Secure Trading Online
This topic is a guide in how to set up your online identity and best practices for trading online in the Bitcoin community.
- 1 Introduction
- 2 Creating a secure Identity
- 3 Best Practices with trading
Within the Bitcoin community, many are very careful with their security and identity. This is because of two main reasons:
- There is no violent body to cover your back for you. Or more simply there is no courts to go crying to if you have been fucked over.
- One’s reputation is the most important thing that any user has; traders will take very little risk with new users who have not proven themselves. (as they could just be last week’s scammer with a new identity)
The bitcoin community uses a few tools to help protect their privacy, and thus identity. The first and most important is a Secure Computer. Before proceeding please make sure you have completed the Securing Your Computer guide, this guide assumes that your computer is secure both physically and in software.
Creating a secure Identity
The first step is to create a cryptographically secure public-private key-pair. This will be uses as the basis of keeping both your wallet secure (see Securing your wallet), and your identity secure.
Creating your first PGP key-pair
A PGP key-pair dose two very important functions.
- Sign information with an unforgeable signature
- Decrypt things that other people encrypt for you
This allows you to both conduct business privately (encryption), and give out promises that you cannot deny making (signature).
- Install GPG4Win: http://www.gpg4win.org/
This is contains all the key management and generation tools for windows.
- Install Thunderbird: https://www.mozillamessaging.com/en-GB/
- Setup you email account with Thunderbird.
- Install the Enigmail plugin for Thunderbird: https://addons.mozilla.org/en-US/thunderbird/addon/enigmail/
Upon loading Enigmail, thunder bird will ask you to make a new ‘identity,’ follow this wizard and you will have created your identity.
You should backup your private key in a secure place. Secondary, you should create a revocation certificate and store that in a different secure place (maybe print it out and store it in your fire safe).
Register with [#bitcoin-otc]
Follow the guide here: http://wiki.bitcoin-otc.com/wiki/Using_bitcoin-otc
Register the same username at the popular places:
Use a strong and different password for each of these places, keeping your password in a secure place. This will allow other people in the community to track you across the different
Best Practices with trading
- Always require the user to become registered with #bitcoin-otc
- Require a signed message from the fingerprint quoted at: http://bitcoin-otc.com/viewgpg.php
Make sure both parties agree to the terms of the trade with signed messages.
- Get a PGP signed quote, and check the signature.
- Send a PGP signed recept.
This allows either party to go public if the trade has become sour. Stopping your trading partner from claiming the details of the agreement were somehow different.
Search the Bitcoin Forum for the username of the person that you are trading with, check if the user has provided constructive and usefully advice to other parties. And importantly check for any claims that the user has scammed.
Use an escrow
The use of an escrow makes the transfer of Bitcoin only take place if both traders agree.
A popular escrow is https://clearcoin.appspot.com/
The use of any willing respected member of the Bitcoin community normal is adequate.