[ANN] 37Coins - Bitcoin Wallet for 3rd World

[johba]

Hi guys,

I've been working on and off on this idea about banking for the 3rd world. Something like M-Pesa and Kipochi are doing, but more grass-root.

I came up with 37coins.com,  a set of tools to bring SMS Bitcoin wallets via shortcodes to any mobile network. An Android application acts as gateway to the internet, while the clients can use 'dump' feature-phones. The challenge is making compromises to bring as much security as affordable to allow a client on an untrusted network to control the hosted wallet.

What you see is a prototype, it allows sending an receiving Bitcoins. A voice-pin service is in place that validates big transactions, while a onetime token is used for small amounts. Anyone can open a gateway and advertise his number to people, for every transaction through your gateway you'll receive a fee.

I'd be happy if people with old android phones would take a minute and set up a gateway. The more countries there are, the more testing I can do.
The wallet is also an easy way to get people to use Bitcoin, like a friend or your grandma, just send a small amount to their number, and they are in.

Please have a look at the page. Any feedback is very welcome!

Twitter: @37Coins

[rarkenin]

Have you looked into allowing Google Voice accounts to also help? A lot of people have accounts already in use and good standing so an API would help finish bridging this gap.

[lolo25]

Do you even consider  Line or Whatsapp integration?
That would be a killer app!

[monger]

Can you explain security behind this project? I might guess you control actual users bitcoin wallets and android users control them over api. How this can mitigate an evil gateway attack scenario? Why you would choose such kind of gateways instead of paid sms gateways with local numbers. Thank you

[Athanasios Motok]

Hi guys,

I've been working on and off on this idea about banking for the 3rd world. Something like M-Pesa and Kipochi are doing, but more grass-root.

I came up with 37coins.com,  a set of tools to bring SMS Bitcoin wallets via shortcodes to any mobile network. An Android application acts as gateway to the internet, while the clients can use 'dump' feature-phones. The challenge is making compromises to bring as much security as affordable to allow a client on an untrusted network to control the hosted wallet.

What you see is a prototype, it allows sending an receiving Bitcoins. A voice-pin service is in place that validates big transactions, while a onetime token is used for small amounts. Anyone can open a gateway and advertise his number to people, for every transaction through your gateway you'll receive a fee.

I'd be happy if people with old android phones would take a minute and set up a gateway. The more countries there are, the more testing I can do.
The wallet is also an easy way to get people to use Bitcoin, like a friend or your grandma, just send a small amount to their number, and they are in.

Please have a look at the page. Any feedback is very welcome!

Twitter: @37Coins

Wow I really think this is a cool idea! Can I set up a gateway with a home computer or is it just with Android phones?

Also, would a Android phone not hooked up to a carrier still work as a gateway if it has Wi-Fi?

Please PM me when you get the chance.

[johba]

Can you explain security behind this project? I might guess you control actual users bitcoin wallets and android users control them over api. How this can mitigate an evil gateway attack scenario? Why you would choose such kind of gateways instead of paid sms gateways with local numbers. Thank you

thx monger, good question!

the security in the system comes from a shared responsibility model, the gateway verifies the transaction by OTP to prevent number spoofing, the webservice utilizes a voice-PIN system to double-check the gateway. there are more details in the website's FAQ.

[johba]

Wow I really think this is a cool idea! Can I set up a gateway with a home computer or is it just with Android phones?

Also, would a Android phone not hooked up to a carrier still work as a gateway if it has Wi-Fi?

Please PM me when you get the chance.

thx for your pm, I lost track of the forum.

how would you send sms from a home computer? I've chosen Android because it hat existing solutions to run a prototype. I might come up with at api/messaging protocol if this becomes bigger.

wifi is absolutely ok. the android phone essentially translates between sms and tcp-ip. the more there are, the better. but only if they have high availability. now I see that most of the gateways which signed up for the page are offline. very bad experience for the users. I see the gateway as a small business, you run it on a separate hardware and sim, you spread your number and you make profit.

[ajas]

Hi,

I think this is a very nice service. However I have some questions on
the role of the gateways regarding

security:

 I have tested your service and recognised that the request to confirm the
 transaction with a TAN is relayed by the same gateway which
 relays my send- and confirmation-request. So what would hinder the gateway
 to issue transactions on behalf of myself and to respond to your server
 with the correct TAN ?

cost to run a gateway:

 If the gateway not only relays incoming SMS to your server but also sends
 SMSes to the clients, what are the estimated costs to run a gateway and
 how can it be controlled by the OP of the gateway. As far as I see there would
 be costs for any outgoing SMS but incoming fees only for issued bitcoin
 transactions.

EnvayaSMS api:

 running a gateway requires the EnvayaSMS api to be installed.
 On the installation web page I read:

  NOTE: We encourage most people to use Telerivet instead of EnvayaSMS
  (https://play.google.com/store/apps/details?id=com.rivetlabs.sms).
  EnvayaSMS has several known bugs and is not under active development.
  Telerivet requires no technical expertise or server setup, and also contains
  numerous additional features and bug fixes not available in EnvayaSMS.

 can you comment on that ?

 Best regards, A

[johba]

Hi,

I think this is a very nice service. However I have some questions on
the role of the gateways regarding

security:

 I have tested your service and recognised that the request to confirm the
 transaction with a TAN is relayed by the same gateway which
 relays my send- and confirmation-request. So what would hinder the gateway
 to issue transactions on behalf of myself and to respond to your server
 with the correct TAN ?

Hi, thank you for the encouraging words

There is a voice pin system in place, if your daily transaction volume reaches a certain threshold, you will need to create a pin and use it to confirm your transaction. The call is not relayed by the gateway.

Now, I've set this threshold to 40 x tx-fee. It can be argued that this is to much risk, but also that paying a minute of call for each transaction might be to expensive. This needs good fine-tuning, suggestions welcome

cost to run a gateway:

 If the gateway not only relays incoming SMS to your server but also sends
 SMSes to the clients, what are the estimated costs to run a gateway and
 how can it be controlled by the OP of the gateway. As far as I see there would
 be costs for any outgoing SMS but incoming fees only for issued bitcoin
 transactions.

I'm implementing methods to avoid excessive sms. for example it's not necessary to send the balance over and over again if it hasn't changed. for a transaction you need about 3 outgoing sms. That's what the gateway operator should calculate it's fee on.

EnvayaSMS api:

 running a gateway requires the EnvayaSMS api to be installed.
 On the installation web page I read:

  NOTE: We encourage most people to use Telerivet instead of EnvayaSMS
  (https://play.google.com/store/apps/details?id=com.rivetlabs.sms).
  EnvayaSMS has several known bugs and is not under active development.
  Telerivet requires no technical expertise or server setup, and also contains
  numerous additional features and bug fixes not available in EnvayaSMS.

Telerivet is a hosted service, so It wasn't suitable for this purpose. EnvayaSMS is only used in the current prototype and will be replaced by something like an SMS enabled bitcoinJ. It's great work though, and I would like to thank the author for it's effort.

I'm currently working hard on multi-sig transaction support. It will give the shared responsibility model between gateway and server a strong foundation.

[vleroybrown]

Site seems to be down

[ninjaboon]

http://www.techinasia.com/startup-bringing-sms-bitcoin-wallets-singapore/

[maxgeronimo]

Congrats Johba! What you are doing is important, wish you the greatest success.

BTW just a quick thought, would you be able to make this a distributed autonomous organization, each gateway earning coins/shares in it instead of earning bitcoin. Would be a "proof of gateway" based mining.

[bitstock]

It is good,but its future ?

[Bitcoin_70]

New EnvayaSMS gateway trouble:

error: Establishing real-time connection... Error establishing real-time connection: java.io.IOException: null

The Test Connection in EnvayaSMS returns: "Server connection OK!"

[Bitcoin_70]

Same error after fixing a typo in AMP queue name (and a reboot): "establishing real-time connection... Error establishing real-time connection: java.io.IOException:nullnull

Are there any additional log files to check?

[Bitcoin_70]

Fixed and "real-time connection established". I must need reading glasses as it was another typo! Thank you for all the help and quick replies.

[fordlincoln]

How do I deposit after I've gotten this text message ?

[MechanicalArtist]

Do more people have trouble signing up a new gateway?
The links on the page do not work for more than a month now..

[MechanicalArtist]

13 july '14
Problem solved.
Thanks.

[geeuk31]

How do you advertise your gateway, does anybody know on this forum. I'm new to this