.

[wisard]

What are your security measures?
What percentage of funds are kept in cold storage?
Do you intend to provide 2-factor authentication?

Keeping % of funds in cold storage is not the only solution, ofcourse its a good security measure, when something drastic happens it will minimize the damages, only the funds in the wallet is lost. In one of the recent event, one of the exchange followed the cold storage method still they had to shutdown the exchange. Of course your funds are important to us and we have designed\developed system that in mind and which are hosted in secure servers.
We are not intending to provide 2-factor authentication currently, all the communication happens on secure socket layer. You always have 4 attempts to login, if you fail you have to reset the password over your email. Which is simple and still effective.

So do you keep funds in cold storage? Cold storages help against theft.
Not against regulation that can get an exchange shut down.

Also, 2 factor authentication is an absolute requirement as it keeps your money safe even if your laptop is stolen or a spyware gets installed on your computer.

Bitfloor and btc-e hacks have shown us that this is the bare security requirement for a bitcoin exchange: cold storages and 2-factor authentication.

You can't take a lean startup approach to a venture where money is involved as a product. You can't fix bugs as they occur. You have to provide more security than your usual social media or blogging based startup. If you don't intend to provide these security measures yet, you should re-think and change your intention.

[1715667166]

1715667166

[subvolatil]

So  basically we  have  no  way to  verify  if,  you  are  who  you  say you  are.  ther is  nothing  that can  link  you,  no phone  number,   no  proper  address.  dont  even know  if  you  are  real.

Secondly  you  have  no  two  factor  auth,  so i  can  safely  amuse  that your  site  is  venerable  to sql injection  tooo, if  you  are  not  able  to  even impliment  a   simple  two factor  auth  on  your  sites.   .   come to  think  of  it, it's   quite  odd  that  some  of the  business that  sell bitcoin  came under  a ddos  attack   before  you  guys   announced  your  self.  coincidence may be may be not .

You guys  seems  to  be  highly  reluctance  to  give out  your   identy  to  make  every one  feel secure. that raises  a  big  red  flag.  as  far  as  i know  you  could  be  my neighbor next  door,  your  information  is  not   sufficient .

Let  me  tell you  some  thing, in a  country  filled  with  scam  artist,  for you  to  do  business  you  will have  to   assure  your  customers  that you can  be  trusted .,  right  now  there  is  no  trust .

As  for  now  i  would  put  a   RED FLAG  on  i-co.in , Sree Vinayaka Enterprises or iCoin .

P.s - Bitcoin is an  open  community   if you  want  this  community  to   trust  you  stay in a  open  manner.   dont  try  to  hide  or   obscure   details  and  twist  things  around.  


By  the  way in  an  earlier  post  i think you  said  you  were  a  partnership ,  now  it  is a  enterprise  with a  "CEO"  Who is the  chairman?  but  then again  that is only in  a  "Company" ,  some  thing  is  real fishy.

I'm not  convinced

[subvolatil]

Arjun  ( icoinv)  you are now making  your  self look really ignorant, about  the  bitcoin community , and  frankly  what you just  said  suggest  that  we  in the Indian  bitcoin  community  should  settle  for a  bellow  standard  security.  I really wonder  what you know  about  the  bitcoin community  as a  whole.

 I really  dislike  people who  see bitcoin as a  quick money  making  scheme. i wonder  if that is  the  same  with you .  looks like  you  patched up a  website in a  hurry  with  verry  little  security  and  used a  firm, or  some  enditity to  start  up this  business (wonder  if  that enterprise is  like a  family  owned  old  business  you are  using  as  cover).  and  you have  made  sure  to  hide  all of  your  details  .  so , no can  identify you. if you cannot  meet  the  basic  security needs and  identity  disclosure , you  are  better  off  working  in what ever  company you are  working  as a  programmer.  

[subvolatil]

CEO is  just  a  designation ..  looks like  you   also  don  have  any   experience  in   business. or  running a   company.  let  me  educate  you ,


In  a  partnership  firm  the  partners  are the  designation.the  profit   sharing   ration  in the business.  in a   company  established  by the  companies act  of  1957,  a  company is an  entity ,  with   shareholders   who  elect  a  chairperson who   appoints  a  CEO.  (my memory is  a bit  vague  but  this  is  about  right.)

[subvolatil]

are  you  a  partner ,  managing  director , or  a  CEO..
If  you have   partners how  many , what  are their  background   and their  entire  details. 

But  i  guess  it  useless  trying  to  save a  drowning  ship. 

Awh  well best  of  luck  on  your  other  endeavours.

hard  to lie  you  way out of this  one chum.

[subvolatil]

Thank you  for  your  honesty. in not able  to  win  my  trust.

  From  my  side  it  a  Red  Flag for  you  organisation  i-co.in or  Sree Vinayaka Enterprises[S.V.E]  what ever  you call it.


I  dont  know  what the others   would  want to  say  about this . 

So  guys   a  little   feedback on  this  would  be  appreciated 

[Benson Samuel]

Icoinv does have a point here. He does not need to prove his identity or the firms as long as he conducts honest business.

While I would still advice everyone to tread cautiously, I have seen looser knit businesses than these making a good trust based product by the end of their stint.

Its an open market.
I won't be registering yet as there is a need for PAN card and I do not need INR, hence I can't proceed as per the sites rules.
If anyone feels that trust is lacking, then please do not register/ trade.

But let us avoid accusations. This is a new business and as the Bitcoin India community, we have a duty to help everyone grow.

Hope that made sense.

[subvolatil]

Agreed  Benson Samuel there is no  accusations here  just a  red flag  of  caution.

be careful.  people.

icoinv build  your  trust.  hope you  do  business  in a  fare  manner.

Edit :-
Forgot  to mention  ,  most  of the  questions  i asked  was not  answered.  so  before signing up and   transferring  your  funds   think twice.

[Benson Samuel]

Edit :-
Forgot  to mention  ,  most  of the  questions  i asked  was not  answered.  so  before signing up and   transferring  your  funds   think twice.

And for the rest of you toddlers out there, make sure you drink your milk.

:p

[subvolatil]

Edit :-
Forgot  to mention  ,  most  of the  questions  i asked  was not  answered.  so  before signing up and   transferring  your  funds   think twice.

And for the rest of you toddlers out there, make sure you drink your milk.

:p

was  that  for me . :-) 

Awwww  that so  sweet.  Benson stop pulling my chain . arnt  you  out  of cigs yet.. 

[ninjarobots]

icoinv

Arjun Kumar

+91.9902695939  

Tech Name: Sujathamma K A  
Tech Email:icoinv@gmail.com
Name Server:GNS19.HOSTGATOR.IN
Hostgator? hmm....

Sundeep +919902695939
Karnataka Telecom Circle, Airtel India  

~ Unleash the Great Ninja Power.

[wisard]

Many banks dont have 2 factor authentication, one cannot assume the security features about a system.

Oh come on - why would you even compare bitcoins with fiat currency?

Bank transactions are reversible. Bitcoins are not.
A bank is insured. Your exchange is not. You cannot make things right like a bank can if theft occurs.

You need to provide security that BSE provides - if you want to compare yourself, compare yourself with an exchange. Match their security standards.

[wisard]

Icoinv does have a point here. He does not need to prove his identity or the firms as long as he conducts honest business.

While I would still advice everyone to tread cautiously, I have seen looser knit businesses than these making a good trust based product by the end of their stint.

Its an open market.
I won't be registering yet as there is a need for PAN card and I do not need INR, hence I can't proceed as per the sites rules.
If anyone feels that trust is lacking, then please do not register/ trade.

But let us avoid accusations. This is a new business and as the Bitcoin India community, we have a duty to help everyone grow.

Hope that made sense.

No. No. No.

Just because Bitcoins is not too popular in India does not mean we shouldn't question people who try to build businesses around the bitcoin ecosystem.

Bitcoins - because of its value - attract attacks. You actually have to expect attacks if you start a bitcoin related business. That is why you should absolutely challenge an exchange on their security procedures. Its not about my trust in whether the company will run away with my bitcoins. Its about my trust whether the company is even capable to protect my bitcoins from attacks.

If you don't question them, they won't improve, and it will lead to a few people losing their bitcoins before the community learns a lesson. We don't need to learn these lessons first hand - when we have seen what has happened to other exchanges already.

We don't have a duty to help any business grow, we have a duty to make sure that only the right business can grow.

[Benson Samuel]

Icoinv does have a point here. He does not need to prove his identity or the firms as long as he conducts honest business.

While I would still advice everyone to tread cautiously, I have seen looser knit businesses than these making a good trust based product by the end of their stint.

Its an open market.
I won't be registering yet as there is a need for PAN card and I do not need INR, hence I can't proceed as per the sites rules.
If anyone feels that trust is lacking, then please do not register/ trade.

But let us avoid accusations. This is a new business and as the Bitcoin India community, we have a duty to help everyone grow.

Hope that made sense.

No. No. No.

Just because Bitcoins is not too popular in India does not mean we shouldn't question people who try to build businesses around the bitcoin ecosystem.

Bitcoins - because of its value - attract attacks. You actually have to expect attacks if you start a bitcoin related business. That is why you should absolutely challenge an exchange on their security procedures. Its not about my trust in whether the company will run away with my bitcoins. Its about my trust whether the company is even capable to protect my bitcoins from attacks.

If you don't question them, they won't improve, and it will lead to a few people losing their bitcoins before the community learns a lesson. We don't need to learn these lessons first hand - when we have seen what has happened to other exchanges already.

We don't have a duty to help any business grow, we have a duty to make sure that only the right business can grow.

I am not asking anyone to stop questioning them. Was pointing more towards mild accusations.
Rest assured, they will be questioned way way more when the general public gets involved.

[subvolatil]

Hey hey hey Benson , if you are  pointing  at "mild  accusations"  at me.  dont  worry. my  accusation  will start  when  people  start   signing up  with them and  their money and  bitcoins  start  to  disappear. a  firm created  in  secret no verifiable  information,  dont  really  know  who  this  person is. trust is  hard to gain but  like  i  said  before . when people  dont  answer   questions   asked  that  becomes  suspicious.  may be  you  are ok when  people  dont  fully  answer   questions  .  but  not me.

Question  being  avoided and  twisted  are  signs  of  anterior  motives.

There are  alot  of  underlying  problems  to this,  that has not been  cleared  out. the  fact  being  that a  exchange  holding a client  money  basically  turns an  entity into  a   bank,  meaning  that all  withdrawals have a interest amount  attached to it. (RBI norms). if they are  going  as a Trading firm  then  the  SEBI is involved. which  has  more   rules  than a  banking  regulation.  there  are  too many  rules   to   counter  money laundering  in  india. many  are  pointed  to  stop  withdraws of  cash, and   transfer  of   cash  outside  india. 

A exchange  in  india  still  holds  INR in  its   account   for a  client  after  the  sale of  bitcoins .  making  it  a  deposit  felicity .   then  comes  the  problem  of   withdrawing   money  from  the  account   or  the ewallet, and  that  is  prohibited .  this is the  only  thing  that needs to  be  worked  around.  once  this  problem is  solved  then an  exchange  can  operate within  india  without  government  interference, atleast  for  some  time.     

If these problems  have  not  been  solved  by  an  exchange  opening in india, then  the  risk  of this,  being  a  temp operation  is high.   The main  problem, security  of the  site  is not  ensured  and the  people  starting  this  has  a  more or less a carefree  attitude  towards  security ,  showing  verry  little  care  about  the clients  money  that are  going  to  be  entrusted  in them. 

So  Benson if you  call this an  mild accusation then  you are  mistaken, ckz this is an  observation. the  accusation  will come  later on. 

[subvolatil]

Good  initiative,  i will suggest  you  to  start  a  new  post  with a  bounty, and a  legal  disclaimer absolving the  testers  of  legal action. 

Its a  good  step  you have  taken 

+1

[subvolatil]

As far as bounty goes, as i said there is a wallet with my own BTC inside it.
Legal action?? I can assure anyone NOT for time being.
Lets continue the thread.

Hum.. guess  no one  is gona  be willing  to help you out  on this. 

 (-1)
 for lack of  effort.

if  you think someone  is  gona  come  over to this  thread  and  announce  that they  will do a pen  test  for  your  website  without  you  giving  any type  of  legal disclaimer.  you are  sadly  mistaken.  you  efforts  to entrap people  would not  really  work .


Why  do  you  always  respond  to thing  making  it  more  suspicious  and  harder to trust you .  your  comments "I can assure anyone NOT for time being. "  makes you look highly untrustworthy.

[Benson Samuel]

icoinv, do you have any registered users/ deposits on the site as yet?

If yes, would they be able to recommend your work? This may work better towards building your reputation.

[subvolatil]

OK show me a thread of that kind regarding legal disclaimer etc etc, i will just follow those rules.

so  basically  you  want me  to  hand  hold  you  through this  process

icoinv, do you have any registered users/ deposits on the site as yet?

If yes, would they be able to recommend your work? This may work better towards building your reputation.

Hum.... interesting... wonder  what this  may  pan  out.  lets  watch and see.

[ninjarobots]

icoinv, do you have any registered users/ deposits on the site as yet?

If yes, would they be able to recommend your work? This may work better towards building your reputation.

We have registered user, deposit transactions haven't taken place yet. I will try asking the person for feedback anyway.

Now this is interesting... Do you accept cash deposits w/o PAN??

If yes then myself or someone here might deposit.