We are now going to lock this topic, because everything has been said, and we don't want this to be endless.
If you are interested with the app, feel free to message us, join our telegram, comment on any of the dapps sites.
Topic: Some Wei're, an Ethereum treasure hunt dapp! (Read 232 times)
--
After all these considerations, we decided to go on logging your private key directly, encrypted in the storage data, like every other wallet app. There is nothing new with this. Only the trust you give to these wallets, that could possibly have a vulnerability also.
We still thank everyone for asking questions, we are still learning how to share and promote our products in the blockchain community.
After all these considerations, we decided to go on logging your private key directly, encrypted in the storage data, like every other wallet app. There is nothing new with this. Only the trust you give to these wallets, that could possibly have a vulnerability also.
We still thank everyone for asking questions, we are still learning how to share and promote our products in the blockchain community.
To make sure that you will not lost any money from this, users should not totally use this app. Or if they really do want to try this game, create a new wallet dedicated only to this and store small amount of money that you can afford to let go. This might be a trap to all newbies that are not aware of the possible security issues that might arise of logging their private keys directly. What is the reputation of the team behind this to trust your money? You have no slightest idea what are their plans to your private keys, so better be safe than sorry.
This is exactlly what has been said in our presentation
Quote
[To use the dapp, only the private key of a provided account, which will be stored encrypted in your phone, is necessary. Use a dedicated account to use the app, to store temporarily the amount you found or the amount you are about to bury.
Please read the full post before any intervention. Otherwise we end up with a long misunderstanding a misleading topic. Forums are not made for replies that are not paying attention to original posts (this kind of intervention has other names...)
With that being said, this approach literally resolves any trust issues. If you are interested, play with a dedicated account with small amounts of money, like we originally said.
--
After all these considerations, we decided to go on logging your private key directly, encrypted in the storage data, like every other wallet app. There is nothing new with this. Only the trust you give to these wallets, that could possibly have a vulnerability also.
We still thank everyone for asking questions, we are still learning how to share and promote our products in the blockchain community.
After all these considerations, we decided to go on logging your private key directly, encrypted in the storage data, like every other wallet app. There is nothing new with this. Only the trust you give to these wallets, that could possibly have a vulnerability also.
We still thank everyone for asking questions, we are still learning how to share and promote our products in the blockchain community.
To make sure that you will not lost any money from this, users should not totally use this app. Or if they really do want to try this game, create a new wallet dedicated only to this and store small amount of money that you can afford to let go. This might be a trap to all newbies that are not aware of the possible security issues that might arise of logging their private keys directly. What is the reputation of the team behind this to trust your money? You have no slightest idea what are their plans to your private keys, so better be safe than sorry.
To summarize all the replies and the issues here, I will repeat the mantra :
Don't trust, verify.
If anyone is interested of course, about the app, feel free to verify. If you are familiar with how to find the apk file in your device, you can look for any trace of danger. If you don't know how, a little bit of Google will help you find the way very quickly.
You can also check the smart contracts used for the app on git : https://github.com/SomeWeire/SomeWeireContracts. We just uploaded them as we considered everything that has been said.
If you are not interested whatsoever with our project, it is totally fine. If you are, feel free to verify everything.
We can even challenge any viewer of this post, to give us the plain proof, with our code, that we are indeed trying to scam people.
As for the private key issue, a little explanation of our decision to do so :
Of course, we considered not using private keys to log users in. We considered using Metamask or other plugins. But this solution couldn't satisfy the requirements of the app, as it is a mobile app and not a web app. The restrictions of using accounts on mobile apps are completely different. Thus having users to log with private keys.
On a web app, never log your private key in directly because :
- HTTP traffic can be intercepted and security is not assured anymore
- You don't know what's behind the page you are entering your private key into
On a mobile device, on the other hand, the issue is completely different, as everything is on your device. The only ways for someone to scam you is :
-The app is indeed a scam and is sending your data to a server. But this is something you can obviously see, if you go inside the app code that is on your device, or check your network traffic
-The app is not secured and is not storing your key properly, so someone (aware of this vulnerability) can make you install a malicious app getting your storage data and stealing your key.
After all these considerations, we decided to go on logging your private key directly, encrypted in the storage data, like every other wallet app. There is nothing new with this. Only the trust you give to these wallets, that could possibly have a vulnerability also.
We still thank everyone for asking questions, we are still learning how to share and promote our products in the blockchain community.
Don't trust, verify.
If anyone is interested of course, about the app, feel free to verify. If you are familiar with how to find the apk file in your device, you can look for any trace of danger. If you don't know how, a little bit of Google will help you find the way very quickly.
You can also check the smart contracts used for the app on git : https://github.com/SomeWeire/SomeWeireContracts. We just uploaded them as we considered everything that has been said.
If you are not interested whatsoever with our project, it is totally fine. If you are, feel free to verify everything.
We can even challenge any viewer of this post, to give us the plain proof, with our code, that we are indeed trying to scam people.
As for the private key issue, a little explanation of our decision to do so :
Of course, we considered not using private keys to log users in. We considered using Metamask or other plugins. But this solution couldn't satisfy the requirements of the app, as it is a mobile app and not a web app. The restrictions of using accounts on mobile apps are completely different. Thus having users to log with private keys.
On a web app, never log your private key in directly because :
- HTTP traffic can be intercepted and security is not assured anymore
- You don't know what's behind the page you are entering your private key into
On a mobile device, on the other hand, the issue is completely different, as everything is on your device. The only ways for someone to scam you is :
-The app is indeed a scam and is sending your data to a server. But this is something you can obviously see, if you go inside the app code that is on your device, or check your network traffic
-The app is not secured and is not storing your key properly, so someone (aware of this vulnerability) can make you install a malicious app getting your storage data and stealing your key.
After all these considerations, we decided to go on logging your private key directly, encrypted in the storage data, like every other wallet app. There is nothing new with this. Only the trust you give to these wallets, that could possibly have a vulnerability also.
We still thank everyone for asking questions, we are still learning how to share and promote our products in the blockchain community.
My question is: how do you make money off of this? Who provides the ethereum for people to find?
Thank you for this question.
We do not make LOADS of money
, we take 0.10USD on each transaction (bury or dig).The most important part is, YOU, or anyone, can put ether somewhere and give the location to someone else, or give hints to find the location. For now, we did hide the ethers, using the app, inside Paris, but it is a decentralized app, so the contract is only here as a bridge between users. We do not monitor anything, apart from giving back an amount to a user who might have lost it, close the contract, etc.
We are a team of strong dapp developpers and we can assure any doubtful user that it is a piece of cake in this case to check if your key is in danger.
You say this project has a strong team, but I can't find any info about your team. Why we must trust what you say if we as user never know who behind this project? Release your team behind, give us link to your website, maybe I can see another side of this project.
I am very sorry, as I am responsible for the image and the promotion of the app. I will try to present everything.
We are french developpers, originally mobile developpers, starting a decentralized applications team, and thus releasing our first product. For now, we are working on our website over the domain someweire.com
As of socials, we are currently focusing on France, especially Paris, as we are part of the French Ethereum Association https://www.asseth.fr/ (not founding member but contributors).
We started a treasure hunt in Paris, to find 4 ethers (thus the 4 ethers present in our smart contract, which you can check at https://etherscan.io/address/0x33ef51485255f8e6fc91654dd237cd96bf115bbd). You don't understand French but we launched the hunt on several french forums : https://cryptofr.com/topic/20852/some-wei-re-l-app-de-chasse-au-tr%C3%A9sor-ethereum/9, including the french version of BitcoinTalk.
We posted a hint for users to resolve and find the location.
We are also present on Meetup, in France(Paris) and will soon start our first meetup : https://www.meetup.com/Some-Weire-lapp-de-chasse-au-tresor-Ethereum/events/265570989/
I am glad questions are asked, but the misconception and the misunderstanding on dapps issues and stakes are the reason dapps are still only 15% of all smart-contract implementing blockchains. We thought it was unfortunate and that's why we started this project.
Some Wei're is everything but a scam app, the PK is stored encrypted in your phone, with your lock screen password.
For the explanation, PK is basically the password to your account.
Take an example. There is no way you can import an account on Metamask without uploading your private key to open the account, or scanning the private key as a QR code.
To let people do transactions with their account, the PK has to be used. There is no way around it right now
.
That is why we recommend to use an account dedicated to the app. Do not use your main account to play. In that way, even if your phone get stolen, you'll just loose a child node of your master node. It is less dangerous.
If you have any questions, feel free to ask.
For the explanation, PK is basically the password to your account.
Take an example. There is no way you can import an account on Metamask without uploading your private key to open the account, or scanning the private key as a QR code.
To let people do transactions with their account, the PK has to be used. There is no way around it right now
.That is why we recommend to use an account dedicated to the app. Do not use your main account to play. In that way, even if your phone get stolen, you'll just loose a child node of your master node. It is less dangerous.
If you have any questions, feel free to ask.
They got an account in google play which they thought they could earn trust easily so they thought of asking privatekeys. Glad that people noticed these type of scam already for the good of others, someone should put a warning, maybe from DT about them asking PK to prevent someone getting hacked account.
It is unfortunate that a lack of understanding of basic app security can lead to a misconception like that.
Our app is on every major dapp website :
- https://www.dapp.com/dapp/some-wei-re
- https://www.stateofthedapps.com/dapps/some-wei-re
- https://dapp.review/dapp/12193/Some-Wei%27re
and has been reviewed by these websites already. Maybe it is our fault not to have pointed out our coverage online. But I am here for that.
Nontheless, you should, prior to dive in dapps world, and apps in general (and websites in general), get to understand more about the difference between security goals on all the platforms over Private Keys.
Stealing private keys on a mobile app and hoping to get rich with that is pointless, as it can be detected in a second.
Some Wei're is everything but a scam app, the PK is stored encrypted in your phone, with your lock screen password.
For the explanation, PK is basically the password to your account.
Take an example. There is no way you can import an account on Metamask without uploading your private key to open the account, or scanning the private key as a QR code.
To let people do transactions with their account, the PK has to be used. There is no way around it right now.
That is why we recommend to use an account dedicated to the app. Do not use your main account to play. In that way, even if your phone get stolen, you'll just loose a child node of your master node. It is less dangerous.
If you have any questions, feel free to ask.
For the explanation, PK is basically the password to your account.
Take an example. There is no way you can import an account on Metamask without uploading your private key to open the account, or scanning the private key as a QR code.
To let people do transactions with their account, the PK has to be used. There is no way around it right now
.That is why we recommend to use an account dedicated to the app. Do not use your main account to play. In that way, even if your phone get stolen, you'll just loose a child node of your master node. It is less dangerous.
If you have any questions, feel free to ask.
They got an account in google play which they thought they could earn trust easily so they thought of asking privatekeys. Glad that people noticed these type of scam already for the good of others, someone should put a warning, maybe from DT about them asking PK to prevent someone getting hacked account.
We are a team of strong dapp developpers and we can assure any doubtful user that it is a piece of cake in this case to check if your key is in danger.
You say this project has a strong team, but I can't find any info about your team. Why we must trust what you say if we as user never know who behind this project? Release your team behind, give us link to your website, maybe I can see another side of this project.
On a dapp website it makes sense not to send your private key, as there must be a server processing everything you do.
But on a mobile app, the user interface is on the users phone. Users store their private keys encrypted on their phones. It could be easy to check if the private key is sent to any sort of backend by monitoring your mobile network traffic. One could even extract the apk file and decompile the code to check, as everything is on your own device. This would be the silliest scam ever!
We are a team of strong dapp developpers and we can assure any doubtful user that it is a piece of cake in this case to check if your key is in danger.
But on a mobile app, the user interface is on the users phone. Users store their private keys encrypted on their phones. It could be easy to check if the private key is sent to any sort of backend by monitoring your mobile network traffic. One could even extract the apk file and decompile the code to check, as everything is on your own device. This would be the silliest scam ever!
We are a team of strong dapp developpers and we can assure any doubtful user that it is a piece of cake in this case to check if your key is in danger.
generally asking for private key is not going to be responded to well, unless you are a well known project with already good rep. may need some more thinking on that
Some Wei're is everything but a scam app, the PK is stored encrypted in your phone, with your lock screen password.
For the explanation, PK is basically the password to your account.
Take an example. There is no way you can import an account on Metamask without uploading your private key to open the account, or scanning the private key as a QR code.
To let people do transactions with their account, the PK has to be used. There is no way around it right now.
That is why we recommend to use an account dedicated to the app. Do not use your main account to play. In that way, even if your phone get stolen, you'll just loose a child node of your master node. It is less dangerous.
If you have any questions, feel free to ask.
For the explanation, PK is basically the password to your account.
Take an example. There is no way you can import an account on Metamask without uploading your private key to open the account, or scanning the private key as a QR code.
To let people do transactions with their account, the PK has to be used. There is no way around it right now
.That is why we recommend to use an account dedicated to the app. Do not use your main account to play. In that way, even if your phone get stolen, you'll just loose a child node of your master node. It is less dangerous.
If you have any questions, feel free to ask.
Asking private key to login your apps, it's not a good idea. Actually, if you are really to give as ETH, you don't need to ask PK for your user. It's simple, you can use the wallet address as username, then, creating a password for your user as usual. I'm afraid you are trying to scam people with your power to store any PK.
Some Wei're is an Ethereum mobile dapp (exclusively for now) to set up Treasure hunts. With Some Wei're, bury an amount of ethers at a given location, or dig for buried ethers. Any kind of event can now be incentivized, whether it is a bycicle race, a hike, a trek, an escape game or a marketing event. The users will have the chance to win real ether!
https://play.google.com/store/apps/details?id=com.someweire.app
It exploits a smart contract (0x33EF51485255F8E6fc91654dD237Cd96bF115BbD) that stores the amount with the location as the key, when the amount is buried.
To obtain the amount, the user has to be at the same location (then, his coordinates will correspond to the key to allow unlocking the amount) and dig the ethers.
To use the dapp, only the private key of a provided account, which will be stored encrypted in your phone, is necessary. Use a dedicated account to use the app, to store temporarily the amount you found or the amount you are about to bury.
To set up a treasure hunt, the organizers have to communicate themselves on the location or the hints to find the ethers. The dapp is the tool that allows the treasure hunt. An organizer can also check the status of his buried amount by entering the coordinates. Only the address which buried the amount can access the status.
Check out the presentation articie on Medium for a full guide through the dapp : https://medium.com/some-weire-an-ethereum-treasure-hunting-app/presentation-eeaf573e6477
and join us on Telegram : https://t.me/someweire
Enjoy a new kind of treasure hunting!
https://play.google.com/store/apps/details?id=com.someweire.app
It exploits a smart contract (0x33EF51485255F8E6fc91654dD237Cd96bF115BbD) that stores the amount with the location as the key, when the amount is buried.
To obtain the amount, the user has to be at the same location (then, his coordinates will correspond to the key to allow unlocking the amount) and dig the ethers.
To use the dapp, only the private key of a provided account, which will be stored encrypted in your phone, is necessary. Use a dedicated account to use the app, to store temporarily the amount you found or the amount you are about to bury.
To set up a treasure hunt, the organizers have to communicate themselves on the location or the hints to find the ethers. The dapp is the tool that allows the treasure hunt. An organizer can also check the status of his buried amount by entering the coordinates. Only the address which buried the amount can access the status.
Check out the presentation articie on Medium for a full guide through the dapp : https://medium.com/some-weire-an-ethereum-treasure-hunting-app/presentation-eeaf573e6477
and join us on Telegram : https://t.me/someweire
Enjoy a new kind of treasure hunting!
Jump to: