Pages:
Author

Topic: AndLTC-Wallet v1.1(Android LTC Wallet backend by Insta Wallet) | PlayStore (Read 2863 times)

sr. member
Activity: 263
Merit: 250
InstaWallet's have a right to exist.  Users have the right to know the actual risk involved to make an informed decision if they want to use it or not.
hero member
Activity: 742
Merit: 500
Its as easy as 0, 1, 1, 2, 3
Where is smoothie, this has got to escalate?
sr. member
Activity: 263
Merit: 250
Quote
warren, ??@?
Simran: You are endangering users and being very irresponsible with that app
Simran: and no, I will not back down.
okay
I really give a shit lol
JUST KIDDING
Simran: I'm willing to delete all the criticism if you add a big warning at startup telling users of the real risk
Your criticism doesn't mean shit to me
OK,  you're welcome to do reckless and irresponsible things, and I'm entitled to call you out on it.
Simran: the alternative is to realize what you are doing is a bad idea and stop.
warren, that's fine, I'm not stressin' it
I reject your suggestion, sorry.
ok.
https://play.google.com/store/apps/details?id=com.simran.andltcwallet  Hey folks, I recommend reading about the InstaWallet situation and making your own decision.
Cheesy
In fact, I thank you for commenting on my thread
got me more downloads and donations
Really appreciate it, nigga.
Simran: I'm glad how copying an open source app, barely understanding it and inducing people to put their real money into it shows people how smart you are.

Readers can judge for themselves if it is a good idea to trust this person.
hero member
Activity: 714
Merit: 500
https://bitcointalksearch.org/topic/m.1744168
See here for yet another reason why nobody should trust InstaWallet and any app that relies upon it.

You do not adequately warn your users of the risk of relying on a server to protect their funds.  Even if you trust the server operator to not steal the funds, it is dangerous to assume that the server can remain secure forever.

Quote
(Not sure when “upgrading” the app if the Vault Key is saved)

Seriously?  I'm amazed how little you actually bothered to understand and test this code that somebody else wrote.  You would seriously put an app on the Google Play Store that handles people's actual money when you don't know if they will lose their vault key on upgrade?

This is reckless and irresponsible.

Oh I forgot, it does LOL, let me remove that. Added new Disclaimer too! Wink
hero member
Activity: 742
Merit: 500
Its as easy as 0, 1, 1, 2, 3
https://bitcointalksearch.org/topic/m.1744168
See here for yet another reason why nobody should trust InstaWallet and any app that relies upon it.

You do not adequately warn your users of the risk of relying on a server to protect their funds.  Even if you trust the server operator to not steal the funds, it is dangerous to assume that the server can remain secure forever.

Quote
(Not sure when “upgrading” the app if the Vault Key is saved)

Seriously?  I'm amazed how little you actually bothered to understand and test this code that somebody else wrote.  You would seriously put an app on the Google Play Store that handles people's actual money when you don't know if they will lose their vault key on upgrade?

It is outright irresponsible for this app to exist, especially how carelessly you did it.


sr. member
Activity: 263
Merit: 250
You do not adequately warn your users of the risk of relying on a server to protect their funds.  Even if you trust the server operator to not steal the funds, it is dangerous to assume that the server can remain secure forever.

Quote
(Not sure when “upgrading” the app if the Vault Key is saved)

Seriously?  I'm amazed how little you actually bothered to understand and test this code that somebody else wrote.  You would seriously put an app on the Google Play Store that handles people's actual money when you don't know if they will lose their vault key on upgrade?

This is reckless and irresponsible.
hero member
Activity: 714
Merit: 500
Your arguments would hold more water if you hadnt only posted in this thread and the other ltc wallet thread. Use your brain when shilling, then you may have more credibility.

I am caught between "not wanting to reply to an idiot" and "needing to warn users about an insecure wallet".

Look at my post history.  After lurking for a long time, I joined to claim the free Ripple XRP, then to tell people about the p2pool LTC stratum that I fixed.  (Upgrade to git if you use p2pool LTC.  It contains two important fixes for Litecoin miners that caused p2pool-11.2 nodes to lose hashes and a small chance of an orphaned block.)  You may notice that I somehow posted to the non-newbie forums without the necessary posts prior to that.  Some people want to avoid the forums as much as possible.

Nigga just leave already.
sr. member
Activity: 263
Merit: 250
Your arguments would hold more water if you hadnt only posted in this thread and the other ltc wallet thread. Use your brain when shilling, then you may have more credibility.

I am caught between "not wanting to reply to an idiot" and "needing to warn users about an insecure wallet".

Look at my post history.  After lurking for a long time, I joined to claim the free Ripple XRP, then to tell people about the p2pool LTC stratum that I fixed.  (Upgrade to git if you use p2pool LTC.  It contains two important fixes for Litecoin miners that caused p2pool-11.2 nodes to lose hashes and a small chance of an orphaned block.)  You may notice that I somehow posted to the non-newbie forums without the necessary posts prior to that.  Some people want to avoid the forums as much as possible.
hero member
Activity: 742
Merit: 500
Its as easy as 0, 1, 1, 2, 3
Your arguments would hold more water if you hadnt only posted in this thread and the other ltc wallet thread. Use your brain when shilling, then you may have more credibility.
sr. member
Activity: 263
Merit: 250
You made a bad guess.  I haven't even used that other app yet.  It will have performance problems until the network has upgraded to Litecoin-0.8 because 0.6.3 lacks Bloom filtering.  Plus, how the heck would I be "shilling" for the other wallet?  There is no profit to be made for anyone.  This is all Open Source.

Seriously, read the InstaWallet thread to see why this particular wallet approach is quite bad.  They're shutting it down and it is not coming back in its current form because it is impossible to operate in a secure way.

https://bitcointalksearch.org/topic/m.1732097
http://notice.instawallet.org/

Quote
INSTAWALLET SERVICE NOTICE

The Instawallet service is suspended indefinitely until we are able to develop an alternative architecture.

Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is.

In the next few days we are going to open the claim process for Instawallet balance holders to claim the funds they had stored before the service interruption.

Important information on claims submission:

For the first 90 days we will accept claims for individual Instawallets. Your wallet's URL and key will be used to pre-populate a form to file the claim.
After 90 days, if no other claim has been received for the same url, your Instawallet balance under 50 BTC will be refunded. If several claims have been filed for the same url, we will process those claims on a case by case basis, under the presumption that the claim we received first belongs to the legitimate balance holder.
Claims for wallets that hold a balance greater than 50 BTC will be processed on a case by case and best efforts basis.
hero member
Activity: 742
Merit: 500
Its as easy as 0, 1, 1, 2, 3
Self promoting shill that you are, I will now seek out the app you are promoting and give you bad ratings just because you are being a douche.
sr. member
Activity: 263
Merit: 250
https://bitcointalk.org/index.php?topic=159673.0;all
http://www.adaptiveglass.com/?p=656
This is the type of InstaWallet that this app relies upon as a server.

Quote
Disclaimer
There are bugs, this isn't the actual release. If you lose anything, LTC, Vault Key, not my fault.

This is hardly a sufficient Disclaimer warning users of the risk of using your wallet.

https://bitcointalksearch.org/topic/instawalletbitcoin-central-security-breach-164143
Instawallet/Bitcoin-Central Security Breach ... major exchange is down, same company that owns the InstaWallet.
hero member
Activity: 742
Merit: 500
Its as easy as 0, 1, 1, 2, 3
Well I will believe what is apparent, you appear to be a shill. Why else would you create an account just to post on this thread.
sr. member
Activity: 263
Merit: 250
Believe whatever you want.  Users are fools to trust giving control of their private keys to anyone else when they don't need to.

That other wallet does not require downloading the entire blockchain.  It is a SPV client.
hero member
Activity: 742
Merit: 500
Its as easy as 0, 1, 1, 2, 3
(I'm not sure why I'm bothering to post to this thread when it is clear that you are entirely missing the point.  I only want to provide needed warning to your app users, since you are not adequately warning them about the full extent of risks.)

This does appear to be either advertising for the other wallet, which is silly since some people may prefer a lite client that does not require the blockchain download. Its a different product, what do you wish to accomplish here beyond taking your 12 post account and shoving your opinions into this thread in an attempt to push the other app because I cannot see another reason to pursue this past the initial warning you "issued". This would also lead me to believe that you helped make the other app and if you did not why do you wish to cast the other author in a bad light.
hero member
Activity: 714
Merit: 500
(I'm not sure why I'm bothering to post to this thread when it is clear that you are entirely missing the point.  I only want to provide needed warning to your app users, since you are not adequately warning them about the full extent of risks.)

Does putting everything in () mean youe talking to yourself. There's a disclaimer, not enough for you? Then leave.
sr. member
Activity: 263
Merit: 250
(I'm not sure why I'm bothering to post to this thread when it is clear that you are entirely missing the point.  I only want to provide needed warning to your app users, since you are not adequately warning them about the full extent of risks.)
hero member
Activity: 714
Merit: 500
OK, assuming there are no flaws in that implementation that's better than I expected.

Folks should understand that they are trusting not only the operators of the server are honest, but there is also risk that funds may be stolen if the server were to be compromised.  Folks may be interested in the Android SPV-based client thread where the client does not rely at all upon any server.  Security of your funds depends entirely on you to keep your phone secure, and to make safe backups to prevent irrevocable losses of funds.

Indeed, the server the insta wallet is hosted on is backed up 4 times a day on different servers.
sr. member
Activity: 263
Merit: 250
OK, assuming there are no flaws in that implementation that's better than I expected.

Folks should understand that they are trusting not only the operators of the server are honest, but there is also risk that funds may be stolen if the server were to be compromised.  Folks may be interested in the Android SPV-based client thread where the client does not rely at all upon any server.  Security of your funds depends entirely on you to keep your phone secure and to make safe backups of your own data to prevent irrevocable losses of funds.

EDIT: April 4th, 2013
I personally wouldn't trust the SPV wallet app to large quantities of real money yet.  It does seem to work, as it is based upon the well known bitcoinj and Bitcoin Wallet for Android.  It does have the benefit of being more secure in keeping private keys on the local device.  Yet I would personally wait for more testing before trusting it with larger amounts of real money.
hero member
Activity: 714
Merit: 500
Simran, are you adequately warning users that Instawallet and this Android wallet effectively has no security?  You not only trust your private keys to the server, but also you are trusting that nobody gets your secret URL.

Does your app at least connect to the server with SSL?

You can add a password to the secret URL, so if anyone gets it they'd need the password.

SSL indeed.
Pages:
Jump to: