pull down to refresh
50 sats \ 2 replies \ @keith_gardner 13 Nov \ parent \ on: Branta's Approach To Bitcoin Payment Address Verification: Triangulated Security AGORA
Hi k00b! Good seeing you at tab
Keith, founder here.
-
yep! metadata optional. address can be blinded (so branta never sees them, we recommend this). All addresses are purged after a TTL (usually 1 hour, sometimes 1 day - receiver decides.)
-
Funniest outcome would be for North Korea to signup as Coinbase. Welcome folks to try. Few things I'll share:
- Onboarding is high touch.
- Email verification
- DNS / Domain ownership. We manually approve businesses, its not full self serve to register.
It seems easy to prevent for Coinbase.
But what if you get a sign-up from a small local business in Uruguay, from domain xcoffee.com.uy for string "XCoffee" with logo "XCoffee"? You check DNS ownership automatically, email, external SSO, etc. Great.
You even have an employee check their web site and check the string and logo. Fine.
But what you don't know is that there is a real local business called XCoffee with that logo operating, but on domain x-cafe.com.uy, and the request is coming from someone targeting their customers.
How will you prevent that, without hiring hundreds of human investigators as you scale?
DNS registrars have the same problem (if they even try), it's not easily solved.
reply