It is called “cool” on Reddit, but the new bitcoin email transfer service called MoneyPacket.org just adds complexity to the movement of cryptocurrency, rather than eliminating it.
MoneyPacket.org’s founder, known on Reddit as loveforyouandme, explained that he launched the service last weekend to help newbies to bitcoin:
I see this being a “transitionary” tool, a new medium for people to get their first bitcoins before they have a wallet. Long term, people will have wallets and share their address, like email. …
The issue is people are intimidated by the process of installing a wallet and getting a receive address. The thinking behind this is someone can receive bitcoins in an email without doing a thing. Then they might be motivated to install a wallet and claim the funds. Or they could save that for another day and move the funds to a new money packet, effectively claiming them. If they do nothing, the sender can eventually recover the funds. The use case for this is not instantaneous and irreversible payments.
As one person said in reaction to the new service, “Grandmas could send dollars by email now.”
But can they? We tested MoneyPacket.org and it was, well, really hard to use. It seems easier, in fact, to set up a bitcoin wallet than to do whatever MoneyPacket is asking for. MoneyPacket has you download a money packet, but we could not figure out how to put cash into that money packet. Coinbase, for example, allows its users to send bitcoin via email — it was hard to see why using MoneyPacket to do so without a bitcoin wallet was, in some way, easier for “people [who] are intimidated by the process of installing a wallet and getting a receive address.”
Indeed, there was some marked criticism of MoneyPacket online. Here was one rundown of criticisms:
- This is essentially same as BIP38 or BIP39: send mnemonic in mail body, send password separately. No need for files or anything. (Although you can write mnemonic to a file.) And this way it will be compatible with BIP38/BIP39 tools and wallets.
- Your site doesn’t use SSL, thus bitcoins can be easily stolen via MitM.
- If your web server is hijacked, bitcoins can be stolen. There is no way to protect against it, aside from releasing it as a Chrome app or asking people to download it from github.
- Email is not encrypted, so potentially anybody can get these files.
- Security relies on password, which needs to be strong. If password is short, attacker can harvest emails or dropbox files and then bruteforce it. But how do you transmit a strong password? It can’t be in the email itself, because then attacker can steal money just using the email contents. And if you have a channel to transmit a strong password, you might as well use it to transmit the mnemonic.
BIP38 and BIP39 are bitcoin encryption protocols, and loveforyouandme responded that MoneyPacket.org will add a BIP38 encryption, as well as “tighten up the password requirements.”
But this just points to the Wild West nature of bitcoin today. One Reddit respondent said that everything that MoneyPacket.org offers, “You can already do this with blockchain.info.”
To which Karlijt responded, “Fuck blockchain.info.”
This anti-authoritarianism is likely one reason why Citigroup is testing a bitcoin solution called Citicoin. Ken Moore, head of Citi Innovation Labs told IBTimes UK recently that Citi “is talking to governments and regulators to predict an ‘end state,’ and the potential of either a blockchain distributed ledger network popping up internationally, or even ‘the opportunity to create a state-backed digital currency in a number of different countries.'”
Someone tell Karlijt that Citi or any number of financial institutions is coming.