Author

Topic: Mycelium Bitcoin Wallet - page 104. (Read 586368 times)

Jan
legendary
Activity: 1043
Merit: 1002
February 13, 2014, 02:52:57 PM
Jan
legendary
Activity: 1043
Merit: 1002
February 13, 2014, 02:07:09 PM
Hi MyCelium people, good work on trading stuff but I heard you're using a tx radar for giving confidence to traders who receive BTC.

I think this is an extremely bad idea, as txs can be replaced after 100% propagation has been achieved by sending higher fee txs to replace the one you made. This attack only needs to work 1% of the time to be profitable but in reality can work much more (maybe even 100%) if pulled off correctly. You don't even need to tell the whole BTC network, just a few specific miners.

For instance if I submit my replacement tx to eligius using their web interface, then make the trade before eligius mines a block, if eligius mines a block it won't include the tx that got 100% propagation because that would've been rejected by eligius.

I suggest you remove this feature, and only using it for senders of BTC (not recipients).

The localbitcoins thing otherwise looks excellent. Thanks for this contribution. I don't mean to beat on this parade and be so negative, I like your work.
Thanks for your input Amir. The transaction confidence is not only based on network propagation, and never reaches 100%.
Here is what we look at:
- network propagation. We are listening to 500+ nodes
- length of the chain of unconfirmed transactions. If you tx depends on one unconfirmed output the confidence is halved. Halving for each link in the chain
- size of the fee of this tx and whatever unconfirmed tx it depends on
- Rela-time double-spend detection. If we detect one the confidence goes to zero.

We boil that down to a confidence number which never reaches 100%, and let the user take it into consideration when figuring out whether he wants to spend the time it takes to confirm with the seller. In the end it is an instrument that the buyer can use to help him judge the situation along with a number of other factors. Maybe he knows the seller, or he can see he has a five star reputation and 100 deals under his belt. He might also consider the seller a dodgy character and wait it out.

In the end there is no 100% guarantee, not even when the transaction has confirmed.
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
February 13, 2014, 12:10:45 PM
Regarding the spend from cold storage feature, if I spend some but not all of the funds on a paper wallet, where does the change go?

Back to the paper wallet.
legendary
Activity: 2212
Merit: 1199
February 13, 2014, 11:57:08 AM
 Mycelium Bitcoin Wallet I like your product! I gave it 5 stars! Keep updating!
legendary
Activity: 1092
Merit: 1001
Touchdown
February 13, 2014, 11:39:20 AM
Regarding the spend from cold storage feature, if I spend some but not all of the funds on a paper wallet, where does the change go?
legendary
Activity: 1232
Merit: 1076
February 12, 2014, 07:49:13 PM
Hi MyCelium people, good work on trading stuff but I heard you're using a tx radar for giving confidence to traders who receive BTC.

I think this is an extremely bad idea, as txs can be replaced after 100% propagation has been achieved by sending higher fee txs to replace the one you made. This attack only needs to work 1% of the time to be profitable but in reality can work much more (maybe even 100%) if pulled off correctly. You don't even need to tell the whole BTC network, just a few specific miners.

For instance if I submit my replacement tx to eligius using their web interface, then make the trade before eligius mines a block, if eligius mines a block it won't include the tx that got 100% propagation because that would've been rejected by eligius.

I suggest you remove this feature, and only using it for senders of BTC (not recipients).

The localbitcoins thing otherwise looks excellent. Thanks for this contribution. I don't mean to beat on this parade and be so negative, I like your work.
hero member
Activity: 742
Merit: 500
February 12, 2014, 05:54:34 PM
That's a really cool feature.  I love this wallet.  Now if only I could sign messages with it...

I implemented message signing for mycelium. It is very very likely that it is part of the next feature release.
We also use signing for other stuff internally

You'll get both, the cool feature, and message signing Cheesy

Well doesn't that just beat all? 
sr. member
Activity: 475
Merit: 255
February 12, 2014, 05:42:42 PM
No NSA back door?  Wink

Seriously, a really great idea! Can't wait.

Mycelium vulnerability to NSA depends on how long and in what form the information about sellers, buyers (locations, BTC addresses, reputation) and info about trades is kept by Mycelium servers. Wink
hero member
Activity: 938
Merit: 500
https://youengine.io/
February 12, 2014, 05:24:28 PM
I would still say that the display is a little bit misleading. It shows one wallet along with one number. My recommendation would be, if you find some time, to add some little hint that the one number does not exactly belong to the one wallet.
And in the aggregated transaction list it would be helpful to see which address received a payment because the sender address is pretty much meaningless and irrelevant.
hero member
Activity: 695
Merit: 500
February 12, 2014, 04:16:05 PM
Phew... you got me worried there for a while  Smiley

Sorry!

So now I am entitled to tease you a bit here: Did you notice that the Aggregated View setting is only available if you have enabled Expert Mode, so you are supposed to know what you do  Grin
I guess we are all a bit on edge with all the malleability stuff going on.

Yes, completely true. My fault.

I would still say that the display is a little bit misleading. It shows one wallet along with one number. My recommendation would be, if you find some time, to add some little hint that the one number does not exactly belong to the one wallet.

Of course, now that I know, this does not matter to me any more. I only fear that others might fall into the same trap.
Jan
legendary
Activity: 1043
Merit: 1002
February 12, 2014, 03:46:00 PM
Is 1ArG3dWqGzxLox5wJPHPqo92A2bfmbB8z6 monitored by the same Mycelium Wallet app?
If so, a possible explanation is that Mycelium displays an aggregated balance by default.  You can switch it off if you want to see the individual balances of each of your addresses.

Thanks! Yes, that was it. I may earlier have activated the aggregate view without fully understanding what it does, then forgotten about it.

My apologies to Mycelium and Jan.

This does indicate, however, that more users might misunderstand the aggregate view setting as well. I can't help thinking about possible ways to defuse this possible misunderstanding. Perhaps aggregate view should be automatically disabled when Mycelium is closed. Or at least there should be a conspicuous indication next to the number that is a total of multiple wallets. How about, "Total of 7 wallets:" to the left of the number? Or show the total in addition to the figure for the current wallet alone.

Anyway, the problem is now solved for me. Thanks again!
Phew... you got me worried there for a while  Smiley
So now I am entitled to tease you a bit here: Did you notice that the Aggregated View setting is only available if you have enabled Expert Mode, so you are supposed to know what you do  Grin
I guess we are all a bit on edge with all the malleability stuff going on.
legendary
Activity: 1680
Merit: 1035
February 12, 2014, 01:52:37 PM
That's a really cool feature.  I love this wallet.  Now if only I could sign messages with it...

I implemented message signing for mycelium. It is very very likely that it is part of the next feature release.
We also use signing for other stuff internally

You'll get both, the cool feature, and message signing Cheesy
hero member
Activity: 742
Merit: 500
February 12, 2014, 01:40:30 PM
That's a really cool feature.  I love this wallet.  Now if only I could sign messages with it...
hero member
Activity: 695
Merit: 500
February 12, 2014, 01:40:26 PM
No NSA back door?  Wink

Seriously, a really great idea! Can't wait.
member
Activity: 61
Merit: 10
February 12, 2014, 01:37:36 PM
Wow! That's a pretty big step! Nice!
legendary
Activity: 1680
Merit: 1035
February 12, 2014, 01:30:52 PM
It's Wednesday, so I can FINALLY officially announce Mycelium's newest project that they have been working on so hard for the last... quite a while (if you're wondering why that feature you kept asking for isn't added yet, this is part of the reason).



This Wednesday, at the Inside Bitcoins conference in Berlin, the team behind the Mycelium Bitcoin Wallet and the much anticipated yet continuously delayed BitcoinCard, will demo a major new feature of their wallet, called Local Trader. This new feature is a person to person exchange, similar to LocalBitcoins.com, built directly into the bitcoin wallet software. As Jan Møller, one of Mycelium’s lead developers explains, “Mycelium Local Trader is a trading platform for the Mycelium Bitcoin Wallet which allows users to buy and sell Bitcoin. The initial idea comes from one of the biggest problems in Bitcoin: How to get your first bitcoins?”

The feature is still being finalized, but is fully functional on testnet, and is expected to be released later this month. At first, the trader options will be limited to “Continuous Seller,” where someone creates an offer to sell bitcoins and waits for buyers, and “Instant Buyer,” where someone who wants bitcoins right now can browse a list of sell offers in their area, and ping one to ask for a trade. When asked why the option to instantly sell bitcoins for cash was not available yet, Jan commented, “We wanted to attack what we believe is the most common problem: Getting your first BTC.”


To set up a sale offer, the user first has to load their bitcoin wallet with some bitcoins. Since both the wallet and the trading platform are within the same app, the seller profile actually knows if they really have coins to sell. Once the seller presses the “Sell Bitcoin” button, Local Trader automatically registers one of the wallet’s bitcoin addresses on the exchange server as the key associated with the seller account. Like PGP, this bitcoin address and private key are used to authenticate with the trading server, where your user id, sell offers, trade history, and reputation are stored. Likewise, the private key is used to authenticate API requests to the server, a method that may mitigate the API key theft issues recently experienced by some exchanges, and in the future may be used to authenticate and possibly encrypt communications between users. For now, it just keeps all communications secure, and has the added benefit of being able to import your trade account, along with all its history, simply by importing the associated private key from a backup.


In the Sell Order menu, users can create sale orders that include their location (obfuscated to a 1km square block), the exchange used for the price, seller fee, minimum and maximum amount they are willing to sell, and a custom message that buyers will be able to see when they select their offer. Sellers are not limited to the amount of sale offers they can create, and can make sell offers with different fees for different amount traded, different locations, and even set negative fees if they need to swap their bitcoins for cash quickly.

For anyone looking to buy bitcoins, they just have to press “Buy Bitcoin,” and they are instantly presented with a list of 20 closest offers in their area, sorted by distance using their phone’s GPS. Here, buyers can see offer details, such as nickname of the seller, their rating, price, distance, and minimum and maximum they are willing to trade. Clicking on an offer also expands it to show any custom notes the seller may have included. Initiating a buy offer is as simple as typing the amount you wish to buy into the text entry field on the seller’s offer, and selecting Buy.


Once an offer is accepted, the seller’s wallet receives a notification, and the trading app switches to a window where the buyer and seller can see the amount and the price being offered, as well as a chat window they can use to negotiate the terms and location of the trade. The price can be changed and refreshed to the more recent exchange price as many times as the traders want before they agree on the trade, up to the point where they meet and swap cash. When each of them agrees on the terms, they hit Accept Offer, and the trade will only be considered accepted when both of them have agreed. However, the trade must go through within 24 hours of the buyer’s initial offer, otherwise it gets automatically aborted. Once the two traders meet, the buyer hands cash to the seller, the seller hits “Cash Received,” and bitcoins are automatically sent to the sellers wallet, minus whatever fees were negotiated on.


Another brand new feature that comes with Local Trader, which will likely be ported to other parts of the wallet, is the “Transaction Confidence” graph. Since Mycelium servers are connected to hundreds, if not thousands, of nodes, they are able to track transaction propagation through the network in real time. Transaction Confidence, expressed in percent, shows a close estimate of how much of the overall Bitcoin network has heard about the transaction. The idea is that, if most of the network has already heard about the transaction, double-spending it becomes much more difficult, and the chances of it being included in the next block approach 100%. So, if the confidence is high enough (it reaches high 90’s within a few seconds), you can be fairly sure that this transaction will be included in the block, and do in person trades with zero block confirmations. No more awkward waiting for 10 minutes (or sometimes as long as 50 as I had the unfortunate experience of at a local McDonald’s) just to make sure that both people are confident enough the transaction won’t fail.

Trader feedback is the only feature still undergoing the final stages of development, and will be automatically calculated based on the number and size of successful trades, response times, and trade aborts. For their part, Mycelium plans to charge about 0.5% per transaction for the service, but, like LocalBitcoin, will not object to people using the service to trade directly, bypassing the fee, since they believe enough people will find the convenience of trading directly through their system, along with maintaining a trade history and reputation, to be worth the small fee.
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
February 12, 2014, 10:22:08 AM
AFAIK, the aggregated view can only be switched off / on when in expert mode. The default is, it's on (in non-expert mode).
hero member
Activity: 695
Merit: 500
February 12, 2014, 09:27:57 AM
Is 1ArG3dWqGzxLox5wJPHPqo92A2bfmbB8z6 monitored by the same Mycelium Wallet app?
If so, a possible explanation is that Mycelium displays an aggregated balance by default.  You can switch it off if you want to see the individual balances of each of your addresses.

Thanks! Yes, that was it. I may earlier have activated the aggregate view without fully understanding what it does, then forgotten about it.

My apologies to Mycelium and Jan.

This does indicate, however, that more users might misunderstand the aggregate view setting as well. I can't help thinking about possible ways to defuse this possible misunderstanding. Perhaps aggregate view should be automatically disabled when Mycelium is closed. Or at least there should be a conspicuous indication next to the number that is a total of multiple wallets. How about, "Total of 7 wallets:" to the left of the number? Or show the total in addition to the figure for the current wallet alone.

Anyway, the problem is now solved for me. Thanks again!
newbie
Activity: 22
Merit: 0
February 12, 2014, 06:53:17 AM
Is 1ArG3dWqGzxLox5wJPHPqo92A2bfmbB8z6 monitored by the same Mycelium Wallet app?
If so, a possible explanation is that Mycelium displays an aggregated balance by default.  You can switch it off if you want to see the individual balances of each of your addresses.
sr. member
Activity: 475
Merit: 255
February 12, 2014, 04:16:16 AM
Mycelium seems to be affected by the recent malleability attacks. A wallet, 19KoHJzbFMBD2EaAzox7bsjKhMNLva21sm , shows 31.922088 on Mycelium, but, according to independent bookkeeping and according to blockchain.info, it contains only 1.00000000. The discrepancy appeared yesterday, after all but 1 of the bitcoins were transmitted to other wallets, where they duly appeared and were even partly spent.

I'm wondering what would happen if one attempted to spend more than 1 from that wallet, but that has not been tried.

I think Mycelium would "allow" the spend, but the Bitcoin network won't. Mycelium would then show this spend as unconfirmed for ... how long exactly?
Jump to: