Pages:
Author

Topic: New, simple online wallet: www.instawallet.org - no signup required - page 3. (Read 28915 times)

member
Activity: 85
Merit: 10
I have the same problem, I sent money to an instawallet and even though the transaction is confirmed there is nothing showing up in instawallet.

Really annoying.
donator
Activity: 335
Merit: 250
Bitcoin, Ripple & Blockchain pioneer
Another software glitch?

It seems instawallet bitcoin daemon has died, all in & out transactions are not reflected in instawallet addresses.
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
This is a simply problem that should have a simple fix.

The URL https://instawallet.org should be set up as a landing page, populate with simple content and one button. Upon clicking the button, the familiar page, or similar, we now see would then appear showcasing the new wallet with 0 bitcoins, whereupon the newly generated URL will be the address of the user's new online wallet.

Currently, as it is set up now, there is no instawallet.org page one can visit. This simple change would take very little effort.

Problem solved!

~Bruno K~

The problem is not the experienced user but the noob. You could still trick a noob into believing that
is a referral link.

Valid point! Then on the landing page I mentioned above, a popup warning box appears that has to be manually ticked (If you don't want to see this box again from this IP, click this box and exit). In fact, besides just the landing page, ANY page generated for the first time visitor via a unique IP.

I'm sure the above should eliminate a high percentage of the scams. Hell, there are people still being spoofed by fake PayPal sites, and I'm sure they're throwing everything in their arsenal to combat the problem.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
This is a simply problem that should have a simple fix.

The URL https://instawallet.org should be set up as a landing page, populate with simple content and one button. Upon clicking the button, the familiar page, or similar, we now see would then appear showcasing the new wallet with 0 bitcoins, whereupon the newly generated URL will be the address of the user's new online wallet.

Currently, as it is set up now, there is no instawallet.org page one can visit. This simple change would take very little effort.

Problem solved!

~Bruno K~

The problem is not the experienced user but the noob. You could still trick a noob into believing that
is a referral link.
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
This is a simply problem that should have a simple fix.

The URL https://instawallet.org should be set up as a landing page, populate with simple content and one button. Upon clicking the button, the familiar page, or similar, we now see would then appear showcasing the new wallet with 0 bitcoins, whereupon the newly generated URL will be the address of the user's new online wallet.

Currently, as it is set up now, there is no instawallet.org page one can visit. This simple change would take very little effort.

Problem solved!

~Bruno K~
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Oh this really looks like a big problem. I could advertise instawallet.org and claim there was some sort of referral program. You get 0.01Ƀ if you use my referral link: instawallet.org/referrer/Giszmo.

The problem is the attacker could even use some new addresses here but generate them himself and send the "referrer reward" only seconds later.

I think instawallet.org should definitely distinguish between deep link and generated url. I really feel sad for all the noobs that were and will get scammed Sad This attack works with all the users that take help to get started no matter what wallet but with instawallet it is easier. I sold many people bitcoins that had no clue about bitcoin and could have easily installed them my wallet for their use without them noticing that now I will have access.

I think the minimum instawallet should do is to show a creation time stamp of that wallet with some advice that if the user feels like he might have started using it later, he better should move on to a new wallet. Moving on to new wallets is actually a good advice to just about every user.
full member
Activity: 216
Merit: 100
Please let me know, if my concern makes sense to you, or if I might need to clarify it a bit better.

You are correct that the only secure way to use Instawallet is to use only an InstaWallet (URL) that was assigned to you by the site (which occurs EVERY time you access the URL without specifying any path, i.e,., https://instawallet.org ).

If someone passes you some funds with another InstaWallet (URL), you can send the funds to the Bitcoin address to your own InstaWallet but you should never add new funds to that InstaWallet -- it should be treated as having been compromised.

If the user goes straight to an existing wallet, then it would be good to "welcome back"

The site does give the message:
"Only share your bitcoin address, NOT the wallet URL or key, with the public."
So if a person gets the wallet URL from elsewhere hopefully that person can realize that a problem exists.

The problem is, that bad guys in chat-rooms redirect newbies to "compromised" instawallets, labelling
the links merely "Instawallet", thus tricking newbies into believing it was a new one.  Since they typically
use short-url services, it often really isn't obvious to the user where the link actually went to.

Open your own wallet in one tab, and create a new wallet in a second tab:  except for the identifiers,
(and the balance) there's nothing that would tell one, if it is a newly created or a used wallet.

So, to protect newbies from accidentally "adopting" a compromised wallet, the wallet-page itself
should use specific wording like "welcome to your new wallet" versus "welcome back to your w."
in big letters on top and explain, that if the "welcome back" sounds unexpected, then it definitely *is*.
Also, there must definitely be no way to re-trigger the "new"-tag through crafted URLs, either.

I hope the problem became clear, this time.
legendary
Activity: 2506
Merit: 1010
Please let me know, if my concern makes sense to you, or if I might need to clarify it a bit better.

You are correct that the only secure way to use Instawallet is to use only an InstaWallet (URL) that was assigned to you by the site (which occurs EVERY time you access the URL without specifying any path, i.e,., https://instawallet.org ).

If someone passes you some funds with another InstaWallet (URL), you can send the funds to the Bitcoin address to your own InstaWallet but you should never add new funds to that InstaWallet -- it should be treated as having been compromised.

If the user goes straight to an existing wallet, then it would be good to "welcome back"

The site does give the message:
"Only share your bitcoin address, NOT the wallet URL or key, with the public."
So if a person gets the wallet URL from elsewhere hopefully that person can realize that a problem exists.
full member
Activity: 216
Merit: 100
Recently, I saw a couple of instances (in chat rooms), where people published private URLs of instawallets, sometimes with some dust (less than 0.01 BTC) in it, sometimes empty. I think that newbies could be tricked by referrers to believe that the wallet they arrive at might be theirs, and start depositing money.

I'd like to see Instawallet make it perfectly clear to a user, whether a wallet displayed has just been created anew, or is being "re-visited".

In the former case the wallet should contain all the advisories about about saving it to a bookmark for lack of recovery-procedures (and of course about not sharing the wallet's URL).

If the user goes straight to an existing wallet, then it would be good to "welcome back" him, with an extra note, that if he hasn't previously created that one wallet himself, that it would then probably be unsafe to deposit funds there.

Please let me know, if my concern makes sense to you, or if I might need to clarify it a bit better.
legendary
Activity: 1652
Merit: 2301
Chief Scientist
Why so long?
Because the wallet is massive

... and because bitcoind's wallet code hasn't been optimized for massive wallets.  "patches welcome"
(although I think the wallet code needs a complete rewrite, we've learned a lot over the last couple of years and need wallets that are much easier to back up and keep secure).
legendary
Activity: 1372
Merit: 1008
1davout
hero member
Activity: 560
Merit: 500
I am the one who knocks
Instawallet's Bitcoin daemon apparently just crashed.
Sit tight while it's starting up again. For the record, the Instawallet bitcoin client takes approximately an hour to start up.
Why so long?
legendary
Activity: 1372
Merit: 1008
1davout
Instawallet's Bitcoin daemon apparently just crashed.
Sit tight while it's starting up again. For the record, the Instawallet bitcoin client takes approximately an hour to start up.
legendary
Activity: 1372
Merit: 1008
1davout
No reporting requirements are imposed upon Bitcoin-only services, and even if Instawallet is operated by Paymium it remains a Bitcoin-only service.
But without Instawallet being a separate legal entity I am assuming that if Paymium were to be ordered to turn over any and all records relating to Bitcoin-Central account #nnnnn and those records included a deposit from an Instawallet bitcoin address that those Instawallet records too would need to be turned over, in order to comply with the order.
My interpretation is different. BC really has no way to know whether a deposit came from Instawallet or not.
Bitcoin-Central and instawallet are different services.
They have no direct connection and communicate to each other only through the Bitcoin network itself.
legendary
Activity: 2506
Merit: 1010
No reporting requirements are imposed upon Bitcoin-only services, and even if Instawallet is operated by Paymium it remains a Bitcoin-only service.
But without Instawallet being a separate legal entity I am assuming that if Paymium were to be ordered to turn over any and all records relating to Bitcoin-Central account #nnnnn and those records included a deposit from an Instawallet bitcoin address that those Instawallet records too would need to be turned over, in order to comply with the order.
legendary
Activity: 1372
Merit: 1008
1davout
With Paymium (operator of Instawallet)' Bitcoin-Central exchange becoming partnered to a Payment Services Provider (PSP), how will this affect Instawallet?
In no way. Bitcoins are and remain unregulated.
No reporting requirements are imposed upon Bitcoin-only services, and even if Instawallet is operated by Paymium it remains a Bitcoin-only service.

We welcome Tor users on Instawallet.

Specifically, let's say I buy a piece of silver bullion and send bitcoins as payment from my Instawallet.  And that seller happened to use Bitcoin-Central.  Then they cashed out and withdrew the funds via the PSP/bank.  But unbeknownst to me the bullion seller was in trouble with the authorities for something and the EU authorities are monitoring each transaction of the seller.  
What we would do is pull the data we have from the Bitcoin-Central logs. We'd see a Bitcoin transaction incoming. And that would be it.
We keep the strict minimum logs for Instawallet so there's really not much to share.

Would that mean the link to my Instawallet might also be shared, and possibly all of my Instawallet transactions be shared with the authorities?
If as a company we get a court order, we have to comply.
However :
 - we can only give what we log, which is, again, not much for Instawallet,
 - it's quite dubious a court would issue an order to surrender Instawallet data "just to see if the transaction didn't originate from there"

The beauty with Bitcoin is that you don't have to trust my word. Your financial privacy is in your very own hands, all the tools are yours to use.
legendary
Activity: 2506
Merit: 1010
With Paymium (operator of Instawallet)' Bitcoin-Central exchange becoming partnered to a Payment Services Provider (PSP), how will this affect Instawallet?

Specifically, let's say I buy a piece of silver bullion and send bitcoins as payment from my Instawallet.  And that seller happened to use Bitcoin-Central.  Then they cashed out and withdrew the funds via the PSP/bank.  But unbeknownst to me the bullion seller was in trouble with the authorities for something and the EU authorities are monitoring each transaction of the seller.  

Would that mean the link to my Instawallet might also be shared, and possibly all of my Instawallet transactions be shared with the authorities?
hero member
Activity: 492
Merit: 500
I just transfered some BTC from instawallet to my clients BTC address. After hitting send, the site gave me an error, something like "oops, something went wrong". The amount was deducted from my instawallet but never showed up on my address/the blockchain.

I'm getting a little nervous here, what's happening? I triple-checked the address before sending, so that shouldn't be the issue.

Issue resolved, thanks a lot! Cheesy
hero member
Activity: 492
Merit: 500
I just transfered some BTC from instawallet to my clients BTC address. After hitting send, the site gave me an error, something like "oops, something went wrong". The amount was deducted from my instawallet but never showed up on my address/the blockchain.

I'm getting a little nervous here, what's happening? I triple-checked the address before sending, so that shouldn't be the issue.
legendary
Activity: 1372
Merit: 1008
1davout
Pages:
Jump to: