Topic: AndLTC-Wallet v1.1(Android LTC Wallet backend by Insta Wallet) | PlayStore (Read 2860 times)
April 04, 2013, 07:09:44 PM
InstaWallet's have a right to exist. Users have the right to know the actual risk involved to make an informed decision if they want to use it or not.
April 04, 2013, 06:39:01 PM
Where is smoothie, this has got to escalate?
April 04, 2013, 06:36:21 PM
Quote
Readers can judge for themselves if it is a good idea to trust this person.
April 04, 2013, 06:34:26 PM
https://bitcointalksearch.org/topic/m.1744168
See here for yet another reason why nobody should trust InstaWallet and any app that relies upon it.
You do not adequately warn your users of the risk of relying on a server to protect their funds. Even if you trust the server operator to not steal the funds, it is dangerous to assume that the server can remain secure forever.
Seriously? I'm amazed how little you actually bothered to understand and test this code that somebody else wrote. You would seriously put an app on the Google Play Store that handles people's actual money when you don't know if they will lose their vault key on upgrade?
This is reckless and irresponsible.
See here for yet another reason why nobody should trust InstaWallet and any app that relies upon it.
You do not adequately warn your users of the risk of relying on a server to protect their funds. Even if you trust the server operator to not steal the funds, it is dangerous to assume that the server can remain secure forever.
Quote
(Not sure when “upgrading” the app if the Vault Key is saved)
Seriously? I'm amazed how little you actually bothered to understand and test this code that somebody else wrote. You would seriously put an app on the Google Play Store that handles people's actual money when you don't know if they will lose their vault key on upgrade?
This is reckless and irresponsible.
Oh I forgot, it does LOL, let me remove that. Added new Disclaimer too!
April 04, 2013, 06:24:22 PM
https://bitcointalksearch.org/topic/m.1744168
See here for yet another reason why nobody should trust InstaWallet and any app that relies upon it.
You do not adequately warn your users of the risk of relying on a server to protect their funds. Even if you trust the server operator to not steal the funds, it is dangerous to assume that the server can remain secure forever.
Seriously? I'm amazed how little you actually bothered to understand and test this code that somebody else wrote. You would seriously put an app on the Google Play Store that handles people's actual money when you don't know if they will lose their vault key on upgrade?
It is outright irresponsible for this app to exist, especially how carelessly you did it.
See here for yet another reason why nobody should trust InstaWallet and any app that relies upon it.
You do not adequately warn your users of the risk of relying on a server to protect their funds. Even if you trust the server operator to not steal the funds, it is dangerous to assume that the server can remain secure forever.
Quote
(Not sure when “upgrading” the app if the Vault Key is saved)
Seriously? I'm amazed how little you actually bothered to understand and test this code that somebody else wrote. You would seriously put an app on the Google Play Store that handles people's actual money when you don't know if they will lose their vault key on upgrade?
It is outright irresponsible for this app to exist, especially how carelessly you did it.
April 04, 2013, 05:59:41 PM
You do not adequately warn your users of the risk of relying on a server to protect their funds. Even if you trust the server operator to not steal the funds, it is dangerous to assume that the server can remain secure forever.
Seriously? I'm amazed how little you actually bothered to understand and test this code that somebody else wrote. You would seriously put an app on the Google Play Store that handles people's actual money when you don't know if they will lose their vault key on upgrade?
This is reckless and irresponsible.
Quote
(Not sure when “upgrading” the app if the Vault Key is saved)
Seriously? I'm amazed how little you actually bothered to understand and test this code that somebody else wrote. You would seriously put an app on the Google Play Store that handles people's actual money when you don't know if they will lose their vault key on upgrade?
This is reckless and irresponsible.
April 03, 2013, 04:14:29 PM
Your arguments would hold more water if you hadnt only posted in this thread and the other ltc wallet thread. Use your brain when shilling, then you may have more credibility.
I am caught between "not wanting to reply to an idiot" and "needing to warn users about an insecure wallet".
Look at my post history. After lurking for a long time, I joined to claim the free Ripple XRP, then to tell people about the p2pool LTC stratum that I fixed. (Upgrade to git if you use p2pool LTC. It contains two important fixes for Litecoin miners that caused p2pool-11.2 nodes to lose hashes and a small chance of an orphaned block.) You may notice that I somehow posted to the non-newbie forums without the necessary posts prior to that. Some people want to avoid the forums as much as possible.
Nigga just leave already.
April 03, 2013, 01:36:22 PM
Your arguments would hold more water if you hadnt only posted in this thread and the other ltc wallet thread. Use your brain when shilling, then you may have more credibility.
I am caught between "not wanting to reply to an idiot" and "needing to warn users about an insecure wallet".
Look at my post history. After lurking for a long time, I joined to claim the free Ripple XRP, then to tell people about the p2pool LTC stratum that I fixed. (Upgrade to git if you use p2pool LTC. It contains two important fixes for Litecoin miners that caused p2pool-11.2 nodes to lose hashes and a small chance of an orphaned block.) You may notice that I somehow posted to the non-newbie forums without the necessary posts prior to that. Some people want to avoid the forums as much as possible.
April 03, 2013, 01:11:01 PM
Your arguments would hold more water if you hadnt only posted in this thread and the other ltc wallet thread. Use your brain when shilling, then you may have more credibility.
April 03, 2013, 11:45:07 AM
You made a bad guess. I haven't even used that other app yet. It will have performance problems until the network has upgraded to Litecoin-0.8 because 0.6.3 lacks Bloom filtering. Plus, how the heck would I be "shilling" for the other wallet? There is no profit to be made for anyone. This is all Open Source.
Seriously, read the InstaWallet thread to see why this particular wallet approach is quite bad. They're shutting it down and it is not coming back in its current form because it is impossible to operate in a secure way.
https://bitcointalksearch.org/topic/m.1732097
http://notice.instawallet.org/
Seriously, read the InstaWallet thread to see why this particular wallet approach is quite bad. They're shutting it down and it is not coming back in its current form because it is impossible to operate in a secure way.
https://bitcointalksearch.org/topic/m.1732097
http://notice.instawallet.org/
Quote
INSTAWALLET SERVICE NOTICE
The Instawallet service is suspended indefinitely until we are able to develop an alternative architecture.
Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is.
In the next few days we are going to open the claim process for Instawallet balance holders to claim the funds they had stored before the service interruption.
Important information on claims submission:
For the first 90 days we will accept claims for individual Instawallets. Your wallet's URL and key will be used to pre-populate a form to file the claim.
After 90 days, if no other claim has been received for the same url, your Instawallet balance under 50 BTC will be refunded. If several claims have been filed for the same url, we will process those claims on a case by case basis, under the presumption that the claim we received first belongs to the legitimate balance holder.
Claims for wallets that hold a balance greater than 50 BTC will be processed on a case by case and best efforts basis.
The Instawallet service is suspended indefinitely until we are able to develop an alternative architecture.
Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is.
In the next few days we are going to open the claim process for Instawallet balance holders to claim the funds they had stored before the service interruption.
Important information on claims submission:
For the first 90 days we will accept claims for individual Instawallets. Your wallet's URL and key will be used to pre-populate a form to file the claim.
After 90 days, if no other claim has been received for the same url, your Instawallet balance under 50 BTC will be refunded. If several claims have been filed for the same url, we will process those claims on a case by case basis, under the presumption that the claim we received first belongs to the legitimate balance holder.
Claims for wallets that hold a balance greater than 50 BTC will be processed on a case by case and best efforts basis.
April 02, 2013, 08:40:30 PM
Self promoting shill that you are, I will now seek out the app you are promoting and give you bad ratings just because you are being a douche.
April 02, 2013, 08:33:25 PM
https://bitcointalk.org/index.php?topic=159673.0;all
http://www.adaptiveglass.com/?p=656
This is the type of InstaWallet that this app relies upon as a server.
This is hardly a sufficient Disclaimer warning users of the risk of using your wallet.
https://bitcointalksearch.org/topic/instawalletbitcoin-central-security-breach-164143
Instawallet/Bitcoin-Central Security Breach ... major exchange is down, same company that owns the InstaWallet.
http://www.adaptiveglass.com/?p=656
This is the type of InstaWallet that this app relies upon as a server.
Quote
Disclaimer
There are bugs, this isn't the actual release. If you lose anything, LTC, Vault Key, not my fault.
There are bugs, this isn't the actual release. If you lose anything, LTC, Vault Key, not my fault.
This is hardly a sufficient Disclaimer warning users of the risk of using your wallet.
https://bitcointalksearch.org/topic/instawalletbitcoin-central-security-breach-164143
Instawallet/Bitcoin-Central Security Breach ... major exchange is down, same company that owns the InstaWallet.
April 01, 2013, 04:34:50 PM
Well I will believe what is apparent, you appear to be a shill. Why else would you create an account just to post on this thread.
April 01, 2013, 04:06:21 PM
Believe whatever you want. Users are fools to trust giving control of their private keys to anyone else when they don't need to.
That other wallet does not require downloading the entire blockchain. It is a SPV client.
That other wallet does not require downloading the entire blockchain. It is a SPV client.
April 01, 2013, 04:01:08 AM
(I'm not sure why I'm bothering to post to this thread when it is clear that you are entirely missing the point. I only want to provide needed warning to your app users, since you are not adequately warning them about the full extent of risks.)
This does appear to be either advertising for the other wallet, which is silly since some people may prefer a lite client that does not require the blockchain download. Its a different product, what do you wish to accomplish here beyond taking your 12 post account and shoving your opinions into this thread in an attempt to push the other app because I cannot see another reason to pursue this past the initial warning you "issued". This would also lead me to believe that you helped make the other app and if you did not why do you wish to cast the other author in a bad light.
April 01, 2013, 01:19:31 AM
(I'm not sure why I'm bothering to post to this thread when it is clear that you are entirely missing the point. I only want to provide needed warning to your app users, since you are not adequately warning them about the full extent of risks.)
Does putting everything in () mean youe talking to yourself. There's a disclaimer, not enough for you? Then leave.
April 01, 2013, 01:12:17 AM
(I'm not sure why I'm bothering to post to this thread when it is clear that you are entirely missing the point. I only want to provide needed warning to your app users, since you are not adequately warning them about the full extent of risks.)
April 01, 2013, 01:02:48 AM
OK, assuming there are no flaws in that implementation that's better than I expected.
Folks should understand that they are trusting not only the operators of the server are honest, but there is also risk that funds may be stolen if the server were to be compromised. Folks may be interested in the Android SPV-based client thread where the client does not rely at all upon any server. Security of your funds depends entirely on you to keep your phone secure, and to make safe backups to prevent irrevocable losses of funds.
Folks should understand that they are trusting not only the operators of the server are honest, but there is also risk that funds may be stolen if the server were to be compromised. Folks may be interested in the Android SPV-based client thread where the client does not rely at all upon any server. Security of your funds depends entirely on you to keep your phone secure, and to make safe backups to prevent irrevocable losses of funds.
Indeed, the server the insta wallet is hosted on is backed up 4 times a day on different servers.
April 01, 2013, 12:55:22 AM
OK, assuming there are no flaws in that implementation that's better than I expected.
Folks should understand that they are trusting not only the operators of the server are honest, but there is also risk that funds may be stolen if the server were to be compromised. Folks may be interested in the Android SPV-based client thread where the client does not rely at all upon any server. Security of your funds depends entirely on you to keep your phone secure and to make safe backups of your own data to prevent irrevocable losses of funds.
EDIT: April 4th, 2013
I personally wouldn't trust the SPV wallet app to large quantities of real money yet. It does seem to work, as it is based upon the well known bitcoinj and Bitcoin Wallet for Android. It does have the benefit of being more secure in keeping private keys on the local device. Yet I would personally wait for more testing before trusting it with larger amounts of real money.
Folks should understand that they are trusting not only the operators of the server are honest, but there is also risk that funds may be stolen if the server were to be compromised. Folks may be interested in the Android SPV-based client thread where the client does not rely at all upon any server. Security of your funds depends entirely on you to keep your phone secure and to make safe backups of your own data to prevent irrevocable losses of funds.
EDIT: April 4th, 2013
I personally wouldn't trust the SPV wallet app to large quantities of real money yet. It does seem to work, as it is based upon the well known bitcoinj and Bitcoin Wallet for Android. It does have the benefit of being more secure in keeping private keys on the local device. Yet I would personally wait for more testing before trusting it with larger amounts of real money.
April 01, 2013, 12:17:20 AM
Simran, are you adequately warning users that Instawallet and this Android wallet effectively has no security? You not only trust your private keys to the server, but also you are trusting that nobody gets your secret URL.
Does your app at least connect to the server with SSL?
Does your app at least connect to the server with SSL?
You can add a password to the secret URL, so if anyone gets it they'd need the password.
SSL indeed.
Jump to: