Gregory Maxwell [ARCHIVE] on Nostr: 📅 Original date posted:2012-10-06 📝 Original message:I'm concerned about how ...
đź“… Original date posted:2012-10-06
📝 Original message:I'm concerned about how the particular security model of electrum is
being described; or rather— not being described. The electrum website
appears to have no security discussion beyond platitudes like "Secure:
Your private keys are not shared with the server. You do not have to
trust the server with your money.", "No scripts: Electrum does not
download any script at runtime. A compromised server cannot compromise
your client."
Claims like "You do not have to trust the server with your money" are
factually incorrect.
What I would expect is a proper discussion, like "Understanding the
bitcoinj security model":
http://code.google.com/p/bitcoinj/wiki/SecurityModel (which I don't
agree with completely— as it makes some claims which are known to be
false— wrt detecting double spends, but it does give a reasonable
overview), and avoidance of broad claims which will result in
misunderstandings that result in users engaging in riskier behaviors
which they could avoid if they better understood the security of the
software they're running.
Published at
2023-06-07 10:34:48Event JSON
{
"id": "2c3b42ec86407510615cc9a09f3b00861e4faacd4c4df915a612cc036fd299dc",
"pubkey": "4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73",
"created_at": 1686134088,
"kind": 1,
"tags": [
[
"e",
"6605d854c6e4f4272cbe29970c1fc384bdd30dc3dd6abee124159a3b84ca05c1",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "📅 Original date posted:2012-10-06\n📝 Original message:I'm concerned about how the particular security model of electrum is\nbeing described; or rather— not being described. The electrum website\nappears to have no security discussion beyond platitudes like \"Secure:\nYour private keys are not shared with the server. You do not have to\ntrust the server with your money.\", \"No scripts: Electrum does not\ndownload any script at runtime. A compromised server cannot compromise\nyour client.\"\n\nClaims like \"You do not have to trust the server with your money\" are\nfactually incorrect.\n\nWhat I would expect is a proper discussion, like \"Understanding the\nbitcoinj security model\":\nhttp://code.google.com/p/bitcoinj/wiki/SecurityModel (which I don't\nagree with completely— as it makes some claims which are known to be\nfalse— wrt detecting double spends, but it does give a reasonable\noverview), and avoidance of broad claims which will result in\nmisunderstandings that result in users engaging in riskier behaviors\nwhich they could avoid if they better understood the security of the\nsoftware they're running.",
"sig": "7485d98b81c56191307b309ed8cf38d56a3c609361089d1df6ceaeda769d4d2de35691156d6a21c852ee4d784686722b0827df1b73caf7eb9e7ca0d7e54995c6"
}