Topic: Gliph - Secure Messaging and Bitcoin Transfers on iOS, Android and the Web (Read 12742 times)

Hey Panj, it is not. Thanks for asking.

is the 0.01 promotion still running?

so on the scale of 1-10 any of the users can report how easy it is for transaction?

and whats better use for.

Hey there, As I mentioned in the few hours we've worked together over the past two days trouble shoot this, I'm sorry we weren't able to work this out or trace exactly what happened with the first .001 I sent to you over Gliph.

I understand that not everyone out there has the best experience with Blockchain.info or even Coinbase. We generally recommend people use Coinbase with Gliph at this point. We understand that not everyone feels comfortable with either service's use of private keys and that the way Gliph works with Bitcoin may not suit every Bitcoin user.

I recognize that 2FA is a requirement for some folks, and while we don't support that for sending, we do support that for receipt of Payment in Marketplace on both wallet services. 

I think it is reasonably important to say that I was able to successfully send Bitcoin to your attached blockchain account, and while you offered to return it, I said you were welcome to keep it. I also want to clarify that we have not had a problem reported similar to this yet, which makes it hard to reproduce.

I am sorry we weren't able to make Gliph Marketplace work for you.

If other folks are considering listing in Gliph Marketplace we'd love to have you give it a shot. It is just two weeks old and we're continuing to improve it over time.

Renewing warning against storing private keys in Blockchain Wallet. Rob at Gli.ph claims their API generated a new address/private key when I first linked it to Blockchain (with whitelisted IP), but that address (https://blockchain.info/address/1EKqFXn3UmaZaJP5swqCUm3mbpdp63VhwR) never showed up, so I couldn't have deleted it, by accident (an 8 step process) or otherwise. The first time I saw that address was when he PMed it to me after I complained about his 0.001 not being received at any address in my Blockchain Wallet. He swears up and down that it's working correctly, but clearly it isn't, if private keys are ever getting erased without the possibility of user input.

ETA: This was not an isolated incident of non-theft loss for Blockchain Wallet, and we're lucky it was only a $0.25 loss this time. I'm attempting to gather other reports and get other victims to reply here. Any failure is not an option when "magic internet money" (that can never be recovered once private keys are lost) is involved. If I ran Gliph and was made aware of Blockchain's failure even once, I would yank the integration immediately, not defend it, and not by implication fall back on my Terms of Service's Warranty Disclaimer, Limitation of Liability, Indemnification in allowing any more possible failures.
https://bitcointalksearch.org/topic/blockchaininfo-lost-private-key-142139
https://bitcointalksearch.org/topic/i-lost-1447-bitcoins-due-to-an-error-in-blockchaininfo-ios-app-680734
https://bitcointalksearch.org/topic/i-got-back-my-faith-in-blockchaininfo-321047

ETA: The 0.001 that was actually received was just forwarded to xkcd https://blockchain.info/tx/2752d70392978a12883c348b3fcf4c8710534e482764b441c284118c044cfc1b

Hey BTCtalk peeps,

We released version 2.0 of iPhone app (with Gliph Marketplace today). It has a bunch of improvements from the 1.x versions.

You can read about the update in our blog entry here.

That is a nice piece. Thank you for listing it!

Other BitcoinTalk folks who are interested, feel free to PM me.

My first Gliph Marketplace item: https://gli.ph/l/54b032ea9e9ad173b8cc794b

Hey Bitcointalk,

Today we released the first version of Gliph Marketplace, a new way to buy and sell using cash or Bitcoin. This is the easiest way to close a deal P2P using bitcoin yet.


Watch the promo video here.

Hey Newar,

Thanks for noticing and posting this reply here. To answer your question, we are keeping the "Legacy" symbol-based usernames available with the same use cases as before. You can use the old username you have to: Login, Reset your password (if you have not disabled PW reset on your account), Be found in the Gliph system using Add Connection, and even Added to a Group.

So your old username still works, and in fact you can choose not to get a new username if you want. We wanted our existing users to be able to keep things the way they are if they want.  All of this is outlined in the blog post on Gliph's username update here.

That said, we have what we believe to be very good reasons for transitioning away from the old username system.  I'm going to quote our blog post here for convenience:


We have some exciting things related to Bitcoin that we are working on, I hope what you feel we lost in the uniqueness of the symbol usernames will be more than made up for in increased practicality, usability and sheer joy from using Gliph. I implore you: stay tuned.

rob

I am very sorry to see the symbols go    It was one of the major things what set Gliph apart from any other chat app I know. Was there no way to keep them alongside the "new" way?

Great work! For more attention, you can run a small campaign for a week. Will get a good attention from it.


Sorry I couldn't follow the post for some time. I like to test your stuffs. I am using android and it is sad to hear that you are no longer developing it. Anyway, I can test IOS app too but it will take a little time than testing on android.
Kindly,
       MZ

I love the music in that promo video.

One feature that we bitcoiners may like to use is GliphMe- https://gliph.me/

The way I would explain it is that for the person contacting you, it's like those live sales/support chats that Amazon and other sites use - use any non-text-only browser and it'll work without installing any add-ons. You'll get notifications of new messages and open your Gliph app to chat back to them.

Hey BitcoinTalk,

We released some cool new stuff today:

0. We added a completely new Desktop Web app to use with gliph. Here's the promo video showing it off:



1. We brought bitcoin back to Gliph in the App Store. Now you can send Bitcoin to other Gliph users and also using a QR code scanner.

2. We added secure Group Messaging. Please see previous posts in thread to go over in detail how we handle security and our views on open source.

3. We have a totally revamped Android Application. It is now basically parity with iOS (no PIN lock on it)

Uniquely, Gliph hooks up to both Coinbase and Blockchain.info wallets. It allows super easy p2p transfers (between Gliph users) and spending outside Gliph using QR codes.

rob

edit: typo

Thanks for coming forward as a person.
Great. Then this is an intellectual discussion and we can steer clear of attacks and simply disagree on specific things if necessary.

The lynchpin of these conversations is usually in the individual interpretation of the word "secure." To clarify, your premise is the word 'secure' may only be used if the source is open, correct?

As I've mentioned, for some folks, that means they can view the source, or the source is available for someone you trust to consult. We're all for these folks and point them to use OTR messaging and PGP.  These kind of people often are ok dealing with the UX downfalls and limitations of these systems.

Most folks don't compile Linux for themselves. So they do treat OS X or their (hopefully) updated copy of Windows as offering security and privacy. I think they have good reason to feel that way, particularly with iOS--even though that is closed source.

The feedback has been received, thank you.

I won't do nearly as good of a job as dreeves has in compiling Yehunda Katz and AParecki's considerations in this HN thread.

Costs of open sourcing your startup:

I'd add to that a security audit in advance of open sourcing the project to protect existing users.

Depending on the project size and age, all that may be low cost. It may even be a cost you're happy to deal with if you feel it is a major value proposition to the audience you're after.

A few more reasons:

 - Gliph's iOS app is completely native, and largely front-end UI (where heavy lifting is done by servers) Objective-C is complex code that is original and valuable and not something we want easily copied by competitors. 

 - Server-side, we do incorporate open source libraries, however the great majority of Gliph platform is original software . The web application is complex, powerful and valuable intellectual property that we have worked very hard on for years. While our goal is to make a big contribution to society, Gliph is not a charity.

 - The Coinbase and Blockchain API's have undocumented peculiarities that we have learned with great pain over time. At this point, it is up to other startups to also figure these issues out to be competitive in this space.

But the number one reason right now is that I personally do not think most regular internet users can explain what it means for software to be open source, let alone how software is built.  They just want to be able to get things done. They want reasonable security and privacy precautions taken without the details. We take care of that for them. Our users do not write in to us ask for open source code, they write in asking for new and better features.

So startups that deal with Bitcoin have a dual problem: they must provide security even though it's value is only understood when there is an intrusion, and they must also actually create a product of real value that gets adopted.

To turn this back to Gliph, we have built an incredibly powerful platform that is just barely scratching the surface for our intent. While it may not meet your particular requirements of security, the platform is secure and handles data securely with privacy controls that are simply not available on any other product right now. 

On the topic of Privacy, our team thought carefully about Gliph's privacy policy which is written in a way that anyone can read. Not just people who know how and have the luxury of spending time reading code for this purpose.

GPLv2

This is an especially good point. Here's something from 2008, regarding backdoors in Skype and why you cannot (no exceptions) trust closed source software:

http://www.geekzone.co.nz/foobar/5823

How true that was, as we've learned in 2013. For those that don't know, Skype originally started with end to end encryption and the promise 'We do not have access to communication data' right in their privacy policy. Today, we know Skype is a PRISM partner.

Security and privacy is fundamentally incompatible with closed source software. There are no exceptions.

PS: Hive, I liked your wallet until you added altcoin crap. But nice to see it open source, though what is it licensed under? Source code published != open source.

Posted from Firefox on Ubuntu

Gliph has zero actual security or privacy. Period. You are absolutely throwing your coins, and your privacy away.

Also: http://www.wired.com/2013/11/inputs/

Hi Rob, it was me.

The post had nothing to do with perceived competition; I also don't consider you competitive. I wrote what I wrote because it seems highly irresponsible to market something as "secure and private" when it is impossible to audit the source—we're in the post-Snowden era here, are we not? I don't mean to pick on you guys in particular, you seem like a nice, well-intentioned bunch. But if you truly care about privacy and security, then I don't see how you can disagree with my premise. The old way of doing things has had its day.

"Any person can invent a security system so clever that she or he can't think of how to break it." —Bruce Schneier

Anyway it's your company and you are of course free to do as you like, but I will continue to encourage you to re-think this strategy, and likewise discourage anyone I know from using Gliph until a different direction is taken.

PS- Can you explain to me why "startup" and "open source" are at odds? I don't really follow.

Moni3z, thanks first for taking the time to give this feedback. It is important I preface my response with a repeat from my previous post: There are also options out there that are a better fit for high security needs. Gliph's intention is not to be the world's most secure messaging client. Gliph is focused on making fantastic compromises between privacy, security, real-world utility and great user experiences. We make these compromises to execute on Gliph's actual mission: to help people transact with their peers in a trusted, efficient and delightful way.

Textsecure's iOS implementation remains in "early development stage" and is not ready for production. Gliph has been cross-platform, (web, android, iOS for some time). Also, I would assert that technical integrations between multiple cloud wallet services and a secure and private social platform is more challenging than it may appear.

Thanks for checking it out! Gliph does work in conjunction with TOR, so long as you have your device set up to route app traffic over the connection. We are unlikely to build native tor support in because it is not too hard to set up and toggle on as a device-wide choice and because every new security feature takes time and energy away from building new products and services that bring us closer to our mission.