31
Technical Support / Re: How trustless (and private) is using BitShares 2 light + an Openledger API?
« on: April 25, 2016, 08:42:16 am »
This is a great for a short FAQ.
It is just trustless. You are always the only one in control of your private keys/accounts. OpenLedger and all service providers runs just another full node on the network and APIs interacts directly with the blockchain. They also run a delayed full node that ensures user transactions never goes into a fork.
Regarding trust, as far as I know it's the same as running your own full node and API then using the Light client or web wallets option to add any node and connect through it.
Same happens with web interfaces like openledger, maker dao, bitcash and every service running over the blockchain, into the DEx (decentralized exchange), web wallets just interacts with their own or any user specified full node
Regarding privacy, accounts and their operations are all open in the blockchain. It's the same as for bitcoin, or web browsing, is up to you to make your connections private.
Also, Stealth transfers/Blind accounts/Private mode seems to be pretty close. There's even a recent Stealth light client release for beta testing (had no time to follow this feature last weeks though, updates are appreciated)
2 - Don't know about seed brain key entropy. Regarding devices and connections, it;'s not bad to assume that your device or even SSL can be flawed. For big stake always use your most secure device (or even an offline one with xeroc new script to sign offline).
3 - If you keep using open source reviewed clients or or web wallets that should not be a problem.
4 - Don't think so for just an API provider. Web wallets requires some renown/trust in this regard.
Quote
I had some questions to which answers were difficult to find. I want to understand the trustlessness and privacy aspect of using BitShares through the combo of the BitShares 2 light client and Openledger.info as the API provider (or any other site that hosts such an API). I'd be thankful for any input on these matters.
It is just trustless. You are always the only one in control of your private keys/accounts. OpenLedger and all service providers runs just another full node on the network and APIs interacts directly with the blockchain. They also run a delayed full node that ensures user transactions never goes into a fork.
Regarding trust, as far as I know it's the same as running your own full node and API then using the Light client or web wallets option to add any node and connect through it.
Same happens with web interfaces like openledger, maker dao, bitcash and every service running over the blockchain, into the DEx (decentralized exchange), web wallets just interacts with their own or any user specified full node
Regarding privacy, accounts and their operations are all open in the blockchain. It's the same as for bitcoin, or web browsing, is up to you to make your connections private.
Also, Stealth transfers/Blind accounts/Private mode seems to be pretty close. There's even a recent Stealth light client release for beta testing (had no time to follow this feature last weeks though, updates are appreciated)
/* There's still something to remark about hosted wallets. One of their benefits (plus all the ones they can choose to bring to users, and that's a lot), is being able to access your accounts from everywhere while still being the only one in control of keys. But there's still a little trade off that's being worked on: private keys resides only on your browser's cache until you make a backup. Web wallet users should backup their keys just after creating an account in case they miss access to that computer, or if cache is cleaned, before a backup is done. Please correct mi if I'm missing something here. Peermit is working on a promising 2FA implementation for example. You can have 2FA providers who you only need to trust the funds (active keys) you want to, without compromising the ownership of your account (owner keys). A mail confirmation could be enough to approve a transaction from any device without messing with keys, wallet backups or seed brain keys. You could fund that account from the funds in your secure light wallet). Also remember to lock your account when you leave a public machine, and if your want to ensure privacy over your accounts clean browser cache, as password only prevents operations (remember you are not logged in anywhere really, you just bring your encrypted keys to talk with the blockchain through the interface. */ |
Quote
1. Regarding the above use environment, which of these are known (even if just minimally, but to the extent of being able to identify users) to API provider site?
- wallet name #I guess wallets works is client side only, clarification would be great.
- account name # yes, they are public
- transactions # they are also public
- addresses # yes just public addesses
- account password # client side
- private keys # client side
- brainkey # client side
2 - Don't know about seed brain key entropy. Regarding devices and connections, it;'s not bad to assume that your device or even SSL can be flawed. For big stake always use your most secure device (or even an offline one with xeroc new script to sign offline).
3 - If you keep using open source reviewed clients or or web wallets that should not be a problem.
4 - Don't think so for just an API provider. Web wallets requires some renown/trust in this regard.