for your internet activities. You have to use either an air-gapped machine (also called offline or cold storage) or multi-signature.
Then there's also the issue about trusting what you have downloaded. Even if you run the software in an offline machine, if it's meant to steal your coins it certainly can do it. Do you trust Electrum's developers or whoever reviewed the code? What about the maintainer of the website (or Github)? Did you use SSL? Did you check the signature? Did you get the signature from a different and secure channel?
For now I'm trusting Armory, but I'm planning to move to multi-signature once I have time, and maybe use three different wallets to create the keys.
Losing the keys is a separate issue. You have to think about different scenarios like disk failure, data decay, a fire in your house, your friend dying and their family not letting you recover his part of your n-of-m backup, police raid, etc.
Electrum has an airgapped mode, where you sign the transaction and then transfer the signature to the client. I'd like a feature where the airgapped computer displays a QR code and you just scan it, it would be very handy.
About misplacing the keys, Electrum has deterministic wallets, so you can just print the key and store it somewhere (or remember the ten words it gives you), and your wallet is never lost.
It seems to be good and they are very active. They also support tipping.
But I'm not sure if I like their 2-of-2 scheme. I would rather have a 2-of-3 one. Maybe I should re-read their paper.
Another thing that bothers me is that it's not very safe by default. The only way to be safe is if you use a (reviewed) plugin and you don't let it update automatically. Because if you use Javascript instead, they can take your key whenever they want. Imagine if the FBI seized their servers and injected Javascript malware like they did with Tormail.
2of2 with time locked transactions means you can prevent double spend and thus allow instant confirmation.
the android app doesn't update by default and the chrome app doesn't update if installed from github but otherwise you are right although the web client remains useful for watch only mode (no keys) or for small amount
these two local and open source wallet clients also verify data before signing against the electrum network.
we are also working on our api, plugins for popular open source wallets (including hardware) and a full Java desktop client using bitcoinj.
we also worked hard to make all user transactions non correlatable to users or us (instant confirmation is out of band) and are working on a bunch of interesting things on top of it
When I was at CSAIL, I got one of those targeted phishing emails like "YOURE MIT INBOX IS FULL!!11!!" full of typos and painfully fake. I laughed it off, thinking MIT CS students would be too smart for this, but I was surprised it seemed to legitimately come from a @mit.edu address. It turned out someone was hacked, their address was used to send this, and apparently various people had fallen for it.
I keep my cash on hand folded up in a leather wrapper in my pocket. I recognize this isn't super-safe so I pay someone a small fee for the privilege of storing most of my money in a giant commercial vault and/or on computer systems protected by industry experts, tons of regulation, insurance, and a full faith backing by the United States federal government. I get this with practically no skill or know-how. In practice, it's really the only way reasonably convenient to store and manage my money. Nothing like this exists for bitcoins. The idea that a layman is going to reasonably protect their bitcoin assets is silly.
> The idea that a layman is going to reasonably protect their bitcoin assets is silly.
Take wallet.
Encrypt wallet.
Put sufficiently complex password on wallet (ie, no dictionary attacks).
Wow, you suddenly have a bank. Feel free to back up that file all you want, hell, if your password is solid you can publish it publically. I wouldn't, since you don't have to, but you still won't password crack it any time soon.
What's a wallet? A digital one? What the hell? Wait, there's a paper one too? What's the difference? Store the paper ones in a vault somewhere and use my digital one? How does that work? How do I encrypt these wallets? What is encryption? And I'm responsible for storing my wallets? I can't just pay someone to take care of them for me? Oh, I can, ok, are these companies insured and trusted? Let's just take a step back, how are Bitcoins stored in these wallets? I mean, what is a Bitcoin, really?
In other words, you're being disingenuous as to how simple it really is to get set up for Bitcoin. There are countless threads on Reddit and the like by confused geeks asking for advice and instructions on wallet generation/encryption/storage/etc.
They're MIT students; just because they aren't STEM majors doesn't mean they are idiots. These are concepts that should be within their grasp, even if it is too complex for the general public.
Hell, throw a brief rundown into whatever their equivalent of "University 101" is if it really does prove to be a problem.
Can they follow an online tutorial? Sure. Could they find converting their cash to BTC with the proper safety measures in place too cumbersome a process to make the experiment worth their time and, if not careful, their money? Absolutely, and that doesn't make them idiots.
Some people really like tinkering with new tech and are willing to put up with a lot. Others have a low threshold of frustration and might not see it as appealing. This isn't about intelligence, but ease and convenience. And anyone that says with a straight face that setting up BTC for even the average MIT student is a simple endeavor is severely underestimating the complexity and risks involved, especially when the alternative is using the established and relatively risk-free system you've grown comfortable and intimately familiar with for years.
I agree with you, but I don't see how it matters in this context. The GGP implied that MIT students who don't protect their bitcoins "deserve" to have them stolen. The assumption by the poster seemed to be that MIT students would necessarily be technically savvy enough to protect their bitcoins. That's definitely not necessarily true since there's plenty of non-technical majors offered at MIT.
I think losing $100 given to you for nothing (comes from donations of alumni) because you didn't know how to secure it properly would be a very cost effective way to motivate someone to learn the basics or ask a friend for help.
Better $100 of bitcoin than your credit card information.
My assumptions are that (a) they're very intelligent, and at least have some technically-savvy friends, and (b) losing bitcoins that were given to them for free leaves them no worse off than if nobody gave them bitcoins in the first place.
