Cryptocurrency, a field still in its infancy, has not been without its share of risks, hacks, and scams. From Ethereum’s DAO theft to Bitcoin’s hack of countless exchanges from Bitfinex to ShapeShift, cryptocurrency users must take special care to secure their own funds. Recently, darknet market Oasis went offline in what appears to be an exit scam, leaving the owners of 150 Bitcoins and an indeterminate amount of Monero without access to their funds.
Cointelegraph interviewed Monero developer Riccardo Spagni, aka FluffyPony, on striking a balance between wallet security/privacy and usability.
Security/privacy vs. usability
Cointelegraph: Cryptocurrency is still an emerging field, and as such hacks and heists have dotted much of Bitcoin's early and current history. How does Monero's private Blockchain affect the ability to deal with theft, such as locating stolen funds?
Riccardo Spagni: Well how do you go about tracing the theft of cash, or of jewelry, or of a gold bar? Most thefts are tackled with good ol' fashioned police work, and having a traceable cryptocurrency doesn't really make much of a difference to the way law enforcement deal with thefts.
CT: Are web wallets generally a secure method of storing large amounts of cryptocurrency?
RS: No, web wallets are a terrible way of storing large amounts of cryptocurrency - hence the huge warning when you create a MyMonero account.
CT: How effective has that warning been in encouraging users to use the web wallet responsibly?
RS: Tough to say, I've certainly seen an uptick in people asking about cold storage on IRC and Reddit, so that's a positive sign.
CT: At present, what's the most secure way for Monero users to store their funds?
RS: By using some form of cold storage, eg. moneroaddress.org, which can and should be used offline, and can also be downloaded from Github and run offline. There's also luigi1111's ice-cold 2FA storage that has quite a novel dual key cold storage mechanism.
Balance between "convenient" and "secure enough"
CT: Cryptocurrency users must strike a balance between security and ease of use. Do you see difficult to use security features leading some users to neglect their security in favor of practicality?
RS: Yeah definitely - it's one of the reasons why brain wallets have been such an absolute fail, they just lead to people creating easily broken seeds. It's extremely hard to strike a balance between "convenient" and "secure enough", and only time will reveal with screws need to be tightened or loosened in one particular area or another.
CT: On the usability front, how many solid mobile wallet options are there for Monero users?
RS: None, the only mobile wallet is Freewallet, and that's a custodial service that appears likely to be a scam.
CT: Any on the horizon, or are there more pressing developmental priorities?
RS: Yes there are a few that I've heard are in the works, plus MyMonero is working on one, but it's not a priority for core Monero software projects right now.
CT: What are present core priorities?
RS: We ascribe to the philosophy of "first make it work, then make it work well", and Monero is still very much in the "make it work" phase. The priorities are largely covered in the research and development goals on the website. Several of those are being worked on simultaneously by different groups of Monero's 130+ contributors, so "priority" is determined by contributors not by any particular person.
CT: Philosophically speaking, most people seem content (or otherwise complacent) with the low-privacy world of banking. Is total financial privacy something that you see becoming a priority to larger segments of the population, or will it remain relativity niche?
RS: Good question. Of course, as a believer in personal privacy I'd love for people to be more aware of their privacy risks. Pragmatically speaking, though, I suspect that the "raw" use of cryptocurrencies will remain niche, and people will gravitate to much easier to use layer 2 / 3 systems like Lightning Network, so they'll almost unwittingly be using a cryptocurrency rather than actively seeking one out.
I fully expect Monero will be part of the wider gamut of "layer 1" cryptocurrencies for the foreseeable future, otherwise I wouldn't be working on it, but I don't think we'll achieve Bitcoin levels of use (barring something catastrophic) because Bitcoin already exists.
CT: And the follow-up: the concept of being your own bank implies a great amount of personal responsibility. Do you think the public at large will ever be ready for that?
RS: Yes definitely, but it'll take successive generations to get there. Think about how long it's taken for people to stop using weak passwords - and yet still most older people use their date of birth.