[ANN] b1txr

[sowbug]

I'd appreciate some help testing a site I built this weekend.

/]b1t[Suspicious link removed] lets you receive email address at your Bitcoin address. For example, if you control 1ABCdefghijklmnopqrstuvwxyz, then you can read the mail at the inbox 1ABCdefghijklmnopqrstuvwxyz@b1t[Suspicious link removed] (and, of course, anyone can send to that address). I extended bitcoin-ruby to add compact-signature key recovery, which both lets you prove ownership of a given Bitcoin address and replaces username/password sign-in completely on the site.

The use case I was mainly thinking of was something like Mailinator, but where you would know that you and only you could read mail at a given address. If the site catches on, however, it could become a de facto place to ping someone whose public Bitcoin address you know.

The site is new and not well-tested. Some of the caveats:

• As with all webmail, you must trust the operator of the site not to read your mail. You don't trust me, so please don't send critical or sensitive email to any address.
• Along the same theme, the site is an experiment and I might shut it down. So for now, don't rely on these email addresses existing for any period of time.
• It's hosted on Heroku with the developer plan. There isn't much storage space, so it'll be pretty easy for the system to be overloaded. Send an attachment of any size and you'll kill the site. Again, don't trust this site with mission-critical email.
• I am very interested in feedback on the sign-in process. I'd like to learn whether Bitcoin signatures could become a viable substitute for username/password-based sign-in flow.
• Finally, to repeat the warning above: please don't trust that this site is in any way secure. The site surely has bugs that might enable others to abuse the site. I'll try to fix those bugs as I learn about them, but at the moment the site isn't well-tested.

Thanks in advance!

[1715185332]

1715185332

[1715185332]

1715185332

[sowbug]

Looks like the earlier post got chewed up by the spam detectors. Anyway, I'd appreciate some testers. Please send email to a Bitcoin address you control at the dot-com address listed in the subject line, and then try signing into the site to confirm that the email arrived. I'd appreciate any and all feedback, particularly on the usability of the sign-in process. Thanks!

[mprep]

This seems fishy. Even the main link got removed I think.

[sowbug]

Perhaps the domain I picked is too short, and it looks like an URL shortener (which I agree automatically looks suspicious). I picked something very short at the expense of readability because I figured all the email addresses (like mine, 1BUGzQ7CiHF2FUxHVH2LbUx1oNNN9VnuC1@b1txr.com) would be unreadable anyway, so they'd always be copied or linked rather than read out loud from person to person.

At least the GitHub issue link survived. If you're a Ruby coder you can take a look at the patch, which I thought was pretty interesting.

I hope that the Bitcoin signing feature gets more popular, because it's really useful. So far the feedback I've gotten on the site from my coworkers and friends has been, basically, "neat site, Mike, but I can't figure out how to sign something in my Bitcoin client." It'll be hard for me personally to improve the usability of the Bitcoin client's signing feature, but I hope that use cases like b1txr's become more commonplace, as they'll drive improvements in the client UI.

[TTBit]

very nice, tried this with the announcement I saw in the press section. I may use it as a throw away service if it forwarded emails to another address.