Undo button for transactions

[fiulpro]

An Israeli Firm Claims that they have recently developed an undo button for all Bitcoins transactions. Apparently their main goal was to tackle problems related to human errors , but then again what am scared about is , how people will use it , it can very easily be used for scamming people .


https://cointelegraph.com/news/israeli-blockchain-startup-offers-undo-button-for-bitcoin-transactions

Apparently 18% people reported loss of Funds due to human errors , thus this might serve great for them . Retrievable Transfer , as they are calling it would give the sender the power to retrieve the amount until the right code is provided by the receiver. My take on this : they are somehow using a password which needs to be provided by the receiving party and this might be super helpful in places which involves transactions of very high Amounts .

The person Aims at making these transactions as safe and secure as online banking source claims , but they are already more secure , they are just gonna add one more feature now .

It's going to be free till a transaction of 1000$  , so before you strike a deal , be careful :3 Ask about everything someone might use it in not so good way .

Amazing innovation by the way , lets see if it works ..

[JeromeTash]

Most wallets have this feature, It's inform of a password or fingerprint authentication from the sender's wallet software. All the major wallets i have used be it electrum, Jaxx, Trust Wallet all ask for password or confirmation shortly before sending funds. This is the time someone can avoid sending money to a different address by mistake.

[o_e_l_e_o]

So, after poking around on their support pages for a bit (https://kirobo.io/support/), it seems that it works like this:

I first sign and broadcast a transaction sending coins from an address to I own to another address I own, called the "safe address".
I then sign a second transaction sending the coins from the "safe address" to the recipient.
This second transaction is encrypted with a password I choose, and Kirobo store the encrypted transaction on their servers.
I send the password to the recipient, who logs on to Kirobo's site and enters the password, which then decrypts and broadcasts the signed transaction.
At any point before that happens, I can reclaim my coins from the "safe address", rendering the encrypted transaction invalid.

All-in-all, it seems like a massively over-engineered solution for the problem of not double checking the address you enter. Why would I go through all this effort when I could instead just spend 10 seconds to make sure the address is correct? Not to mention that your transaction is now entirely dependent on a third party.

[dunfida]

All-in-all, it seems like a massively over-engineered solution for the problem of not double checking the address you enter. Why would I go through all this effort when I could instead just spend 10 seconds to make sure the address is correct? Not to mention that your transaction is now entirely dependent on a third party.

Was actually trying to say the same stuff on why the hell i would go to all of those process if you can just simply check the address carefully before sending out and
most wallets now do have that verification like input password or some sort before you do able to send such fund on other wallets. Getting rid of human error
is somewhat impossible no matter how you do made up some changes and also this one isnt really that relevant nor needed at all. Its too hassle on my part
or pretty sure in most people too.

[hatshepsut93]

So, after poking around on their support pages for a bit (https://kirobo.io/support/), it seems that it works like this:

I first sign and broadcast a transaction sending coins from an address to I own to another address I own, called the "safe address".
I then sign a second transaction sending the coins from the "safe address" to the recipient.
This second transaction is encrypted with a password I choose, and Kirobo store the encrypted transaction on their servers.
I send the password to the recipient, who logs on to Kirobo's site and enters the password, which then decrypts and broadcasts the signed transaction.
At any point before that happens, I can reclaim my coins from the "safe address", rendering the encrypted transaction invalid.

All-in-all, it seems like a massively over-engineered solution for the problem of not double checking the address you enter. Why would I go through all this effort when I could instead just spend 10 seconds to make sure the address is correct? Not to mention that your transaction is now entirely dependent on a third party.

Sending coins to your own address is really redundant, especially at the times of high fees, why not just mark existing outspent outputs on a wallet level as "safe outputs" and use them for this feature. It's also possible to cut the middleman and make some software that takes payment request, creates signed transaction and then the user sends unbroadcasted transaction to the merchant, who validates it again and broadcasts if it's all good.

But even now you can just a use bitcoin: urls to avoid copypasting addresses if that is the problem.

And I think most of the time people do transactions by mistake if they do something like taking addresses from their transaction history instead of going to the service and copying the address provided there, so in such scenario there's still a room fore error even with the setup of this startup.

[dkbit98]

Very complicated.
Much easier solution would be to have some easy way to double check and confirm address of recipient before sending.
One way would also be to save this address in wallet addressbook before sending it.

[o_e_l_e_o]

Sending coins to your own address is really redundant, especially at the times of high fees, why not just mark existing outspent outputs on a wallet level as "safe outputs" and use them for this feature.

I assume they did this so you don't have to lock up entire UTXOs. If I have an output of 1 BTC, and I use this method to sign and encrypt a transaction to you for 0.02 BTC, for example, then the other 0.98 BTC can't be spent until you claim your 0.02 or else it renders the original transaction invalid. It also gives a clear way to "cancel" a transaction, by sending the coins from the "safe address" back to the original address. I do agree the whole set up is needlessly complicated, though.

It's also possible to cut the middleman and make some software that takes payment request, creates signed transaction and then the user sends unbroadcasted transaction to the merchant, who validates it again and broadcasts if it's all good.

Any good wallet which lets you sign a transaction and then save it rather than immediately broadcasting it could do this.

There's also room for this to be abused. If you send me a password, I can claim the password didn't work and you must have made a typo. So you make a second transaction and send me the password, and then I claim both transactions at once if you have forgotten to cancel your first one.

[Upgrade00]

Much easier solution would be to have some easy way to double check and confirm address of recipient before sending.

Double checking an address would literally take a couple of seconds to do and depending on the device you're on, you can open two tabs and compare both addresses directly, rather than having to check the first and last characters.
Using Bitcoin comes with responsibility as the individual decide to be their own bank.

A third party service to facilitate transactions would come with challenges as the system is no longer trustless and you have to depend on them in addition to the bitcoin network.

[dkbit98]

Double checking an address would literally take a couple of seconds to do and depending on the device you're on, you can open two tabs and compare both addresses directly, rather than having to check the first and last characters.
Using Bitcoin comes with responsibility as the individual decide to be their own bank.

I am talking about newbies that don't know anything about crypto addresses.
Wallet address book is not third party.
Just let someone send you his address, then you save it in your wallet address book, and then send coins from there.
Much lower % of mistake that way.

[XCANA]

Very complicated.
Much easier solution would be to have some easy way to double check and confirm address of recipient before sending.
One way would also be to save this address in wallet addressbook before sending it.

This should be the sure way to handle thus and not using complicated logic. The processes involved in this findings from Israel are much that we can't comprehend easily. I. An also see the issue of security with the way they handle the undo button transactions. Personally, anytime I want to execute transactions from my wallet, I always ensure before broadcasting I do double check before finally releasing the transaction to the recipients wallet. This is as simple as A & B, so why the hard way.

[seoincorporation]

The problem with the undo button on the transactions is that lot of people could use it to scam other users. Let's say you buy an iPad and you pay with bitcoin, if there was a undo button you can push it after buying the ipad. and end with the ipad and the money back.

And the main problem with the chargeback is the abuse while buying money. What happen if you buy 5 ETH and then change back the bitcoins. You would easy double your money.

To implement a feature like this you need someone to validate what transactions are real and what transactions are fake, and that is impossible to implement on a decentralized project.

[kawetsriyanto]

The problem with the undo button on the transactions is that lot of people could use it to scam other users. Let's say you buy an iPad and you pay with bitcoin, if there was a undo button you can push it after buying the ipad. and end with the ipad and the money back.

It shouldn't work like that. Even there is an undo button, it is better to process manually, not automatically. Automatic transaction cancellation will lead a manipulation on buying or end with scamming the seller. Also, there should be terms and conditions to be allowed for cancellation or undo. There should be a time limit, so people cannot undo anytime. In this way, there is no one scamming others like the example you stated above.

[Oceat]

What's with the deal on this undo button when you can go look straight and spend a few seconds looking at the address where you wanna send it? Electrum itself has this kind of putting your password first before sending so it will make you think twice if you are sending the amount to the correct address. Who's idiot that's gonna send straight their money without looking where it should go? I think this is beyond human error if that's going to happen, I mean could be drunk or something?

[coupable]

What's with the deal on this undo button when you can go look straight and spend a few seconds looking at the address where you wanna send it?

After reading op, your question is the best reply for this ambiguis feature.
Did the creator of this feature think about the scam possibilities that can happen because of this?
Irreversible transactions are one of the greatest options in the bitcoin protocole, so anybody thinking to cross over it, is a potential scammer.

[7788bitcoin]

All-in-all, it seems like a massively over-engineered solution for the problem of not double checking the address you enter. Why would I go through all this effort when I could instead just spend 10 seconds to make sure the address is correct? Not to mention that your transaction is now entirely dependent on a third party.

Even i was wondering what they are talking about, may be these are solutions for lazy ass people or old people and people with disability or people who are careless but majority of the users just need to verify and double verify before sending the transaction and if you are really lazy in copy pasting then most or all of the bitcoin wallets has QR code function and you do not need a third party to hold our funds.

[Sadlife]

Undo button is mostly likely not possible because the transaction is already recorded in the Blockchain ledger that is irreversible unless you have very huge mining power, but that could be considered as 51% attack.
I dont know how they done it but most probably the "Undo Button" is not going to work and fake.

[Kelvinid]

Doubling checking (twice or thrice) is somewhat important rather than to have an undo button. Besides, almost all wallets have final confirmation before it sends to the other address in which this time we can think and see if there is a mistake on the address we are about to send.
Unless that undo button will help you back your money even though it was sent already to the wrong address.

[Darker45]

Most wallets have this feature, It's inform of a password or fingerprint authentication from the sender's wallet software. All the major wallets i have used be it electrum, Jaxx, Trust Wallet all ask for password or confirmation shortly before sending funds. This is the time someone can avoid sending money to a different address by mistake.

This is essentially not an undo button as the funds have not been sent yet, although I think an additional layer or two of confirmation would highly lessen a lot of human errors which are mostly failure to double-check addresses.

Just the same, Kirobo's novel feature could address erroneous transactions which arise from using an old address which turned out to be not anymore accessible by the recipient.  

[pooya87]

there are a couple of serious problems here:
1. it introduces centralization where there were none since the user and the receiver both will depend on a centralized company.
2. that centralization is also the enemy of privacy of both the user and the receiver since they now have to log into a centralized shady company to send/receive bitcoin which will definitely record their IP and digital fingerprint alongside their transactions and all addresses.
3. last and the most important is that it doesn't even solve the problem it set out to solve (human error). the user can still send coins from the "safe address" to a wrong but similar looking address and receiver can also still make the mistake of thinking that similar looking address is his.

a much simpler but a lot better solution would be a wallet that has some sort of secure channel for communication between the two parties. for example it could use PGP where the user adds the pubkey of the receiver (utilizing Web of Trust) and then receiver sends his address in a PGP signed message which his wallet checks its authenticity before letting user make any payments to it.
this could also happen offline, for example the raw transaction to be signed could have the PGP signature instead of an empty scriptsig which the offline wallet uses to verify the receiving address then signs the transaction.

in this design no centralized shady service is needed and everything happens 100% peer to peer and is a lot safer.

[20kevin20]

All-in-all, it seems like a massively over-engineered solution for the problem of not double checking the address you enter. Why would I go through all this effort when I could instead just spend 10 seconds to make sure the address is correct? Not to mention that your transaction is now entirely dependent on a third party.

Am I missing something or is this basically a quite crappy replacement of the "Replace-By-Fee" function some wallets like Electrum have, but non-trustless and if RBF had a timer for you to cancel the tx at any point? I guess RBF could be implemented in such a way to be used as a "tx cancelling" function with a very simple 2-step process and, in the end, you do not even need any third party account to do so.