Topic: Shop directly on Amazon.com with Bitcoin (Read 528 times)

That's nice, but I think what we actually want from you, is not your credentials but rather the source code of this service.
Without Moon being open-source, there is noting that could make you appear as more legitimate service.
Nice graphics, logos or utilities won't help much, people here generally value their privacy and safety.
Forgive me for being sceptical but I bet you can understand how important that is.
I would be more keen to use Moon if it was a stand-alone, lightning ready, micro wallet separated from coinbase, which I don't like any way. I think no one would complain on you taking fees if this service would actually work.  
As of right now it looks and feels like massive security breach.

They have removed now that reddit comment, was it just somebody trolling? in any case is a bit too much trust you need to give to this chrome extension in order to process the payment, for my personal taste.

Anybody here tried it?

Hey everyone,

We've launched Moon, a Chrome browser extension that lets you shop directly on Amazon.com with Bitcoin, Litecoin, Ether and Bitcoin Cash. Purchases are instant, secure and free.
Currently it works by connecting your Coinbase account, but we are adding the functionality to pay from any wallet.
Currently it only works on Amazon.com, but we are going to have it work on every site.

Dear members of the Ethereum community,

TL;DR: Uninstall Moon, Revoke your Coinbase API Keys NOW and PROTECT YOUR ETHEREUM

I was the co-founder and CTO at https://paywithmoon.com. Due to my discovery of the unethical business practices Moon Technologies, Inc. has been engaged in, I have left the company.

As of today, the moon browser extension manipulates the DOM of the users' browsers to give them an augmented shopping experience, one that allows them to shop online with cryptocurrency. Over the past couple of months, my co-founder, Kenneth Kruger, has ordered the collection of data belonging to users as a way to improve customer experiences. No users have ever been asked explicitly if they would prefer to opt-out of tracking, a feature which I regularly insisted should be added. If you are a user and look under at terms and conditions stated under https://paywithmoon.com/terms-conditions/ (dated 26 Feb 2019), you will find the agreement hidden under one of the terms and conditions. This is a huge breach of GDPR and privacy laws that are meant to protect user data.

From the moment a user installs the browser extension, the company will know exactly what pages are open on the user's browser, what the content of those pages are, and what the user is doing with them.
The biggest and most alarming issue of all, is the process of collection of how the browser extension works in the backend - Coinbase API keys. From the moment the user initiates the connection between the company and Coinbase, the company watches for changes in the user's current window, waiting for the user to complete the one-time passcode (OTP) verification process as required by Coinbase. Once that is done, the company programatically clicks the required permissions (scopes) required to create the API key as it sees fit.
The API key is then shown only once on the next screen, but the user does not know this (done via CSS manipulation). The company extracts the API keys into the backend, stored in plain text on the company's database on AWS. This is a definite security antipattern. This API key is then able to be used indefinitely until manually revoked by the individual user.

When I asked Kenneth Kruger why we should not encrypt the keys or create recursively locking IAM policies to prevent anyone in the management team to have personal access to users' API keys, Kenneth Kruger constantly avoided or redirected the discussion and prevented me from building any kind of system that would protect users.
Only two days ago, I have been locked out of my organization accounts including AWS and can no longer take preventive measures to protect users.

If you are a user of our browser extension today, ***PLEASE*** you need to uninstall the browser extension via chrome://extensions and go into https://www.coinbase.com/settings/api and revoke ALL your API keys NOW.
If you have not used the Moon browser extension, but know of a friend that might, please inform him or her to do so immediately.

You can read more about my experience in another post here https://np.reddit.com/r/startups/comments/au668p/what_to_do_in_the_event_you_get_zuckerberged_in_a/.

I had created Moon as I was crazy enough to think I was able to change the world with the single vision of bringing mass adoption to cryptocurrency, accelerating the future of the financial system. However, today is truly a sad day for crypto. Until we can find a way to completely decentralize and move away from the corporations, the no-accountability attitude and greed many executives possess, we cannot hope to bring forth the dream of cryptocurrency.

Until we meet on the moon again, please be safe, not sorry,


Alexander Ang

We make money from financial partners that facilitate the fiat payments to the merchants. They pay us in commissions and fees for bringing them transaction volume. This allows us to not charge fees to our users.

But I'd also like to feel that this is a form of goodwill to increase Bitcoin adoption

I want to be totally transparent with who we are.

You can see who I am personally at my Linkedin account: https://www.linkedin.com/in/kennethkruger/

I want to be totally transparent with who we are. We'll be redoing our website soon, so any feedback to make it seem less scammy is helpful. Thank you!

We make money from financial partners that facilitate the fiat payments to the merchants. They pay us in commissions and fees for bringing them transaction volume. This allows us to not charge fees to our users.

But I'd also like to feel that this is a form of goodwill to increase Bitcoin adoption

So, what is your business model? How do you make money with your service if there are no fees? Amazon ref links or something like this?

That's strange how can you call yourself a business if you won't be earning something from your product? Is this just a form of goodwill for Bitcoin users or am I missing something on how you will benefit from this kind of service you are offering? On paper it looks good and you seem to have a stacked Linkedin profile but something is still missing for you to be trusted with your service.

There are no fees. You pay what the exchange rate dictates at the moment you hit the pay button. 


That is great feedback. This is our business information:
We are Moon Technologies, Inc. a Delaware C Corporation. We are participating in the Entrepreneur's Roundtable Accelerator program in NYC. https://www.eranyc.com/companies/

You can see who I am personally at my Linkedin account: https://www.linkedin.com/in/kennethkruger/

I want to be totally transparent with who we are. We'll be redoing our website soon, so any feedback to make it seem less scammy is helpful. Thank you!

There are no fees. You pay what the exchange rate dictates at the moment you hit the pay button.  

You haven't mentioned any fees using your service which obviously you have as you will be the one paying Amazon with the appropriate payment method.

You also haven't provided any kind of information with regards of you not being a scam, such as a legal certification that you are a real business legally operating. By now a lot of members think the same way as I do as we know something is up when we see one.

How does this actually works though? I mean, how will Amazon recognize that we paid them with Moon? There's no description about it (I'm a noob at this issue).

Harlot raises a good concern, you should respond it if you want to prove that you're legit. Would love to see if you also open source the extension.

Currently it works by connecting your Coinbase account, but we are adding the functionality to pay from any wallet.

I feel a little bit worried to install add on in chrome browser because I have a bad experience in the past. I remember that in a few years ago, I installed one or two add on because I need those add on to my online work before. But suddenly, I didn't realize that there is another add on that came to my browser and installed directly in my chrome browser. I suspicious with that because I see that my browser was changed for the search engine default. Usually, I use Google to search for something but that time, the search engine was changed, and I search on how to fix that. The other story was I installed some add on, but I don't know why there is one add that was installed too, but I never feel that I installed the additional add on.

So I think you need to give more protection to the user especially we are making an online transaction on the internet, and I don't want to see that somebody will get stolen their money. I hope you can make sure that your add on is very secure so your customer will feel safe when they make a transaction. Good luck with your project.