Wallet Developers Express Security Concerns Over BitPay’s Payment Protocol Policy

Source From https://bitcoinmagazine.com/articles/wallet-developers-express-security-concerns-over-bitpays-payment-protocol-policy/


On December 14, 2017, BitPay announced a first step toward enforcing the payment protocol: All orders of the BitPay Card will require payments from Payment Protocol-compatible wallets, such as BitPay’s own wallet and a few others. This announcement came after an initial notice in November 2017, when BitPay first announced that BitPay invoices would soon require payments from wallets compatible with the Bitcoin Payment Protocol.

BitPay’s move has since been met with resistance by some wallet developers that don’t support the Bitcoin Payment Protocol; some are suggesting that BitPay is abusing its leading position in the payment processing space and putting user security at risk.

“We absolutely do not support BitPay in aggressively using their dominant position of market share to bully wallet providers into supporting their business plans or bully users into a system that degrades their privacy and the fungibility of bitcoin as a whole,” stated bitcoin wallet Samourai in its blog post of January 2, 2018.

The Bitcoin Payment Protocol (BIP70), proposed by Gavin Andresen and Mike Hearn in 2013, describes a protocol for communication between a merchant and their customer, “enabling both a better customer experience and better security against man-in-the-middle attacks on the payment process.” A detailed explanation of the details of the payment protocol, written by Mike Hearn in Q/A format, is available on the Bitcoin forum.

According to BitPay, the Payment Protocol will reduce user error in bitcoin payments, such as payments sent to a wrong address or with a transaction fee that is too low for fast processing by the Bitcoin network.

“We answer thousands of customer support requests every month, and we see first-hand how these problems affect BitPay merchants and their customers,” notes BitPay, adding that if two wallets both “speak” Payment Protocol, the correct receiving bitcoin address and the correct sending amount are locked in automatically by creating an SSL-secured connection to the true owner of the receiving bitcoin address. Instead of cryptic Bitcoin addresses, the protocol uses human readable identifiers, which are then mapped to Bitcoin addresses.

“Our next step will be requiring Payment Protocol payments for all BitPay Card loads,” stated BitPay. “From there, we will move to require Payment Protocol for all BitPay invoices … We continue to work with other wallet providers in the Bitcoin ecosystem to advance adoption of the Bitcoin Payment Protocol. We’re encouraged by the response we have received. Widespread adoption of Payment Protocol will immediately improve the bitcoin payment experience.”

According to a list provided on the BitPay website, Copay, Mycelium and Electrum wallets, along with Bitcoin Core, support Payment Protocol payments. “These true bitcoin wallets all already ‘speak’ Payment Protocol,” stated BitPay. “If you are using a non-Payment Protocol wallet or service to pay BitPay invoices, you will need to move your spending bitcoin to a wallet or service which can support Payment Protocol. We strongly recommend that you use a true bitcoin wallet for spending to avoid delayed transactions, but you will be able to use any service compatible with Payment Protocol.”

This list, however, is out-of-date. Bitcoin Magazine reached out to several other wallets to verify their status.

“Our currently released app Airbitz does support BIP70 and has since 2015,” Paul Puey, Co-Founder and CEO of AirBitz (recently rebranded as Edge), told Bitcoin Magazine. “Edge Wallet (currently in beta) will support BIP70 in a future production version.” BitPay currently lists Airbitz as not supporting BIP70.

Bread also has supported BIP70 since 2015, contrary to information supplied on BitPay’s list.

Security Concerns

One of the most outspoken opponents of this policy shift has been Samourai Wallet.

“We have to be very clear here,” Samourai stated bluntly in its recent blog post. “Samourai Wallet will not support BIP70 in our products, therefore, our wallet users will NOT be able to send bitcoin to QR codes generated by BitPay invoices, as they do not provide a valid Bitcoin address.”

According to Samourai, BIP70 “remains largely unadopted by the majority of wallet and service providers” due to many security and privacy concerns, including the required support of legacy public-key infrastructure features with known vulnerabilities, such as OpenSSL and Heartbleed.

Indeed, the recent revelations about Meltdown and Spectre have created additional security concerns among some critics.

Meltdown/Spectre greatly increase the risk of keys being stolen from memory,” James Hilliard, developer and MyRig engineer, told Bitcoin Magazine, “since they are side-channel attacks that allow processes to spy on the memory other processes (wallet private keys generally have to go into memory at some point in order to sign the transaction).”

“We do share some of the concerns but do not feel as strongly as Samourai Wallet,” said Puey. “In the case of the acquisition of a payment QR code from a website, one is already trusting SSL public key infrastructure to know that a public address is from the owner. Adding BIP70 to that makes it no worse. However, if one is doing a peer-to-peer transaction between two wallets that are physically next to each other, there is no need to rely on an https server query to obtain a public address, and that process absolutely introduces more risk than necessary.”

Many bitcoin wallets, including Coinbase and Jaxx, don’t support BIP70 at the moment. Others, like Airbitz and its upcoming Edge, support BIP70 but less enthusiastically than BitPay.

Addison Cameron-Huff is President of Decentral, the company that develops the Jaxx wallet. Referring to BitPay’s statement that BIP70 does for Bitcoin what secured web-browsing (HTTPS) did for the internet, he told Bitcoin Magazine, “I think BitPay is overstating the case for BIP70. It’s also a bit misleading to refer to BIPs as ‘standards,’” adding that the “BIP” acronym stands for “Bitcoin Improvement Proposal,” not “Bitcoin Improvement Standard.”

“Not showing addresses is a big change in how people use Bitcoin, and, as of January 2018, I think it’s premature to force this change ecosystem-wide, but BitPay is only insisting upon this for people who want to use BitPay,” continued Cameron-Huff. “We’ll see over the coming months how this change affects their user base and whether alternative payment processing firms win marketshare (or don’t). Ultimately, the cryptocurrency world is one in which the best products and proposals tend to win out in the market, and only time will tell whether this was a good decision for BitPay and more importantly: a good decision for the Bitcoin community.”

“We have had multiple conversations with BitPay and have expressed our concerns with the BIP70 protocol including unnecessary complications that do not truly solve the problems presented,” said Puey. “We feel that extensions to the BIP21 spec could have been implemented that would have achieved the same goals that BitPay desired without the added complications, centralization or SSL security implications.”

“While we intend to continue supporting BIP70 we do NOT recommend that providers use it or require it to receive payment and instead pursue extensions to BIP21 instead,” concluded Puey. “We have experienced a multitude of issues with BitPay’s support of BIP70 including their own servers being unable to provide payment information through the provided payment URL causing wallets to fallback to BIP21-style payments if capable.”

Future Adoption

Bread wallet CMO Aaron Lasher told Bitcoin Magazine that while Bread already supports BIP70, the company has plans to “make it work with BitPay in an upcoming release.” He emphasized that it will be important to maintain the wallet’s core functionality and ensure that its high level of privacy remains.

“Bread is a consumer-focused wallet, so we support anything at face value that improves or simplifies the user experience, provided we are able to maintain sufficient privacy and financial control on behalf of our users.”

Similarly, Cameron-Huff explained that while Jaxx doesn’t currently support BIP70, if BIP70 becomes an actual widely adopted standard, then Jaxx will enable it for users.

“We will be keeping an eye on this change with BitPay and other large blockchain ecosystem organizations,” concluded Cameron-Huff. “We are always looking to improve Jaxx but also have to balance this with not forcing changes upon our users or implementing hasty changes that might cause a negative experience for our 600,000 users.

A representative from the hardware wallet Ledger told Bitcoin Magazine, “We do not plan yet to support BIP70 directly in our wallet as it’d only make sense if we could offer an end-to-end support to the hardware wallet which is not doable yet, considering the complexity of this protocol.”

Ledger added that it might support it through a translating gateway later in the future while keeping users aware of the extra risks. Like Airbitz/Edge, the company expressed a preference for BIP21.

“Security wise, we also believe that BIP70 is not in a great state today (not supporting ECDSA certificates, duplicating standard PKI issues where users have to authenticate possible rogue certificates, possibly forcing public authentication cookies on users through specific outputs) and would appreciate if all payment providers could keep offering regular BIP21 URLs for interoperability.”

The post Wallet Developers Express Security Concerns Over BitPay’s Payment Protocol Policy appeared first on Bitcoin Magazine.

Continue Reading

New Partnership Brings Dash Cryptocurrency to 10,000 Retailers in Spain

Source From https://coinjournal.net/new-partnership-brings-dash-cryptocurrency-10000-retailers-spain/

Privacy-focused cryptocurrency Dash has signed a partnership with Spanish startup Bitnovo to bring the cryptocurrency to 10,000 retailers throughout Spain. The partnership will allow consumers to purchase Dash in stores through coupons and in selected Carrefour and Media Markt outlets through the purchase of gift cards. “During the past months we were thinking which cryptocurrencies […]

This post New Partnership Brings Dash Cryptocurrency to 10,000 Retailers in Spain first appeared on Coinjournal.

Continue Reading

Crypto Euphoria As Lemonade Making Company Buying Bitcoin Miners

Source From https://cointelegraph.com/news/crypto-euphoria-as-lemonade-making-company-buying-bitcoin-miners

Lemonade and iced tea maker changes name, sees huge stock jump, and promises to buy Bitcoin miners in apparent Blockchain euphoria.

A former iced tea and lemonade manufacturing company, Long Island Iced Tea, is investing in Bitcoin mining machinery. This move comes after the company watched its stock price jump 500% following a name change to Long Blockchain. The company made the name change two weeks ago, capitalizing on the Blockchain euphoria sweeping the globe.

The company has announced that it will offer 1.6 mln shares at $5.25 per share, hoping to raise $8.4 mln. The company’s press release indicated that the stock sale would allow the company to move into the Bitcoin mining business.

"The Cryptocurrency mining equipment expected to ship in January 2018 for immediate deployment in experienced Nordic Data Center. This mining equipment is manufactured by Bitmain. Agreement with certain third parties to purchase 1,000 Antminer S9 mining rigs and 1,000 APW3++ PSUs.”


Other companies have also seen massive stock price increases on relatively unimpressive news related to cryptocurrencies. For example, Longfin, a small cap stock, recently exploded in value – rising more than 1,300 percent – after announcing it would buy a defunct cryptocurrency.

Other industry experts agree that euphoria is gripping the industry, though they see the potential for real Blockchain use cases to continue to gain momentum. Dominik Schiener Co-Founder of IOTA told Cointelegraph:

"The entire market as it stands today, is in a bubble with more than a few dozen projects having reached unicorn valuation. This obviously won't last long, as 2018 will be a year where we will see a major consolidation happening, with every project having to prove its merit not just to the market, but also to the public. After all, only the projects with real-world adoption and true value will prevail."

Continue Reading

Analysts Point to Regulatory Vacuum as Driving Australian Cryptocurrency Banking Woes

Source From https://news.bitcoin.com/96866-2/

Analysts Point to Regulatory Vacuum as Driving Australian Cryptocurrency Banking Woes

There are increasingly publicized challenges posed to the Australian cryptocurrency industry by the country’s ‘big four’ banks’ refusal to provide financial services to crypto companies. Many analysts are speculating that the issue will become the catalyst for the development of detailed regulations for the virtual currency era, arguing that the opaque nature of the current legislative apparatus pertaining to cryptocurrencies is to blame for Australia’s bitcoin banking embargo.

Also Read: Australian Freeze: Big Aussie Banks Denying Bitcoiners

 Many Australian Cryptocurrency Brokers Have Recently Suspended Their Services, Blaming Local Banks for Refusing to Provide Financial Services to the Industry

Analysts Point to Regulatory Vacuum as Driving Australian Cryptocurrency Banking WoesLast month, Coinspot became the most high profile Australian crypto brokerage to suspend its services, criticizing the nation’s banks for the being “unwilling to work” with the cryptocurrency industry. The company claims to have persistently experienced “frequent account closures” and the imposition of “strict limits” on their bank accounts.

Said complaints have been echoed by a myriad of Localbitcoins vendors, with Coindance data indicating that P2P trade via the platform more than halved for the week of the 30th of December when compared with the preceding week.

Australia’s Leading Banks Have Sought to Dismiss Accusations of a Banking Embargo Targeting Bitcoin Businesses

Analysts Point to Regulatory Vacuum as Driving Australian Cryptocurrency Banking WoesIn response to enquiries regarding the policies of the big four banks with regard to the cryptocurrency industry, Australia’s banks have largely downplayed and avoided the issue.

A representative of the Commonwealth Bank of Australia is reported to have stated that its customers “can interact with these currencies as long as they comply with our terms and conditions and all relevant legal obligations.” The spokesperson added that “Commonwealth Bank is receptive to innovation in alternative currencies and payment systems, however, we do not currently use or recommend any existing virtual currencies as we do not believe they have yet met a minimum standard of regulation, reliability, and reputation compared to other currencies that we offer to our customers.”

A representative of National Australia Bank (NAB) similarly stated that the bank “does not have a policy to deny customers the right to purchase bitcoin,” whilst a spokesman from Australia and New Zealand Banking Group (ANZ) stated that it “does not prohibit customers buying digital currencies.” A spokeswoman for Westpac stated “Westpac has controls in place to actively verify the identity of our customers and monitor the activities of those customers. Where we cannot verify the origin of transfers, we may act to ensure we comply with Australia’s anti-money laundering obligations.”

Industry Representatives Weigh In

Analysts Point to Regulatory Vacuum as Driving Australian Cryptocurrency Banking WoesAdam Poulton, president of the Blockchain Australia Association, recently discussed the hurdles facing Australia’s cryptocurrency industry with local media, arguing that the recent dramatic influx of new crypto investors has likely contributed the banks’ hesitation to work with virtual currency businesses.

“The volumes have grown so quickly…It’s raised a lot of red flags with the banks. They’re just seeing hundreds of thousands of dollars per day, and they’re like ‘What’s going on here? It looks like fraudulent activity, so we’ll just suspend things for a little while’.”

Adrian Lee of the University of Technology Sydney has also weighed in on the issue, stating “There’s this murky issue of you buying something that doesn’t have any regulatory backing, and can be transferred off to do something else.”

Do you think the industry needs greater regulatory clarity to help Australian institutions partner with cryptocurrency businesses? Share your thoughts in the comments section below!

Images courtesy of Shutterstock

Want to create your own secure cold storage paper wallet? Check our tools section.

The post Analysts Point to Regulatory Vacuum as Driving Australian Cryptocurrency Banking Woes appeared first on Bitcoin News.

Continue Reading

How Initial Bounty Offering Can Help the Unbanked, Explained

Source From https://cointelegraph.com/explained/how-initial-bounty-offering-can-help-the-unbanked-explained

Initial Bouty Offering help people participate in a token sale from every point in the world without initial payment.

What is an Initial Bounty Offering?

It’s an incentivized framework.

Initial Bounty Offerings, or IBOs, are a structured way to crowdsource human resources, business development, marketing, and user acquisition. They offer network tokens in exchange for contributions to the ecosystem. This allows a blockchain organization to expand its reach as well as crowdsource from a large pool of people worldwide to complete tasks or projects.

An IBO can offer bounties for services, user inputs, products and any other work the platform needs to grow. They can be calculated using real-world raw costs and inputs or by standards set out by network founders.

What are the types of bounties are out there?

There are multiple types.

Depending on the participants’ skill sets and resources, they can be:

  • Bounty Hunters. Individuals who actively complete bounties and claim token rewards during the Initial Bounty Offering period.
  • Benefactors. Individuals who choose to support a project’s mission purchasing a certain amount of bounties and receiving tokens in return.
  • Builders. People who participate in the bounty offering by building products and services the platform requires to live long and prosper.
  • Users. Users of the network who sign up during the IBO period and receive a nominal amount of initial tokens to use towards payment for services.
  • Promoters. Partners, organizations, and individuals who claim promotion-based bounties that advertise and market the U.CASH platform.

Partners. External networks and platforms, such as exchanges, wallets, payment processors and others are rewarded with tokens for integrating into the network.

What do you do with them once you pay for them?

Decide for yourself.

Once paid, holders of bounty tokens then decide on their own what they want to do with them: exchange them in the open market for cash or digital currency, use them to pay for goods and services inside the network or hold onto them for future use.

Those who want to participate but aren’t interested in completing bounties themselves, though, can become “benefactors”. A benefactor pays the value of a bounty to the organization, which allows the organization itself to hire others to complete it.

Why an IBO and not an ICO?

Participation, distribution network growth.

Since the ICO market cap is fairly small compared to the entire cryptocurrency market, large buyers can easily manipulate an ICO and provide unfair benefits to a small group of people at the expense of the rest of the community. If these buyers are quick to the market, they can buy up the vast majority of tokens in minutes, cutting out the average user as well as adversely affecting the future of that token.

ICOs are also only available to those who have the capital to invest and cryptocurrencies to process investments. By its very nature, this excludes a large portion of the world’s population. An estimated two billion adults are considered “unbanked” – that is, they lack access to financial institutions that most of us take for granted. Many of them, however, do have internet access, which makes them ideally suited for getting involved in the world of cryptocurrency. By distributing tokens through an IBO model, it allows those without the financial means to get involved and contribute in other ways.

What is the current state of the traditional banking system?

Expensive, non-transparent and non-inclusive.

Traditional banking services are slow in their ability to innovate and adapt. That’s why they have had issues quickly growing, technologically savvy populations in the developing world. At the same time, small entities usually provide financial services with high regulatory and maintenance costs, closed-source APIs, expensive hardware and software modules and intense security. This always ends up with high transaction costs, complex procedures, and delays.

Over 2 billion adults don’t have access to formal financial services (access to loans, sending and receiving funds, secure asset holdings, etc.). They are mostly based in countries with developing economies such as Africa, the Middle East, East Asia and the Pacific region. Underdeveloped banking infrastructure, high costs of financial services, lack of proper government identification – these are, along with low income, frequent civil conflicts and wars are all contributing factors to the limited banking presence outside major urban centers in those economies.

How can blockchains and IBOs provide financial inclusion?

A peer-to-peer financial services network might help.

IBOs are used as a method to distribute network tokens and incentivize participation. Network tokens are universal access keys which give users access to services on the network as well as advanced functionalities.

By providing tokens in an IBO format, rather than through an ICO, anyone who has access to the internet can become a part of the ecosystem in exchange for their expertise.

Pairing the IBO format with a blockchain-based financial platform and digital asset converter network can take things one step further. Platforms, such as U.CASH, can convert fiat money into secure holdings of digital assets from different points of the world. They can also offer access to a wide range of digital currency services (buy, sell, trade, and store digital/virtual currencies such as Bitcoin, Ethereum and others), financial services (loans, bill payments, remittance and foreign exchange), legal and human services (notarization, escrow and identity).

How does that work?

Let’s see.

Converters allow users to load and unload money onto the platform in local currency. They can be retail converters (money service businesses, commercial stores, and retail shops), individual mobile converters (who can meet with users to do in-person conversions) or online converters (who provide remote services such as online deposits and transfers). Converters set their service offering details such as fees, operating hours, user verification levels and can take advantage of built-in accounting and integrated compliance systems.

Through the U.CASH platform, people from different regions of the world will be able to access financial services, and through the IBO model, they won’t need to possess cryptocurrencies to do that.

To find out how it works go here.

Continue Reading

In Search of a Complete Guide to Initial Coin Offerings

Source From http://cryptscout.com/news-portal/?id=20&ref=2104&utm_source=RSS&utm_medium=rss&utm_campaign=news-portal

Interest in cryptocurrencies is at a fever pitch with untold numbers of token projects taking place every month. Initial coin offerings ICOs have yielded north of $1 billion in 2017, making this, clearly, the year of token launches.In Q3 alone, ICOs captured more than $1.3 billion for related ventures. This is estimated to be five times more than all of the venture capital funding raised in the blockchain industry.Amid this sea of activity, the average investor is left to stumble around aimle

Continue Reading