That instantly turned me away. After reading Applied Cryptography when I was 16 the lesson that stuck with me was "don't create your own security system/cryptosystem." It'll have more holes than a block of Swiss cheese.
I don't write the marketing copy but I do write the code.
We haven't invented any cryptosystems. What we've built is on top of SSL, HMAC-SHA256 signed tokens and Bitcoin.
What is interesting and novel about our security is our use of brain wallets. The wallets are all literally client-side only. If a user adds a password then no one but them can get at their wallet. Of course, they are still susceptible to phishing, theft and other forms of social engineering, but those are all well outside of the realms of cryptography.
You should make that a bit clearer in your copy. Having "proprietary" and "secure" so close to each other in a single sentence can drive more saavy users away.
Other than that, what are you doing to increase trust within the bitcoin system? I have a few friends who work on Wall Street (investment bankers, account executives, etc) and they summarize money as this: "Money is an embodiment of trust. Clients transmit funds to me in amounts with 5 zeroes, or with 7 zeroes, but if they don't trust me they won't send me a single cent."
I think the focus on making bitcoin easy to use with a simpler interface is a side-step.
Hey guys, I'd love to answer any and all tech related questions. Here's something to get the conversation started:
The client-side software is built on top of Helloblock.io and uses BitcoinJS-lib. All wallets and transactions originate on the client and never on our servers using the same mechanisms found in any other hierarchical deterministic brain wallet. So if you add a passphrase and then promptly forget it there's nothing we can do! This is both a feature and a bug and we are interested in exploring other mechanisms that keep our users in control of their funds while also being very easy and convenient to use. We don't want you to store your life savings in this wallet. Think of it like your real wallet. Just put enough for the day in there. There is a time and place for cold wallets and tight restrictions but that can be less convenient for day-to-day use.
When you first sign up your passphrase is supplied by our servers. This mechanism is similar to how most Bitcoin and Dogecoin tip bots work. It lets people send to a friend's address before they've signed up for the service. This has some dangers. If our servers are compromised these passphrases can be used to gain access to the wallets, but only if the users haven't gone through the "upgrade your security" process and created a new deterministic wallet. We are busy working on multi-factor authorizations based on multiple identity providers including SMS, Twitter, email and more. We think there are ways to keep users fully in control of their own funds, safe from attackers as well as being convenient. It is a tall order but we're ready to take on the challenge.
I hope you realize you are accepting full risk for all your users' money by using Helloblock. You have a team of 5, is it really too much work to run your own node?
We know the guys at Helloblock and we're very excited to be working with them. We feel that a healthy ecosystem of Bitcoin web services is beneficial to everyone. That way everyone can focus on their strengths. Our strengths are in making and shipping consumer Internet software.
Your wallet and the private key it uses to sign your transactions are generated in your web browser. You are free to send to and from any Bitcoin address.
Your wallet is only associated with our services by signing and submitting a token that proves it owns the associated public address.
We are exploring ways where any Bitcoin private keys can sign their own token and register with our infrastructure. This process would require the cooperation of other wallet software creators but we're sure a standard will emerge at some point.
We would like to have some form of two-factor authorization in place before we expose the private keys to the user interface. Right now the private key never leaves the warm embrace of a function closure inside of a web worker and well out of the global scope of the DOM.
Could someone explain to me what appeal is left to Bitcoin once you get rid of anonymity?
There must be some, given all the trackable-as-dollars implementations I've seen lately, like the Bitcoin debit card and this, which is actually less anonymous than dollars (since you're sending under an account that has your real name per the Facebook TOS).
From my naive standpoint, it seems like you're exposing yourself to a lot of value volatility and to a relatively complex and uncommon processing system. Why not just use PayPal, Stripe, whatever?
One of the biggest reasons I think bitcoin has real value is that you are suddenly in complete control of your spending. If I spend 10$ in bitcoins at target and then they get hacked it has no real affect on me. If I swipe my credit card at target and they get hacked then I have been exposed to a great deal of risk.
Not to mention the fact that no third party can be compelled to freeze your account or manipulate it in any way.
Of course all of that falls apart if you trust a third party.
If you knowingly give your details over to a phishing attempt, then yes, you bear the loss. Otherwise, any loss of monies from your bank account through hacking or identity fraud will be borne by your bank. Granted, it would still be a hassle, but I am not really at risk if a website which has my details gets hacked and my CC number gets stolen.
>Otherwise, any loss of monies from your bank account through hacking or identity fraud will be borne by your bank.
Hopefully. Sure in an ideal world, you get your money back. But the real world sucks. And if you do get the money back then you have to get a new CC and go through that whole process.
Bitcoins also means that to spend online you don't have to give someone total control of your funds. My chase checkings account was put on hold and my card cancelled when I bought Bitcoins from a friend using Chase Quickpay. I had to meet with someone, in person, and get an entirely new card. Just because Chase didn't like the way I had spent my money. No one had attempted a refund, or complained. Chase just noticed the email was associated with lots of Bitcoin sales and closed my account without informing me. With Bitcoins you don't need to give a 3rd party that much power just to be able to spend money online.
Just because if everything works perfectly then you are eventually isolated from the risk doesn't mean that there is no risk. There are real costs to identity fraud even if the financial ones are eventually corrected for.
Imagine that I am traveling abroad and only have one bank, if someone broke into my house and found my routing and account number then I would have to get new ones. As I am traveling abroad I will have to continutally have access to money to simply have a place to stay. Suddenly something that you are saying isn't a risk to me is really fucking up my trip and even has the potential to have me sleeping on the street.
Bitcoin provides a different way to deal with the risk, it lets you control almost all of the risk personally, of course this means that if someone does steal your bitcoins from you, you are fucked. No third party to protect you, but also no third party to mess you up.
While we plan on supporting our current product for the long-term, we are very interested in experimenting with a number of ways that people could interact with one another using bitcoin.
The risk of creating new products is great enough as it is. The added risk of building certain kinds of social financial products on top of existing payment methods and currencies doesn't make it worthwhile.
By building on top of Bitcoin we're able to offload an incredible amount of risk. The very nature of Bitcoin protects against double-spending and other kinds of fraud that keep PayPal and MasterCard so busy all of the time. At the same time, building software that relies on those companies is almost lunacy due to the fees and regulations. You've got to applaud what a company like Venmo can achieve with these sorts of limitations and roadblocks.
In a matter of weeks we were able to make something similar in scope to what would have taken substantial effort on the part of a company trying to do it without a cryptocurrency network.
We're very happy with the results of our first experiment as it seems to have created immediate value for people.
We're going to experiment with a number of concepts related to how people interact in a financial manner that build on the engagement that we're already seeing. Stay tuned, we're moving very quickly, and we'd rather give you something than promise you something.
I think a big advantage of something that accepts bitcoin through something like this is that even though the "normal" case is the same as things like paypal/stripe, it means that the backend supports bitcoin and can easily accept "raw bitcoins".
They receive the bitcoins immediately* (in 10 minutes, after it's confirmed by the network), which the IRS considers property. If they want money they have to convert the bitcoins to local currency and wait for a payout to their/a bank account.
Pretty sure I'm not happy about something that I'd like to see be very secure (like, say, my BTC wallet) being described as "simple". For stuff like that, I think people prefer to land in the "security" side of the security/convenience tradeoff. Seems like a recipe for disaster (which would likely drive people away from Bitcoin, not towards it, once a bunch of people using this service lose a bunch of money).
We're hoping that people will grow accustomed to having their Bitcoin shared across a number of different wallets and services.
We are not expecting people to keep any more in their wallets than they would with their real wallets.
Currently we recommend cold-storage for long term savings. We think there is a lot of middle ground for exploring different kinds of security and access privileges and how that affects the liquidity of your bitcoin.
I don't think anyone ever recommended that you store your wallet in MtGox long-term, either, but a whole lot of people did it and it's not like when that went sour everyone said, "Oh well, it was stupid of us to trust Mt Gox!"
Also, the fact of the matter is that this is subject to the problem that every person everywhere can secretly try to attack every wallet everywhere. One person getting their (physical) wallet stolen when they go out is upsetting for that person, but if someone figured out a way to steal 30% of all peoples' physical wallets at once, you can imagine that would be seen as a catastrophe, which is exactly what you're looking at given the monocultural nature of software. Maybe it wouldn't be a problem for someone who knows the risk and knows what they are doing, but those people don't need the convenience this app purports to offer anyway. Best of luck, I hope I'm wrong.
This will definitely help my friends get into Bitcoin - I know they've been tired of hearing me talk about it, now I can just give them Bitcoin and they can follow it themselves!
This isn't a condemnation of QuickCoin specifically, but can someone make BitCoin useful for a bigger demographics? That's a much larger problem than simplicity.
Ease of use, mainly. We started with the basic premise that Bitcoin is too complicated and that wallet software needs to be much easier to use and to get started with.
I'd love for you to try out and compare QuickCoin to CoinBase and Blockchain.info and let us know if we came anywhere near are goals.
We're bootstrapped and have been in development for only about 10 weeks. I'm sure we have a long way to go.
I'm counting on the community here at Hacker News for some feedback so we can make the product and business better!
We decided to use Facebook and Bitcoin because we think they have the largest prospective markets for growth.
Any and all identity/authentication providers are being discussed, including SMS, Email, TOPT clients like Google Authenticator, and OAuth from any provider. We are also discussing alternate blockchains.
We cannot promise anything at this time as our strategies as a company may change but I will say that we could very easily change a few settings to support these other identities and blockchains.
wait, so the only way to use this product is if someone else using this product sends you bitcoins first? Does that mean the entire system is a 0-sum-bitcoin system, with a fixed number of bitcoins in circulation?
Well I'm in then.