Topic: Wallet.is a service striving to succeed where instawallet has failed (Read 3415 times)

So right, I agree that if you do not control your own private keys you do not own the coins

please explain to me what these edge cases are.

if the secret part of the url can leak, it is certainly equally bad as an attacker can empty the wallet.

by not keeping the actual private keys on your server only in memory for a short amount of time you avoid many hacking problems.

Two factor authentication is very important for this kind of wallet...

While I wait for your efforts and others to develop...

I was looking around for a way to dispurse more of the BTC that I wish to trust with a single on-line wallet (blockchian.info) and notice 'strongcoin' and there actions to fuck a thief (which I found both appropriate and highly amusing.)

In researching 'strongcoin' I spotted no significant discussion on this forum, and much more importantly, the actual personally identifiable information on those behind the effort was, in my opinion, sorely lacking.  Although it could be bogus, the amount of information along these lines which ~puik saw fit to publish was/is a strong selling point to me in using the blockchain.info solution.

I only mention it in case it influences how you structure your offering as things evolve.

His issue can be boiled down to "server side storage is not trustworthy".

We at wallet.is don't aim to somehow mend the fundamental trust assymetry of server-side wallets, but we intend to make up for that in valueable features and ease of use. We hope that, by providing a reliable and feature-rich service over a long period of time we shall, eventually, prove ourselves to be "trustworthy enough" for certain use cases.

If I wanted to steal coins, I would have been far better off with something along the lines of pirate scam (entraping people with greed is far easier than entrapping them with a feature rich service - much less code that way )

I believe the fact you glossed over TF's issues without any defense shows his comments were dead on.  You are going to collect as many coins as you can then disappear.  

Hi guys!

Just a quick update: We have support for LTC:
https://ltc.wallet.is

More to come - working frantically on new features

Posting from mobile.

P.S.:

Matoking, will add (better safe than sorry )

apetersson, I think that having privkey in the url creates more issues than it solves (it does not solve the trust issue itself, and may create additional nasty edge cases)

P.P.S.:
I have, recently, devised something very special for "internal transactions" thing.

Stay tuned for more updates

http://support.google.com/webmasters/bin/answer.py?hl=en&answer=93710

Add the noindex meta-tag to your wallet pages so the pages won't get indexed by Google, even accidentally. The robots.txt file isn't sufficient enough, since it doesn't prevent links from other sites being indexed.

i think it would make sense to have a url structure like

https://wallet.is/key/5KdN2Qrb5peKKmtpFU9A6owijy1a2sHNo6JcuGMy1iTn5dBjKWt

where the key is the actual private key.

that way, you only have to maintain a generic index of all adresses. Intentionally do no keep any logs.

if your service goes offline anyone can still import their key into a wallet.

I kinda like z12's idea, especially since dead man's switch (which is among my fav. features) involves providing a btc address anyway.

Receive a cold btc address from users so it can be used for verifications by signing messages and withdrawing user's coins to that particular address in case of "insta-wallet" kinda thing happened so users won't have to go through a claim process.
This address can be used for recovering lost address/password and the address itself should be changeable provided you can sign a 64 random letter text proving you own the address.
I think it would be far more anonymous than providing email kind of thing

I think internal transactions should be your priority.

Also, perhaps, make a special non-announcement thread for feature suggestions ?

tvbcof and passerby

Thanks a lot for suggestions!

I like many of them, so I'll discuss them with the rest of the team and we'll start working right away. I like the "internal transaction" suggestion, though I'd rather avoid using either emails or long "bitcoin not-a-bank account numbers" as internal identifiers. I am considering bitcoin address of the vault itself (gox style) though I am open to other suggestions.

Also, I have a few ideas of my own that, to the best of my knowledge, aren't part of any wallet service currently done
Wallet.is team will do our best to amaze

Well, I guess I will first comment on tvbcof's suggestions a little bit, then will offer my own


Same here.


I'd rather look for formal positions confirming competence - then again, I'm pretty sure that Citibank doesn't outsource its operations to 12 year old boys with ADHD and yet... THIS


I think there definitely should be hot wallet and cold wallet, though given how insta-wallets aren't exactly Goxes, the cold wallet might be cold in more than one sense for a rather long time.


I like this, but I think the complexity added can be sidestepped with having a recovery email and a "lock account" button.

I mean, if I have to write a "de-mothballing token" I might as well just use an email recovery process.


I think just adding a line of text clarifying that this is not a "bitcoin bank" should be enough. After all, "only keep as much bitcoins here as you really need" is rather subjective.
I had, at one point, about 100 btc in Instawallet (long before the whole thing went down in fire, luckily ), and would have been pretty annoyed if it started nagging me about the need to take them out.
 

Now, some suggestions of my own.

• outgoing-fees

People hate ads. People who think they are security-conscious hate ads even more. Also, bitcoinfolk is savvier than your average soccer mom, so a lot of us have adblockers. Thus, ads won't work for paying your bills, roalwe.

Fees might.

I, however, hate the ever loving hell of "storage" fees (guys, I trust your little wallet shop with my coins, and you repay my trust and loyalty by charging me ? Yes, easywallet.org , I am looking at you )

• free internal transactions

You should introduce a mechanism one "vault" (in your terminology) can send BTC to another "vault"  without actually going through BTC network, and such transactions would be free.
This would require the account to have a secondary identifier that can be shared freely... I don't know, like an email. Or something.

It should NOT be related to anything that can be used for vault auth (URL, password, etc).

Ideally, I should be able to attach notes (like, "thx 4 all Z drugz - kissz, lawl nF0rc3r" ) to internal payments

• Recovery email

If I bother to set up a password, I might also bother enough to set up a recovery email.

• Dead man's switch

Yeah, easywallet has it. So what ? It's damn cool, and I think every wallet should have it. Not like it's rocket science or a huge server load.

• QR codes

Personally, I think they aren't all that useful, but ladies like them or something.

That's all for now

IIRC this is based on some code I did a while back which is public domain, they listed it on the about page: https://github.com/g2x3k/litecoin-instawallet-simple

I liked Instwallet very much for it's URL only usability.  My philosophy in using it was for spending money only.  I always knew that a whole range of possible issues existed, and am not complaining bitterly about my loss.  I am pursuing the failure vigorously, but for different reasons.

My feeling about URL access is that a whole range of issues from a different but overlapping set exist with other solutions also.  Losing one's password is high among these.  I see no reason why it could not be reasonably secure and well managed on the back end.  The 'killer app' for me was not needing to provide an e-mail addy, SMS, etc, and the lack of a password made that smooth.

---

Here are the things I would look for:

 - A team which is well known and respected (this failed in the case of ~davout though.)

 - A good description of the back-end to architecture.  Opens-source if possible.  I think the pro's outweigh the con's, but it is debatable.

 - A good understanding of the funding.  Limited hot-wallet with occasional funds exhaustion is preferable to insolvency on failure.  Fees going into an auditable pool to be re-distributed absent failure would lend some credibility.  Or even let the user select thier preference on limits.

 - A documented recovery plan in case of failure.

 - A 'lock out' URL which, if visited, would lock the account.

 - A 'recovery token' which could be used to unlock a locked account or prove ownership of a URL

 - A 'maximum exceeded warning' mechanism whereby a user could be reminded that the service is for limited funds.

 - I've already forgotten some of the stuff I thought of.

I'll use your service without any of this stuff for minor spending, temporary funds shuffling, and new user demonstration purposes.  As always, with the anticipation that you guys could rip me off at any time.  Also with the full knowledge that you could be logging my IP's, transactions, etc.  Just as was the case with Instawallet.

I think people are having serious trouble selling themselves on using well known, aged and trusted services like blockchain.info's wallet. Take a chance on a newcomer? Not this month. Probably not this year and quite possibly never ever.

What features would you suggest?


I'm not easily offended, and I certainly see why people might be suspicious of a wallet service.

Thanks for the welcome - very appreciated.

As to google auth - well, it's not exactly a nice thing code-wise, but it is rather useful, thanks for the suggestion.

I think that adding support for their two-factor auth system is not out of the question if/when we decide to expand beyond "quickiewallet" philosophy (which is what I think passerby is hinting at)


Well, so far we're just on BTC fees - would be kinda unfair to charge people for an early beta of a service, I think.

Speaking of fees, it seems that if we were to expand to a more... comprehensive feature suite, we'd have to either adopt some fee system or place ads, and it appears to me that people loathe ads in  wallet services (and not only the rather risky "rich media" ads, it seems)

unlike others I would welcome you around and suggest Google Authentication as an option, honesty and trust is hard when it comes to money so maybe you understand how "others" see you

I don't think he "admitted" is the right word for describing a situation when someone says a truism that is well-known in all security-related fields.

Also, is your "hundred orders of magnitudes" assessment based on some formal estimation process, or are you just fond of throwing around brown-number claims that sound BIG ?  


Guaranteed ?

As in, you would be willing to bet money on that ?  Interesting... We could do something... about that


Well well... user-side encrypted keys which are stored (encrypted) elsewhere can be rather vulnerable to /dev/null incident happening "on the server side" (of course, proper service should have backups - but that does not mean a given specific service does)


Are you, by any chance, related to Glenn Beck ? (I'm just asking questions )


Now, now, it depends.

Personally, I don't think that "really fast one-time wallet" services are "done for", that's all.

Yes, they do have attack vectors and failure modes that are specific to them, but at a number of circumstances I have found such trade-offs acceptable (I have used Instawallet in the past, as an "intermediate" coin deposit of sorts, and was quite satisfied by the outcome).

Also, I don't think anything can be completely secure - my vanilla satoshi client, with password-protected wallet and regular automatic backups, can be argued to be safer than any "online-shmonline" service could ever be, but to claim it is "totally" secure would be just pure hubris.

The question is, what the tradeoffs are.

As it stands, Wallet.is doesn't do anything interesting enough to make me consider moving coins into it, though I probably will use it as a "lazy man's cheap-ass coin decorrelator" at some point in the future.
Hence, dear wallet.is, please amaze me. Or something.

I suggest we move the discussion from "Ye Greate Battle of Wallet Service Philosophies" to "what cool features one could add to a "classic" wallet service"

I can start a separate thread for great philosophical battles, if someone considers it necessary.


P.S.:
Dear TradeFortress, if Modify button was a bunch of rattlesnakes, your next-of-kin would have already received your possessions.