Social recovery with the safe owner's consent

[alescode]

Thanks for hosting this discussion! I came here through Richard's tweets, excited to collaborate.

I'd like this service to be accessible by people that only have a smartphone – an old, basic one. This draws me to the social recovery option, as it doesn't need any extra hardware and builds upon something humans already have: relationships.

• I don't like the idea of the friends needing to stay in the dark about who else is part of the group – this is security by obscurity and may spur animosity within social groups. The safe owner can be encouraged to pick friends from different social circles, but not required to keep the list a secret. Instead, I propose we require the safe owner to memorize a word – just one – to confirm the replacement of the safe once all friends have agreed. We can mitigate brute-force attacks by enforcing a delay between attempts. We can learn a lot from Apple's Find My iPhone flow.
• What do you think would make for a good number of friends to initiate recovery? I'd favor two or three, assuming the funds held in the vault are what people usually hold in their everyday wallet. Until we know more, we should discourage use of mobile hot wallets that control too much money, with or without social recovery enabled.

It's important to not over-discuss this, but to take these ideas into practice as soon as possible and learn in the field. We should implement this feature into a product like balance-wallet or status-react and hold follow-up conversations with the first safe owners that use it.

[ricburton]

Quick reaction and raw thoughts:

I do not believe social recovery works. It is great for logins like Wechat/Facebook but not for money.

The team at SplitKey threw in the towel because no one felt comfortable.

I do not want to burden my family and friends with the keys to my assets.

I do not want to risk my assets in the event that I alienate my friends and family.

I want to start with a simple KYC company prototype and then move it to a smart contract.

Richard

Sent via Superhuman ( https://sprh.mn/?vip=richard@balance.io )

On Wed, Jun 20, 2018 at 06:06:31, Alejandro Machado < notifications@github.com > wrote:

Thanks for hosting this discussion! I came here through Richard's tweets, excited to collaborate.

I'd like this service to be accessible by people that only have a smartphone – an old, basic one. This draws me to the social recovery option, as it doesn't need any extra hardware and builds upon something humans already have: relationships.

• I don't like the idea of the friends needing to stay in the dark about who else is part of the group – this is security by obscurity and may spur animosity within social groups. The safe owner can be encouraged to pick friends from different social circles, but not required to keep the list a secret. Instead, I propose we require the safe owner to memorize a word – just one – to confirm the replacement of the safe once all friends have agreed. We can mitigate brute-force attacks by enforcing a delay between attempts. We can learn a lot from Apple's Find My iPhone flow.
• What do you think would make for a good number of friends to initiate recovery? I'd favor two or three, assuming the funds held in the vault are what people usually hold in their everyday wallet. Until we know more, we should discourage use of mobile hot wallets that control too much money, with or without social recovery enabled.

It's important to not over-discuss this, but to take these ideas into practice as soon as possible and learn in the field. We should implement this feature into a product like balance-wallet ( https://github.com/balance-io/balance-wallet ) or status-react ( https://github.com/status-im/status-react ) and hold follow-up conversations with the first safe owners that use it.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub ( https://github.com/gnosis/fund-recovery/issues/3 ) , or mute the thread ( https://github.com/notifications/unsubscribe-auth/AAavkP9LModsorF8h-Gu9UgHpEf8OBXCks5t-h6ngaJpZM4Uu-sT ).

[alescode]

@ricburton interesting. Did SplitKey publish any post-mortems or could I talk to someone there? I'd like to get some details, because Status is moving swiftly in the direction of social recovery, and if it's a dead end, they should know about it.

See here: https://discuss.status.im/t/identity-whats-it-all-about/120/2

Also I'd like to know what you mean by "simple KYC company prototype". Does that imply trusting a company to hold a copy of your key and, upon proving your identity, being able to recover it? I think that could work for a few use cases, but is probably an overkill for a messenger/wallet app that you use on a daily basis and don't hold much of your funds in.

[hughkarp]

Really excited about this, recoverable wallets is what we all need.

I also wrote about it here: https://medium.com/@hugh_karp/a-cryptocurrency-key-service-569f96fe89b8

Briefly, you have key(s) you control and recovery key(s) that can reset your keys if you lose them. Because the recovery process actually requires the recovery keys to gain full control over your wallet at some point there is a time delay on the recovery transaction, which you can block with your key(s).

One aspect I'm particularly interested in is the ability to also insure the wallet. If you have recover-ability + insurance (think FDIC style protected up to $100k say), then we have a viable solution for regular users.

As I believe it is impossible to insure private keys by themselves we need to provide a recovery process that is insurable in itself. To do this it has to follow a standard and well document process that can be independently tracked/audited to see where a breakdown occurs for determining valid claims. I think there are numerous solutions here, but it is probably best to start with a service provider rather than social recovery which seems much more complex.

The other aspect that needs insuring is the smart contract code itself (which we at Nexus Mutual are building now).

So I'm really interested in working on the design with anyone who is building this, because if you design it right, Nexus Mutual will be able to provide cover for it.

[tschubotz]

@alegw Interesting idea of "safe guarding" the social recovery with another, easy-to-remember password. - That would for sure be an improvement. What would be a good number of friends? I think it should be a rather bigger number than 2 small. There is the possibility that the friends also lose their ability to sign for the recovery. Hence, it would also need to be an n-out-of-m scheme. 2 or 3 friends wouldn't be enough in that case, in my opinion.

In general, I also don't really believe in social recovery as a standalone solution. It would need to be combined with something else.