Private Project: Crypto-Safe.io

[Crypto-Safe]

Hello my friends,

Today I wanted to introduce you to a project I've been working on for a few months and it's finally time to go live with it. I would be happy if you take the time to look at the project
All in all, it's about a Crypto Safe that stores your data in encrypted form (AES-256 block cipher). This includes accounts, passwords, notes and soon also files and bitcoin wallets that you can generate with one click.
If you have any questions about the development or want to know more details, then let me know!

Long story short, here is the website (there is already an iPhone app - an Android app and a Chrome extension will be available soon):
https://crypto-safe.io

iPhone App: https://apps.apple.com/us/app/cryptosafe-your-secure-safe/id1624789739

Thanks and have a nice day!

BTC

[1714817010]

1714817010

[1714817010]

1714817010

[1714817010]

1714817010

[1714817010]

1714817010

[1714817010]

1714817010

[dkbit98]

Sorry, but I would NEVER use your website for storing any of my passwords or bitcoin wallets, and I have good reason for that.
After reading your privacy policy and terms of use, I saw that you can at any time ask users for their personal information like Name, Date of birth, Social media profiles, Phone number, Home or Work address, payment information, etc.
You are collecting all those information along with users IP address and you can share with with any third parties you want...
There is no information about bitcoin wallets you are creating with Bitcoin Core node, but I suspect those wallets are custodial for users, or you have some control over keys.

If I need to use password generator there are great open source alternatives like KeePass and I don't have to send them any of my personal information, same goes for bitcoin wallets like Electrum or my own Bitcoin Core node.

[Crypto-Safe]

Sorry, but I would NEVER use your website for storing any of my passwords or bitcoin wallets, and I have good reason for that.
After reading your privacy policy and terms of use, I saw that you can at any time ask users for their personal information like Name, Date of birth, Social media profiles, Phone number, Home or Work address, payment information, etc.
You are collecting all those information along with users IP address and you can share with with any third parties you want...
There is no information about bitcoin wallets you are creating with Bitcoin Core node, but I suspect those wallets are custodial for users, or you have some control over keys.

If I need to use password generator there are great open source alternatives like KeePass and I don't have to send them any of my personal information, same goes for bitcoin wallets like Electrum or my own Bitcoin Core node.

Thanks for your reply and for checking out the website!
What would you suggest as I can improve the whole thing? Make the code open source?
I copied the privacy policy and terms of use from the Internet and did not write them myself

[dkbit98]

What would you suggest as I can improve the whole thing? Make the code open source?

Sure, making it open source would be much better, but that doesn't mean it's automatically better just because it has open source code.

I copied the privacy policy and terms of use from the Internet and did not write them myself

Amateur move  
Now you could face accusations for plagiarism, so I would suggest that you change that and write your own terms and policy that matches services you are offering.
You can't just copy paste random text stuff found on internet, without single explanation how your service and wallets really works.
Having something like this fully centralized and controlled by single entity is a big NO for me.

[Crypto-Safe]

Sure, making it open source would be much better, but that doesn't mean it's automatically better just because it has open source code.

I'll start with that But just because it's open source doesn't make it better, you're right! Let's see what that brings.

Amateur move  
Now you could face accusations for plagiarism, so I would suggest that you change that and write your own terms and policy that matches services you are offering.
You can't just copy paste random text stuff found on internet, without single explanation how your service and wallets really works.
Having something like this fully centralized and controlled by single entity is a big NO for me.

Haha, yes I never read stuff like that myself. I'm actually just a developer and not a lawyer I'll update the terms of use and privacy policy.
Anyway, thanks for your input, I really appreciate it!

[The Cryptovator]

Not a good idea so far. I don't even store by password and seed phrase on any online device. So how will I use your site to store wallet credentials even its open source? Anything could happen at any time over the internet, so I can't trust a third-party website for storing credentials. Rather than I always use my notebook in real life to store everything related to crypto. So even if I forget credentials my notebook helps to recover my wallets or accounts.

And plagiarism content is an unprofessional move so far. It look like another red sign for users. I am not a fan of that kind of service.

[LoyceV]

Sorry, but

I'm going to be less subtle.

Your entire website is a TERRIBLE idea! First thing I see:

Forget Your Keys & Passwords
We'll securely store them for you.

How about NO? I won't forget my passwords, I won't give any of it to anyone, and I won't trust anyone to keep them for me. Ever!

Storing your passwords with us is much more secure and convenient than other solutions.

This is a lie. Storing passwords with anyone online is not more secure than my current solution.

We use the AES-256 block cipher for encrypting your details securely.
Also activate the 2-Factor authentication for maximum security.

So access to my passwords depends on a third party? Let's not!

I clicked Create Account to see what data you ask, but nothing happened in Tor browser.
If I manually go to https://crypto-safe.io/user/register, I get:

An error occurred during execution; please try again later.

I guess that's for the best. Please don't fix it, the entire concept of your website should never have been created. And that's even without assuming you have bad intentions.

I copied the privacy policy and terms of use from the Internet and did not write them myself

Be honest: did you even read what you copied?

[hugeblack]

What would happen if your site suddenly disappeared?

Every action on your account is logged
We take privacy and security very seriously.

Unfortunately your project will not be supported because you are talking about privacy data collection, storage and yet you don't have a legal/privacy team even you said you didn't write the privacy page yourself.

There is no policy to determine how data is shared, who can delete it, who can view it, what happens if there is a breach and so on.
Making it open source will not help much, but making it self-hosted and with the possibility of the user managing his data.

In general, focusing on privacy is not a commercially profitable thing, so if you are trying to make a profit from your project, it will be a difficult thing.

[arabspaceship123]

Established password managers do the job well so what's different about yours ?

1Password
NordPass
Dashlane
LastPass

I can't trust newbie password websites or established sites. I wouldn't do it but given choices I'd prefer using text files for my private keys. It's easy to upload on storage after it's encrypted on computer. Who'd trust your website it's risky business keeping keys and passwords on devices that don't belong to you.

Hello my friends,

Today I wanted to introduce you to a project I've been working on for a few months and it's finally time to go live with it. I would be happy if you take the time to look at the project
All in all, it's about a Crypto Safe that stores your data in encrypted form (AES-256 block cipher). This includes accounts, passwords, notes and soon also files and bitcoin wallets that you can generate with one click.
If you have any questions about the development or want to know more details, then let me know!

Long story short, here is the website (there is already an iPhone app - an Android app and a Chrome extension will be available soon):
https://crypto-safe.io

iPhone App: https://apps.apple.com/us/app/cryptosafe-your-secure-safe/id1624789739

Thanks and have a nice day!

BTC

[arabspaceship123]

Thanks you mentioned Bitwarden it's 3rd party audited. I didn't see it before. I'm agreeing closed source shouldn't be trusted.

First of all, who's the target of your project? Your project isn't suitable for those who have very serious security/privacy concern or bother use self-hosted software/separate offline computer.

Established password managers do the job well so what's different about yours ?

1Password
NordPass
Dashlane
LastPass

While those cloud password manager has been around for some time, take note all of them are closed-source. Consider BitWarden if you prefer self-hosted/cloud service with better transparency.

[Kakmakr]

Now, just for clarification ...

Are you still going to collect all of that information, even if you say that it was just a mistake by simply re-using a ToS from another site and not reading it?

Also... having the information online will have challenges on it's own... (Keyloggers on the user side, will grab the information when it is captured on your site or Malware can hijack the information when it is send back from your site) <== MITM attack

Are you planning to sell the site, once it is successful ? (Change of ownership will bring more challenges)

[arabspaceship123]

He won't be able to make it successful so it's going to be dropped when his hosting deals expires. It isn't a business it's a hope he's feeling it'll make him money. I can't see him harvesting enough data for selling because it's not going to get far. How's he going to generate hits in the first step ?

Now, just for clarification ...

Are you still going to collect all of that information, even if you say that it was just a mistake by simply re-using a ToS from another site and not reading it?

Also... having the information online will have challenges on it's own... (Keyloggers on the user side, will grab the information when it is captured on your site or Malware can hijack the information when it is send back from your site) <== MITM attack

Are you planning to sell the site, once it is successful ? (Change of ownership will bring more challenges)

[Pmalek]

That's a terrible idea. I have no idea what intentions you have, maybe they are bad, maybe they aren't, but there is no reason to trust a random site with personal information. There are many offline ways to secure seeds and passwords and they should never be stored on someone's server somewhere. Since when did your keys your coins become everyone's keys, but still only your coins? 

Hopefully you can use the feedback from this thread to create something the community will find useful, not privacy and security invasive.

[arabspaceship123]

We don't know his intentions. It's just a random site that's it he hasn't history behind it. Even it's Microsoft or Apple who's putting their private keys on their servers?

We shouldn't trust only because he says it's safe to trust the encryption. It isn't safe we shouldn't trust it.
 

That's a terrible idea. I have no idea what intentions you have, maybe they are bad, maybe they aren't, but there is no reason to trust a random site with personal information. There are many offline ways to secure seeds and passwords and they should never be stored on someone's server somewhere. Since when did your keys your coins become everyone's keys, but still only your coins? 

Hopefully you can use the feedback from this thread to create something the community will find useful, not privacy and security invasive.