Bitcoin Forum
July 06, 2022, 07:40:06 PM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 3 4 5 »
1  Bitcoin / Wallet software / Verifiable builds need attention. Only 3 of 68 Android wallets are verifiable on: December 30, 2019, 11:03:12 AM
At WalletScrutiny today we finished our first round assessing the 84 apps we had found to look like maybe being relevant Android Bitcoin wallets. The results are grim:

  • 3 are verifiably built from the project's published source code
  • 21 apps claim to be open source but either we failed to compile them from the information provided on their repositories or the compilation result differed non-trivially from the app found on Google Play. Trivial differences would be file timestamps, differences in few files that can be quickly understood to be harmless, like an API key not being included in the repository, although that is pointless as it sticks out in the diff even more.
  • 25 apps are closed source meaning neither the Playstore description, nor their website nor GitHub searched for their appId revealed any source code
  • 19 apps are for custodial services, the biggest being Coinbase. Coinbase recently reached 10 million downloads and with no other app reviewed having even 5 million, that is more users on Coinbase than on all open source wallets combined. Being your own bank ... not so much Sad
  • 18 apps turned out to be either not wallets, not for Bitcoin or they had only 1000 downloads or less.

This project is only getting started. If you want to look behind the curtain and maybe want to contribute, source for the website is public.

Now the next steps are:

  • Automate verification for wallets that were verifiable once
  • Efficiently collect wallet updates
  • Alert when verification fails
  • Build awareness

If you don't understand what this is about or think it is not important, consider this:

If you are the release manager of a wallet, would you tell your brother to trust your app? Should you trust it? After all it was you who pushed that compile button, right?
Well, if your computer has a backdoor, your compiler might bake in some wallet-stealing "feature" into every version of your app without your knowledge.
How big is the incentive to plant such a backdoor? For some wallets it is gigantic. Hundreds of millions of dollars. Criminals would kill for that amount, which brings me to the second issue:
What if somebody puts you under duress? If whatever you build is not being verified by a second person, ideally far away on an unrelated system, you can't trust yourself and nobody can trust you to release the software you should release. If in an open source project, verification is not easily possible, most likely it is not done internally.
2  Bitcoin / Bitcoin Discussion / WalletScrutiny finished assessing 86 Android apps. Only 3 are verifiably ... on: December 30, 2019, 10:06:05 AM
At WalletScrutiny today we finished our first round of assessing the 84 apps we had found to look like maybe being relevant Android Bitcoin wallets. The results are grim:

  • 3 are verifiably built from the project's published source code
  • 21 apps claim to be open source but either we failed to compile them from the information provided on their repositories or the compilation result differed non-trivially from the app found on Google Play. Trivial differences would be file timestamps, differences in few files that can be quickly understood to be harmless, like an API key not being included in the repository, although that is pointless as it sticks out in the diff even more.
  • 25 apps are closed source meaning neither the Playstore description, nor their website nor GitHub searched for their appId revealed any source code
  • 19 apps are for custodial services, the biggest being Coinbase. Coinbase recently reached 10 million downloads and with no other app reviewed having even 5 million, that is more users on Coinbase than on all open source wallets combined. Being your own bank ... not so much Sad
  • 18 apps turned out to be either not wallets, not for Bitcoin or they had only 1000 downloads or less.

This project is only getting started. If you want to look behind the curtain and maybe want to contribute, source for the website is public.

Now the next steps are:

  • Automate verification for wallets that were verifiable once
  • Efficiently collect wallet updates
  • Alert when verification fails
  • Build awareness
3  Bitcoin / Project Development / New project to scrutinize Bitcoin wallets: walletscrutiny.com on: December 14, 2019, 03:19:08 AM
We've been working on walletscrutiny.com for about two months now as a side project and hope to see many wallets that are currently "only" open source to care more about verification and make it into the "verifiable" category but the resonance in the community so far was underwhelming. How can we get users to care about the integrity of the wallets they are using?

With the community's support, this project could turn into a permanent thing, with new wallet versions automatically being checked as they are being published and we certainly would also expand to other platforms and more attributes.

Currently, being verifiable unfortunately doesn't mean that anybody would verify any code and we also have ideas how to fix that, starting with bug bounties, so security researchers actually care.

Any feedback welcome!
4  Bitcoin / Project Development / Is your Android Wallet secure? Most of the 37 wallets should scare you! on: December 14, 2019, 03:14:30 AM
We've been working on walletscrutiny.com for about two months now as a side project and hope to see many wallets that are currently "only" open source to care more about verification and make it into the "verifiable" category.

With the community's support, this project could turn into a permanent thing, with new versions being checked as they are being published and we certainly would also expand to other platforms and more attributes to look at.

Currently, being verifiable unfortunately doesn't mean that anybody would verify any code and we also have ideas how to fix that.

Any feedback welcome
5  Alternate cryptocurrencies / Altcoin Discussion / With the current ripple bubble(?) I wonder what one can do with it on: November 27, 2014, 07:37:19 PM
crypto coin tables gets a regular visit from me and today i noticed how ripple is doing totally exceptionally well. so well that i start wondering if there might actually be anything in terms of merchant adoption. is there a coinmap.org for ripple? is there a list of accepting merchants available somewhere? is there some hint on the number of users like the blockchain.info/wallet?
6  Bitcoin / Development & Technical Discussion / Mobile wallets with BIP70 extended public keys on: November 26, 2014, 07:43:55 PM
I'm implementing a (most likely soon to be open source) product that already kind of works with normal addresses but I would really want it to interact with BIP32 extended public keys coming from users' phones, most likely via a BIP70 payment request.

Is there any mobile or web wallet that does generate these requests or do they all merely understand and react to them?

In the absence of NFC (yeah, most phones don't have NFC still) a QR-Code representation would be cool but BIP72 talks about a link that's being communicated. In a server-less scenario that is kind of a problem and QR-codes (yeah, they must die but for now lets assume they will be around and dominant for another 5 years) can store by far more information than is necessary for an extended public key. Is there a standard and how would data for such a QR look like? Is BIP70 as maybe BASE64-encoded QR anywhere close to being a standard?

Thank you in advance for any hints.
7  Bitcoin / Bitcoin Discussion / Are miners HODLers? on: August 20, 2014, 06:01:38 PM
People speculated on reddit that the price went up 7% because the difficulty went up 20% resulting in 20% less coins flooding into the market.
I argue that miners are holders as they already made a long term commitment.

Please help me find out the truth Smiley
8  Economy / Service Discussion / piiko.com … recharge your mobile phone … gone? :( on: June 30, 2014, 03:44:37 PM
Hi

last time I recharged my phone, piiko was "in maintenance". Now, 2 weeks later again it's in maintenance? Or still? I was also surprised to not find any announcement of piiko here on the forum but they recharged my phone several times with no extra fees.

I'd hope to see some announcement thread of them here soon and not some "yeah, they are gone for good" as it was really as easy as it can get. Enter number to charge, pick amount and confirm carrier, send coins. No registration bullshit, so it was perfect to give some bitcoin love to friends that ran out of credit.
9  Other / Meta / PLEASE create a sub for all the µɃ/mɃ/bit/Satoshi-as-default requests on: May 06, 2014, 07:57:01 PM
All over the forum trolls ask to change the one or the other wallet/website to another default denomination in polls and lengthy posts. I'm so sick of that and it takes up a considerable amount of trafic on "Bitcoin Discussion", especially when looking at it over the years.
10  Other / Off-topic / The city of Valparaíso just had its most devastating fire.We want to help with Ƀ on: April 14, 2014, 11:43:21 PM
Hi

Andres Junge, one of the few Bitcoin Entrepreneurs here in Chile calls out for help for those affected by the devastating fire we just had last weekend here in Valparaíso, Chile.
Please consider helping those thousands that lost everything.

http://www.reddit.com/r/Bitcoin/comments/231oar/chile_valparaiso_on_fire_bitcoin_relief_fund/

Regards

Leo Wandersleb
11  Bitcoin / Bitcoin Discussion / BitBox: open source Chrome Extension to get quick info on any bitcoin address on: April 08, 2014, 04:13:30 PM
BitBox is the result of a Hackathon last weekend in the University San Sebastian in Santiago, Chile. We only had 5h to hack and were the only team with an actual result, so I'm pretty proud of it now Wink
Let me know how you like it and if you don't, please send merge requests with your improvement Wink

https://chrome.google.com/webstore/detail/bitbox/bcjdjalcfgbmbmdajpbbaboikhhlobkc

12  Other / Meta / I WANT TROLL-POST BUTTON NOW!!!! on: April 03, 2014, 04:30:44 PM
So there is an obvious troll provoking pages of non-sense replies while being a 4-post noob himself and all I can do is ignore today's busiest thread? Seriously? Reporting this so it gets removed would be sick. All that replied to him are feeding a troll but people want to through something at so much stupidity and we know that that is why trolling works. Please give us something to throw at them that doesn't make them happy. I heard you have the money to implement a simple troll button.
13  Bitcoin / Bitcoin Discussion / off-chain-transaction != banks (or if you solve this, you are filthy rich) on: February 17, 2014, 05:37:56 PM
Whenever people mention off chain transactions, others jump at him and shout "fractional reserve banks are evil" because they assume the only way to do off-chain transactions is to have a middleman who takes their money and will or will not give it to whoever they want to send it later.  This assumption is not true.

Off chain transactions can also be done without a third party. Please educate yourself about micropayment channels.
I think the off-chain-transactions are the most important thing since bitcoin itself because they allow transactions that are
  • instant (as in milliseconds)
  • free-ish (as in "as much as 0.01CPU-second and a 1kB package over the network costs")
  • arbitrarily small (as in "1 Satoshi minimum")
  • more private (in a sense, maybe)
  • without third party risk (and minimal third party risk for a full peer to peer version)

My prediction is that the first to actually solve this, has a potential to become filthy rich and this is how:
  • Implement microtransaction channel
  • provide an open API
  • provide an open source client
  • charge 1% + 1 Satoshi on every transaction
  • run it on TOR for users' privacy and your legal protection
What the client would have to do is talk to another client and funnel transactions through:
Lets say Anton wants to send Berta 1Ƀ: Anton and Berta have a micropayment channel with "torpay" (Anton@torpay and Berta@torpay).

To never entrust torpay with more than 1mɃ at a time, Anton does 1000 transactions that cost him 1%+1000 Satoshi = 10mɃ such that he sends the next 1mɃ only once Berta@torpay confirms having received the last 1mɃ. With this setting running through TOR it might actually take a minute or two.

Anton does a lot of transactions with many people, so he did not only lock up 1Ƀ but 10Ƀ, so now to buy a chewing gum, he can instantly send 0.1mɃ to Cesar@torpay in less than one second. Cesar sold another few chewing gums and the first 0.1mɃ chewing gum made torpay actually lock up 10mɃ worth of bitcoin to establish his channel for a week. He uses torpay anonymously, so neither does he know who runs torpay, nor does torpay know he's a chewing gum dealer named Cesar, yet he can use the channel to send and receive without having to trust torpay.

Cesar's cellphone is also payed by the second. His telephone company runs another implementation of the API as they don't like these anonymous torpay punks. Cesar@telko (runing on Cesar's phone) pays to service@telko (running at telko's server) in one second increments.

Dora has her own such server and configured it to relay to torpay and vice versa, so Cesar@torpay can pay to Dora@dorapay thanks to dorapay and torpay settling their balance in the background. This settling transaction would be used for all @dorapay to @torpay transactions, so Dora's friends (for example "friend123") can use Dora's server and torpay (actually run by the CIA) wouldn't be much wiser about money movements from the @dorapay network as the identifier "dora" or "friend123" would not be needed at torpay.

The API might expose some relay fees, so maybe dorapay and torpay take a 1% + 1Satoshi fee each or it depends on the direction of the payment but these details wouldn't be the worry of whoever wants to be the first mover. Most likely as soon as competition evolved, openness would be a big plus.

The open API + open source client will give users 100% trust they can't loose their money.

Why do we need this?
Lastly, many still praise Bitcoin as the instant for free payment network that it isn't. On-chain transactions are very very expensive and the 25Ƀ subsidy is blinding people of this fact.
We have a network that can do seven transactions per second. A transaction channel as described by Mike Hearn takes two transactions on the blockchain to open and close the channel. If every citizen of earth wanted to use Bitcoin, how many transactions could a user do per day … or year … or life? For "day" that would be 0.0000864. "Year" would be 0.03, or 3% of the world could do one transaction per year. Per 80 years life it would be 2.5. So how do we get from 0.0000864 transactions per day to 5 transactions per day? 10MB blocks won't cut it. Even only micropayment channels won't cut it but 12 months channels with 10MB block chain would get us a long long way and my vote is to use long transaction channels first and bigger blocks later.
14  Bitcoin / Press / [2014-02-16] La Tercera (Chile) – Bitcoin: El auge de la moneda virtual que … on: February 16, 2014, 03:12:48 PM
Bitcoin: El auge de la moneda virtual que sólo circula en la red
15  Other / Meta / suggestion to unsticky "List of all cryptocoins" on: February 11, 2014, 07:46:11 AM
I suggest to unsticky https://bitcointalk.org/index.php?topic=134179

User xorxor started a great project there but it has outlived its purpose by not really staying on top of new cryptos that pop up every day and others doing it bettertoo.

I assume all these:
http://coinmarketcap.com/
http://www.cryptocoincharts.info
http://cryptometer.org/
http://www.cryptmarketcap.com/
http://www.coinchoose.com/
http://mapofcoins.com/
http://www.coinwarz.com/cryptocurrency
http://dustcoin.com/mining
http://www.wheretomine.com/
http://800996.com/btc/
have their threads here in the forum, too, and some of them show much more coins and kind of more objective criteria than xorxor.

I'm not arguing that xorxor's contribution isn't valuable but a sticky post for his opinion is kind of putting things out of proportion Grin
16  Bitcoin / Press / 2014-01-28 ARD Tagesthemen – 3min. feature on Bitcoin on: January 29, 2014, 02:01:01 AM
ARD Tagesthemen is the daily news in German TV only second to ARD Tagesschau. Today they had a 3 minutes Bitcoin feature that most likely 2,000,000 people watched:
http://www.tagesschau.de/multimedia/sendung/tt5240.html

With koryu's help, here is the transcript:
Quote
Anmoderation durch Caren Miosga @16:37
Geld funktioniert nicht ohne Vertrauen. Nur wer fest daran glaubt dass die Scheine in seiner Hand mehr als nur ein paar schnöde Papierschnipsel sind, wird etwas wertvolles dagegen eintauschen. Bei der neuen Währung des Internetzeitalters, den sogenannten Bitcoins ist es noch schwieriger Vertrauen aufzubauen. Denn diese rein virtuellen Computermünzen sind unsichtbar und lassen sich nicht einmal anfassen doch trotzdem sind sie ein riesen Erfolg. Wer vor einem Jahr einen Bitcoin gegen $10 eingetauscht hat, kann ihn mittlerweile für $960 weiter verkaufen. Aber genauso rasant könnte der Preis der digitalen Münzen auch wieder fallen. Deshalb warnt die Bundesbank vor den Bitcoins und in Russland sind sie sogar verboten. In den USA hat aber jetzt – ganz analog – die erste Bitcoin Wechselstube eröffnet, wie Jochen Tassler berichtet.

Bericht @ 17:28
Dollars gegen Bitcoins. Im Moment ist das noch ein eher ungewöhnlicher Deal. Aber nicht überall. Das Bitcoin Center in New York ist genau dafür gemacht. Wer will, kann hier echte Scheine in virtuelles Guthaben tauschen und es gibt inzwischen einige, die wollen. "Ich glaube es ist die Zukunft von Geldgeschäften insgesamt und deshalb dachte ich, ich komme mal vorbei und kaufe ein paar Bitcoins."

Downtown Manhatten prominenter könnte der Ort für einen Bitcoin-Laden kaum gewählt sein. Raus aus der Niesche ran an die Nutzer, das wollen die Macher und arbeiten daran. Bei einigen Firmen kann man inzwischen mit Bitcoins bezahlen. Sie sollen eine echte Alternative zu Dollar und Co werden: Demokratisch, unabhängig, besser.

"Mit Bitcoin kann man jeden Betrag überall hin überweisen. Es geht sehr sehr schnell, es kostet keine Zwangsgebühren und niemand muss dazwischen geschaltet werden. Das Konto kann nicht eingefroren werden, man braucht auch keine Zustimmung von Regierungen, Firmen oder Banken, um bei Bitcoin mitmachen zu können."

Anders sind Bitcoins auf jeden Fall: Eine rein digitale Währung, nicht gedruckt sondern programmiert. Bezahlen ist hier vor Allem ein Rechenvorgang. Die Bitcoins werden in einer digitalen Geldbörse gespeichert. Darauf kann man mit einem Computerprogramm zugreifen ähnlich wie beim Online-Banking. Bei Transaktionen müssen sich beide Seiten mit einer elektronischen Signatur ausweisen, quasi als Unterschrift. Mit speziellen Computern überprüfen dann andere Nutzer sogenannte Miner die Überweisung, ein komplexer Rechenprozess. Erst wenn der abgeschlossen ist wird das Geschäft vollzogen. Die Miner bekommen als Belohnung neue Bitcoins.

Weil es keinen echten Gegenwert gibt, leben Bitcoins davon, dass die Nutzer an sie glauben. Hier ist das kein Problem. Im wahren Leben aber hat Bitcoin zuletzt negativ Schlagzeilen produziert. Im Herbst letzten Jahres machten US-Behörden das Internetportal Silkroad dicht. Einen Online-Umschlagplatz für Drogen, Waffen, illegale Papiere und Ähnliches. Bald stellte sich heraus, bezahlt hatten die Silkroad Kunden mit Bitcoins.

Gerade erst wurde in diesem Zusammenhang unter anderem Charlie Shrem festgenommen. Er war Betreiber einer Bitcoin-Börse und Vizepresident der Lobbygruppe Bitcoin-Foundation. Der Kernvorwurf: Geldwäsche. "Bitcoin ist attraktiv für Kriminelle, weil sie keine Bankkonten brauchen. Die Betreiber von Silkroad konnten schlecht Visa oder American-Express nutzen. Das wäre für Ermittler viel zu leicht nachvollziehen zu wesen. Einigen Ermittlungs-Behörden ist die Bitcoin Gemeinde daher ein Dorn im Auge. Sie fordern klarere Regeln gegen Geldwäsche und andere kriminelle Nutzung. Ob der Aufstieg der Währung vor diesem Hintergrund so weiter geht wie bislang, weiß niemand, auch wenn es hier alle hoffen.
17  Bitcoin / Bitcoin Discussion / Fundraiser: Promotion in Chile on: January 28, 2014, 02:46:19 AM
This project has failed to achieve any reasonable traction. The donors got their money back (The only donor who actually sent is the owner of the donation address).

If for any reason you want to revive this project, please contact me and don't send to that address below.

Thanks for those who actually supported the idea.

(cross post from reddit)

TL;DR: Would you contribute to pay a Chilean promo team to get restaurants to accept Bitcoin on a success basis?

Chileans don't trust Gringos
Promotion works via trust and Chileans don't trust Gringos. I want to get Chileans on the team and I have some contacts that I guess would be excellent to get restaurants into bitcoin. With this post I hope to raise some funds to pay them on a success basis with a declining premium for success as after the first success, it's an easier sell.

How much would it cost?
I contacted 90 shops and restaurants in Viña, Valparaíso, Santiago and Reñaca with paper wallets and about 50 conversations that went on for more than half an hour and could not win one shop to take bitcoin. Chile so far has one bar that accepts bitcoin in Santiago but it is a hard sell and I would definitely guess the first success of this promo team would deserve $150. Granting the follow ups $100 would put the first 10 restaurants to cost $1050. An actual promoter here told me her wage and it was $2.50/h although I would feel bad if they would end up earning such a ridiculous low wage as life in Chile is very expensive.
I would mobilize the team if $1000 of donations are met as getting things going with flyers in Spanish and teaching the 2-3 girls that showed interest would not be worth it for just an ultra short promo.

How do promoters qualify to collect the reward?
  • The restaurant has to accept bitcoin for at least a full month on any day the restaurant is open.
  • The restaurant has to be open 6/7 days.
  • The restaurant should be mentioned as such somewhere on the internet before 2014 (if there is no better criteria to prevent some private person from cooking for her promoter grand child).
  • It should be in Viña, Valparaíso or Reñaca which is the main touristic region in the 5th region of Chile.
  • We will advertise the restaurant throughout that first month and invite the local community to try it out and report if there were any issues.

Who collects donations?
Leo Wandersleb collects donations to this address: 1tip7grjMG8yHN3qM1nrVKmrn6WdTdkoP

Who donated?
  • Leo Wandersleb 120.97389mɃ
  • Coin4ce $100
  • you?

What happens if goals are not met?
If I decide to stop this effort, I will return the bitcoins to the last donors first, so please provide a return address if you don't want to get coins sent back to the first input of your transaction. This either happens if $1000 can't be raised by April 1st or if we decide to discontinue the campaign.[/s]
18  Alternate cryptocurrencies / Altcoin Discussion / Finding coins intended to be short-lived on: January 24, 2014, 02:13:21 AM
Watching the endless inflow of new alt-coins on the """list of all cryptocoins""" and seeing how even coins I never heard of were discussed for over 3k posts without making it on the list makes me wonder who are these people that pump just about any alt coin, trying to get legitimacy by being listed on whatever list of important whatevers? Could somebody please parse all the respective announcement threads and get some intelligence on the topic? I would be interested in:

How many posters are there per topic(how small is the group of supporters)?
How many of them discuss on more than one/two/three alt coins(get rich quick with whatevers)?
How many posters in the alt-coins only do post in alt coins(prime sock puppet suspects)?

I'm sure whoever parsed all these threads would get some interesting insights.
19  Bitcoin / Project Development / FluxBitcoin Monitor for Sony Smartwatch 2 on: January 17, 2014, 05:18:58 AM
Today I made a Bitcoin monitor app for the Sony Smartwatch 2. That's probably as niche as it can get with 0.01% having bitcoin and 0.0001% having that Smartwatch but I'd like to share it anyway with you.
I bought a Pebble and a Sony Smartwatch 2 for other projects and noticed that since then I'm only pulling out my phone to check the bitcoin price action, so I made that little app and guess it's quite ok for a one day project with market release (at this moment not yet listed in my market apps. Might take some hours.), video and bitbucket repo. Yes, it's open source, so if you don't like it, send me a pull request and I will happily improve it. Also if you happen to have a Smartwatch 1 (how many people do at all?) or some of the other Sony gadgets, maybe it would fit in there, too.
20  Bitcoin / Press / [2014-01-08] tele13 (Chile): "Bitcoins: Moneda virtual llega a Chile" on: January 08, 2014, 06:14:25 PM
http://www.13.cl/t13/tecnologia/bitcoins-moneda-virtual-llega-a-chile
Pages: [1] 2 3 4 5 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!