MyMonero.com - Security Issues

[illodin]

That is really shitty man. We aren't children on the playground gossiping about each other. Why would you post on the forum without first talking to the person you are accusing and asking them wtf is going on? You are no better than every fucking whiteknight SJW posting on tumblr. People like you make me sick.

Grow up and stop acting like a kid. Just send the dude a message and tell him what you're worried about. Are you so scared of him that you're posting this shit on a forum thread first? Coward.

You could've posted that on a whole lot of threads before this one, what made you to decide to get all concerned just now?

[1714134780]

1714134780

[1714134780]

1714134780

[manselr]

I don´t mind you investigating, when there is a flaw it needs to be fixed... if its a flaw.

But what i mind is that i do not understand that you call Monero a scam... but are perfectly fine about Dash´s shady past ( which we don´t need to get into because all has been said plenty of times )

It's reply-bait. The only purpose of this thread is so the words 'Investigate Monero' can be perpetually alive in the altcoin section, thus subtly insinuating that it's some kind of scam. The actual dialogue is meaningless.

Well, and it certainly worked because my mind automatically associated this thread with a Monero FUD thread.
As far as this goes, from what i've seen about fluffypony he seems like a legit hard working guy trying to make the coin better, let's hope he isn't another letdown. Personally I trust him more than Duffield.

[BlockaFett]

Like I keep saying, you have no idea what you are talking about.  The JS is just a wrapper to the api which is the backend which is closed source.

You seems not to know what people are trying to tell you.... yes, the API to interact with the blockchain are on the server side, but everything is done on client side.... the server side have only your viewkey, dont have your spend key, the onlything that mymonero knows about your monero wallet is your inputs... when you want to spend anything the encription is maded on client side... If you know "WEB" as you say you know be my guest and check the code...

OK so I check some of the JS and the first thing that jumps out is this:

(src: https://mymonero.com/js/services/account.js?2)



So looks like spend key and seed are being stored in the user's browser cookie which is sent to the server with every HTTPrequest.

...which would give 2 main problems:

1) Any browser you log into MyMonero.com will store an unencrypted copy of your spend key and seed (plus address / viewkey) in a cookie file on the disk

2) The spend key and seed are sent to the server on *every HTTP request* meaning that the data is there on the server, you just need one line of code to put that in a DB if you want.

I couldn't get past the create account page to grab the actual cookie, it was like this 2 days ago when I tried too...



So I can't generate the 'account' cookie from above to validate this code....and I can't try transactions to see what else might be sent up to the server....can someone from Monero who can login validate this? - i mean login successfully and then pull the actual 'account' cookie from a get request and paste it here so we can have a look? (obviously on a test account not on your actual XMR account if it contains your spend key)

BTW cookies are stored using Angular JS IPCookie: https://github.com/ivpusic/angular-cookie/blob/master/angular-cookie.js

[BlockaFett]

I dont mind people like BlockaFett with their usual BS and lies, he said on two occasions, that I can remember, he would leave the forums for months after being publicly humiliated only to return the next day to troll more, so we are dealing with pathological liar here, the worst are the ones that say to hate both Monero and dash/darkcoin as if it makes them look special or something, they are the real joy of the thread.

Btw since BlockaFett is so worried about Mintpal et al he should at least note the effort fluffy did to recover the users funds:

Important update for those that had funds on MintPal

We worked with the former MintPal developers who managed to get the wallet from the server, and we're happy to confirm that we have assisted them in recovering the *full* balance that was on MintPal. If you had Monero on it, you will have received an email from them, and you will be able to withdraw it. Not a single Monero was lost, which really is very fortunate.

Yes XMR was 100% safe on Mintpal, Ryan Kennedy went straight for the BTC and darkcoins.  Fluffy didn't need to do any 'work' unless there was a problem with the XMR wallet, Ferdous was already on the case refunding various coins.

Like your take on things Kazuki, typically twisted-reality like most of your ramblings.  Although I did say twice I would take a backseat on BCT, but everytime I did when I checked the forum there were the usual throngs of XMR trolls filling every page in the alt section with FUD and trying to bully people to buy Monero and slandering everything in your path so I feel like someone should stand up to your kind of behavior, if that's ok with you?  

[rdnkjdi]

Also some of you know me from lots of confrontations with core Monero supporters / devs on various threads with my Dash investor hat on, which I recently moved most of my alts into.

So I am not the person to be unbiased / neutral when discussing Monero - it's one of several competitors to my main investment so this gives me a conflict of interest when criticizing it.

I really appreciate this honesty.

But then we find out that Fluffypony has done this before in trying to setup the same type of site for Vertcoin (Vertpay.com) and raising $200,000 to develop that from VTC users.  And that he is also working on Paybee.com, another payment site.

Do you have any background on this?  When were the funds raised, how long the website has been in development, where the funds went etc?

As someone interested in following and owning some Moneros I appreciate the contribution.  Just like I appreciate the Monero supporters concerns over Darkcoin's premine.  People need to grow some skin and decide discovering the truth & negative opinions are your friend in a world that consists of 95% scams.

The Monero inflation really isn't setup to scam unless it's a long term (multi year) setup.  The price seems pretty stable stable compared to most currencies - probably due to inflation.

[BlockaFett]

Also some of you know me from lots of confrontations with core Monero supporters / devs on various threads with my Dash investor hat on, which I recently moved most of my alts into.

So I am not the person to be unbiased / neutral when discussing Monero - it's one of several competitors to my main investment so this gives me a conflict of interest when criticizing it.

I really appreciate this honesty.

But then we find out that Fluffypony has done this before in trying to setup the same type of site for Vertcoin (Vertpay.com) and raising $200,000 to develop that from VTC users.  And that he is also working on Paybee.com, another payment site.

Do you have any background on this?  When were the funds raised, how long the website has been in development, where the funds went etc?

As someone interested in following and owning some Moneros I appreciate the contribution.  Just like I appreciate the Monero supporters concerns over Darkcoin's premine.  People need to grow some skin and decide discovering the truth & negative opinions are your friend in a world that consists of 95% scams.

The Monero inflation really isn't setup to scam unless it's a long term (multi year) setup.  The price seems pretty stable stable compared to most currencies - probably due to inflation.

sure, there is an interview with Fluffypony where he describes vertpay & the funds he was trying to raise https://soundcloud.com/zerofiat/zero_fiats-vertcoin-update-05-06-2014

but it never got off the ground...there was a lot of pushback from the vertcoin community e.g. https://www.reddit.com/r/vertcoin/comments/2590id/hello_members_of_the_cryptocurrency_community/

and Fluffy cancelled it before joining Monero and setting up MyMonero.com:

To get back to this. For those that missed it, over the past ~48 hours (from Saturday night our time) there's been a systemic attack of VertPay by smearing me and alluding that VertPay is a scam-by-association. While this is blatantly untrue, it would appear that the Vertcoin community as a whole either do not want this IPO to continue or are unsure and swing this way and that. Thus we have decided to shutter the IPO and switch VertPay back to the original focus on launching with several currencies.

You can read more about the decision here.

Those that are still interested in investing in their private capacity under similar terms to the IPO, please contact me via PM or using the details / form on the site. We will continue unabated and unstopped:)

Here is some info on the latest payment site Paybee.com: https://bitcointalk.org/index.php?topic=583449.msg10964605#msg10964605

My issue with it is the pattern has been used by scammers to get in the middle of coins and take advantage, like Ryan Kennedy in the Moolah / DOGE scandal - the DOGE co-creator gave a good interview about it here https://soundcloud.com/mindtomatter/ltb-e156-the-moolah-story

Not saying that is definately what's happening here, and if it isn't then no harm in asking because it means they have been checked out / some due diligence has been done.  Although I think a web-wallet is totally inappropriate in an anon-coin like Monero though either way

[rdnkjdi]

Ah - I remember that drama over on Vertcoin's reddit although I wasn't paying that much attention.  

So he began by trying to raise the money - but eventually shuttered the entire thing without raising it if I understand correctly.

Didn't realize that was fluffypony.  Thank you for the background.

I tend to agree with you on the webwallet.  I still think it's the least of the compromises with anon tech in this space.  But I understand those who feel differently.

[BlockaFett]

Ah - I remember that drama over on Vertcoin's reddit although I wasn't paying that much attention.  

So he began by trying to raise the money - but eventually shuttered the entire thing without raising it if I understand correctly.

Didn't realize that was fluffypony.  Thank you for the background.

I tend to agree with you on the webwallet.  I still think it's the least of the compromises with anon tech in this space.  But I understand those who feel differently.

Yes, its morphed into PayBee.com now apparently which is self-funded i think.

Webwallet is one thing but on a Cryptonote coin, that relies on opaque blockchain where no one has access to distribution info / rich list / fund movements, if it can be used to give one entity that information it seems like a big compromise.  

And looks like user's private keys are being sent to the server on MyMonero.com in which case all that would be possible plus spending the coins but waiting for validation on that.

[smooth]

BlockaFett just as technical matter, you can't reverse stealth addresses even with private keys. So in order to see that coins are moving to Poloniex to allow front-running the market, the MyMonero client would have to send the public destination address to the server before performing ECDH on it. I don't think it does that, or at least there wouldn't be a good reason to do it.

If you find something like that in the code, you are on to something here, otherwise, that aspect of your presentation is debunked.

I don't really think there is anything wrong with the scrutiny here, but I don't see any major problems either, based on what you've shown so far. The cookies thing is interesting, I'd like to hear what the MyMonero developers or other JavaScript experts (I'm not) have to say about it.

The vertpay/paybee connection seems particularly pointless. If he raised money and stole it, that would be one thing, but he didn't. You say it is now self-funded (i.e. he's spending his own money to build a business). I see nothing wrong with it at all based on what you've stated.

[fluffypony]

Wow I get in a plane and Bitcointalk goes nuts in my absence:)

I think I'm going to start by addressing some of the concerns in BlockaFett's first post. I'd like to note, having read through this thread, that BlockaFett has not contacted me at all to discuss his concerns. I would really have appreciated that as being the first step here, but no matter.

So Fluffypony can technically access distribution / what funds are moving around for all MyMonero wallets which could give him leading info on the market and pumps / dumps etc, whilst no-one else can (being a Cryptonote coin you can't see anything on the blockchain like distribution).

It is absolutely correct that I can see information on MyMonero accounts that others obviously cannot.

On it's own this might be innocent / incompetent in terms of centralizing / deanonimizing Monero users and transactions whilst simultaneously claiming your coin is the most anonymous and decentrazlied coin.

I think you're misunderstanding how the viewkey works. I can see funds that are received, but I can't see which signature in an input is the correct one, so there's very little information I can exploit. At best I can see funds moving between MyMonero accounts, but I have no way of determining whether funds have been transferred out to an exchange or anything like that. Thus I cannot possibly use the information to give me information on dumps, and I cannot possibly know about "pumps" without simultaneously having access to everyone's BTC wallets.

I'd also like to point out that we have never claimed that Monero is the "most decentrazlied coin" (sic), and we definitely don't claim it is the "most anonymous". I'd be hard-pressed to define "most decentralised", but clearly Bitcoin is the only cryptocurrency with enough hashpower and a sufficient distribution of nodes to be called "most decentralised". In terms of anonymity, the ZeroCoin/ZeroCash cryptocurrency (as and when it is released) will offer privacy that is nearly absolute, and is thus would earn the crown of "most anonymous". It has other issues (such as cryptography that is untested and not yet sufficiently reviewed), but Monero definitely does not lay claim to that.

I think this may be your misinterpretation of what people are claiming.

But then we find out that Fluffypony has done this before in trying to setup the same type of site for Vertcoin (Vertpay.com) and raising $200,000 to develop that from VTC users.  And that he is also working on Paybee.com, another payment site.

I'm not sure the relevance of this or what connection you're trying to make here. Are you implying that it is bad for me to be building out services for the cryptocurrency ecosystem? Or is the implication that trying to publicly raise funds is bad? I don't see an issue with either - I/we didn't raise any funds in the end with VertPay, and we pivoted off that and repositioned ourselves to create a more generalised solution. I'm still not understanding what your implication is.

Next thing is that 95% of XMR volume is through one exchange, meaning open-season on price-manipulation, and bigger profits from anyone with leading info on what users are doing - and this has been the case for 1 year already, still no other exchanges

You are 100% correct on this. As has been pointed out in this thread already, though, I have made an effort, through MyMonero, to host a giveaway on Bittrex and try and shift some volume there. This is at odds with your implication that somehow I am in cahoots with Poloniex, profiting off their dominance.

So just connecting the dots but what if it's no accident that Monero wallet is dysfunctional after one year (crippled?) and so most wallets are on MyMonero.com and under the sole visibility of the core team, that all volume is still on Poloniex giving whales their a single place to manipulate after one year, that the GUI wasn't added even now Cryptonote has made an open source one so most people go to MyMonero.com, and all on the "most secure and untraceable coin".

The core team does not have visibility on MyMonero's data. Additionally, there are several GUI wallets that the website links to and that plenty of people use. And, too, the CLI wallet is not particularly difficult. Lastly, we put work on the GUI on the back-burner last year after the block 202612 attack, and we indicated publicly why we had to do this. It is imperative that we work to ensure everyone's funds are secure, rather than prematurely shove out some GUI.

Nonetheless, the code for the work we had done on the GUI has been made public: https://github.com/monero-project/monero-core so anyone can work on it and release it.

The CryptoNote GUI wouldn't work with Monero as our code is too differentiated, and there are fundamental changes we've made to the way wallets work and store data, and the way they communicate with the daemon.

Again, we have never claimed to be the "most secure and untraceable coin". Bitcoin is the most secure. ZeroCoin/ZeroCash will be the "most untraceable" (to its detriment, when coupled with the whiz-bang cryptography).

Plus we know that Monero did launch a crippled miner with things like useless loops inserted to slow the mining down, although we don't know if this was innocently copied in from Bytecoin or not.

No, we do know. Git is an amazing tool for being able to step back and look at where code comes from. You can use git-blame yourself on the crippled code, and you can also check where we caught the issues and updated them:

https://github.com/monero-project/bitmonero/commit/3cc45e9324a402aee91e2f46861b2ca393d711aa
https://github.com/monero-project/bitmonero/commit/44f61c3965d569c288520b75356ad3bdc68b47d1

And correlate that with mining hashrate at the time. You will observe that there was a rise in hashrate when we released those changes, not days/weeks before.

Let me ask you something: why would we have made those changes to the hashing algorithm that quickly and released them publicly, when we could instead have quietly mined for weeks or months before making those changes public?

Potentially, are we are looking at a coin *setup* as a scam here, with various parts crippled to make sure the core team are the only ones with access to the key 'behind the scenes' market information and are also actually big investors / traders, that all trade is through Poloniex, and then they go around accusing everyone else of being a scam whilst scamming XMR volume behind the scenes?

By the same token, Bitcoin is "potentially *setup* as a scam", as the core developers have access to information that nobody else does. Bitcoin's core maintainers know about features before they're even announced / released, and they could trade on that information. There is no fix for this, other than (I guess) to treat it as insider trading and regulate it accordingly. Trying to fix this problem right now is truly out of scope for Bitcoin, and is dramatically out of scope for us.

Maybe Cryptnote is a prime target for this kind of stuff because everything is hidden - in such an environment, MyMonero / Poloniex owners can go wild if they make use of the info that no one else can have....

As mentioned, there's little to no useful information I can gleam from MyMonero that would give me some edge in trading.

Every exchange can make use of their internal state, and they have WAY more access to information than MyMonero does. They can have their systems automatically pull their orders if there's a buy that will hit them, they can do all sorts of stuff. One need only look at Mtgox's Willy bot to see what exchanges can get up to. We have no way of verifying that Coinbase, Bittrex, btc-e, Bitstamp, Cryptsy, BitFinex, etc. *don't* abuse their internal state / information. So what are we going to do about it? Never use an exchange again?

I'm sure a lot of the Fluffypony fans will be outraged at this suggestion.  And I could be totally wrong.  But if your argument is "I know Fluffy wouldn't do that" then lol because you should no in crypto now anything like this can and does happen, regularly..

I've also said that it's a dumb argument to say "he's such a nice guy", because the best scammers *are* nice guys. That's precisely what con men do for a living. Knowing me is largely irrelevant and I would recommend that any trust is given based on my history and dealings with people. Sources of information could include, for example, the Bitcoin OTC web of trust: http://bitcoin-otc.com/viewratingdetail.php?nick=fluffypony

Additionally, one could consider that I had access to the Mintpal funds. Ferdous asked me for assistance because he couldn't gain access to the wallet (he was struggling to get it restored because it was in an older wallet format, and 0.8.8.6 didn't have the ability to restore that format, which is something we've subsequently fixed). Ferdous had no idea if the funds were still in that wallet. I could easily have told him that they were unfortunately stolen, and then just kept them for myself. It is no wonder that Ferdous said on Twitter: "IMO @fluffyponyza is one of the most honest, smartest and hardest working individuals in this space."

Now to answer some other things that have popped up:

But then we find out that Fluffypony has done this before in trying to setup the same type of site for Vertcoin (Vertpay.com) and raising $200,000 to develop that from VTC users.  And that he is also working on Paybee.com, another payment site.

Do you have any background on this?  When were the funds raised, how long the website has been in development, where the funds went etc?

At that stage when we wanted to raise funds there was quite a bit of backend development that had been done, all self-funded. We raised $0 because we cancelled the fund-raising as it was clear it was too controversial. This lead to some internal changes and a complete refocus of what we wanted to achieve, and a bit of a state of flux for a few months. After this was resolved we began working on the project again in the 2nd half of 2014.

BlockaFett's timing seems to be a little off, as by the time the VertPay funding was scrapped (middle of May, 2014) the Monero core team had already been formed, and we had forked the project away from thankful_for_today (after he refused to accede to the community's wishes). Thus I didn't "move on" to Monero, I was doing both simultaneously (as I continue to do).

OK so I check some of the JS and the first thing that jumps out is this:

(src: https://mymonero.com/js/services/account.js?2)



So looks like spend key and seed are being stored in the user's browser cookie which is sent to the server with every HTTPrequest.

...which would give 2 main problems:

1) Any browser you log into MyMonero.com will store an unencrypted copy of your spend key and seed (plus address / viewkey) in a cookie file on the disk

2) The spend key and seed are sent to the server on *every HTTP request* meaning that the data is there on the server, you just need one line of code to put that in a DB if you want.

This is 100% correct, but it is also old (as in it predates MyMonero's official launch). Why you're seeing a very old version of the main page is beyond me, but that version of account.js hasn't been around for many, many months. I've confirmed on multiple systems that index.html is passing the correct account.js, and that account.js does not contain that old code. Additionally, you're passing ?2, which is a cachebuster value that we use to ensure nobody is receiving a cached version. Whilst this doesn't match the cachebuster value right now (?4) it still shouldn't have served up such a very, very old file. This could very well be an issue introduced when we were deploying a Phonegap-based QR code scanner on Tuesday morning, but that was rolled back after an hour as it caused endless issues in its detection of mobile devices. To make doubly-sure that this isn't occurring anymore I've cleared every possible server-side cache that could have been serving it.

In order to confirm that this functionality was indeed accidental (in that it was poorly thought through) and also removed ages ago I checked archive.org. The most recent capture of MyMonero is from May 13th, 2015 (https://web.archive.org/web/20150513233042/https://mymonero.com/#/) and has the following account.js: https://web.archive.org/web/20150513233042/https://mymonero.com/js/services/account.js?1 - you can confirm in that, and older versions, that there is no cookie-storage code.

It is important to note JavaScript-based wallets are never going to be really safe, and MyMonero is no exception. I've said before that MyMonero is merely a stopgap solution until we have libraryise completed (so that third-party GUI developers can better hook into core functions) and/or we've found an SPV-style solution (our current work is on using a bloom filter for viewkeys instead of passing the raw viewkey) for lightweight wallets. In fact, the website even says quite clearly: "The clients below are ideal if you are using Monero for the first time".

BlockaFett, I appreciate very much that you have clearly indicated your bias. I understand, too, that you have an inherent desire to ensure people don't get screwed over, and I applaud that. But this is going to become a mud-slinging session and you know it. Whatever answers and responses I've provided above you won't be satisfied with, and eventually it is going to become a frustrating "shouting" match that will only leave things more confusing for the casual reader. I would like to suggest that we find some time for a Skype chat or a phone call to discuss this using a medium that is a little more immediate than Bitcointalk, and you or I can report back afterwards. I understand that you lack time and energy to invest into this, and I understand that. Having just arrived back home from Europe I can assure you that I don't have much time for a back-and-forth on Bitcointalk, but I do absolutely want you to be able to flesh this out and discuss it with me. I am more than happy to make myself available to you for discussion, and if there's anything specific in my answers above that you'd like me to clarify publicly I am also happy to do so.

[BlockaFett]

Fluffy / Smooth - thanks for your direct response and coming here to explain yourselves in a reasoned fashion.

Fluffy - Just on the cookie issue because that's what i'm looking at, MyMonero is definitely serving the account.js?2 verison *with* the priv key being sent to the server in the cookie on every http request (so like 10 times on every page refresh and I think there is even a keep alive to send it up too...)

View source on index.html gives this...



...same on Firefox / Chrome / Tor and from a few different locations so it is being served, for whatever reason, at least for me.

And on the web-archive you linked that's indexed today, it's there too if you just change the query string to a 2:

https://web.archive.org/web/20150604040007/https://mymonero.com/js/services/account.js?2

   accountService.setAccountCookie = function() {
            if (accountService.loggedIn()) {
                ipCookie('account', {
                    address: accountService.getAddress(),
                    view_key: accountService.getViewKey(),
                    spend_key: accountService.getSpendKey(),
                    seed: accountService.getSeed()
                }, {
                    expires: config.accountCookieTimeout,
                    expirationUnit: 'minutes'
                });
            }
        };

Maybe some other users can do a 'view source' on the homepage from their end and see which account.js they are getting but I can only get the cookie one above?

Seems like something that should be fixed pretty quick e.g. just delete that code from the server and I would guess existing users need to be alerted that they may have had cookies with their priv key stored in clear-text on disk that can be recovered potentially unless it's been manually shredded?

One question about your comment:  "As mentioned, there's little to no useful information I can gleam from MyMonero that would give me some edge in trading."

...but with the private keys being sent up to the server, that could be used to get a picture on distribution / richlist, plus if you see some of the large balances going up or down with withdrawals / deposits, wouldn't that be good for predicting pumps and dumps? (as statistically most of it I guess would be to Poloniex)

I appreciate what you are saying, but MyMonero has been live for what a year now (?) with the private keys going up to the server so assuming you fix it now, it has been happening up to this point.. at least for some people.......  

...So potentially some accounts are compromised and need to have funds moved because if those keys were intercepted in transit (like man in the middle / cross domain cookie hack / server breach / data retained on server was hacked) then those coins can be stolen at some point in the future too?

How come there is the secrecy too, why is the backend closed source, and also why no indication of how many people use MyMonero - yes its private but you know yourself as do Google Analytics so why not share this with everyone?  

Do you plan to keep MyMonero going and as the #1 option for a wallet presented to users? - how does that tie in with Monero being designed for untraceability / security, it doesn't seem to be achieving that?

[DaveyJones]

-

Code:

    <script src="js/filters/money.js?1"></script>
    <script src="js/filters/time.js?1"></script>
    <script src="js/filters/payment_uri.js?1"></script>
    <script src="js/services/account.js?4"></script>
    <script src="js/services/modal.js?3"></script>
    <script src="js/controllers/top_bar.js?1"></script>

This is what i get. Also account.js?4 is in line 56 on my source, you have it in line 57. The modal.js? also differs if you look.

[BlockaFett]

-

Code:

    <script src="js/filters/money.js?1"></script>
    <script src="js/filters/time.js?1"></script>
    <script src="js/filters/payment_uri.js?1"></script>
    <script src="js/services/account.js?4"></script>
    <script src="js/services/modal.js?3"></script>
    <script src="js/controllers/top_bar.js?1"></script>

This is what i get. Also account.js?4 is in line 56 on my source, you have it in line 57. The modal.js? also differs if you look.

what's your browser and exact URL?

Here's some cache results (so independent of client / location)

Google:



Bing:



Yahoo:



So ^ these are what the search engines index on their side, and they all use the account.js?2 the code that sends the private key / seed up to the server in the cookie...

The only one with account.js?1 is wayback....



.....Which doesn't send the private key

Maybe a URL rewriting issue?  But how come the cookie code is anywhere on the server should delete it really?

[fluffypony]

Fluffy - Just on the cookie issue because that's what i'm looking at, MyMonero is definitely serving the account.js?2 verison *with* the priv key being sent to the server in the cookie on every http request (so like 10 times on every page refresh and I think there is even a keep alive to send it up too...)

Ok so just to clarify: with AngularJS you basically just get index.html + a bunch of JS files, and then it gets "partials" (kinda like views in an MVC pattern) as it needs. BUT that's just static files. The stuff that is polled regularly / any actual interaction with MyMonero is done through the API. Now the MyMonero API is on a different domain (api.mymonero.com), so cookies are never sent to it (the cookie was explicitly for "mymonero.com", not ".mymonero.com" which would have included subdomains). So the risk we identified with it (ie. why we dropped that functionality) was because it would be included in static object requests, which is something that the developer who added that functionality in the very initial version never considered.

...same on Firefox / Chrome / Tor and from a few different locations so it is being served, for whatever reason, at least for me.

And on the web-archive you linked that's indexed today, it's there too if you just change the query string to a 2:

I understand that - what I meant is that ?2 should never be served by index.html:)

Seems like something that should be fixed pretty quick e.g. just delete that code from the server and I would guess existing users need to be alerted that they may have had cookies with their priv key stored in clear-text on disk that can be recovered potentially unless it's been manually shredded?

That code hasn't existed on the server (except as a git blob) for ages, so there's nothing to delete on that side. When you add ?2 to the file you're being served a cached file somewhere along the line, which is why I went and cleared a bunch of things server-side that could be caching it. I suspect the reason that actual file can still be accessed is because CloudFlare has longer lived caching on some of their endpoints. But beyond that nobody should ever be served ?2, so the caching of the actual JS should be/have been largely irrelevant.

Re: shredding, we don't log static object requests, as that just clutters the log, and we've never logged cookies (even when we do receive them). Since all the heavy lifting is done client-side, and then on the server side by the API, the static objects are just cached aggressively and served as quickly as possible. Logging would interfere with that. We also don't log much of anything else, because I don't want to have an environment where I've got metadata that can be requested by LEA.

One question about your comment:  "As mentioned, there's little to no useful information I can gleam from MyMonero that would give me some edge in trading."

...but with the private keys being sent up to the server, that could be used to get a picture on distribution / richlist, plus if you see some of the large balances going up or down with withdrawals / deposits, wouldn't that be good for predicting pumps and dumps? (as statistically most of it I guess would be to Poloniex)

I appreciate what you are saying, but MyMonero has been live for what a year now (?) with the private keys going up to the server so assuming you fix it now, it has been happening up to this point.. at least for some people.......  

Nowhere near a year:) It's been up since the end of last year (so about 5 months), and as mentioned above private keys weren't going to the API, and static requests weren't logged.

...So potentially some accounts are compromised and need to have funds moved because if those keys were intercepted in transit (like man in the middle / cross domain cookie hack / server breach / data retained on server was hacked) then those coins can be stolen at some point in the future too?

Yes absolutely to the MITM risk that existed with that code snippet, or to the risk that I'm outright lying and we've logged everything. But, at the same time, the risk profile doesn't change: if I really wanted to I could serve up some obfuscated JS buried deep in the code (not obvious and outright like you've seen) that surreptitiously sends me private keys. That's the risk you take with any webwallet, Bitcoin or otherwise, and that is why it doesn't matter how much is done client-side, you still have to trust the operator 100%. I don't think (or hope) that anyone that uses MyMonero is under any illusions there. They have to trust me, it's the nature of using a web wallet.

How come there is the secrecy too, why is the backend closed source, and also why no indication of how many people use MyMonero - yes its private but you know yourself as do Google Analytics so why not share this with everyone?

It's a commercial project that cost a lot of money to develop and build out by a small team of accomplished developers. This isn't something I hacked up on a weekend, and I'm also not the only owner (Risto Pietilä owns half of it). There's no secrecy with the backend, it's just a commercial project that isn't going to be made open-source just yet. We do have long-term plans to provide a user-hostable version, but right now it's just too complex and "delicate" to release.

No you can't have an indication as to the userbase for two reasons. Firstly, it's a commercial project, and the Google Analytics stats are not public. Secondly, even if I provided stats on the number of viewkeys it's all rather meaningless, as it's really easy to create multiple accounts.

Do you plan to keep MyMonero going and as the #1 option for a wallet presented to users? - how does that tie in with Monero being designed for untraceability / security, it doesn't seem to be achieving that?

No, it'll be replaced by Monero Core as the first option when that is completed. MyMonero fills a usability gap that couldn't be filled with Monero Core fast enough, and there was (and is) a need for those that are interested in tinkering around with Monero to have something that they could use.

I would never, ever recommend anyone store large quantities of value in Monero itself (which is somewhat trivially attacked by a motivated attacker with enough mining power) and definitely not in MyMonero. But overall I think you misunderstand what Monero is trying to achieve. It's not designed to be some super-secret currency that is so private that nobody even knows it exists. It's not designed to fill some specific use-case like "buying dildos on the dark web". It is designed to be truly fungible, sure, but that is only one aspect of its design.

Things like our eternal emission (to retain mining incentives), or the move to a 6-month rolling hard fork window, are there to make Monero useful. Things like OpenAlias, and the slowly-increasing easy-to-understand content on GetMonero.org, are there to make Monero usable. Transactional privacy is a core feature, but even that is not yet complete (eg. we still have to implement the changes posited in MRL-0004). We ultimately want Monero to be easy to use by everyone, whether they're very familiar with cryptocurrencies or not.

[DaveyJones]

what's your browser and exact URL?

Fireforx 38.0.5 , URL = mymonero.com as you ask. And im from Germany and as fluffy brought up of maybe Cloudflare being the reason... usually i get routed to the Cloudfare Frankfurt servers afaik when some sites using Cloudfare were down.

[BlockaFett]

what's your browser and exact URL?

Fireforx 38.0.5 , URL = mymonero.com as you ask. And im from Germany and as fluffy brought up of maybe Cloudflare being the reason... usually i get routed to the Cloudfare Frankfurt servers afaik when some sites using Cloudfare were down.

Yes looks like some cache issue probably triggered by the different URL rewrite patterns e.g. when i type in mymonero.com it redirects to this (using ?2 *with* the cookie code)

https://mymonero.com/#/

But if I type mymonero.com/index.html it rewrites to this: (using ?2 *without* the cookie code)

https://mymonero.com/index.html#/

so probably based on location, you get the different versions, based on the cache you are hitting, I would guess...

[BlockaFett]

Fluffy - Just on the cookie issue because that's what i'm looking at, MyMonero is definitely serving the account.js?2 verison *with* the priv key being sent to the server in the cookie on every http request (so like 10 times on every page refresh and I think there is even a keep alive to send it up too...)

Ok so just to clarify: with AngularJS you basically just get index.html + a bunch of JS files, and then it gets "partials" (kinda like views in an MVC pattern) as it needs. BUT that's just static files. The stuff that is polled regularly / any actual interaction with MyMonero is done through the API. Now the MyMonero API is on a different domain (api.mymonero.com), so cookies are never sent to it (the cookie was explicitly for "mymonero.com", not ".mymonero.com" which would have included subdomains). So the risk we identified with it (ie. why we dropped that functionality) was because it would be included in static object requests, which is something that the developer who added that functionality in the very initial version never considered.

...same on Firefox / Chrome / Tor and from a few different locations so it is being served, for whatever reason, at least for me.

And on the web-archive you linked that's indexed today, it's there too if you just change the query string to a 2:

I understand that - what I meant is that ?2 should never be served by index.html:)

Seems like something that should be fixed pretty quick e.g. just delete that code from the server and I would guess existing users need to be alerted that they may have had cookies with their priv key stored in clear-text on disk that can be recovered potentially unless it's been manually shredded?

That code hasn't existed on the server (except as a git blob) for ages, so there's nothing to delete on that side. When you add ?2 to the file you're being served a cached file somewhere along the line, which is why I went and cleared a bunch of things server-side that could be caching it. I suspect the reason that actual file can still be accessed is because CloudFlare has longer lived caching on some of their endpoints. But beyond that nobody should ever be served ?2, so the caching of the actual JS should be/have been largely irrelevant.

Re: shredding, we don't log static object requests, as that just clutters the log, and we've never logged cookies (even when we do receive them). Since all the heavy lifting is done client-side, and then on the server side by the API, the static objects are just cached aggressively and served as quickly as possible. Logging would interfere with that. We also don't log much of anything else, because I don't want to have an environment where I've got metadata that can be requested by LEA.

One question about your comment:  "As mentioned, there's little to no useful information I can gleam from MyMonero that would give me some edge in trading."

...but with the private keys being sent up to the server, that could be used to get a picture on distribution / richlist, plus if you see some of the large balances going up or down with withdrawals / deposits, wouldn't that be good for predicting pumps and dumps? (as statistically most of it I guess would be to Poloniex)

I appreciate what you are saying, but MyMonero has been live for what a year now (?) with the private keys going up to the server so assuming you fix it now, it has been happening up to this point.. at least for some people.......  

Nowhere near a year:) It's been up since the end of last year (so about 5 months), and as mentioned above private keys weren't going to the API, and static requests weren't logged.

...So potentially some accounts are compromised and need to have funds moved because if those keys were intercepted in transit (like man in the middle / cross domain cookie hack / server breach / data retained on server was hacked) then those coins can be stolen at some point in the future too?

Yes absolutely to the MITM risk that existed with that code snippet, or to the risk that I'm outright lying and we've logged everything. But, at the same time, the risk profile doesn't change: if I really wanted to I could serve up some obfuscated JS buried deep in the code (not obvious and outright like you've seen) that surreptitiously sends me private keys. That's the risk you take with any webwallet, Bitcoin or otherwise, and that is why it doesn't matter how much is done client-side, you still have to trust the operator 100%. I don't think (or hope) that anyone that uses MyMonero is under any illusions there. They have to trust me, it's the nature of using a web wallet.

How come there is the secrecy too, why is the backend closed source, and also why no indication of how many people use MyMonero - yes its private but you know yourself as do Google Analytics so why not share this with everyone?

It's a commercial project that cost a lot of money to develop and build out by a small team of accomplished developers. This isn't something I hacked up on a weekend, and I'm also not the only owner (Risto Pietilä owns half of it). There's no secrecy with the backend, it's just a commercial project that isn't going to be made open-source just yet. We do have long-term plans to provide a user-hostable version, but right now it's just too complex and "delicate" to release.

No you can't have an indication as to the userbase for two reasons. Firstly, it's a commercial project, and the Google Analytics stats are not public. Secondly, even if I provided stats on the number of viewkeys it's all rather meaningless, as it's really easy to create multiple accounts.

Do you plan to keep MyMonero going and as the #1 option for a wallet presented to users? - how does that tie in with Monero being designed for untraceability / security, it doesn't seem to be achieving that?

No, it'll be replaced by Monero Core as the first option when that is completed. MyMonero fills a usability gap that couldn't be filled with Monero Core fast enough, and there was (and is) a need for those that are interested in tinkering around with Monero to have something that they could use.

I would never, ever recommend anyone store large quantities of value in Monero itself (which is somewhat trivially attacked by a motivated attacker with enough mining power) and definitely not in MyMonero. But overall I think you misunderstand what Monero is trying to achieve. It's not designed to be some super-secret currency that is so private that nobody even knows it exists. It's not designed to fill some specific use-case like "buying dildos on the dark web". It is designed to be truly fungible, sure, but that is only one aspect of its design.

Things like our eternal emission (to retain mining incentives), or the move to a 6-month rolling hard fork window, are there to make Monero useful. Things like OpenAlias, and the slowly-increasing easy-to-understand content on GetMonero.org, are there to make Monero usable. Transactional privacy is a core feature, but even that is not yet complete (eg. we still have to implement the changes posited in MRL-0004). We ultimately want Monero to be easy to use by everyone, whether they're very familiar with cryptocurrencies or not.

Ok so my points would be:

API - I understand it's on a different sub domain so it doesn't get the cookie with the send key, same with google analytics.. It is going to mymonero.com though so not sure how much difference that makes (from pure exploit point of view). I think it's plausible that a dev might not have spotted this though like you say.

Cache - again, plausible that this is the cause as you say

Shredding - no I meant on the client side - for the MyMonero users who's cookie with send-key / seed being sent to the server, locally that cookie was on their HD during the session, so if someone else accesses the HD they could potentially recover everything to hijack that wallet from clear-text....so they should probably be alerted and move their funds to a new address (and because the cookies could have been intercepted in transit etc anyway)

Private key propagation - yes they weren't going to the API but they were going to mymonero.com in every request (for the ?2 users) so it would be trivial (from an exploit point of view) to insert code server side to read this and retain it and use it later and serve that ostensibly through a flat html file (using an http module or extension mask or whatever you want).  Not saying you *are* doing that, but it is *possible* with this setup, which is the reason I raised it.

Confidentiality on your stats / demographics - sure, not for me to say, just asking.  

Replacing Monero Core as the first option - Yes as an observer that would seem to be the obvious way to go but again not for me to say.

Not storing large quantities on MyMonero - Sure, after Mintpal IMO I would say this about any centralized store of coin info...if you got hacked and the private keys are moving from the client to the server then through various scenarios it could be a similar outcome, just me but as a user I would want to be told that from the outset on the choose page but again not for me to say

Monero design goals - I am not an expert, the above situation seems like a contradiction to what I heard from some of your 'evangelists' but as I never bought Monero I don't think I qualify to try to say what is should be for.. I hold Dash as you know and if we were talking about a Dash web wallet plus these issues here i would be saying exactly the same thing, anyway..

[coins101]

Just pulling up a seat before catching up with events tomorrow.

Hold on, this is a third party service we're talking about?

[DaveyJones]

Just pulling up a seat before catching up with events tomorrow.

Hold on, this is a third party service we're talking about?

WebWallet like blockchain.info

[celestio]

BlockaFett admitted himself that this thread is a "troll" thread/entirely worthless. It has no factual information and is only biased speculation as BlockaFett is a DASH supporter. Of course we could do the opposite and talk about DASH's 2million coin fraudulent instamine...which is factual.

I don´t mind you investigating, when there is a flaw it needs to be fixed... if its a flaw.

But what i mind is that i do not understand that you call Monero a scam... but are perfectly fine about Dash´s shady past ( which we don´t need to get into because all has been said plenty of times )

Not calling Monero a scam, because I have zero evidence that it is.  OP is speculation and I am biased like I said.  Just sharing the info with my tinfoil hat on.

Most coins have something shady in their past.  Dash beginnings are probably the most investigated, I checked it out and decided to invest, that's it really, everyone make their own decision.

It's going to be too hard for me to add any value on anything here, kind of looks just like Dash supporter attacking Monero which wasn't the intention.