Choose your wallet page should not group web-only wallets (coinbase) and client-side JS wallets like blockchain

[kravets]

There is a big difference between two kinds of "web wallets".

Coinbase controls and does not reveal your own private keys to you, so your coins are ultimately only as safe as coinbase is safe to continue its operations.

This is very different from blockchain.info where which does client-side javascript operations and is not in possession of users' keys and the user should not lose the coins (assuming wallet backup was properly done) if / when blockchain.info goes offline.

Proposed solution: Add a new section "Hybrid Wallets" and place blockchain.info into it, reserve "Web Wallets" only for coinbase and other sites that control users' private keys.

Cheers ...

[evolvo]

agreed

[gmaxwell]

Client side wallets can still replace the javascript— even the pinning plugins only verify that the JS matches what is stored on github also reducing it to github's security.

The advantages here are easily overstated and that analysis omits things like auditing, insurance, etc. ability to recover from a lost password, etc. which may have a more material impact on the user's safety.

[saivann]

Current consensus on what we have now concerning blockchain.info took a lot of discussion. I agree with using "hybrid wallet" in the description on blockchain.info, at least. However, the rest requires more discussion with the developers. There is also a technical difficulty to consider first with 4 categories, as it would not fit in one line and it would break the layout

[gmaxwell]

Well, I think the greater criteria is should that particular site be set out and emphasized over alternatives— and I think it is far from clear that it should be because it is not strictly superior. We really do not want the site to be in the winner picking and losing business, especially if doing so will result in diversity loss in the ecosystem.

[kravets]

Blockchain's Chrome or Firefox extensions are as secure as downloadable wallets and incomparably more secure then something like Coinbase which can suffer an insider hack steeling everybody's coins or simply go bankrupt.

[gmaxwell]

@kravets I don't agree, as has been argued extensively before. It's more secure in some ways, but apparently less secure in other ways. It is categorically not as secure as any of the downloadable wallets. For example when Blockchain's wallet tells you that you've received a 21 million BTC payment (https://people.xiph.org/~greg/21mbtc.png) payment only your own common sense protects you.

The fact that people keep misrepresenting it is as equally secure to Bitcoin network clients reflects the kind of unsophisticated thinking about security which makes it even more important to not promote it as equal.

[saivann]

Closing the issue as per the above comments. A better consensus than what we have now is required before this issue can go any further. I added "hybrid wallet" in the description of blockchain.info .