Recent high-profile hacks of celebrities’ private photos and Satoshi Nakamoto’s email address had me thinking about security this week, specifically as it relates to my money.
Personally, I take normal, common-sense precautions to safeguard my own meager cryptocoin holdings, and I don’t lose sleep over someone hacking into my wallets.
To me, what looms as a far greater threat than hackers is someone simply using coercive force to gain access to my wallets.
And I’m not talking some guy on a dark street with a switchblade saying, “Hand over your Dogecoin wallet!”
I’m thinking of equally clumsy incidents such as when Davi Barker of Bitcoin Not Bombs got interrogated by TSA agents while flying domestically in the US because they thought he was packing physical Bitcoins — which, according to the agents’ understanding, could mean he was trying to transport more than US$10,000 while flying internationally, something he would have had to report to customs if, you know, physical Bitcoin tokens were a thing.
Governments have proved that they struggle with cryptocurrency’s metaphors. What might a legislative body or judge think a “Bitcoin wallet” refers to?
Imagine a scenario in which a country’s government passed a law that made traveling across borders with a Bitcoin wallet legally equal to traveling with cash, and that law gave border guards the legal right to check people’s wallets. That hypothetical scenario could put people in a situation where they must either hand over private keys or face jail time.
That’s not as far-fetched as it sounds. Bitcoin Foundation’s Jon Matonis reported two years ago in Forbes on countries whose key disclosure laws could be used to confiscate bitcoins. Public prosecutors in the Netherlands have the right to confiscate a suspect’s bitcoins.
And that’s just at the state level. A private person could also simply demand money at gunpoint from someone with a known stash of cryptocoins.
The likelihood of any of the scenarios above playing out is probably small, but the effects could be devastating for the victim.
So, on Wednesday Cointelegraph’s Maria Jones reached out to our community on Facebook for ideas as to how a cryptocoin user could take precautions against such confiscation or robbery. Responses came in immediately, and a few were pretty good.
(CoinDesk editor Jon Southurst’s idea, however, was not: “Well of course, you should roll your paper wallets, put them in a condom and swallow it. It's the only sensible way.” Cointelegraph in no way supports the use of Bitcoin mules.)
Here are some of the best strategies for safeguarding a user’s money that we have seen, both in that Facebook comments thread and in previous conversations with experts:
Use a brain wallet.
“With brainwallets or encrypted wallets, confiscation of bitcoin would only be possible with consent of the wallet holder or some form of torture to obtain the relevant passphrases,” Matonis told us. “Any party or group forcibly demanding key disclosure in violation of this privacy principle commits a human rights violation, which could be subject to criminal prosecution similar to the prosecution of international war crimes.”
The obvious problem here is a robber with the gun might not be particularly concerned with the threat of criminal prosecution.
“Or even more comfortable: Simply use a secure online wallet where user keeps full control over his funds (multi-signature combined with backup transaction),” Albert wrote.
Use red herrings.
“[Have one wallet] with a small sum of bitcoins to reveal to the confiscator to make him believe he already got everything there is, and a second wallet to keep secret that contains the majority of the owner's coins,” Olesen told Cointelegraph in July.
Duccini suggested in the Facebook threat that having a hidden container on TrueCrypt would achieve something similar:
“Despite the dustup over the security around TrueCrypt, I still like its use since its not been publicly disclosed that it has or can be breached.
“It supports a dual container model whereby in theory you could decrypt a hidden container with innocuous files for review while keeping your wallet in the other partition.”
Use Bip38-encrypted paper wallets.
Bitcoin evangelist Marty Peterson and Bruce Fenton, a founding member of the Bitcoin Association, agree that Bip38-encryption — which adds a password to your private key’s QR code — would be simple and effective security solutions. More information on Bip38 can be found here and here.
Share keying material with a trusted person elsewhere.
Cryptocurrency researcher Kristov Atlas suggested in the Facebook threat to avoid brain wallets and perhaps make arrangements where you could not even divulge your private keys, even if you wanted to.
“Create a multisig wallet or use Shamir's secret splitting algorithm, and send the other keying material to a friend. In that case, you are not physically capable of presenting the private key. If you want to avoid being charged with a crime related to withholding the key material, the last thing you want to do is create a brain wallet.”
Did you enjoy this article? You may also be interested in reading these ones:
Download our sleek and user-friendly free iOS app so you never miss the latest stories!