Pages:
Author

Topic: [ANN] Coinapult - send Bitcoin over email or SMS in seconds - page 3. (Read 10316 times)

hero member
Activity: 533
Merit: 501
Sorry to be a downer, but it is pretty easy to send someone bitcoins in email.

Go to https://www.bitaddress.org/
and generate an address. Fund it with whatever you want, and send the private key to the recipient.

If a year rolls by and the person never uses the bitcoin, they can be "reclaimed" by just importing the PK into your wallet.

Be sure to tell them that you will do that otherwise you might get an angry email.
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
a confirmation email sent to the from address would also be a nice feature

For what purpose? As far as I can tell, the only reason the from address is needed at all is so that the person receiving the email has a chance of recognising the sender and not deleting the email on sight (after all, the email does look suspiciously like some sort of weird scam).
legendary
Activity: 1372
Merit: 1008
1davout
Not to hijhack this thread but...

a confirmation email sent to the from address would also be a nice feature
We have on Paytunia Wink
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
Q: Do you support sending PGP/GPG - encrypted emails ?
mem
hero member
Activity: 644
Merit: 501
Herp Derp PTY LTD
a confirmation email sent to the from address would also be a nice feature
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
A few usability pointers regarding the email messages (keeping in mind that they will be read by people who may not have heard of Bitcoin before):

Your from field should read: "Coinapult"
It is very important that you format your from field like this.

Your subject line should read something like: $sender has sent you some bitcoins!
Since the whole point of Coinapult is to send bitcoins to people who don't know what Bitcoin is, and by extension would have no idea what Coinapult is, saying "You've been hit with the Coinapult" does not convey any useful information, and would most likely be interpreted as spam due to the weirdness of it.

The body of the email should:
* Start out by saying $sender has sent you $amount bitcoins using Coinapult.
* Then explain what bitcoins are, in the simplest terms possible (but no simpler).
* Explain that if they don't already have a bitcoin wallet, they'll need to either download a bitcoin client or sign up for an online wallet service; and provide instructions for doing so.
* Then provide the link to claim the bitcoins.
* Provide an assurance that no fee is required to receive the bitcoins and that no personal information will be requested at any time. (Otherwise most people will see it as yet another "Get free money now! After paying a large transaction fee upfront" scam)
* Inform them that if the bitcoins are not claimed within 30 days they will be refunded to the sender.
* Then finally put the sender's message.

8.) Security.  SMTP messages are transferred clear text.  That means that if your service starts becoming popular that there is then an economic incentive for a sysadmin at the ISP or at the e-mail hosting service or somewhere between Coinapult and the recipient to heist the coins.  By simply adding a filter, every message that comes from Coinapult gets special attention by the scammer who redeems the coins, never with even a slight chance of getting caught.

E-mail is just not a secure method for transmitting essentially what is a negotiable bearer instrument  (the URL to claim the money).  This would be the same risk that exists when sending Mt. Gox Redeemable Voucher codes thorough e-mail, which is not recommended either.
Yes, this is an issue (and an extremely serious one), but judging by the number of companies (including banks Shocked) that send passwords and other sensitive data in plaintext email, and the fact that almost nobody uses or has even heard about PGP, I'm forced to conclude that nobody actually cares about security in the slightest, even if their money is at stake. The only difference here is that bitcoins are anonymous, so now people can steal your money with virtually no chance of being caught. I don't know what to suggest either (apart from lamenting the typical person's apathetic attitude towards email security).
legendary
Activity: 1372
Merit: 1008
1davout
Just for the record : Paytunia.com has this exact feature, upon reception users may create a Paytunia account, or provide an arbitrary address to claim their funds. If the funds aren't claimed they get automatically refunded to the sender.

Also you should remove the 's' from 'fantastiques' Wink I do really like your design!
legendary
Activity: 2506
Merit: 1010
Pretty decent ... a few usability issues, and a concern regarding security.

1.) When sending I see the "Load Bitcoins Here" dialog,  
The message states "Once the Bitcoins are received, the Catapult will launch." and I see a link to Close.
As a first-time user, I wasn't sure what "Catapult will launch" means.   If I were thinking this were like a game, I might be watching the graphic of the catapult waiting for it to sling the scoop of gold (bitcoins?).  
Of course, what it really means to say is that Once the Bitcoins are received the Catapult will send a message to: "[email protected]".
That's what is meant by "catapult will launch".  
So perhaps if there were some way to let the user know that after the coins are sent what to do next.  (i.e., Click Close after you've sent the bitcoins).

2.) The message ended up getting flagged as spam by Google's Postini.
X-pstn-levels:     (S: 0.01365/97.07104 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
You might want to look into DKIM (and /  or SPF) to help lessen the chances that the message goes into the spam box.
Would there maybe after a few days a message to the "from:" e-mail address notifying that the funds hadn't been retrieved and offer the abiliity to get them back?

3.) When trying to retrieve the bitcoins, the first time I only had two confirmations I believe.  When I went to spend it it had said
"This transaction is still unconfirmed. Please wait 10 or 15 minutes and try again.".    

Firstly, what is the number of confirmations the site requires?   It appeared that after three I could then "retrieve the payload".

At the time the page is being rendered, wouldn't the state of being confirmed be known and thus it could tell me before I even enter the Send To address that I just need to hold on for a bit?

Additionally after that error message, I got another "Retrieve Payload" page, except this one asked for "Target (email address)" and also "Secret Location".  If I'm redeeming funds, I wouldn't be sending it to an email address.  Additionally, the e-mail sent to me to claim the funds never describes what 'Secret Location" is.  Of course, that's what is in the URL, but that isn't described in English in the message.

5.) When I entered the Send To address it had a trailing space in what I had copied and pasted and as a result there was an error message. The form validation could  do a trim() to help eliminate this from resulting in an error.

6.) On a later attempt, after there were three confirmations I then went to retrieve the payload.  It was a trivially small amount, like under 0.003 BTC.  When I hit the Send button the response said "Insufficient Funds."  I entered the exact amount that I had sent earliery.  I tried a second time same thing.  I then tried with 0.00001 BTC and it went through fine.  I tried another time, less than the full balance, and it too went through.  The third time I spend the remaining amout and it too went through.   So the entire amount couldn't be sent but breaking it up and sending portions, even though they added up to the same as the original number, were able to go through.

I presumed that the message was saying that as recipient I was trying to spend more than I had available.  Perhaps instead the "Insufficient Funds" message refers to the service's wallet itself not being able to send because it has insufficient funds?

7.) Consistency.  Am I retrieveing bitcoins or recovering bitcoins?   Both terms are used.

8.) Security.  SMTP messages are transferred clear text.  That means that if your service starts becoming popular that there is then an economic incentive for a sysadmin at the ISP or at the e-mail hosting service or somewhere between Coinapult and the recipient to heist the coins.  By simply adding a filter, every message that comes from Coinapult gets special attention by the scammer who redeems the coins, never with even a slight chance of getting caught.

E-mail is just not a secure method for transmitting essentially what is a negotiable bearer instrument  (the URL to claim the money).  This would be the same risk that exists when sending Mt. Gox Redeemable Voucher codes thorough e-mail, which is not recommended either.
sr. member
Activity: 316
Merit: 250
Got the catapult, thanks! Transaction was initiated immediately after pressing send, no delays.

NP, and fyi, there are no fees for using the coinapult site. For applications wishing to use the API, we charge 1% to help cover the cost of operations.

I have 0.4btc left to give away to the next 4 PMs. Smiley
legendary
Activity: 1288
Merit: 1227
Away on an extended break
Got the catapult, thanks! Transaction was initiated immediately after pressing send, no delays.
sr. member
Activity: 316
Merit: 250
I just tried deliberately claiming coins with an invalid bitcoin address, and got this unhelpful error message:
Quote
This transaction is still unconfirmed. Please wait 10 or 15 minutes and try again.
Target (email address): ________
Secret Location: ________
To recover your bitcoins, simply enter your email address and top secret key.
Which implies the system successfully broadcast the bogus transaction! Shocked Fortunately, the coins didn't just disappear, and I was able to later claim the coins with a valid address, but there should really be server-side validation of bitcoin addresses, allowing the site to display a more, well, helpful error message, explaining that the bitcoin address the user entered was invalid and that they may have mistyped it, and ask them to re-enter it.

Hmmm, good point. I'll add a more useful error message for this case. As you noted, the transaction was refused; it just gave the wrong reason.
legendary
Activity: 1288
Merit: 1227
Away on an extended break
PM sent! Lemme test the 'catapulting' too.  Grin  Is there any fees associated with this service so far atm?
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
I just tried deliberately claiming coins with an invalid bitcoin address, and got this unhelpful error message:
Quote
This transaction is still unconfirmed. Please wait 10 or 15 minutes and try again.
Target (email address): ________
Secret Location: ________
To recover your bitcoins, simply enter your email address and top secret key.
Which implies the system successfully broadcast the bogus transaction! Shocked Fortunately, the coins didn't just disappear, and I was able to later claim the coins with a valid address, but there should really be server-side validation of bitcoin addresses, allowing the site to display a more, well, helpful error message, explaining that the bitcoin address the user entered was invalid and that they may have mistyped it, and ask them to re-enter it.
sr. member
Activity: 316
Merit: 250
Just sent a couple of catapults flying.. thanks for the site.

A quick question, if a recipient does click on the URL and log into Coinapult to see the funds but does NOT take their Bitcoins do I still get the option to recover the coins in 30 days?

Edit: PM sent Smiley

Bitdime sent.

So long as there are no withdrawals from the payload, it will be refunded.

Example:
slothbag sends grandma 1btc
grandma opens email and follows link, but doesn't understand how to recover the bitcoin
...30 days...
slothbag receives an email with recovery link for 1btc

Example 2:
slothbag sends grandma 1btc
grandma tips the paper boy 0.1btc from her coinapult stash
...30 days...
nothing happens. Grandma has a balance of 0.9btc
sr. member
Activity: 369
Merit: 250
Just sent a couple of catapults flying.. thanks for the site.

A quick question, if a recipient does click on the URL and log into Coinapult to see the funds but does NOT take their Bitcoins do I still get the option to recover the coins in 30 days?

Edit: PM sent Smiley
sr. member
Activity: 316
Merit: 250
Foxpup,

Thanks for sending the example funds back. Smiley

I just ran 100 test transactions through, and each received exactly what it was supposed to. The logs show that the script I threw together to fund my example funded each of these transactions. I shouldn't have tried to be tricky; I just thought it'd make for some fun.

0.8btc left to the next 8 people who PM me an email address!
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
Actually, I only grabbed 2 from the one you posted (1NjnUW4x1zVb3Ar7KEjVeqwnkm16A3qgdb). I somehow managed to grab 3 from the real request I sent (1EKnsRCiGtbocnK4vNR7ZUtevTXeNgDMqZ). That is a bug. Is it based on the amount? It's actually a coincidence that I picked the same amount as you did. Does everybody who requests 0.1 BTC keep getting coins until the wallet runs dry? Shocked Anyway, can I have an address to refund the 0.3 BTC I accidentally stole?

This is not a bug. When I put the screenshot up, I set a script to automatically refill it as soon as someone recovered the funds. It was supposed to refill 5 times. The fact that it sent to your addresses just means that you were the first few requests to hit that page. This isn't a normal part of the system, I just thought it'd be a fun way for a few people to try a recovery based on my example.

But it isn't just the one you put up. I sent 0.1 BTC to myself (for real), then received 0.1 BTC. So far so good. Then I saw the screenshot, tried it out with a new address, and got another 0.1 BTC. Then all Hell broke lose. I recieved an additional 0.2 BTC in two additional transactions to the first address (the one not related to the one you put up) and another 0.1 BTC to the second address. I also did not click the claim link multiple times, or refresh the claim page, or anthing like that. I just suddenly started getting a bunch of extra coins for no reason. Shocked

If you'd like to send it back to 19c7oXEhBGXp3VD8dimth9yLdtZiGGzoDu, I'll distribute it to the first 4 people to PM me with an email address. As a matter of fact, I'll send 0.1btc to the first 10 people to PM me an email address, provided they all post here whether they received exactly the amount requested. Please, try again, if you think it'll multiple your coin. Prove me wrong. Smiley

Refunded the extra 0.3 BTC I wasn't supposed to get. I've also sent another 0.1 BTC to myself, and have (so far) received exactly 0.1 BTC. Smiley
sr. member
Activity: 316
Merit: 250
SHUT IT DOWN IMMEDIATELY! TAKE THE WALLET OFFLINE AND SHUT IT DOWN! It sending me coins multiple times!

https://blockexplorer.com/address/1EKnsRCiGtbocnK4vNR7ZUtevTXeNgDMqZ
https://blockexplorer.com/address/1NjnUW4x1zVb3Ar7KEjVeqwnkm16A3qgdb

Each of these addresses should have only ONE transaction! There's more unconfirmed transactions on the way! SHUT IT DOWN!

The wallet is empty, but I don't think this is a bug. This is from the example I posted, no? I had it refill, and it looks like you grabbed the first 4. Greedy. :p

Actually, I only grabbed 2 from the one you posted (1NjnUW4x1zVb3Ar7KEjVeqwnkm16A3qgdb). I somehow managed to grab 3 from the real request I sent (1EKnsRCiGtbocnK4vNR7ZUtevTXeNgDMqZ). That is a bug. Is it based on the amount? It's actually a coincidence that I picked the same amount as you did. Does everybody who requests 0.1 BTC keep getting coins until the wallet runs dry? Shocked Anyway, can I have an address to refund the 0.3 BTC I accidentally stole?

This is not a bug. When I put the screenshot up, I set a script to automatically refill it as soon as someone recovered the funds. It was supposed to refill 5 times. The fact that it sent to your addresses just means that you were the first few requests to hit that page. This isn't a normal part of the system, I just thought it'd be a fun way for a few people to try a recovery based on my example.

If you'd like to send it back to 19c7oXEhBGXp3VD8dimth9yLdtZiGGzoDu, I'll distribute it to the first 4 people to PM me with an email address. As a matter of fact, I'll send 0.1btc to the first 10 people to PM me an email address, provided they all post here whether they received exactly the amount requested. Please, try again, if you think it'll multiple your coin. Prove me wrong. Smiley
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
SHUT IT DOWN IMMEDIATELY! TAKE THE WALLET OFFLINE AND SHUT IT DOWN! It sending me coins multiple times!

https://blockexplorer.com/address/1EKnsRCiGtbocnK4vNR7ZUtevTXeNgDMqZ
https://blockexplorer.com/address/1NjnUW4x1zVb3Ar7KEjVeqwnkm16A3qgdb

Each of these addresses should have only ONE transaction! There's more unconfirmed transactions on the way! SHUT IT DOWN!

The wallet is empty, but I don't think this is a bug. This is from the example I posted, no? I had it refill, and it looks like you grabbed the first 4. Greedy. :p

Actually, I only grabbed 2 from the one you posted (1NjnUW4x1zVb3Ar7KEjVeqwnkm16A3qgdb). I somehow managed to grab 3 from the real request I sent (1EKnsRCiGtbocnK4vNR7ZUtevTXeNgDMqZ). That is a bug. Is it based on the amount? It's actually a coincidence that I picked the same amount as you did. Does everybody who requests 0.1 BTC keep getting coins until the wallet runs dry? Shocked Anyway, can I have an address to refund the 0.3 BTC I accidentally stole?
sr. member
Activity: 316
Merit: 250
SHUT IT DOWN IMMEDIATELY! TAKE THE WALLET OFFLINE AND SHUT IT DOWN! It sending me coins multiple times!

https://blockexplorer.com/address/1EKnsRCiGtbocnK4vNR7ZUtevTXeNgDMqZ
https://blockexplorer.com/address/1NjnUW4x1zVb3Ar7KEjVeqwnkm16A3qgdb

Each of these addresses should have only ONE transaction! There's more unconfirmed transactions on the way! SHUT IT DOWN!

The wallet is empty, but I don't think this is a bug. This is from the example I posted, no? I had it refill, and it looks like you grabbed the first 4. Greedy. :p
Pages:
Jump to: