does blockchain.info have everyone's private key?

I'm looking at blockchain.info's FAQ page, and they describe the wallet creation scheme here: https://blockchain.info/wallet/technical-faq (please scroll down to the Please describe the wallet creation routine. section)

Because their wallet encoding tool is in Javascript, which is clientside, the user can trust that the encryption key cannot be on the server because Javascript must be all clientside code?

Is there any server side method in which the site could maliciously collect this data, therefore compromising blockchain.info's integrity?

Could blockchain.info suddenly change a line of code in their javascript, for say, a few minutes, and begin storing the pre-encrypted data into their servers without many people noticing? They could use this method to collect private keys from random samples of people, and would likely get away with it.

bvpx

Posted 2013-07-25T07:22:17.720

Reputation: 1 052

The Browser extensions provide protection. With the Chrome browser extension the javascript comes from the extension and not from blockchain.info website: https://blockchain.info/wallet/browser-extension

– Stephen Gornick – 2013-08-01T00:34:31.367

I had no idea this existed. This is certainly something that I will start using. However, I feel the majority of the users on their site who trust their javascript client could be at risk. – bvpx – 2013-08-01T15:08:28.190

Answers

No, they have everyones encrypted private key. The private key get's decrypted locally on your client.

And of course they could change some lines of code and collect your private key. But this is true for every bitcoin client (thin client or not). That's why it is important to get the client binaries from trusted sources (and deterministic build).

Flow

Posted 2013-07-25T07:22:17.720

Reputation: 654

What client binaries are we talking about here, though? When I sign up for a new account on blockchain.info, the entire process is on their web page. The javascript client that exists in the browser during account creation can be verified by binaries, I guess, but they'd have to provide the binaries for each page you visit every step along the way? Is this a common practice or even feasible? – bvpx – 2013-07-25T09:20:09.427

The "binaries" in the case of blockchain.info are the HTML code for their site and the Javascript it uses. For desktop wallets, they are the distributed executables. – Pieter Wuille – 2013-07-25T21:03:13.627

So everyone simply trusts blockchain.info with all of their money? I think it's likely that less than 0.10% of people actually check the Javascript on blockchain.info for malicious code. – bvpx – 2013-07-25T21:39:53.123