Bitcoin Private and Cloak Cryptocurrencies

There is a huge emphasis on privacy with a lot of new coins but I do feel that a lot of coins focus on a single issue and leave the overall business and usability aspect out.  How do these newer coins fare?

Cloak

My first impression is why doesn’t the non-www version work while the www version does?  Does their team not know how to properly configure nginx or is it just a simple mistake and oversight?

Cloakcoin.com-Forbidden-ConfigError

They call their encryption ENIGMA which I am not sure is a joke or if they aren’t aware of the ENIGMA encryption box in Germany that was compromised during WWII?  I would more so be worried that it is a read between the lines joke or a hint that the team is doing something more than they claim?  Sorry but I just can’t get over the fact that they would not know about the Enigma box from Germany that was decoded.

For my second point I do like the privacy aspects but this is where I have concerns.  On one head they tout privacy, but then to have more privacy they obfuscate transactions by using other clients wallets?  Why would you allow a third-party and random strange to process or handle any part of the transaction?  I do realize they say it is fully encrypted and obfuscated so the random third party stranger on the network shouldn’t know anything about you or your transaction, but to me it violates the principle of privacy and security.  It reminds me of how everyone believed the TOR network is a good idea and secure, but in reality whoever runs an exit node can spy on other users, including the NSA.  This architecture of Cloak makes me worried that a vulnerability could be found and that privacy could be worse than most other Bitcoin-style coins.  Even if a simple vulnerability was not found, you are essentially passing private information to random strangers on the network, the NSA or other large funded organizations could use this to spy on other users or even perhaps modify transactions and create chaos on the network.

I also find it confusing how they say it is private but you have to enable “ENIGMA” on top of “Cloak Shield” to truly make it private?

Here are the parts I’ve picked on from their website:

Alice’s Cloak wallet then automatically sends a request to the network for other Cloak wallets who have elected to become ENIGMA mixer nodes to obfuscate her transaction. All of this is done privately and securely throughout with no identities or true IP addresses revealed.

Bob has cloaking mode enabled in his wallet and the wallet generates a secure CloakShield encryption channel for communications with Alice’s wallet. Bob’s wallet sends Alice a secure connection, containing encrypted inputs and outputs to commence the transaction.

With this confirmed, Alice, with full anonymity, creates an encrypted ENIGMA transaction containing her true inputs and outputs and Bob’s cloaking (obscured) inputs and outputs. Bob and Alice both sign the ENIGMA transaction before it is submitted to the network for inclusion into a PoS block.

Going back to the concerns I have above, I really don’t like how Alice’s wallet would ever communicate with anyone other than the receiver or the Cloak network.  By introducing Bob, there is the chance that Bob could decipher and identify what Alice is doing.  Of course that’s not what should happen, but I believe it is a huge security whole to involve random third parties in confirming or obfuscating transactions.  The situation reminds me a lot of the vulnerabilities in the TOR network.  Essentially Bob is like an exit node, running transactions for Alice.  Bob shouldn’t know who Alice is or what she is doing, but what if there is an implementation error or other issue?  This could be avoided by not using any random third party.

I think Cloak does a great job but they’ve actually introduced a huge security hole by doing the random, third party, processes the transaction part.  It would be like saying “my data is encrypted so I’ll send encrypted copies to everyone”.  Sure it is encrypted but if someone can ever hack your encrypted data either through bruteforce or an algorithm/implementation error then you are done for.  The best solution is to never send private and sensitive data to an extra, third party.

I do think the Cloak project has worked hard and it has some great ideas but aside from privacy and what I believe are security holes in how they implement it, they have done a great job but it is not a coin that does everything right.

Bitcoin Private

For those who know me, I am very much against forks.  As I’ve stated before they decrease, value, lead to scams and confusion.  This can be evidenced with Bitcoin Gold regardless of who you believe was responsible.  Right off the bat Bitcoin Private is warning of scammers trying to confuse you with a warning on their website.

BitcoinPrivate-BTCP-Scam-Private-Keys

The problem with these types of coins, hardforks or what I think are really counterfeits is that you need to give up the very “private keys” of your real, valuable Bitcoin to claim the “new counterfeit coin”.  This is a huge security problem, regardless of who made the wallet what if the wallet is designed or hacked to maliciously steal your real Bitcoins?  There is no easy and secure way to claim your coins from these counterfeits.   Once you give up your private keys to Bitcoin Cash, Bitcoin Gold, Bitcoin Private they could steal your real Bitcoins.

Now there is a way around it, you could transfer your coins to another wallet but it’s a huge pain and a mistake could cost a novice user all of their Bitcoin.

Now in all fairness I appreciate this team at least has official wallets ready for download, unlike Bitcoin Cash.

Users who have the currency called “ZClassic” are also involved here, which is also another confusing fork of ZCash.

This is what I mean about all of the confusion.  It creates an environment where holders and buyers are easily confused about which is the real “Bitcoin”, which is the real ZCash.  And really, I can’t see any reason why people are forking except as a cash grab and counterfeiting spree.

For this reason I don’t trust Bitcoin Private anymore than I trust the other forks (although I trust Bitcoin Gold the least).  I personally feel there is no good reason to trust any of them.  If they want to make a new or better currency they should really just make their own, or at least copy it under a new name.  But of course forking, creates unwilling participants and owners of the new currency, while enriching and rewarding the hardforkers for their counterfeiting.

For those reason if I had to pick between the two, I think Cloak has our best interests at heart and hardforked coins are just a scam, counterfeit and cash grab by unscrupulous people.

Cloud VPS Server Comparison by Techrich

Recently a friend asked me to compare ourselves to other large Cloud providers.  It didn’t take me long to think about it, considering essentially Techrich and Compevo architecture are identical. This wasn’t by accident, but by my own principles on how an IT company should function.  Since designing what is now known as the “Super High Performance Cloud Architecture” back in 2009. I knew I wanted Techrich to be smart on security, strict on reliability, and strong on IT protocols.

This infographic probably says it the best but I’ll do my best to explain it as well (explanation below the infographic).

Techrich Cloud VPS Server Hosting Comparison

In a nutshell most of the other Cloud architectures out there rely heavily on a shared storage pool for their VPS’s. We don’t do this.

Some companies have even gone down completely when one of their “main shared storage nodes” was hacked or had a hardware failure.

The problem with shared storage nodes/SANs (Storage Area Networks)

The problem with this architecture is that multiple physical hostnodes rely on a single point of failure for storage.  Not only that, but you can imagine the performance issues that shared network bandwidth cause when multiple hostnodes are competing for the same disk IO resources from a single shared node.

Now I know some companies have redundant shared storage but this is not good enough for both performance, security and reliability reasons.

The Techrich way of doing things is that we have tons of individual nodes that are active/failover.  This eliminates the possibility that a shared storage fault could take offline multiple hostnodes.

In our architecture we have Cloud in a 1-to-1 structure, that means data is live replicated to a standby server which does nothing but wait in case the main server fails or has an issue.

By doing this the performance is also higher, since storage is all local, you get the benefit of Cloud architecture but none of the high risks or performance issues that traditional “shared storage” Cloud brings you.

That’s the Techrich advantage and why we developed our own proprietary and hybrid system to accomplish this.  To date we’ve never been hacked or had any downtime and this is because of the architecture we’ve pursued while sparing no expense in delivering what we feel is the best product.  This is what I’d recommend all of my colleagues and friends to do if they went Cloud.  If they were going to use a shared storage cloud I’d recommend that they just make their own with a few dedicated servers or even a single dedicated server can sometimes be better, more affordable and reliable in the long-run.

When these large Cloud companies like Amazon and Alibaba started out, we did wonder would we lose out to customers who valued price over quality, security and reliability?  We were shocked when the opposite ended up happening- there was a sudden rush of sign ups, and not only that, we had to order a ton of extra servers to keep up with the demand.  I had my IT support staff double and working overtime to meet the crazy rush. It was a good problem to have, but it forced me to grow a lot faster than predicted.

In fact we’ve now noticed a trend that the bottom feeders (scammers, hackers, spammers) have gone to the cheap Cloud companies and a lot of larger players have moved to us.  This is in part, because companies who are more tech and privacy orientated who don’t want to be in a PRISM country or be at risk of the NSA being given access to their sensitive, private and proprietary business/ client information  (which is mandated for large-Cloud providers operating out of any PRISM country), so they moved to us and remain with us.

Now we get clients who even run small or middle scale businesses who have found us and switched to us simply because they do not want to be on something as risky as Amazon or Alibaba. I guess you could call Techrich and Compevo, the original IT business security company. And I plan to keep it that way.

Thanks to clunite.com for including us in their comparison

Facebook Tracks Non-Users Too!

As some people are just learning, Facebook has been tracking both users and even non-users in a violation of their privacy that most never opted into.  Anytime you visit a Facebook related or enabled site, they are tracking you.  Conversely as a Facebook user, they track and relate all of your off-Facebook activity on any site that uses Facebook plugins or functionality (which are a lot of sites).  This is horrible and should be stopped but in all fairness “they all do it” and if anything Google is probably worse.

If the above is not bad enough, the PRISM network has backdoors to all of these services so you are being violated directly by corporations and multiple governments who index all of your activity.  Privacy is a thing of the past unfortunately.

However there are ways to fight back such as disabling cookies and deleting all cookies regularly and especially to use a random VPN to make tracking harder.

It’s not so much that the majority of people have anything to hide, but privacy is a right everyone has.  Most people would object to having cameras in the washroom, not because they are doing something wrong but because you have the right to dignity and privacy.

Hopefully the longstanding issue with most giant online sites from Facebook, Google etc.. will drive demands from people around the world to restore privacy and digital rights in an era where infringement is common.

 

Lightning Network – LN Network DDOS’d and Attacked By Organized Group

A group calling itself Bitpico has bragged about attacking the LN (Lightning Network).  The group claims it is stress testing the network and the LN developers responded that they are analyzing and trying to close any attack vectors before the currency is used more.

It is almost a traditional DOS attack where nodes were flooded with false transactions to overwhelm them so no real transactions could get through (similar to a web attack that opens frivolous connections to overwhelm the server).

Inevitably almost all networks go through this and it really is a typical cat and mouse game in any public, permissionless blockchains.  It is really an IT security nightmare where no one is authenticated or vetted whatsoever.  There is little disincentive for organized and well-funded groups not to attack blockchains if they have enough motivation, and clearly many do.

 

Alibaba’s Sesame China’s All-in-One Credit Rating System

Alibaba’s Sesame Credit which launched in 2015 is one of the highest profile Social Credit Systems in China.  In part this is because it gathers a lot of data from Alibaba Cloud services (the same thing as essentially what Facebook, Google and other US companies do).  However, in China the process is more formal and complex as it isn’t just for spying and marketing purposes.

It is a system that essentially rates your associates, activities, lifestyle and not just your financial credit alone.  So it is both a pro and con in some cases that these aspects are used, but it all depends on your lifestyle.

I find it highly controversial and it all really depends on how fair will the system be and is it more fair than the traditional model?

With ICOs like Bloom I wonder how it will fare and compare?

Why Deleting Facebook Is Futile Unless…..

I’ve had this conversion with a lot of people over the years and what I’ve found is that the majority of people are complacent about privacy and security.  In a way it is good that some have woken up to what Facebook is and has been doing but this idea of some floated around that “I will trust Facebook until it gave me reason not to”.  This is a completely flawed idea in my opinion.  Facebook was never trustworthy and its TOS always gave it a right to violate your privacy, harvest your data for both government and marketing purposes etc… In fact Google, Gmail, Hotmail, Telegram, Whatsapp and the list goes on are free for a reason.  One, they make money by spying on you and they also provide a great backdoor to the NSA to spy on you (hopefully everyone now understand the PRISM spying network).

There were times where some would debate about the length and depth of spying by major free services but this is no longer in debate.  If you are using these freebie services and just delete Facebook alone you haven’t done enough.

Here are some steps to secure yourself and your privacy:

Delete Everything!

Seriously stop using these free chat and e-mail services and tell your friends and family that you won’t communicate via those mediums.

Secure Your E-mail

Use your very own, owned e-mail server with encryption including GnuPG to encrypt e-mails in both transit and storage.  There are providers who can get you a VPS or full Dedicated Server for this purpose.  You will probably find that your e-mail stops going missing, is fast and more reliable to boot!

Stop Using US Based Massive Cloud Servers

This could be in the form of an Amazon, Microsoft, Alibaba VPS instance but you can expect that those services will not be keeping your data private and most likely have been obliged to allow backdoor access to your server and data.

Another type of user would again be those who “store data in the Microsoft, Google or Apple Cloud”.  Stop using those services if you value your privacy.

Secure Your Chat

Everyone likes instant chat but did you ever wonder why all the traditional chat services like ICQ and MSN Messenger shutdown?  My belief is that being forced to chat on your phone makes it easier to both identify and track you but also to spy on you.  Once again top offenders are Telegram, Whatsapp and any similar ones.

To secure your chat you should run your own encrypted chat server.

These are just a few common sense things you can do to make it much more difficult to have your rights and privacy violated.  Personal and intimate moments shouldn’t be uploaded to the Cloud for corporate and government agencies to peruse!]

In general try to think in a security minded way perhaps as you would your house.  Would you feel secure at home if you knew your living quarters was shared with multiple people or that it was being spied on constantly.   Think about steps you would take to protect your house or property from intruders and spies.  Your digital house works the same way, so be sure to keep the keys and access in your control and not that of a third party which can’t be trusted.

We Need A Better Coin Now!

Cryptocurrency today as of the time of this writing is in a bit of a flux and identity crisis.  Part of this is due to a well directed campaign in the news via government and banking entities.  However, I will always give credit where it is due and many of the flaws that have been pointed out by these entities are completely true.  In fact, from a business, security and IT standpoint I find that most cryptocurrencies are almost impossible to use.  There are coins that individually address “some of the issues” but I have never seen a coin or team that “just seems to get it”.

Whether it’s how an ICO is run, basic functionality, security, privacy, getting out information it seems apparent to me that the vast majority of teams and coins do not sufficient combined IT and Business Knowledge to make things work.

There are just so many issues with a lot of the top coins that could kill them, let me name a few in no particular order.

Speed – 99% of cryptocurrencies are extremely slow taking minutes, hours or several days to complete a transaction!

Expensive – A lot of times you can spend a small fortune just sending a small amount of coin to someone (you could spend $100 to send $5 of coins with some Ethereum tokens for example)!

Security – Most coins are by default completely insecure.  Any coin that has a public ledger is insecure and has 0 privacy.  This allows for replay attacks and all kinds of nasty things.  It also means your activities are easily tracked and traced.  Imagine if your competitors can see exactly who is paying and who you are paying including the full amounts?  It would put your business at a huge disadvantage.  Having “public, permissionless blockchain” such as Bitcoin, Ethereum, Litecoin etc..  will mean the coins can never be secure when the whole public is involved.

Hardforks – Most coins are easily counterfeited, hard or softforked where basically anyone can copy an entire coin and just rename it and call it their own, while confusing and devaluing the original coin holders.  This should never be able to happen just for the reason of sanity, continuity and integrity.  There have already been scams like the BTG Scam and replay attacks.

PoW/Mining – It is absolutely crazy that mining still exists, as cool as it originally was, mining is now a hindrance in many ways to the cryptocurrency community.  Not only is it wasteful in terms of energy resources, it is unsustainable in both environmental, monetary and functional terms.  Returns are so slow with most major coins that it is almost not worth it unless your power is cheap or free.

To top it off why on earth should we let transactions be controlled by “miners finding the next block”.  It doesn’t secure the network anymore and that is because coins like Bitcoin were created before ASICs and assumed “no one would party would hold more than 10% hashing power”.  Of course single pools in China have way more than 10% power and so do some mining farms possibly.  This means that pools and large farms could work together to defraud people by sending false transactions and confirming it among themselves.  By the time the scam is realized the parties who initiated the scam would already have escaped with the money.

Mining also leads to centralization, the very thing that cryptocurrency was meant to avoid.  This inevitable because as difficulty increases, only large corporate or government players with deep pockets can continue.

The same applies with running full nodes, large organizations will be the one running them.

Usability – Most coins are unusable because they are slow and insecure but to make it worse there’s more.  The current coins are not easily integrated in a secure way.  You shouldn’t have to run a full Litecoin, Bitcoin or Ethereum node on a huge mega server with tons of RAM and HDD just to create receiving addresses and receive payments.  This not only inefficient, it is insecure because the same computer that generates the receiving addresses is usually the one that holds the wallet/funds.

To top it off you can send to a wrong or non-existent address and lose your money forever with virtually all currencies.  Blockchain is just a big database, couldn’t some query be done to make sure the address actually exists?!  On top of that there is no feedback, send by e-mail or notifications by e-mail you always need to keep your wallet open to notice.  It would be much easier if these different functions are kept separate.  However this is a problem too because most cryptocurrencies are admittedly not secure if you don’t sync the entire chain.  And that’s another issue, syncing is a huge issue with coins like Ethereum it is extremely slow and takes a ridiculous amount of CPU cycles.  Imagine paying someone from Craigslist in person  and one of you says “hold on mate sorry I have to wait for my wallet to sync for hours or days!”.

 

Facebook’s Mark Zuckerberg finally apologies for the 3rd party data breach

Mark Zuckerberg has been noticeably absent since the scandal broke.  It personally doesn’t surprise me because Facebook has never been safe, secure or private regardless of your privacy settings.  Your data is legally there to be traversed by third parties for marketing purposes and for governmental agencies to surveil and analyze you.  This is essentially all in the TOS and for a company based in the US they are legally obligated to co-operate with entities such as the NSA, FBI, CIA for whatever they need, even if it would normally be a violation of the law.

To add insult to injury, Mark Zuckerberg actually didn’t apologize in his initial response to the privacy issues.

Deeper issues have recently revealed right to the top of the British Government and the Royal Family, including MoD ties to SCL (the company which is regarded as one and the same as CA).  They had contracts with NATO, UK Tory Party, and even the US State Department.  There is a General Tolhurst who is an aide to the Queen who is also on the board of SCL.  Even closer is a third cousin of Queen Elizabeth the II, Ivar Mountbatten.

The reason I mention all of this is because it sounds more like a co-operation between elite business and government than an accidental data breach or hacking done on behalf of a private company.

This could be why Mark Zuckerberg has been so quiet about it, after all those who are familiar with IT security and espionage cannot believe this is just a group of hackers.  With the breach being so significant and wide scale, why didn’t Facebook notice this sooner?  It seems like they either noticed it or were fully aware, but only took action after someone revealed it to the public.

I am certain more revelations will come out and they will probably be no less shocking than what we know.

Edward Snowden Says Bitcoin’s Downfall Is Public Ledger

I couldn’t have said it better myself although I have said as much about all cryptocurrencies which have a public ledger.   Edward Snowden made the comment at the Blockstack event in Berlin, Germany.   They are completely insecure and unsuitable for personal or business use in the long-term due to a lack of privacy.   There are other issues that Edward touched on such as extremely slow transaction times and many more I’ve talked about in other posts.

Snowden also predicted that a coin which fixes these various issues could be the one to replace Bitcoin.  While I fully agree privacy and security in Bitcoin and most other coins are an issue, aside from that most currencies are slow, inefficient, difficult to use and simply don’t work properly to send or receive payments.  This will all eventually be fixed but so far what I find is that some currencies fix one problem while ignoring the rest.

Ledger Nano S Bitcoin Altcoin Hardware Wallet Hacked By Teenager

I have warned for awhile about these hardware wallets.  I’ve never trusted them as you truly don’t know what is in the hardware or firmware and if it could be extremely vulnerable.  As bad as it sounds a traditional, secure PC is still the safer way to handle your cryptocurrency.

A teenager stumbled upon a vulnerability by noting the CPU that controls the private keys cannot differentiate between authentic or user made firmware.  This CPU is used to transmit data including keys.  Without much effort he was able to compromise this supposedly secure hardware wallet.

On top of that it looks like Ledger tried to downplay the issue and brush off the teenager who warned them of the vulnerability.  In all fairness physical is required but that’s not good, you shouldn’t worry that if your hardware wallet is found that someone could easily extract your private keys and coins from it!

They’ve also recently admitted another vulnerability exists where attackers could trick users to send out their funds to hackers.

For this reason I still don’t recommend hardware wallets, you are much safer on a secure computer.