Bitcoin Forum

---

---

iPhone App: https://gli.ph/iPhone

Android App: https://gli.ph/android

Web App: https://gli.ph/a




Gliph is the easiest way to buy and sell using Bitcoin. Social messaging lets you connect with friends and send Bitcoin in a few taps.

Buy and Sell in Gliph Marketplace

• Use your iPhone, Android or laptop to create listings online and offer discounts if people pay in Bitcoin.
• Communicate securely and privately with potential buyers. Connect your Coinbase wallet for hassle-free acceptance of Bitcoin payments.
• When you close a deal, you can choose to stay connected and build on the relationship with the other person.
• Browse the marketplace for cool stuff. Many sellers offer discounted pricing if you pay using Bitcoin.

Help and FAQ (https://gli.ph/help.html)

Helpful Links:

• Past discussion about Gliph on Bitcoin Talk (https://bitcointalk.org/index.php?topic=208819.msg2186738)
• Recent updates from the company blog (https://blog.gli.ph/)

• Security Practices (https://gli.ph/security2.html)

Recent News:

• Introducing Gliph Marketplace (https://blog.gli.ph/2015/01/05/introducing-gliph-marketplace/)

Reserved

What makes this a secure messaging platform?

Every other SMS replacement claimed/claims to be secure and by now every major service turned out to often not even include encryption or a bad one making it not secure at all.

Thanks for asking.

Privacy is one of our core beliefs. We created a privacy policy (https://gli.ph/privacy.html) to demonstrate this. Part of providing privacy means preventing your data from being snooped on.

Gliph secures data in ways that most other messaging clients (like Whatsapp, GroupMe and Kik) do not. There are also options out there that are a better fit for high security needs (like certain implementations of PGP and OTR).

With Gliph, conversations and personal data are encrypted by SSL over the wire. This information is then encrypted in memory using your password and AES-256. We have an option (https://blog.gli.ph/2012/05/31/introducing-gliph-app-version-1-2-powerful-privacy-for-iphone/#lockdown) that renders your account and data unrecoverable without your personal password.

Our team is motivated to offering a great messaging experience, too. This means Gliph supports apps for the mobile web (HTML5), Android and iPhone.  

We also have a variety of features for the privacy and security conscious user you might want to check out:

• You can suppress certain senders' names and message previews (https://blog.gli.ph/2013/03/26/introducing-selective-push-privacy-protection-for-push-notifications/) from Push Notifications.
• Gliph removes EXIF data from your photos before sending them on to the other person.
• You can permanently delete any message (https://blog.gli.ph/2012/08/14/introducing-gliph-message-deletion/) and remove it from both sides of the conversation.

I hope that helps answer your question. I'd be happy to talk further about this, my email is: rob | gli.ph.

rob

This is a rather unique and interesting project. I've downloaded it and will give it a go this evening.

I've tried this out a few times and think it is one of the most user friendly ways to communicate securely with others. Is it possible for you to release some sort of web client for this?The web app is annoying to use within that small virtual iPhone window, the phone app is good though.

I look forward to your feedback. Thank you for checking it out.

Thank you for trying out Gliph. We try to achieve great communications experience while doing our best to preserve security and privacy.

The web client is pretty rough right now. :L I do most of the Support Gliph from it, and I wish it was way better. We nearly got this updated a few months ago, but we have wanted to focus on Bitcoin exclusively until we've got some great Bitcoin wallets to choose from. 

Someone from the Gliph community released a Gliph for Desktop Chrome extension (https://chrome.google.com/webstore/detail/cyfer-custom-responsive-s/bdgabfibghdpfpjbhmcppkggpppeelnf?utm_source=chrome-ntp-icon) that changes the desktop web. We communicated with the author of this extension but we do not support this, so use at your own risk.

We will be providing a desktop web update, but I don't have a release date at this time.

It is Friday and we want to try something new.  8)

Update: I'm stopping the free .01 Bitcoin offer for now. We gave out a fair amount of Bitcoin to folks for trying it out. Thanks a lot to everyone who participated!

We're giving out a free .01 Bitcoin to the next 30 people who post in this thread with a BitcoinTalk Activity greater or equal to 25.

Here's how it works:

• Have a Gliph account with a Coinbase or BIPS wallet attached.
• Post a reply here with your Gliph (See Settings -> Download Gliph as Image on the iPhone app (https://gli.ph/iphone) and the web app (https://gli.ph/m)).
• Send a message to the Support Gliph saying "I replied on BitcoinTalk" or similar.
• We'll check the thread and match your reply to your message with .01 BTC attached.

The idea here is to twofold:

• Encourage people who have not had motivation yet to try out Gliph to give it shake.
  
• Help BitcoinTalk people find people to connect with and try out Bitcoin transfers with on Gliph

If you don't have 25 activity on BitcoinTalk yet, sorry. This is a somewhat arbitrary guess at a what a reasonably active BitcoinTalk person is.

Since this isn't automated, there is a chance of a delay between when you post and message support. Particularly during normal sleeping time PST. However, we will honor what I've laid out here so please be patient and we will hook you up. I'll either edit this post or post a new reply when we've sent Bitcoin to 30 BitcoinTalk people.

Depending how this goes, and if people are cool with this, we may do it again.


rob

Thanks for the feedback. I think you have a solid point. If you don't want to post your Gliph publicly, you can simply reply to the post saying, "PM Sent" and include your Gliph in the PM.

rob

PM sent. Will try this.

Cool, thanks for trying this out. I haven't seen your PM on BitcoinTalk yet, or the message to the Support Gliph. We need both to connect your account with your Activity here int he forum. I'll keep an eye out for them.

edit: just got em. thanks.

He sent the bitcent, seems like a good guy. We talked for a minute or two. I hope he succeeds with this.

PM sent

ETA: BTC received, tks

ETA2: I'm not sure if Gliph and Coinbase are really a good fit; everyone gets email notifications with all of our email addresses and whatever names we put in Coinbase exposed on receiving/sending BTC to each other.

PM sent to ya.

---

Pulling a quote from my friend TBZ here, I agree with his assessment.  There is an email notification from Coinbase, and a listing on the coinbase TX log, of the bound account's name and email address as listed on the account.  That is exposed on the Coinbase logs, not necessarily the blockchain, however it is a valid assessment that privacy/anonymity (to a point), which one normally gets through gliph because messages aren't going to reveal email addresses or actual names unless those profile fields are shared publicly, could be an issue here by continuing to use Coinbase.

Hey, thanks for pointing that out. We noticed this right away when we were building Gliph's integration with Coinbase.  We agree it may be an intrusion on privacy of participants. To handle this, when Coinbase accounts are created with Gliph, we use "Cloaked Email" addresses. These protect the privacy of the person's email.  You can read more about Cloaked Email here: https://blog.gli.ph/2012/08/14/delivering-privacy-gliph-cloaked-email/  

Cloaked Email is useful for other things than just protecting privacy on Coinbase, and a free cloak comes with each signup--in addition to the one we use when creating Coinbase a wallet.

There is one issue, though, and I apologize for hoarding your thread for this discussion, but it is relevant for people who wish to link preexisiting coinbase accounts with their Gliphs.  Many people have coinbase accounts that were not created as part of the Gliph system, and were created previously with actual email addresses and such.

In testing, TBZ and I tested the integration feature of sending BTC via gliph, in which 0.01 BTC was sent from TBZ to me (and of course I sent it back, but that's not relevant to this discussion).  During the test, Coinbase, both on Coinbase's site's transaction log and their email notifications will reveal the preexisting account's email addresses, and with such accounts that were created outside of the Gliph system, it will continue to utilize those addresses.  TBZ and I both wanted to see how the feature worked, to make sure it correctly deposits into the bound Coinbase accounts, and we wanted to accurately test the Coinbase depositing system to see if it actually revealed any data, which it did.

I would suggest adding a disclaimer in the "Login to coinbase" option, either as a popup or additional screen, mentioning that if you bind a Coinbase account that was *not* created with Gliph, the email address and the name on the account will be revealed to whomever receives the bitcoins.  That would at least allow users who care to read to be told that there is a risk that their information will be revealed to other users when they send BTC.  This would also protect you (or, in tech lingo, the devs) if, say, someone used the system without knowing that risk, and decided to go on a rant and claim the privacy issue was caused by your application (which of course it isn't, but most people aren't going to know that).

That's just my two cents.  Again, sorry for hijacking your thread on this single point.

To summarize, when two Coinbase users send Bitcoin to each other, it reveals the email addresses of both users. This happens whether the users use Gliph or not, and even if they do not know that each other are Coinbase users (they are working with wallet addresses only).  This is a specific behavior of Coinbase, and we can not change this.

This is an interesting idea. To clarify, this does not reveal email address to anyone who receives bitcoin, only if the other user is on also on Coinbase. For example, if a Gliph user with a Coinbase wallet attached sends bitcoin to a user using a BIPS wallet, this does not occur.

This is a very good point, we will look for a way to warn existing Coinbase users who attach their wallet about this concern. Especially given the privacy we are trying to protect. We do feel though, that this concern would best be alleviated by a change in how Coinbase behaves.

No problem. This is important stuff and I appreciate you and TBZ taking the time to voice your thoughts.

I agree, ultimately Coinbase will need to address the issue, but in the interim, adding the extra disclaimer (if possible, either as an intermediate screen where a user must hit "Accept Terms" or "Reject Terms", or as a popup with "Accept" or "Reject" options) can at least help and prevent users from getting super annoyed about this, because not everyone knows Coinbase's system does that, so they'd be annoyed / surprised / angry / [insert other emotional response here] and might take that out on you or the other devs (if any) that you have working with you.

And we're appreciative that you are receptive to our thoughts!  Because that's a good sign: a support team that listens to the opinions of concerned users.

Now, since it's 02:06 and i've been up since 07:30 yesterday, I'm going to try and get some sleep.  Good night!  :)

PM Sent :)

PM sent...

Got you both. Headed to bed now, will check back in the morning.

gliph looks really interesting, but I'm missing the github repos. Isn't this open sourced?

Thanks. Most of Gliph is not open source. We recognize this isn't sufficient for some folks, and happily steer them toward open source alternatives like Cryptocat.

We realize the value in being able to study and compile the code that encrypts data yourself and are looking at how we can provide that.

For now we do have an opensource a library for low-energy bluetooth transaction protocol that one of our guys presented at Bitcoin 2013 called BTC2: https://github.com/Gliph/BTCSquared

PM sent
Thanks!

Hello BitcoinTalk,

I'm excited to give BitcoinTalk community an advance heads-up that we're about to release a much-requested update that offers limited support for Blockchain.info wallets.

Whether you or the person you're connected to is using Coinbase, BIPS or Blockchain.info, you'll be able to easily send Bitcoin without fussing with Wallet Addresses or QR codes. Just attach the right amount and hit send, then continue your conversation.

Please note we're calling this limited support because Blockchain.info's API doesn't do everything that Coinbase and BIPS' do. It is missing a few things that will affect the experience, and we want to be up front about these limitations:

• You can not create a Blockchain.info account using Gliph, it must be made first on Blockchain.info
  

• Two-Factor Authentication is NOT supported. If you use 2-factor authentication with Blockchain.info you must disable it. You can work around this limitation by using Blockchain.info's "double encryption" or second password on the account. Regardless of whether you turn this on, we recommend using two wallets. One to keep your bitcoin in, and a second with a low Bitcoin balance for use as a daily wallet which you can more comfortably attach to Gliph.
• For the username, we recommended using GUID (the long thing), rather than alias. Depending on how your account is set up, Alias may fail, so might as well skip the trouble and use your GUID.

Even with these limitations, we're happy to increase the number of different wallets available to people who want an easier way to move Bitcoin around and enjoy a more private experience than other messaging options on the market.

We are still running our free Bitcent thing described on the first page, so if you have not taken advantage of that yet, perhaps you have a stronger incentive to check it out now. :)

The release will be available for iPhone, Android and the Web by 6am EST 9/9/13.

Like it  8)  Obviously needs smoothing some edges, but looking good so far.

https://gli.ph/s/gliph_export/l.bk.t.m.png

Are we ok to use gli.ph to share our gliphs?

Hi there, I'm on board, I like gliph, just don't have any contacts.

it's a start.

https://i.imgur.com/lB0r93S.jpg

Here I go! Just wondering, how do we know you can't see our coinbase/bips credentials?
https://i.imgur.com/z47CyOp.jpg

PM sent.

I have gotten a decent number of people to install Gliph, btw. I will use this to encourage them to hookup a wallet. Thanks!

Hey, would you please send a message to Support, mentioning your post here? For reasons not worth going into here, this allows me to send you the bitcent as a reply, which is much easier for me at this time.

Yes, you are more than welcome to share your Gliphs. I give the option to hide them, but I hope that some people will connect with each other here.

Thank you for checking it out. We're working to make it easier to connect with people. Please try getting a pal on so you can try the sending and receiving of BTC out. :)
Hey, for starters, this is a venture-backed company and no anonymity in who is running it. I'm Rob Banagale and my co-founder is Nick Asch. Both of our names and reputations are on the line.


I believe everyone who has posted in this thread (except newar, please see note above) has now received their Bitcents. If you PM'd but did not post here, please post so that there is a public accountability that I'm sending out all the BTC I said I would. :)
rob

Bitcent received. Gliph is awesome!

Bitcent received! Thanks!

PM sent.

Thank you, for checking out Gliph. Please post or send feedback to support gliph or support at gli dot ph. Your suggestions help us improve it.


Hey, please also send a message to support from your gliph. This puts it at the top of my queue of support requests and allows me to verify we're hooking up the right people.

"Will accept bitcoin through gliph"

I was doing a few searches for sales on CL accepting bitcoin. I was happy to see this.

http://portland.craigslist.org/search/?areaID=9&subAreaID=&query=gliph&catAbb=sss

Thank you for sharing this. I had not seen this.  We need to make it easier to handle craigslist listings and use gliph at the same time.

Good luck... seems that craigslist is raising the walls of its garden ever-higher, with the recent ban on externally hosted images.

I get peev'd about the "verify your account with phone number" business.

I believe that this is a spam control measure they use.  I'm curious, are there other personal data verification methods that you see as less intrusive or would consider using?

I will check this out soon. By the way, do you have an office in .PH ? Because I live here.

We do not, but I was there earlier this year. I'm half-filipino and have a lot of family in the Philippines. The TLD happened to work with our company's name. -rob

Guys, this is such a neat product, but why no source code?

Thank you. I talk about this exact topic at length on Ep. 47 of Let's Talk Bitcoin: http://letstalkbitcoin.com/e47-identity-bitcoin-with-rob-banagale/

rob

Indeed. It's a total waste of time to advertise a closed source product to the most paranoid (including me) people on the internet in my opinion.

I don't like having my time wasted either. If you care to listen to the podcast, you'll hear that Gliph is not built for the most paranoid. Yet is practical for people who are otherwise using closed-source and plaintext communication tools like GroupMe, Whatsapp and SMS.

We're happy to recommend open source solutions to folks like yourself. Again, I'd recommend checking out the podcast as it is a good overview of Gliph and our stance on open source.

We have open sourced a project within Gliph, which is software for transferring bitcoin over low energy bluetooth. That repo is here: https://github.com/Gliph/

What are the reasons for not opening it?

Like I said, please have a listen to the talk with Adam linked above. You can skip forward to it. I go into great detail and you can hear it directly from me.

Not to mention, Let's Talk Bitcoin is an excellent podcast, highly recommended.

I can't see te feature to send money anywhere.

When in the chat, tap the "+" next to the box where you would type a message.

Sorry for the late reply. I got my bitcent pretty much straight away after chatting with you.

I still like Gliph a lot and use it where I can. The only thing I noticed: I'm on very slow networks sometimes (for comparisons, think 14.4k modems...). I noticed that Whatsapp messages still manage to sneak through, whereas on Gliph they get stuck. I would also like to be able to write messages offline and Gliph would then send them once I got connectivity again.


For gli.ph/m/ could we get a "regular" interface? That Iphone doesn't work for usability IMHO.


Edit: Can you "even out" the features set between the Iphone and Android app?

Apple forces Gliph's hand with respect to Bitcoin support. :(
https://blog.gli.ph/2013/12/08/new-gliph-for-ios-7-expands-bitcoin-support-overhauls-design-and-more/

That's unfortunate. There's no reason to use it now, for me anyways.

What a clever looking little application.  May have to give this one a go and report back here with my review.  Thanks for posting and sharing this nifty tool.

Hey folks. I'm writing to request help testing a new feature we're working on for Gliph.

The feature focuses on Craigslist, and making craigslist a better place to use Bitcoin.  If you use Craigslist to sell items often and would like to test it out, please send me an email rob  at   gli . ph.  I'd be happy to help you get set up for a test run, in exchange for your feedback on the experience and how we could improve things.

Also, I updated the thread to reflect that you can't send Bitcoin using the iOS app anymore. Please note, you can still send using Mobile Safari.

Rob

Hey Bitcoin Talk folks,

I wanted to check in on two things:

1. Gliph is up for nomination for Best Mobile App on the Blockchain Awards. We would appreciate your nomination, by tomorrow, for the award. Feel free to nominate folks for any of the categories!

Nominate Gliph Here (https://blog.blockchain.com/2014/04/16/the-first-annual-blockchain-awards/)

2. We are running our second annual photo contest. We select a few winners which we feature on the site and in our marketing. We give preference to photos of pets, so feel free to submit something for inclusion.

Enter a photo in the Gliph photo contest. (https://blog.gli.ph/2014/05/05/new-gliph-photo-contest/)

It has been a little while since we put out new Bitcoin features, but we have some great stuff on the way! Thanks for your support!

rob

Hey Folks,

Gliph is in the final set. We would totally appreciate a few votes from the Bitcoin Talk community!

No registration required:

Vote Gliph, Best Mobile App (https://docs.google.com/forms/d/1XGPghf1OsdgTmrsiEscWqcPjssfDX3u8IE-PBOLebc4/viewform)

Thank you! :)

rob

Hey Bitcoin Talk folks,

We are currently beta testing some new features on Gliph. I wanted to give the BitcoinTalk community a chance to check it out and provide feedback.

• If you're generally interested in trying out some new Gliph stuff, please send an email to support at gli.ph.
• If you're interested specifically in testing the Android app as we make changes, we have a google group (https://plus.google.com/communities/115060523812882093982) for that.
• We also have an iPhone testing group. Again, email support@ if you're interested in being a part.

Rob

Hey there. We're planning to send out the first beta of the new Gliph Android app we've been working on tomorrow.

If you're interested in having a look, you can request to join the google group we use to distribute the test version.

https://plus.google.com/communities/115060523812882093982

rob

Hi Rob, all good news, but have you opened sourced Gliph yet?

I like the protection and privacy you guaranty. I hope Gliph will prevent data from the best hackers. Anyway take precautions for a back up like security. Good Luck!

Kindly,
        Muhammed Zakhir

Hey there, is this Wendell posting? I want to clarify so there is no sense of this being a Hive vs Gliph Q&A. We like Hive and what it is doing and are not positioning our company to be in competition with Hive.

Regardless, thanks for posing this important question again, I'll seek to clarify this:

We do not have plans to open source Gliph. Gliph does leverage open source components, and we have already contributed (https://github.com/Gliph/BTCSquared) valuable open source code in the mobile space, specifically related to cross-platform Bluetooth technology to the bitcoin community.

As I mentioned previously in this thread, I explained in detail the reasons it is unlikely Gliph's code base will be open sourced at this time in one of my previous interviews with Adam Levine on Let's Talk Bitcoin. I ask if you have questions that were not answered there to direct them to me personally and I can try to explain. You can send me a message through this message board or use this link to chat with me: https://gliph.me/x68

There are some folks who feel that software products they use must be open source or rely solely on distributed technology. We believe open source is very important and support those people and their choices of products that do that. We also celebrate the value of distributed systems.  

However, Gliph is still a startup and it is not our focus to satisfy these requirements. As Muhammed sort of indicates below, Gliph is focused on building something that makes fantastic compromises between privacy, security, real-world utility and great user experiences. We can't do everything, or we'd accomplish nothing.

Thank you, Muhammed. If you are interested in testing some of the stuff we have coming, please let me know!

--

A few folks signed up, but if anyone else is interested in the Android beta program, please feel free to join here: https://plus.google.com/communities/115060523812882093982

https://lh6.googleusercontent.com/-fXCfqp5aVvo/U64c_aOOR_I/AAAAAAAAAVs/HmXXDR9OHmE/w426-h364/android-robot.jpg

You could've just used the open sourced Textsecure client and server crypto engineering which is known to be secure/audited with your custom UI/app to also send coins. Much easier than rolling your own. You can still sell the app if a lot of people use it regardless if it's guts are entirely made up of Textsecure with some added bitcoin functionality.

If the goal is to sell this software with custom crypto engineering you should consider message encryption using a fast native stream cipher like Salsa20 (or ChaCha) + polynomial MAC (Poly1305, VMAC). I would also use ephemeral keys, ECDH over Curve25519 or copy what Textsecure has done to create each session(s) with temporary keys. Ditch RSA +OAEP, just use a curve to derive a key it's much less complex. You save a lot of bandwidth too using Poly1305 which should be essential for any mobile app.

I assume you've also done self signed distributed certs or pinning http://thoughtcrime.org/blog/authenticity-is-broken-in-ssl-but-your-app-ha/

Finally pay somebody respected to audit your software since money transactions and private messaging is involved. Ask this guy who respected crypto engineers are that can be contracted for auditing: https://twitter.com/matthew_d_green this will generate more interest in your app since none of us can verify the code.

Just downloaded the app on iOS, pretty nice app. I am loving these new bitcoin apps hitting iOS lately! Great work, make sure to keep the security up. Is it possible to implement TOR?

Moni3z, thanks first for taking the time to give this feedback. It is important I preface my response with a repeat from my previous post: There are also options out there that are a better fit for high security needs. Gliph's intention is not to be the world's most secure messaging client. Gliph is focused on making fantastic compromises between privacy, security, real-world utility and great user experiences. We make these compromises to execute on Gliph's actual mission: to help people transact with their peers in a trusted, efficient and delightful way.

Textsecure's iOS implementation remains in "early development stage (https://github.com/WhisperSystems/TextSecure-iOS)" and is not ready for production. Gliph has been cross-platform, (web, android, iOS for some time). Also, I would assert that technical integrations between multiple cloud wallet services and a secure and private social platform is more challenging than it may appear.

Again, the goal of Gliph is strictly not to sell it as security software, even though this is a value proposition compared to other popular options in the market today. I appreciate these specific technical implementation ideas, and will take them into consideration.

Indeed, our current Android app does do certificate pinning. Although it is worth mentioning that since we did do this additional security enhancement, making the fix for Heartbleed immediately broke all existing clients running Gliph for Android app with certificate pinning. This resulted in a lot of user frustration and created retention issues for the product. This is what I mean about needing to continuously make compromises between security and user experience. If you go too far out on a limb, the only folks you'll attract are hyper-security people and again, we are not after that group of folks. There are other products that are great at addressing those needs.

I agree this is a terrific idea, and as soon as the company is capitalized to the point to offer this, we will perform the audit.


Thanks for checking it out! Gliph does work in conjunction with TOR, so long as you have your device set up to route app traffic over the connection. We are unlikely to build native tor support in because it is not too hard to set up and toggle on as a device-wide choice and because every new security feature takes time and energy away from building new products and services that bring us closer to our mission.

Hi Rob, it was me.

The post had nothing to do with perceived competition; I also don't consider you competitive. I wrote what I wrote because it seems highly irresponsible to market something as "secure and private" when it is impossible to audit the source—we're in the post-Snowden era here, are we not? I don't mean to pick on you guys in particular, you seem like a nice, well-intentioned bunch. But if you truly care about privacy and security, then I don't see how you can disagree with my premise. The old way of doing things has had its day.

"Any person can invent a security system so clever that she or he can't think of how to break it." —Bruce Schneier

Anyway it's your company and you are of course free to do as you like, but I will continue to encourage you to re-think this strategy, and likewise discourage anyone I know from using Gliph until a different direction is taken.

PS- Can you explain to me why "startup" and "open source" are at odds? I don't really follow.

Gliph has zero actual security or privacy. Period. You are absolutely throwing your coins, and your privacy away.

Also: http://www.wired.com/2013/11/inputs/

This is an especially good point. Here's something from 2008, regarding backdoors in Skype and why you cannot (no exceptions) trust closed source software:

http://www.geekzone.co.nz/foobar/5823

How true that was, as we've learned in 2013. For those that don't know, Skype originally started with end to end encryption and the promise 'We do not have access to communication data' right in their privacy policy. Today, we know Skype is a PRISM partner.

Security and privacy is fundamentally incompatible with closed source software. There are no exceptions.

PS: Hive, I liked your wallet until you added altcoin crap. But nice to see it open source (https://github.com/hivewallet/hive-js), though what is it licensed under? Source code published != open source.

Posted from Firefox on Ubuntu ;)

GPLv2

Thanks for coming forward as a person.
Great. Then this is an intellectual discussion and we can steer clear of attacks and simply disagree on specific things if necessary.

The lynchpin of these conversations is usually in the individual interpretation of the word "secure." To clarify, your premise is the word 'secure' may only be used if the source is open, correct?

As I've mentioned, for some folks, that means they can view the source, or the source is available for someone you trust to consult. We're all for these folks and point them to use OTR messaging and PGP.  These kind of people often are ok dealing with the UX downfalls and limitations of these systems.

Most folks don't compile Linux for themselves. So they do treat OS X or their (hopefully) updated copy of Windows as offering security and privacy. I think they have good reason to feel that way, particularly with iOS--even though that is closed source.

The feedback has been received, thank you.

I won't do nearly as good of a job as dreeves has in compiling Yehunda Katz and AParecki's considerations in this HN thread. (https://news.ycombinator.com/item?id=7202683)

Costs of open sourcing your startup:

I'd add to that a security audit in advance of open sourcing the project to protect existing users.

Depending on the project size and age, all that may be low cost. It may even be a cost you're happy to deal with if you feel it is a major value proposition to the audience you're after.

A few more reasons:

 - Gliph's iOS app is completely native, and largely front-end UI (where heavy lifting is done by servers) Objective-C is complex code that is original and valuable and not something we want easily copied by competitors. 

 - Server-side, we do incorporate open source libraries, however the great majority of Gliph platform is original software . The web application is complex, powerful and valuable intellectual property that we have worked very hard on (https://blog.gli.ph/2014/04/21/we-updated-some-of-gliphs-systems/) for years. While our goal is to make a big contribution to society, Gliph is not a charity.

 - The Coinbase and Blockchain API's have undocumented peculiarities that we have learned with great pain over time. At this point, it is up to other startups to also figure these issues out to be competitive in this space.

But the number one reason right now is that I personally do not think most regular internet users can explain what it means for software to be open source, let alone how software is built.  They just want to be able to get things done. They want reasonable security and privacy precautions taken without the details. We take care of that for them. Our users do not write in to us ask for open source code, they write in asking for new and better features.

So startups that deal with Bitcoin have a dual problem: they must provide security even though it's value is only understood when there is an intrusion, and they must also actually create a product of real value that gets adopted.

To turn this back to Gliph, we have built an incredibly powerful platform that is just barely scratching the surface for our intent. While it may not meet your particular requirements of security, the platform is secure and handles data securely with privacy controls that are simply not available on any other product right now. 

On the topic of Privacy, our team thought carefully about Gliph's privacy policy (https://gli.ph/privacy.html) which is written in a way that anyone can read. Not just people who know how and have the luxury of spending time reading code for this purpose.

Hey BitcoinTalk,

We released some cool new stuff today:

0. We added a completely new Desktop Web app to use with gliph. Here's the promo video showing it off:

https://19de10c0037730b31d67-c6cb9846d861a1213b31648a6cce64e1.ssl.cf1.rackcdn.com/Screen%20Shot%202014-07-22%20at%2011.50.12%20AM.png (https://blog.gli.ph/2014/07/21/major-gliph-release-today/)

1. We brought bitcoin back to Gliph in the App Store. Now you can send Bitcoin to other Gliph users and also using a QR code scanner.

2. We added secure Group Messaging. Please see previous posts in thread to go over in detail how we handle security and our views on open source.

3. We have a totally revamped Android Application. It is now basically parity with iOS (no PIN lock on it)

Uniquely, Gliph hooks up to both Coinbase and Blockchain.info wallets. It allows super easy p2p transfers (between Gliph users) and spending outside Gliph using QR codes.

rob

edit: typo

I love the music in that promo video.

One feature that we bitcoiners may like to use is GliphMe- https://gliph.me/

The way I would explain it is that for the person contacting you, it's like those live sales/support chats that Amazon and other sites use - use any non-text-only browser and it'll work without installing any add-ons. You'll get notifications of new messages and open your Gliph app to chat back to them.

Great work! For more attention, you can run a small campaign for a week. Will get a good attention from it.


Sorry I couldn't follow the post for some time. I like to test your stuffs. ;D I am using android and it is sad to hear that you are no longer developing it. Anyway, I can test IOS app too but it will take a little time than testing on android.
Kindly,
       MZ

I am very sorry to see the symbols go  :'(  It was one of the major things what set Gliph apart from any other chat app I know. Was there no way to keep them alongside the "new" way?

Hey Newar,

Thanks for noticing and posting this reply here. To answer your question, we are keeping the "Legacy" symbol-based usernames available with the same use cases as before. You can use the old username you have to: Login, Reset your password (if you have not disabled PW reset on your account), Be found in the Gliph system using Add Connection, and even Added to a Group.

So your old username still works, and in fact you can choose not to get a new username if you want. We wanted our existing users to be able to keep things the way they are if they want.  All of this is outlined in the blog post on Gliph's username update here (https://blog.gli.ph/2014/09/25/gliph-transitions-to-new-username-system/).

That said, we have what we believe to be very good reasons for transitioning away from the old username system.  I'm going to quote our blog post here for convenience:


We have some exciting things related to Bitcoin that we are working on, I hope what you feel we lost in the uniqueness of the symbol usernames will be more than made up for in increased practicality, usability and sheer joy from using Gliph. I implore you: stay tuned.

rob

Hey Bitcointalk,

Today we released the first version of Gliph Marketplace, a new way to buy and sell using cash or Bitcoin. This is the easiest way to close a deal P2P using bitcoin yet.

https://i.imgur.com/LVCu8ok.png
Watch the promo video here. (https://blog.gli.ph/2015/01/05/introducing-gliph-marketplace/)

My first Gliph Marketplace item: https://gli.ph/l/54b032ea9e9ad173b8cc794b

That is a nice piece. Thank you for listing it!

Other BitcoinTalk folks who are interested, feel free to PM me.

Hey BTCtalk peeps,

We released version 2.0 of iPhone app (with Gliph Marketplace today). It has a bunch of improvements from the 1.x versions.

You can read about the update in our blog entry here (https://blog.gli.ph/2015/02/03/gliph-2-0-iphone-app-released-marketplace-update/).

https://i.imgur.com/njegabQ.png

Renewing warning against storing private keys in Blockchain Wallet. Rob at Gli.ph claims their API generated a new address/private key when I first linked it to Blockchain (with whitelisted IP), but that address (https://blockchain.info/address/1EKqFXn3UmaZaJP5swqCUm3mbpdp63VhwR) never showed up, so I couldn't have deleted it, by accident (an 8 step process) or otherwise. The first time I saw that address was when he PMed it to me after I complained about his 0.001 not being received at any address in my Blockchain Wallet. He swears up and down that it's working correctly, but clearly it isn't, if private keys are ever getting erased without the possibility of user input.

ETA: This was not an isolated incident of non-theft loss for Blockchain Wallet, and we're lucky it was only a $0.25 loss this time. I'm attempting to gather other reports and get other victims to reply here. Any failure is not an option when "magic internet money" (that can never be recovered once private keys are lost) is involved. If I ran Gliph and was made aware of Blockchain's failure even once, I would yank the integration immediately, not defend it, and not by implication fall back on my Terms of Service's Warranty Disclaimer, Limitation of Liability, Indemnification in allowing any more possible failures.
https://bitcointalk.org/index.php?topic=142139.0
https://bitcointalk.org/index.php?topic=680734.0
https://bitcointalk.org/index.php?topic=321047.0

ETA: The 0.001 that was actually received was just forwarded to xkcd https://blockchain.info/tx/2752d70392978a12883c348b3fcf4c8710534e482764b441c284118c044cfc1b

Hey there, As I mentioned in the few hours we've worked together over the past two days trouble shoot this, I'm sorry we weren't able to work this out or trace exactly what happened with the first .001 I sent to you over Gliph.

I understand that not everyone out there has the best experience with Blockchain.info or even Coinbase. We generally recommend people use Coinbase with Gliph at this point. We understand that not everyone feels comfortable with either service's use of private keys and that the way Gliph works with Bitcoin may not suit every Bitcoin user.

I recognize that 2FA is a requirement for some folks, and while we don't support that for sending, we do support that for receipt of Payment in Marketplace on both wallet services. 

I think it is reasonably important to say that I was able to successfully send Bitcoin to your attached blockchain account, and while you offered to return it, I said you were welcome to keep it. :) I also want to clarify that we have not had a problem reported similar to this yet, which makes it hard to reproduce.

I am sorry we weren't able to make Gliph Marketplace work for you.

If other folks are considering listing in Gliph Marketplace we'd love to have you give it a shot. It is just two weeks old and we're continuing to improve it over time.

so on the scale of 1-10 any of the users can report how easy it is for transaction?

and whats better use for.

is the 0.01 promotion still running?

Hey Panj, it is not. :) Thanks for asking.