* [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
@ 2015-01-20 15:46 Peter Todd
[not found] ` <CAHpxFbEoDLMGKB7arHbgB+4kx8BwgcX7nBUZz6yP9k4LjZeu1A@mail.gmail.com>
` (3 more replies)
0 siblings, 4 replies; 14+ messages in thread
From: Peter Todd @ 2015-01-20 15:46 UTC (permalink / raw)
To: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 3155 bytes --]
I was talking to a lawyer with a background in finance law the other day
and we came to a somewhat worrying conclusion: authors of Bitcoin wallet
software probably have a custodial relationship with their users,
especially if they use auto-update mechanisms. Unfortunately this has
potential legal implications as custodial relationships tend to be
pretty highly regulated.
Why is this? Well, in most jurisdictions financial laws a custodial
relationship is defined as having the ability, but not the right, to
dispose of an asset. If you have the private keys for your users'
bitcoins - e.g. an exchange or "online" wallet - you clearly have the
ability to spend those bitcoins, thus you have a custodial relationship.
However if you can trivially obtain those private keys you can also
argue you have a custodial relationship. For instance StrongCoin was
able to seize funds stolen from OzCoin¹ with a small change to the
client-side Javascript their users download from them every time they
visit the site. Portraying that as "the ability to dispose of an asset"
in a court of law would be pretty easy. Equally on a technical level
this isn't much different from how auto-updating software works.
Now I'm sure people in this audience will immediately point out that by
that logic your OS vendor is also in a custodial relationship - they
after all can push an update that steals everyones' bitcoins regardless
of what local wallet you use. But the law isn't a deterministic
algorithm, it's a political process. Circle is easy to portray as having
a custodial relationship, StrongCoin and Blockchain.info are a little
harder, Android Wallet harder still, Bitcoin Core's multi-party
deterministicly compiled releases even harder.
But ultimately we're not going to know until court cases start
happening. In the meantime probably the best advice - other than getting
out of the wallet business! - is to do everything you can to prevent
losses through malicious auto-updates. Create systems where as many
people as possible have to sign off and review an update before it has
the opportunity to spend user funds. Not having auto-updates at all is a
(legally) safe way to achieve that goal; if you do have them make sure
the process by which an update happens is controlled by more than one
person and there are mechanisms in place to create good audit logs of
how exactly an update happened.
Finally keep in mind that one of the consequences of a custodial
relationship is that some legal authority might try to *force* you to
seize user funds. StrongCoin made it 100% clear to authorities that they
and sites like them are able to seize funds at will - I won't be
surprised if authorities use that power in the future. The more
automatic and less transparent an update is, the higher the chance some
authority will lean on you to seize funds. So don't make it easy for
yourself to meet those demands.
1) https://bitcoinmagazine.com/4273/ozcoin-hacked-stolen-funds-seized-and-returned-by-strongcoin/
--
'peter'[:-1]@petertodd.org
00000000000000001a5e1dc75b28e8445c6e8a5c35c76637e33a3e96d487b74c
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
[not found] ` <CAHpxFbEoDLMGKB7arHbgB+4kx8BwgcX7nBUZz6yP9k4LjZeu1A@mail.gmail.com>
@ 2015-01-20 17:15 ` Peter Todd
0 siblings, 0 replies; 14+ messages in thread
From: Peter Todd @ 2015-01-20 17:15 UTC (permalink / raw)
To: Daniel Stadulis, bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 1452 bytes --]
On Tue, Jan 20, 2015 at 08:43:57AM -0800, Daniel Stadulis wrote:
> Hey Peter,
>
> What would you say to the argument: given developers have auto update
> capabilities they only have the ability to *give themselves* *the ability* to
> have custodial rights?
Heh, well, courts tend not to have the narrow-minded pedantic logic that
programmers do; quite likely that they'd see having the ability to give
themselves the ability as equivalent to simply having the ability. What
matters more is intent: the authors of an operating system had no intent
to have a custodial relationship over anyones' BTC, so they'd be off the
hook. The authors of a Bitcoin wallet on the other hand, depends on how
you go about it.
For instance Lighthouse has something called UpdateFX, which allows for
multi-signature updates. It also supports deterministic builds, and
allows users to chose whether or not they'll follow new updates
automatically, or only update on demand. In a court that could be all
brought up as examples of intent *not* to have a custodial relationship,
which may be enough to sway judge/jury, and certainly will help avoid
ending up in court in the first place by virtue of the fact that all
those protections help avoid theft, and increase the # of people that an
authority need to involve to seize funds via an update.
--
'peter'[:-1]@petertodd.org
00000000000000001a5e1dc75b28e8445c6e8a5c35c76637e33a3e96d487b74c
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
2015-01-20 15:46 [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships Peter Todd
[not found] ` <CAHpxFbEoDLMGKB7arHbgB+4kx8BwgcX7nBUZz6yP9k4LjZeu1A@mail.gmail.com>
@ 2015-01-20 17:23 ` Matt Whitlock
2015-01-20 17:40 ` Peter Todd
2015-01-20 17:44 ` Tamas Blummer
2015-01-20 17:47 ` Justus Ranvier
2015-01-20 21:49 ` Roy Badami
3 siblings, 2 replies; 14+ messages in thread
From: Matt Whitlock @ 2015-01-20 17:23 UTC (permalink / raw)
To: bitcoin-development
On Tuesday, 20 January 2015, at 10:46 am, Peter Todd wrote:
> I was talking to a lawyer with a background in finance law the other day
> and we came to a somewhat worrying conclusion: authors of Bitcoin wallet
> software probably have a custodial relationship with their users,
> especially if they use auto-update mechanisms. Unfortunately this has
> potential legal implications as custodial relationships tend to be
> pretty highly regulated.
>
> Why is this? Well, in most jurisdictions financial laws a custodial
> relationship is defined as having the ability, but not the right, to
> dispose of an asset. If you have the private keys for your users'
> bitcoins - e.g. an exchange or "online" wallet - you clearly have the
> ability to spend those bitcoins, thus you have a custodial relationship.
If you have the private keys for your users' bitcoins, then you are every bit as much the owner of those bitcoins as your users are. There is no custodial relationship, as you have both the ability and the right to spend those bitcoins. Possession of a private key is equivalent to ownership of the bitcoins controlled by that private key.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
2015-01-20 17:23 ` Matt Whitlock
@ 2015-01-20 17:40 ` Peter Todd
2015-01-20 17:44 ` Matt Whitlock
2015-01-20 17:44 ` Tamas Blummer
1 sibling, 1 reply; 14+ messages in thread
From: Peter Todd @ 2015-01-20 17:40 UTC (permalink / raw)
To: Matt Whitlock; +Cc: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 1896 bytes --]
On Tue, Jan 20, 2015 at 12:23:14PM -0500, Matt Whitlock wrote:
> On Tuesday, 20 January 2015, at 10:46 am, Peter Todd wrote:
> > I was talking to a lawyer with a background in finance law the other day
> > and we came to a somewhat worrying conclusion: authors of Bitcoin wallet
> > software probably have a custodial relationship with their users,
> > especially if they use auto-update mechanisms. Unfortunately this has
> > potential legal implications as custodial relationships tend to be
> > pretty highly regulated.
> >
> > Why is this? Well, in most jurisdictions financial laws a custodial
> > relationship is defined as having the ability, but not the right, to
> > dispose of an asset. If you have the private keys for your users'
> > bitcoins - e.g. an exchange or "online" wallet - you clearly have the
> > ability to spend those bitcoins, thus you have a custodial relationship.
>
> If you have the private keys for your users' bitcoins, then you are every bit as much the owner of those bitcoins as your users are. There is no custodial relationship, as you have both the ability and the right to spend those bitcoins. Possession of a private key is equivalent to ownership of the bitcoins controlled by that private key.
Posessing a private key certainly does not give you an automatic legal
right to anything. As an example I could sign an agreement with you that
promised I would manage some BTC on your behalf. That agreement without
any doubt takes away any legal right I had to your BTC, enough though I
may have have the technical ability to spend them. This is the very
reason why the law has the notion of a custodial relationship in the
first place.
Don't assume the logic you'd use with tech has anything to do with the
logic courts use.
--
'peter'[:-1]@petertodd.org
00000000000000001a5e1dc75b28e8445c6e8a5c35c76637e33a3e96d487b74c
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
2015-01-20 17:40 ` Peter Todd
@ 2015-01-20 17:44 ` Matt Whitlock
0 siblings, 0 replies; 14+ messages in thread
From: Matt Whitlock @ 2015-01-20 17:44 UTC (permalink / raw)
To: Peter Todd; +Cc: bitcoin-development
On Tuesday, 20 January 2015, at 12:40 pm, Peter Todd wrote:
> On Tue, Jan 20, 2015 at 12:23:14PM -0500, Matt Whitlock wrote:
> > If you have the private keys for your users' bitcoins, then you are every bit as much the owner of those bitcoins as your users are. There is no custodial relationship, as you have both the ability and the right to spend those bitcoins. Possession of a private key is equivalent to ownership of the bitcoins controlled by that private key.
>
> Posessing a private key certainly does not give you an automatic legal
> right to anything. As an example I could sign an agreement with you that
> promised I would manage some BTC on your behalf. That agreement without
> any doubt takes away any legal right I had to your BTC, enough though I
> may have have the technical ability to spend them. This is the very
> reason why the law has the notion of a custodial relationship in the
> first place.
I never signed any kind of agreement with Andreas Schildbach. I keep my bitcoins in his wallet with the full knowledge that an auto-update could clean me out. (I only hold "walking around" amounts of money in my mobile wallet for exactly this reason.) I would love it if Andreas offered me an agreement not to spend my bitcoins without my consent, but I doubt he'd legally be allowed to offer such an agreement, as that would indeed set up a custodial relationship, which would put him into all sorts of regulatory headache.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
2015-01-20 17:23 ` Matt Whitlock
2015-01-20 17:40 ` Peter Todd
@ 2015-01-20 17:44 ` Tamas Blummer
2015-01-20 17:47 ` Matt Whitlock
1 sibling, 1 reply; 14+ messages in thread
From: Tamas Blummer @ 2015-01-20 17:44 UTC (permalink / raw)
To: Matt Whitlock; +Cc: bitcoin-development
[-- Attachment #1.1: Type: text/plain, Size: 735 bytes --]
Knowing the private key and owning the linked coins is not necessarily the same in front of a court.
At least in german law there is a difference between ‘Eigentum' means ownership and ‘Besitz’ means ability to deal with it.
Being able to deal with an asset does not make you the owner.
Tamas Blummer
On Jan 20, 2015, at 6:23 PM, Matt Whitlock <bip@mattwhitlock•name> wrote:
>
> If you have the private keys for your users' bitcoins, then you are every bit as much the owner of those bitcoins as your users are. There is no custodial relationship, as you have both the ability and the right to spend those bitcoins. Possession of a private key is equivalent to ownership of the bitcoins controlled by that private key.
[-- Attachment #1.2: Type: text/html, Size: 1843 bytes --]
[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 496 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
2015-01-20 17:44 ` Tamas Blummer
@ 2015-01-20 17:47 ` Matt Whitlock
2015-01-20 17:49 ` Peter Todd
2015-01-20 17:56 ` Tamas Blummer
0 siblings, 2 replies; 14+ messages in thread
From: Matt Whitlock @ 2015-01-20 17:47 UTC (permalink / raw)
To: Tamas Blummer; +Cc: bitcoin-development
On Tuesday, 20 January 2015, at 6:44 pm, Tamas Blummer wrote:
> Knowing the private key and owning the linked coins is not necessarily the same in front of a court.
>
> At least in german law there is a difference between ‘Eigentum' means ownership and ‘Besitz’ means ability to deal with it.
> Being able to deal with an asset does not make you the owner.
So what we're telling the newbies in /r/bitcoin is plain wrong. Bitcoins *do* have an owner independent from the parties who have access to the private keys that control their disposition. That's pretty difficult to reconcile from a technological perspective.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
2015-01-20 15:46 [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships Peter Todd
[not found] ` <CAHpxFbEoDLMGKB7arHbgB+4kx8BwgcX7nBUZz6yP9k4LjZeu1A@mail.gmail.com>
2015-01-20 17:23 ` Matt Whitlock
@ 2015-01-20 17:47 ` Justus Ranvier
2015-01-20 18:48 ` Tamas Blummer
2015-01-20 21:49 ` Roy Badami
3 siblings, 1 reply; 14+ messages in thread
From: Justus Ranvier @ 2015-01-20 17:47 UTC (permalink / raw)
To: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 2619 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/20/2015 03:46 PM, Peter Todd wrote:
> But ultimately we're not going to know until court cases start
> happening. In the meantime probably the best advice - other than
> getting out of the wallet business! - is to do everything you can
> to prevent losses through malicious auto-updates. Create systems
> where as many people as possible have to sign off and review an
> update before it has the opportunity to spend user funds. Not
> having auto-updates at all is a (legally) safe way to achieve that
> goal; if you do have them make sure the process by which an update
> happens is controlled by more than one person and there are
> mechanisms in place to create good audit logs of how exactly an
> update happened.
>
> Finally keep in mind that one of the consequences of a custodial
> relationship is that some legal authority might try to *force* you
> to seize user funds. StrongCoin made it 100% clear to authorities
> that they and sites like them are able to seize funds at will - I
> won't be surprised if authorities use that power in the future. The
> more automatic and less transparent an update is, the higher the
> chance some authority will lean on you to seize funds. So don't
> make it easy for yourself to meet those demands.
One suggestion you didn't mention was jurisdictional arbitrage - don't
be located in the same country as the majority of your users.
Or, from the other perspective, users should be strongly encouraged to
get their wallet software from companies/organizations not located in
the same country as them.
- --
Justus Ranvier | Monetas <http://monetas.net/>
<mailto:justus@monetas•net> | Public key ID : C3F7BB2638450DB5
| BM-2cTepVtZ6AyJAs2Y8LpcvZB8KbdaWLwKqc
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJUvpSqAAoJECpf2nDq2eYj0oQQAI62vLPzFrkLZoRw3bIw5GWt
6L8dpLUviRS7ZaQlNB49TT4L4Ky+MJ1PxaHwb4YPxrVcCWDLiJb51CtODduF/9rR
8N4xoQuf/6DhsBHWJE8NDwP+9JUOlY23xdSe/BlLz9N1Ql/EV0HTCu28A9xbhK1L
QHgwX3p5/ZCJo7PCARF3o+EZOif5MsA4MdQ11HhyFWN/fgww9AVOIg/0m+tIqkjR
yoOzFww4AejC7nxi+Q+elljpvp2Q/Nv8cVOVlp9l4+f9P7sg0em9YUCE+iAxoZTT
7b9soUXFUjWlxFITR5RnjlDUnmra9QhBIhogBQbLelt/vdoRInz+kXxroR2x3uKh
EJoet2czRB1oiRKHE4iSAv+1pnavQJDVo5/mUMzeM15zCnQ16Mfu9aOpqvijK0cw
u67E4IAPJ2PmUy4sPPJ/4H4FPLmJrSUkLxxzq/4prmLLmeZZvPwjavnULHir4jyG
aaxFqMkbeJSeK3hLk7hnlrwpQRAEq7om+EpQ7fAx1lmEoA3eOHaeclh7/XzDwIB4
AK/jX+1ylhGvfuKNzwTQVX8dEzaHRwLAfLfHUNnP80WhBzH5ODicwcOwwOanL6/A
qgqwDSSB/Q5aj3VsThQ+PR81u/wA5t/Av9+Wn/g+AEMyzCnJcnHxDe41ZEn4UzYY
+RAX1P8yzF/M2ZQUeMLh
=G0GE
-----END PGP SIGNATURE-----
[-- Attachment #2: 0xEAD9E623.asc --]
[-- Type: application/pgp-keys, Size: 17528 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
2015-01-20 17:47 ` Matt Whitlock
@ 2015-01-20 17:49 ` Peter Todd
2015-01-20 17:56 ` Tamas Blummer
1 sibling, 0 replies; 14+ messages in thread
From: Peter Todd @ 2015-01-20 17:49 UTC (permalink / raw)
To: Matt Whitlock; +Cc: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 1000 bytes --]
On Tue, Jan 20, 2015 at 12:47:04PM -0500, Matt Whitlock wrote:
> On Tuesday, 20 January 2015, at 6:44 pm, Tamas Blummer wrote:
> > Knowing the private key and owning the linked coins is not necessarily the same in front of a court.
> >
> > At least in german law there is a difference between ‘Eigentum' means ownership and ‘Besitz’ means ability to deal with it.
> > Being able to deal with an asset does not make you the owner.
>
> So what we're telling the newbies in /r/bitcoin is plain wrong. Bitcoins *do* have an owner independent from the parties who have access to the private keys that control their disposition. That's pretty difficult to reconcile from a technological perspective.
The law concerns itself with what should be done, not what can be done.
Bitcoin the technology doesn't have a concept of "ownership" - that's a
legal notion, not a mathematical one.
--
'peter'[:-1]@petertodd.org
00000000000000001a5e1dc75b28e8445c6e8a5c35c76637e33a3e96d487b74c
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
2015-01-20 17:47 ` Matt Whitlock
2015-01-20 17:49 ` Peter Todd
@ 2015-01-20 17:56 ` Tamas Blummer
1 sibling, 0 replies; 14+ messages in thread
From: Tamas Blummer @ 2015-01-20 17:56 UTC (permalink / raw)
To: Matt Whitlock; +Cc: bitcoin-development
[-- Attachment #1.1: Type: text/plain, Size: 887 bytes --]
I am not a lawyer, just thinking loud.
I think that technology is a strong argument before court, but I suspect that it is just that, as of now.
Tamas Blummer
On Jan 20, 2015, at 6:47 PM, Matt Whitlock <bip@mattwhitlock•name> wrote:
> On Tuesday, 20 January 2015, at 6:44 pm, Tamas Blummer wrote:
>> Knowing the private key and owning the linked coins is not necessarily the same in front of a court.
>>
>> At least in german law there is a difference between ‘Eigentum' means ownership and ‘Besitz’ means ability to deal with it.
>> Being able to deal with an asset does not make you the owner.
>
> So what we're telling the newbies in /r/bitcoin is plain wrong. Bitcoins *do* have an owner independent from the parties who have access to the private keys that control their disposition. That's pretty difficult to reconcile from a technological perspective.
>
>
[-- Attachment #1.2: Type: text/html, Size: 1680 bytes --]
[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 496 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
2015-01-20 17:47 ` Justus Ranvier
@ 2015-01-20 18:48 ` Tamas Blummer
2015-01-20 19:31 ` Justus Ranvier
2015-01-20 21:33 ` odinn
0 siblings, 2 replies; 14+ messages in thread
From: Tamas Blummer @ 2015-01-20 18:48 UTC (permalink / raw)
To: Justus Ranvier; +Cc: bitcoin-development
[-- Attachment #1.1: Type: text/plain, Size: 297 bytes --]
Justus,
In contrary.
Not being in the jurisdiction of the wallet provider makes it harder for the user to reclaim funds taken by the wallet provider.
The legal hurdle to force confiscation through a wallet provider might also be lower if the target user is not domestic.
Tamas Blummer
[-- Attachment #1.2: Type: text/html, Size: 968 bytes --]
[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 496 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
2015-01-20 18:48 ` Tamas Blummer
@ 2015-01-20 19:31 ` Justus Ranvier
2015-01-20 21:33 ` odinn
1 sibling, 0 replies; 14+ messages in thread
From: Justus Ranvier @ 2015-01-20 19:31 UTC (permalink / raw)
To: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 1320 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/20/2015 12:48 PM, Tamas Blummer wrote:
> The legal hurdle to force confiscation through a wallet provider
> might also be lower if the target user is not domestic.
Depending on the threat model, the incentive to force confiscation
might also be lower.
- --
Justus Ranvier | Monetas <http://monetas.net/>
<mailto:justus@monetas•net> | Public key ID : C3F7BB2638450DB5
| BM-2cTepVtZ6AyJAs2Y8LpcvZB8KbdaWLwKqc
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJUvq0CAAoJECpf2nDq2eYjr9kP/RWEg8Az43T+7qMFnrk37+y/
0pyEQ/zisao1d0LouxyGFu704U8Qayk96hUu+2GAQpS8hHVA0CmDW8E1hqKG2nGl
MTTQYp7932NY2NysIvNaQDhVErZZFqMpPYCnsSrnwUrygh+QjWAI8nvrrcgprG5/
zybzs5IJjFQ7QwYJ92D01shkqQJLYYspp2ME3z97AwPCBanN8eG4Iji/V8/aJqcZ
ZqF7yUjAySVUOUzR+Vju1C7N1i9MHzIG9vZA/jkaCiqZ8bvyQTm9LwSK3quoxGAB
lTplIwKjWsEvs0nm0RyurcPIWq1ppfPiWCaMCNDA5Byz3mJbSrRW5ErFgBtpYkgw
CF+WqoWU8fajQjqd8xcsKJmVyQqk4dUWXJQLGnd6pC3DCZGOPhr+6674vgmEQG5A
bXoBAtJfAJkxkDGEsngs4EBGc08iy+t6tJUh7+wI/La8xulM5BgJkQRTnL4Hn6KS
pcgYV9JP1BWMB4fkdL81mKnG98BJ98pj019C0nuPYQtSA0rUsWG9d3NYDPe87I+K
7UJ6NlNxTLxnS7nhr8Wk9UdqkFMsCQxF/RFR6I9vCQ/FMSD+i1786I72kkyf4cWJ
4ZssTX3yo6pN/faU2cBk84PQlA2ziARXqO+jzbxVR7AFpT2BESUtBdirh1CPEMfR
piBBTr6I86R2bpZYv046
=pJvU
-----END PGP SIGNATURE-----
[-- Attachment #2: 0xEAD9E623.asc --]
[-- Type: application/pgp-keys, Size: 17528 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
2015-01-20 18:48 ` Tamas Blummer
2015-01-20 19:31 ` Justus Ranvier
@ 2015-01-20 21:33 ` odinn
1 sibling, 0 replies; 14+ messages in thread
From: odinn @ 2015-01-20 21:33 UTC (permalink / raw)
To: bitcoin-development
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Um ~ "jurisdiction of wallet provider?"
If that's the (perhaps ot) bit you want to run on this thread then my
comments are:
Get out of web wallet businesses now. It's not a jurisdictional
question anymore, although I think there used to be very valid long
running debates on where it would be best to do business. Now it just
feels like you will be bouncing from one place to another -
determining where your exit is as soon as you establish a (physical)
presence, because jurisdictions sense a serious threat from the
advancement of financial cryptography as it will evolve in the next
several years. So you have to be mobile, or do something like what
they are establishing at blueseed (see http://blueseed.com which is
just off coast of San Francisco). Please perk up and don't just swipe
to delete, read the whole e-mail. There are some configurations (e.g.
the zero knowledge bit) you can do to mitigate the issues but if you
are asking users to log in and log out of a service that relies on a
web site then in the end you doom them (and any service you provide)
to mandatory storage of customer data and ultimately loss of customer
resources due to identification of the customer.
I think you need to stop quibbling about the details and just get over
it and understand that the problem of web wallet users and
corporations that serve web wallet customers being forced to give up
information constantly to governments means that web wallets are
certainly no longer a viable solution. And post-cromnibus with the
extra financial surveillance provisions now passed on 3rd party
matters, it's even worse. This is not subject to debate, it's just a
fact. Period. Web wallet corps exist now only on a model that exists
to burn the users. Convenient? Yes. But is it good for the users in
the long haul? Absolutely not. Do alternative to the web wallets
exist? Absolutely.
Back off.. Go to p2p. Stop advocating for webby solutions. In fact,
I don't think that anyone working for coinbase or bitpay should be,
anymore. I think that on principle you should withdraw and end your
employment from such services.
Core? Good. Electrum Wallet? good. Mycelium? Local Trader? Open
Bazaar? Could be better, but great. These are the kind of things we
need. No signups, avoids centralizations, no grabbing your data, no
ID collection and requirements.
As to the issue of auto-updating itself... I think the simplest answer
to this question (personally) is that (go ahead and attack me here)
there shouldn't be auto-updates... but that there should be
auto-notifications for update when (a) update is available, but that
(b) this notification should never "push" the user to update (e.g. the
notification should never say "oh hey user if you don't update by such
and such a date, your wallet will not work or satoshis will die
because of your inaction"
(stays quiet while likely 100-e-mail thread is spawned from this)
- -O
Tamas Blummer:
> Justus,
>
> In contrary.
>
> Not being in the jurisdiction of the wallet provider makes it
> harder for the user to reclaim funds taken by the wallet provider.
> The legal hurdle to force confiscation through a wallet provider
> might also be lower if the target user is not domestic.
>
> Tamas Blummer
>
>
>
> ------------------------------------------------------------------------------
>
>
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in
> Ashburn. Choose from 2 high performing configs, both with 100TB of
> bandwidth. Higher redundancy.Lower latency.Increased
> capacity.Completely compliant. http://p.sf.net/sfu/gigenet
>
>
>
> _______________________________________________ Bitcoin-development
> mailing list Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
- --
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJUvsnBAAoJEGxwq/inSG8CGekIAJH4lUdk81sVfQqxZ4sKOKFM
5iAvCD4JNuV+xcCZBiNNr1GxIZEVoDRQYupo7wB1A5uGW+STLHDGsEMuDNyiOcNl
oSsJQFZJabxL7dIn8g89Gw+8J8LtYKEkHHZLk5J5QF0DkRljXjEcOV4KL6WXhdl5
ToV01POMUBbSJsQt2lLznmCvQ+4QW5/GJ9Hk04HIub+kzuil0R23CgRH9QFevC9S
2/RT3NnfGFu+jU5+K/o8RbuUuzExq94x4w266IEmJc0NsLHxnxsg2PefabQbfdzp
P7FU7+D9NsIOaBGTXnQK80kpgRCJ49Gf9HXHKFYg2KCFuqgJYa8DnHm1Xlfo7DQ=
=yS8H
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
2015-01-20 15:46 [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships Peter Todd
` (2 preceding siblings ...)
2015-01-20 17:47 ` Justus Ranvier
@ 2015-01-20 21:49 ` Roy Badami
3 siblings, 0 replies; 14+ messages in thread
From: Roy Badami @ 2015-01-20 21:49 UTC (permalink / raw)
To: Peter Todd; +Cc: bitcoin-development
> Why is this? Well, in most jurisdictions financial laws a custodial
> relationship is defined as having the ability, but not the right, to
> dispose of an asset.
So if I leave my window open while I'm out and there's some cash on my
desk, visible from the street, then every passer by now has a
custodial relationship with me?
Your example of a malicious software update seems more akin to a theft
like that (which is clearly not a custodial relationship) rather than
a true custodial relationship.
roy
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2015-01-20 21:50 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-20 15:46 [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships Peter Todd
[not found] ` <CAHpxFbEoDLMGKB7arHbgB+4kx8BwgcX7nBUZz6yP9k4LjZeu1A@mail.gmail.com>
2015-01-20 17:15 ` Peter Todd
2015-01-20 17:23 ` Matt Whitlock
2015-01-20 17:40 ` Peter Todd
2015-01-20 17:44 ` Matt Whitlock
2015-01-20 17:44 ` Tamas Blummer
2015-01-20 17:47 ` Matt Whitlock
2015-01-20 17:49 ` Peter Todd
2015-01-20 17:56 ` Tamas Blummer
2015-01-20 17:47 ` Justus Ranvier
2015-01-20 18:48 ` Tamas Blummer
2015-01-20 19:31 ` Justus Ranvier
2015-01-20 21:33 ` odinn
2015-01-20 21:49 ` Roy Badami
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox