(I though that this thread was about Trezor, not about me.)

When validating a system one MUST be paranoid.  If there is a way to break it, no matter how "unlikely", that is the way that criminals will aim for.  You cannot expect tham to be nice and only try those attacks that you have protected against.

There is nothing paranoid about fake or compromised Trezors being used to steal  passwords and PINs.

The fact that one can upload new firmware does increase the risks.  For one thing, a hacker or a rogue satoshilabs employee could get his malicious firmware signed, and then use it in many ways (besides the one I described).  I hope that you are paranoid enough to imagine some more.

Suppose that one day a client tries to use his Trezor, where he put all his BTC, and it shows "warning, firmware is unsigned,do you want to continue?" What is the probability that he will click "yes" (and then enter his passphrase when the device asks for it), rather than calling the Trezor hotline?

Are you acquainted with, say, the false fronts for ATM machines that steal card data? 

You don't build confidence on a system by having it examined only by people who want it to be declared safe.  

Is there ANY reason to believe that this 'Ukyo' is genunely trying to return the "lost" coins? 

Stamped on top of some key, perhaps?

Hm... What if someone get holds of your Trezor without your knowledge, installs malicious firmware that saves your passphrase, returns it to you, then steals it again after you have used it, and downloads the pasphrase?  Or whaterver?

This text is written by Mark. It is surprising that he is allowed to have any voice about (or control of) the proceedings at all...

Have you tried googling 'green ideas sleep'?

Is it wet that green ideas sleep furiously?

Indeed, I got this suspicion that most of the traffic in the Bitcoin blockchain (~70'000 BTC/day currently) is "fake", namely coins being moved between addresses that belong to the same owner.   Could it be all generated by a single person, from a single laptop, moving 500 bitcoins (possibly in many different addresses) every 10 minutes or so?  Perhaps someone is trying to wash stolen coins, or torture-test some wallet software...
https://blockchain.info/charts/estimated-transaction-volume 

The number of new addresses used per day may be bloated for the same reason.  Since new addresses are free, why not...?

Wait, I am confused.  Do you mean that the firmware can be replaced after the device was assembled?  If so, what is the procedure to do that?

That is almost certainly true -- but whose expectations? 

Some say that it was the "next bubble" predicted by exponential extrapolation, which did not happen when predicted, and instead the price broke out through the bottom of some channel that was supposed to contain it.

However, that explanation is not very convincing because the interval between bubbles has been quite variable, so no one should have expected the "next bubble" to happen in a particular month.   As for the channel breakout, that could be easily "fixed"  by redrawing the channel.

I still prefer my "Chinese" explanation.  Namely, the price went up in late May because some Chinese traders got advance info about the "offshore" branches of Huobi and OKCoin, and stocked on bitcoins expecting the price to shoot up when they opened.  The price is now dropping because the "offshore" exchanges finally opened, those traders were disappointed, and they are unloading their coins back on the Mainland exchanges.

As I wrote, using a Trezor is surely safer than entering or storing keys in your PC or laptop, and you may even dare to use it on a random cybercafe computer (which you should never entrust with your keys).

However, users must be aware that the risk of theft is still not negligible, and they must still be very careful when using the Trezor -- even more than when using credit cards or home banking.

Consider the entire process of stealing money from your account or credit card, including what the thief needs to do to get the cash in hand once he has stolen the PIN or passwords, and what you can do once you discover the theft.  Bitcoin makes the theft much simpler and safer for the thief, and he can effectively collect bicoins stolen from thousands of wallets on the same day, without even being logged in at the time.  Bitcoin thefts have proven to be nearly impossible to solve; the stolen coins cannot be blocked or seized, and are easily laundered with little risk.

For those reasons, and more, bitcoin is extremely attractive to professional cybercriminals.  It is no wonder that there are already more bitcoin thefts than credit card thefts, in proportion to the total e-payments.  


Of course it is very important to discuss these issues.  I don't know the details of the hardware & software, but I am sure that its safety can be improved in many ways.

For example, it is still not clear to me whether there is any practical way to check that the firmware that is loaded in a particular Trezor device is the official one.  (This is the fundamental fatal flaw of every all-digital voting machine design, and there is still no known solution for it.)

But Huobi's traders like to play the catch-my-wall-if-you-can game, more than other traders it seems...

By "recording" I do not mean just keylogging, but (e.g.) placing a hidden hi-res camera in the right spot.

One may have to use a public computer for realtively large sums, e.g. pay a hotel bill or run a business remotely while on vacation in a remote place.

I did not mean bufer overflow explicitly (no programmer should make that mistake any more) but some other subtle bug that can be exploited to breach the security.

"It is easy to write correct software, you just have to remove all its bugs. And it is easy to remove all bugs, you just have to remove the last one." 
 
But there is no easy way to make sure that the software that they are checking is what is stored in the device, is there?

A criminal who sets out to physically hack a rich man's Trezor during delivery will surely be able to provide a neatly sealed package that will fool him.

Most devices will be bought via internet and delivered by UPS or the like.  International purchases will be particularly risky since the packages may sit to weeks at customs and be opened by them.

The Trezor's exterior is quite simple, so it seems relatively easy to make a fake one that looks and feels like the original.  The copy can be swapped for the original, without the owner noticing, and can be designed to steal the PIN and/or passphrase and transmit it to the thief, e.g. by bluetooth. (This attack would be similar to the "chupa-cabra" that thieves attach to ATMs to steal card data and PINs).

It seems to have started around 2:00 UTC on Huobi and OKCoin, and at about 2:12 on Bitfinex.  At 2:12 the Chinese exchanges were already halfway through it.

I cannot prove that the late May pump and the recent dumps have Chinese causes, but at least there are some relevant events and vaguely possible explanations in that bucket, but none in the "Western thing" bucket.

Isn't the blockchain the embryo of the Matrix, where every human being will eventually have no other choice but to be perpetually plugged in, and to it surrender all its worth?

Indeed the UPS tracking number should be sent privately to the client as soon as the package is shipped.  Thre is no excuse for not doing so.

I intended to suggest that they publish only

  "order #, model, quantity, date order received, date(s) product(s) shipped/refunded"

for all orders, so that each client can verify not only his status but also how it stands in relation to the other clients.

In normal circumstances a company would not publish such data, but given the persistent (and, I would think, justified) suspicions that this company is being quite unfair in the scheduling of shipments/refunds, publising that information would do more good than harm, IMHO.

Bitcoin-related businesses in general are risky because they are not regulated, and, being private companies rather than public, they are not required to submit to independent audit every quarter.  One way to reduce that risk and increase customer confidence is to be more transparent than a normal corporation would.

Apparently it started in China, several minutes before Bitstamp/Bitfinex.

The bitcoin press should be trying to understand and report on the situation in China.  Are the Huobi and OKCoin.CN clients migrating to the new offshore sites BitVC and OKCoin.COM?  Is BitVC going to trade in USD too, or only in CNY? (Or is that CNH?) Is OKCoin.COM going to be competitive to Bitstamp etc?  And so on...

Reporting on bitcoin without looking at China is like reporting on casinos without considering Las Vegas...

[ ANOTHER CHARITABLE CONTRIBUTION TO THE PAGE COUNT ]

I am thinking of starting a Wall Observer Backed Investment Thread (WOBIT).

Each post on the WOBIT thread will be guaranteed to be a quote of 1/10 of the text of some post in this thread.  Posts to WOBIT will be illiquid; authors will not be able to delete them for the first six months, and cannot be re-quoted by other users  except by special authorization of the WOBIT managing moderator.

Only accredited posters will be allowed at first, but there are plans for Q4/2014 to create an exchange where WOBIT posts can be openly traded for ChartBuddy plots or dinosaur images.