Posts

Showing posts from March, 2018

E-mail and phone are critical attack verctors when associated with your online accounts

I think that there should be no e-mail associated with accounts. Email accounts are another point of failure and attack vector. Also phone numbers should not be associated with accounts, this is a huge security flaw . The best way to secure an account is with long passphrase, non-phone-number 2FA (with Google Authenticator or hardware device using public key cryptography) and/or PGP key. Passphrase recovery should not be possible or really hard and uncomfortable (you need to fly to the office in person with your passport and 3 witnesses + 1 year waiting period).

Why regulated and 'legal' exchanges will not use Lighting Network

Image
The proposed Lightning network has each node performing routing for any participant on the network. A licensed exchange cannot transmit money for anyone without KYC/AML. So either exchanges won't use Lightning, or they're demand that anyone that wants routing must have KYC/AML. If Lightning can circumvent KYC/AML, then that will exclude exchanges and payment processors and anyone else that, you know, obeys the law, from using LN; and since the vast majority of buyers and holders buy on Coinbase, Bitstamp and other regulated exchanges, and since the vast majority of merchants use Bitpay and other regulated merchant gateways, and since your local coffee shop doesn't want to be in the clandestine Lightning Hub business any more than they want to be an illegal credit card processing gateway or uninsured mobster credit union, that Lightning is basically a non-starter for most use legal, typical cases. Before anyone says "yeah but" the answer is no, this is nothing
[ad removed]