Thanks to everyone for their feedback. We give below a brief description of Unowallet.
How Unowallet works?- When a full Unowallet url is accessed (e.g., uno-wallet.com/wallet/SomeSecretString), the string after wallet/ is used to generate a private key in a deterministic way. The corresponding bitcoin address is then computed. Finally, the unspent outputs for that address are obtained and the balance computed. The wallet literally exists only when the url is open in the user's browser. The server never stores anything (urls/private keys/addresses) after that.
Unowallet only allows https urls, so this string is always sent encrypted over the network. No one except your browser and our server have access to this string. Unowallet accepts any ASCII alphanumeric string of up to 50 characters. If this string is generated truly randomly, there is almost zero chance of someone guessing or bruteforcing it (see next point).
- When bare Unowallet url is visited (i.e.. uno-wallet.com/wallet or uno-wallet.com), a random 50 character string is generated automatically for the user to form a full url. Again, this string never travels over the network unencrypted. Only your browser and our server have access to this in plaintext.
Of course, you are free to use any string after wallet/ as long as you ensure that it is hard to guess. For example, do not use a url such as uno-wallet.com/wallet/SatoshiNakamoto
Recommended way to use unowallet:- Use TOR for added privacy. Our server will not know your real IP address.
- Do not use any proxy servers to access unowallet.
- Always access it from a secure computer (no viruses/browser extensions).
- Always keep the url with you in a safe place. Email it to yourself if necessary.
- Save also the private key so you are not tied to unowallet when spending funds. In fact, save the entire page, which contains all the necessary information.
- Unowallet is designed for those people who need an instant address for receiving funds that they plan to move somewhere else soon afterwards. We do not recommend storing large amount there.
Are my coins really safe in Unowallet?Although Unowallet is one of the easiest and fastest wallets to use (and its free!), it should be used only by people who have some knowledge about Bitcoin and know basic concepts of security. Several things can go wrong and cause you to lose your bitcoins.
What can go wrong? These are some ways in which your wallet/url can be compromised:
- Virus/trojans can capture every url you visit.
- Browser extensions may log urls and forward to 3rd party sites (such as Google) for indexing.
- You use an easily guessable url.
- You use a url sent by (or shared with) someone else.
- You use a url found from a search engine.
We will probably not be able to help you out if you lose funds due to any of the above. Nevertheless, if such incidents happen, please do email us with details.
How is Unowallet different from other 'instant' wallets? In a few ways: (1) Unowallet is entirely stateless. We do not store anything that can be used by an attacker to obtain the private key of a Unowallet address, should our site be hacked.
(2) We also give you the private key to your address when you access a wallet (which you must save!), so you have full control of the funds in that address. (3) Unowallet transactions are 'on-chain'.
What about passwords/2FA/etc? Unowallet does not support passwords or 2FA because it defeats the very purpose of url-based wallets. For those who are troubled with the "url-based-wallet" concept, we have another wallet in the beta-testing phase, called
Unobase. This does authentication via OpenID using a provider such as Google/Yahoo/AOL/etc.
Disclaimer: Unowallet service is provided
AS IS. This implies that we are not liable for any bitcoins you lose via Unowallet, irrespective of whether it is our fault or not.
