Pages:
Author

Topic: Wallet.is a service striving to succeed where instawallet has failed - page 2. (Read 3457 times)

vip
Activity: 1316
Merit: 1043
👻
If you are STILL considering the idea of losing your bitcoins on wallet.is:

TORWallet - Scammer, Lost Coins
https://bitcointalksearch.org/topic/torwallet-scammer-112327

Instawallet - Lost coins
https://bitcointalksearch.org/topic/instawalletbitcoin-central-security-breach-164143

MyBitcoin - Scammer
https://en.bitcoin.it/wiki/MyBitcoin

Wallet.is - Future Scammer / Hacked Site
http://wallet.is/
vip
Activity: 1316
Merit: 1043
👻
'cause I can like myself a strongly pseudonymous, online wallet that is sufficiently feature-rich...So come on, AMAZE ME.

I guess you didn't want a secure online wallet.
vip
Activity: 1316
Merit: 1043
👻
Unless I'm the only person that has my private keys, and all signing is done on my computer, you are a fucking dumbass if you use this wallet because you will lose "your" coins.

You just admitted that nothing is 100% safe. Besides, do some reading.. the chrome extension for Blockchain.info is quite secure. Not bulletproof of course, but a hundred orders of magnitudes better than your current setup with is "send me coins".

Here is what WILL happen (guaranteed):

1. Operator goes AWOL, with no renewals server goes down
2. Operator disappears along with the coins in the wallet. Possibly a "hack" explanation.
3. Site actually gets hacked by someone else, you lose some or all of your coins

Don't store private keys on server.

If you don't have the private key, you don't own the bitcoins. Period.

Sorry if I'm a bit harsh, but this will end up with people losing their bitcoins to a hacker, to you, or to /dev/null.

Especially considering how the operator was registered a couple of days ago, he most likely saw how instawallet could have stole 10 million USD and wanted to scam others.
sr. member
Activity: 336
Merit: 254
CEO of Privex Inc. (www.privex.io)
'cause I can like myself a strongly pseudonymous, online wallet that is sufficiently feature-rich...So come on, AMAZE ME.
The only feature I see that instawallet didn't have, is the ability to password your wallet.
Also I don't even know if these guys charge fee's, they don't mention it anywhere on their site, so that could be a plus if there isn't a fee.
member
Activity: 112
Merit: 10
My superficial assessment suggests these guys, at the very least, know their shit better than instawallet guys did (no privkey exposure in the link).

Now, what concerns me most isn't key storage schedule per se (if I'm really paranoid about people running off with coins, I will store coins on a dedicated encrypted laptop in a "thin client". And the laptop will be locked up in a large metal box most of the time. Smiley ), but rather, what features beyond "hassle free" and "easy" are you going to implement ?

'cause I can like myself a strongly pseudonymous, online wallet that is sufficiently feature-rich...So come on, AMAZE ME.
newbie
Activity: 26
Merit: 0
the reason instawallet failed was because it had control of all the private keys. unless you store all private keys clientside, and ensure all signing operations are done clientside, your wallet service will always be insecure.

Well, doing stuff user side in javascript isn't exactly a pretty thing to do, it turns out

A good way to do proper user-side browser key management would be browser plugin (Nadim eventually went that way with the cryptocat chat), but that kind of defeats the whole "no hassle" aspect of the service in a very fundamental way (as do mandatory passwords / registrations - hence our passwords are optional)

Of course there is a certain inherent risk to having a server-centric design, but I have good reasons to believe it is reasonably small*.

Neither web frontends nor backends serving them are inherently insecure (You can always prove me wrong and hack Gox, taking their hot wallet  Cheesy ), and we intend our design to be very robust.

____________
* it should be noted that there is oftentimes a tradeoff between comfort and security going on


^this^ people, don't store coins that you would be uncomfortable losing with this service.  The private keys are server side and your money is not safe!

Strictly speaking, nothing is absolutely safe, only safe to varying degrees.

Javascript crypto isn't safe by a very long shot, and it would be rather hard to tell whether a well-done classic approach would not turn out "safer" than a user-side implementation done via such means (cryptocat abandoned this approach after almost singlehandedly pioneering it, after all)

Your stuff isn't absolutely safe even if stored in a physical safe

There are, however, degrees to safety, and tradeoffs between safety and other utility forms (such as comfort, ease of use, setup speed, additional valuable functionality, etc.)
full member
Activity: 219
Merit: 101
the reason instawallet failed was because it had control of all the private keys. unless you store all private keys clientside, and ensure all signing operations are done clientside, your wallet service will always be insecure.

^this^ people, don't store coins that you would be uncomfortable losing with this service.  The private keys are server side and your money is not safe!
legendary
Activity: 2058
Merit: 1452
the reason instawallet failed was because it had control of all the private keys. unless you store all private keys clientside, and ensure all signing operations are done clientside, your wallet service will always be insecure.
newbie
Activity: 26
Merit: 0
Hey man, good luck hopefully its secure  Cheesy

While security is, sadly, a bit like a scientific theory (can only really be disproved for good), we are committed to doing our best.
When we grow big, we'll have a proper audit.
legendary
Activity: 1310
Merit: 1000
Hey man, good luck hopefully its secure  Cheesy
newbie
Activity: 26
Merit: 0
Well, since I am not an Instawallet employee (and not a member of a forensics team I hope is working on their case) I don't have the details...

But they mentioned a database intrusion.

Wallet.is team has taken proper steps to keep little Bobby Tables out.
newbie
Activity: 29
Merit: 0
Do you know how instawallet was hacked?
newbie
Activity: 26
Merit: 0
Hello!
I am the founder of  a small team working on wallet.is , a simple yet versatile wallet service.

Our service was conceived when Instawallet suffered a break-in. With some of my bitcoins still there (probably stolen), I decided that I should do something about it.
Something like a small, simple wallet service that would be more secure, and which could eventually grow to provide additional features to its users (I'll talk about that in more details a bit later). So I got a few guys together, took some nice open source code and got down to work.

And here we are, at your service - https://wallet.is

BTW, we will release most of our code when it goes out of beta  - wallet.is not afraid of competition Wink!

Feedback, suggestions, and constructive criticism are very welcome.
Pages:
Jump to: