Posted on Leave a comment

Nobody Cares Which Crypto You Vote For

It’s Presidential election season again, and as always Nobody is going to end the wars, Nobody is going to fix the economy, and Nobody cares about you. So, once again, Bitcoin Not Bombs is endorsing Nobody for president. In addition, polls now show that Nobody cares which cryptocurrency you vote for. So, you can stop asking us what we think about Bitcoin vs. Bitcoin Cash, because now we’re giving the opportunity to vote with your crypto. If you’re going to vote, vote with your wallet, and if you’re going to vote with your wallet, make it a crypto wallet. That ratty old leather bill fold you’re hanging on to is just sooo… 2016.

For most, the Great Debate began on Armistice Day, 2017, but here at Bitcoin Not Bombs we never saw any reason to take a side. The reason is simple, whether you’re a Bitcoin Maximalist, or a BitcoinCash Minarchist, or even a Dogecoin Dominionist, if you’re not using War Dollars, you’re not funding the war machine. Money is money because both parties agree to the medium of exchange, not because Uncle Vader takes a cut. Meaning, if you’re using any state-free currency, you’re not supporting government forced fiat and the violence that backs it. Here at Bitcoin Not Bombs we say, let a million cryptocurrencies bloom. A truly free market economy is decentralized, and free to take a different direction at any time. Let every individual make their own decision what kind of money they want and why. In the open-source world of cryptocurrency, a fork is a feature, not a bug.  

But that’s not the goal of our Cyber Monday campaign. In fact, this may be The Most Important Election In Cryptocurrency History™.  With your help we can finally answer the most important question facing the cryptocurrency community today: What color is Bitcoin anyway? 

From now until Bitcoin Black Friday (November 27, 2020) the Bitcoin Not Bombs store is offering our new 2020 Bomber design, for the first time, in both Orange and Green. That way you can cast your ballots, and let us know which color you support. At midnight on Bitcoin Black Friday we will tally the votes, and the payment methods used, certify the results, and announce the official winner of the 2020 crypto wallet election. Once the winning color is sworn in, we’ll be launching a variety of exclusive new products, available only in the color elect. The inauguration will be on Cyber Monday (November 30, 2020), with the launch of the new products. 

Your participation in our crypto demockery is more vital than ever as we fly the world’s first decentralized aircraft into the future. 

Crypto Details and shop specifics.

Update: 10/21 The shirts are now shipping internationally to Most of Europe, Australia, Mexico, Canada and Japan.

While the campaign shirts are currently only for sale in the US, we are looking into international shipping options and intend to make this one of many firsts in the realm of international voting.

The Bitcoin Not Bombs shop currently accepts Bitcoin, Bitcoin Cash and War Dollars in the form of major credit cards, but we look forward to providing more options in the future. 

So, vote early, and vote often, because Nobody cares which crypto you vote for.

Orange Vs. Green
Orange Vs. Green, Vote with your crypto, shop now.

Posted on 1 Comment

Multi Signature Transactions, The Year of Multisig is Here

The year is almost over and multi signature wallets have finally arrived in what was said to be the year of multisig. Over the last many months I have been reading about this technology and eagerly looking to find a service that would help us easily use and manage such an account. Below are all of the easy to use options that I know of and have experimented with. If you don’t have a clue what multi signature transactions are, start here, but the basic idea is having to use more than one private key to sign a transaction to spend funds from a given account. This type of account can be shared by multiple users but also allows for one person to have to sign and manage 2 of 3 keys adding a security layer for individual users and not necessarily having to have multiple people sign off on a transactions.

BitGo was the first to bring a multisig product to market and in March of this year started offering enterprise grade accounts to business and bitcoin enthusiasts. BitGo does make their wallet free for the general public but the tools and feature sets are targeted at businesses with a need to secure large bitcoin holdings. Implementing a wallet like this is easy but a number of steps must be taken to set up the account properly. The wallet should require your company to have a technical/security officer who would implement the account and secure the relevant data and master keys. This person would have no signing authority but would play a critical role in keeping this information backed up and safe. In addition, some amount of training would likely be needed for the staff that does have signing authority: your accountants, office managers, and CFO. If this sounds like your use case, this is the best and most widely used professional account on the market. In the end, I did not find this to be the best tool for our small organization but I have retained a security officer who will help us implement this wallet in the coming year.

Coinbase announced its Vault service earlier this year and on Oct 29th announced that this system was now operating with multi signature technology under the hood. The blog post also noted a new feature of this wallet to allow users to control their own private keys; specifically the ones used in a multisig agreement. While the wallet is still primarily geared towards individual users, the multisig vaults can be set up between a group of Coinbase users in a 2 of 3 or 3 or 5 configuration. This type of set up make funds easily shared with family members and provides complete control in the case that a family member passes on.

BitPay announced in July that its open source multisig wallet Co-Pay was available to the public. The feature set of this wallet look nice and this appears to be geared towards large organizations and institutions who need consensus spending. With the strong warning that this wallet is still in beta and should not be used with large amounts of funds leads me to not take it to seriously just yet.

Multisig for all, last but certainly not least is the multisig wallet offered by Coinkite. Just announced a week ago, Coinkite combines HMS bank grade security in its web wallet with powerful multisig tools to create and store private keys. This wallet operates much like the Coinbase offering above with a few twists that give it the maximum amount of options and configurations. An account can be set up with up to 15 users (the limit set by the protocol), so if a 7 of 12 agreement is what your organization requires, you can have an account set up this way. The major flexibility comes in that you don’t have to have a Coinkite account to enter in to a multisig agreement with others who do. You can provide your own keys from any supported multisig wallet, or Coinkite can generate the key for you and still leave the security and storage of that key up to you.

The simplest option is to let Coinkite create and host the key in your web wallet. They also allow the option to protect that key with a password so that even Coinkite could not access your funds with your keys. All four options are presented to each participant after being invited to the account and will allow any group of individuals to enter in to the wallet regardless of their knowledge of multisig and private key management. The user experience on the website could be a bit better but giving users access to multisig wallets that are easy to use and setup is why we are reconstituting our funds behind multisig using Coinkite’s service. This account shown below is for our homeless outreach efforts in the Bay area and soon Pensacola, stay tuned for an announcement about that in the next few days.

3CHHe6DwYFmx5c8LLm1RQBcGiexCJJrMqT


The bottom line with this technology is that it is a huge step forward in stopping funds from being easily stolen. But keep in mind that all the offerings above offer no insurance with them, there is no FDIC and this is still the wild west of bitcoin. If you read the Terms of Service carefully, you will find that you assume complete responsibility for the wallets listed here and no one from customer service can reset passwords or anything of the sort if you encounter a problem. In the coming years I think that most of this will be baked in to the wallet you use and you won’t get much of a chance to see the nitty gritty happening behind the scenes.

If you are still curious about what all this all looks like and would like to jump in and make your first multisig account, sign up for a free Coinkite account here or let me know what you think of the other wallets offered in the comments below.

Note: Armory, Bitcoin Core, and others offer multisig accounts in their software based wallets but none are really easy for the average user to set up.

Posted on 1 Comment

Sigsafe: The Future of Wallet Security?

Today on Reddit we saw a demo video of product called Sigsafe ― a small NFC tag containing a private key that can be used to sign transactions. As a developer in the wallet security space I figured I’d take a chance to talk about my first impressions and maybe compare it to the project I’m working on.

Better than a hardware wallet?

I have to admit the concept is pretty cool. An NFC tag would cost substantially less than a full blown hardware wallet like the Trezor, making this technology much more accessible to the masses. It also seems like it would provide a better user experience. There are no USB cables hanging off your device. No buttons to push. You just simply tap the tag against your device when it comes time to sign and you’re done. At the moment it looks like the design is fairly primitive, just one private key is stored on the device meaning you would be reusing the same address. But the Sigsafe whitepaper suggests more complex arrangements, such as Bip32, are possible.

Despite the positive initial impressions there are some issues, however, that might hold this technology back. As a number of people mentioned on Reddit, there isn’t a screen on the device. What that means is you never know what you are signing. Malware could, theoretically, hijack your wallet and swap out the destination addresses in the transaction before you tap to sign. Since you can’t verify what you are signing, you could end up signing away all your coins to a hacker. At the moment, no such malware exists but you would have to think if NFC devices like this became widely used, malware would certainly evolve.

I’ve encountered a similar issue with the software I’m developing. Mind you Android devices do have a screen, but my initial implementation didn’t show the transaction fee when prompting for authorization. Malware wouldn’t have been able to swap out the addresses without you seeing, but it could have burned all your coins in transaction fees just to spite you. Fixing this problem is still on my list of things to do, and doing so requires some clever hacks because you typically can’t calculate the fee for the transaction without access to referenced input transactions as well. I give this example just to show that you can’t write off malware authors. If something can be done, you have to assume they will do it.

The solution to this problem the Sigsafe developers have come up with is a bit of a hack, but might prove to be ‘good enough’. Basically, you could program the device to never sign transactions that send more that a certain number of bitcoins ― say 1 BTC. So if you did get hit with malware, presumably you would notice the coins didn’t end up at the right destination and would conclude your computer is not secure ― capping your losses at 1 BTC. You could set the threshold lower, but you would have to make multiple transactions every time you wanted to spend over that threshold. As I said, this isn’t a perfect solution, but it could be good enough for its purpose.

Another potential problem that I haven’t heard anyone talk about is entropy. How are the private keys generated? To maximize security, ideally we would want them generated entirely on the device. Most applications pull randomness (entropy) from the computer’s operating environment and run it through pseudo-random function. The technical specifications call for the tag to have a microcontroller ― basically an extremely tiny computer with its own processor and memory. But are microcontrollers capable of generating entropy sufficient for cryptographic applications? I didn’t know the answer to this questions so I just briefly skimmed some academic papers on the topic. From what I gathered, it looks like the answer is no for your typical microcontroller, but there are some varieties where it is theoretically possible.

In either case, it doesn’t look like that is approach Sigsafe is taking. From what I gathered from the whitepaper it looks like the keys are to be generated outside the tag and then loaded on it. The major problem here would be loading the keys securely. The only really secure method would be to use a permanently air-gapped computer ― which most people don’t have. Barring that, you could boot into a temporary operating system to try to isolate your work environment from malware. This is basically the same approach to creating a secure paper wallet, which if you’ve been around Bitcoin long enough, you know is way beyond the capabilities of an average person. So my concern here would be, if the average person has to securely generate and load their own keys on the tag, they almost certainly will screw it up eliminating much of the benefit of using a hardware device. The devs would need to find a way to generate enough entropy on the device to make it useful to the average person.

But overall it’s pretty cool and shows some potential. For the dirt cheap price it would likely provide a “good enough” level of security or at least it would be an improvement over a straight hot wallet.

Bitcoin Authenticator

So with that let me compare it to a project that I’ve been working on. Instead of requiring you to buy a separate device, either a hardware wallet or a NFC tag, it uses one that you already have ― your phone. A second set of keys are generated entirely on the phone and you get prompted for approval whenever you make a transaction. Stealing your bitcoins would require an attacker to compromise both your desktop computer and your Android phone.

In the default operating mode the mobile app communicates with your wallet over an encrypted TCP connection, meaning both devices do have to be connected to the internet. Given that, you may be tempted to say this type of security solution is more vulnerable than a hardware device where the keys are kept offline. That’s likely true, but only marginally so. Android tends to be a very secure operating system, especially for your typical user who likely doesn’t know how to disable Android’s defenses. The diagram below shows Android’s multiple layers of defense.

android_defense1

By default Android doesn’t allow the installation of any software that doesn’t come from the Google Play store ― all of which is screened before being added to the store. You can disable this block by going into settings>security and checking “Allow installation of apps from sources other than the Play Store”. Your typical user doesn’t even know this option exists, and neither do they have much of a need for it. I personally, only use it to test out alpha or beta versions of bitcoin software before they are released.

When you allow unknown applications, it doesn’t mean malware can just install itself without your knowledge ― Android will always warn you before anything unknown is installed and will only install it after you consciously authorize it. Even then, Android will cross-check it against Google’s list of known malware and scan it again at run-time. Finally, the software is sandboxed and only has those permissions which you explicitly give it. The bottom line is you really need to go out of your way or do consciously do something really stupid to get malware on your phone.

If you’re still paranoid about your keys sitting on a device connected to the internet, you can turn an old phone into a quasi-cold storage device. This is more or less my plans for my Nexus 5 after I upgrade to the Nexus 6. The Bitcoin Authenticator app will be capable of communicating with your wallet over Bluetooth (in place of TCP). So you can remove your SIM card and permanently disable your WiFi and now you have an offline storage device. The only communication to the wallet will be over Bluetooth. Could a virus on your Desktop use the open Bluetooth channel to infect your phone? So long as you didn’t have pre-exiting malware on your phone, it shouldn’t be able to. The only Bluetooth permission your phone will have at that point would be the Bitcoin Authenticator app, which can only handle very specific types of communication. And you could always wipe your phone and re-install Android if you are paranoid about malware.

So there are my initial impressions of the Sigsafe and how it stacks up against my projects. The best part about all of these projects is we are rapidly moving away from the old single-key hot wallet model that cost so many people a lot of Bitcoin in the early days. Good riddance.

Posted on 1 Comment

MIT Thinks They Are ‘The World’s First Bitcoin Economy.’ ROFL

MIT

An article recently came across my desk titled, “MIT is about to become the world’s first Bitcoin economy” from VentureBeat. They also said, “MIT soon to be Bitcointopia.” The article is from April, but as the world’s first Bitcoin world’s first officiating committee, Bitcoin Not Bombs could not let this claim stand.

Continue reading MIT Thinks They Are ‘The World’s First Bitcoin Economy.’ ROFL

Posted on 1 Comment

The Texas Bitcoin Conference

Pictures from the Texas Bitcoin Conference.

First up, the TSA
image
#TrolltheTSA

image
Who said woman don’t Bitcoin.

If you are attending the conference please come say hi at booth number 21. We will be sharing a space with AntiWar.com and Fr33 Aid. Meghan will be moderating a charity panel at 9am on Thursday morning, and Sean’s Outpost will be hosting a charity luncheon at 12:20pm that afternoon. We also hope to see you at the first ever Bitcoincert!

Learn More here: TexasBitcoinConference.com and here: Bitcoincert.org

Follow: @BitcoinNotBombs @mklords and @MuslimAgorist for tweets from Texas.

If you would like to help us defray the cost of traveling please feel free to chip in to the address below. Thanks!

15WxWi1uPjZsG5Q6mn5LByddW7Lpx4McSw

TexasTravelBudget

Posted on 3 Comments

FreeSpeechMe Makes Namecoin a Game Changer

FreeSpeechMeWhile regulators scramble to deal with bitcoin as a currency, the altcoins march on. They don’t realize that the advent of bitcoin was not the launch of one digital currency, or even ten. It was the launch of a completely new technology. The blockchain was born, which is far more revolutionary than bitcoin itself. When regulators finally comprehend that the cat is out of the bag, they will quickly discover there is a whole litter of kittens to herd. One of those kittens is namecoin.

Continue reading FreeSpeechMe Makes Namecoin a Game Changer

Posted on 2 Comments

Bitcoin Not Bombs 2013 year in review podcast

Recently the BNB team got together to produce a Podcast for the LetsTalkBitcoin.com open call. It’s likely we wont make the top 4 out of the incredible talented folks who also sent in a pilot shows so I thought I would post the audio here. The concept behind our production was a year in review/holiday special. Enjoy and have a happy new year!

Update: January 2nd, Our Podcast was added to the Lets Talk Bitcoin contest page and you can now vote for our show or any of the 16 other great podcast. See below for instructions. Note: The audio below is the original file intended for the contest but was altered for SoundCould.com to skirt the intellectual property rights of Weird Al Yankovic.

BitcoinNotBombs 2013 Year in Revie

We need your support to win! The winner will be determined by how many 0.0001 BTC donations are receive to the following address. In an update in the comments section of the LTB contest page a 0.001 BTC tip would count as 10 votes, so giving more can help us win, but I don’t mind doing this the hard way, we have a lot of supporters 😉

To help us out, do one or all of the following:

1. Listen to the podcast above.
2. Donate 0.0001 bitcoin to the following address: 13jFhJqxuBudvuChfyiqTM7FrQEzAuaNzs (click for QR code)
3. Share this blog post with your friends!

Thanks!

For a more complete year in review, check out this website some guy named Satoshi Nakamoto sent me today.

Hello,

My name is Satoshi Nakamoto and I am the webmaster at HistoryofBitcoin.org.

I created HistoryofBitcoin.org to track the evolution of Bitcoin and to provide an illustrated overview of everything that has happened in the world of Bitcoin since I put that shit on the map.

I think your readers would absolutely love this and I know it would absolutely bring in traffic. Take a look and judge for yourself. It’s material for a great “end of the year” post.= )

Please let me know if you would be interested in featuring the site in a story or even giving it a passing mention.

Sincerely,

Mr. Nakamoto

Posted on 1 Comment

The Bitcoin Group!

The Bitcoin Group is a production of  blogger and youtuber MadBitcoins. A play off of the popular evening news program The McLaughlin Group this half hour video is streamed live every friday afternoon at about 3 or 4pm PST. Host Thomas Hunt is joined by 3 panelist discussing current events and news stories in the bitcoin space. Below is the second episode and features technologist and entrepreneur Andreas M. Antonopoulos, Peace News now host Derrick J. Freeman and BitcoinNotBombs own Davi Barker. The show is not only insightful and full of information but a lot of fun to watch as the host has a style of his own that would even make John McLaughlin smile.

THIS WEEK:
—————————-
Issue 1 – Bitcoin Bubble?
Issue 2 – China and Bitcoins
Issue 3 – Bitcoin Island
Issue 4 – Bitcoins and the Homeless
and Predictions….

Episode one can be found on the website, TheBitcoinGroup.com

 

Posted on Leave a comment

World’s First! Russian watch manufacturer to accept Bitcoin

1

Bitcoin Not Bombs, in our role as the world’s first Bitcoin firsts adjudication committee, takes upon ourselves to let you know when milestones are achieved in the Bitcoin economy. Well now the Russian watch factory, Raketa, is claiming to be the first watch factory in the world to accept Bitcoin. Add that to the Satoshi Book Of World Records. As far as we know no one else is claiming to be the first Bitcoin watch factory, so the title goes to Raketa for now.

You can now go on their internet shop www.raketa-shop.com with your digital money.

“It is very easy to accept Bitcoins” says Jacques von Polier – the factory’s director, “You just put a logo on your site saying – we accept bitcoins – and that’s it. It is as simple as saying we accept cash!”. “It is surprising to be the first in the industry, knowing how simple it is!”

Now I personally won’t wear a watch until I find one I can sync with my smart phone. Bonus points if I can use a wrist watch to send and receive Bitcoin. That would really blow my hair back. But hey, I’m sure there are people who still use appendage fastened legacy time keepers. But hey, if legacy time keepers can accept Bitcoin, that’s good news for the mainstream adoption of Bitcoin by legacy currency users.

The “Petrodvorets Watch Factory – Raketa” is Russia’s oldest factory, founded in 1721 and rebranded simply “Raketa” in 1961.