Topic: Wallet.is a service striving to succeed where instawallet has failed - page 2. (Read 3415 times)

If you are STILL considering the idea of losing your bitcoins on wallet.is:

TORWallet - Scammer, Lost Coins
https://bitcointalksearch.org/topic/torwallet-scammer-112327

Instawallet - Lost coins
https://bitcointalksearch.org/topic/instawalletbitcoin-central-security-breach-164143

MyBitcoin - Scammer
https://en.bitcoin.it/wiki/MyBitcoin

Wallet.is - Future Scammer / Hacked Site
http://wallet.is/

I guess you didn't want a secure online wallet.

Unless I'm the only person that has my private keys, and all signing is done on my computer, you are a fucking dumbass if you use this wallet because you will lose "your" coins.

You just admitted that nothing is 100% safe. Besides, do some reading.. the chrome extension for Blockchain.info is quite secure. Not bulletproof of course, but a hundred orders of magnitudes better than your current setup with is "send me coins".

Here is what WILL happen (guaranteed):

1. Operator goes AWOL, with no renewals server goes down
2. Operator disappears along with the coins in the wallet. Possibly a "hack" explanation.
3. Site actually gets hacked by someone else, you lose some or all of your coins

Don't store private keys on server.

If you don't have the private key, you don't own the bitcoins. Period.

Sorry if I'm a bit harsh, but this will end up with people losing their bitcoins to a hacker, to you, or to /dev/null.

Especially considering how the operator was registered a couple of days ago, he most likely saw how instawallet could have stole 10 million USD and wanted to scam others.

The only feature I see that instawallet didn't have, is the ability to password your wallet.
Also I don't even know if these guys charge fee's, they don't mention it anywhere on their site, so that could be a plus if there isn't a fee.

My superficial assessment suggests these guys, at the very least, know their shit better than instawallet guys did (no privkey exposure in the link).

Now, what concerns me most isn't key storage schedule per se (if I'm really paranoid about people running off with coins, I will store coins on a dedicated encrypted laptop in a "thin client". And the laptop will be locked up in a large metal box most of the time. ), but rather, what features beyond "hassle free" and "easy" are you going to implement ?

'cause I can like myself a strongly pseudonymous, online wallet that is sufficiently feature-rich...So come on, AMAZE ME.

Well, doing stuff user side in javascript isn't exactly a pretty thing to do, it turns out

A good way to do proper user-side browser key management would be browser plugin (Nadim eventually went that way with the cryptocat chat), but that kind of defeats the whole "no hassle" aspect of the service in a very fundamental way (as do mandatory passwords / registrations - hence our passwords are optional)

Of course there is a certain inherent risk to having a server-centric design, but I have good reasons to believe it is reasonably small*.

Neither web frontends nor backends serving them are inherently insecure (You can always prove me wrong and hack Gox, taking their hot wallet   ), and we intend our design to be very robust.

____________
* it should be noted that there is oftentimes a tradeoff between comfort and security going on


Strictly speaking, nothing is absolutely safe, only safe to varying degrees.

Javascript crypto isn't safe by a very long shot, and it would be rather hard to tell whether a well-done classic approach would not turn out "safer" than a user-side implementation done via such means (cryptocat abandoned this approach after almost singlehandedly pioneering it, after all)

Your stuff isn't absolutely safe even if stored in a physical safe

There are, however, degrees to safety, and tradeoffs between safety and other utility forms (such as comfort, ease of use, setup speed, additional valuable functionality, etc.)

^this^ people, don't store coins that you would be uncomfortable losing with this service.  The private keys are server side and your money is not safe!

the reason instawallet failed was because it had control of all the private keys. unless you store all private keys clientside, and ensure all signing operations are done clientside, your wallet service will always be insecure.

While security is, sadly, a bit like a scientific theory (can only really be disproved for good), we are committed to doing our best.
When we grow big, we'll have a proper audit.

Hey man, good luck hopefully its secure 

Well, since I am not an Instawallet employee (and not a member of a forensics team I hope is working on their case) I don't have the details...

But they mentioned a database intrusion.

Wallet.is team has taken proper steps to keep little Bobby Tables out.

Do you know how instawallet was hacked?

Hello!
I am the founder of  a small team working on wallet.is , a simple yet versatile wallet service.

Our service was conceived when Instawallet suffered a break-in. With some of my bitcoins still there (probably stolen), I decided that I should do something about it.
Something like a small, simple wallet service that would be more secure, and which could eventually grow to provide additional features to its users (I'll talk about that in more details a bit later). So I got a few guys together, took some nice open source code and got down to work.

And here we are, at your service - https://wallet.is

BTW, we will release most of our code when it goes out of beta  - wallet.is not afraid of competition !

Feedback, suggestions, and constructive criticism are very welcome.