Bit-Bank: New Online eWallet

[seeARMS @ Bit-Bank]

Bit-Bank is a new online eWallet with a goal of providing a secure, convenient location for users to store their bitcoins.

By storing Bitcoins in our eWallet, they'll be accessible from any internet-enabled device, and may be withdraw to any BitCoin address or another Bit-Bank account (which is free and instantaneous).

Users can generate many BitCoin addresses, which can be assigned names such as public, donations, private, etc. Furthurmore, all users are given a unique URL (such as, for mine: https://bit-bank.org/user/seeARMS) which simply displays your public Bitcoin address.

We have also just released an API, which will hopefully spark more mainstream interest in BitCoins. This API allows developers to query for balances, send bitcoins, query for your receiving addresses, etc.

The next thing we're working on is a shopping cart interface (SCI). This will allow merchants to easily accept BitCoin payments online. I hope to have this complete within the next week or so.

Visit us at: https://bit-bank.org.

If you have any questions/comments about the security, appearance or functionality of the site, please ask away.

[bitlotto]

What do you do for security?

[seeARMS @ Bit-Bank]

What do you do for security?

Basic:
-Force all traffic through https
-Use a VPS for hosting

Databases:
-Store passwords using a secure hashing algorithm + a unique salt
-Store API keys and tokens using a secure 2-way encryption algorithm (with a private key)

Forms:
-Escape input and strip HTML tags to prevent MySQL injection
-Use sessions + tokens (which expire after a short while) to prevent cross-site request forgery
-Check input for proper values for current form

API:
-Escape parameters + strip tags to prevent MySQL injection
-Check parameters for proper values (ie 30-character API key, etc)

[andrepcg]

good work!

one thing i dont like is the design. i think the current design does not fit what the website is about, you need something more modern.

[seeARMS @ Bit-Bank]

good work!

one thing i dont like is the design. i think the current design does not fit what the website is about, you need something more modern.

Thanks for the input - I'll definitely consider switching to a more Web-2.0 design in the future.
That'll be after all the core functionality (including the SCI) is finished, though.

[bitlotto]

The hardest part is reading black on a very dark brown background.

[osmosis]

Your page states..

"A minimal fee of 0.01 BTC gets sent to Bit-Bank to allow the continued use of our services. Other than that, our services are entirely free."

Is this a one time fee, or??

[elk-tamer]

Sign up didn't work for me:

"The requested URL /user/index.php was not found on this server."

[Tril]

It's great to have more of these e-wallet sites.  I like the colors and design.

Bit-Bank needs to build trust.  How do I know the site won't just run off with the funds?  I'd suggest at a minimum, contact info for the company and principals, and a pgp key.  Ideally BBB accreditation, gdcaonline.com accreditation, business registration info for whatever country it's based in.  Posts from long standing community members that they know you and can be trusted.  Optionally a bitcoin-otc.com or ebay rating.  WHOIS should not be privacy protected for this kind of business (but currently is).  Note that even with all this info, the site must build up a reputation over time. 

I should also note one of your main competitors is known for poor customer service (you know who I mean), if you do excel at responsiveness you should do well.

[Raoul Duke]

Sign up didn't work for me:

"The requested URL /user/index.php was not found on this server."

I already told the OP about that bug like 2 weeks ago... It seems he didn't fixed it ;P

[seeARMS @ Bit-Bank]

The hardest part is reading black on a very dark brown background.

I'll definitely consider increasing brightness of the background - it does seem a bit dark.

Your page states..

"A minimal fee of 0.01 BTC gets sent to Bit-Bank to allow the continued use of our services. Other than that, our services are entirely free."

Is this a one time fee, or??

It's a fee which is applied to every withdrawal. Do you think it's a bit too much?

Sign up didn't work for me:

"The requested URL /user/index.php was not found on this server."

I already told the OP about that bug like 2 weeks ago... It seems he didn't fixed it ;P

Ah, I've just fixed that error. @psy, I looked over the code when you first told me of the problem and couldn't find anything visibly wrong with it. However, I just tried registering on a /user page, and it didn't work. Figured out it's because that page is modified by Apache's URL rewriting and this messes with the redirect I set up. The user account did get registered, it just didn't redirect you correctly.

It's great to have more of these e-wallet sites.  I like the colors and design.

Bit-Bank needs to build trust.  How do I know the site won't just run off with the funds?  I'd suggest at a minimum, contact info for the company and principals, and a pgp key.  Ideally BBB accreditation, gdcaonline.com accreditation, business registration info for whatever country it's based in.  Posts from long standing community members that they know you and can be trusted.  Optionally a bitcoin-otc.com or ebay rating.  WHOIS should not be privacy protected for this kind of business (but currently is).  Note that even with all this info, the site must build up a reputation over time. 

I should also note one of your main competitors is known for poor customer service (you know who I mean), if you do excel at responsiveness you should do well.

Thank you.
I've disabled the WHOIS guard. I'll add our contact info, PGP key and company principals in the next few days. I hope to establish a good reputation - I'm trying to be as transparent as possible in order to achieve this.

[Existence]

Site looks good.
Keep up the good work!

[Vod]

The number listed in the whois is from an Indian cell phone?

Very nice looking neighborhood though, according to Google Earth.

[seeARMS @ Bit-Bank]

The number listed in the whois is from an Indian cell phone?

Very nice looking neighborhood though, according to Google Earth.

Really? It's my cell phone.
Area code 905 is for southern Ontario, where I live.

[Vod]

The number listed in the whois is from an Indian cell phone?

Very nice looking neighborhood though, according to Google Earth.

Really? It's my cell phone.
Area code 905 is for southern Ontario, where I live.

I believe you, I just found it odd it was listed on (several) old Indian cell phone registries.

How old are you?

[elk-tamer]

The number listed in the whois is from an Indian cell phone?

Very nice looking neighborhood though, according to Google Earth.

Really? It's my cell phone.
Area code 905 is for southern Ontario, where I live.

I believe you, I just found it odd it was listed on (several) old Indian cell phone registries.

How old are you?

getting a little creepy there Jafm.

[mc_lovin]

The number listed in the whois is from an Indian cell phone?

Very nice looking neighborhood though, according to Google Earth.

Really? It's my cell phone.
Area code 905 is for southern Ontario, where I live.

Sweet!  I'd rather trust a Canadian than.. anyone else!

What sort of insurance does our invested bitcoins have?  If you get hacked and lose all the coins, what says we ever get paid?

[Vod]

How old are you?

getting a little creepy there Jafm.

Nonsense.  In Canadian law, you cannot enter into an agreement with a minor.  If he is under 18 anything you are sending to him is his, and he has no legal liability to give it back.

I asked his age because I don't think he is the owner of the house at that address - meaning he is probably living with his parents.

[elk-tamer]

Nonsense.  In Canadian law, you cannot enter into an agreement with a minor.  If he is under 18 anything you are sending to him is his, and he has no legal liability to give it back.

Are you making up or have you just misread something? A minor, or anyone with diminished mental capacity,  can more easily get out of a contract if it becomes clear they were taken advantage of, but that doesn't mean you can't enter into an agreement with a minor. I'm just basing that on common sense though.

[Vod]

Nonsense.  In Canadian law, you cannot enter into an agreement with a minor.  If he is under 18 anything you are sending to him is his, and he has no legal liability to give it back.

Are you making up or have you just misread something? A minor, or anyone with diminished mental capacity,  can more easily get out of a contract if it becomes clear they were taken advantage of, but that doesn't mean you can't enter into an agreement with a minor. I'm just basing that on common sense though.

Not making it up, and I just verified.  In Canada (and the US) you need to have reached the age of majority to have competence to contract.