Yes yes yes yes , this is perfect
While I like the idea, one would question how they plan to monetise the venture.
Do they sell your personal information?
Do they spam you with lots of Adverts?
Do they buy large amounts of a CDA off another exchange when value is down and then charge a kimchi premium to their users?
What is their risk management strategy and method of profit?
Running a service online costs money.
Our model is fairly simple, and not at all new in the trading world: we’re a broker-dealer, and we make money on the bid-ask spread (difference between posted buy and sell prices). We manage that risk in a number of ways that depend on what the market is doing at that particular moment.
The details are sort of our special sauce, but it would be a safe bet to assume that we’ve thought a lot about inventory risk, managing liquidity, etc. Our prices will generally be in-line with what you’d see on major exchanges for CAD/crypto pairs.
We have no plans to sell personal information or show ads. That would be entirely antithetical to our goals of building the best possible user experience - I also personally have zero interest in that business model.
Hopefully that’s helpful
whoa! glad you’re here friend! looks like a great app!
time to get acquired!
Haha My last company was acquired last year - not as fun as it sounds. I’d much rather be building than dealing with 6-9 months of due diligence hell any day of the way.
I am based in the US, but would like to use Newton. Is there a way of linking US banks/financial institution to a Newton account? My investment framework is NOT to liquidate it in CAD, but to increase my BTC holding in the long run. Any thoughts?
Welcome to the pub . I’ll be checking you guys out. Canada is in need of something like this.
Cheers, Dustin. Cool to see you around the 'pub, a lifetime since the Borden days.
@dwalper posted on r/BitcoinCA recently. Secure Enclave is Apple’s killer feature IMO!
"Some radical & perhaps not so radical ideas
Founder of Newton here (shameless plus: beta invites are coming very, very soon - thanks for your patience!).
I’ve been thinking long and hard about how to realize the potential of cryptocurrency - not just as a speculative investment or a store of value, but as a protocol on which we can create a more free & transparent financial system. Money is freedom, and it’s incumbent upon all of us to ensure that freedom is not compromised in the pursuit of convenience.
It strikes me that despite the promise of cryptocurrency to bring about increased decentralization, despite the trust-less cryptographic principles on which it is based, that many of the exchanges, brokerages, and payment services providers offering crypto-related services are moving in exactly the opposite direction. In the name of KYC/AML legislation, and perhaps for other commercial purposes, they are collecting loads of sensitive information, restricting peoples’ freedom to move crypto into and out of their platforms, and generally attempting to act in a manner that could generously be described as “bank-like”.
I wanted to share my ideas on how we might move in the opposite direction and solicit your thoughts.
First, I should state that we are currently focused on launching on iOS with a fully native experience. There’s an important reason for this: Apple has taken a strong stance on user privacy, and it’s a stance that we would like to embrace and build upon.
Take, for example, Apple’s Secure Enclave - it is essentially a Ledger Nano S residing on every modern iOS device, a secure hardware chip with built-in secure storage and cryptographic functions. In my opinion it is being criminally underused.
Apple has correctly recognized that storing information in a centralized manner on servers is a dangerous exercise - if the NSA cannot keep its most prized information from being leaked, it is unlikely that the majority of companies can either. Security is really, really hard.
So here are a few of the things we are hoping to do:
Store all sensitive user information on-device, in Secure Enclave. This means banking information, addresses & phone numbers, and other information that could be damaging if compromised. We would have to keep certain information for compliance & reporting purposes, but we would store the bare minimum needed to comply with regulation encrypted & offline. If our web servers were ever compromised (which we will do everything in our power to prevent), the database would not be particularly useful to an attacker since it would be lacking in valuable information.
Use Secure Enclave to cryptographically sign transactions before submitting them to our servers, ensuring that only the owner of the device can initiate action. Even if authentication tokens were compromised somehow in flight, an attacker could not use them for malicious purposes.
Use the Secure Element to generate private keys which would never leave the device, and serve as a sort of hardware wallet, keeping the majority of cryptocurrency in the hands of our users and not in a big centralized pool.
Make use of TouchID/FaceID to secure every transaction (a freebie if the private keys to sign transactions are in Secure Enclave)
These things are increasingly possible with modern Android devices as well, and we intend to launch on Android soon, but I have to admit that Apple has quite the lead in this respect. The more I dive into the technical documentation the more respect I have for their security team.
This type of hardware security is one of the primary reasons that we are so focused on mobile.
Beyond buying and selling crypto I really think there’s an exciting opportunity to rethink identity - rather than an easily-compromised SIN, I’d like to see that every Canadian has private keys stored in secure hardware that they control. Proving identity would merely be a matter of cryptographically signing things, with the private keys never shared with a third party. It’s insane that “identity theft” is as easy as stealing a SIN which you share with your employer, Revenue Canada, etc. etc.
I would like to see that crypto can be used for all manner of things - it will remain niche until I can use Bitcoin or Ether to buy clothes or groceries or a house. I hope we can make strides towards improving this situation.
More broadly, I think there is an interesting discussion to be had about a national cryptocurrency standard built on the Ethereum protocol - what would it do for our freedom if the Canadian dollar was built upon an open standard rather than closed, proprietary ledgers as it is today?
In any event, I’ve been staring at code for far too many hours and thought it would be therapeutic to share my ramblings - your feedback is welcome!"
Totally! I will say there’s a small technical error in this post, though in my defense… it was late, and I had consumed an old-fashioned or two.
You can’t actually store information in Secure Enclave that didn’t originate there - that’s sort of the while point! Instead, you generate private keys from within Secure Enclave that never leave the hardware. It then has a number of built-in cryptographic functions that can be used to encrypt, decrypt, sign, or validate things securely.
We can, however, store information on-device where the decryption keys are held in secure enclave, and in fact this is what Apple File System does already.
It’s a really amazing piece of tech for a consumer phone - banks use super-expensive versions of such hardware for payments - and it’s an awesome way to go provide a much deeper level of security than is possible on a regular ol’ ARM CPU.
Hey folks, thought you might be interested in Medium article I wrote yesterday on some of the finer points of our security practices Meat included below to save you a click.
Cold Storage — Easy to say, hard to do
In the early days of cryptocurrency, many exchanges did a stupid thing — they put private keys on servers connected to the internet. Like the combination to a safe, private keys allow the holder to unlock and spend any funds “stored” in a particular account.
Unsurprisingly, storing private keys on internet-connected servers resulted in a lot of pain — by exploiting vulnerabilities, hackers located thousands of miles away from these servers were able to make off with hundreds of millions of dollars worth of cryptocurrency.
It has become common practice today to store private keys in “cold storage”, meaning completely disconnected from the internet. But how does this work in practice? Here’s how we do it:
Generate private keys offline and keep them there. Private keys are really just long, unguessable sequences of random numbers and letters. Thanks to the mathematical properties of public-key cryptography, those private keys need never touch the internet — they can even be kept entirely on paper. Those keys can then be used for two things: a) to create public addresses you can use to receive funds, and b) to sign transactions allowing you to spend those funds.
Sign transactions offline. Signing a transaction to send crypto from Alice to Bob is just like signing a cheque — Alice fills out the details of the transaction (who the funds will go to, how much to send), then Alice uses her private key to prove that she is the owner of that account. This signing process can be done entirely offline, and at Newton we do this on air-gapped computers where we have physically removed any Wi-Fi or Bluetooth hardware to prevent wireless attacks.
Broadcast online. But now that we have a signed transaction, what do we do with it? We need to move that transaction to an internet-connected computer so it can be recorded on the blockchain. A signed transaction is completely safe — there’s no way to reverse it to find the original private key used to sign it — but moving information off of an air-gapped computer is tricky. USB keys are famously vulnerable to attack, and the cardinal rule of cold storage is that the computers involved must never, ever be connected to the internet. We get around this by using QR codes, printers, and cameras to move information around in an optical way that is nearly impossible to compromise.
Stay paranoid. This process by itself isn’t totally immune to attack — what if someone simply sits next to you and forces you to sign a transaction giving them all of your money? For this reason we keep all of our cold storage equipment in distributed facilities with 24/7 security. We are only physically able to sign transactions when safely signed in at one of those facilities, locked in a private room. We also take into account things like side-channel attacks which could allow an attacker to use a nearby cellphone to steal information — we make liberal use of Faraday shields for any personal electronics, and we also sign transactions on battery power to prevent power analysis attacks.
In practice, while most funds are stored in cold storage, we keep extremely small amounts in internet-connected wallets so users can withdraw crypto without manual intervention. We operate under the assumption that these funds are vulnerable, and should never be worth enough to be catastrophic if stolen.
Oh, and we never, ever store private keys in our office (I’m looking at you, would-be attackers).
Protecting User Accounts
What if an attacker is simply able to sign in as a user and request a withdrawal of their funds?
Fundamentally, our choice to go mobile-first with Newton was driven by security considerations — mobile devices, and iPhones in particular, have better security features than most PCs. Apple’s Secure Enclave, for example, is a dedicated hardware chip offering rock-solid security not found in most laptop or desktop computers. Paired with TouchID or FaceID, it’s possible to store sensitive information in a way that’s extremely difficult to compromise (even by the FBI).
We do a couple of things to make account hijacking difficult:
Two-factor authentication. Two-factor authentication pairs something you know, your password, with something you have, your phone. It ensures that someone else can’t login with your account without also having physical access to the phone. This is a critical feature in an era of bulk password theft and one we make mandatory on all Newton accounts.
Device attestation. While two-factor authentication has become widespread, device attestation is a lesser-known security feature first introduced by Google with SafetyNet and recently introduced by Apple in a somewhat obscure API called DeviceCheck. Basically, this service allows us to verify that a request came from a real iPhone that has not been compromised. It also allows us to check whether that device has been used to create a Newton account before (which Apple has figured out how to do in a clever way that preserves user privacy). We block all requests that don’t come from a valid mobile device.
Bank security. While it’s common for cryptocurrency services in Canada to offer a plethora of options for deposit and withdrawal, we offer exactly one method: direct debit through a connected bank account. By requiring users to login using their banking credentials (which we do not store or even have access to), we are able to leverage the bank’s security to ensure you are the rightful owner of that account. Once connected, the bank account on file cannot be changed without manual approval and re-verification.
Firewalls, DDoS protection, oh my! Beyond these user-facing measures, we do a lot of work behind the scenes to prevent unauthorized access to our web servers, including multiple tiers of firewalling and integration of services that protect against Distributed Denial of Service (DDoS) attacks. We practice defense in depth, an information security principle that calls for multiple, redundant layers of protection in case any one layer fails or is compromised.
Bug bounties. Finally, we will be starting a bug bounty program in the near future. Bug bounties are programs that offer monetary rewards to white-hats who discover flaws or vulnerabilities in our software or infrastructure. By encouraging the good guys to find and report problems before malicious hackers do, we hope to benefit from smart minds beyond those on our immediate team.
Because information security is a moving target with new vulnerabilities being discovered all the time, this is an evolving process — we’re constantly thinking about all of the ways smart hackers might try to compromise our security.
There is no such thing as a “perfectly secure” service, and so wherever possible we also think about how to store less information so there is less to compromise in the event of a successful attack.
This is by no means an attempt to extensively document our procedures and protocols — merely to offer a glimpse.
We welcome any and all feedback and suggestions on things we can do to improve our security. Our belief is that great security and great UX can and should go hand-in-hand.
Oh, and if you made it this far: our first round of beta invites will be showing up in inboxes within the next 10 days! Mwah.