Of all the web based Bitcoin wallets, Blockchain.info is the largest, most respected and arguably the most secure. Yet for the last few days even this service has been experiencing serious difficulties, being offline for most of that time and up and own ever since.
Blockchain.info is an on-blockchain wallet service, potentially offering considerable advantages over the much more vulnerable off-blockchain services such Coinbase.
The main disadvantage with off-blockchain services, whether wallets or exchanges, is that they keep the Bitcoin in private wallets to which only they hold the private keys, which leaves the user vulnerable to any difficulties the service experiences such as hacking, regulatory or technical issues. The Mt. Gox debacle was a dramatic example of just how vulnerable Bitcoin deposits are if entrusted to a third party who hold the private keys.
Blockchain.info is a justifiably highly respected, technically competent, honest and free service that offers an on-blockchain wallet service allowing the Bitcoin owner to keep copies of the private keys and therefore control over Bitcoin deposits. This web based service is only of value of course if the web based interface is actually available to manage Bitcoin deposits, which was not the case with Blockchain.info over at least a day or so. Those without wallet backups simply had no access to their Bitcoin.
Blockchain.info point out during their service outage advisory message:
We designed the Blockchain service to offer independence to our users, so their funds are not compromised even in the case of a disaster or outage that affects Blockchain. We published instructions explaining exactly how to import your wallet backup into Multibit, allowing you to make transactions from your wallet.
This is all very well and no doubt of great value knowing that Bitcoin can be accessed even if Blockchain.info is unavailable, which is more than can be said for the vast majority of wallet or exchange services, but does raise the question as to why entrust Bitcoin with a web based service at all when it is a simple matter to hold and use Bitcoin in totally private wallets where Bitcoin can be far more easily managed, placed in cold storage etc.
Web based wallets may be convenient to use, just as web based email is convenient to use, but unlike web based email, the consequences of a failure of the service, service or wallets being hacked etc are far more serious because entire savings in Bitcoin can be wiped out in a moment at great financial loss, again as was the case with Mt. Gox.
Bitcoin is still in its infancy yet already is a prime target for hackers because the rewards are so high in stealing large amounts of untraceable Bitcoin. We based services are also prime targets for DDOS attacks from botnets etc which can easily crash a service and make it unavailable. Again we saw this recently around the time of the Mt. Gox crash. As Bitcoin grows in popularity attacks by hackers and DDOS attackers will increase exponentially. DDOS attacks can easily and often do bring down even government and other major websites, so bringing down a web based wallet or exchange service would be simple, and it is inevitable.
Anyone keeping Bitcoin in an off-blockchain web based wallet or exchange is asking to get their Bitcoin lost, stolen, frozen, seized and much more, and sooner or later will. Using such services is akin to giving a complete stranger a wallet stuffed with physical cash and asking them to keep it safe - no one with any sense would ever do such a thing.
On-blockchain wallet services such as Blockchain.info while not being exposed to the same risks, are still nevertheless at risk from DDOS attacks as a service, and users are still at risk from account compromise through phishing, trojan key loggers and so on. While today's Bitcoin users are technically competent and aware, in the future Bitcoin users will be more mainstream and far more vulnerable to such attacks.
Do Web Based Wallets Have A Future?
We based wallets may have a future if they:
Are on-blockchain, therefore immune to external interference and enabling users to retain their own private keys.
Offer advanced security such as "two factor authentication", multi-sig etc.
Are completely protected from hackers, DDOS attacks and other service ourages.
The big question however is why risk using a web based wallet at all, entrusting the fate of Bitcoin to a third party, when Bitcoin can be stored, managed, sent and received at home with software wallets such as Armory and Multibit, especially when even Blockchain.info recommends saving private keys and importing them in to Multibit in case of issues as seen over recent days? There is no question that the current software wallets require a certain level of technical ability to implement cold storage etc, but as these evolve, along with smart phone wallets and hardware security devices such as the Trezor, these solutions will be easily manageable by most users, especially as push button hardware devices become available, which will be little more difficult to use than a credit card.