Wallet in messengers. Your opinion.

[777th]

I'm making wallet as a service in messengers. First prototype I'm going to make for Telegram.

What do you think about following issues:

1. possible security holes/issues/problems
2. potential use cases. Here most valuable information will be
  a) how many transaction do you usually make
    - one in a month or less
    - several in a month
    - several in a day
  b) how do you send tokens
    - through exchange
    - peer 2 peer
    - from my wallet
      - offline wallet
      - online wallet
  c) have you buy something for coins? What was that?
3. what problems do you have (if any) using current methods of sending coins/tokens.
4. Anything else what bothers you?

Thanks to view this post.

[bob123]

I'm making wallet as a service in messengers. First prototype I'm going to make for Telegram.

What do you think about following issues:

1. possible security holes/issues/problems

The most concerning issue i see is the storage of the private keys.
Where would they be stored in your service?

Probably on the same server where your bot (i assume thats a simple telegram bot?) is running ?
In this case, it is not a truly viable option since you (or anyone else who has access to the server) has access to the private keys.

The motto should always be to be your own bank. So unless you find a way to locally store the private keys on the mobile phone and integrate the wallet into telegram, i don't really regard it as a 'wallet'.


I appreciate your dedication to help pushing the adoption of BTC forwards, but this concept has one single point of failure, your server (unless i missunderstood your short description).

[777th]

Of course "the easiest way" is to make an online wallet (i.e. own a server). This way allows to validate hypotheses that this kind of service has some additional value to users.

But I like the way of how Jan explains his view on features a wallet have to have (https://bitcointalk.org/index.php?topic=37709.0). I mean that there should be several type of wallets, with small sums for easy use and less secure, medium and passphrase and/or 2FA, rest with the most secure way of storage.

So messenger version is for "small" one. But I also digging/thinking to implement features like word seed, passphrase, 2FA. For instance how this is done in Elecrtum or other wallets. Seems like it is possible.

[bob123]

Of course "the easiest way" is to make an online wallet (i.e. own a server). This way allows to validate hypotheses that this kind of service has some additional value to users.
~snip~
So messenger version is for "small" one. But I also digging/thinking to implement features like word seed, passphrase, 2FA. For instance how this is done in Elecrtum or other wallets. Seems like it is possible.

Using an online wallet does not directly mean that the provider of the service has access to the private keys.
Take blockchain.info for example. The seed is being encrypted with a password and is stored on their server (encrypted).
Each time you login, the browser downloads the wallet file, decrypts it with your password, and you can locally(!) sign transactions.

With your telegram bot, the seed has to be on your server unencrypted(!), which allows you (or anyone else) to have access to the private keys.

So, IMO that is not even suitable for 'small' amounts, since you have full control over the users funds. A passphrase won't change anything.
And you won't be able to encrypt the seed, since the transactions need to be signed on your server -> you will have access to the unencrypted private keys.

And it is not just that you (personally) have access to the private key, the user would have to trust you that you know how to properly secure the server so that no attacker can gain access to all of the private keys / seeds stored there.


For a proper wallet inside a messenger, you would need to build your own messenger which has the functionality to store a seed and sign transaction itself.
Using bots to create such kind of a wallet service unfortunately is no viable option for any (halfway-) security-concerned user.

[pooya87]

sorry but i don't see the point of  something like that specially if you are talking about using tokens/altcoins.
for example why would i want to store my coins on a third party centralized Telegram bot where i can store them in a desktop wallet or even a web wallet like MEW? and if i needed to make a payment i just open my wallet and make the payment.

the only reason why something like that could be useful is for tipping. something like the TipBot on Reddit which wouldn't exactly be a wallet but a centralized setting where people have balances and can transfer it inside that centralized server's database no on chain.

[xIIImaL]

Already some ICO projects making the messenger kind dapps website in some places. This is actually a good idea and if there is any big investor is have the idea to open up the social media kind of social messenger it will be work out for here.

Hopefully like on telegram we may have the more option like send and receive the ERC20 token and ethereum. It will be work well and project will be superhit in this crypto currency market.