Hi everybody,
Some time ago I released a node.js online bot for buying/selling BTC when price changes.
As I received good (and bad) feedback, I'm currently working to build a better bot for the "trust no-one" kind of traders.
I'm one of those guys
I'd never give my api keys away to someone else.
This time I can't distribute the source-code ( this is not negotiable
) .
Therefore the topic becomes not trivial. I know its not feasible to get a full-trust without seeing the code, but yet
optimising the trust-level between this boundaries is a mind-challenging problem.
I don't want you to trust me, I just want you to feel safe-enough to use the application. Here is what I have now
- Anonymous : no registration needed whatsoever.
- Offline : you need to download an application that runs locally .You will never give me your API keys, they will be stored locally on your machine.
- It comes with a firewall : for the paranoid guys, I'm distributing the application with a third-party firewall (ipchains script, little snitch, etc) , pre-configured to block all outgoing connections of my application towards websites different from mtgox,btc-e, and others.
- Community tested: I'm currently recruiting beta-testers from the community. I give access to the source-code. (Get in touch if you want to be one of them - PM me). I will let them perform network traffic test to see how the traffic is only directed to mtgox.
- Gox API v2 : uses the new and better-designed version of mtgox APIs to minimize risks related to resource saturation.
- I'm considering getting some other sort of certifications. http://www.truste.com/?
EDIT : Ideas from this discussion
- Proof of my real identity : The application will come with a proof of my real identity
- Outgoing traffic tested by the community at network layer : When released the application will have to go through an open contest. I'll offer 1000 BTC to people able to spot any connection going somewhere different that data.mtgox.com . Use sniffers, or whatever you want.
- Binaries distributed by someone else : I will recruit 10 members of the community from this thread to independently review the source code, compile it on their own machine, compute the md5 checksum and send the application to me. I will then distribute those binaries together with the md5 checksum.
- You name it : < there is still space>
Since you will be among early-adopters (and many of you already wrote their own trading bot), I'm here to ask you to help me make you feel safe.
What else would you like to have to feel safer? Nicolò.
