dabura667
commented
7 years ago How does CoPay know it's me?
The number you gave to VirWox is also stored on Copay's server, so they know to check that number for any new balances. This is known as your "Address" and it is like your email address except only can be used on the Bitcoin network.
How do I identify that the funds are mine?
You can identify that the funds are yours independently by checking the same address on many open "blockchain explorer" sites.
Examples for the address 1CneiLxRzxGXJEQwVHjegGNtFJRoVF2mxv :
https://blockr.io/address/info/1CneiLxRzxGXJEQwVHjegGNtFJRoVF2mxv https://live.blockcypher.com/btc/address/1CneiLxRzxGXJEQwVHjegGNtFJRoVF2mxv/ https://chain.so/address/BTC/1CneiLxRzxGXJEQwVHjegGNtFJRoVF2mxv https://www.blocktrail.com/BTC/address/1CneiLxRzxGXJEQwVHjegGNtFJRoVF2mxv
However, if you would like to verify that your address is actually one that you control and not someone elses... that is more difficult. I will explain that later.
Am I supposed to have a unique number that I keep secret or something?
When you set up your wallet you were asked to write down a 12 word phrase. This phrase is your SECRET KEY. This is ALL YOU NEED to generate your bitcoin addresses and send bitcoin from them. THAT PHRASE WILL NEVER BE SENT TO COPAY'S SERVERS AND IS ONLY STORED ON YOUR DEVICE. You should NEVER show that phrase to anyone. That phrase IS YOUR KEY to the bitcoin network.
It's best to imagine a PO box. You can tell anyone your PO box address, and anyone can send packages to your box, and anyone who walks into the post office can see your box and see you open the box with your key and know its your box... but only you have your key.
That phrase is your key. The "number" you gave Virwox is one of your addresses. To increase privacy, Copay changes your address after every transaction. This is ok, because your key can control multiple addresses. However, you can use the same address if you want... but it is less private if everyone knows the same address of yours.
Other wallets like Xapo have accounts with logins etc... Am I missing something??
Xapo, Coinbase, and others are what are called "custodial wallets"... which means, Xapo owns your keys, and when you log in to their site and say "please send 1 BTC to X" you are telling them to take out the keys they are storing on your behalf and send the bitcoin on your behalf.
Some sites, like blockchain . info etc. have a hybrid model where they have a login/password model, and your login only gives you an encrypted key (like your phrase) that your browser decrypts using your password. This can be semi-secure... but there are a lot of problems with that model.
...
To verify that Copay is actually using your phrase to generate the address it is showing you, AND also ensure that Copay is not sending your phrase to some server without you knowing... it is a very complicated process.
The easiest way is to download the source files from github and build the app yourself. You can either assume that anyone who understands programming and is watching the Copay repository will have caught any sort of wrong-doing, or you can check yourself if you can understand it.
However, the way the app store works on iOS, Android, Mac, and Windows etc. There is no way to verify that Apple, Google, Microsoft haven't modified Copay to send the phrase to them... also it is unclear whether the binary Bitpay (maintainers of Copay) sent to those companies doesn't contain some wrong code.
The free (as in freedom) software community is all about the idea of "don't trust, verify"... I have personally verified every inch of Copay and believe it to be one of the best wallets (save a few gripes) out there.
If you can trust Apple and Bitpay not to cheat you, there are open source tools that you can use to verify your phrase actually generates your address. However, if you can actually send bitcoin FROM your Copay, then that means you MUST have the keys (otherwise you wouldn't be able to send in the first place)
Hope this helped.
If you have any more questions let me know.
beatdigger
JDonadio
Cadence888
BGalliotti
Hello everyone. I made my first bitcoin purchase on a site called VirWox Then I downloaded CoPay onto my Mac desktop.
I clicked the receive tab in CoPay and used that number to make the transfer from VirWox. I do not see any amount yet but I understand it can take some time for the transfer to happen.
My question is... How does CoPay know it's me? I mean it never asked me to create an account other than an email address for notifications. There is no Login/Logout option. How do I identify that the funds are mine? Does any of this make sense? Am I supposed to have a unique number that I keep secret or something? A way to identify myself?? Am I not understanding what a wallet is? Other wallets like Xapo have accounts with logins etc... Am I missing something??