Difference between revisions of "Secure Trading"

From Bitcoin Wiki
Jump to: navigation, search
m (clearcoin closed)
(Setting up OpenPGP email)
Line 37: Line 37:
==== Setting up OpenPGP email ====
==== Setting up OpenPGP email ====
Once you have GPG installed on your system, it is recommended that you use Thunderbird (that works on both Windows and Linux systems:
Once you have GPG installed on your system, it is recommended that you use Thunderbird that works on both Windows and Linux systems:
===== All: =====
===== All: =====

Revision as of 06:53, 27 June 2011

Secure Trading Online

This topic is a guide on how to set up your online identity and best practices for trading with others in the Bitcoin community.


Within the Bitcoin community, many are very careful with their security and identity. This is primarily for two reasons:

  1. There is no violent body to cover your back for you, or, more simply, there are no courts to seek assistance from if your transaction sours.
  2. One’s reputation is the most important thing that any user has; traders will take very little risk with new users who have not proven themselves (as they could just be last week’s scammer with a new identity).

The Bitcoin community uses a few tools to help protect privacy, and thus identity. The first and most important is a Secure Computer.

Before proceeding please make sure you have completed the Securing Your Computer guide; this guide assumes that your computer is secure both physically and in software.

If you are trading within Canada you are encouraged to use Interac e-transfer and Clearcoin (now closed) as outlined on this page.

Creating a secure identity

The first step is to create a cryptographically secure public-private key-pair. This will be used as the basis of keeping both your wallet (see Securing your wallet) and your identity secure.

Creating your first PGP key-pair

A PGP key-pair serves two very important functions:

  1. To sign information with an unforgettable signature
  2. To decrypt things that other people encrypt for you

This allows you to both conduct business privately (encryption), and give out promises that you cannot deny making (signature).

Installing GPG

Virtually all Linux distributions include GPG in their default configurations. However windows doesn't provide it by default.

Microsoft Windows:

On windows, the recommend package that contains gpg is the Git package by the msysgit project. This package contains a group of unix tools that are very useful for any windows installation.

  • Navigate to msysgit https://code.google.com/p/msysgit/downloads/list
  • Select the latest 'Git' package. (Git-1.7.4-preview20110204.exe)
  • When installing Git on the 'Adjusting your PATH environment' screen select 'Run Git and included Unix tools from the Windows Command Prompt'

This option will install both Git and its supporting tools that include gpg into the windows PATH file. This will enable any windows application to access gpg.
On some (rare) systems this option that replaces the default windows tools will cause issues... However on most it should be fine.

  • After installation, gpg will be able to be used just by entering 'gpg' into any windows cmd shell.

Setting up OpenPGP email

Once you have GPG installed on your system, it is recommended that you use Thunderbird that works on both Windows and Linux systems:

  1. Install Thunderbird: https://www.mozillamessaging.com/en-GB/
  2. Setup your email account with Thunderbird.
  3. Install the Enigmail plugin for Thunderbird: https://addons.mozilla.org/en-US/thunderbird/addon/enigmail/

Upon loading Enigmail, Thunderbird will ask you to make a new ‘identity,’ follow this wizard and you will have created your identity.
You should backup your private key in a secure place. Secondary, you should create a revocation certificate and store that in a different secure place (maybe print it out and store it in your fire safe).

Register with [#bitcoin-otc]

Follow the guide here: http://wiki.bitcoin-otc.com/wiki/Using_bitcoin-otc

Register the same username at the popular places:

Use a strong and different password for each of these places, keeping your passwords in a secure place. This will allow other people in the community to track you across the different Bitcoin related sites. Also making identity theft online more challenging.

Best Practices with trading

Use Bitcoin-OTC

Make sure both parties agree to the terms of the trade with signed messages

  • Get a PGP signed quote, and check the signature.
  • Send a PGP signed receipt.

This allows either party to go public if the trade has become sour and stops your trading partner from claiming the details of the agreement were somehow different.

Search the Bitcoin Forum for the username of the person that you are trading with. Check if the user has provided constructive and useful advice to other parties. And, most importantly, check for any claims that the user has scammed.

Use an escrow

Trading might benefit from an escrow such that bitcoins are disbursed only after contract terms have been met.

Two relatively new offerings are BTCrow and Eptiv.

Found in Bitcoin's community are trusted individuals willing to act as independent, third-party escrow brokers.