Pages:
Author

Topic: [ANNOUNCE] TORwallet - anonymous mixing wallet service - page 7. (Read 29609 times)

newbie
Activity: 22
Merit: 0
Form googlemail directly? I can not believe that.. Who in their right mind would do that?

There are other options: "Google Toolbar", Chrome.. but it does not matter.

Google indexes stuff that people publish, it does not do black magic.

Google know about 1560 URLs (by screenshot)
For safety reasons, he showed you only the first 170, but there are other ways to get those links.

But the problem is not in Google. The problem is that even Google can find a lot of URLs.
legendary
Activity: 2126
Merit: 1001
..At least it is true that I couldn't find webpages where the instawallet url would have been written, when google'ing a few of the posted urls..
So I think it may indeed be possible the urls came from somewhere else than posting and indexing.
Form googlemail directly? I can not believe that.. Who in their right mind would do that?

Well, lets try it out, someone with a gmail account mail a fresh instawallet url? If you post the url here afterwards, please skip the last digits or obfuscate it, since google indexes this thread too ;-)

And still: Totally off-topic to torwallet. Maybe let a mod spin off this topic to another thread?

Ente
legendary
Activity: 1372
Merit: 1008
1davout

Assertion 1 :
Your search yields approximately 19 URLs.
There are over 250,000 different wallets at Instawallet.

Assertion 2 :
Google does not magically index hidden wallet URLs.

Make your conclusions.

1) 19 URLs? You have washed your eyes this morning?
{screenshot removed}

2) read - 1


Have a nice day ебанашка.





I meant 19 pages, I find only 17 pages, with 10 links per page it gives 170 wallet URLs, my point still stands.
Google indexes stuff that people publish, it does not do black magic.
sr. member
Activity: 476
Merit: 250
Google indexing links to Instawallet wallets which people voluntarily published online

This is not so
Care to elaborate on that? All this time you're denying everything we say without explanation.

I think he means those links were not published voluntarily but were sent on emails(gmail) and indexed from there.
We already know they read emails to show contextual advertising, why not grab any URL inside and index them?
Even if this is so I don't know how that is relevant. E-mails are plain text so sending such url over e-mail is no more secure than publishing it on a website. So basically this still has nothing to do with torwallet's security but with people's stupidity.
legendary
Activity: 1358
Merit: 1002
Google indexing links to Instawallet wallets which people voluntarily published online

This is not so
Care to elaborate on that? All this time you're denying everything we say without explanation.

I think he means those links were not published voluntarily but were sent on emails(gmail) and indexed from there.
We already know they read emails to show contextual advertising, why not grab any URL inside and index them?
sr. member
Activity: 476
Merit: 250
Google indexing links to Instawallet wallets which people voluntarily published online

This is not so
Care to elaborate on that? All this time you're denying everything we say without explanation.
newbie
Activity: 22
Merit: 0
Google indexing links to Instawallet wallets which people voluntarily published online

This is not so
legendary
Activity: 2126
Merit: 1001
Come on guys, give TorWallet a break, will you?
Google indexing links to Instawallet wallets which people voluntarily published online, for whatever reason they have, has nothing to do with TorWallet.
Are you critizising Instawallet's design? Fine, then don't use it. It is one of the most popular wallets and services in the bitcoin ecosystem nevertheless.

Ente
newbie
Activity: 22
Merit: 0

Assertion 1 :
Your search yields approximately 19 URLs.
There are over 250,000 different wallets at Instawallet.

Assertion 2 :
Google does not magically index hidden wallet URLs.

Make your conclusions.

1) 19 URLs? You have washed your eyes this morning?
http://s019.radikal.ru/i612/1206/08/9cf3ba33337e.png

2) read - 1


Have a nice day ебанашка.
legendary
Activity: 1372
Merit: 1008
1davout
As rjk said, if you keep your url safe (not post it anywhere online) google can't find it.

I gave an example. The right person will understand this.
Assertion 1 :
Your search yields approximately 19 URLs.
There are over 250,000 different wallets at Instawallet.

Assertion 2 :
Google does not magically index hidden wallet URLs.

Make your conclusions.
sr. member
Activity: 476
Merit: 250
As rjk said, if you keep your url safe (not post it anywhere online) google can't find it.

I gave an example. The right person will understand this.

I can also randomly try 1000 different instawallet url-s and publish them on a website, but that doesn't mean any of them are legitimate. Actually, it is a lot more likely you're going to be killed by lightning the second after you read this than it is for any one of those 1000 accounts having any bitcoins on it.
newbie
Activity: 22
Merit: 0
As rjk said, if you keep your url safe (not post it anywhere online) google can't find it.

I gave an example. The right person will understand this.
sr. member
Activity: 269
Merit: 250
We only require 2 confirmations.
How do you protect yourself from what presumably happend with Mybitcoin? Noticeable portion of Bitcoin Network hash power owned by botnets, therefore it is possible to execute the attack without leaving a trail.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Hi, I find this service pretty dubious.

That means that if someone has a copy of your exact URL written down somewhere then they have full control over your account.
Where are they going to get a copy? Are you going to give it away? Protect it!
newbie
Activity: 40
Merit: 0
Hi, I find this service pretty dubious.

That means that if someone has a copy of your exact URL written down somewhere then they have full control over your account.
newbie
Activity: 41
Merit: 0
We'd like to thank Bitcoin Magazine for reviewing our service. Here are a few comments and responses we had on the article.

Quote from: Bitcoin Magazine
While the idea seems convenient at first glance, the effectiveness of this implementation can be called into question. First of all, the representation of TORwallet as an “anonymous mixing bitcoin wallet” is somewhat misleading. One would expect such a wallet to carry out its mixing functionality automatically and behind the scenes, so that user could be comfortable in the knowledge that the “mixing wallet” is doing the mixing for him, but in TORwallet this is not the case. For mixing to take place at all, the user must activate the feature manually by clicking the “mix coins” button and paying the greater of 3% of the amount mixed or 0.5 bitcoins as a fee, making the “mixing” and “wallet” functionalities essentially completely separate. This particular way of implementing the mixing functionality is highly problematic not only because of usability, but also because it limits functionality; what if a user periodically deposits new coins that need to be exchanged for “clean” coins and does not wish to pay a 3% tax on his entire pool of savings every time he does so?

Our wallet will mix your coins even if you never pay the fee, but you will not know if and when your coins have been mixed. When someone clicks the mix button, it draws on all coins in our service, including those from people who have never clicked it. The button is there for those willing to pay a small fee for the immediate certainty that their coins have been mixed.

If you are periodically depositing coins, simply deposit them to a new wallet and mix them. Move them to your old one if you must, but we suggest using a new wallet regularly for greater anonymity anyway.

Quote from: Bitcoin Magazine
The wallet’s security model, a copy of that used by InstaWallet, is also problematic. The strategy of using the URL as the password is highly problematic, since it means that anyone who gets access to your browser can simply look through your history, open up your wallet and drain it within seconds. Accessing the wallet only through a private browsing mode (which the Tor browser bundle does by default) solves this problem, but also creates the problem of having to find a place to store the URL. To prevent attackers from easily finding it with a simple file directory scan, it would have to be stored encrypted, and at that point what you have is simply a more cumbersome version of a proper username/password authentication framework like that used by secure wallets like Blockchain.

We are considering implementing a function where you can password protect the wallet, so that the URL will become a username rather than password.

We also suggest password protecting your computer and using encrypted LVM, TrueCrypt, or BitLocker to prevent anyone untrusted from accessing your computer and browser. This is a general security recommendation for everyone whether you use our service or not.

Quote from: Bitcoin Magazine
Both of TORwallet’s key functions have superior alternatives as separate entities – Bitcoin Fog as a mixing service, as it takes a smaller fee (randomized 1-3%) and a smaller minimum (1.00 BTC withdraw with no fixed fee component), and Blockchain is a stronger wallet. Furthermore, there is even a service which can be described as a mixing wallet done right: Silk Road. The Tor-based black market auction site employs a secure mixing service intended to be safe enough even for users engaged in illegal activities for all bitcoins passing through the system, and includes the send, receive and storage functionality needed to make a basic wallet work.

Our advantage over Bitcoin Fog and Silk Road is our convenience and speed. You can immediately withdraw your coins at any time without the wait. Both other services delay deposits and withdraws for at least a few hours. We only require 2 confirmations. We suggest withdrawing in multiple transactions to different addresses, however users are free to do as they choose. One use case for our service is people sending coins to and from Silk Road, so that rules them out as an option.

Quote from: Bitcoin Magazine
The last problem is that of trust. As we know from the examples of MyBitcoin and Bitscalper, anonymous services whose only function is storing money cannot be trusted simply because the profit that they would earn from running away with everyone’s coins at any point is sufficiently high compared to the profit that they expect to earn in the future by acting honestly that it often is expedient for them to disappear. Deposit accounts can still be trusted; if the provider provides enough information about who they are and where they can be found, the threat of law enforcement will shift the calculus toward honesty, and even some anonymous services can be trustworthy. In the case of Silk Road, for example, users only need to store change in the service for a few days, and the owners have an effective source of fees, the future expectation of which is sufficient to continually entice them to conduct themselves honorably. TORwallet, however, is intended to be a long-term money storage provider, and has chosen to maintain their anonymity, placing them on par with Bitscalper in terms of the level of trust that they presently deserve.

Our users are free to store coins for any term they like, from minutes to years. At this point, it does not seem like knowing the identity of the service owner or being easily traceable has helped anyone recover bitcoins. Both MyBitcoin and Bitscalper would have been easy to track down by law enforcement, however they are not even willing to get involved with thefts of something not legally recognized as currency. What they are certainly willing to expend resources on is tracking people laundering money for any number of reasons.

We also highly value our reputation. We will be launching several new services in the coming months as they are developed.

Quote from: Bitcoin Magazine
The one feature that TORwallet does have over its alternatives is its direct accessibility through Tor as a hidden service, something which no other online Bitcoin wallet (except Silk Road and its ilk) has available. Aside from that advantage, however, the service has a long way to go in terms of implementing a reliable framework of security and trust. One suggestion would be to switch to a Blockchain wallet security model, where the wallet is stored encrypted and all calculations are done client side, and to seamlessly integrate the mixer into the wallet as a deposit mechanism – the wallet would show a deposit address where users can send their funds to, which automatically triggers a mixing service which sends randomly sourced bitcoins to the wallet that the user controls perhaps less a 1-2% fee. This would solve the trust problem and the security problem while making it much more of a true “mixing wallet” at the same time. Abandoning the Instawallet URL-as-password model for something more secure is another necessity. As it stands, however, there are much better alternatives for the functionality that it provides.

Switching to a Blockchain security model would make our service impossible. We rely on having a pool of coins to mix your coins with, the larger that pool is the more difficult it will be to associate incoming and outgoing transactions. Switching to a blockchain model would require us to buy far more coins than we can afford to in order to increase pool size.
sr. member
Activity: 476
Merit: 250

As rjk said, if you keep your url safe (not post it anywhere online) google can't find it.
sr. member
Activity: 294
Merit: 250
Bitcoin today is what the internet was in 1998.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh

I don't understand what you're trying to say. When you visit a site over https the url is encrypted, no one can see what it is.
And there's no way Google can crawl it unless you post a link somewhere.
Pages:
Jump to: