Author Topic: Stolen fund alert system?  (Read 6740 times)

0 Members and 1 Guest are viewing this topic.

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
First of all when we make a transfer with the win gui, the wallet should ask as for the password again!
Hope it was temporary disabled because of the Dry Runs...

Offline Troglodactyl

  • Hero Member
  • *****
  • Posts: 960
    • View Profile
The only way I think 2FA makes sense in this context is by using multisig.  TOTP/HOTP is useless for wallet security, as you might as well just store a 2nd key instead of a TOTP/HOTP token and eliminate the need for a trusted third party verifying your OTP.

I'm very much in favor of making things like multisig, paper wallets/cold storage, and offline signing easy and accessible through the UIs in order to give each user strong personal control more easily.  I'm against any system that puts the community in the position of taking shares from a supposed thief and transferring them to a supposed rightful owner, or allowing payer initiated chargebacks.  Such things invite more fraud than they prevent, and the new fraud is more arbitrary and less preventable than the previous.  Just look at the forum exchange scams relying on Paypal.  If I lose my shares or have them stolen, I want it to be because I was lazy or careless and didn't maintain control of my keys properly, not because a weakness designed into the system motivated a con artist to paint me as a thief so he could play the victim.

merockstar

  • Guest
No sir, I don't like it.

Too much he said she said involved. We'd have to set up a BitShares justice system.

Hey maybe that could somehow be a DAC?

I think security concerns and horror stories are a huge reason for lack of adoption.  We should put together a BitShares common sense security best practices guide.  Will BTSX wallets allow for watching only wallets and offline transaction signing?

I do like this. Maybe I'll adopt this as my next writing project.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile

I think everyone in the crypto world except hacker-thieves wants better protection of wallets.   I'm just not sure if there is a really good system.  I did see this from the thread referenced above.  https://nxtforum.org/cryptopapers/(feature)-local-two-factor-authentication-for-cryptopapers-and-any-client-app/ 

It is very difficult to have 2 factor authentication because it always relies on a central point.  Whatever out of band method to authenticate the 2nd factor requires some degree of trust in a centralized entity.  This disturbs me, but I suspect it is better than the alternative.  The beauty of the system above is it apparently forces you to print out your private key.  So worst case you can start over with wallet access via the printed paper.  The key is to force people to do it, so that the 2nd authentication mechanism can never be used as a way to permanently revoke access. 

In the NXT example the guy had his passwords in an unencrypted file on dropbox. 
I speak for myself and only myself.

Offline Agent86

  • Sr. Member
  • ****
  • Posts: 471
  • BTSX: agent86
    • View Profile
Maybe not such a crazy idea...
Someone in NXT community "klee" just lost over $1,000,000 having their NXT stolen.  There have been a few big recent horror stories in that community with scams etc. https://nxtforum.org/general-discussion/price-speculation/5440/

We have a duty to do whatever we can to protect our shareholders and not make the BitShares story riddled with heartbreak and loss.  Not everyone that we reach will be super knowledgeable and security conscious.  I think we are pretty far ahead of any competition and there is a risk in pushing things out too fast.  We don't really need to release a buggy or dangerous code just to rush it.

I would probably support upgrading PTS to DPOS before releasing BTSX.  It could give us a feel for DPOS without worrying about complicated hard forks and potential issues upgrading to Polymorphic BitAssets.

Maybe with DACs that have the ability of self-governance we could do more if disasters strike.

Offline Troglodactyl

  • Hero Member
  • *****
  • Posts: 960
    • View Profile
I think security concerns and horror stories are a huge reason for lack of adoption.  We should put together a BitShares common sense security best practices guide.  Will BTSX wallets allow for watching only wallets and offline transaction signing?

 +5%

Making offline transaction signing and multisig accessible to newcomers I think should be an early priority once the basics are done.  I don't remember enough detail to be sure if TITAN would cause problems for watch only wallets with no private key access.

Offline Agent86

  • Sr. Member
  • ****
  • Posts: 471
  • BTSX: agent86
    • View Profile
I think security concerns and horror stories are a huge reason for lack of adoption.  We should put together a BitShares common sense security best practices guide.  Will BTSX wallets allow for watching only wallets and offline transaction signing?

Offline Troglodactyl

  • Hero Member
  • *****
  • Posts: 960
    • View Profile
It seems like if the transaction is reversible until a certain point, you might as well just wait until that point and then send it irreversibly.  Reversible transactions just seem to invite fraud.  An escrow system that allows destruction in the case of failure to agree makes more sense to me.

The difficulty with this concept is that once a key is compromised (barring pre-established multisig), the attacker is on even footing with the victim, and there's no way to tell them apart.  The attacker can just take half, and if you report his half as stolen, he'll report your half as stolen.

It would be interesting to have a class of account that could only send to multisig accounts requiring confirmation from a designated guardian address.  That way no one who compromised the key could get the funds, but sending still makes an irreversible commitment.

Offline Agent86

  • Sr. Member
  • ****
  • Posts: 471
  • BTSX: agent86
    • View Profile
Is this relevant?
http://wiki.mastercoin.org/index.php/Saving_address
Yes, it seems to be an attempt to address similar problems.  I would have to try to understand it better to have an opinion.
I like the idea of savings addresses vs. "checking" addresses.  I'm not sure if blends into other type of account rules... I still think we need to enable you to set up a future auto-send to a different address if there is no activity for some period to leave funds to relatives when you die.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
In crypto world businesses do not know people they transact with.  I'm quite sure that most cryptocurrency people prefer to keep it this way.  Your system would like help a lot of situations, but it would also introduce distrust into relationships.  It is hard to say "do it this way for small transactions" when the % fees taken by exchanges are so small to begin with.  Part of the reason the %s are so small is due to the irreversiblity.

Toast - I like that approach.  2 types of accounts.  Exchanges don't have to deal with the savings accounts.  This allows both parties to agree to the rules beforehand. 

What happens when you go from savings -> regular account -> regular account.  How do you know the transaction is reversible ?
« Last Edit: July 07, 2014, 06:02:44 pm by gamey »
I speak for myself and only myself.

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline Agent86

  • Sr. Member
  • ****
  • Posts: 471
  • BTSX: agent86
    • View Profile
Ok, as long as the funds are not recoverable to the original owner.   So you remove a lot of the incentive for theft.

The system could still be abused.  If I wanted to cause your business a loss, I do our transaction then mark the transfer as stolen.  What does the receiver do to protect themselves once this is introduced ?

I'd love to see something like this in general, I just do not know if there is an adequate system.  It could be used to attack exchanges who support this feature and thus force them to withdraw support for the currency.
If you transact with a business and then mark the money that you sent them as stolen, first off they know who you are and that you tried to rob them of money for no reason even though you didn't gain anything.  So they could probably take appropriate action against you.  And again you didn't gain anything from doing this.  You could also walk into their business and just break something and probably accomplish about as much.  For a very big transaction where they don't trust you they have the option to wait 24hrs.  Even still as long as they come forward to the community and say they did not take the funds and are willing to identify themselves they will almost certainly get the alert tag removed by community.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
The problem I see is that once someone has acquired the private key, can't they do the same thing in reverse to the legitimate owner ?
I'm not following what you mean by "do the same thing in reverse to the legitimate owner"

-The thief xfers money out of your wallet
-Your wallet is now compromised and also empty
-You irreversibly mark the transaction as fraudulent
-You no longer use this wallet

What does the thief do?

Ok, as long as the funds are not recoverable to the original owner.   So you remove a lot of the incentive for theft.

The system could still be abused.  If I wanted to cause your business a loss, I do our transaction then mark the transfer as stolen.  What does the receiver do to protect themselves once this is introduced ?

I'd love to see something like this in general, I just do not know if there is an adequate system.  It could be used to attack exchanges who support this feature and thus force them to withdraw support for the currency. 
I speak for myself and only myself.

Offline Agent86

  • Sr. Member
  • ****
  • Posts: 471
  • BTSX: agent86
    • View Profile
The problem I see is that once someone has acquired the private key, can't they do the same thing in reverse to the legitimate owner ?
I'm not following what you mean by "do the same thing in reverse to the legitimate owner"

-The thief xfers money out of your wallet
-Your wallet is now compromised and also empty
-You irreversibly mark the transaction as fraudulent
-You no longer use this wallet

What does the thief do?

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile

The problem I see is that once someone has acquired the private key, can't they do the same thing in reverse to the legitimate owner ? 
I speak for myself and only myself.