Security

 

In Bitcoin, anyone who has access to a private key, can transfer the Bitcoin for that private key.

With Post-a-Coin, every postcard has a unique private key: each postcard is a Bitcoin wallet in itself. No-one outside of the one holding the postcard can take Bitcoin from that card.

A private key?

You can consider a Bitcoin wallet to be like a physical safe in a public area (like a locker-room in a gym). Anyone who has the key to that safe, can take anything out of that safe at any moment. It is important to keep your key safe! This key is what we  call a Private Key.

In your postcard, you'll find a scratch card. This hides the private key! The security, therefore, is reasonably good. People need to have access to your card, be able to scratch and reveal the key in order to use it!

The only one able to do so, is the person holding the card.

Hackers, computer-viruses, or malicious software cannot access your card, the way they can with most digital Bitcoin wallets. A paper card, therefore, is safe from hackers, viruses, bugs and software. (well, unless you have a house filled with robots that can scratch cards, maybe).

It is not, however, safe from thieves just taking the card away.

Once the private key is revealed, anyone who reads (or films or remembers) the card and its private key, will be able to access and withdraw the Bitcoin on that card.

Once revealed, the funds must be imported on another wallet.

Don't leave them on the postcard after revealing the code below the scratch card.

Please refer to our tutorial on withdrawing for details and steps on how to empty the postcard.

Withdraw the full amount at once. Most Bitcoin wallets won't allow anything else, but if your wallets somehow supports partial withdrawing, don't use that.

After withdrawing, the postcard is empty and should remain so.

Once removed from the card, the Bitcoin are managed by the wallet you used to withdraw and no longer by the private key on the postcard.

So, after withdrawing, you can safely show anyone the private key: it no longer controls any Bitcoin.

But don't transfer any Bitcoin onto that wallet after revealing the private key or after withdrawing the funds. Anyone with access to the -now revealed- private key can then access the Bitcoin that are later transferred onto that card.

In analogy with the public safe above: once you've emptied the locker, it is safe to give anyone the key: the locker is empty. People can even make a copy of your locker-key, as long as you don't ever use that locker to store valuables anymore!

But Post-A-Coin has the private keys?!

Yes. And no. We had them. When we printed them onto your card, we had the private keys. But we destroyed them after printing them on the cards. We don't keep logs, copies, or backups.

We could have, secretly, kept a copy, to later sneak off with the funds on your card. But we don't.

This is the point where you have to trust us.

Three reasons why we don't want to keep the private keys:

  • We become a target for hackers or robbers. If we secretly keep a copy of all the private keys ever given out, we paint a giant target on ourselves. We don't want to be such a target. So we destroy the keys.
  • We need you to trust us. If ever it would leak out that we did keep private keys, we;d lose a great business, this business would be ruined. We want to continue selling beautiful cards.
  • If we had the private keys, by law, we'd be managing funds. We don't want to manage your funds: we don't want to be a bank. We don't want that responsibility. We don't want the administration and paperwork that comes with being a bank.

Securely printing the private keys

We generate the entire inside of the card on a computer that is offline: it is disconnected from the internet entirely. The computer is connected with USB to a dumb, offline laser printer.

The private keys, therefore, never touch the internet.

If someone were to hack our systems, they would not be able to access the computer on which we generate and print the private keys. Simply because that computer is not accessible from the internet at all. Ever.

We are certain that his is secure enough to hold the small amounts that go onto a gift-card.

We do not, however, consider this secure enough to manage your live-savings or other large amounts of money.