Remove copay from the "Choose your Wallet" page

[friendsofbitcoin]

https://archive.fo/U8v26#selection-215.25-215.100

Bitpay recently began to deceptively promote a contentious hard fork proposal and encouraging all bitcore nodes to upgrade to a consensus splitting change without replay protection which would endanger many users running copay or bitpay wallets.

Lack of clarity on the risks this poses to users and dishonest representation make this wallet unsuitable for the time being for recommendation.

[shesek]

Agreed. BitPay's plans to migrate away from the Bitcoin protocol without wide community consensus makes them an unsafe wallet that should not be recommended.

[theymos]

Agreed.

[nopara73]

There should be a set of guidelines as to which wallets can be listed. Unfortunately as long as open sourcing, not stealing and freezing customers' funds are still not requirements for bitcoin.org (see https://github.com/bitcoin-dot-org/bitcoin.org/issues/1336, https://github.com/bitcoin-dot-org/bitcoin.org/issues/1336#issuecomment-308993033) CoPay's removal due to misguiding their customers would not be consistent.

[friendsofbitcoin]

As far as I am aware the copay app in play store and apple app store is controlled 100% by bitpay's bitcore nodes, thus all copay wallets will indeed have their bitcoin funds frozen and will indeed be at risk of stolen funds without replay protection?

[paOol]

Core should add replay protection if worried about users funds as the result of the November hardfork.

[friendsofbitcoin]

@paOol This doesn't address the issue with slow historical node upgrades from users. Many users are going to be harmed by a hardfork spinoff lacking replay protection regardless if core adds replay protection or not.

[mariodian]

@friendsofbitcoin you can point Copay to your own server though.

[Mirobit]

Agreed. By supporting a hard fork without replay protection, users can lose their coins on the main/core chain.

You can set a custom backend server but i think very few users know about this.

But we need to adapt the requierements for wallets first.

[ghost]

ACK.

[friendsofbitcoin]

@mariodian while true the "Choose your wallet" page is primarily used to educate new users and 99.9% of them won't know how to setup a custom bitcore server or make those changes. We need to focus on risk mitigation and reducing loss of funds for new users.

[harding]

Maybe I'm misreading the page, but I don't think it says what's being claimed in this thread. Specifically, it says:

Bitcore-node v3 runs uses a modified version of Bitcoin Core 0.12.1

The rest of the instructions are about running a border node, specifically the HF'ing btc1.

If you use Bitcoin Core 0.12.1 with a btc1 border node, you will not hard fork because Bitcoin Core 0.12.1 will not hard fork. Instead, the btc1 border node will accept the segwit2x mandatory >1MB hard fork block and relay it to the Bitcoin Core 0.12.1 node---but, critically, the Bitcoin Core 0.12.1 node will reject it as having an invalid block size.

At that point, Copay and other Insight-based won't show any further confirmations for transactions made after the HF block. That's not good and we should certainly request that the Copay wallet authors address that concern, but (if I'm understanding this correctly) I don't think this requires immediately delisting under Bitcoin.org's hard fork policy.

[theymos]

PR: #1752

@harding It seems clear to me that they're using the SegWit stuff as a bait-and-switch to get people to feel that they must urgently run btc1.

[friendsofbitcoin]

@harding Good observation, except the last paragraph explains that in several weeks users will no longer need to run boundary nodes and the concern here is these lite clients push self upgrades in smart phones

[nvk]

:+1: alts have no place here

[h0jeZvgoxFepBQ2C]

Full ACK

[d1gitalflow]

ACK

See here: https://github.com/bitpay/bitcore-lib/pull/50

They seem to have no intention of adding that commit that is mostly a year and half long coding to support segwit, and prefer to redirect users to a fork/altcoin.

[olalonde]

Segwit2x is not contentious, it is supported by most of the hash rate.

[chrisrico]

@friendsofbitcoin Copay is not "100% controlled" by Bitpay's Bitcore nodes. You can change to point at your own node, theirs are merely the default.

[friendsofbitcoin]

@olalonde A few industrial miners doesn't represent the whole ecosystem.

segwit2x is supported by a mere 21% of companies - https://coin.dance/poli

over 99% of full nodes aren't running btc1 and normal node upgrade speed is longer than 3 months - http://luke.dashjr.org/programs/bitcoin/files/charts/software.html

Here is a comprehensive list of companies who still have not agreed - http://nob2x.org/

@chrisrico I have already acknowledged this, please read my comment addressed to @mariodian

[luke-jr]

If someone wants to fork Copay, and adjust it to always stick to Bitcoin, that fork can be added. Copay itself seems to likely default to an altcoin, so it shouldn't be listed.

[karelbilek]

Copay servers are currently running on a software based on an old version of bitcoin, so currently it's bitcoin. Copay is not supporting segwit in any way, so it doesn't matter that they use 0.12.something

Currently, bitcore is not running on bcoin (sic), but they are migrating to it - see https://github.com/bitpay/bitcore-node/commits/blocks . (Copay is using bitcore-wallet-service, which is using bitcore, which is using old bitcoin core but migrating to bcoin.)

Right now, they are still technically on bitcoin chain, no matter what they do or don't recommend. I do not know your rules, but currently, they are using bitcoin.

[karelbilek]

Currently, you cannot run bitcore/insight/copay/... with segwit2x node.

Not sure in what stadium is the bcoin implementation. bcoin is used there as the full node. I do not know which rules do bcoin support, but given their tone, I would guess they will use 2x rules.

But yeah, they are indicating they will make users switch, so maybe removal is justified in the end

[olalonde]

The original chain will slow to a crawl and become vulnerable to 51% attacks soon after the hard fork though. I think it would be reasonable for Bitcoin.org to err on the side of caution/security and recommend wallets which will follow SegWit2x (and maybe have some visible warning/notification which explains the fork).

[friendsofbitcoin]

@olalonde Over 99% of full nodes don't run btc1 . Even if we were so reckless to support segwit2x this would not protect many users from the damage caused by a rushed HF due to the slow upgrade path users take and lack of ability to communicate to everyone effectively. Thus we must cautiously avoid actions which place them at risk from loss of funds.

[shesek]

Right now, they are still technically on bitcoin chain, no matter what they do or don't recommend. I am not sure about your rules, but currently, they are using bitcoin.

I think that expressing the intent to diverge away from the bitcoin chain to a new protocol that didn't gain community consensus is enough of a reason for removal, as a preemptive step against the future losses this would cause to the wallet's users.

But I'm not sure what are the rules either.

If someone wants to fork Copay, and adjust it to always stick to Bitcoin, that fork can be added. Copay itself seems to likely default to an altcoin, so it shouldn't be listed.

I'm working on making that happen. If anyone wants to help, shot me an email at nadav@bitrated.com.

[karelbilek]

@shesek you will need to run a server yourself probably.

If you want to run bitcore node with 0.14.2, start here

https://github.com/satoshilabs/bitcore

If you are OK with running old node - again, since copay does not use segwit in any way, so you should be OK with that - you can just use bitpay's own repo.

BWS runs on top of that.

Note that you will need at least 300GB of space for bitcore alone, and probably should be an SSD, and should be a stable webserver. Good luck.

[jgarzik]

NAK.

What happens if you continue to remove wallets that follow the blockchain w/ most hashpower? Users are left with tiny list of holdouts that point to an insecure, slow chain.

[friendsofbitcoin]

@jgarzik There shouldn't be a problem to re-add copay from a different repo that doesn't place users funds at risk.

[luke-jr]

@olalonde Why should Bitcoin.org recommend an altcoin just because SHA2 miners defect to it? That's absurd.

[shesek]

@jgarzik The miners do not dictate bitcoin's rules. Bitcoin would be completely useless if they did.

[TheButterZone]

ACK

[olalonde]

@luke-jr because Bitcoin's security model is based on the assumption that no single entity controls 50+% of the hash rate. This assumption goes out of the window after the Segwit2x hard fork. There will probably be more than one entity capable of attacking the old chain due to its low difficulty. If you don't want to follow the hash rate, you are left with changing the PoW algorithm.

[petertodd]

ACK

What BitPay did is a remarkably deceptive and dishonest thing to do. We should not advertise wallets from dishonest companies, so BitPay is out until they somehow restore that trust.

[JavierGonzalez]

@luke-jr Bitcoin is based on proof of work for a security reason (resistance to multiple hostile nations is required).

If you want a currency based on "developers who like takeovers" please create an altcoin. Maybe you're right and a lot of people trust that.

Please try that without fucking Bitcoin.

[JavierGonzalez]

The miners do not dictate bitcoin's rules. Bitcoin would be completely useless if they did.

@shesek I think you're totally wrong. This confusion is the root of the whole conflict.

The GitHub hierarchy is like the IRC. It is a vertical and rigid hierarchy. It is the pure essence of authoritarianism.

A currency based on this shit will never be worth anything. It would be completely useless. No one would trust this.

Bitcoin is based on PoW. Because mining is expensive and everything else (nodes, developers, webpages) is cheap. Developers are cheap. And the shortage of bitcoin is based on this. It is a harsh reality, but it is the truth.

Bitcoin is in the hands of the miners totally. And the developers must propose solutions that the miners want to accept.

[shesek]

Bitcoin is based on PoW for the purpose of ordering transactions into blocks and preventing the double-spend attack, not for determining protocol rules. See Bitcoin is not ruled by miners.

[JavierGonzalez]

@shesek That was true until some have broken the monopoly of Bitcoin Core by developing multiple client programs. Because as I said, developing clients and deploying nodes is cheap, very cheap. IP costs 5 $/month, node costs 20 $/month.

Miners will deploy nodes as needed when needed. They have money and we must assume that they know how to do it.

As you know, nodes can not cast a negative vote. And you can never force a hostile node to accept it.

This brings us to reality: The miners rules entirely in a PoW-based crypto.

PD: And changing the algorithm only changes some miners for others, and eventually we will return to the same conflict: the attempt to steal future commissions from ASIC/GPU miners.

[ghost]

ACK

A network split is a bad thing in and of itself, but more sophisticated users have the ability to choose what chain to follow. What Bitpay did is dangerous and dishonest because:

1. Copay users won't know what chain they're on.
2. Copay users might inadvertently send their main chain bitcoins to a black hole and permanently lose them due to no replay protection. At least BCH had replay protection implemented using a custom sighash flag.
3. It is dishonest and fraudulent to force consensus-altering rules on unwitting users.

[windsok]

ACK

[omarshibli]

Hey @shesek

This is a great idea, How may I help? I have extensive experience in cloud infrastructure and Copay implementation specifically.

Please send more info at omar@commerceblock.com

Good luck and keep up the good work.

[CosmicHemorroid]

ACK

[jameshilliard]

@jgarzik

What happens if you continue to remove wallets that follow the blockchain w/ most hashpower?

Copay does not appear to use the SPV security model where the wallet follows the most hashpower, it uses the centralized validator model where a centralized authority is effectively trusted blindly for confirmations, this(https://bws.bitpay.com/bws/api) appears to be the server copay uses.

[SquirrelCoder]

Then which wallet do you recommend?

[is55555]

ACK

[karelbilek]

This debate is stupid

There is no reason why should bitcoin core website show a wallet, that does not support bitcoin core consensus rules and has its own consensus rules.

Unless we want to go into philosophical discussion of "what is bitcoin?" and "is bitcoin ABC bitcoin?" and "is bitcoin 2x / Unlimited / Classic / ??? bitcon?". Which is beyond the scope of this issue.

The only reason against removing copay is that right now it uses backend with bitcoin core consensus rules, but that will probably change. So... yeah remove it

[JavierGonzalez]

This space is censored. Censorship creates two realities and breaks the community.

[nvk]

I think there are two separate issues. Do I wish bitcoin.org was little bit easier to add things to. Yes.

But, Copay/BitPay wont be doing bitcoin anymore, they have no place here.

Support or don't support NYA, what matters for here is which software the projects are running.

[theymos]

Resolved by #1752.