Suggest people try this with a small amount of coin first. I withdrew a little over 0.05 and the transaction never completed. Yes, I verified the receiving address first. My coin is gone unless it is somehow still processing over a day later.
The biggest problem I have with this is the lack of SSL. The explanation from the site FAQ:
Can you make your site SSL?
The certificate system is broken and only provides a false sense of security. Go access the site over Tor. The Tor exit node can only know your token and your withdrawals (which are public knowledge in the blockchain), they have no way to know your deposits.
The problem I have with this is that, yes, I know SSL is broken, but it SSL still prevents the casual attacker from lifting my authentication code or cookie. I trust most Tor exit nodes like I trust most coffee shops with free wifi. Maybe less. Indeed, Tor will tell you to use SSL on top of Tor to prevent this casual leakage of information.
Having captured my token, the Tor exit node owner can withdraw my coin to its own wallet and I'd have no clue where it went. That's a significantly bigger issue than the casual way this is discussed. While I'd be willing to use this for smallish one-time transactions, assuming the withdrawal gets fixed, I wouldn't want to deposit coin for long term with such a security mechanism.
Put SSL on this site. I don't care if it is a self-generated certificate, in fact that is probably better since I can install it when I'm on a trusted connection and then have authenticity while I'm on an untrusted location.
Let me know when you fix the withdrawal and add SSL. The interest bearing nature of this as a wallet service is appealing.
