Pages:
Author

Topic: Bitcoin URI Protocol Scheme (Read 410 times)

legendary
Activity: 2730
Merit: 7065
December 01, 2021, 04:01:39 AM
#28
Bump
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
September 24, 2021, 04:17:00 AM
#27
<…>
That was the intent on the scam modal screen use on bitcoin.org (see Newbies, please be aware that Bitcoin.org is compromised! ): Click (amount button) & easily pay a fixed sum of 10$, 100$, 1000$ or 10000$ in BTC, or alternatively enter a custom amount. The odd looking BTC amount corresponds to the BTC equivalent of 100$ at the time.

Note: The URI modal was accessible yesterday on archive.org, but it isn’t today. It is though at https[colon]//archive[dot]ph/ERUpl (beware: scam modal screen).
legendary
Activity: 2730
Merit: 7065
September 24, 2021, 03:04:59 AM
#26
How exactly does the scam work? Is it one of those you pay X amount to receive XX back type of scams? I am asking because I see the amount of 0.0022883 BTC in your code. Why that amount? I would think it would be in the scammer's best interests to have the victim send as much as possible and not a predetermined sum. Or maybe they created several of these URI's to make it easier for their victims to fill out the needed transaction details with just one click.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
September 23, 2021, 05:16:54 AM
#25
This is actually the format that the scammers were using on bitcoin.org’s doubler pop-up scam. Clicking on the chosen amount’s button would modify the amount parameter, making it easier for the transfer to be initiated (providing your software is set-up to process URI). Scamming made easier, at the click of your mouse ...

i.e. code taken from their pop-up’s generated URI:
Code:
bitcoin:1NgoFwgsfZ19RrCUhTmmuLpmdek45nRd5N?amount=0.0022883
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
September 23, 2021, 04:34:29 AM
#24
Now we have two people claiming it works and one who says it doesn't. I will just wait for the next reply from someone who is interested in checking before I put it back on the list. Like in sports, let's see if the result will be 3:1 or a draw after all.  
There is no need for this Smiley Here is the intent filter from the AndroidManifest.xml page which confirms that blockchain wallet app does accept the bitcoin URI sheme:

Code:
           
                


                


                
                
            
source
This is the beauty of open source!

Part of source code you shown only proof that Blockchain.com wallet accept the bitcoin URI scheme. But it doesn't proof that the wallet support message field correctly.
legendary
Activity: 2730
Merit: 7065
September 23, 2021, 03:39:43 AM
#23
I wish I knew how to read that code, unfortunately, I don't.
The data android:scheme="bitcoin" part of it is the only thing that looks like it's pointing towards the wallet supporting the URI scheme. But I will take your word for it and put the Blockchain.com wallet back on the list.

Thanks for checking it out.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
September 22, 2021, 06:12:42 PM
#22
Thanks Pmalek for bumping this thread.

Now we have two people claiming it works and one who says it doesn't. I will just wait for the next reply from someone who is interested in checking before I put it back on the list. Like in sports, let's see if the result will be 3:1 or a draw after all.  
There is no need for this Smiley Here is the intent filter from the AndroidManifest.xml page which confirms that blockchain wallet app does accept the bitcoin URI sheme:

Code:
           
                


                


                
                
            
source
This is the beauty of open source!
legendary
Activity: 2730
Merit: 7065
September 04, 2021, 01:39:46 AM
#21
And, the URI scheme works with the Blockcain.com wallet so you can put it back on the list.
Now we have two people claiming it works and one who says it doesn't. I will just wait for the next reply from someone who is interested in checking before I put it back on the list. Like in sports, let's see if the result will be 3:1 or a draw after all. 

BlueWallet also works (obviously, mainnet wallet only, not LN), so you can add it as well.
BlueWallet has been added. Thanks for the tip.
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino
September 03, 2021, 04:19:52 AM
#20
The obvious question to ask now is, does the blockchain wallet have a comments field while sending crypto? If it doesn't, maybe that's why the first links isn't recognized by the app.  

Yes, it does. And, the URI scheme works with the Blockcain.com wallet so you can put it back on the list.

BlueWallet also works (obviously, mainnet wallet only, not LN), so you can add it as well.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
September 03, 2021, 04:05:12 AM
#19
Weird! I just realized that the warning message appears only when I click on the second link! Maybe it has something to do with the comment part at the end of the link!
The difference between the first and second link is in the amounts and the added comment. The first one has a "Payment to Pmalek" comment while the second one has no comment at all. The obvious question to ask now is, does the blockchain wallet have a comments field while sending crypto? If it doesn't, maybe that's why the first links isn't recognized by the app.   

Even if the wallet doesn't support adding message/note to a transaction, the wallet could simply ignore the message on URI. It basically means Blockchain wallet made a bug when implementing BIP 21.
legendary
Activity: 2730
Merit: 7065
September 03, 2021, 03:40:33 AM
#18
Weird! I just realized that the warning message appears only when I click on the second link! Maybe it has something to do with the comment part at the end of the link!
The difference between the first and second link is in the amounts and the added comment. The first one has a "Payment to Pmalek" comment while the second one has no comment at all. The obvious question to ask now is, does the blockchain wallet have a comments field while sending crypto? If it doesn't, maybe that's why the first links isn't recognized by the app.   
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
September 02, 2021, 03:57:39 PM
#17
...
Weird! I just realized that the warning message appears only when I click on the second link! Maybe it has something to do with the comment part at the end of the link!

Since the app appears on the open with list, it means it supports that URI scheme. Try clicking the second link, blockchain will open the main page but you will see a small warning text in red at the bottom (it disappears quickly).

edit: here is how it looks like:
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
September 02, 2021, 03:32:36 PM
#16
Thanks for testing that. I wonder why it doesn't work on blockchain. I am sure I remembered correctly that it used to work even with blockchain's wallet.
Blockchain wallet app supports URIs and here is a screenshot from my mobile after clicking one of the links from OP:

If the blockchain wallet is empty, it won't open the send tab and fill up the fields. It will briefly display an error message stating that you don't have enough balance.
I suupose this is why bL4nkcode thought it doesn't support URIs.

btw, you can add bitpay to the list.
What actually happens is after I click the URI link actually blockchain.com app shows in the list just like the screenshot but after selecting blockchain.com app, nothing happens, it just open the app, though I don't have a balance but there's nothing message shows that I don't have enough balance or what, unlike on mycelium, electrum, and trustwallet even there's no balance on the wallet it still go to the sending page with the details provided on the URI.
But maybe I'm using a bit outdated blockchain app that's why.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
September 02, 2021, 03:27:27 PM
#15
Thanks for testing that. I wonder why it doesn't work on blockchain. I am sure I remembered correctly that it used to work even with blockchain's wallet.
Blockchain wallet app supports URIs and here is a screenshot from my mobile after clicking on one of the links from OP:

If the blockchain wallet is empty, it won't open the send tab and fill up the fields. It will briefly display an error message stating that you don't have enough balance.
I suppose bL4nkcode didn't notice the warning message and assumed it doesn't support URIs.

legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
September 02, 2021, 05:48:55 AM
#14
I will add Trust Wallet and Coinomi to the list of wallets that support the URI Protocol Scheme and I will remove Blockchain.
If anyone else knows any other good wallets where it works, feel free to mention it. But please test it before you do, so we can avoid spreading misinformation.
Trustwallet and Coinomi are both close source wallets, I think if you will have to include close source wallet, it has to be indicated, although you can do it as you which but just the way I think it should be. Close source wallets are the worst wallet that could be use as an attack in the future, this is the reason I do not even like mentioning close such wallets at all.
legendary
Activity: 2730
Merit: 7065
September 02, 2021, 04:48:34 AM
#13
Btw I have tried the URI on blockchain.com mobile wallet but it wont work while it actually fine when using with trust wallet, electrum and coinomi, both mobile wallets.
Thanks for testing that. I wonder why it doesn't work on blockchain. I am sure I remembered correctly that it used to work even with blockchain's wallet.

I will add Trust Wallet and Coinomi to the list of wallets that support the URI Protocol Scheme and I will remove Blockchain.
If anyone else knows any other good wallets where it works, feel free to mention it. But please test it before you do, so we can avoid spreading misinformation.
legendary
Activity: 3472
Merit: 10611
September 01, 2021, 11:01:03 PM
#12
First of all, it damages the privacy of both senders, who use the link, and the receiver, who posted it, it encourages a bad practice, which is address reuse. It is good for a one-time payment but doesn't work for donations.
No it does not. This scheme is simply giving an option to turn the address string into a clickable link. For example when you go to a merchant's website and they create a new address for you to pay they represent you with the string which you have to copy and then paste in your wallet. Then you have to do the same with the amount (since it is never a round number, something like 0.00167894).
Using this scheme you simply click the link and the appropriate fields in your wallet will be filled which you can double check later.

Same with donations, the address is already being reused for donations. This way you simplify the donating process a bit.

Quote
Secondly, not all wallets are supporting this kind of link, which may confuse inexperienced users and force them to try different wallets or options.
Not a big deal because when they click it and nothing happens they can simply copy the address and manually handle payment.
For example the merchant's website can have a little tooltip telling them their wallet may not support this but the URI is the "easy way" and otherwise to copy the information themselves.

Quote
A nefarious actor can easily hide a link to malicious software or phishing website behind what will look like a normal bitcoin URI.
Someone dealing with a "nefarious actor" is in a lot more danger than clicking a fake link!

Quote
Also, a hacker can simply change the posted address with his own using hyperlinks, and no one will ever notice.
I'm not sure if this is possible because for example all the example links you see in OP are protected by bitcointalk's SSL encryption and can not be changed by a MITM attack. And unless the user has a malware on their own system I don't see how else the address could change and if they do have a malware they have more things to worry about.
However there is still BIP-70, BIP-71 and BIP-72 describing solutions to the problem you are talking about.
staff
Activity: 3304
Merit: 4115
September 01, 2021, 05:05:28 PM
#11
Also, a hacker can simply change the posted address with his own using hyperlinks, and no one will ever notice. It may well be I am exaggerating and there is no issue at all with these URIs but when it comes to newbies and all the ways they could be deceived it is impossible to foresee all outcomes.
While this is true, if the hacker has got access to change that address, they likely have the capability of tricking someone to send to their address through other means too. I don't think there's a particularly higher risk of address changing just because it's a hyperlink. Okay, theoretically is does have more attack vectors based on being public, and therefore potentially someone could compromise either the user or the forum, and change the address instead of just compromising the user, but the risk of that would be relatively low. Especially, for low level targets. This would be more appropriate for theymos, satoshi, and various other high level users on the forum.

It may well be I am exaggerating and there is no issue at all with these URIs but when it comes to newbies and all the ways they could be deceived it is impossible to foresee all outcomes.
Nope, this is just something that the majority of people ignore, especially when it comes to teaching people about a new thing. My general advice should be; teach everyone to the standard expected, and from a learners perspective learn from the start how you intend to carry on. So, for lack of good phrasing there; learn good protocols at the start, and then you don't have to deviate, and learn more things in the future, which would potentially increase the complexity due to mixing different methods up.

If you are taught to check the Bitcoin address three times, and unless there's a significantly better approach available, that you wasn't aware of at the time of learning, then you should continue doing so. I don't think it's a good idea to teach people about URLS unless they have a specific use for that, otherwise they'll like it because it's pretty gimmicky, and then they'll use that everywhere which wouldn't be appropriate.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
September 01, 2021, 12:50:47 PM
#10
Btw I have tried the URI on blockchain.com mobile wallet but it wont work while it actually fine when using with trust wallet, electrum and coinomi, both mobile wallets.

Also, it doesn't work on wallets that didn't support wallet address such the both segwit format address, which is obviously the case.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
September 01, 2021, 04:47:22 AM
#9
Good point and it got me thinking about the same thing as well. I am really not sure whether a clipboard hijacker would be able to change the address if you just clicked on it and it automatically filled up the payment details as is the case with this URI scheme. Does anyone know for sure?
So far the URL will still necessarily fill in the appropriate space that should have been filled manually, this will not be resistant against clipboard malware in my opinion. Just as you commented, anytime someone want to transfer bitcoin to another address, the person should check and recheck the address before sending.
Pages:
Jump to: