Von Ralf Keuper
Es war längst an der Zeit, dass sich eine Stu­die der Grup­pe der Bit­co­in-Nut­zer wid­met, wie in The Other Side of the Coin:User Expe­ri­en­ces with Bit­co­in Secu­ri­ty and Pri­va­cy, wor­über Patrik Dax in Wie Bit­co­in-Nut­zer ticken berich­tet. Durch­ge­führt hat die Stu­die ein Team des Wie­ner For­schungs­zen­trums SBA Research. 
Die Stu­die kommt zu dem, nicht wirk­lich über­ra­schen­den, Ergeb­nis, dass es “den” Bit­co­in-Nut­zer nicht gibt. Der Kennt­nis­stand der Nut­zer, ins­be­son­de­re was Fra­gen der Sicher­heit betrifft, weicht zum Teil deut­lich von­ein­an­der ab:

We found that mana­ging bit­co­ins is still a major chall­enge for many users, as many of them do not app­ly suf­fi­ci­ent secu­ri­ty mea­su­res such as encryp­ti­on and back­ups. We found that many par­ti­ci­pan­ts were not even awa­re of secu­ri­ty fea­tures pro­vi­ded by their used CMT (Coin Manage­ment Tool, RK). Two of the most wide­ly used CMTs among our par­ti­ci­pan­ts were web­hos­ted solu­ti­ons. About half of their users repor­ted to use such solu­ti­ons exclu­si­ve­ly, while the other half also used local cli­ents. Even though web cli­ents ought to be a usable and con­ve­ni­ent solu­ti­on, they requi­re a cer­tain level of trust and shift the respon­si­bi­li­ties of encryp­ti­on and mana­ging back­ups to a third par­ty. We also found that 22.5% of our par­ti­ci­pan­ts have alre­a­dy expe­ri­en­ced secu­ri­ty brea­ches and lost bit­co­ins. About half of them men­tio­ned a self-indu­ced error as the reason, which high­lights that users find it still dif­fi­cult to mana­ge their bit­co­ins in a secu­re way. 

Schwie­rig­kei­ten berei­tet den Anwen­dern die Wie­der­her­stel­lung der Pri­va­te Keys nach einem Ver­lust von Bitcoins:

The majo­ri­ty (77.6%) among tho­se who lost bit­co­ins did not want to indi­ca­te whe­ther they were able to reco­ver their keys. Of tho­se who pro­vi­ded an ans­wer, 65% were not able to reco­ver their keys. Over­all, our par­ti­ci­pan­ts repor­ted to have lost about 660.6873 bit­co­ins. Howe­ver, it must be taken into account that we did not ask when the coins were lost. Hence, inter­pre­ting this result we must take into con­side­ra­ti­on that the Bit­co­in exch­an­ge rate is high­ly vola­ti­le and it is the­r­e­fo­re hard to pro­vi­de an over­all esti­ma­ti­on in USD. About 40% of our par­ti­ci­pan­ts repor­ted to have lost money due to a self-clas­si­fied major secu­ri­ty breach. 13.1% of our over­all sam­ple repor­ted to have lost bit­co­ins in HYIPS (high-yield invest­ment pro­grams) and pyra­mid sche­mes. 7.9% lost money at Mt. Gox.

Als wei­te­ren Befund hal­ten die Autoren fest:

For the two most wide­ly used web-hos­ted CMTs, about a third of our par­ti­ci­pan­ts are una­wa­re of whe­ther their wal­let is encrypt­ed or backed up. In such a sce­na­rio, users shift respon­si­bi­li­ties to a third par­ty. Even though this seems to be a con­ve­ni­ent and usable solu­ti­on for non-expert users, it impli­es that the user trusts the­se third par­ties to take care of their secu­ri­ty. About 50% of web cli­ent users indi­ca­ted to use an addi­tio­nal local cli­ent to store their vir­tu­al assets. Accor­ding to our results, users that have a hig­her num­ber of bit­co­ins do not neces­s­a­ri­ly back up their wal­lets more often. Also, MyCe­li­um users back up their wal­lets more often than others. Hence we con­clude that back­up moti­va­ti­on and respec­tively fati­gue depend high­ly on usa­bi­li­ty and not on the num­ber of coins. 

Der Umgang mit Bit­co­in setzt dem­nach noch pro­fun­des Wis­sen und tech­ni­sche Exper­ti­se vor­aus. Ein Man­ko, das beho­ben wer­den muss, wenn Bit­co­in mehr als nur ein Spiel­zeug für Nerds sein soll. Ähn­lich äußern sich die Autoren:

We belie­ve that our insights and sug­ges­ti­ons are an important first step towards impro­ving the usa­bi­li­ty of Bit­co­in secu­ri­ty. In order to gua­ran­tee secu­re inter­ac­tions with the Bit­co­in eco­sys­tem to both expert and non-expert users, we must re-think the con­cept of Bit­co­in manage­ment, sin­ce it is more than just the secu­re hand­ling of secret keys. Bit­co­in is a decen­tra­li­zed sys­tem whe­re the inter­ac­tions bet­ween peers and the pro­pa­ga­ti­on and veri­fi­ca­ti­on of mes­sa­ges and data is important. If this aspect is igno­red, Bit­co­in would just con­sist of signed num­bers wit­hout value.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert