Farmer's TFT Wallets and Security

2020 should see a year of enormous growth and Farmers hopefully will soon be receiving Cultivation (sales) TFT revenue in addition to Farming (connection) TFT revenue.

The 3bot Connect wallets will be more widely used from now on and Farmers should be focusing on audit and security procedures as TFT can easily be lost through poor wallet management and as TF’s profile increases scammers will begin to probe for vulnerabilities.

I’m not in a position to give advice as I’m a newbie myself, but I think we should all collaborate to exchange tips and together develop best practices.

Hi Colin,
Thanks for this very useful invitation to exchange ideas on this topic. Keeping your wallet seeds safe and avoid scammers to steal your money is very a important topic to think of.

In the short term there are some basic rules to apply: keep your seed words safely, and NEVER share them, as it’s the keys to steal all. There are ways to have them stored in a fire proof way, like engraving in steel etc.

In the longer term there are some ideas, however not implemented yet as bringing the grid live is the first priority right now.

We have a unique technology to bring some capabilities to the market. Let’s discuss to see if one of the following would bring value, and if so, by when:

• ‘social key recovery’: in the same way as our dispersed storage works, we could split up seed words and represent them in a descriptive way, equations split over the 3bots of your friends and relatives. In case a key needs to be recovered for reason ‘lost’ / ‘deceased’ / … an instruction could be sent out to your friends to recollect the pieces, and a mechanism could be built in that a) x out of y people are needed to reconstruct the data and b) we could have some time delaying factor built in, useful to discourage phishing and/or when heirs needs to reconstruct the full key after a decease.
• be sure that the counterparty you are sending tokens to is authentic, by having KYC in place under form of a ‘self-sovereign identity’, by this we mean that the proofs that you are a reliable person / company is kept within your 3bot but in a way that you cannot tamper with it yourself and it’s immutable. So this info is credible to the outside world, and reusable for usage in KYC process of different parties other farmers, but also every company that needs to do KYC on their customers). We could implement it in 2 ways:
  a) rely on so-called KYC-providers that check identity (passports, company info, …) against third parties, and that ‘sign’ the proof after checks, or
  b) use peer2peer validation: multiple of your friends validate your existence.

The first one is, from a legal perspective, more correct, the second one is a more democratic setup and usable outside of the western world.

Hi Geert,

Thanks for your thoughts.

This makes me realise that we probably need two (possibly three) sets of best practice guidelines;

1. For Individuals
2. For smaller ‘DIY’ Farmers.
3. For corporate/certified Farmers.

Maybe 1) and 2) above could be combined.

My farm is owned by a corporate, we aim to be certified, and if things go well we hope to raise a considerable amount of capital. We will therefore require security procedures which would stand up to scrutiny as any sophisticated investor should pay careful attention to how we handle our TFT.

Ideally this is something we should work on at a TF level to offer good advice to all existing and new farmers in the future. It should perhaps even be part of the certification process.

Please explain what aspect makes you conclude there is a difference between 3 categories (individuals, small, corporate) ?
In my point of view, yes, there is a difference between certified and non-certified, but that has only some importance in terms of service level and quality, not in the protection against parties with bad intentions.

Hi Colin,

There were some issues with the forum today, for some reason your question got lost (we learned a lot about the grid, it’s being looked at), luckily I was preparing an answer and made a snapshot for it .

image1593×436 109 KB

Here is my answer, feel free to comment:

I went through the keys.casa solution. I’m impressed by the thoroughness of how they address all potential security issues, and their extensive explanation about the final choice. We can learn from the analysis on their website.

A few remarks however:

• their solution requires all transactions to be multi-signature, which is not as convenient as they make it sound like. As it is a base requirement from the start, in a way it’s not a solution to protect a single key. Reason also why they focus on bitcoin&lightning network keys only right now.
• dispersed storage idea can make their solution more secure as an extra option to recover the keys. Now a key holder needs to have them as a trusted third party for recovery, and they even agree that this attracts hackers, as many key elements are being brought together on their premise.
• Our 2FA 3bot (with session control) signing could be used for the mobile wallet signing part next to the 2 types of hardware wallet.

In the end, I don’t agree that ‘social key recovery’ using dispersed storage over 3bots is not robust compared to what they offer. If you replace ‘friends’ in my explanation by third parties such as a ‘bank’, ‘notary’ or ‘key custodian’ (3bot can be owned by any individual or company), it might give more confidence but the message is the same. Perhaps indeed my wording are not the best marketingwise.

Hi Geert,

I think that individuals, small and larger corporate will have different security requirements.

Splitting a seed phrase between some friends might be fine for an individual, but not for a corporate which would need to demonstrate more robust security measures. Seed phrases might for example need to be shared with lawyers or placed in security vaults.

As farmers accrue more TFT they will have to consider things like multiple wallets so that not too many TFT are in a single wallet, hot vs cold wallets etc.

As a community we probably should develop a best practice guide, no doubt many examples exist in the crypto community.

Colin

Looking on https://explorer.grid.tf/explorer/farms
Should we not be hiding the wallet_addresses ?

Why do we want to achieve by hiding the address there ? The only thing that could happen is someone sending you tokens.

The addresses published are required for 2 things:

• send the farming token the nodes of the farm have generated each month
• Allow the users reserving capacity on the node from the farm to know who to pay for the capacity

Indeed, wallet addresses are important to know for a user. It’s like the bank account number owned by the farmer, and a necessary element for the payment.

Not to be confused with the related private key, which is created using your 24 seed words. This private key is absolutely to be kept secret, as it gives you full control over your tokens.

I for one will not use the same address from the farm to receive payment from users of my capacity.
Moreover, every single payment will have another address generated from my seed, that is just plain best practice, and something you cannot do with the current wallet, but I hope a new wallet will be a stellar wallet with Hierarchical Deterministic wallet?
Also, I HATE KYC, it is the nail in the coffin of every free and neutral project, because you automatically exclude all the people that have no paperwork, electricity bills or social security number to prove their identity and that is EXACTLY who we should be targeting with our grid!

I think I agree with @TFFarmer that multiple wallets would probably offer more security.

I also agree that KYC is a terrible burden on small companies and projects, although we do need to introduce some for the protection of all stakeholders, especially end clients/capacity buyers. I could be wrong but I thought that was being built into the 3bot, or perhaps use a third party blockchain KYC provider. But yes, keep it simple.

This has now become more of a crypto project (speaking to crypto exchanges & crypto investors, move towards burning, focus on TFT price etc.) and we will already be in the radar of scammers and as we are going live now there is no time to waste.

Perhaps ThreeFold should take a leadership role on security rather than letting the community debate it. Third party crypto security companies should be consulted to draw on their experience, rather than us gaining experience the hard way!

There really needs to be a comprehensive best practice guide of generally agreed procedures. Definately a public one, but perhaps also a private one for farmers as they will be a prime target both in terms of trying to take their TFT and also clone their identities.

Very good remarks, both @TFFarmer and @colin.
To answer @TFFarmer first: I also hate KYC . And it’s a delicate one, as it has been considered as a necessary evil for companies in the western world doing business. The hassle we’ve gone through to get onboarded with Liquid was terrible, but they are obliged by regulators to go through that step.
And indeed, for people that don’t have the right papers it’s a barrier that excludes them from the economy as it is.

But there is good news: I think Threefold can bring major improvements for both !

• a 3bot can hold all necessary papers to be kept privately and be reused to whoever you are doing business with. So instead of going through a KYC process with each and every company you want to do business with, you simply have your papers checked once, and that counts as a proof of whoever needs it. From a user experience, this is a big improvement to the hassle we all have to go through now. Even from a regulatory perspective, I believe there is a chance that this can replace classic KYC: ESSIF, an EU funded organisation has exactly this as an objective.
• for people excluded from the financial system, why don’t we create a document that proves your existence and keeps it in your 3bot ? And have it validated by organisations such as UNHCR or Red Cross. This is exactly part of the idea behind INID, that was launched some time back. An idea that a 3Bot is best placed to convert into reality !