Wallet.is a service striving to succeed where instawallet has failed

[roalwe]

tvbcof and passerby

Thanks a lot for suggestions!

I like many of them, so I'll discuss them with the rest of the team and we'll start working right away. I like the "internal transaction" suggestion, though I'd rather avoid using either emails or long "bitcoin not-a-bank account numbers" as internal identifiers. I am considering bitcoin address of the vault itself (gox style) though I am open to other suggestions.

Also, I have a few ideas of my own that, to the best of my knowledge, aren't part of any wallet service currently done
Wallet.is team will do our best to amaze

[passerby]

I think internal transactions should be your priority.

Also, perhaps, make a special non-announcement thread for feature suggestions ?

[z12]

Receive a cold btc address from users so it can be used for verifications by signing messages and withdrawing user's coins to that particular address in case of "insta-wallet" kinda thing happened so users won't have to go through a claim process.
This address can be used for recovering lost address/password and the address itself should be changeable provided you can sign a 64 random letter text proving you own the address.
I think it would be far more anonymous than providing email kind of thing

[passerby]

I kinda like z12's idea, especially since dead man's switch (which is among my fav. features) involves providing a btc address anyway.

[apetersson]

i think it would make sense to have a url structure like

https://wallet.is/key/5KdN2Qrb5peKKmtpFU9A6owijy1a2sHNo6JcuGMy1iTn5dBjKWt

where the key is the actual private key.

that way, you only have to maintain a generic index of all adresses. Intentionally do no keep any logs.

if your service goes offline anyone can still import their key into a wallet.

[Matoking]

http://support.google.com/webmasters/bin/answer.py?hl=en&answer=93710

Add the noindex meta-tag to your wallet pages so the pages won't get indexed by Google, even accidentally. The robots.txt file isn't sufficient enough, since it doesn't prevent links from other sites being indexed.

[roalwe]

Hi guys!

Just a quick update: We have support for LTC:
https://ltc.wallet.is

More to come - working frantically on new features

Posting from mobile.

P.S.:

Matoking, will add (better safe than sorry )

apetersson, I think that having privkey in the url creates more issues than it solves (it does not solve the trust issue itself, and may create additional nasty edge cases)

P.P.S.:
I have, recently, devised something very special for "internal transactions" thing.

Stay tuned for more updates

[Vod]

tvbcof and passerby

Thanks a lot for suggestions!

I like many of them, so I'll discuss them with the rest of the team and we'll start working right away. I like the "internal transaction" suggestion, though I'd rather avoid using either emails or long "bitcoin not-a-bank account numbers" as internal identifiers. I am considering bitcoin address of the vault itself (gox style) though I am open to other suggestions.

Also, I have a few ideas of my own that, to the best of my knowledge, aren't part of any wallet service currently done
Wallet.is team will do our best to amaze

I believe the fact you glossed over TF's issues without any defense shows his comments were dead on.  You are going to collect as many coins as you can then disappear.  

[roalwe]

tvbcof and passerby

Thanks a lot for suggestions!

I like many of them, so I'll discuss them with the rest of the team and we'll start working right away. I like the "internal transaction" suggestion, though I'd rather avoid using either emails or long "bitcoin not-a-bank account numbers" as internal identifiers. I am considering bitcoin address of the vault itself (gox style) though I am open to other suggestions.

Also, I have a few ideas of my own that, to the best of my knowledge, aren't part of any wallet service currently done
Wallet.is team will do our best to amaze

I believe the fact you glossed over TF's issues without any defense shows his comments were dead on.  You are going to collect as many coins as you can then disappear.  

His issue can be boiled down to "server side storage is not trustworthy".

We at wallet.is don't aim to somehow mend the fundamental trust assymetry of server-side wallets, but we intend to make up for that in valueable features and ease of use. We hope that, by providing a reliable and feature-rich service over a long period of time we shall, eventually, prove ourselves to be "trustworthy enough" for certain use cases.

If I wanted to steal coins, I would have been far better off with something along the lines of pirate scam (entraping people with greed is far easier than entrapping them with a feature rich service - much less code that way )

[tvbcof]

...
If I wanted to steal coins, I would have been far better off with something along the lines of pirate scam (entraping people with greed is far easier than entrapping them with a feature rich service - much less code that way )

While I wait for your efforts and others to develop...

I was looking around for a way to dispurse more of the BTC that I wish to trust with a single on-line wallet (blockchian.info) and notice 'strongcoin' and there actions to fuck a thief (which I found both appropriate and highly amusing.)

In researching 'strongcoin' I spotted no significant discussion on this forum, and much more importantly, the actual personally identifiable information on those behind the effort was, in my opinion, sorely lacking.  Although it could be bogus, the amount of information along these lines which ~puik saw fit to publish was/is a strong selling point to me in using the blockchain.info solution.

I only mention it in case it influences how you structure your offering as things evolve.

[bitcoincraps]

Two factor authentication is very important for this kind of wallet...

[apetersson]

apetersson, I think that having privkey in the url creates more issues than it solves (it does not solve the trust issue itself, and may create additional nasty edge cases)

please explain to me what these edge cases are.

if the secret part of the url can leak, it is certainly equally bad as an attacker can empty the wallet.

by not keeping the actual private keys on your server only in memory for a short amount of time you avoid many hacking problems.

[mrbitbank]

Unless I'm the only person that has my private keys, and all signing is done on my computer, you are a fucking dumbass if you use this wallet because you will lose "your" coins.

You just admitted that nothing is 100% safe. Besides, do some reading.. the chrome extension for Blockchain.info is quite secure. Not bulletproof of course, but a hundred orders of magnitudes better than your current setup with is "send me coins".

Here is what WILL happen (guaranteed):

1. Operator goes AWOL, with no renewals server goes down
2. Operator disappears along with the coins in the wallet. Possibly a "hack" explanation.
3. Site actually gets hacked by someone else, you lose some or all of your coins

Don't store private keys on server.

If you don't have the private key, you don't own the bitcoins. Period.

Sorry if I'm a bit harsh, but this will end up with people losing their bitcoins to a hacker, to you, or to /dev/null.

Especially considering how the operator was registered a couple of days ago, he most likely saw how instawallet could have stole 10 million USD and wanted to scam others.

So right, I agree that if you do not control your own private keys you do not own the coins