💜Casa vs. Alternatives
🔑System Design Principles
🚨Threat Overview
🔐Chosen Features
✅Chosen Key Schemes
❌Rejected Key Schemes
❌Rejected Features
🔧Remaining Attack Vectors
👨🚀Future Improvements
Option #1: Do-it-yourself
The first alternative to consider is do-it-yourself storage systems, like the Glacier Protocol. These non-commercial options have the distinct advantage of being completely private. There is no need for anyone to know that the user holds cryptocurrency or has set up a storage system at all.
However, the downside comes in usability and support. For example, the Glacier Protocol was designed to serve a similar niche to Casa. But in initial testing Glacier took 8 hours to setup and 4 hours to withdraw coins[1]. Even if practice can reduce this time, it still will require time on the order of hours for each transaction. Glacier involves hundreds of dollars worth of equipment, a complicated process that involves modifying laptop hardware, using the command line interface, and installing operating systems, with no reliable support in case something goes wrong.
The Casa system was inspired by the Glacier Protocol. We aim to provide a similar level of high security designed for users with large bitcoin balances. But interacting with Casa App to set up a wallet or to make a transaction takes minutes instead of hours and requires the level of expertise of any normal computer user. If something goes wrong, Casa offers 24/7 dedicated support while a DIY solution is reliant upon community support forums and channels that are strictly voluntary and offer no guaranteed level of service.
We do need to collect some data on the user to take payment, ship products, and contact them for support. But we are careful to collect the smallest amount of data possible to provide our customers with our services, as outlined in our Privacy and Data Protection Policy. For example, we collect shipping information to ship hardware to our customers, but we delete it after the shipment is made. We also silo customer data internally, so that employees only have access to customer data directly related to their function.
It is possible to use Casa pseudonymously[2]. Since we offer a non-custodial service, we are not subject to AML-KYC requirements. In fact, we try to know as little as possible about our customers. That’s because holding more customer data increases the risk of attack on our company directly. Additionally, holding more customer data dramatically increases the size of liability in the event of a direct hack or data leak.
In short, minimizing customer data not only protects our customers, it also protects Casa.
One major difference between Casa and open source solutions like Glacier is that Casa is more strongly incentivized to work in the interest of our users. The financial success of Casa is directly linked to our reputation and our yearly customer revenue fee. We succeed if our users succeed, and we fail if our users fail. If our users lose funds, they have no money to pay our yearly service fee. In contrast, open source projects are developed and maintained by volunteers. The developers don’t have as much skin-in-the-game. If their users make a mistake and lose funds, they suffer no material penalty.
[1] Source: author’s own experience and memory
[2] Casa collects a small amount of identifying information to verify the authenticity of emergency recovery requests
Copy link