I've registered at your site of escrow service and there's some feedback I'd like to share with you. Unfortunately as a newbie I cannot post on Marketplace forum, so I send you a PM that you may copy&paste in your thread "Bitcoin with paypal Escrow Service":
Thank you , as requested i added it to my topic
1) I would like to buy bitcoins but I don't find any sellers. Does it mean that there are no sellers in the website or that I need to put the price I am willing to pay (like in a dark pool?). If there are no sellers, I kindly ask you to copy this message into the thread and to bump it, since the more people use this service, the easier for me will for be to find sellers.
I've read several times the FAQ and I couldn't find the answer.
to answer this user his questions (and why i post it here)
you can use my service for a safe way betwean buyer/seller
that means that you need to know who want to buy the bitcoins
you give up his email adress in my system ( after you got a account .. create a escrow and fill in his email as buyer )
my system sends you and him a email to inform that a escrow is generated , as soon the buyer register then he will be able to complete the escrow
he will see a payment button that he can use to pay the XX + 5% money to me and as soon that is done the api will mark it as paid
then you get a second email to inform that he paid (or a new escrow is enabled)
you send the user the bitcoins to the bitcoin adress you can see on the escrow page , the user need to press a button as soon he got the bitcoins
as soon he pressed that button then i send the money from paypal to your paypal email you provided on your account when registering
in case the user failt to do this then you can complain ofcourse
you just contact me ( contact page ) and let me know how many bitcoins you sended
i check if you realy sended the bitcoins (it need to match the bitcoin adress on your account .. it is not visible as seller and get only visible as buyer ) and any extra proof is always welcome
if i see that the bitcoins are sended , then i mark it as completed , i take action against the user that failt to complete the process and i complete the payment to your account
in case you never sended the bitcoin like needed , and you dit not press the CANCEL button (seller can cancel at any given time , even if buyer completed his payment ) then the same action will be taken to the seller , and the buyer get his amount refunded
on that way i can eliminate fraude as mutch as possible
because bitcoin is a 1 way sending service will the seller mostly get the money if he can provide any kind of proof (same count for buyer , send me any kind of proof and it can be canceled )
please note , action can only be taken as soon the seller or buyer contacts me by contact form .. so i got all the info i need
thats all for your first question
2)I don't like that the passwords are not hashed. Maybe now it's easier to recover a lost password, but I bet that many (too many!) people will use the same password as in their Paypal account. If someday their computers got hacked, you would have to explain Paypal that even though you had their username and password it wasn't you who hacked their account.
It's great that someone is willing to handle the risk of Paypal chargebacks and defy scammers. I firmly believe that there is a great market for transactions of Bitcoins with Paypal and your service can become something great.
because my service only get used betwean buyer/seller that probaly know each other from 1 of other place or talked to them before is it not needed for me to heavy secure the passwords , there is a few server side security ofcourse and a few script security
the info i got is just a paypal adress (to send payment to if you are seller ) , a email adress ( to get emails of new sales/buys from the persones you contacted and to create a escrow service to the right user) a bitcoin adress ( to send payment to if you are buyer) and a username (verification of the seller to know that it is the right buyer ? a login name ?? )
so basicly the information i got is no more then the information you can already find public
exept the passwords ofcourse , it is not my responsibility that the user use his paypal password , it is just my responsibility that i keep the things safe
as the site itself does not contain any valuable information and does not contains a strengt check does the password encryption not mather mutch
to give a example
do you want use "1" as pass .. who stops you from using that ?
if they get into your account ?? what they find ?
a email .. a paypal and a bitcoin adress ?? (they are not even verified by the system .. so who says that they are valid )
if the database get hacked (it is secured but it can happen) then they still got the same information if they can find the right database (i got more databases on it then just this database)
so at this moment i see no point in securing the accounts more then it is at this moment , it is useless to make logins harder and to add a lot of security to a service that just get used to confirm a payment and that does not even store valuable information (maybe the pass that can be anyhting)
even the emails doesnt have a verification check , as it is not my responsibility that you can not get a email when a seller want to sell bitcoins to you or that you dit not get a conformation that the trade is in the next stage
hopely this explained why it is this way at this moment
it is possible that i tune the script more and more when i got spare time left and when i feel that it is needed to tweak it more
but at this moment i want to keep it as easy as it can be for the seller/buyer
at this moment i going start up a forum topic on my other support forum to support more questions/problems about powerchaos.info (forum is located at http://forum.boosterking.com
please note , that forum get mainly used for boosterking, but it got a ticket system , and a personal corner and soon a forum for powerchaos.info that will contain a review topic , a buy/sell topic and a general question topic
Greetings From PowerChaos