There is a huge emphasis on privacy with a lot of new coins but I do feel that a lot of coins focus on a single issue and leave the overall business and usability aspect out. How do these newer coins fare?
My first impression is why doesn’t the non-www version work while the www version does? Does their team not know how to properly configure nginx or is it just a simple mistake and oversight?
They call their encryption ENIGMA which I am not sure is a joke or if they aren’t aware of the ENIGMA encryption box in Germany that was compromised during WWII? I would more so be worried that it is a read between the lines joke or a hint that the team is doing something more than they claim? Sorry but I just can’t get over the fact that they would not know about the Enigma box from Germany that was decoded.
For my second point I do like the privacy aspects but this is where I have concerns. On one head they tout privacy, but then to have more privacy they obfuscate transactions by using other clients wallets? Why would you allow a third-party and random strange to process or handle any part of the transaction? I do realize they say it is fully encrypted and obfuscated so the random third party stranger on the network shouldn’t know anything about you or your transaction, but to me it violates the principle of privacy and security. It reminds me of how everyone believed the TOR network is a good idea and secure, but in reality whoever runs an exit node can spy on other users, including the NSA. This architecture of Cloak makes me worried that a vulnerability could be found and that privacy could be worse than most other Bitcoin-style coins. Even if a simple vulnerability was not found, you are essentially passing private information to random strangers on the network, the NSA or other large funded organizations could use this to spy on other users or even perhaps modify transactions and create chaos on the network.
I also find it confusing how they say it is private but you have to enable “ENIGMA” on top of “Cloak Shield” to truly make it private?
Here are the parts I’ve picked on from their website:
Alice’s Cloak wallet then automatically sends a request to the network for other Cloak wallets who have elected to become ENIGMA mixer nodes to obfuscate her transaction. All of this is done privately and securely throughout with no identities or true IP addresses revealed.
Bob has cloaking mode enabled in his wallet and the wallet generates a secure CloakShield encryption channel for communications with Alice’s wallet. Bob’s wallet sends Alice a secure connection, containing encrypted inputs and outputs to commence the transaction.
With this confirmed, Alice, with full anonymity, creates an encrypted ENIGMA transaction containing her true inputs and outputs and Bob’s cloaking (obscured) inputs and outputs. Bob and Alice both sign the ENIGMA transaction before it is submitted to the network for inclusion into a PoS block.
Going back to the concerns I have above, I really don’t like how Alice’s wallet would ever communicate with anyone other than the receiver or the Cloak network. By introducing Bob, there is the chance that Bob could decipher and identify what Alice is doing. Of course that’s not what should happen, but I believe it is a huge security whole to involve random third parties in confirming or obfuscating transactions. The situation reminds me a lot of the vulnerabilities in the TOR network. Essentially Bob is like an exit node, running transactions for Alice. Bob shouldn’t know who Alice is or what she is doing, but what if there is an implementation error or other issue? This could be avoided by not using any random third party.
I think Cloak does a great job but they’ve actually introduced a huge security hole by doing the random, third party, processes the transaction part. It would be like saying “my data is encrypted so I’ll send encrypted copies to everyone”. Sure it is encrypted but if someone can ever hack your encrypted data either through bruteforce or an algorithm/implementation error then you are done for. The best solution is to never send private and sensitive data to an extra, third party.
I do think the Cloak project has worked hard and it has some great ideas but aside from privacy and what I believe are security holes in how they implement it, they have done a great job but it is not a coin that does everything right.
For those who know me, I am very much against forks. As I’ve stated before they decrease, value, lead to scams and confusion. This can be evidenced with Bitcoin Gold regardless of who you believe was responsible. Right off the bat Bitcoin Private is warning of scammers trying to confuse you with a warning on their website.
The problem with these types of coins, hardforks or what I think are really counterfeits is that you need to give up the very “private keys” of your real, valuable Bitcoin to claim the “new counterfeit coin”. This is a huge security problem, regardless of who made the wallet what if the wallet is designed or hacked to maliciously steal your real Bitcoins? There is no easy and secure way to claim your coins from these counterfeits. Once you give up your private keys to Bitcoin Cash, Bitcoin Gold, Bitcoin Private they could steal your real Bitcoins.
Now there is a way around it, you could transfer your coins to another wallet but it’s a huge pain and a mistake could cost a novice user all of their Bitcoin.
Now in all fairness I appreciate this team at least has official wallets ready for download, unlike Bitcoin Cash.
Users who have the currency called “ZClassic” are also involved here, which is also another confusing fork of ZCash.
This is what I mean about all of the confusion. It creates an environment where holders and buyers are easily confused about which is the real “Bitcoin”, which is the real ZCash. And really, I can’t see any reason why people are forking except as a cash grab and counterfeiting spree.
For this reason I don’t trust Bitcoin Private anymore than I trust the other forks (although I trust Bitcoin Gold the least). I personally feel there is no good reason to trust any of them. If they want to make a new or better currency they should really just make their own, or at least copy it under a new name. But of course forking, creates unwilling participants and owners of the new currency, while enriching and rewarding the hardforkers for their counterfeiting.
For those reason if I had to pick between the two, I think Cloak has our best interests at heart and hardforked coins are just a scam, counterfeit and cash grab by unscrupulous people.