How to protect AGS

[blahblah7up]

The suggestions in that thread address avoiding the need to expose your private key while claiming new airdropped shares, but it is assumed that the original donation address private key is rock solid, 100% secure, and will never need to be changed. 

I really can't imagine that all the original AGS donation addresses were paper wallets created on air gapped computers with private keys that never touched the network.  In all likelihood they were normal wallets which continued to be used for other purposes after the donation.

Everyone keeps chiming in about how to keep private keys safe while claiming 3rd party DACs utilizing signed transactions, but this is completely missing the point in terms of security in my opinion.  The root of the problem is a locked down original address.

[xeroc]

checkout
https://bitsharestalk.org/index.php?topic=4732.0;all

good ideas to solve that issue

[smiley35]

So it seems to me that as the space kicks off it will be exceedingly simple to have your AGS compromised. As soon as a private key is compromised it becomes a race to claim the equity every time an airdrop happens. There is a huge incentive to try and compromise AGS addresses. I think that this will probably take the form of non savvy users being enticed into "claiming" shares from fraudulent DACS.

I don't have any answers, just seemed like something that needs to be discussed.