Topic: Gliph - Secure Messaging and Bitcoin Transfers on iOS, Android and the Web - page 4. (Read 12742 times)

PM sent
Thanks!

Thanks. Most of Gliph is not open source. We recognize this isn't sufficient for some folks, and happily steer them toward open source alternatives like Cryptocat.

We realize the value in being able to study and compile the code that encrypts data yourself and are looking at how we can provide that.

For now we do have an opensource a library for low-energy bluetooth transaction protocol that one of our guys presented at Bitcoin 2013 called BTC2: https://github.com/Gliph/BTCSquared

gliph looks really interesting, but I'm missing the github repos. Isn't this open sourced?

Got you both. Headed to bed now, will check back in the morning.

PM sent...

PM Sent

I agree, ultimately Coinbase will need to address the issue, but in the interim, adding the extra disclaimer (if possible, either as an intermediate screen where a user must hit "Accept Terms" or "Reject Terms", or as a popup with "Accept" or "Reject" options) can at least help and prevent users from getting super annoyed about this, because not everyone knows Coinbase's system does that, so they'd be annoyed / surprised / angry / [insert other emotional response here] and might take that out on you or the other devs (if any) that you have working with you.

And we're appreciative that you are receptive to our thoughts!  Because that's a good sign: a support team that listens to the opinions of concerned users.

Now, since it's 02:06 and i've been up since 07:30 yesterday, I'm going to try and get some sleep.  Good night! 

To summarize, when two Coinbase users send Bitcoin to each other, it reveals the email addresses of both users. This happens whether the users use Gliph or not, and even if they do not know that each other are Coinbase users (they are working with wallet addresses only).  This is a specific behavior of Coinbase, and we can not change this.

This is an interesting idea. To clarify, this does not reveal email address to anyone who receives bitcoin, only if the other user is on also on Coinbase. For example, if a Gliph user with a Coinbase wallet attached sends bitcoin to a user using a BIPS wallet, this does not occur.

This is a very good point, we will look for a way to warn existing Coinbase users who attach their wallet about this concern. Especially given the privacy we are trying to protect. We do feel though, that this concern would best be alleviated by a change in how Coinbase behaves.

No problem. This is important stuff and I appreciate you and TBZ taking the time to voice your thoughts.

There is one issue, though, and I apologize for hoarding your thread for this discussion, but it is relevant for people who wish to link preexisiting coinbase accounts with their Gliphs.  Many people have coinbase accounts that were not created as part of the Gliph system, and were created previously with actual email addresses and such.

In testing, TBZ and I tested the integration feature of sending BTC via gliph, in which 0.01 BTC was sent from TBZ to me (and of course I sent it back, but that's not relevant to this discussion).  During the test, Coinbase, both on Coinbase's site's transaction log and their email notifications will reveal the preexisting account's email addresses, and with such accounts that were created outside of the Gliph system, it will continue to utilize those addresses.  TBZ and I both wanted to see how the feature worked, to make sure it correctly deposits into the bound Coinbase accounts, and we wanted to accurately test the Coinbase depositing system to see if it actually revealed any data, which it did.

I would suggest adding a disclaimer in the "Login to coinbase" option, either as a popup or additional screen, mentioning that if you bind a Coinbase account that was *not* created with Gliph, the email address and the name on the account will be revealed to whomever receives the bitcoins.  That would at least allow users who care to read to be told that there is a risk that their information will be revealed to other users when they send BTC.  This would also protect you (or, in tech lingo, the devs) if, say, someone used the system without knowing that risk, and decided to go on a rant and claim the privacy issue was caused by your application (which of course it isn't, but most people aren't going to know that).

That's just my two cents.  Again, sorry for hijacking your thread on this single point.

Hey, thanks for pointing that out. We noticed this right away when we were building Gliph's integration with Coinbase.  We agree it may be an intrusion on privacy of participants. To handle this, when Coinbase accounts are created with Gliph, we use "Cloaked Email" addresses. These protect the privacy of the person's email.  You can read more about Cloaked Email here: https://blog.gli.ph/2012/08/14/delivering-privacy-gliph-cloaked-email/  

Cloaked Email is useful for other things than just protecting privacy on Coinbase, and a free cloak comes with each signup--in addition to the one we use when creating Coinbase a wallet.

PM sent to ya.

---

Pulling a quote from my friend TBZ here, I agree with his assessment.  There is an email notification from Coinbase, and a listing on the coinbase TX log, of the bound account's name and email address as listed on the account.  That is exposed on the Coinbase logs, not necessarily the blockchain, however it is a valid assessment that privacy/anonymity (to a point), which one normally gets through gliph because messages aren't going to reveal email addresses or actual names unless those profile fields are shared publicly, could be an issue here by continuing to use Coinbase.

PM sent

ETA: BTC received, tks

ETA2: I'm not sure if Gliph and Coinbase are really a good fit; everyone gets email notifications with all of our email addresses and whatever names we put in Coinbase exposed on receiving/sending BTC to each other.

He sent the bitcent, seems like a good guy. We talked for a minute or two. I hope he succeeds with this.

Cool, thanks for trying this out. I haven't seen your PM on BitcoinTalk yet, or the message to the Support Gliph. We need both to connect your account with your Activity here int he forum. I'll keep an eye out for them.

edit: just got em. thanks.

PM sent. Will try this.

Thanks for the feedback. I think you have a solid point. If you don't want to post your Gliph publicly, you can simply reply to the post saying, "PM Sent" and include your Gliph in the PM.

rob

It is Friday and we want to try something new.  

Update: I'm stopping the free .01 Bitcoin offer for now. We gave out a fair amount of Bitcoin to folks for trying it out. Thanks a lot to everyone who participated!

We're giving out a free .01 Bitcoin to the next 30 people who post in this thread with a BitcoinTalk Activity greater or equal to 25.

Here's how it works:

• Have a Gliph account with a Coinbase or BIPS wallet attached.
• Post a reply here with your Gliph (See Settings -> Download Gliph as Image on the iPhone app and the web app).
• Send a message to the Support Gliph saying "I replied on BitcoinTalk" or similar.
• We'll check the thread and match your reply to your message with .01 BTC attached.

The idea here is to twofold:

• Encourage people who have not had motivation yet to try out Gliph to give it shake.
  
• Help BitcoinTalk people find people to connect with and try out Bitcoin transfers with on Gliph

If you don't have 25 activity on BitcoinTalk yet, sorry. This is a somewhat arbitrary guess at a what a reasonably active BitcoinTalk person is.

Since this isn't automated, there is a chance of a delay between when you post and message support. Particularly during normal sleeping time PST. However, we will honor what I've laid out here so please be patient and we will hook you up. I'll either edit this post or post a new reply when we've sent Bitcoin to 30 BitcoinTalk people.

Depending how this goes, and if people are cool with this, we may do it again.


rob

I look forward to your feedback. Thank you for checking it out.

Thank you for trying out Gliph. We try to achieve great communications experience while doing our best to preserve security and privacy.

The web client is pretty rough right now. :L I do most of the Support Gliph from it, and I wish it was way better. We nearly got this updated a few months ago, but we have wanted to focus on Bitcoin exclusively until we've got some great Bitcoin wallets to choose from. 

Someone from the Gliph community released a Gliph for Desktop Chrome extension that changes the desktop web. We communicated with the author of this extension but we do not support this, so use at your own risk.

We will be providing a desktop web update, but I don't have a release date at this time.

I've tried this out a few times and think it is one of the most user friendly ways to communicate securely with others. Is it possible for you to release some sort of web client for this?The web app is annoying to use within that small virtual iPhone window, the phone app is good though.

This is a rather unique and interesting project. I've downloaded it and will give it a go this evening.