[bigiain]

<devil's advocate>Yeah, but could the (ex) coat owner hold the restaurant's landlord liable? Isn't it the restaurant _managers_ problem?

I think there's a _lot_ of "grey areas" here, and while I feel sympathy for the guy who's out ~$13k worth of bitcoins, I can't help but think he was "doing the wrong thing" relying on the security of an inexpensive vps to keep them safe…

[chc]

What would you recommend? Would you say the same thing if he'd been colocating and a data center employee had stolen his bitcoins? Because that seems far more analogous than any restaurant analogy, and I don't see any reasonable way for somebody who's not a huge corporation to avoid this kind of risk.

You have to trust somebody at some point unless you're keeping the server locked in your own closet. It seems really bizarre to me to say that a hosting provider doesn't have a responsibility not to steal your stuff.

[bigiain]

What do I recommend? I'm really not sure…

Firstly, I'd start asking whether a $19.95/month shared hosting* account is a "reasonable" place to store $13k worth of (effectively) cash. I'd be _very_ careful if I had that sort of folding-money-type-cash on hand, and would under normal circumstances automatically deposit in a bank account to mitigate the risks involved with carrying it around. And I'd usually take steps to not ever have that sort of value of cash build up or be required - the only transaction I've ever done of that sort of value in cash is selling or buying a car from an individual - and that's always been a direct from transaction to the bank type of arrangement.

If I had enough bitcoin value that it'd hurt to lose it, I would not (at least now in hindsight) store that on a machine that other people I don't know/trust have root access to. Maybe I'd keep my wallet on a usb stick in my pocket or in a safe at home? I think though that at somewhere near the $13k value the "right" thing to do is convert it to cash and take advantage of the existing banking system and its time-tested security and insurability.

(* Which is fundamentally what a linode VPS is, at least from anyone with access to the hypervisors point of view.)

[larrys]

Would have to meet several tests. 1) Hosting company knew and agreed to the value of the things they had control over. 2) Employee did it and they were negligent in hiring that individual. 3) Reasonable and customary for that type of stuff to be in that situation given pricing and the practices of others.

With respect for #3 it would be reasonable for a bank safe deposit box to contain a $100,000 ring maybe but not to contain a 10,000,000 ring.

[showerst]

Then he should Colo with a hosting provider with a contract provision that specifically holds them liable for any losses related to problems caused by the host, and enumerates those possible losses beforehand.

[larrys]

Simply not going to happen at any reasonable rate.

There's a saying in many businesses with different variations:

"Price, quality, speed" pick any two.

So this would be:

"Price, security, bandwidth" pick any two.

People pick on price and bandwidth security is taken for granted to be commercially acceptable. The colo can easily figure out price and bandwidth they are clearly defined. Losses from a security breach not as easy - to many variables. Same reason insurance companies love to write life insurance but hate to write disability insurance. Life insurance is absolute (you know when someone is dead and tables exist to compute probabilities on when they will die). Disability is open to interpretation, fraud and other things. It's not black and white.

[eli]

Does such a thing even exist?