Jav, how's redevelopment going?
Slow, I'm afraid. My new job keeps me pretty busy.
So I came up with a blurb about Bitcoin that goes on the front of a business card, and on the back will go a unique Instawallet account. I'm creating a tool using the API to create, fill, and print the accounts, and I'm getting a lot of 504 errors, which makes creating new wallets very slow. Is there any way that developers could sign up for an API key or something, allowing bypass of normal rate limits?
Cool to hear Instawallet being used in this way! Unfortunately I can't lift the rate limits for you as there aren't any rate limits. Just a smallish server with too much load. But I am planning on switching to a new server fairly soon, so that should hopefully help!
Hi Jav, I understand Instawallet comes as-is with no warranty express or implied. However, I'm just curious about your logging practice. Do you associate IP addresses with URL/BTC addresses? Is the session stored entirely client side or does your server remember some key shared with the browser cookie? Are URLs derived from BTC addresses, vise versa or are they both just columns in the same database row?
I don't go out of my way to _not_ log users, which means that typical settings are in effect on the server - for example the webserver records a log file which could be used to associate IP addresses with Instawallet URLs.
Cookies aren't used anymore (in the beginning they were used to store the last visited Instawallet, but I have since changed that). So the site doesn't track any specific sessions - the URL is the only identifier needed and it's available as part of every request.
URLs are generated randomly and have no special connection to the Bitcoin address. The link between them is stored in a database, like you said.
I'm curious about this for a number of reasons but in particular I'm wondering if Instawallet helps scramble identity and is thus useful in preserving some anonymity?
I do think Instawallet can be a useful tool to increase anonymity. If you make two payments from your private wallet, it might be possible to link them using the block chain. If you do the same with Instawallet, it can always be argued that the second payment was some other Instawallet user (as to the outside, Instawallet just looks like one large wallet).
Of course if someone has access to Instawallets logs - like I mentioned above - they can get the IP address that initiated the payment. Using Tor could be an option here, to hide your real IP from that.