Author

Topic: www.coinbook.me (Read 1468 times)

hero member
Activity: 765
Merit: 503
September 12, 2013, 07:20:38 PM
#20
Quote
security measure is effectively useless

I love these security arguments.  Security is about layers.  It secure to DB compromise, not snooping which is very small risk.
hero member
Activity: 765
Merit: 503
September 12, 2013, 07:18:38 PM
#19
Quote
That's funny, because your server is hosted by GoDaddy in Scottsdale, AZ, so therefore all your collected data is under the jurisdiction of the NSA.
I don't see the NSA as an issue.  This is getting tinfoil hat.  If you don't want your BTC address tied to an email then don't use the service.

The intention is to attract legitimate users of BTC, and become more mainstream, and multiple BTC addresses solve privacy issues.  As I said, people here have their BTC address on their sig, and the site requires an valid email address.
newbie
Activity: 9
Merit: 0
September 12, 2013, 06:58:00 PM
#18
Quote
but are you based in the USA?
No

That's funny, because your server is hosted by GoDaddy in Scottsdale, AZ, so therefore all your collected data is under the jurisdiction of the NSA.  In fact, your "only keeping the hash of the email" security measure is effectively useless, because the email address and associated BTC address will be sent cleartext since you don't have a valid SSL cert.  So the US government will see the "private data" as it gets sent over the network to your USA server.

In which country are you located, and why on earth did you choose GoDaddy in the USA as your provider if you're not in the USA yourself?

If anyone wants to verify this information, just do a geoip lookup on the coinbook.me domain name. 
full member
Activity: 142
Merit: 100
Hive/Ethereum
September 11, 2013, 11:50:10 PM
#17

Quote
If i understand correctly the usual / preferable way to do this is that for each customer/contact/friend the wallet assigns an address-generator that generates addresses unique not only to you but also to your friend, so that your wallt will not only recognise the address as yours, but also which customer/contact/friend you give addresses of that branch of generators
That is a good extension.  Might look at that.

BIP32 is supposed to solve this problem
hero member
Activity: 765
Merit: 503
September 11, 2013, 11:12:18 PM
#16
Thanks for the feedback once again.
Quote
bsmith's btc address is now tied to his email and full identity and all bitcoin transactions he has ever made
That's why the idea is to register a public address, like people have here on their sigs.

Quote
but are you based in the USA?
No

Quote
If i understand correctly the usual / preferable way to do this is that for each customer/contact/friend the wallet assigns an address-generator that generates addresses unique not only to you but also to your friend, so that your wallt will not only recognise the address as yours, but also which customer/contact/friend you give addresses of that branch of generators
That is a good extension.  Might look at that.
legendary
Activity: 2940
Merit: 1090
September 11, 2013, 10:04:46 PM
#15
if it is to be really useful, it could do what people actually need but usually cannot be bothered to do:

Give out a new address, of theirs, each time. Using, of course, the same deterministic creation of new addresses that their wallet uses so that their wallet, using the same deterministic process, will itself come up with those same addresses.

If i understand correctly the usual / preferable way to do this is that for each customer/contact/friend the wallet assigns an address-generator that generates addresses unique not only to you but also to your friend, so that your wallt will not only recognise the address as yours, but also which customer/contact/friend you give addresses of that branch of generators.

I do not know whether another layer is feasible, whereby the site this thread is about could be more than such a friend, able to generate not merely addresses of yours that you can tell are yours and also tell are ones this site is to be using, but also the site can tell (and tell you, optionally) which of their visitors they gave it out to. (Not by remembering all the addresses given to a particular IP address or cookie or member, but merely by remembering the generator it uses to generate new addresses of yours-via-that-site for that visitor/IP/cookie/member.

for sure though people could give generators to such sites, the generators themselves being generated, so that the people know which site/friend/contact/customer it is that they assigned that generator to thus recognise all addresses generated by it as being theirs via that site/friend/contact/customer.

doing that kind of work for people might actually make such a site useful to some people.

-MarkM-
newbie
Activity: 9
Merit: 0
September 11, 2013, 06:40:41 PM
#14
isn't this pretty much the purpose of firstbits?  plus firstbits doesn't make you reveal your email address at all.  I know you say you only keep the hash, but it doesn't matter, because you can LOOKUP by email address. 

So the feds say "oh we're investigating bob smith who has email [email protected]" then they type [email protected] into your database, and boom, bsmith's btc address is now tied to his email and full identity and all bitcoin transactions he has ever made. 

Just so you know, you're not the first person to have the idea of mapping email addresses to bitcoin addresses.  It has been suggested many times before, and shot down due to privacy concerns.

And I'd just like to point out, that you can claim you only save the hash all you want, but are you based in the USA?  Because they can send you a national security letter requiring you to keep the email addresses, and give you a gag order so that if you talk about it you get a 100 year prison sentence.  This is why Lavabit shutdown.  For all we know, you've already received that letter and as a condition of your gag order you are required to talk about how you only store the hashes and not the full email address.  This is the reality we live in now, and it really sucks, but we have to deal with it and be as cautious as possible.
hero member
Activity: 765
Merit: 503
September 11, 2013, 04:44:33 PM
#13
Good luck with your info gathering.  As for myself, I can't see how it would help me.
Hi tspacepilot,

All email addresses are hashed within our database and never stored as plain text.  After our initial confirmation email (which only persists in memory), it is impossible for us to view the email records.
hero member
Activity: 765
Merit: 503
August 29, 2013, 11:39:59 PM
#12
Hi,

I like the idea(had the same idea a few months ago, but was too busy realizing it ). It would be cool if you would implement also a search for real names, skype name or whatever. I think you could then make more out of it. Also I would love to see an API with like json or/and xml responses so people could use your service in apps/programs.

Otherwise good service, I like it!

Thanks StewieG

Yes, I will finish that service too.  Didn't see it as a high priority until we get a few more users in the DB.

It will have an api for searching:
/Api?format=xml
/Api?format=json
/Api?format=plaintext

And an addition one later.
newbie
Activity: 43
Merit: 0
August 29, 2013, 11:37:03 PM
#11
When i just type in coinbook.me without the www I get an error page, might want to fix that...
Yep yep, on the todo.   Will fix that this weekend.
hero member
Activity: 882
Merit: 501
Ching-Chang;Ding-Dong
August 28, 2013, 01:58:28 PM
#10
When i just type in coinbook.me without the www I get an error page, might want to fix that...
hero member
Activity: 532
Merit: 500
August 28, 2013, 12:28:41 PM
#9
Hi,

I like the idea(had the same idea a few months ago, but was too busy realizing it ). It would be cool if you would implement also a search for real names, skype name or whatever. I think you could then make more out of it. Also I would love to see an API with like json or/and xml responses so people could use your service in apps/programs.

Otherwise good service, I like it!
newbie
Activity: 43
Merit: 0
August 26, 2013, 12:29:32 AM
#8
Thanks inspired, exactly the problem we are trying to solve.
hero member
Activity: 658
Merit: 500
August 25, 2013, 12:47:44 AM
#7
like it doof, nice easy to use interface.
used it this morning to find my buddy Loufie's address, (he was asleep)
able to transfer money and not disturb him for a address, problem solved.

cheers  Smiley
hero member
Activity: 765
Merit: 503
August 19, 2013, 06:07:46 PM
#6
Thanks defaced,

Hopefully if it grows, coinjar, coinbase etc might implement a search via coinbook.me in their ewallets.
legendary
Activity: 2198
Merit: 1014
Franko is Freedom
August 19, 2013, 10:18:56 AM
#5
i personally like this idea and think it will see more adoption in the future. I know alot of us like being private, but most dont care either way. And i think a phonebook style directory that makes it easy to send payments to your friends, is a good idea and will help getting normal people to adopt bitcoin.
hero member
Activity: 765
Merit: 503
August 17, 2013, 05:39:44 PM
#4
Thanks guys for the honest feedback.   Its only cost me a few hours in dev and a domain name, so if it gets used, it gets used.
legendary
Activity: 1764
Merit: 1000
August 17, 2013, 04:01:51 AM
#3
i don't see any benefit in this site either. you could use btc.to or any other paste service to shorten your address and that works without an email.
legendary
Activity: 1456
Merit: 1081
I may write code in exchange for bitcoins.
August 17, 2013, 01:54:31 AM
#2
Good luck with your info gathering.  As for myself, I can't see how it would help me.
hero member
Activity: 765
Merit: 503
August 16, 2013, 08:28:01 PM
#1
I keep getting asked "whats my btc address" and likewise, asking my friends.  So, I decided to write it anyway.  Its a site to list your "public" btc address.

  • All emails are hashed with salt
  • Only confirmed email addresses are shown
  • Not reversable, ie, cannot find email off bitcoin address
  • An json / xml api is comming
Jump to: