#SmartCustody is an ongoing project of @BlockchainComns, a blockchain infrastructure support organization. In it we share the best practices for the use of advanced cryptographic tools in improving the care, maintenance, control, and protection of your digital assets. (1/14)
In the year since the release of our #SmartCustody digital-asset checklists, resources, and risk modeling there have been many changes to our ecosystem. For example, last year’s edition could only safely recommend single-signature cold storage approaches for self-custody. (4/14)
These resources, paid for by your fellow patrons in the Bitcoin and cryptocurrency digital-asset community, are available for free in the PDF http://bit.ly/SmartCustodyBookV101 and at cost in a print-on-demand book http://bit.ly/SmartCustodyBookViaLulu (3/14)
In the 1st edition of #SmartCustody we detail best practices & default storage scenarios, offer an exercise for you to learn how to model digital asset flows, create a risk model, do an adversarial analysis, and use these tools to modify your personal storage scenario. (2/14)
As @BlockchainComns begins work on a major new release of a 2nd edition #SmartCustody, I thought I’d share with you personally some of my own thoughts on how I think about digital asset security, risk modeling, and adversarial analysis. (6/14)
However, a number of wallets’ architectures have since become more mature. So we now feel that multi-sig solutions are feasible for use by regular people. (5/14)
Classic risk-modeling indentifies vulnerabilities and turns those vulnerabilities into risks based on likelihoods and consequences. You’ll still find all of that in #SmartCustody. It’s only after we’ve identified these initial risks that we bring in our adversaries. (9/14)
Classic risk-modeling techniques can be overwhelming, so the #SmartCustody book offers a different approach that helps users to protect their digital assets by figuring out what endangers them. I do this using a unique method: exposing ADVERSARIES. (8/14)
The first thing I’d like to share is particularly unique to how I approach the risk-modelling of digital assets: Adversarial Analaysis. I believe you may find it useful, so I’ll be sharing my thoughts about these Adversaries throughout the month of June. (7/14)
We can look at the motives of Death or Institutional Theft or Blackmail. We can consider what they want, even in situations when they’re not thinking beings. By better considering motives, we can better understand if an adversary is actually a threat to US. (12/14)
Why adversaries? Because they flip the script. We go from discussing somewhat vague and abstract vulnerabilities to considering something more concrete. In the abstract, we might fall prey to our own biases; when things are made concrete, we hew closer to reality. (11/14)
So what’s an adversary? It’s an anthropomorphized problem. Each one can encompass many different risks and have many different solutions. Losing your funds due to incapacitation is a potential risk, but DEATH, that’s an adversary. (10/14)
What do you think of adversaries? Are they useful for modeling risks? Let us know! And please consider supporting the #SmartCustodywork that this topic is drawn from. We’re need support for our 2nd edition, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (14/14)
Risk modeling is all about making informed decisions rather than emotional ones. I believe that adversaries help us to do so. I’ll be talking more about them in coming days, as I highlight the 27 adversaries in #SmartCustody. (13/14)
RT @ChristopherA: #SmartCustody is an ongoing project of @BlockchainComns, a blockchain infrastructure support organization. In it we share…
The adversaries in my #SmartCustody book are broadly divided into seven categories, the first of which is LOSS BY ACTS OF GOD. These are threats to your cryptocurrency and other digital assets that originate in bad luck. (1/6)
I imagine Loss of Acts of God as like a lightning strike. There’s often no warning, but the destruction can be total. (2/6)
When talking about adversaries, I look at both ulterior and explicit motivation. But, there’s nothing ulterior about Acts of God. They just happen! (3/6)
Nonetheless, we can still anthropomorphize motivations, and that’s where I think the adversarial modeling becomes very powerful. It helps us to understand these natural forces and whether they’re actually a danger to each of us. (4/6)
Specific adversaries in this category include: Death / Incapacitation; Denial of Access; and Disaster. I’ll be talking about each of these specifically in the next few days. (5/6)
Any thoughts on Acts of God category? Any specific adversaries that I missed? Let us know! And please support the #SmartCustodywork that this topic is drawn from. We’re working on our 2nd edition, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/
Adversary category “Loss by Actions of God” https://twitter.com/christophera/status/1267859439408697344?s=21 https://twitter.com/ChristopherA/status/1267859439408697344
RT @Appelcline: I like writing technical books too. I’ve done a few over the years. The most recent is the #SmartCustody book that I coauth…
#SmartCustody Adversary — Death/Incapacitation.
What is DEATH’s motivation? I imagine it as: “I am your last firing neurons, and I seek to drag everything you ever knew down with you, into the darkness.” (1/7)
Our best solution here? To relay your secrets. You have to make sure the private information that protects your digital assets lies somewhere outside of your own neurons, as we learned when considering the motivations of Death. (5/7)
QuadrigaCX is the biggest case we know of where funds were lost due to the holder’s death. Allegedly; that death is still in question. But currently it appears that $200M CAD became inaccessible. (4/7) https://www.engadget.com/2019-03-08-quadrigacx-bitcoin-missing-millions.html
Death/Incapacitation is one of the big ones: an adversary that anyone could face and that can endanger their digital assets for themselves, for their estates, and for their heirs. (3/7)
That’s my first adversary in the #SmartCustody course, where I anthropomorphize problems that you might face when securing your digital assets, to allow you to better, and less emotionally, model the actual risks. (2/7)
Have your own stories of Death impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We’re working on V2 of the book, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (7/7)
We only cover the digital asset basics about the Death adversary in the, but not much about inheritance law, but we highly recommend @pamelawjd’s book (and a sponsor of last year’s #SmartCustody v1 book) “Cyptoasset Inheritance Planning” (6/7) https://www.amazon.com/gp/product/1947910116/
Our first adversary in the category “Loss by Actions of God” — Death/Incapacitation:
https://twitter.com/christophera/status/1268401649728368640?s=21 https://twitter.com/ChristopherA/status/1268401649728368640
RT @FullyNoded: If you update to 0.20.0 you can now create BIP67 hd multi sig wallets with fully noded and your node 🖤
RT @trbouma: “If we are going to mandate digitization, human rights activists must demand that these tools are built with the interests of…
#SmartCustody Adversary — Denial of Access
DENIAL OF ACCESS is a very pragmatic adversary that can affect your cryptocurrency. What if you physically couldn’t get to the location where you stored the private keys that protect those assets? (1/9)
I had to imagine some less likely scenarios when I first wrote about this adversary, like storing keys in a corporate safe before the company went out of business, or with a friend who died. (2/9)
We take our freedom of movement for granted in the first world, and that may well be the case when all of this is done. But our #SmartCustody book anthropomorphizes adversaries so that you can better understand them and better consider the concretely. (5/9)
The recent riots offer another very real example of a physical DENIAL OF ACCESS. There might have been curfews blocking your access, or it might be unsafe to go and retrieve your cold storage keys. (4/9)
But we’ve seen a more likely situation in recent months: COVID-19 lockdowns. Banks have been accessible, but what if you left private keys with friends or family? It would have been illegal to retrieve them. What if they were at a work place and you couldn’t go there? (3/9)
There are of course other forms of DENIAL OF ACCESS. What if your hardware or processor manufacturer bricks or freezes all of your secure devices? Estonia did this is 2017 due to an security flaw, preventing access to all e-ID services. https://amp.insider.com/estonia-freeze-e-residency-id-cards-id-theft-2017-11 (7/9)
Think about where you store the secrets that protect your cryptocurrency and other digital assets. Is there any way you could lose access to that? (6/9)
Have your own stories of the DENIAL OF ACCESS adversary? Has COVID-19 already affected your own access? Any of your own solutions? Let us know! And please support #SmartCustody — we’re working on v2 of the book, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (9/9)
One of our top solutions is redundant storage. If you have keys in more than one place, particularly disparate sorts of places, then it’s less likely that you’ll lose access to all of them. Obviously, any solution may introduce its own adversaries as well. (8/9)
The second #SmartCustody adversary in the category of “Loss by Actions of God” — Denial of Access: https://twitter.com/christophera/status/1268531178916569088?s=21 https://twitter.com/ChristopherA/status/1268531178916569088
An example of this. I currently have a backup key not in the same county as my primary key, in case of big fires like we saw in recent years in California. But I’m still at risk in case of earthquake, so was considering moving it to Wyoming or EU. But given #COVID19? Not sure.
RT @ChristopherA: An example of this. I currently have a backup key not in the same county as my primary key, in case of big fires like we…
For more information on the rest of this series on digital asset adversaries covered in the first edition of the #SmartCustody book, see the first #tweetstorm where I am linking it all together: https://twitter.com/ChristopherA/status/1267560481855639553?s=20 https://twitter.com/ChristopherA/status/1267560481855639553
RT @kimdhamilton: @RadHertz @IdentityWoman @darrello @taykendesign @drummondreed @RuffTimo @realjoet @streetcred_id @psykoreactor @Christop…
RT @kimdhamilton: @RadHertz @IdentityWoman @darrello @taykendesign @drummondreed @RuffTimo @realjoet @streetcred_id @psykoreactor @Christop…
RT @kimdhamilton: @RadHertz @IdentityWoman @darrello @taykendesign @drummondreed @RuffTimo @realjoet @streetcred_id @psykoreactor @Christop…
RT @FullyNoded: If you use FN1 or 2 you can pass unsigned PSBTs to HWW for signing and back. FN2 forces you to verify the tx before its bro…
RT @FullyNoded: Here is the FN2 “confirm” view. Not only does it display all info to you, you may also tap each input and output to get the…
#SmartCustody Adversary — Disaster
DISASTER! Its motivation? “I want to destroy. I want to crumble and burn. I want to ruin with water, to blow things into the air. I am bombs, bullets, and explosions. I am sudden and unexpected but disastrous destruction.” (1/9)
When researching for my book, I heard the story of someone who religiously printed his keys to paper wallets. Every quarter he’d reprint so the ink didn’t fade (and would then shred the previous one). Unfortunately, he kept those keys in the basement. Which flooded. (3/9)
This is the third adversary in my #SmartCustody book about protecting your cryptocurrency and other digital assets. And the motivations certainly explain the ways that you could lose your private keys. A house fire, a flood, a tornado, a war. (2/9)
Last year I polled my Twitter followers about their own recovery key practices. 30% of them did not have redundant copies of their recovery keys & 51% still had their recovery keys only on paper! I live in California, but everywhere you may be vulnerable to some DISASTER. (4/9)
I suggest physically reinforcing your key storage as the best way to defend against disaster. If you use paper, it should be waterproof with permanent ink, but it’s even better to stamp or etch your keys into steel or titanium plates. And it’s quite easy to do! (5/9)
The important thing here is to consider which disasters are most likely to strike the location where you store your keys. (And, as always, how likely they are) Because fire, earthquake, tornado, and warfare all expose different vulnernabilities. (7/9)
My cold storage scenario even talks about some of the tradeoffs of different types of metals and other storage devices when applied to truly out-of-bounds temperature changes. (6/9) https://github.com/BlockchainCommons/SmartCustodyBook/blob/master/manuscript/02-scenario.md
Have your own stories of DISASTER impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We’re working on V2 of the book, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (9/9)
And that’s the last of my category”Acts of God” adversaries. In the last few days I also covered Death / Incapacitation & Denial of Access. Which are most likely to affect You? (8/9)
Our third #SmartCustody adversary, our last in the category of “Loss by Actions of God” — Disaster: https://twitter.com/christophera/status/1268838617012568065?s=21 https://twitter.com/ChristopherA/status/1268838617012568065
Replying to @DestrySaul and @BlockchainComns
In general PSBT (partially signed bitcoin transaction) is still fairly new, as is multisig in general. Older hardware (Ledger, Trezor, etc) also have some assumptions about there being only single seed on the device and a single account used a a time. …
Replying to @DestrySaul and @BlockchainComns
I know that as we are developing the @FullyNoded 2 multisig bitcoin app that we are encountering that these assumptions have caused a number of interesting new attack surfaces now that we have multiple devices and multiple account paths involved. …
Replying to @DestrySaul, @BlockchainComns and @FullyNoded
Some of these potential attack surfaces were addressed last year, but I’m not surprised that another attack surface emerged just now. I would not be surprised if there are a few more PSBT issues that the ecosystem will have to address this year as more multisig wallets evolve.…
Replying to @DestrySaul, @BlockchainComns and @FullyNoded
Right now @BlockchainComns is facilitating & hosting conversations about a number of multisig issues with a number of wallet vendors in Github and in a private Signal group. Most are newer wallet companies, and though we’ve heard from @Ledger & @Trezor they have not been active…
Replying to @DestrySaul, @BlockchainComns, @FullyNoded, @Ledger and @Trezor
Many of these new problems will only become visible when we test multisig with multiple wallet vendors. Currently @FullyNoded tests against @ElectrumWallet, @COLDCARDwallet, @unchainedcap’s Caravan, and soon a few more. …
If you like what @BlockchainComns is doing to address these kinds of problems by increasing our ability to interoperate & not be locked into a single wallet vendor, I encourage your financial support at https://btcpay.blockchaincommons.com or contribute engineering talent to our cause.
RT @ChristopherA: @DestrySaul @BlockchainComns @FullyNoded @Ledger @Trezor @ElectrumWallet @COLDCARDwallet @unchainedcap If you like what @…
Replying to @DestrySaul, @BlockchainComns, @FullyNoded and @BobMcElrath
There are a number of not-collaboratively designed details about how hardware wallets do HD keys that have never been properly documented, only repeatedly reverse engineered. For instance, the derivation m/48’ used by existing hardware wallet vendors is unique & has issues. …
Replying to @DestrySaul, @BlockchainComns, @FullyNoded and @BobMcElrath
I suspect that if anything we are going to have have more conventions & rules about use of HD key paths, wallet descriptors, PSBT, etc. in the future, many of which may force users to sweep their keys to keep up. This is not desirable & should be avoided, but probably necessary.
RT @ChristopherA: @DestrySaul @BlockchainComns @FullyNoded @BobMcElrath There are a number of not-collaboratively designed details about ho…
RT @ChristopherA: @DestrySaul @BlockchainComns @FullyNoded @BobMcElrath I suspect that if anything we are going to have have more conventio…
RT @FullyNoded: 1. ⚠️ Major announcement! Standup is finally ready for you all to try out!!! 🤩 Easily install Bitcoin Core and Tor and setu…
RT @FullyNoded: Major shoutout to @ChristopherA and @BlockchainComns for making this app and a ton of other amazing bitcoin projects a poss…
In addition to being the full node half of our @FullyNoded 2 iOS app, it is also available from your command line if you want to use it with my “Learning Bitcoin from the Command Line” course. Best way to really learn Bitcoin! https://github.com/BlockchainCommons/Learning-Bitcoin-from-the-Command-Line https://twitter.com/FullyNoded/status/1269132911279632384
Replying to @DestrySaul, @BlockchainComns, @FullyNoded and @BobMcElrath
I agree that there should be more open deliberation among the developer community. That is part of what Blockchain Commons is all about. …
Replying to @DestrySaul, @BlockchainComns, @FullyNoded and @BobMcElrath
I’m the co-author of the TLS protocol, the world’s most successful cryptographic protocol. It won because we out collaborated Microsoft & Visa/Mastercard who wanted to own the early commercial internet. I’m co-chair of the W3C Credentials CG. I believe in open standards.
RT @FullyNoded: Just in case it’s lost in the thread, just clicking this link will download the mac app via our github. Could not be easier…
RT @unchainedcap: The @FullyNoded wallet by @ChristopherA and team is the first mobile wallet to be able to interact with Caravan. Here’s a…
Replying to @La__Cuen
I know I’m frustrated that my personal KYC data is with a number of exchanges, and there is no way to delete it now that I now longer use some of them. I’m also frustrated that exchanges want me to email them personal KYC data (@krakenfx most recently) which disturbs me.
#SmartCustody Category — Loss by Computer Error
Cryptocurrency is innately digital: it’s stored on computers. That’s why LOSS BY COMPUTER ERROR may terrify us the most among adversaries that could steal away those assets. It’s the second category of adversaries in my book .(1/7)
Like the category Acts of God, this is another pretty faceless category. Computer Error is just an Act of God affecting the electronic world instead of the physical world. But unlike it we often can point to people causing errors rather than from an uncontrollable force. (2/7)
Like many of us, I imagine Computer Error as smoke billowing up from a computer whose lights have just blinked out forever. It’s a terrifying image. (3/7)
But, there are actually lots of ways that computers can eat up your cryptocurrency and other digital assets. Time and neglect may actually be the enemies most likely to turn your computers against you. (4/7)
I include two specific adversaries in this category: BITROT and SYSTEMIC KEY COMPROMISE. That’s your computer becoming unusable; and your keys proving insecure. I’ll explain them more in the next few days. (5/7)
And though I talk about how terrifing LOSS BY COMPUTER ERROR is, remember that the goal of anthropomorphizing threats is always to look at them more bloodlessly. Consider these adversaries and ask, “Is this likely to happen to me?” (6/7)
Any thoughts on Computer Error? Any specific adversaries that I missed? Let us know! And please consider supporting the #SmartCustodybook that this is drawn from. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (7/7)
Our second major #SmartCustody adversary category is “Loss by Computer Error”: https://twitter.com/ChristopherA/status/1269425280008876032?s=20 https://twitter.com/ChristopherA/status/1269425280008876032
RT @BTCSocialist: #DIY #bitcoin hardware wallet, with Morse code passphrase, on @M5Stack, hiding behind #Tetris!
Built using @StepanSnigi…
Replying to @BTCSocialist and @WorldCryptoNet
We are working on QR code standards for export & importing xpubs and PSBTs. For instance you could send the xpub as a QR code to @FullyNoded 2 or Spectre or @CoboVault & more to watch & prespare PSBT to be signed. Similarly can return signed PSBT via animated QR to be posted.
Replying to @PyVitor, @RuffTimo, @PelleB and @IdentityWoman
I’ve been architecting the @FullyNoded 2 iOS Wallet to be able to support the DID BTCR method, and in general trying to understand the architectural challenges of wallets that do both cryptocurrency & decentralized identify safely. A challenge!
Replying to @van_flymen and @JustinMoon
Don’t forget to share a link to my “Learning Bitcoin from the Command Line” course. It has a big section on leveraging RPC. We also welcome PRs to improve it. https://github.com/BlockchainCommons/Learning-Bitcoin-from-the-Command-Line
Replying to @van_flymen and @JustinMoon
Someone pointed your live stream to me in amusement while you were installing Bitcoin on a Mac. You might find the the install script in my course useful. We also have a one-click MacOS installer now at https://github.com/BlockchainCommons/Bitcoin-Standup-MacOS which automates the whole thing.
Replying to @JustinMoon, @Hodl8333 and @KG81
https://twitter.com/ChristopherA/status/1269809629023764480?s=20
Replying to @JustinMoon, @Hodl8333 and @KG81
https://twitter.com/ChristopherA/status/1269810255300456448?s=20
RT @chiselinc: I’m pleased to say I’m participating in @ChristopherA’s upcoming mini-team internship for @BlockchainComns, contributing to…
Replying to @mikeinspace and @FullyNoded
The design of FullyNoded2 is to take advantage of the fact that you can create Swift-based iOS apps & use the code to develop Mac apps in for Mojave. However, there have been some “gotchas”. Maybe this month’s WWDC will address the ones from Apple, but library fixes needed too.
#SmartCustody Adversary — Bitrot
Our first category “Loss by Computer Error” adversary is BITROT. It encompasses the many ways that you could lose digital assets & cryptocurrency through failure of your electronic storage. (1/10)
The most obvious is your computer flat-out dying, smoke billowing up from it. You could have a hard drive crash. Your cheaply made USB key could stop working. Any hardware failure could endanger access to your private keys. (2/10)
It’s all about entropy as I write in its motivation: “I am entropy writ large. I want to break down your storage, crash your hard drives and degrade your optical media. I want to prevent your computers from booting, your programs from running, and your data from reading”. (4/10)
But, there are less obvious & more subtle ways that your storage could fail. A software wallet could stop working with the newest upgrade of your operating system. Standards for digital-key storage could change, so that your recovery method is no longer recognized. (3/10)
It was BITROT when one user talked about have a 15-word recovery seed, but said that he didn’t know what software had generated it. (5/10) https://bitcoin.stackexchange.com/questions/65171/how-to-restore-wallet-from-15-word-seed-mnemonic
It was sort of BITROT when James Howells disposed of a laptop computer before remembering that it had Bitcoins on it. (6/10) https://www.cnbc.com/2017/12/20/man-lost-127-million-worth-of-bitcoins-and-city-wont-let-him-look.html
You also want to fully test your procedures before actually relying on them, especially your recovery procedures. Delete your hardware wallet’s seed, restore from scratch, and see if your test transaction comes back before using that key for substantial funds. (8/10)
The best way to avoid Bitrot is to maintain backups of not just your machine’s data, but also its operating system, and information on how you set it up. You want to be able to recreate the exact machine that once contained your digital assets. (7/10)
Our free #SmartCustody book offers a number of checklisted procedures for you to test against BITROT. We’re working on V2, with multi-sigs and other expansions. Support this new edition at https://smartcustody.btcpay.blockchaincommons.com/ (10/10)
We also suggest that you test your recovery processes at least anually. I actually use a two-phase recovery process, one focused on local keys and hardware in spring, and the other focused on my remote backup sets of keys in the autumn. (9/10)
Our first #SmartCustody adversary in the category “Loss by Computer Error” is Bitrot: https://twitter.com/ChristopherA/status/1270034533270745095?s=20
We had over 20 applications this year for a summer internship at Blockchain Commons. I usually pick just one, but given social distancing, travel restrictions, etc. I decided to try something different—virtual team intership. We have 7 excited students working together to learn! https://twitter.com/ChristopherA/status/1262826694726975489
This is our first week. We focused now on defining at least one project deliverable for each intern to be a lead on. It is needs to be something achievable in our short summer timeframe, but also something they can be proud of.
The projects are quite varied, as are the interns. One project emerging is an .onion bitcoin price feed that you can host yourself but also share, electrum-server style. Others are improvements to Bitcoin Standup, such as adding Lightning support, etc.
Another set of projects are hardware related, like adding xpub/zpub derived keys, and export via QR codes by #LetheKit.
Last year, Blockchain Commons helped @TheBlueMatt set up a Tor exit node at @nycmesh (a commons good that we all are using and should be supporting). Another intern project is to set up a 2nd @torproject , likely in Asia.
RT @chiselinc: So excited to be a part of this: we will be documenting the process for @BlockchainComns & hopefully paving a clearer path f…
RT @jodobear: A little less than 3 years ago I started learning computers because #Bitcoin happened to me and now finally, I got an opportu…
RT @fakhrulKhir: 2 years ago, I joined a blockchain startup here in Malaysia and started to learn a lot about blockchain. Now getting my ha…
#SmartCustody Adversary — Systemic Key Compromise
Here’s an adversary for your cryptocurrency (or other digital assets) that you might not have thought about: SYSTEMIC KEY COMPROMISE. What if the software that generated your keys did so in an insecure way? (1/11)
This is one of the “Loss by Computer Error” adversaries in my #SmartCustody book, and it’s broadly a software programming error: someone messed up the key-generation code and it creates keys that either have less entropy than intended or that can be systemically guessed! (2/11)
This is NOT just a theoretical idea. After one software update, http://Blockchain.info generated insecure keys for 0.0002% of their users. 250 Bitcoins subsequently went missing. (3/11) https://cointelegraph.com/news/white-hat-hacker-returns-missing-bitcoins-to-blockchaininfo
Two years ago, we learned that JavaScript’s secureRandom() was neither entirely secure nor random. Insufficient entropy meant that hackers could brute-force coins. (4/11) https://btcmanager.com/vulnerability-in-javascript-function-may-mean-long-term-bitcoin-hodlers-are-at-risk/
Last week, the @Trezor hardware wallet did a software update to fix a security issue, that locked users out of access to funds in a number of Bitcoin multisig accounts when using some third-party software tools. (5/11) https://decrypt.co/31463/bitcoin-segwit-bug-fix-could-lock-wallet-users-out-funds
How do you solve a problem so far out of your control? You monitor news related to your hardware and software, and you have an emergency procedure in place so that you can immediately move funds if your keys might be vulnerable to compromise. (7/11)
SYSTEM KEY COMPROMISE may pretty abstract, but we have three examples of it actually happening. All of these failures have had widespread repercussions. This is why I advocate adversarial analysis: it helps you to look at the real likelihooods of vulernabilities. (6/11)
Another approach is to not to update hardware key firmware or software immediately, or have two devices and only upgrade one, and have a working backup of the old software. This allows you to move your funds to an updated, more secure wallet. (8/11)
Eternal vigilance is the price for the autonomy of decentralization. You’re taking centralized authorities out of the loop, but that means you need to bear the responsibility yourself! (9/11)
That’s my second and final form of “Loss by Computer Error” category of adversary, following up on yesterday’s look at BITROT. Together, they comprise the may ways that computers could case you to lose your assets. (10/11)
Have your own stories of SYSTEMIC KEY COMPROMISE impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (11/11)
Our second and last #SmartCustody adversary in the category “Loss by Computer Error” is Systemic Key Compromise: https://twitter.com/ChristopherA/status/1270438677940846592?s=20 https://twitter.com/ChristopherA/status/1270438677940846592
RT @ChristopherA: Last week, the @Trezor hardware wallet did a software update to fix a security issue, that locked users out of access to…
RT @ChristopherA: Another approach is to not to update hardware key firmware or software immediately, or have two devices and only upgrade…
The ulterior motive here is obvious: greed. There’s an active antagonist attacking you, and they want what you have. (2/8)
#SmartCustody Category — Loss by Crime, Theft
Cryptocurrency holders seem to be the most afraid of their digital assets being stolen. That’s my third category of #SmartCustody adversaries: LOSS BY CRIME, THEFT. And, it’s quite varied: I’ve got a whole week’s worth of them! (1/8)
I envision LOSS BY CRIME, THEFT as a masked burglar taking keys out of a safe while heist music plays in the background. But, honestly, theft is usually more subtle, not involving physical presence at all. (3/8)
Is LOSS BY CRIME, THEFT really the most worrisome danger to your digital assets? I personally think that the average holder is more likely to lose their funds due to accidentally misplacing the keys in some way: either a physical or computer loss. (4/8)
Are your keys stored at a public exchange? Are you a well-known hodler of Bitcoin? Do other people have access to your funds? These are all things that could increase the danger of this category of adversaries to you. (6/8)
But as always, #SmartCustody anthropomorphizes these adversaries and considers their motivations so that you can more bloodlessly think about whether you’re actually at risk. One at a time, rather than being overwhelmed by all possible threats at once. (5/8)
#SmartCustody details 8 different Theft adversaries: Institutional Theft, Internal Theft, Personal Network Attack, Systemic Network Attack, Casual Physical Theft, Sophisticated Physical Theft, Social Engineering, and Supply-Chain Attack. I’ll cover them over the next week. (7/8)
Any thoughts on the LOSS BY CRIME, THEFT category? Any other specific THEFT adversaries that I missed? Let us know! And please consider supporting the book this is drawn from, #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (8/8)
Our next category of adversaries are “Loss by Crime, Theft”: https://twitter.com/ChristopherA/status/1270774037782777856?s=20 https://twitter.com/ChristopherA/status/1270774037782777856
Our examples of this are mostly theoretical, as companies don’t like to publicize actual thefts of this sort. But an engineer could backdoor a system, a bank employee could physically steal something from a safety deposit box. (3/8)
#SmartCustody is all about figuring out what protects your personal assets best. Many might see an institution as being a strong protector, whether it be an exchange, a bank, or a lawyer. But you have to assess the gains against the dangers for your personal situation. (2/8)
#SmartCustody Adversary — Institutional Theft
What’s INSTITUTIONAL THEFT? Here’s the motive: “I pretend to be a good employee, but I’m always waiting for my chance for a great score. I want to sift through the goods entrusted to my company and to take the best for myself.” (1/8)
How do you address this adversary? KYI! Know Your Institution. Be aware of its history and (politely) ask questions about how it addresses questions of personal responsibility. Ask your peers — recommendations can be pretty important too. (6/8)
Are the protections of your institution robust enough? That’s the question you have to ask, and it’s particularly important for cryptocurrency, where actual regulations may not have caught up with the rest of the financial world. (5/8)
Certainly there are protections against this sort of thing, often quite robust protections. For example, fiduciary responsiblity requires dual control to theoretically keep any single employee from engaging in theft. (4/8)
Have your own stories of INTERNAL THEFT impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (8/8)
As always when using these adversaries in a process to improve management of your own risks, the trick is to think of only adversary’s motive at a time. Don’t become overwhelmed by addressing all forms of theft at once. (7/8)
Our first #SmartCustody adversary in the category of “Loss by Crime, Theft” is INSTITUTIONAL THEFT: https://twitter.com/ChristopherA/status/1271172504787116032?s=20 https://twitter.com/ChristopherA/status/1271172504787116032
Replying to @TuurDemeester, @ericsavics1 and @kanzure
Given that you say that this appears to be a phishing attack, I doubt there is anything I can personally could do. However, to benefit others, I would appreciate learning details so that I can be sure to consider adding that to the next edition of our #SmartCustody book.
#SmartCustody Adversary — INTERNAL THEFT
We might not like to think about INTERNAL THEFT in our #SmartCustody scenarios, but what if someone you entrust with the keys to your digital kingdom decides to steal those assets? (1/7)
Unfortunately, money can change people. You might have a friend who’d put their life on the line for you, but when they realize they have the key to tens or hundreds of thousands of dollars in Bitcoins … they can do the unexpected. (2/7)
One of our real-life examples comes from the corporate world. ShapeShift’s internal IT Lead was entrusted with keys that gave him access to their hot wallet. He used it to steal 315 Bitcoins and fled. (3/7) https://news.bitcoin.com/looting-fox-sabotage-shapeshift/
During the Silk Road investigation, Secret Service agent Shaun Bridges stole funds from Silk Road, then he took monies seized from Bitstamp. (4/7) https://arstechnica.com/tech-policy/2015/12/rogue-secret-service-agent-who-stole-from-silk-road-sentenced-to-nearly-6-years/
And how do you resolve the problem? Dual control is a great answer, which for digital assets means multisignatures. Of course that introduces new issues of trying to protect multiple keys from loss. You always have to decide where the balance lies in #SmartCustody. (6/7)
So you ask: can you trust your employees? Can you trust your lawyer? Can you trust your spouse? Can you trust your friends? You need to understand all of their desires and motivations, and only then can you make unemotional decisions about these potential adversaries. (5/7)
Have your own stories of INTERNAL THEFT impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (7/7)
Our next #SmartCustody adversary in the category of “Loss by Crime, Theft” is INTERNAL THEMFT: https://twitter.com/christophera/status/1271474884497965056?s=21 https://twitter.com/ChristopherA/status/1271474884497965056
I have been asked to offer testimony today at the Wyoming Select Committee on Blockchain, Financial Technology and Digital Innovation Technology. Today’s focus is digital identity. The live stream is now available at https://www.youtube.com/watch?v=91ZA8rppgSA
RT @CaitlinLong_: LIVE STREAM of #Wyoming’s Select Committee on #Blockchain, Fintech & Innovation available here! Digital identity is the m…
My testimony to the Wyoming Legislature on #Decentralized #DigitalIdentity begins at roughly the 1 hour mark. https://www.youtube.com/watch?v=91ZA8rppgSA
Replying to @excelleliu and @adam3us
There are several “full node in the box” solutions out there: @nodl_it Rasbiblitz, etc. If you have a MacOS device you leave at home (mine is an old MacMini that I also use for videos) we offer a free “one-click” installer Bitcoin Standup: https://github.com/BlockchainCommons/Bitcoin-Standup-MacOS More soon.
Replying to @excelleliu, @adam3us and @nodl_it
All of the above I mention use QuickConnect that allows your mobile device to control your home full node via Tor. FullyNoded2 is one such—it is a single & multisig wallet for iOS that also leverages Tor for privacy. In alpha today, but beta mainnet soon: https://testflight.apple.com/join/OQHyL0a8
#TIL: The Korean word 손맛
son-mat, which describes the specific, irreplaceable flavor of someone else’s cooking. I’ve also seen it translated more literally “hand taste”or “the taste of one’s hands” but apparently it has a connotation of a “mothers hand taste”. ♥️👐 …
I’m also fascinated at the meta level how interconnected this rabbit-hole was. From language, to emotion, to culture, to family, to food, to microbiota, to changes in health, to changes in culture. And all easily available to an inquiring mind over the internet. A good feeling.
I find that this is also interesting in the context of rise of allergies, where there is a hypothesis that too much cleanliness may be one of the sources. It terns out research shows that allergic diseases is on the rise in Korea. Too much hand cleaning? https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5796968/
It turns out the in addition to the spirit of the concept, there might also be some truth, at least for Korean cooking, as it often uses fermentation. This is due to the microbiota of Mom’s hands. 3 out of 4 multigenerational family show continuation of hand yeasts in cooking. …
This was was such a lovely concept, I wanted to see if it was true. I jumped into a research rabbit-hole, ultimately finding this lovely video https://calls.ars.electronica.art/prix2019/prixwinner/31613/ …
A year ago my Kickstarter for a social storytelling cooperative card game “Gate Watch” was a success. I’d thought that I’d do a number of other small projects over the next few years. Unfortunately, these type of intimate in-person games are now difficult in days of COVID-19. … https://twitter.com/ChristopherA/status/1139638040358297600
I had planned a close sequel called “Twilight Road” this spring. Stories of journeys rather that stories of borders. The other side of the story from “Gate Watch”. Unfortunately, play testing has been difficult. I’m now puzzling out to adapt game for Zoom. …
For a cooperative storytelling game, Zoom + Screen Sharing isn’t that bad as in general these games all information is public. The problem is that TOO much information is public — it overwhelm’s the players. …
I’ve been working on some collaborative information overload solutions using presentation software and/or custom scripting, and it isn’t bad. But I’m realizing this isn’t just relevant to games — being overwhelmed is also a consequence of business meetings as well. …
So far, the key thing appears to be having up front a clear shared signal of what conversational modality are we in. Are we in information sharing? Brainstorming? Are we trying to make a decision? Are we trying to document to share with others? …
Not being aligned on these modalities is one of the problems in chat online. Another problem is where is other people’s attention? Google Docs has a trick where you can click on someone’s avatar and go to what they are looking at. …
What other types of problems might be solved with some type of screen-shared worksheet? Have you created anything like this in Google Docs, Google sheets, or other shared document environment? Do you have tricks doing screen sharing of a facilitative document? Let me know!
RT @ChristopherA: I’ve been working on some collaborative information overload solutions using presentation software and/or custom scriptin…
Replying to @liber_liver
We call this adversary “Process Fatigue”. The greater number of of wallets, the more steps required, subtle but important differences, etc. will increase your errors, or keep you from doing the work at all. I’m not saying don’t have heterogeneous wallets, but be careful of risks.
Replying to @phil_geiger and @skwp
https://twitter.com/christophera/status/1272622054110449664?s=21 https://twitter.com/ChristopherA/status/1272622054110449664
PERSONAL NETWORK ATTACK is a #SmartCustody adversary that comes in two parts. First, it’s an internet-based attack on digital assets, and second it’s directed at your personally. (1/7)
WiFi offers one of the prime vectors for this attack. If you connect to a free WiFi, someone might be spoofing the sites you’re connecting to and collecting your credentials. (2/7)
A user of Coinbase encountered a different sort of attack. After he invested in cryptocurrency, hackers broke into his T-Mobile account, used that to access Google’s 2FA, and used that to get into the Coinbase account. (3/7) https://fortune.com/2017/08/22/bitcoin-coinbase-hack/
This is one of the adversaries where you have the greatest personal agency in defeating it. It’s all about having great internet security: protecting your passwords, protecting your phone, and otherwise making sure that hackers can’t get to your credentials. (4/7)
Of course the alternative is just to hide the fact that you have cryptocurrency at all. Don’t tell people about it, don’t access it except from the safety of your home network. Security by Obscurity usually fails, but here you’re just not giving hackers a target. (5/7)
But you need to remain vigilant because this is a situation where the result is likely to be total loss: if hackers know you have cryptocurrency, and they attack you to get it, they’re going to take it all! (6/7)
Have your own stories of Personal Network Attack impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (7/7)
The PERSONAL NETWORK ATTACK is our next adversary in the “Loss by Crime, Theft” category:
https://twitter.com/christophera/status/1272624127719829504?s=21 https://twitter.com/ChristopherA/status/1272624127719829504
RT @bsfarrington: I haven’t wanted to share this news, but my father died late Thursday. But his last message needs to be heard. “In Bill’s…
RT @FullyNoded: The latest FullyNoded2 Testflight includes coin control features! Including “do not spend change” and “do not spend dust” a…
RT @artemkrt: @CandleHater @baidakova If you don’t, let me guess - you don’t want that nerdy mess?
I switched to YES answer right after tr…
The systemic attack on Betcoin Dice was quite involved. Hackers took over http://Ghash.io and stole its money, but simultaneously made bets at Betcoin Dice, and were able to double-spend because of their control of the network. (4/8) https://bitcointalk.org/index.php?topic=327767.0
The Blockchain Graveyard lists millions of dollars of systemic losses of this sort, with some of the companies closing down as a result, passing those losses on to their customers. (3/8) https://magoo.github.io/Blockchain-Graveyard/
Our adversary’s motivation: “I’m a big kahuna among hackers. I don’t go after your little bitcoin wallets, I go after the exchanges or other bitcoin sites instead. Nonetheless, you might just find yourself at a literal loss when I bankrupt the company holding your wallet.” (2/8)
#SmartCustody Adversary — Systemic Network Attack
Yesterday I talked about Personal Network Attack as a adversary that could threaten your digital assets. But what if attackers instead make a SYSTEMIC NETWORK ATTACK, going after your service providers? (1/8)
Have your own stories of SYSTEMIC NETWORK ATTACK impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (8/8)
How else can you avoid attacks on your providers, who are presumably very secure? That’s the heart of our self-custody scenario, which uses cold-storage rather than wallets on exchanges. (7/8) https://github.com/BlockchainCommons/SmartCustodyBook/blob/master/manuscript/02-scenario.md
The good news with this adversary is that you are not alone — everyone involved in the ecosystem wants to avoid these type of attacks. However, you should be sure that your wallet vendors, custodians, exchanges, etc. are competent to spot these before they are successful. (6/8)
A recent failed attack, but too close for comfort, a hacker tricked a provider of a non-bitcoin related source code repository into accepting an update, which if incorporated downstream that code snippet would secretly backdoor all CoPay wallets. https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/ (5/8)
The SYSTEMIC NETWORK ATTACK is our next adversary in the “Loss by Crime, Theft” category: https://twitter.com/christophera/status/1272955016710549504?s=21
RT @veriphibtc: A little reminder for you all! 🤓
Our director of Marketing @CepnikMaciej will be giving a presentation on Cold-Storage lat…
RT @westfall104: The #T3Network just published a paper on “Applying SSI Principles to ILRs” to empower learners and workers with their data…
I need to give credit to @hackylawyER, who I also commended to this Wyoming Legislative Select Committee to invite to further discussions. Wyoming is in a great place to kick off a great start & has a real desire for fundamental enabling legislation for decentralized identity. https://twitter.com/vinayvasanji/status/1273016508982018048
🤔Some good stuff here, but feels like a bigger problem: “Protects people’s privacy during contact tracing…requires certain privacy measures be implemented in contact tracing applications.” https://www.nysenate.gov/legislation/bills/2019/S8327
RT @michael_nielsen: Whoo! Excited to see @nayafia’s book “Working in Public: The Making & Maintenance of Open Source Software” now for pre…
#SmartCustody Adversary — Casual Physical Theft:
Imagine: a robber enters your home and steals the safe containing your Ledger. It wasn’t their goal, and they might have no idea what to do with it. But you don’t have access to your Ledger any more either. (1/8)
Obviously, you minimize the threat of this adversary by having redundant copies of your keys, with the ability to restore your funds so that one CASUAL PHYSICAL THEFT doesn’t cost you everything. (5/8)
Even with theft, one of the most likely consequences is loss of your funds, not their acquisition by someone else! (4/8)
The motivation here? “I just want an easy score, and your house looks like it. … if you got a safe, I’ll try to take that too. I have no idea what I’ll do with it, or with the contents if I can get it open. If I see some weird numbers, I’ll probably just trash them.” (3/8)
This is what I call CASUAL PHYSICAL THEFT, one of the adversaries in #SmartCustody. Like the rest of the adversaries, it’s a specific threat that you can assess for your personal situation based on its anthropomorphized motivations. (2/8)
This also means that you need to be aware that a theft has happened. Consider checking periodically all the locations you store your keys in any form. I even check my safe deposit boxes twice a year. (7/8)
But you also need to be proactive. If your coins aren’t gone immediately, don’t just assume your thief is a knucklhead who doesn’t know what to do with your Ledger or your metal plates or whatever. Move your funds! (6/8)
Have your own stories of CASUAL PHYSICAL THEFT impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (8/8)
CASUAL PHYSICAL THEFT is the next #SmartCustody adversary in the category of “Loss by Crime, Theft”: https://twitter.com/christophera/status/1273363574295937024?s=21
Replying to @hackylawyER
Why would you think so? I don’t see how based from their questions during the testimony Friday that they have not shown that they are very serious about digital identity. What are you seeing differently? /cc co-chairs of #Wyoming Select Committee: @rothfuss @JaredSOlsen
Replying to @hackylawyER, @rothfuss, @JaredSOlsen and @hackylawyER
you are a leader in this area, in particular about moving beyond property law, thinking deeply & critically. I (and we) will miss your voice if you find you can’t participate in these discussions. If not you, who else? I believe Wyoming is ready to make a diference.
Replying to @hackylawyER, @rothfuss and @JaredSOlsen
For instance, in the testimony before mine from Google, you can tell the legislators are concerned about portability. You & @Emily_Fry_ wrote about that being a key good place to start. I think @GiuliettaMarani in the EU might agree. Wyoming can become US leader on this topic.
Replying to @hackylawyER, @rothfuss, @JaredSOlsen, @Emily_Fry_ and @GiuliettaMarani
How might we help Wyoming express the requirement for portability? What are the key points? We began a discussion on revising the #SSI Principle 6 on #Portability at https://github.com/WebOfTrustInfo/self-sovereign-identity/issues/13 — how can we turn this into legislation as a principle and not be too prescriptive?
Replying to @hackylawyER, @rothfuss, @JaredSOlsen, @Emily_Fry_, @GiuliettaMarani and @hackylawyER
— I shared with the #Wyoming Select Committee your article with @dazzagreenwood https://www.linkedin.com/pulse/do-we-really-want-sell-ourselves-risks-property-law-data-greenwood/ — however, you may feel this is now dated. What other links to help them understand the issue do you feel are essential?
RT @hackylawyER: @ChristopherA @rothfuss @JaredSOlsen @Emily_Fry_ @GiuliettaMarani @dazzagreenwood Thanks, I’d recommend this recent piece…
So as far as I can tell, #Wyoming has no specific law around digital identity. They have a number of adjacent laws around real-world identity and are very protective about personal privacy—much more so than other states. But otherwise they are tabula rasa. Where would you start?
IANAL, but is a good issue to start with that the existence of a digital identity, or the lack of (or problems with), should in no way be allowed reduce the rights of the individual person? I shared the India & Kenya examples of denial of services due to lack of digital identity.
What other fundamental principles, acknowledgement of human rights, solid modern definitions, and privacy issues are a good base line for #Wyoming, given a general absence of them or inheriting them from US Federal Law or other laws like UCC? Seeking powerful low-hanging fruit.
Replying to @alistairmilne
I would really like to add the full story of this to the next edition of the #SmartCustody book.
Now that W3C DID (Decentralized Identifier) Working Group is working on their next draft toward a final spec, the official register of different DIDs methods that have been added to date has been moved its new home: https://www.w3.org/TR/did-spec-registries/#did-methods
This is a situation where someone knows that you have digital assets, knows where those assets are held, and it prepared to physically break in to retrieve them. It’s a bit terrifying. (2/8)
Yesterday I wrote about the #SmartCustody adversary Casual Physical Theft, where a robber accidentally (or at least non-purposefully) takes your cryptocurrency. SOPHISTICATED PHYSICAL THEFT, where they know what they’re after, is much more dangerous. (1/8)
This is another situation where the best protection might be anonymity. If no one knows about your cryptocurrency or other digital assets, then no one will make a special effort to steal it. (5/8)
Is someone likely to break into your house, disguise themself as a service person, or place nearby listening devices? Probably not. But compare it to your profile and vulnerability. How well known is your wealth, how secure is it, and how large is it? (4/8)
It’s also somewhat unlikely. And #SmartCustody is all about bloodlessly considering threats and seeing which ones are actually adversaries that you have to face. (3/8)
Have your own stories of SOPHISTICATED PHYSICAL THEFT impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (8/8)
It is a balancing act—if you try to protect against all possible adversaries at once, you will become paralyzed. Instead, take a look at each seperately. SOPHISTICATED PHYSICAL THEFT is scary, but unless you are a public figure other adversaries are likely a greater threat.(7/8)
You can take steps to increase your privacy. For instance, see @lopp’s article reflecting on privacy after a SWAT incident https://blog.lopp.net/reflections-upon-a-swatting/ that resulted in his extensive advice at https://blog.lopp.net/modest-privacy-protection-proposal/ (6/8)
Our next #SmartCustody adversary in the category “Loss by Crime, Theft” is SOPHISTICATED PHYSICAL THEFT: https://twitter.com/christophera/status/1273671203832492033?s=21
Replying to @veriphibtc
I’ve also been doing a tweetstorm daily this month on each of the #SmartCustody adversaries, starting at: https://twitter.com/ChristopherA/status/1267560484611387392?s=20 https://twitter.com/ChristopherA/status/1267560484611387392
Replying to @BitcoinQ_A
You should also look at Bitcoin Standup MacOS https://github.com/BlockchainCommons/Bitcoin-Standup-MacOS, a one-click installer that also installs Tor v3 services & QuickConnect QR to connect to a remote wallet (some of your other nodes do as well, should add a column!). We have linux scripts also available.
The co-chairs @rothfuss @JaredSOlsen of #Wyoming Select Committee on Blockchain, Financial Technology and Digital Innovation Technology said during the last meeting they were interested getting help. I recommended you. What do you need next?
Done. Your invite from the Select Committee’s co-chairs should be in your inbox.
Now to find a select few more people that can help create a legal model for decentralized digital identity in #Wyoming that other states can learn from. Any suggestions on who else?
The underlying algorithms and protocols for Charter will be open source & will use open standards processes, and thus not owned by any single company. Instead they will be under the control of individuals and the groups that people create and join.
“Charter reimagines social media to recover its initial promise, with new safeguards so that no single vendor one can steal it away.” I’m co-author of the IETF TLS 1.0 standard, and co-author of the emerging W3C Decentralized Identifier standard. I care deeply about this.
Blockchain Commons @BlockchainComns is collaborating with Bitmark @BitmarkInc in their efforts to create Charter, a new open social-media architecture for the internet. https://www.prnewswire.com/news-releases/blockchain-commons-and-bitmark-introduce-charter-a-new-social-media-architecture-301078535.html
We look forward to continuing to work with Bitmark as the Charter open architecture evolves, as well as with other companies who might be interested in this architecture. Join our mailing list http://eepurl.com/gDvBkj
This is the sort of open infrastructure that is at the heart of our work at Blockchain Commons: Charter will be available for use by many people & many companies all across the internet, each with their own ability to improve or utilize it, and all with no centralized authority.
We will begin by collaborating with @BitmarkInc on an information lifecycle engagement model (like the previous Joram or Amira models from #RWOT led by @JoeAndrieu) for this decentralized social-media architecture that gives its users both agency & autonomy.
#SmartCustody Adversary — Social Engineering
The Con Man may be the most dangerous thief in the online world. He’s an adversary who depends on SOCIAL ENGINEERING to trick you into giving up your credentials, and then use them to steal the assets that they were protecting. (1/12)
This is one of the many adversaries that I talk about in #SmartCustody: threats to your digital assets that I anthropomorphize to help you assess how dangerous they are to you (or not). Then help you balance those actual threats vs. the cost to mitigate them. (2/12)
There are certainly examples of con men being dangerous to other holders of cryptocurrency, as has been reported in the news over the years. (3/12)
An attacker spearphished Bitpay and got the CFO to reveal his credentials, which were then used to contact the CEO and convince him to transfer 5,000 Bitcoins. (4/12) https://cointelegraph.com/news/bitpay-hacked-for-over-18-million-in-bitcoins
The COINHOARDER group used ads with misspelled URLs for exchange sites to trick people into giving up their credentials. (5/12) https://blog.talosintelligence.com/2018/02/coinhoarder.html
Social engineering can be devastatingly clever. The bottom line is that you should never type in your credentials unless you went to a site in a way that confirmed it’s the real thing or you saw its certificate. (7/12)
These tricks need not be very technical. My colleague got an email from a partner in China with a new email. That partner also received a new email. The attacker just sat in the middle, carefully forwarding each email until the right moment and changed the crucial address. (6/12)
Learning to use two-factor authentication (2FA) is also a requirement: it ensures that if someone else gets your credentials, they still can’t get into a site (unless they port your cell phone number, but at least that’s an additional obstacle). (8/12)
In other words, we sort of need to be protected from ourselves, because it’s possible for any of us to fall to a SOCIAL ENGINEERING scam at some point! (10/12)
I personally always request that cryptocurrency address to me to pay for for significant amounts be sent via two mechanisms, with at least one secure such as Signal. Even larger amounts I might confirm address by voice. (9/12)
LIke all the #SmartCustody adversaries in this series, you review your risks seperately. SOCIAL ENGINEERING is one that stood out in my own review of threats as being under-represented in my own tactics, and it was relatively cheap for me to strengthen. (11/12)
Have your own stories of SOCIAL ENGINEERING impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (12/12)
Today’s #SmartCustody adversary in the category “Loss by Crime, Theft” is SOCIAL ENGINEERING https://twitter.com/ChristopherA/status/1274067538637291520?s=20
RT @johnabbe: Thx to @shareable (and every author/publisher who has helped me learn from #elinorostrom), this is new to me & yet unsurprisi…
An anonymous burner phone is useful for other legal purposes besides protests, for instance to publish an advocacy blog, document & report civil and human rights abuses, or inform press about illegal activities of parties with financial or political power. Asymmetric power. https://twitter.com/theintercept/status/1274103545458036737
RT @mgsiegler: We’re getting too far into the weeds with all this. It seems pretty simple at a higher level: App Store rules and policies w…
Replying to @KLoaec and @rootzoll
There are other things beside funding needed for Tor to exist. Our own organization @BlockchainComns funds an exit node, and we hope to fund more. I urge the entire community to support these commons, both @torproject directly, and common pool resources like bandwidth, etc.
There are other things beside funding needed for Tor to exist. Our own organization @BlockchainComns funds an exit node, and we hope to fund more. I urge the entire community to support these commons, both @torproject directly, and common pool resources like bandwidth, etc. https://twitter.com/torproject/status/1274040299363299328
See also “We wanted to do something to help people that have been affected [by COVID-19] and people that are out of work,” Fournier described. “So we fired up the same exact press from the late 1800s, and we have printed off wooden money once again.” https://mynorthwest.com/1951334/tenino-washington-printing-wooden-money/
I’ve written before about local currencies. They can be a powerful local tool: “he’d watched the pandemic rake local businesses…‘How do we directly help families and individuals?’ And then it hit him: ‘Why not start our own currency?’” https://thehustle.co/covid19-local-currency-tenino-washington/#:~:text=Whynotjustgiveresidents,moneystaysinthecity
Support in our @FullyNoded 2 iOS bitcoin wallet for bitcoin multisig transactions that leverage interoperability with multiple wallets from multiple companies is really evolving right now. 4 now! You should ask (no demand!) that your wallet vendors demonstrate interoperability. https://twitter.com/FullyNoded/status/1274573750298533890
#SmartCustody Adversary — Supply-Chain Attack
SUPPLY-CHAIN ATTACK may be one of the least obvious adversaries that we cover in #SmartCustody. But that makes it particularly important, because you may not be aware of its possibilities. (1/11)
The problem with a supply-chain attack is that it can make you very paranoid. Anyone could be an attacker, from a worker in a factory to a reseller to your postal carrier, to the eponymous “evil maid”. (6/11) https://en.wikipedia.org/wiki/Evil_maid_attackevil
And we’ve always wondered about the “factory-sealed” computer used to supposedly prove the identity of Satoshi Nakamoto, especially since it was delivered by that person’s assistant. That’s a prime example of an opportunity for an attack of this sort. (5/11)
Is this hypothetical? Maybe. Nonetheless it’s been highlighted by security analysts as a potential threat. (4/11) https://threatpost.com/cryptocurrency-wallet-hacks-spark-dustup/140445/
Here’s how we explain the motivation: “I’m the slyest of thieves because I worm my way into your life without your even knowing. … My goal is to mess with your devices so that I can mess with your digital assets, and you may never figure out how I did it!” (3/11)
In a Supply-Chain Attack, someone corrupts your computer, your hardware wallet, or your other cryptocurrency hardware before you ever see it. (2/11)
On my most critical personal devices, I enclose them in tamper-evident bags, or add a tamper-evident seal, or just some add glitter polish and take a photo. I check these twice a year. I personally feel it is unlikely to happen to me, but it is so cheap to protect against. (9/11)
Of course, this is really practical when in fact the known incidents of SUPPLY-CHAIN ATTACK are very few. However, whether you purchase directly from a manufacturer or not, seek hardware that is sealed and offers some measures of tamper-resistance. And re-check regularly! (8/11)
The ideal solution? Buy from manufacturers directly. If you can, do so in person by going to their warehouse! I bough my first @Ledger hardwared from their store in Paris. Every person you can cut out of the supply-chain is one less vector of attack. (7/11)
Have your own stories of SUPPLY-CHAIN ATTACK impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (10/11)
And this at last of the #SmartCustody category “Loss by Crime, Theft” by networked, personal or systemic, institutional or internal, through the supply chain or through social engineering. You need to consider them all in your risk analysis! (9/11)
Our last #SmartCustody adversary in the category “Loss by Crime, Theft” is SUPPLY-CHAIN THEFT: https://twitter.com/christophera/status/1275143980389265408?s=21
RT @RhysLindmark: Confused by paradigms? Me too! Hopefully my most recent article can help.
Paradigms are the combination of epistemology,…
#SmartCustody adversary category “Loss by Crime, Other”
I’ve spent a lot of time on the category of THEFT, but it’s not the only sort of crime that can impact your cryptocurrency holdings. There’s a whole other category, which I wittily called LOSS BY CRIME, OTHER. (1/10)
I place four different adversaries in this #SmartCustody category: Blackmail, Coercion, Terrorism, and Non-Financially-Motivated Attackers. The unifying theme is that they’re trying to take your digital assets by illegal means. (2/10)
Yes, some of these OTHER adversaries are still technically THEFT, but they tend to be risks with bigger consequences than just losing property. You could lose your reputation or your life! (3/10)
These can be darker crimes, but they’re also somewhat less likely. Are you really likely to be kidnapped? (A form of coercion) Could you even be blackmailed? I suspect mostly not. (5/10)
I iconify these criminals as a man with a overcoat and a shotgun. That’s pretty scary too. (4/10)
But of course the point of #SmartCustody is to anthropomorphize adversaries so that you understand them better, and to use that as the foundation for determining whether they’re threats to you (personally) or not. (6/10)
We might viscerally fear being kidnapped for our Bitcoins (or that man in the covercoat), but by modeling the risk we can determine if it’s actually likely. If it isn’t, it may be better concentrate our efforts on another risk. (7/10)
The motive of these adversaries is mixed. Like other crimes, greed is a big factor, but the non-fincially-motivated attackers could be hackers, hactivists, or just bored kids. (8/10)
Any thoughts on these OTHER crimes? Any specific adversaries that I missed? Let us know! And please consider supporting the book this is drawn from, #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (10/10)
Because of that variation in motive, each of these OTHER crimes have to be approached somewhat differently than we did for the motives of the more pure THEFT crimes. (9/10)
Our next category of #SmartCustody adversaries is “Loss by Crime, Other”: https://twitter.com/christophera/status/1275535534866104322?s=21
RT @AntoineVedeilhe: THREAD. This morning I took a flight to Chengdu (2000km away from Shanghai) to interview Fan Xiao, a respected Chinese…
I wrote this two years ago today. Can we do this yet with Lightning Networks’ LSATs? I’d like to start leveraging content addressable objects, but I don’t want rest of FileCoin stack. @WayneVaughan @BuckPerley @roasbeef @alexbosworth @gugol https://twitter.com/ChristopherA/status/1010994379434016775
RT @start9labs: Announcing Capacitor-Tor!
An open source plugin for hybrid mobile apps built with @Ionicframework that enables developers…
#SmartCustody Adversary — Blackmail
BLACKMAIL sounds like a somewhat unlikely crime for the average person, but in actuality it’s a very real adversary, which is why we talk about in #SmartCustody. (1/10)
How real is it? You or your employer has probably received one or more BLACKMAIL threats demanding payment in bitcoins. Granted, bitcoins are just a preferred method of pseudonymous payment, but if you have cryptocurrency, you’re that much more vulnerable. (2/10)
It’s even appeared in TV shows, such as an episode of The Good Wife where the firm’s computers are encrypted and a ransom is demanded. (3/10) https://computertroubleshooters.co.uk/tonbridge/commentary/the-good-wife-attacked-by-ransomware/
One of the prime sorts of BLACKMAIL is cryptocurrency ransomware, where files will only be decrypted if a bitcoin fee is paid. (4/10) https://nakedsecurity.sophos.com/2019/02/14/inside-a-gandcrab-targeted-ransomware-attack-on-a-hospital/
Sextortion is another form of BLACKMAIL. It tends to be based on pure bluff, that an attacker took control of the victim’s computer camera. (5/10) https://www.eff.org/deeplinks/2018/07/sextortion-scam-what-do-if-you-get-latest-phishing-spam-demanding-bitcoin
Obviously, a specific attack could be more precisely targeted, and it could be based on control of information or a possession that you care about more personally. (6/10)
A challenge that the BLACKMAIL doesn’t even have to be true. Going back to the day’s of Cardinal Richelieu’s “six lines” and today’s #FalseNews and #MeToo facts are unfortunately optional. (7/10)
How to avoid BLACKMAIL? Well, the problem is that they already have something of value, so sometimes you have to decide between losing it and losing your digital assets. (8/10)
Not necessarily a solution, but having someone you trust in a multisig who can more objectively advise you and keep you from being too rushed or doing something stupid may help. (9/10)
Have your own stories of BLACKMAIL impacting digital assets? Any other ways to mitigate against this adversary? Let us know! And please consider supporting #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/
Our first #SmartCustody adversary in the category of “Loss by Crime, Other” is BLACKMAIL: https://twitter.com/christophera/status/1275901766081507329?s=21
Replying to @BuckPerley, @cycryptr, @WayneVaughan, @roasbeef, @alexbosworth and @gugol
A particular challenge is that I don’t want to incentivize availability back to me, but instead I want the data available broadly on the network. I don’t want the data back, I want my associates to be able to get it when I’m not available to offer it, for instance offline.
Open source & Ostrom “they take the first of her design principles, clear boundaries and memberships, and turn it inside out…a Hobbesian state…where the rules about who can appropriate are no rules at all. The ‘membership’ that can exploit is everyone” https://writing.kemitchell.com/2020/04/20/Common-Pool-Pushovers.html
The author continues with this list of alternative views on open source software as “antidotes” to the hype. Basic summary is that open source has complications that are “omitted from the popular narrative”. https://writing.kemitchell.com/lists/Antidote.html
Replying to @infinite_mao
I’m just not quite sure what this is? A zine? A collection of poetry? Game play? A game?
Here’s our take on the motivation: “I know you have cryptocurrency. Well, I’ve got power in the real world. … I want to get what you have, and I’m going to force you to give it to me by any means necessary.” (2/8)
#SmartCustody Adversary — Coercion
COERCION? Ugh. It’s a terrible adversary that can threaten the #SmartCustody of your digital assets. Someone is demanding those assets based on a threat to you, your family, or your friends. (1/8)
How real is this threat in the first world? It’s limited. Though of course that’s the exact sort of assement you need to make in #SmartCustody, when you look at the motivations of anthropomorphized adversaries, and see how they impact you. (3/8)
And there is at least one strong possibility for COERCION in first-world countries: SWATting, where the police are sent in to possibly kill you based on fake 911 calls. This isn’t isn’t only a #BLM problem.(4/8)
Elsewhere, kidnapping can be a real problem, in which case you’re being coerced to give up your digital assets due to threats to yourself or your family. (5/8)
One gamble is to have two sets of funds, those which you are able to give away easily based on a threat, the second you genuinely can’t give up due to a multisig or timelock. But sometimes it’s a question or your money or your life: try not to get into a position like that .(7/8)
There’s a list of real-world COERCION of this sort that includes SWATting, kidnapping, and torture. (6/8) https://github.com/jlopp/physical-bitcoin-attacks
Have your own stories of COERCION impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (8/8)
The next #SmartCustody adversary in the category of “Loss by Crime, Other” is COERCION: https://twitter.com/christophera/status/1276218207909511169?s=21
#SmartCustody Adversary — Non-Financially Motivated Attackers
The most far-flung crime in my list of adversaries is likely the NON-FINANCIALLY MOTIVATED ATTACKERS: people who are denying you access to your cryptocurrency even though they don’t care about the money. (1/9)
What might these non-financial motivations be? The attacker might want to expose something, they might want to deny your money to you, or they might want to use your funds as a tool to get something else. We can’t always know their motivations. (2/9)
The creators of Malware are prime examples of non-financially motivated attackers. They just want to demonstrate their power. They want to break stuff! (4/9)
But here’s how we try and summarize it: “I don’t care about your money, but I’ll still going to mess with you. … The key is: I know who you are, I know what you have, and I want to use that knowledge as a lever for my own purposes.” (3/9)
The goal of leveraging #SmartCustody adversaries is to understand their motives so that we can both assess and avoid them. Yet that’s really hard to do with NON-FINANCIALLY MOTIVATED ATTACKERS. (6/9)
An attacker of the Parity wallet said that his attack was accidental, caused by curiosity. Was it? We don’t know. (5/9) https://medium.com/chain-cloud-company-blog/parity-multisig-hack-again-b46771eaa838
Most NON-FINANCIALLY MOTIVATED ATTACKERS are directly targeting you. This requires you to have good digital hygeine. Protect your not only your keys, but also protect your identity and your other credentials. Make it hard for anyone to identify you and deny you access. (8/9)
So how do you protect your digital assets against NON-FINANCIALLY MOTIVATED ATTACKERS? The key is their focus is denial of access, not theft. So where are the places, short of theft, that they can lock you out or delay you? Establish redundancies and alternative paths. (7/9)
Have your own stories of non-financial motivations impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (9/9)
Another #SmartCustody adversary in the category of “Loss by Crime, Other” is the NON-FINANCIALLY MOTIVATED ATTACKER: https://twitter.com/christophera/status/1276569133165903872?s=21
Replying to @bobhilt
There are definitely a number of approaches to avoiding a complete loss. But care must be taken to avoid too much PROCESS FATIGUE (a future adversary) else you increase your vulnerability. You can balance the risk.
RT @BtcpayServer: What’s your favorite feature of the v 1.0.5.0?
https://twitter.com/BtcpayServer/status/1276526312279113730?s=20
We are in that point in our beta testing of the @FullyNoded 2 multisign wallet where we are moving from bitcoin testnet to testing on mainnet, where real bitcoin is at risk. We are seeking a few private beta testers to help us move FN2 to the next level! https://twitter.com/FullyNoded/status/1276780728101924864
RT @torproject: Wikipedia has tried to block Tor users since 2007, alleging vandalism, spam, and abuse. New research tells a different stor…
I’m feeling this to be particularly true today. I didn’t predict the impact of COVID-19 on my plans going forward, but my plans from the future to today are still valid — how do we together make better decisions to collaborate & thrive to save the world? It helps my priorities. https://twitter.com/moskovich/status/846243656239661056
#SmartCustody Adversary — Terrorist / Mob
Here’s one final criminal adversary from #SmartCustody that might affect your digital holdings: TERRORISM or the MOB. (1/9)
So I’ll start with repeat what I said then: consider if your money is really worth more than your life. (4/8)
They’re a special case because they’re much more likely to carry through on their threats, because that’s how they operate. They know that fear breeds compliance, and fear derives from threats actually carried out. (3/9)
It’s a special case of the Coercion adversary that I discussed a few days ago https://twitter.com/ChristopherA/status/1276218207909511169, but now it’s an organization that’s targeting you, whether it be organized crime or a terrorist group. (2/9) https://twitter.com/ChristopherA/status/1276218207909511169
Have your own stories of TERRORISM or the MOB impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (9/9)
And that’s the last of my “other” criminal adversaries, which covered Blackmail, Coercion, Non-Financially Motivated Attackers, and Terrorism/Mob. These may be less likely to affect you, but #SmartCustody is all about figuring out your odds before placing bets or investing. (8/9)
There are no easy answers to addressing this adversary, but a key may be in their strategy, which is to instill fear, not only in you, but in your community. Find support in your community to mitigate that fear and its impact. Also support your community! (7/9)
The opposite strategy is to be recognized as a public-figure such that civil society & governments will help defend you. But that option is limited and not available to everyone. I’m sure @Snowden worries as almost as much about TERRORIST / MOB as he does about governments. (6/9)
Practice anonymity of your funds, because an organized criminal organization is only going to attack you if they know they have something to gain. (5/9)
Our last #SmartCustody adversary in the category of “Loss by Crime, Other” is TERRORISM / MOB: https://twitter.com/christophera/status/1277710396778885120?s=21
Replying to @clay_space, @sthenc, @jonst0kes, @SwanBitcoin and @kanzure
If your interested, the above is an excerpt from the full #SmartCustody Book http://bit.ly/SmartCustodyBookV101, free due to the generosity of our Sponsors. We are seeking support for v2 of the book which will include multisig scenarios.
Replying to @clay_space, @sthenc, @jonst0kes, @SwanBitcoin and @kanzure
I’m also recapping this month on Twitter the digital asset adversaries that we cover in the book. One a day starting at https://twitter.com/christophera/status/1267560481855639553?s=21
Replying to @lumpysnake
In a reply to the original tweet (128 character day) I credit the orgininator. But your URL is more current. Thanks!
I’m not surprised—Pandemic is a true social cooperative game, and health care today is socially cooperative work. As a game it depersonalizes the topic just a bit, allowing you to focus on solving the problems and not needing to empathize with your patients, only your co-workers. https://twitter.com/mattleacock/status/1277714286702256133
LOSS BY GOVERNMENT is one of the most interesting categories of adversaries in #SmartCustody because I think it’s something that a lot of cryptocurrency holders are afraid of, but I also think it contains adversaries that aren’t necessarily going to impact most people. (1/8)
But that’s not necessarily the state of things today, and that’s what #SmartCustody is all about: approaching potential adversaries without emotion, seeing what they want, and assessing whether that’s a danger to your own holdings. (5/8)
That’s probably what causes me to envision this category as a man in black wearing sunglasses, ready to take you away in an unmarked van. (4/8)
This hasn’t been helped by some governments’ prejudicial attitudes toward cryptocurrency in the early years of Bitcoin, and waffling support back & forth today. (3/8)
The concern is understandable. The beliefs of centralized government and those of advocates of decentralized services can run straight against each other. (2/8)
Any thoughts on Loss by Government? Any specific adversaries that I missed? Let us know! And please consider supporting the book this series is drawn from, #SmartCustody. We’re working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (8/8)
There are just two adversaries in this category: Legal Forfeiture and the danger of the uncontrolled Nation-State Actor. (7/8)
So you have to ask: am I in a state likely to take my holdings by illegal means? Am I in danger of losing my holdings to legal means? Would it be just if that happened? The answers to those questions helps to define the danger of these adversaries. (6/8)
Our next category of #SmartCustody adversaries is “Loss by Government”: https://twitter.com/christophera/status/1278058733868773376?s=21
RT @FullyNoded: Manually importing things into your node is not fun. I worked with bitcoin-cli non stop the last two years and i can not ge…