Bitcoin Forum

Hi all!
I am the official representative of Fritwallet startup team.
Fruitwallet is web based ios Bitcoin wallet with hardware level security. Here is our development thread https://bitcointalk.org/index.php?topic=516824.0
Website link is https://fruitwallet.com/
To enter the app go to the same link from your mobile Safari browser.

Today I tried to introduce wallet at IRC and was banned for SCAM. Just without any fair reason.
So I decided to create this topic to answer all questions that might appear.

UPDATE:
we have small demo https://www.youtube.com/watch?v=uhZ6GdEPhys
we added LTC.


Best regards.
Max

First question: How do I send you all my money?  Do you have a bitcoin address I can send to?  I like shortcuts.

Hi. All btc are stored in our wallet.
It has a lot of addresses: for all customers, for change that comes from dividing transactions and so on.

What do you mean send all your money? You can create a wallet at fruitwallet and store as much as you need for you pocket expenses.
Sure I have bitcoin address, why do you need to send me money? :)

Which shortcuts do you mean? screenshots? or ios home screen shortcut? but nice to hear anyway.

P.S. not sure if I got you right.

Where did the name fruit come from?

We just generated that. We think it is somehow can be associated with something fresh, new, sunny. Also it can be associated with ios/Apple if look deeper into imagination.
Don't you like?

I am very fond of fresh things, and I support it.

Let's give OP benefit of the doubt and assume they are honest.

The question then becomes, is this kind of app a good idea?
Why keep the coins online?  Why not just have the app itself
Store the private keys locally?

To me, best way is provide open source code so community
Can verify security.

Hopefully you can monetize the effort with mobile ads.

i prefer an app that does not save privkeys.

users simply input the privkey and all the app does is balance check/display. and makes a signed transaction with the key. (in the script stored on the phone or javascript on the local machine.

the only data that is sent to the internet is the signed transaction.

users can then input their privkeys locally, put the next paper wallet public key for the change to go to and the address for the spend to go to..

a simple local hosted transaction maker with a signed transaction post at the end.

All well and good but how are they supposed to input the key?

my privkey is a qr code, a text document and a wallet backup.

lets say i know in one paper wallet i have 2btc for instance

instead of typing in a username and password. i type in / scan my privkey.

i then type in/scan the public key of who i want to send 1BTC to
i then type in/scan the public key of a new fresh paper wallet address i want for the 1BTC change.

and the local script makes the signed TX (never saving the privkey) and posts only the signed transaction to a couple pool PUSHTX API's  

Good thoughts...  But how do we make it user friendly.  Where do you scan the qr code from?
If the code is already on the phone , why not just let the app access it when it needs to?

Nothing to answer from my side.
We are honest and we will not rob anybody.
We wont give you your keys as well as bank does not give you gold instead of your money, just for you to feel safe.

There are 2 reasons:
1. It will make additional difficulties for user, want to have difficulties? Search for ios solution with keys, there are some hacky ways to install one.
2. Storing keys on your ios device is also risky. Somebody can steal your private key which you're supposed to take with you in written. franky1, dont you think?

Btw, none of the guys who are telling about secure keys even tried the fruitwallet. Why do you think you can feedback our service without trying it?

Franky1, pls register at fruitwallet. I'll send you some btc on your wallet for you to test. You'll see that this service is great even without having keys.
Want you guys me to give you my credentials at fruitwallet?
You can try to withdraw my money if you think keys are needed to protect coins...

Phew. I'm glad you cleared that up... now where do I send all my money?

I will try out this wallet.

I'll register and help out too since there's a chance to get free btc.

I don't want free BTC become you main goal to try out the wallet :) But I will if you have none to try.
Want me to give my credentials to fruitwallet? Like a demo account?


Send it too hungry people if Asia or Africa. Are you asking my advice? I usually donate to Orphans.

wait what? let me install the app

This does not need installation, but okay.

Thanks for mentioning benefit of the doubt.

We think fruitwallet may be a good idea for those who just need to use BTC in the easiest and secure way via iOS device.
Just to pay in cafe, ATM or on Satoshi Square Meetup.
When i say secure, I mean protected from intruders. We are providing SaaS not just one more way to store another batch of keys.

We are consulting with great specialist in Security field and we managed to develop some kind of Know How for out security system and not willing to share it at least for now. There are some Open Source web solutions, but I thing we are technically few steps ahead.
We think we can monetize by taking a small fee in future for sent transaction - for about 0.0001 which is 5 cents now. I think it is fair.

You can get the whole story immediately after you try the app :)
Probably you are the one who just not interested in using such a service.

My credentials in the app are:
fruitwallet@gmail.com
12345678
It has about $50 there
But none can steal my money because send function works only for my personal device.

cuz?  

"Because", sorry.

Hello, apparently i have to install a ios profile. Will this spy on my phone? Also, the description is partially blocked out by the borders and is not scrollable.

Also, i can't send out less than 0.001 btc. Not very effective. Maybe suggest giving a small bonus? UI looks good, however, a lot of features are not really that great.

Thanks for your reply.
We are still it Beta.
Installing profile is to tie you wallet to the device. It is a security feature, we just got your hadrware identificators. That means no one can steal you BTC without having your iphone. When you try to withdraw my BTC in fruitwallet account, that I've provided you suppose to get an error, that wallet is set up to other device.
Minimal send amount is 0.001 BTC. Do you think it is quite a lot?
Which features don't you like? I would appreciate your feedback.


It will not spy. It is it even does not install anything, just collects data (udid number)
(UPDATED)If you go to Settings-> General -> Profile, You will see that no profiles applied.
Here is full description of profile https://www.dropbox.com/s/nyix2c9pk2gznk3/image-21.png

The send button is being blocked out by the browser, maybe make the website scrollable?
Also, if not already implemented, put the transaction's blockchain addeerss, like coinbase

Thanks. You re right. It works fine starting from 5th iPhone.
Will see what can be done with transactions. Would you like a block number in transaction info? or transaction number?
Thanks a lot for your feedback. cheers.

Oh I mean like when a user clicks on a transaction, he/she would be able to see the transaction on blockchain.info.
Also,
Maybe when the user install the profile tell them whatit does, they may think it's some sort of virus/spyware.

Thanks!
So you mean to redirect user to blockchain website?
We explain it when user signs up https://www.dropbox.com/s/sy15ykugi84vquu/image-32.png

Just I understood your irony?

Sarcasm, yeah.  Right over his head.  That's why I have it in my signature.   :D

Why do you store everyone's bitcoin? You should never use a shared hosting wallet for user funds. Do you have any cold storage protection?

This looks to be a scam. Probably TF coming back.

With all the hacks and collapses of exchanges recently, you don't expect people to use the wallet with their money on it for whatever reason. If you'd like everyone to use then open-source maybe an option but not the only one. In this world, no one trusts anyone so it doesn't matter if you're honest. Don't you see a problem of trust which no ones has been able to solve. Even the exchange you've trusted they can collapse the next day and your money is gone not to say a wallet is hacked. Will you guarantee that no one will steal the money and the wallet is so secured that it will never be hacked? And the answer is NO because no one can give such assurance unless you buy an insurance policy to ensure everyone that if it's hacked or you run away with their money then they can always get the money back from the insurance company. Simple prob, TRUST!

Hi BebAnh.
I really appreciate your time spent on typing such a long post.
And I support you in all you've said.

I live in Ukraine. I have seen scammers around. Our country is quite poor and has a lot of bad people. Here we just have to be careful everywhere.
Btw would never keep a lot BTC on MtGox, I don't keep a lot at BTC-e either.

But fruitwallet is a pocket service where you supposed to keep just a small amount that you might need for coffee, dinner or just to withdraw in BTC ATM.

So I would like that people look at us like they look at Bank which takes their money and gives them a plastic card. Bank can be closed any day, but people still use banks despite this possibility.

I can say that we implemented all needed security features including Bank security features. We don't want to be hacked as well as all our users don't want to lose their money :)

Cheers!

Hi gweedo.
We store all coins in our wallet to make transactions easier for all the users. We will use cold storage when the amount of bitcoins will be significant.
As i told. We provide service: you can easily and securely use ios for BTC usage.
If you want to try hacking my fruitwallet account -> please:
email: fruitwallet@gmail.com
pass: 12345678

If you want to try creating own - go ahead, if you want me to send you some BTC in case you afraid of using yours -> ask me to send you some.

My name is Maksym Krupyshev. Why do you call me Scammer?
Can you explain to everybody?

P.S. I don't know what does TF means (sure i googled). English is not my first language, sorry.

Thanks!

You should use multi-sig addresses to make it secure. Or make it so the wallet is encrypt and only using javascript to decrypt it and storing the private keys in local storage. This is way too risky even if you aren't looking to scam but if you get hacked or your hosting takes your Bitcoins then all the users loose their funds. You should research it there are better ways than shared hosting.

We are addicted to security, it is our main priority. The approach we use now is totally secure.
I even gave you my credentials, that means i'm confident about security.
We don't use shared hosting.

Have you tried the app by the way?

If you have access to my coins you don't have proper security and have not researched the best way to do this. Please don't look at coinbase as a model for this. This is a very much a flaw, and way better ways to handle this. Look at wallet services that use multi-sig and using javascript to decrypt and encrypt wallets so you can't have access to the private keys. Learn to use those models. If you continue to use this model I will continue to call you a scam and warn people to not use this.

Do you know any user friendly way to store keys on iphone taking in account that no ios apps can't be downloaded?
Updated. That is why we sign transaction with iphone hardware. But you probably didnt tried that either.

If you have my private keys then I don't care if you signed my transaction on the moon it is insecure. Yes you can use local storage a html 5 api to hold private keys. Remember html 5 is very powerful. But lets now say we don't trust the hardware, well then you can store a public key on your server, I can store a public key on my iphone I can create a transaction that I sign and you then sign, then you push to the network. This would be much more secure than a hosted shared wallet. Shared wallets are the most insecure way of handling user funds.

Insecure to the user from us stealing their money?
If yes, then it is done.
We will not implement any difficult to the end user features, at least for now. Lets keep it simple. There are a lot of wallets that are secure but absolutely unusable :(
What you say means, that we have to store key in storage, we have to think what to do if user switches to other browser, moves file in the storage, or clears the cache or reset the device or just lose the phone? If user loses the phone, then what? "sorry we don't have your keys, your BTC stuck in the chain". That is the task to my CTO actually, but that sounds not too reliable comparing to what we have now.

Overall.
Just imagine fruitwallet it is like cash in you pocket, a bit risky to keep but convenient.

But don't worry, we will not steal anything and our servers are secured :)

Multi-sig is very easy and not difficult to the end user, that is why there should be no answer but to include it. I also don't think you know much about bitcoin from a technical point either from what you are saying.

The apps doesn't look bad at all. It has potential but the business model will fail you because what's preventing a big boy to design the same apps and crush you?

Agree.
But what will happen if user loses his phone or it got stolen?

BenAnh, gweedo,

Discussed multi-sig with our CTO. He is very optimistic about this. I mean “hierarchical deterministic multisignature” (HDM)
Thank you guys for feedback.
I think to create reddit discussion about business model. Will post a link, you guys are very welcomed.
Want to see which model is more preferable.
If people want multi-sig, we will make multi-sig.

fruitwallet - the most client oriented ios wallet in the world :)

I like the design but have not tested out all functionalities. However a great business model is a must to succeed!

Doing our best. Design will probably be improved as well as UX overall.

Do 2 of 3 you guys have one. Make user write one down and keep one in local storage if they lost their phone they can use your site to get them back.

Do you mean the one that user can "get back" will be stored on our server also? Or how can they "get back from our site"?

btw, we made a small demo video http://youtu.be/uhZ6GdEPhys. do you guys like it?

Nothing will be stored on your server but your private key. So lets walk thru this together. User Alice loss her phone, she wrote down the private key for her back up public key which is used to create the multi-sig address but only requires you to use 2 of those keys. Alice goes to your site and says she lost her phone she A) can make a new account and send the bitcoins their or B) wants to send them to another address she has. Your site should sign either one of those transactions. One she gets that signed hex, she can either sign it on your site WITH Javascript so you don't have her public key and that is easy for the user or Alice being an advance user takes that hex and goes to another wallet to sign it and broadcast it. Then she has her bitcoins and not at once did you have a control over them.

I believe your model involves fruitwallet moving user bitcoins out to addresses that only fruitwallet controls. Gweedo is suggesting you to use 2 of 3 multisig, so fruitwallet have NO control over users' bitcoins.

I think "get back" means you provide a page (preferably an offline tool), so users can easily send those bitcoins off to another address.

yep, thanks! got it. It might need some time to develop, if there are quite a big percent of people who wouldn't use us without this feature, BUT will use us with this feature, then we will implement that :)

Get the bitcoins back incase I lose my phone or something like that which would have one of the multi-sig public keys on it



This isn't a feature, it is safe guard against you or hack against you. This should be mantory of all wallets.

I'm just saying from technical point of view. It has to be implemented, then - feature.
But I got you :)

I have not been keeping up with the entire conversation but it sounds like the community has some good suggestions for you... Keep up the development and let us know when the next version is ready. By the way I like the name fruit

jonald_fyookball, agree. Thanks for compliment.

http://www.reddit.com/r/Bitcoin/comments/226dni/we_developed_ios_btc_wallet_which_works/

I think it is a good place to discuss business model.

Don't say easy or not easy to use, because it is your job as a designer or developer to make it easy and it can be easy. There are other wallets that take on the same technique and do it quite easily. https://www.bitgo.com/

@jbrnt, @gweedo need you help guys.
As I told we are working on secure wallet.

We have some variants how to make secure EASY-to-use mobile wallet:
1. User generates key on the client side, Key saved in device LocalStorage encrypted with 4 digit PIN. User is offered to click backup to save the key encrypted with PIN on our server.
2. User do all stated above, but he is offered to encrypt backup key one more time with additional PASSPHRASE.

If key is backup-ed:
First variant means that we can theoretically steal money, but hackers can't.
Second means that even we will hardly decrypt the key. But he will probably LOSE his key (clearing the cache) and forget PASSPHRASE.

What do you think is the best variant to do it?

We can technically do all the stuff.
I mean if we store only on device, what if user lose device? or clear cookies. He will not have any way to restore it from our server. right?
So we think probably we can store key encrypted on our server as a backup.

The questions are: Do we need a backup? Crypt one time? Or crypt 2 times?

I would do a secure backup making it impossible for you to read but just hold. I would also have a way so the user can back it up without your service. So like a random string that being hashed can be regenerate their keys. Like BIP 32 https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki

That will be done in main web Wallet with storage, I'm telling about a wallet, which can be set up without a PC in just few seconds.
User can't copy long numbers from phone screen and so on. But we will do BIP 32 or HD wallet as a main wallet. Mobile wallet will be for spendable needs and must be a bit more easy to use.
Makes sense?

So I think your advice is encrypting on the phone local storage + having the way to encrypt it more, like one more encryption level, and backup on the server (when we don't know the pass-phrase to decrypt).
Correct?

cool, thanks for help!

more and more of my friends are getting interested in the idea of bitcoin. However, they do not have an android phone, so can fruitwallet also add a "what's bitcoin " introduction?

Sure, we think education is an important part of any Crypto currency business.
We are improving landing page and will include educational part into it!

Didn't get a chance to say it before, but this looks really good! Please keep going!