Require third-party audits for Web wallets?

[theymos]

Since Web wallets with complete control over your bitcoins are basically banks, it occurs to me that maybe they should be required to undergo some sort of periodic third-party audit (similar to what fiat banks must do) in order to be listed on bitcoin.org. While this wouldn't protect against all issues (MtGox probably would have figured out some way to pass an audit), this would at least ensure that the company is an actual legal entity and has accounting/security practices that aren't absolutely insane.

Probably there aren't yet any trustworthy companies that could perform audits of the Bitcoin aspects, but maybe some existing auditing companies would be willing to audit just the business and fiat accounting aspects. I don't know anything about how this would work, though. Maybe some of the big EWallets like Coinbase would be willing to help formulate requirements here, since this would (at least initially) probably cause some of their smaller competitors to be delisted.

Thoughts?

[MineForeman]

I am not sure we are heading in the right direction with the criteria of wallets for inclusion.

From my point of view the only criteria should be that they are in use by a significant percentage of the population, then we include them if they want to be included or not. We can then point out the virtues of the wallet warts and all.

By not including the "bad wallets" that do not audit or use something like HSTS we are not giving the user the full picture. If we include them, with several red marks against their name, then the user is then informed.

[saivann]

@theymos AFAIK, regulated wallets like Coinbase and Circle have a lot of audits and requirements at least in the US. This information, if it was a bit more public, I think would certainly be relevant and worth adapting the scores and requirements.

@MineForeman Mmh, I think there is too much relevant criterias for bitcoin.org to display every of them to the user, the resulting layout would be unreadable.

[MineForeman]

@aivann That is why I said "The only criteria should be that they are in use by a significant percentage".

Agreed, it is another arbitrary mark that we are going to have use but it is just one instead of half a dozen or more.

What worries me is that what probably is the largest web wallet out there in terms of users has had many breaches and occurrences of "not the best" practices (that are continuing) and we are not informing people who are about to choose a wallet.

[saivann]

@MineForeman If I understand your suggestion correctly, you are saying any popular wallet should be included, with a list of green/red marks, instead of having requirements. What I meant is that there is a lot of them, so displaying them all would make a very complex layout, and the result wouldn't serve the user, especially given that most criterias are reasonably at reach for most wallets.

There is also a more fundamental issue - there is responsability involved with listing wallets since they are perceived as recommendations by visitors.

[harding]

@theymos A few days ago I asked in PR #730 for information about a non-financial security audit mentioned on Celery Wallet's website. One of the questions I had for myself was, "how can I be reasonably assured the audit was actually done by a competent computer security professional?"

I think this problem exists for almost any third-party audit, and also for things like Bitcoin deposit insurance---Bitcoin.org volunteer reviewers may not have the means to verify the authenticity and quality of such reports or insurance offers.

I'm not sure what to do about this. I don't think our review process has to be perfect, but I also wonder if this proposal introduces too many potential problems.

@MineForeman I agree with you, at least in principle, but I think that's a separate discussion from the one we're having here. Could you convert your first post above into a new issue so we can discuss it further? Thanks!

[MineForeman]

@saivann Yeah, that is what I mean, I admit it is a total change of what goes on now and comes with another set of pitfalls. The whole "perception as a recommendation" is a problem with either system and one that needs to be tread lightly. I just think that we might be better off in just handing out the information and letting the user come up with their own decision.

@harding You're absolutely right, this is another issue, it has been mulling through my head for a while now trying to think of a good way to bring it up. I will repost it after I have my lunch ;) .

[saivann]

@harding Agreed, I don't know either how to evaluate and deal with the quality and scope of audits.

[Ninkip2p]

I would go as far to have a separate section called "Bitcoin Banks" for these services.

[luke-jr]

"Bitcoin Banks" sounds like a nice idea, but then we need something for the web wallets that don't use best practices of having shared hot/cold wallets (eg, blockchain.info if it is ever re-added). These are worse than the Bitcoin Banks, but would try to argue that they aren't banks.

[wbnns]

One idea regarding the "popularity" model, would be to only include web wallets that have an Alexa ranking under a certain threshold. This would allow us to crowd-source what is being visited and used the most for the purposes of inclusion. We can still provide additional indicators of the types of security / privacy features, etc., people should be aware of when using a specific wallet that is below the threshold. This would also circumvent the problem of figuring out what to do with all of the web wallets that have a small fraction of users in the overall space. As those gain traction they would then become eligible by meeting our usage / adoption threshold.