Pages:
Author

Topic: Shop directly on Amazon.com with Bitcoin (Read 542 times)

hero member
Activity: 1582
Merit: 759
April 27, 2019, 09:40:47 PM
#27
I want to be totally transparent with who we are.
That's nice, but I think what we actually want from you, is not your credentials but rather the source code of this service.
Without Moon being open-source, there is noting that could make you appear as more legitimate service.
Nice graphics, logos or utilities won't help much, people here generally value their privacy and safety.
Forgive me for being sceptical but I bet you can understand how important that is.
I would be more keen to use Moon if it was a stand-alone, lightning ready, micro wallet separated from coinbase, which I don't like any way. I think no one would complain on you taking fees if this service would actually work.  
As of right now it looks and feels like massive security breach.

They can probably release the source code of the extension, but not the API.

I'm still pondering how this actually connects in with Amazon. A few questions:

1. Does the order stay on your Amazon account? And is trackable via your Amazon account, or does it get processed by an account operated by Moon. I know your website says you are not a Custodial service, so I assume it does stay within your account.
2. Does any billing info get changed on the order itself?
3. How exactly is this connection facilitated to Amazon. Is a specific bank/credit card attached to the invoice in place of the BTC, with your company providing the conversion in collab with your partners?


Edit, nvm. Just saw the second post of the 2nd page. Cry

@TryNinja, still interested to learn about the questions above.
legendary
Activity: 3472
Merit: 1722
In a different reddit thread the ex-CTO sounds like he's willing to eventually start a competing service, anyone know of similar LN-ready services?

They have removed now that reddit comment, was it just somebody trolling? in any case is a bit too much trust you need to give to this chrome extension in order to process the payment, for my personal taste.

Anybody here tried it?

It was probably removed because it contained personal information which is against reddit rules against doxxing.
hero member
Activity: 784
Merit: 1416
They have removed now that reddit comment, was it just somebody trolling? in any case is a bit too much trust you need to give to this chrome extension in order to process the payment, for my personal taste.

Anybody here tried it?
sr. member
Activity: 403
Merit: 257
Hey everyone,

We've launched Moon, a Chrome browser extension that lets you shop directly on Amazon.com with Bitcoin, Litecoin, Ether and Bitcoin Cash. Purchases are instant, secure and free.
Currently it works by connecting your Coinbase account, but we are adding the functionality to pay from any wallet.
Currently it only works on Amazon.com, but we are going to have it work on every site.

It is not a bad idea that someone has created something like this. But we're are dealing with money here, how can we be sure that, that extension of yours does not bug our computers with tracking or sort of that thing. Especially if we are to connect our "money" accounts to an unknown program right? If we do that, we are giving you free access also.


hero member
Activity: 1438
Merit: 574
Always ask questions. #StandWithHongKong
@TryNinja:  Great post with valuable info, thank you - merited.

I was sceptical about this whole thing & how it worked, you have confirmed my concerns with this post.

@OP:  I & the community would like your views on this please.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
February 26, 2019, 01:29:08 AM
#22
Wow, just shows you how cunning some of these people can be.  Roll Eyes  The guy looked legit and he sounded very sincere with his explanations to most concerns in this thread. I was about to install this, because I wanted to pay for something on Amazon and other intermediary services that buys goods on your behalf is just too complicated. < Purse >  Roll Eyes

I will merit #TryNinja when this is validated and confirmed.   Tongue
legendary
Activity: 2758
Merit: 6830
February 25, 2019, 08:17:53 PM
#21
DON’T USE THIS SERVICE!
UNINSTALL IT RIGHT NOW AND REVOKE YOUR COINBASE API KEYS.

I just saw this while browsing through Reddit:

Quote
Dear members of the Ethereum community,

TL;DR: Uninstall Moon, Revoke your Coinbase API Keys NOW and PROTECT YOUR ETHEREUM

I was the co-founder and CTO at https://paywithmoon.com. Due to my discovery of the unethical business practices Moon Technologies, Inc. has been engaged in, I have left the company.

As of today, the moon browser extension manipulates the DOM of the users' browsers to give them an augmented shopping experience, one that allows them to shop online with cryptocurrency. Over the past couple of months, my co-founder, Kenneth Kruger, has ordered the collection of data belonging to users as a way to improve customer experiences. No users have ever been asked explicitly if they would prefer to opt-out of tracking, a feature which I regularly insisted should be added. If you are a user and look under at terms and conditions stated under https://paywithmoon.com/terms-conditions/ (dated 26 Feb 2019), you will find the agreement hidden under one of the terms and conditions. This is a huge breach of GDPR and privacy laws that are meant to protect user data.

From the moment a user installs the browser extension, the company will know exactly what pages are open on the user's browser, what the content of those pages are, and what the user is doing with them.
The biggest and most alarming issue of all, is the process of collection of how the browser extension works in the backend - Coinbase API keys. From the moment the user initiates the connection between the company and Coinbase, the company watches for changes in the user's current window, waiting for the user to complete the one-time passcode (OTP) verification process as required by Coinbase. Once that is done, the company programatically clicks the required permissions (scopes) required to create the API key as it sees fit.
The API key is then shown only once on the next screen, but the user does not know this (done via CSS manipulation). The company extracts the API keys into the backend, stored in plain text on the company's database on AWS. This is a definite security antipattern. This API key is then able to be used indefinitely until manually revoked by the individual user.

When I asked Kenneth Kruger why we should not encrypt the keys or create recursively locking IAM policies to prevent anyone in the management team to have personal access to users' API keys, Kenneth Kruger constantly avoided or redirected the discussion and prevented me from building any kind of system that would protect users.
Only two days ago, I have been locked out of my organization accounts including AWS and can no longer take preventive measures to protect users.

If you are a user of our browser extension today, ***PLEASE*** you need to uninstall the browser extension via chrome://extensions and go into https://www.coinbase.com/settings/api and revoke ALL your API keys NOW.
If you have not used the Moon browser extension, but know of a friend that might, please inform him or her to do so immediately.

You can read more about my experience in another post here https://np.reddit.com/r/startups/comments/au668p/what_to_do_in_the_event_you_get_zuckerberged_in_a/.

I had created Moon as I was crazy enough to think I was able to change the world with the single vision of bringing mass adoption to cryptocurrency, accelerating the future of the financial system. However, today is truly a sad day for crypto. Until we can find a way to completely decentralize and move away from the corporations, the no-accountability attitude and greed many executives possess, we cannot hope to bring forth the dream of cryptocurrency.

Until we meet on the moon again, please be safe, not sorry,


Alexander Ang
https://reddit.com/r/ethereum/comments/auqrhf/psa_on_moon_browser_extension/

Until this is solved, don’t trust them.
hero member
Activity: 1806
Merit: 672
February 21, 2019, 12:07:29 PM
#20
~snip~

We make money from financial partners that facilitate the fiat payments to the merchants. They pay us in commissions and fees for bringing them transaction volume. This allows us to not charge fees to our users.

But I'd also like to feel that this is a form of goodwill to increase Bitcoin adoption Smiley

So the bottomline is your users will be considered as your product in order to make profit? I like the idea on how you can make things free on our end but in terms of assurance how will you guarantee that your partner who is another entity will actually handle the fiat payments on their end? The way I see it is it is like you are the 3rd party for the transaction to Amazon which also has a middleman to actually complete the trade, which complicates a lot of things.
hero member
Activity: 1638
Merit: 756
Bobby Fischer was right
February 21, 2019, 05:45:36 AM
#19
I want to be totally transparent with who we are.
That's nice, but I think what we actually want from you, is not your credentials but rather the source code of this service.
Without Moon being open-source, there is noting that could make you appear as more legitimate service.
Nice graphics, logos or utilities won't help much, people here generally value their privacy and safety.
Forgive me for being sceptical but I bet you can understand how important that is.
I would be more keen to use Moon if it was a stand-alone, lightning ready, micro wallet separated from coinbase, which I don't like any way. I think no one would complain on you taking fees if this service would actually work. 
As of right now it looks and feels like massive security breach.
sr. member
Activity: 742
Merit: 395
I am alive but in hibernation.
February 21, 2019, 05:13:02 AM
#18
You can see who I am personally at my Linkedin account: https://www.linkedin.com/in/kennethkruger/

I want to be totally transparent with who we are. We'll be redoing our website soon, so any feedback to make it seem less scammy is helpful. Thank you!

I guess this is not a solid proof. You need to share your signed message from both account to prove your authenticity.

We make money from financial partners that facilitate the fiat payments to the merchants. They pay us in commissions and fees for bringing them transaction volume. This allows us to not charge fees to our users.

But I'd also like to feel that this is a form of goodwill to increase Bitcoin adoption Smiley


I like your business idea. Increasing adoption without putting burden into bitcoin user like us is certainly welcome.
newbie
Activity: 12
Merit: 0
February 20, 2019, 02:38:58 PM
#17
There are no fees. You pay what the exchange rate dictates at the moment you hit the pay button.  
So, what is your business model? How do you make money with your service if there are no fees? Amazon ref links or something like this?

That's strange how can you call yourself a business if you won't be earning something from your product? Is this just a form of goodwill for Bitcoin users or am I missing something on how you will benefit from this kind of service you are offering? On paper it looks good and you seem to have a stacked Linkedin profile but something is still missing for you to be trusted with your service.

We make money from financial partners that facilitate the fiat payments to the merchants. They pay us in commissions and fees for bringing them transaction volume. This allows us to not charge fees to our users.

But I'd also like to feel that this is a form of goodwill to increase Bitcoin adoption Smiley
hero member
Activity: 1806
Merit: 672
February 20, 2019, 01:09:16 PM
#16
You haven't mentioned any fees using your service which obviously you have as you will be the one paying Amazon with the appropriate payment method.

There are no fees. You pay what the exchange rate dictates at the moment you hit the pay button. 

You also haven't provided any kind of information with regards of you not being a scam, such as a legal certification that you are a real business legally operating. By now a lot of members think the same way as I do as we know something is up when we see one.

That is great feedback. This is our business information:
We are Moon Technologies, Inc. a Delaware C Corporation. We are participating in the Entrepreneur's Roundtable Accelerator program in NYC. https://www.eranyc.com/companies/

You can see who I am personally at my Linkedin account: https://www.linkedin.com/in/kennethkruger/

I want to be totally transparent with who we are. We'll be redoing our website soon, so any feedback to make it seem less scammy is helpful. Thank you!


That's strange how can you call yourself a business if you won't be earning something from your product? Is this just a form of goodwill for Bitcoin users or am I missing something on how you will benefit from this kind of service you are offering? On paper it looks good and you seem to have a stacked Linkedin profile but something is still missing for you to be trusted with your service.
legendary
Activity: 2758
Merit: 6830
February 20, 2019, 12:15:11 PM
#15
There are no fees. You pay what the exchange rate dictates at the moment you hit the pay button.  
So, what is your business model? How do you make money with your service if there are no fees? Amazon ref links or something like this?
newbie
Activity: 12
Merit: 0
February 20, 2019, 12:06:11 PM
#14
You haven't mentioned any fees using your service which obviously you have as you will be the one paying Amazon with the appropriate payment method.

There are no fees. You pay what the exchange rate dictates at the moment you hit the pay button. 

You also haven't provided any kind of information with regards of you not being a scam, such as a legal certification that you are a real business legally operating. By now a lot of members think the same way as I do as we know something is up when we see one.

That is great feedback. This is our business information:
We are Moon Technologies, Inc. a Delaware C Corporation. We are participating in the Entrepreneur's Roundtable Accelerator program in NYC. https://www.eranyc.com/companies/

You can see who I am personally at my Linkedin account: https://www.linkedin.com/in/kennethkruger/

I want to be totally transparent with who we are. We'll be redoing our website soon, so any feedback to make it seem less scammy is helpful. Thank you!

hero member
Activity: 2660
Merit: 651
Want top-notch marketing for your project, Hire me
February 20, 2019, 06:12:40 AM
#13
How does this actually works though? I mean, how will Amazon recognize that we paid them with Moon? There's no description about it (I'm a noob at this issue).

Harlot raises a good concern, you should respond it if you want to prove that you're legit. Would love to see if you also open source the extension.
Is the matter of been inexperienced about the protocol of the OP project because I also dont understand how the whole things will work and this was the same alot of people is asking the OP and he's yet to be online and the last time I checked amazon is not collecting as mode of payment while some merchant on amazon do.
legendary
Activity: 2170
Merit: 1789
February 19, 2019, 11:05:28 PM
#12
How does this actually works though? I mean, how will Amazon recognize that we paid them with Moon? There's no description about it (I'm a noob at this issue).

Harlot raises a good concern, you should respond it if you want to prove that you're legit. Would love to see if you also open source the extension.
hero member
Activity: 1806
Merit: 672
February 19, 2019, 03:53:37 PM
#11
Your website lacks needed information for you to be trusted. You made the website's content as minimal as possible making me think you are hiding something from us. You haven't mentioned any fees using your service which obviously you have as you will be the one paying Amazon with the appropriate payment method. You also haven't provided any kind of information with regards of you not being a scam, such as a legal certification that you are a real business legally operating. By now a lot of members think the same way as I do as we know something is up when we see one.
legendary
Activity: 2702
Merit: 4002
February 19, 2019, 03:18:16 PM
#10
Currently it works by connecting your Coinbase account, but we are adding the functionality to pay from any wallet.
I would like to understand how the extension will work when the option of "pay from any wallet," will there be a balance and then discount from it "This balance is fed in BTC," or is there a payment address?
Why was it developed using Coinbase account, can you buy gift cards using it?
what about KYC/AML?
legendary
Activity: 3080
Merit: 1353
February 19, 2019, 02:41:46 PM
#9
I'm also concern about the security though as hackers are like always one step of the game. So please do make it secure from any attacks specially if we're going to connect our exchange accounts. And yeah, interested to see coins.ph integrated as well,  Grin.
newbie
Activity: 12
Merit: 0
February 19, 2019, 11:57:22 AM
#8
I feel a little bit worried to install add on in chrome browser because I have a bad experience in the past. I remember that in a few years ago, I installed one or two add on because I need those add on to my online work before. But suddenly, I didn't realize that there is another add on that came to my browser and installed directly in my chrome browser. I suspicious with that because I see that my browser was changed for the search engine default. Usually, I use Google to search for something but that time, the search engine was changed, and I search on how to fix that. The other story was I installed some add on, but I don't know why there is one add that was installed too, but I never feel that I installed the additional add on.

So I think you need to give more protection to the user especially we are making an online transaction on the internet, and I don't want to see that somebody will get stolen their money. I hope you can make sure that your add on is very secure so your customer will feel safe when they make a transaction. Good luck with your project.

Moon will never install any other extension or change your search engine or anything sketchy like that. We take security very seriously and take a lot of precautions to make sure that user data is secure. We need to work on making users feel secure though--that's something we're still figuring out.

Thanks for the feedback!
Pages:
Jump to: