Topic: New, simple online wallet: www.instawallet.org - no signup required - page 10. (Read 28915 times)

Another update: I deprecated the whole cookie thing. Instawallet will no longer make any attempts at trying to remember you. Please note: This means that it's now up to you to make sure you have a bookmark or similar to find your way back.

I thought it was a nice convenience function, but I have reconsidered this decision. Mostly I was worried about the possible confusion that can happen when people visit a specific Instawallet linked somewhere, then later return to the site and don't notice that they are redirected to an "old" Instwallet instead of a "fresh" one.

So starting from now on no new cookies will be set. But old cookies will continue to work until they expire (will take a while) or you clear them manually.

I just rolled out a small update to support balances of less than 0.01 BTC. I was hoping to also include the ability to send transaction smaller than 0.01 BTC, but with the current state of the RPC interface regarding fee handling and the rules surrounding "dust spam" this is still somewhat problematic. I have a more detailed post about the issues and a proposal for a more flexible solution over in the Development board: http://forum.bitcoin.org/index.php?topic=14571.0 .

Yup. You are right - lots of people do it.  I think a warning in your FAQ or terms and conditions is sufficient. 

I think the difference is that you are dealing with money, while YouTube is just dealing with videos.  (Not that personal videos can't be a lot more valuable than the 1 BTC that someone might have in their instawallet,...) 

Although you are only dealing with small amounts of Bitcoins, I can imagine the temptation at one of the suppliers to be great, in that a rogue Google / Alexa / Yahoo employee can attack ALL of the tiny stored amounts, and potentially get a lot of cash.  Or worse, maybe one of these sites publishes to the internet "Frequently accessed pages on the site instawallet.com" and lists a bunch of them.  Then a random stranger on the internet could rob the bank of many pennies.

I think someone can use Yahoo API to find the 1000 most popular pages on a website, which might be exactly the hack needed.

I'm not saying you shouldn't go forward with the project.  I love the idea.  But it's something to think about.  Maybe some security experts can give their opinion.

---

Here's another attack that may or may not be an issue.  There's a tricky way for one site to access your browser history - specifically, it can see whether you have or have not visited a specific page.  I don't THINK that will be a problem for you (as they'd have to guess the exact page), but it popped into my head as I was typing this.   See http://infinity-infinity.com/2009/06/sniffing-browser-history-with-css/ which is the page that also mentioned that Yahoo API can give you the 1000 most popular pages on a site.

Anyway... as long as people treat it like "disposable money" to play with, then no biggie.  But your site could lose credibility or you may need to shut down, if you get hacked in one of these fashions, so it's something to consider. 

Hope I'm being helpful in pointing out things that you may figure out preventions for!

I think Namecoin is a very interesting project, but would prefer to focus my resources just on the Bitcoin side of things for now.


Knowing the Bitcoin address of a wallet doesn't improve your chances of guessing an Instawallet, if that's what you mean. As to randomly trying Instawallet URLs: the search space is big enough, that this won't get you anywhere.


Thx for the heads up, but how do you propose I should deal with them? It seems to me, that if people want to send their private data to a cloud service, it's up to them whether they trust that provider. I'm not the only service that uses secret URLs. You can, for example, create YouTube videos that can only be accessed through a private link. As far as I know, these services also don't deal specifically with toolbars. But I will mention it in the upcoming FAQ.


I have been toying with the idea of providing an API. It will probably happen at some point, but I can't promise anything right now, there are still lots of other things in the queue.

Could you implement some kind of thing like Mt. Gox's API where I could send BTC by just opening a URL, and then as long as enough BTC were in my wallet, it would send them.  Something like:

https://www.instawallet.org/w/wallet-address/send.php?sendtoaddress=&amount=

That way, guys like me who have basically no programming knowledge at all could still have a way to automate things.  Like I plan on writing an autohotkey script that might utilize a feature like that.

@JAV, You may also have to worry about Toolbar programs (like Alexa toolbar, Ask toolbar, Bing tool bar, Yahoo Tool Bar, Google Toolbar, lots of Firefox plugins).  I believe that some of these send URLs back to the "mother ship" to help with page rankings and site analytics.

But Instawallet is a very nice looking site!

See http://www.google.com/privacy/faq.html#toc-terms-urls

URLs and embedded information

Some of our services, including Google Toolbar and Google Web Accelerator, send the uniform resource locators (“URLs”) of web pages that you request to Google. When you use these services, Google will receive and store the URL sent by the web sites you visit, including any personal information inserted into those URLs by the web site operator. Some Google services (such as Google Toolbar) enable you to opt-in or opt-out of sending URLs to Google, while for others (such as Google Web Accelerator) the sending of URLs to Google is intrinsic to the service. When you sign up for any such service, you will be informed clearly that the service sends URLs to Google, and whether and how you can opt-in or opt-out.

For example, when you submit information to a web page (such as a user login ID or registration information), the operator of that web site may “embed” that information – including personal information – into its URL (typically, after a question mark (“?”) in the URL). When the URL is transmitted to Google, our servers automatically store the URL, including any personal information that has been embedded after the question mark. Google does not exercise any control over these web sites or whether they embed personal information into URLs.

Is it possible for someone to generate addresses locally and inputting them to your site, sort of like a brute force way to find random wallets? I noticed the url is different from the wallet address, which is good, but I would still be concerned about an attack like that.

Nice! I likey! Keep up the good work!

Would you consider creating a namecoin version of instawallet?

Quick update: All traces of Google Analytics have been removed. I also tackled the biggest source of user confusion: changing Bitcoin addresses. The address you see on your Instawallet will from now on not change anymore.

So far everything seems to run fine. More updates (including a FAQ) will follow.

That's an interesting idea and it should be possibly in theory. I don't think it's very practical at the moment, though. It would probably require large changes to bitcoind, to support frequent imports and removals of private keys for the temporary time that the user is logged on. And it would still be kind of a kludge, as the user is still vulnerable during the time he is accessing the Instawallet.

I agree though, that it would have many benefits. I think the WebCoin project does some interesting work in this regard, going so far as completely preventing the server from seeing the private keys at all. It should be interesting to see what they can come up with and their software might eventually be a better backend for the Instawallet site.

@jav: How much access do you have to money in an instawallet? It wouldn't surprise me if it's possible to arrange things so you have no access at all. One way would be to randomly generate the URL for each new wallet, but derive keypairs deterministically from that URL, and not keep a record of the URL on your end. (Of course you'd have web server logs, but you could purge them of sensitive data on a regular basis.)

On the legal end, this may protect you from things like bank regulations that might eventually be applied to Bitcoin, since you wouldn't actually be holding anything yourself---just hosting a web application.

On the security end, it would dramatically reduce user risk---even if your server were physically stolen or destroyed, it would be possible for your users to recover their bitcoins and impossible for anyone else to steal them.

Aw, nice... yeah, whenever their robot comes back it gets a fresh wallet. =) Thx for pointing that out, I will set up a robots.txt. The problem with people clicking through to a specific Instawallet is a valid concern (I had one person using the /w/free_bitcoins link posted by Insti in this thread, transfer 0.01 BTC there and then wondered when it disappeared) and there is no point in spamming the search index anyway.


Yes, that's correct. And while I consider my Analytics data to be pretty secure, it's an unnecessary risk, I agree. I will move to a local-only log analysis tool soon and then delete the Google Analytics data set.

google-analytics? ....... afaik that gives google access to every page that it runs on 

I don't know if this might just give people a false sense of security, but you might want a robots.txt excluding your wallet URLs. Google has several wallets indexed now, although there were no bitcoins in any of the ones I saw.

I think the main concern might be a user hearing about Instawallet, Googling for it, and then clicking through to a specific wallet URL without realizing it, and then anyone else could get to it the same way. Maybe a warning based on referrer would be good enough, though.

If you leave wallets indexable, it gives users a quick way to see if their secret URL has gotten out anywhere, I suppose.

never mind JAV; those two .01 btc confirmed

my client show the 2 receives of .01 btc greyed out; what does that mean?

JAV, how long do i have to wait?  i had my client connected all afternoon yesterday w/o any effect.

jav:


Okay that makes sense. So even though I can no longer see that address it may still be receiving for my Instawallet. Maybe just list on the Instawallet page (on a pull-down button?) every bitcoin address that can receive to that Instawallet account?

Nice work btw.

The recognition system works with cookies. Cookies are stored locally by your browser, so as long as your are using the same browser to come back to the website, it doesn't matter whether you use Tor or not.


I'm sorry, but I would probably not want to that, no. Remember, Bitcoin transactions are public. Somebody else might - maybe with some additional clues - figure out that some Bitcoin address belongs to Instawallet and can just look up the balance on blockexplorer.com. I guess it would be ok if you would tell me the correct balance plus the last couple of characters from your secret link. Just write that down somewhere, to be safe.


Please give this at least 24h to sort itself out. If you quickly send coins back in forth, then these transactions look very "spammy" to the Bitcoin network and can potentially take a long time to be confirmed.


Every Bitcoin address you ever saw on your Instawallet page will always be yours and you can still receive payments there. asdf explained it right: You have one specific Instawallet URL, which is tied to an account in the Bitcoin wallet. The Bitcoin daemon automatically assigns a fresh Bitcoin address to an account once it receives or sends out a transaction. The old ones continue to be associated with that account though, so they will still work.

It's kind of an un-intended side effect of using the account feature right now. I can understand how it can be confusing that the addresses change from time to time and I will probably soon put code in that will just keep the address static. But for now: Don't worry about changing Bitcoin addresses, they are still all tied to your Instawallet URL.