Bitcoin explained in layman's terms

Recently, a friend came up to me and asked "Snehal, how do I obtain bitcoins?"

I stared at him with an empty, blank look. Despite all the recent talks about bitcoins and their growing popularity, even with the Reserve Bank of India (RBI) getting involved, I realised that I knew absolutely nothing about the bitcoin except the fact that it was associated with the Silk Road - an illegal online black market that used bitcoins as its defacto virtual currency to enable regular folks to obtain all sorts of illegal items easily and anonymously. I had no idea what bitcoins were.

And so I decided to research and write up a column that would explain, in layman's terms, what Bitcoin is.

What are bitcoins?

Ah, the fundamental question.

First of all, there is a difference between the terms 'Bitcoin' and 'bitcoin'. Bitcoin, where the "b" is capitalised, refers to the entire system itself. It's like learning a language e.g., "I learned Spanish today." On the other hand, bitcoins, where the "b" is not capitalised, refers to the actual currency itself. You could say "I spent 10 bitcoins to purchase this item."

Bitcoins is a form of virtual currency- meaning, if you have bitcoins (we will get to how you obtain bitcoins later), you do not physically purchase goods by handing notes or tokens to the seller. Bitcoins are used for electronic purchases and transfers. You can use bitcoins to pay friends, merchants, etc. Every single purchase is immediately logged digitally (on computers) on a transaction log that tracks the time of purchase and who owns how many bitcoins. Think of this transaction log as an audit trail: it contains every single piece of information of every bitcoin transaction. This digital transaction log is called 'blockchain'.

The Bitcoin IRA


The blockchain records every single transaction - of present and past - and the ownership of every single bitcoin in circulation. The people who are constantly verifying the blockchain, ensuring that all the information is correct and updating it each time a transaction is made, are called 'miners'. One way to think of miners is: they those who confirm transactions. Their job is to ensure that the transaction is secure and processed properly and safely. In return for their services, miners are paid fees by the vendors/merchants of each transaction and are also given physical, minted bitcoins.

Bitcoins are growing in popularity, and although they were largely used by speculators who were looking at it as a way to make money by buying bitcoins at lower prices and selling them at higher prices (much like trading foreign exchange or forex), there is a growing trend of businesses accepting Bitcoin as a form of payment. Many big companies like WordPress, Overstock.com, and Reddit accept Bitcoin, and a growing numbers of brick and mortar stores are starting to accept them internationally as well. More than $1.5 billion worth of bitcoins are currently in circulation around the world, with millions of transactions occurring daily. Needless to say, the popularity and usage of Bitcoin is picking up very quickly as more and more businesses and individuals are becoming aware of its benefits and advantages over traditional currencies.

Featured : Bitcoin explained in 3 minutes and 23 seconds




How are bitcoins priced?

Bitcoins are like any other currency: they fluctuate in value relative to other currencies. Similar to how the rupee's valuation swung wildly against the US dollar this year, bitcoins have had drastic movements in price as well.

The value of a bitcoin is constantly changing, and there is no centralised exchange for it. Think of it this way: each time a bitcoin changes ownership from seller to buyer, the two parties need to agree on its price. There is no 'fixed' price. Usually, it's the seller's responsibility to give a fair price to the buyer based on what rate bitcoins are being traded in elsewhere. The difference between bitcoins and other currencies is that there is no centralised bank that prints the currency and sets relative values. Through transactions, the value of bitcoin fluctuates through supply and demand.

Here's a graph covering few months of the relative value of bitcoins against US dollars; as you can see, there have been wild fluctuations in the value over the past two months.


What's the point of having bitcoins if I can use regular currency for my purchases?

That's a question you're bound to ask yourself at some point in time; after all, the rupee seems to get the job done. Why add complexity to your life with 'virtual currency' that the RBI seems to want to get rid of?

Well, for starters, there are many benefits to bitcoins over traditional currencies. For example, let's assume you need to purchase an item for Rs. 10,000, but the seller doesn't accept credit cards or bitcoins; he only wants cash. You now need to scrounge around for Rs.10,000 and pay the seller in hard cash; the seller, on his side, has to somehow ensure that the money you're giving him is not counterfeit. Just the hassle of having to pay him Rs. 10,000 in cash is what Bitcoin prevents. If you have at least Rs. 10,000 worth of bitcoins (after converting rupees to bitcoins) and the seller accepts bitcoins, the entire transaction is completed in less than 10 minutes - hassle free.

But, you say, the seller is willing to accept credit cards. Well, this is where the seller would much rather want to accept bitcoins versus traditional credit cards. There is usually a 2 - 3 per cent transaction fee for every credit card transaction that the seller needs to pay (to Visa, Mastercard, American Express, etc). With bitcoins, there are little to no fees involved. So the seller has a strong incentive to accept bitcoins.

What it basically comes down to is this: if the buyer and seller agree on a said amount for a good or service, using bitcoins gives them full control and transparency. There are no credit limits imposed by credit card companies, no need to carry cash, no extra fees that the seller can impose upon the buyer without the buyer's full approval. Every single transaction has to be 'agreed' to by both parties before it goes through.

The greatest advantage, however, is that all necessary information is public and transparent. Without revealing the identities of the buyer and seller, the entire bitcoin network is made aware of each and every transaction. This gives a tremendous amount of comfort to both parties of the transaction.

How do I get started?

You can obtain bitcoins in a number of ways, but before we get to that, you'll need to get yourself a 'Bitcoin wallet'.

A Bitcoin wallet is first required to get started with using bitcoins. A wallet can be created easily through different online applications. Your Bitcoin wallet is essentially just like, well, any other wallet.

Think of a Bitcoin wallet like an "app" that you would install on your phone. You can download your wallet on your computer through a software wallet, on your mobile, and also on the web. Once you've got yourself a Bitcoin wallet, you're good to go. It takes just a few minutes to get a wallet; once you have one, you can start accumulating bitcoins.

How do I get bitcoins?

Obtaining bitcoins is a relatively easy process. The three common ways are:
If you are selling a good, you can accept bitcoins as a form of payment.
You can purchase and sell bitcoins through Bitcoin exchanges (this is the most common way. Exchanges are typically found online.)
You can trade bitcoins for traditional currencies of countries.

As written above, obtaining bitcoins through an exchange is the most common and feasible way to get started. There are hundreds of exchanges (mostly online) through which you can obtain bitcoins. You simply register, enter your bank account information, and convert the local currency into bitcoins. 

What do I do with my bitcoins? How do I know that what I'm buying is safe?

Although many brick-and-mortar businesses are starting to accept Bitcoin, the large majority of transactions occur online. You can think of bitcoins as 'cash' for the internet.

Making payments with bitcoins is an incredibly easy process; in fact, you could argue that it is much easier than using credit cards. All you need to do is, using your Bitcoin wallet:
Enter the recipient's address (we will explain what an address is later on in the article).
Enter the amount of bitcoins to be sent.
Press send.

The recipient will then simply receive the request for bitcoins in exchange for what he is offering (goods, services, or perhaps a currency).

Bitcoin works off addresses. There are two components to a Bitcoin address: a public address, and a private address. Each Bitcoin address has its own Bitcoin balance. Every time a transaction is made, the public address of each user is made public to the entire network. Therefore, it is recommended that the sender creates a new address for each transaction.

Here is an example of a Bitcoin transaction:

Snehal owns an online store that accepts bitcoins as a form of payment.
Rajiv wants to purchase a $2500 item. He looks online and sees that the prevailing rate for bitcoins is approximately $500/bitcoin.
Snehal is selling the item for 5 bitcoins on his website.
Rajiv creates a new Bitcoin address through his wallet. He can see Snehal's public Bitcoin address on Snehal's website. 
Just as a seller does not need to know your physical identity if you pay cash, Rajiv never needs to disclose his identity to Snehal and can thus remain completely anonymous.
Rajiv instructs his Bitcoin client (the free Bitcoin software he installed on his computer/mobile) to transfer 5 bitcoins from his wallet to the Snehal's address. This is the transaction message.
Rajiv's bitcoin client will electronically "sign" the transaction request with the private key of the address from where he is transferring his bitcoins. While Rajiv's public key is available to anyone for signature verification, his private key is only known to him.
Rajiv's transaction is broadcast to the Bitcoin network and will be verified in a few minutes by miners. The 5 bitcoins have been successfully transferred from Rajiv's address to the Snehal's address.

Here's an example of what it might look like on Rajiv's software when he sends his bitcoins to Snehal:

A bitcoin user can freely share his public address with everybody. His private address, however, is only for him to know. This is critical in that this is what allows Bitcoin to be a secure payment system.

The Future

As Bitcoin gains popularity, governments are slowly but surely starting to take stances against/for it. For instance, the RBI issued a vague warning last week that Bitcoin usage is unsafe due to potential money laundering and cyber security risks. The government of China took it one step further by barring financial institutions and payment institutions from accepting bitcoins as a form of payment. Governments are cracking down on "black markets" that accept bitcoins as a form of payment.

In India, it's not very easy to convert rupees to other currencies since the Indian currency is not freely convertible. Due to this hindrance, obtaining bitcoins is not as hassle free as it is in other countries. Another problem with obtaining bitcoins in India is that there is electronic method to transfer funds safely; most transfers happen through NEFT. Due to these hindrances, liquidity of bitcoins is relatively scarce in India, but is picking up.

That being said, Bitcoin isn't an institution, organisation, or any sort of centralised entity. In fact, the beauty of Bitcoin is that there is no central authority. It is literally a network of users - known as "peers" - who simply decide to buy and sell goods and services through a mode of virtual currency. It will be difficult for governments to 'shut down' Bitcoin. In fact, there are talks that virtual currencies are the wave of the future to do their inherent associations of being decentralized, transparent, secure and hassle free.

We can only expect Bitcoin's meteoric rise in popularity to continue. Let me know your interesting thoughts on this!

The Heartbleed Bug Is Mostly Fixed, But There Are Still More Than 20,000 Websites Vulnerable

You might have changed all your passwords in the days since you learned of the Heartbleed bug, but if you're one of millions of people using certain Android devices, you might still be vulnerable.
Numerous devices running older versions of Google’s Android operating system may be at risk of the high-profile bug, according to Marc Rogers, a security expert at the mobile security firm Lookout.
Rogers told The Huffington Post that people using Android version 4.1.1 should avoid sensitive transactions on their mobile devices because a hacker could exploit the Heartbleed bug to steal their data.
large-hero-heartbleed-2.jpg

The Heartbleed bug, a newly discovered security vulnerability that puts users' passwords at many popular Web sites at risk, has upended the Web since it was disclosed earlier this week. It's an extremely serious issue, and as such, there's a lot of confusion about the bug and its implications as you use the Internet.
TechProceed.com has compiled a list of Frequently Asked Questions to help users learn more about the bug andprotect themselves. The Heartbleed situation is ongoing, and we'll update this FAQ as new issues arise. Check back for new information.
What is Heartbleed?
Heartbleed is a security vulnerability in OpenSSL software that lets a hacker access the memory of data servers. According to Netcraft, an Internet research firm, 500,000 Web sites could be affected. That means a user's sensitive personal data -- including usernames, passwords, and credit card information -- is potentially at risk of being intercepted.
The vulnerability also means an attacker could steal a server's digital keys that are used to encrypt communications and get access to a company's secret internal documents.
What is OpenSSL?
Let's start with SSL. That stands for Secure Sockets Layer, but it's also known by its new name, Transport Layer Security, or TLS. It's the most basic means of encrypting information on the Web, and it mitigates the potential of someone eavesdropping on you as you browse the Internet. (Notice the "https" in the URL of SSL-enabled sites like Gmail, instead of simply "http.")
OpenSSL is open-source software for SSL implementation across the Web. The versions with the vulnerability are 1.0.1 through 1.0.1f. OpenSSL also is used as part of the Linux operating system, and as a component of Apache and Nginx, two very widely used programs for running Web sites. Bottom line: Its use across the Web is vast.
Who discovered the bug?
Credit is given to security firm Codenomicon and Google researcher Neel Mehta, who both found the bug independently from each other, but on the same day.
Mehta donated the $15,000 bounty he was awarded for helping find the bug to the Freedom of the Press Foundation's campaign for the development of encryption tools for journalists to use when communicating with sources. Mehta is declining press interviews, but asked for comment, Google said, "The security of our users' information is a top priority. We proactively look for vulnerabilities and encourage others to report them precisely so that we are able to fix them before they are exploited."
Why is it called Heartbleed?
According to Vocativ, the term "Heartbleed" was coined by Ossi Herrala, a systems administrator at Codenomicon. It's got a nicer ring to it than its technical name, CVE-2014-0160, named for the line of code that contained the bug.
Heartbleed is a play on words referring to an extension on OpenSSL called "heartbeat." The protocol is used to keep connections open, even when data isn't being shared between those connections. Herrala "thought it was fitting to call it Heartbleed because it was bleeding out the important information from the memory," David Chartier, chief executive of Codenomicon, told Vocativ.
If the name sounds a bit too catchy for a security glitch, that's exactly the point. The team at Codenomicon wanted something press friendly that could spread quickly, to warn more people of the flaw. Soon after they named the bug, they bought the domain Heartbleed.com to educate the Web about the glitch.
Why are some sites not affected by Heartbleed?
Although OpenSSL is very popular, there are other SSL/TLS options. In addition, some Web sites use an earlier, unaffected version, and some didn't enable the "heartbeat" feature that was central to the vulnerability.
While it doesn't solve the problem, what mitigates the scope of the potential damage is the implementation of perfect forward secrecy, or PFS, a practice that makes sure encryption keys have a very short shelf life, and are not used forever. That means that if an attacker did get an encryption key out of a server's memory, the attacker wouldn't be able to decode all secure traffic from that server because keys use is very limited. While some tech giants, like Google and Facebook, have started to support PFS, not every company does.
How does the bug work?
The vulnerability lets a hacker access up to 64 kilobytes of server memory, but perform the attack over and over again to get lots of information. That means an attacker could get not just usernames and passwords, but also "cookie" data that Web servers and browsers use to track individuals and ease log-in. According to the Electronic Frontier Foundation, doing the attack repeatedly could yield more serious information, like a site's private SSL key, used to encrypt traffic. With that key, someone could run a fake version of a Web site and use it to steal all other kinds of information, like credit card numbers or private messages.
Should I change my passwords?
For many Web sites, yes. BUT wait until you get confirmation from the Web site operator that the bug has been patched. It's a natural reaction to want to change all of your passwords immediately, but if the Web site's bug has not been fixed yet, making the change could be useless -- you're just potentially giving an attacker your new password.
How do I check if a Web site has been affected -- or fixed?
A few companies and developers have created testing sites to check which Web sites are vulnerable or safe. Two good ones are by LastPass, a company that makes password management software, andQualys, a security firm. While these test sites are a good preliminary check, continue to proceed with caution, even if the site gives you an all-clear indication. If you're given a red flag, however, avoid the site.
CNET is keeping a running list on the status of the top 100 Web sites, according to Alexa.com. Check back here for updates. Here's a list of sites that were still vulnerable as of Thursday afternoon,according to researchers at Zmap.
But the most prudent thing to do is to get confirmation from the site through one of its official channels. Lots of companies have been putting up blog posts and issuing statements about the health of their sites. Or you can email a site operator or customer service person directly.
The programmer who wrote the glitchy code was Robin Seggelmann, who worked for the OpenSSL project while getting his Ph.D. studies from 2008 to 2012. Adding to the drama of the situation, he submitted the code at 11:59 p.m. on New Year's Eve 2011, though he claims the timing has nothing to do with the bug. "I am responsible for the error," Seggelmann said. "Because I wrote the code and missed the necessary validation by an oversight."
Who was behind the bug?
Still, as an open-source project, it's hard to place the blame squarely on one person. As Zulfikar Ramzan, chief technology officer of cloud security startup Elastica, explained to The New York Times, there's so much complex code that people had been writing, and the particular protocol Heartbeat did not get enough scrutiny. "Heartbeat is not the main part of SSL. It's just one additional feature within SSL," he said. "So it's conceivable that nobody looked at that code as carefully because it was not part of the main line."
Is it true that the US government exploited Heartbleed before the world knew about it?
That's unclear at this time. One report said that the National Security Agency knew about the exploit before it was called Heartbleed and exploited it to gather intelligence, but the NSA denied the accusation. Whether the report is accurate, the fact remains that when left unpatched, Heartbleed is a major security risk.
Should I be worried about my bank account?
Most banks don't use OpenSSL, but instead use proprietary encryption software. But if you're unsure, contact your bank directly for confirmation that the Web site is secure. Still, John Miller, security research manager for security and compliance firm TrustWave, suggests keeping a close eye on financial statements for the next few days to make sure there are no unfamiliar charges.
How do I know if anyone has used the Heartbleed vulnerability to steal my information?
Unfortunately, exploiting the bug "leaves no traces of anything abnormal happening to the logs" of Web sites, according to Codenomicon.
What password managers can I try?
One thing the Heartbleed situation highlights is the value of a good password. In the aftermath of changing your old passwords, you might be wondering if there are other ways to make sure your accounts are secure. Password managers try to solve that problem by helping you generate random passwords for each account. You then control everything through one strong master password. Having all of your accounts under one manager may be too close for comfort for some users, but LastPass, one of those vendors, insists it's secure, and that users don't have to change their master passwords due to Heartbleed. It's even added a feature that automatically checks your saved sites for Heartbleed vulnerabilities. Other password manager options are RoboForm, Dashlane, and 1Password.
Another suggestion is enabling two-factor authentication when it is offered. (Gmail is one service that does so.) That means that in addition to a password, the service asks for another piece of identifying information, like a code that's been texted to you. That way, even if someone steals your password, it makes it harder for someone to falsely log in as you.