Wallets and Backups: How to Secure Your Cryptocurrency

Originally published at CSBTechEmporium

When buying Bitcoin or other cryptocurrencies, proper security is essential. Perhaps you already have some sitting on the exchanges.  However, we all know that exchanges are vulnerable to attack. Whats more, unless we control the private keys, the coins aren’t technically ours. In this guide we’ll take a tour through the options when it comes to securing cryptocurrency.


Crypto vs. Fiat

Traditional currencies, issued by governments and used for paying taxes, are referred to as “fiat” currency. Among the risks of keeping our wealth in state sponsored currencies, fiat money is not linked to physical reserves and has an uncapped volume, constantly at risk of hyper-inflation. For example, the US dollar is the current global currency, and has seen an average of 2.88% inflation per year since 1900. You currently need $30 to buy what $1 used to purchase.

Many cryptocurrencies, including Bitcoin, are non-inflationary. Once 21 million Bitcoin have been mined (around 2140), no more will ever be produced. Until then, their supply grows at a fixed and decreasing rate. Bitcoin is non-inflationary, decentralized, and unattached to any governing body. These properties make it a good store of value for those who don’t want to rely on central banks. We’re used to getting paid with our local currency, produced by a central bank, secured at a local bank. The security of our crypto-assets is entirely in our hands. That is a privilege granted by Bitcoin and its progeny. Besides the matter of reducing the trust required for securing currency and transactions, with the potential of blockchain and the many innovations it inspires — it’s easy to find a reason for owning cryptocurrency.


Password Managers

The first thing we need is a password manager. Today, more than ever, these tools are a necessity. They are especially important for managing the keys to your wallets, as well as any exchanges or other crypto services. These tools can create and hold onto all of the long, complicated, passwords necessary to keep your assets safe. There are two different types of password managers: cloud-based, and local storage. They both encrypt your long and complex passwords making them accessible with one easy to remember password. Cloud-based managers make it convenient to access your passwords from any device. LastPass is cloud-based and the among the most trusted and widely-used password manager, despite having been breached in the past.

I use KeePass. It’s simple to use, available in desktop and mobile versions, and stores my encrypted passwords on a local disk — not on a central repository of encrypted passwords in the cloud. It’s important to regularly make a backup of your password file, and keep a spare copy in a safe place. The keys in this password manager are the only way to access your digital currency, and are automatically cleared out of memory after you use them. You may want to have paper unencrypted copies in different secure locations, such as a fire-proof safe in your house and\or a safe at the office. Passwords in a safety deposit box should be encrypted for added security. Although typically considered secure, there have been reports of safe deposit boxes mysteriously being emptied by bank staff with no record


Two-Factor Authentication (2FA)

Having a strong password is only one aspect of proper security precautions. There are often phishing sites that pretend to be a service you typically use for accessing funds. There are also password sniffers that can be hidden in software that you are tricked into using. An essential part of your security mindset should be suspicion towards any site asking for your credentials, even when it looks like the site you were heading to. Often the address of these sites are only slightly different than the site they are spoofing. Don’t forget about data breaches; several major web services have had their entire database of login credentials stolen, leaving millions vulnerable. Many users whose data became exposed still use the same or similar passwords for multiple services.

The idea of 2FA is to add a second layer of security, in the case that your password should become compromised. Authentication by SMS is the least secure of these, and some notable figures in cryptocurrency have lost significant sums when their numbers got spoofed. Perhaps being compromised by telco insiders, or compromised by social engineers who call the company and pretend to be that person and get the sim forwarded. Email authentication is more secure than SMS, but still not the best. The most effective method is using a 3rd party authenticator, such as Google Authenticator. This tool can be installed on another device besides your phone and doesn’t require an internet connection to function. When activating 2FA, many services give you a recovery key. Make sure you keep a copy of this recovery key safe, in case your device is lost, stolen, or must be replaced.

Cryptocurrency Wallets

There are five different types of wallets available for crypto: Web, Mobile, Desktop, Hardware, and Paper. They each have advantages and disadvantages. Generally speaking the most secure and private are the least convenient. Within each category, there are a variety of options; each balancing privacy, convenience, and security in their own way. Finding the proper wallet is a personal journey, it’s important to do your own research to find wallets that suit your particular needs. The information in this guide will help you to understand the security trade-offs when using each of these types of wallet. We’ll start with the most convenient \ least secure and work our way down.


Online Wallets and Exchanges

These are cloud-based services, accessible from any device with an internet connection. Online wallets are the most convenient, and least secure way to store cryptocurrency. The problem with most online wallets is that the wallet providers possess your keys, and you are not in full control of your currency, meaning you need to trust the service to keep it safe. Exchanges are a convenient place to keep some cryptocurrency, but not safe to leave large sums for an extended period of time. Online wallets, including the wallets hosted by exchanges, are extremely attractive targets for cyber criminals. When hacks occur, and funds are stolen, users typically have nowhere to turn; the funds are simply gone. Some exchanges insure the funds in their possession, keep a percentage of it offline, or have other ways of keeping it safe. It’s essential to know what policies are in place to protect you when deciding to keep a large sum of crypto on any web-based wallet.

An online wallet that many feel safe using is Coinbase.com. They are a regulated financial services company operating in the United States, keep 98% of customer funds in offline storage, and are insured against loss. However, their insurance policy protects against hacks of Coinbase itself, not your account; it’s still important to keep your keys safe and enact 2FA. Coinbase is limited to customers from certain countries and requires identity verification. If your country of residence is eligible to use its service, it is one of the easiest ways to buy cryptocurrency with USD, GBP, and EUR.

Any web-based wallet (including Coinbase) should be used at your own risk. You must bookmark every site that you log into related to cryptocurrency, these sites are often spoofed waiting to trap someone who typed the address just one character off. Typically, the best thing to do with an online wallet is to use their providers to acquire your cryptocurrency, and then move it to a safer option. Of course, it’s convenient to keep some funds accessible for spending, while maintaining the bulk of your investment at max security.


Mobile Wallets

Mobile wallets are great because you can move funds on the go with the assistance of QR codes. These are important for any regular user of crypto who wants the ability to send and receive payments quickly. According to Andreas Antonopolous, “smart phones are generally more secure than the average desktop.” My preference would be to have one device without phone service, but having all of my wallets and authenticator. That way I could keep all of my applications requiring added security off-line when not in use.



The above is a good resource to begin getting know the mobile wallet playing-field.



Desktop

Desktop wallets are great. A good desktop wallet keeps your keys encrypted, and locally stored. They shouldn’t pass your keys over the network, rather it uses your keys locally to create and send an encrypted signature. Some desktop wallets work more like web-wallets, where they manage the various keys for the different currencies they support, and you use one memorable password to secure them all. However, each desktop wallet is only as safe as the computer its on, and the password you use for it. Having one computer that is used only for cryptocurrency transactions, and otherwise not connected to the internet is the safest way to keep your cryptocurrency.

There are generally two classes of desktop wallets. There are multi-coin wallets and wallets for specific cryptocurrencies. The most secure way to store a cryptocurrency is in an official wallet or a third party wallet that is respected among the community. Many cryptocurrencies don’t have third party support, so if you are collecting cryptocurrencies, you’ll also be collecting wallets. It’s best to use only open-source cryptocurrency products. Open source means that the code is available for anyone to look at, making it easier to identify and eliminate vulnerabilities.

Multi-currency wallets can be a convenient way to keep some coin where it can be easily spent. I’ve used Exodus for convenient access to 30+ cryptocurrencies and it’s built-in exchange. It’s transaction fees are low, and the exchange fees are also reasonable. It’s not open source, and it doesn’t support Two-Factor Authentication; but it is a popular choice among many cryptocurrency users.



Hardware Wallets

Hardware wallets such as TREZOR or Ledger Nano are a popular choice. These are USB devices that keep your private keys safe and inaccessible. You only connect them when making a transaction, and they don’t transmit your keys under any conditions. They work by signing off on transactions, transmitting the signature, not the keys. They are safe from viruses that could steal your credentials with a key-logger. They operate by a pin number you enter on the device, and even you don’t see your keys. If your device is lost or damaged, you can restore access to your account with a seed phrase that is established during set-up. As with any seed phrase, you should keep it two different secure locations to protect the information.

These devices should only be purchased directly from the manufacturer; and undergo a hard-reset as an added precaution, before use.



I’m trying out a new player in the field, the Coldcard Wallet. I’ll follow-up with a complete review after I give it a try.





Paper Wallets

A paper wallet in the simplest form is a physical copy of your public key (your address), and your private key stored on a piece of paper. These can be kept in a fire-proof safe, safety deposit box, or anywhere you would feel safe stashing a large wad of cash. Often, they will have QR codes printed on them, for easy input via a mobile device.

For a thorough guide on paper wallets, I will direct you to the Bitcoin Wiki:





Linux

I would highly recommend using Linux on the computer you plan to use for storing and using crypto. It is the most secure operating system available, because it’s open-source and there are so many variants of Linux that it would be difficult to create far-reaching malware against it. Linux used to be very difficult to get running, but these days the UX is greatly improved. Ubuntu is a very popular choice, and user-friendly. For the most part, it’s plug-n-play. Occasionally you have to enter commands in a terminal, but a simple Google search usually answers any questions you may have. It’s Not Too Complicated! and is 100x safer than windows. Linux Mint is a popular choice among new users; its user-friendly interface has a wide range of supported applications. You might not be ready to switch now, but if you collect a lot of cryptocurrency, you’ll be tempted to try it out.


Summary

Keeping cryptocurrency secure can be a complex matter. Over time the UX of crypto-security will be improved, for now you must be educated.Nothing in life is 100% secure, but we can take precautions and follow best practices. It’s not good to advertise how much crypto you have; create backups, and don’t keep them all in the same place to insure against fire or other natural disasters. If you use public wifi networks, or don’t trust your employer or the internet provider, its advisable to use a VPN which encrypts your network traffic against snooping.

New tools and methods of keeping our digital assets safe will surely arise, but this fundamental security mindedness will stand the test of time. Dealing with crypto puts security back in the hands of its users, and requires a fundamental shift from the old way of securing assets.

Deep Learning and Artificial Intelligence

*originally published at CSB Tech Blog


Over the past decade, AI inspired innovations have begun to mature, becoming the hottest tech trend of the new millennium. During that time, computer vision improved by leaps and bounds, along with machine translation, speech recognition, and many types of data analytics. While we’ve experienced many dramatic improvements in our online experience, machine learning has been working quietly in the background. These advances are made even more dramatic in that they seem to have occurred overnight. Although the applications of AI research do not possess an independent intelligence, with today’s processing capabilities their capacity for automation is unparalleled.

Deep learning is a branch of machine learning (ML) that came about as a result of the increased storage capabilities, access to data, and the increased processing power available in the new millennium. These impressive applications currently infiltrating every industry, are the result of over 70 years of research and development.




A Brief History of Artificial Intelligence


While computers were first being conceived, we were already wondering how to design them to behave intelligently. In 1946, Alan Turing made the first detailed design of a computer program. In subsequent years, he was intensely concentrated on the problem of artificial intelligence, and created the now-famous test for determining whether a machine can think. The same year the Turing Test was introduced, Iaasac Asimov’s I-Robot featured humanoid robots with artificial intelligence. Asimov, along with other science fiction authors of that era inspired researchers and excited the imaginations of a generation about the potential for artificial intelligence.

During this time, research in neuroscience inspired computer systems called Artificial Neural Networks (ANN). In an attempt to mirror the way our brains work, the connections between artificial neurons grow stronger when fired together. Meanwhile, other researchers were working the idea of creating programs capable of learning. Ten years after the birth of the computer, the field of Artificial intelligence was officially born during a workshop at Dartmouth College, in 1956. A few years later, Arthur Samuel coined the term “Machine Learning” for the science of using statistics and probability theory to create algorithms that improve the performance of a given task through experience rather than explicit instructions. ANN is considered a branch of ML and is among the earliest techniques in the field of AI.

Cycles of Hype


Since the beginning of AI research, this technology has gone through cycles of hype, leading to over-inflated expectations, disappointment, and loss of funding. In the 50s, the world was introduced to computers playing human games, solving algebra word problems, and learning languages. The intelligence displayed by these machines was simply incredible to the people of the time, and there was much confidence among governments, enterprise, and the academic sphere that these would quickly lead to practical applications. By the 70s, after failing to deliver on the early promise, AI fell into disfavor. Another AI hype cycle began in the 80’s, when a few successful commercial applications brought a renewal of interest. However, it’s application was still not highly developed, and there were difficulties in getting algorithms to do the work expected of them.

The Deep Learning Revolution


In the early 2000’s, neural networks had fallen out of favor, such that it became exceedingly difficult to get research published on the topic. In 2006, a small group of researchers, led by Geoffrey Hinton, made a plan to re-brand neural networks as Deep Learning. Their paper, A fast learning algorithm for deep belief nets, sparked a revival of research into neural networks. It proposed training many more layers than before, with results far exceeding previous attempts. Three years later, Stanford researchers published Large-scale deep unsupervised learning using graphics processors. The GPU became the key to unlocking ANN and other AI techniques. These methods produced results up to 70% faster than any previous attempts, dramatically reducing the time required to perform an experiment. The reason a GPU is so much faster than a CPU is because a CPU must be able to switch very quickly between applications. The GPU on the other hand does not switch between tasks quickly, rather all of it’s power is in repeatedly performing the same type of operation.

In 2009, researchers began working on a dataset to map out the world of images in a competition known as ImageNet. The next year, deep learning methods were introduced, dominating the competition. From that point forward, deep learning drew a lot of attention to AI research, having its breakout year in 2012. By 2016, deep learning went mainstream and is now playing a role in our every day lives.


Behind the Scenes


Machine learning occurs in a few stages including data processing, training, deployment and monitoring. First, you must determine what questions you want to ask, or what problems you need to solve. Next, you must determine which data is likely to provide the answer. Then, the data must be gathered and prepared, removing extraneous information, incomplete datasets, and ensuring that it is complete and correctly formatted. Data selection and preparation methods often require running tests on small samples, and transforming the data multiple times.

Once the data is ready, an algorithm must be selected. There are four main categories of ML models: Supervised, Unsupervised, Semi-Supervised, and Reinforcement algorithms.

  • Supervised algorithms are used when there is a target output. These models are fed labeled data until they produce the desired results. Those results may include classification of data, prediction, and anomaly detection.
  • Unsupervised algorithms are used to find relationships in unlabeled data and can help to eliminate variables.
  • Semi-supervised algorithms are fed small amounts of labeled data and taught to classify a large batch of unprocessed data.
  • Reinforcement algorithms use trial and error to improve the performance of a software agent within a specific context.

These models are consistently trained with new data. While seeking an optimal output, the data may be reformatted multiple times. There are even algorithms to monitor the progress of primary algorithms, notifying technicians in case of an anomaly.

Algorithmic Bias


AI influenced applications are quickly changing the enterprise landscape. As ML vastly improves translation and voice recognition apps, it also offers a versatile way to interpret financial data and improve business practices. It’s easy to get excited about the possibilities, however, algorithms are only as good as their designers. Without proper training, machine learning will not produce the desired results. One way that can happen is by using old datasets that don’t accurately reflect the current market. Incomplete data can lead to biased results. We tend to assume that computer code won’t share our biases, but experience has proven otherwise.

Machine learning is currently used in determining medical care, and making legal, or financial decisions. Some of these applications have been found to contain bias. For example, there is a legal product available that performs a risk assessment of defendants. This program is used to determine bail and sentences. An independent study found that that this product labeled African Americans as higher risk, who did not go on to commit further crime. White defendants, on the other hand, were labeled as lower risk that did commit new crimes. In 2015, Google’s advertising engine was proven far less likely to show women advertising for high paying jobs. These are just two examples of how racism, sexism, and other types of bias can slip into this far-reaching innovation.

Understandably, there is much concern surrounding the lack of transparency in machine learning practices. AlgorithmWatch, a non-profit research and advocacy group, was founded to address those concerns. This group works specifically to evaluate and increase the transparency of algorithmic decisions with social relevance. They network with experts from a variety of cultures and disciplines to explain this complex subject to the general public and develop strategies to mitigate the effects of bias in algorithmic decision making. This fledgling industry will require regulation and purposeful strategies to avoid the danger of bias in the algorithms themselves, and their training data. Society as a whole needs to be actively engaged with the values going into automated decision making. That can be a difficult task, as knowledge about these processes is not widespread and we only see their results.


Welcome to the Future


While computers aren’t gaining the ability to think, they can process volumes of information at a rate that’s difficult to comprehend. That ability has become increasingly important as the modern world creates more data than it can possibly process. The amount of data produced is continually growing. Today, one of the most important tasks in artificial intelligence is in creating algorithms that can extract value from massive datasets. That fact inspired Harvard Business Review to declare Data Science as “Sexiest Job in the 21st Century.

Applications of artificial intelligence bring an incredible amount of automation to our lives. For example, these algorithms are able to process an organization’s entire financial ledger and look for anomalies, allowing human auditors to examine specific cases that require attention. Google Translate introduced an AI-driven translation engine that is continually improving, with user-submitted translations to train and refine the software. We now have voice-activated digital assistants that are quickly becoming indispensable, and will soon be standard in the workplace. Of course you’ve noticed how good social media is at guessing who you might know, or how Netflix knows what type of movie you might like to watch.

There are currently applications that can accurately colorize black and white images, increase the resolution of low-res photos (like in CSI, but for real), and recognize the makeup of images. These computer vision applications are already impressive, and we know they’ll continue to improve. What we don’t know is how incredible they’ll become. These are just a few examples of the automation that’s growing more powerful every day.

This technology is creating opportunities in finance, entertainment, education, science, law, and every other field you can imagine. These new tools are automating some jobs out of existence. However, they are expected to create as much work, if not more, than they replace. As with any major innovation, AI-tech comes with challenges, risks, and the potential for great rewards. Learning more, and taking advantage of the opportunities, sooner than later, could give you the edge to get ahead. Anyone who doesn’t very well may be left behind.


Further Reading

Resources for Becoming a Blockchain Developer


*originally published at CSB Tech Blog

The Blockchain sector has undergone dramatic growth since the beginning of 2017. Meanwhile, the demand for programmers familiar has vastly outpaced their supply. This February, Toptal launched an On-Demand Talent Network for Blockchain Engineering, saying the demand for blockchain talent increased by over 700% since early 2017. In Q2 of 2018, Blockchain was Upwork’s fastest growing skill. That talent gap is only widening, as more positions open for blockchain developers every day. Experienced blockchain developers command sky-high salaries, leaving many wondering how to become a blockchain developer.
 
The aim of this guide is to serve as a thorough introduction to popular paths to begin developing with blockchain, including a curated collection of resources for each.


Contents:

  • What is Blockchain?
  • Foundations
  • Core Development
  • Smart Contracts and dApp Development
  • Permissioned Ledgers
  • Hackathons
  • Developing Chat
  • Conclusion
  • Additional Resources

What is Blockchain?

Bitcoin pioneered the use of blockchain, creating a peer-to-peer digital payment protocol. Bitcoin is maintained by decentralized network of miners who validate transactions while competing to solve a cryptographic challenge and seal the block. Each new block that a miner produces comes with a reward in tokens, providing an incentive for maintaining the network.

The success of Bitcoin inspired the creation of many other cryptocurrencies, with governments and enterprise working to recreate the benefits of blockchain in private networks, without proof-of-work mining.



Foundations

The Bitcoin whitepaper is where blockchain began, and is only 8 pages long. Next on our reading list is Andreas Antonopoulos’ Mastering Bitcoin is essential reading for everyone interested in learning about the technical operations of Bitcoin. 
If you can use a programming language, this book will teach you how cryptographic currencies work, how to use them, and how to develop software that works with them. The first few chapters are also suitable as an in-depth introduction to bitcoin for noncoders—those trying to understand the inner workings of bitcoin and cryptocurrencies. Mastering Bitcoin
Ethereum’s ConsenSys Academy recently published a free course called Blockchain Foundations and Use-Cases as an introduction to blockchain for developers and non-developers alike. It also serves as an introduction to some of the philosophy behind decentralization.

Core Development

If you want to dive deeper into Bitcoin, check out Bitcoin.org’s Developer Guide. A great resource for helping with the Bitcoin protocol on Github is: A Gentle Introduction to Bitcoin Core Development. That guide may also prove useful for participating in other blockchain Github repositories. lopp.net/bitcoin.html has the largest collection of Bitcoin resources available anywhere.

Other resources for Bitcoin developing:


Build your own blockchain:

Besides Bitcoin, there are thousands of open-source blockchain initiatives to participate in. If you'd like to learn more about building a blockchain from scratch, you'll find an excellent collection of resources through the following links.

Ethereum Smart Contracts

While exploring blockchain fundamentals, the simplest entry point is to build applications on an already established blockchain. Smart contracts are one of the most important innovation made possible by blockchain. These blockchain enabled programs eliminate the need for trusted third parties to administrate programmatically verifiable conditions. Ethereum was the first blockchain designed to enable smart contracts. Its tokens are programmable, and their code is run simultaneously by every node in the network.
 
In the most basic example, a smart contract can verify conditions for tokens to be transferred to another user, or refunded to the issuer. In short, a smart contract enables the verifiable execution of a programmable agreement. This feature allows developers to harness the capabilities of the Ethereum blockchain, without having to build and maintain their own.

Ethereum smart contracts are written in Solidity, which was specifically designed for that purpose. Although Solidity was designed for Ethereum, it is gaining support with other blockchains, as well.

Ethereum Developing Resources:


It won’t necessarily take a long time to learn how to create a smart contract, but becoming a good smart contract developer requires diligence. Mistakes in smart contracts have turned out to be quite costly. Once deployed, an Ethereum smart contract is unalterable, making any bugs in the code permanent. Because of the risks involved, efforts have organized around peer review and formal verification.

Permissioned Ledgers

There are many different blockchains, cryptocurrencies, and feature-rich platforms currently being developed. However most of them are public blockchains that anyone may access, and all of their transactions are broadcast to the entire network. While those features are essential in decentralized systems, they don’t quite fit the needs of many enterprise applications.

IBM’s Introduction to Distributed Ledger serves as a general introduction to blockchain for Governments and Enterprises who wish to make use of permissioned ledgers. Hyperledger’s offers a free online course called Blockchain For Business which is a general introduction to blockchain and the Hyperledger family, including information and examples regarding its use.

The Hyperledger Project

Hyperledger is a cross-industry open source collaborative hosted by the Linux Foundation, co-founded with IBM. Their aim is to improve the performance and reliability of blockchain technology so that it can be suitable for global enterprise.

The Hyperledger Foundation hosts the following projects:
  • Hyperledger Iroha is aimed at applications requiring fast synchronous transactions with small payloads. It is considered ideal for building decentralized backends of mobile applications.

All of the Hyperledger projects have discussion channels available via chat.hyperledger.org.

Corda

Introduced by R3, Corda is an enterprise blockchain platform designed specifically for financial services. It is gaining traction in the market, and on GitHub. There is a strong possibility of Corda becoming a preferred enterprise solution over the coming years.

Hackathons

The role of hackathons in the blockchain revolution should not be underestimated. Competitors apply creative solutions, and collaborate to solve practical challenges and win prizes. Hackathons are a great way to learn and meet other developers from different walks of life. The Hackathon encourages efficiency and creativity in a competition against a deadline. They also foster a friendly atmosphere, a low barrier to entry, and the opportunity to work with new people solving real world problems. The following blockchain hackathon directories are a good place to start:

Blockchain Developing Chat

  • Blockchain Developer Club Is a great space to discuss blockchain developing and ask questions, many of the resources in this guide came from that server.
  • Crypto Devs - is a channel that's new to me, but appears to be a good place to check out.

Conclusions

The blockchain sector is rife with possibilities, especially for developers. The world is just beginning to become aware of the potential of blockchain, and there is still plenty of time to learn the trade. There is a lot to learn in this sector, and many paths to go down. There are a multitude of open source projects to participate in, smart contract platforms to build onto, along with the permissioned chains under development by Hyperledger, and R3.

If you aren't immediately inspired cryptojobslist.com is one of the more popular job boards that deals explicitly with cryptocurrency related jobs, you may also want to try blockchainjobz.com to get some ideas of where you'd like to focus your efforts.

There are also a ton of additional blockchain resources in the Crypto Public Library chat server, including developing resources organized by crypto project, a hackathons channel, and much more.

Refrences

Additional Resources