Pages:
Author

Topic: 🌟🎲🌟 MoneyPot.com - page 15. (Read 119082 times)

full member
Activity: 140
Merit: 100
December 02, 2016, 11:59:49 AM
I just read this post, I still don't  understand how the app owner can get the user token without malicious code!

The app owner is always given the token. And besides, the app doesn't even need the users token in order to access the money. (It can directly access it itself). Only put what you are willing to trust in an app (as it's clear by the warnings) Grin

Although the important thing to note, is if you put X in an app, the app can steal up to X. But it can never undetectably do so. i.e. It can never rig the bets. But it can bet without you authorizing it to. And it can transfer without you authorizing it to.  However, if it does nasty stuff like that, at least you'll know it. (But you'll still lose your money).

What is the reason why an app owner can access the money without even using the player token? I find it very dangerous.

Its like all orther casino sites, when you deposit to a casino site "wallet on MP" to "casino owner" then you build on trust, if you move x bitcoin from you wallet to a orther casino site with own br, then you have the same risk.

Unclear why they need access to the bits though? Given that they're not actually processing the bets, what's the rationale behind letting the app owners access the bits at all? I've tested making my own app on MP and never needed to actually be able to take the bits to get the functionality that I wanted

An app doesn't have control of the bits as you think as they are not physically in possession of the bits. They are not able to transfer any bits without using MoneyPot's API, which in itself, leaves a history trail. If anything malicious were to occur, MoneyPot would know. At anytime, a user could transfer the bits from the app, even if the app were to suddenly disappear.

An app handles the delegation of a users bits through wagers and tips. An app needs these abilities in order to function. With the current setup, an app tells the API how much the user wants to wager. MoneyPot makes sure that the funds are present and handles the wager and 100% of the transaction ledger. MoneyPot itself adds and deducts funds from the users balance.

The warning itself exists as it is theoretically possible for an app owner to act malicious and tip users funds to his or her account or place wagers without the users permission. If these acts shall occur, it is important that the user alert the Moneypot staff immediately so we can investigate the issue.

As a user, it is also your job to ensure the safety of your funds. After you are done wagering, transfer your funds back into your Moneypot wallet, and again, report anything suspicious.

MoneyPot will do its job by continuously vetting apps and making sure that approved apps remain complicit.

Two of the things that we have on the roadmap are automation and an improved token system for confidential apps. Automation will allow us yo have scripted users that test the functionality of approved apps to make sure that they remain properly operational. Think of this as a sort of unit test.


You explained why the wager function is necessary, but not the tip function. I don't understand why the app owners need to have the ability to tip people with other people's bits
sr. member
Activity: 501
Merit: 340
Bye Felisha!
December 02, 2016, 10:37:44 AM
I just read this post, I still don't  understand how the app owner can get the user token without malicious code!

The app owner is always given the token. And besides, the app doesn't even need the users token in order to access the money. (It can directly access it itself). Only put what you are willing to trust in an app (as it's clear by the warnings) Grin

Although the important thing to note, is if you put X in an app, the app can steal up to X. But it can never undetectably do so. i.e. It can never rig the bets. But it can bet without you authorizing it to. And it can transfer without you authorizing it to.  However, if it does nasty stuff like that, at least you'll know it. (But you'll still lose your money).

What is the reason why an app owner can access the money without even using the player token? I find it very dangerous.

Its like all orther casino sites, when you deposit to a casino site "wallet on MP" to "casino owner" then you build on trust, if you move x bitcoin from you wallet to a orther casino site with own br, then you have the same risk.

Unclear why they need access to the bits though? Given that they're not actually processing the bets, what's the rationale behind letting the app owners access the bits at all? I've tested making my own app on MP and never needed to actually be able to take the bits to get the functionality that I wanted

An app doesn't have control of the bits as you think as they are not physically in possession of the bits. They are not able to transfer any bits without using MoneyPot's API, which in itself, leaves a history trail. If anything malicious were to occur, MoneyPot would know. At anytime, a user could transfer the bits from the app, even if the app were to suddenly disappear.

An app handles the delegation of a users bits through wagers and tips. An app needs these abilities in order to function. With the current setup, an app tells the API how much the user wants to wager. MoneyPot makes sure that the funds are present and handles the wager and 100% of the transaction ledger. MoneyPot itself adds and deducts funds from the users balance.

The warning itself exists as it is theoretically possible for an app owner to act malicious and tip users funds to his or her account or place wagers without the users permission. If these acts shall occur, it is important that the user alert the Moneypot staff immediately so we can investigate the issue.

As a user, it is also your job to ensure the safety of your funds. After you are done wagering, transfer your funds back into your Moneypot wallet, and again, report anything suspicious.

MoneyPot will do its job by continuously vetting apps and making sure that approved apps remain complicit.

Two of the things that we have on the roadmap are automation and an improved token system for confidential apps. Automation will allow us yo have scripted users that test the functionality of approved apps to make sure that they remain properly operational. Think of this as a sort of unit test.
full member
Activity: 140
Merit: 100
December 02, 2016, 10:10:06 AM
I just read this post, I still don't  understand how the app owner can get the user token without malicious code!

The app owner is always given the token. And besides, the app doesn't even need the users token in order to access the money. (It can directly access it itself). Only put what you are willing to trust in an app (as it's clear by the warnings) Grin

Although the important thing to note, is if you put X in an app, the app can steal up to X. But it can never undetectably do so. i.e. It can never rig the bets. But it can bet without you authorizing it to. And it can transfer without you authorizing it to.  However, if it does nasty stuff like that, at least you'll know it. (But you'll still lose your money).

What is the reason why an app owner can access the money without even using the player token? I find it very dangerous.

Its like all orther casino sites, when you deposit to a casino site "wallet on MP" to "casino owner" then you build on trust, if you move x bitcoin from you wallet to a orther casino site with own br, then you have the same risk.

Unclear why they need access to the bits though? Given that they're not actually processing the bets, what's the rationale behind letting the app owners access the bits at all? I've tested making my own app on MP and never needed to actually be able to take the bits to get the functionality that I wanted
full member
Activity: 203
Merit: 100
December 02, 2016, 02:31:01 AM
I just read this post, I still don't  understand how the app owner can get the user token without malicious code!

The app owner is always given the token. And besides, the app doesn't even need the users token in order to access the money. (It can directly access it itself). Only put what you are willing to trust in an app (as it's clear by the warnings) Grin

Although the important thing to note, is if you put X in an app, the app can steal up to X. But it can never undetectably do so. i.e. It can never rig the bets. But it can bet without you authorizing it to. And it can transfer without you authorizing it to.  However, if it does nasty stuff like that, at least you'll know it. (But you'll still lose your money).

What is the reason why an app owner can access the money without even using the player token? I find it very dangerous.

Its like all orther casino sites, when you deposit to a casino site "wallet on MP" to "casino owner" then you build on trust, if you move x bitcoin from you wallet to a orther casino site with own br, then you have the same risk.
newbie
Activity: 16
Merit: 0
December 01, 2016, 04:00:36 PM
I just read this post, I still don't  understand how the app owner can get the user token without malicious code!

The app owner is always given the token. And besides, the app doesn't even need the users token in order to access the money. (It can directly access it itself). Only put what you are willing to trust in an app (as it's clear by the warnings) Grin

Although the important thing to note, is if you put X in an app, the app can steal up to X. But it can never undetectably do so. i.e. It can never rig the bets. But it can bet without you authorizing it to. And it can transfer without you authorizing it to.  However, if it does nasty stuff like that, at least you'll know it. (But you'll still lose your money).

What is the reason why an app owner can access the money without even using the player token? I find it very dangerous.
sr. member
Activity: 501
Merit: 340
Bye Felisha!
December 01, 2016, 07:25:12 AM
I just read this post, I still don't  understand how the app owner can get the user token without malicious code!

The app owner is always given the token. And besides, the app doesn't even need the users token in order to access the money. (It can directly access it itself). Only put what you are willing to trust in an app (as it's clear by the warnings) Grin

Although the important thing to note, is if you put X in an app, the app can steal up to X. But it can never undetectably do so. i.e. It can never rig the bets. But it can bet without you authorizing it to. And it can transfer without you authorizing it to.  However, if it does nasty stuff like that, at least you'll know it. (But you'll still lose your money).

Guess the fact that it's always detectable is a deterrent for most sites. However it's of course still possible for new sites to do so as its sole purpose. Luckily most sites are popular enough so that it's not worth it at all for them to do anything shady.


As part of the app approval process we do our best to weed out those that pose a risk. We also constantly monitor apps to make sure our users remain safe from any scams.
legendary
Activity: 2018
Merit: 1108
December 01, 2016, 06:26:05 AM
I just read this post, I still don't  understand how the app owner can get the user token without malicious code!

The app owner is always given the token. And besides, the app doesn't even need the users token in order to access the money. (It can directly access it itself). Only put what you are willing to trust in an app (as it's clear by the warnings) Grin

Although the important thing to note, is if you put X in an app, the app can steal up to X. But it can never undetectably do so. i.e. It can never rig the bets. But it can bet without you authorizing it to. And it can transfer without you authorizing it to.  However, if it does nasty stuff like that, at least you'll know it. (But you'll still lose your money).

Guess the fact that it's always detectable is a deterrent for most sites. However it's of course still possible for new sites to do so as its sole purpose. Luckily most sites are popular enough so that it's not worth it at all for them to do anything shady.
newbie
Activity: 16
Merit: 0
November 30, 2016, 11:19:56 PM
But the app owner can't really control the userfunds like he controls his own funds in his dashboard right ?
The only way he could "control" it is by tipping it to himself or whereever with some malicious code or stealing the token/cookie and gain access to his account, or am I missing something there ?

Yes. Just with the tipping and using the users token https://www.moneypot.com/api-docs#v1-auth-tip-another-user

But the players should be aware of it.
https://i.gyazo.com/26b98342dafd0f3a6dc7dfe6187a04ec.png

I just read this post, I still don't  understand how the app owner can get the user token without malicious code!
legendary
Activity: 1988
Merit: 1007
November 30, 2016, 08:43:46 PM
what is different about 2.0 of Moneypot.

Will casinos be able to offers games like Blackjack now or still just dice(type) only.

v2 is a huge refactor/rebuild/improvement over v1, bringing out the ability to add all the other things we want to see. That said, BJ-like bets ("dynamic") will not be available with v2's original release, but will be one of the (if not the) first features to be added to the v2 code base. This style will also allow games like true Minesweeper, among many more game implementations.
full member
Activity: 140
Merit: 100
November 30, 2016, 07:37:08 PM
Can someone post link of site graph winnings, curious have had 4 investments on here for periods of time all losers so far, only gambling site I ever invested in and lost money been invested in many. Obv I ran hot for the majority to be winners and you guys probably have ran bad but graph might give me peace of mind.


Hi BillyBurns, you can see stats here: http://eeeth.com/mpstats/

You can also view per app stats here: https://dicesites.com/moneypot

what is different about 2.0 of Moneypot.

Will casinos be able to offers games like Blackjack now or still just dice(type) only.

Short answer: A lot. We will be releasing more information on this in the coming days.


So apparently investors are now the least-profitable group among those earning profit?
sr. member
Activity: 429
Merit: 263
November 30, 2016, 05:35:19 PM
Thanks exactly what I was looking for.
legendary
Activity: 1036
Merit: 1000
November 30, 2016, 05:28:42 PM
Can someone post link of site graph winnings, curious have had 4 investments on here for periods of time all losers so far, only gambling site I ever invested in and lost money been invested in many. Obv I ran hot for the majority to be winners and you guys probably have ran bad but graph might give me peace of mind.


Hi BillyBurns, you can see stats here: http://eeeth.com/mpstats/

You can also view per app stats here: https://dicesites.com/moneypot

what is different about 2.0 of Moneypot.

Will casinos be able to offers games like Blackjack now or still just dice(type) only.

Short answer: A lot. We will be releasing more information on this in the coming days.
member
Activity: 99
Merit: 10
November 30, 2016, 05:18:56 PM
what is different about 2.0 of Moneypot.

Will casinos be able to offers games like Blackjack now or still just dice(type) only.
sr. member
Activity: 429
Merit: 263
November 30, 2016, 04:55:30 PM
Can someone post link of site graph winnings, curious have had 4 investments on here for periods of time all losers so far, only gambling site I ever invested in and lost money been invested in many. Obv I ran hot for the majority to be winners and you guys probably have ran bad but graph might give me peace of mind.
sr. member
Activity: 501
Merit: 340
Bye Felisha!
November 30, 2016, 04:43:06 PM
** Scheduled Downtime **

When: 12/10/16

Duration: 8-12hrs

Time: TBD

What:
-> General Updates
-> DNS
-> System Maintenance
-> System Scaling
-> Routine & Advanced Security Checks

Note: This will impact all areas of Moneypot's services.

** Scheduled Downtime **

legendary
Activity: 1330
Merit: 1000
November 30, 2016, 10:37:02 AM
A few have inquired so I thought I would post it here.

If you are one of the heavy investors that are being automatically divested from Betking and wish to move a large investment into Moneypot, please private message me and we can set something up to allow for higher security and control.
legendary
Activity: 1274
Merit: 1006
November 30, 2016, 06:56:58 AM
legendary
Activity: 854
Merit: 1000
November 29, 2016, 11:53:50 PM
I hope everything will play out smoothly and quickly.. The hassle of updating to v2 API, plus the missed deadlines aren't exactly making people reassured about the future of Moneypot, but we'll definitely be hanging around and watching.
legendary
Activity: 1036
Merit: 1000
November 29, 2016, 04:25:21 PM
Still waiting on answer as to when we can see v2.0?

The answer is 'Soon'.

It's being worked upon, but we're not going to rush it before it's ready.  Therefore giving any type of set date would just be foolish.



Yeah, I agree. Everybody would rather see a complete product instead of something rushed that will have a lot to work on even after the launch. Looking forward to the release though.


Ok, but this is two deadlines missed though...soon people are just going to assume nothing is ever going to happen

We set 1 deadline in the past, and we missed that due to changing our lead developer and rebuilding from scratch essentially. We will be live soon, I don't want to say an exact date to avoid missing a deadline again, but assuming all runs well... You won't even need to wait for 2017 to see 2.0. We will be announcing more on this in the near future. We appreciate everyone's patience with this.
full member
Activity: 140
Merit: 100
November 29, 2016, 03:22:24 PM
Still waiting on answer as to when we can see v2.0?

The answer is 'Soon'.

It's being worked upon, but we're not going to rush it before it's ready.  Therefore giving any type of set date would just be foolish.



Yeah, I agree. Everybody would rather see a complete product instead of something rushed that will have a lot to work on even after the launch. Looking forward to the release though.


Ok, but this is two deadlines missed though...soon people are just going to assume nothing is ever going to happen
Pages:
Jump to: