DaveF (OP)
Legendary
Offline
Activity: 3654
Merit: 6660
Crypto Swap Exchange
|
|
November 17, 2021, 10:13:04 PM |
|
So starting with a quote from myself: ..... Also, on that note. I am surprised that more apps don't have geo fencing on them. Yes you can unlock you wallet with a fingerprint. But you have to be at home to do it kind o thing. There is at least 1 BMS app that I know of that you can only connect to the controller if you are in the area. Surprised more apps / things don't do that. Or if they do exist I have not seen them.
-Dave
It really made me wonder if there is a need for something like that. Or a sub feature of a wallet. If you are are not at home, or in a certain area the most you can spend out of your phone wallet is X if you are in the home area there is no limit. It kind of makes some sense to me. At least with my spending habits. I don't know about anyone else. No real loss of privacy since it could all be controlled from the app itself. Just tag an area and a max range and you're done. Just one more layer of security. Not something I could even being to code, just more of a discussion thing. -Dave
|
|
|
|
suchmoon
Legendary
Offline
Activity: 3836
Merit: 9059
https://bpip.org
|
What would it protect against? Sounds kinda complicated too, and prone to Google/Apple fucking something up and holding your money hostage. Edit: if the attacker has access to your phone they can install a location spoofer so I think geofencing at the wallet level would be useless.
I think it's easier to just treat it like cash and don't keep more money on your phone than you would benjamins in your pocket.
|
|
|
|
DaveF (OP)
Legendary
Offline
Activity: 3654
Merit: 6660
Crypto Swap Exchange
|
|
November 17, 2021, 11:24:33 PM |
|
What would it protect against? Sounds kinda complicated too, and prone to Google/Apple fucking something up and holding your money hostage. Edit: if the attacker has access to your phone they can install a location spoofer so I think geofencing at the wallet level would be useless.
I think it's easier to just treat it like cash and don't keep more money on your phone than you would benjamins in your pocket.
It's not to stop the determined criminals, just if you are out and about and for whatever someone gets access to your phone. Not a professional thief going after your funds more of you unlocked your phone, you opened and unlocked you wallet and then "X" happened. It's just one last line of defense. I was configuring some equipment today and although it did not USE Bluetooth to do anything. I had to be in BT range to do certain things to make sure I was working on the proper unit. I thought of the post I made a few weeks ago and figured it might be worth a discussion. It might also stop this: -Dave
|
|
|
|
suchmoon
Legendary
Offline
Activity: 3836
Merit: 9059
https://bpip.org
|
|
November 18, 2021, 12:06:05 AM |
|
~
Still, I think it's such a narrow use case and basically only protects me from my own idiocy. Not keeping much money on the phone protects against most problems, or if I must (haven't really needed in 7+ years of using bitcoins but whatever) have a larger amount maybe use a separate wallet for it, with a strong password that I won't remember when I'm drunk.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
November 18, 2021, 02:31:52 AM |
|
Honestly, I don't really see any worth in a feature like this... but that's just me and my particular use case. I'm sure someone would appreciate a virtual "Bitcoin Nanny" that stops them from spending all their coins on shoes or boats
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3850
Merit: 6583
Looking for campaign manager? Contact icopress!
|
|
November 18, 2021, 08:46:19 AM |
|
Honestly, I don't really see any worth in a feature like this... but that's just me and my particular use case. I'm sure someone would appreciate a virtual "Bitcoin Nanny" that stops them from spending all their coins on shoes or boats Exactly. @DaveF: everyone here is somewhat right. The problem is not if we need such a feature, we don't. The problem is that here - especially in Dev & Tech - you have the wrong audience for such a question. I would only add that imho the market needs badly a wallet for newbies, packed with a lot of (optional) features like this (whether we find them useless or useful), with a lot of explanations and fences so the user cannot "hurt himself" while he is learning his way into using bitcoin. If such a SPV wallet is not implemented soon enough the "ultimate" newbie friendly wallet will most probably be a custodial one.
|
|
|
|
DaveF (OP)
Legendary
Offline
Activity: 3654
Merit: 6660
Crypto Swap Exchange
|
|
November 18, 2021, 11:52:48 AM |
|
... I would only add that imho the market needs badly a wallet for newbies, packed with a lot of (optional) features like this (whether we find them useless or useful), with a lot of explanations and fences so the user cannot "hurt himself" while he is learning his way into using bitcoin. If such a SPV wallet is not implemented soon enough the "ultimate" newbie friendly wallet will most probably be a custodial one.
There are already custodial somewhat nanny wallets (Conbase) I was just thinking about how some BMS systems as I said are now geofenced for some features and the networking stuff I was working on needed to be in BT range. For both things it is just about impossible to be working on the wrong unit. For the switches they can't even be programmed without being physically plugged into them. My thought was if I have a cable plugged into it do I really need more security? Their thought is, if you are programming it and walk away to go to the bathroom or something and forget to lock / log out of whatever you are using to program it, it's still secure since you are now out of range. Just that last line of defense. 4 Same here, all your major funds are locked in a HW wallet, but you still have some on a hot wallet on your phone. It's would just be the last little bit of security on your phone. The drunk boat thing was just a bit of humor. It was just a thought, didn't know if anyone else would agree or not. Seems not so much. -Dave
|
|
|
|
Wind_FURY
Legendary
Offline
Activity: 3094
Merit: 1929
|
|
November 18, 2021, 12:35:24 PM |
|
OP, I believe that feature should be implemented for all credit cards/electronic bank cards owned by shopaholics if they’re inside the shopping mall. Hahaha.
But good feature to have for security, and spending limits.
|
| .SHUFFLE.COM.. | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ | . ...Next Generation Crypto Casino... |
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
|
November 18, 2021, 03:56:41 PM Last edit: November 20, 2021, 07:28:02 AM by o_e_l_e_o |
|
You could probably achieve a rudimentary version of this using something like IFTTT or Tasker. Set it up so if you are outside your geofence, or not connected to your home WiFi, or not connected to your Bluetooth device at home, or whatever, and you try to open "wallet app", then it immediately kills "wallet app". Then you simply use "wallet app" for the coins you don't want to be able to spend outside of your home, and use "different wallet app" which is not geofenced for the coins you do want to be able to spend.
You can password protect Tasker so a thief cannot just immediately turn off the command. You could also require both geofencing and another condition (such as connected to home WiFi) to disable the command to get round how easy it is to spoof a location on a phone.
It certainly won't be foolproof by any stretch of the imagination, but it might deter someone long enough for you to recover from seed phrase and send your coins elsewhere.
|
|
|
|
Porfirii
Legendary
Offline
Activity: 1960
Merit: 2428
The Alliance Of Bitcointalk Translators - ENG>SPA
|
|
November 18, 2021, 05:33:36 PM |
|
And what about other use cases apart from increasing security? HCP said that he/she doesn't see any worth on a wallet with geofencing, but many didn't see any worth on Bitcoin a decade ago, maybe just because they weren't inspired in that moment.
Maybe for gamification purpose, in the case of some Pokemon GO sort of app in which you get rewards and/or unlock your wallet in certain moments and places... I don't know, but I see good potential in the OP's question.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
For sure... that's why I said not for me and my use cases. I do like the idea of using Tasker and I had indeed had the same thought as o_e_l_e_o about leveraging it's "geofencing" abilities. It takes the onus off the wallet developer and allows a user who wants it to protect themselves... however, I still don't think there is a huge market for "people with low willpower who need a wallet that stops them from spending". But I do see the "security" side of it... accidentally leave your phone on the table in the cafe? No worries, even if they get it unlocked, they won't be able to spend because the phone isn't in your "geo-fenced" spending area. You'd just have to hope they can't figure out how to crack the wallet and export your seed/keys... which would render any wallet level protection meaningless. I would only add that imho the market needs badly a wallet for newbies, packed with a lot of (optional) features like this (whether we find them useless or useful), with a lot of explanations and fences so the user cannot "hurt himself" while he is learning his way into using bitcoin. If such a SPV wallet is not implemented soon enough the "ultimate" newbie friendly wallet will most probably be a custodial one.
It's a fine line for wallet developers though... If you put too many fences up, even optional ones, users will simply throw their hands up and cry "arrrgh, too difficult" and move on... and if you don't enable those options by default, users generally won't enable them themselves... and then complain "why didn't your wallet stop me from being stupid?" Honestly, it's a lose/lose proposition
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
|
November 20, 2021, 07:37:21 AM |
|
however, I still don't think there is a huge market for "people with low willpower who need a wallet that stops them from spending". I don't know man - we've all got that one friend who wakes up in the morning down $300 with receipts for rounds of top shelf tequila in their back pocket. Any time I was heading out on such a potential occasion, I had a separate card linked to a separate checking account which I would deposit an appropriate amount of money in, so once I hit my limit that was me. If you wanted to do the same with bitcoin, this might be a solution, although I think a better solution would be to keep the bulk of your money on an airgapped wallet or hardware wallet and only transfer what you want to spend to your mobile wallet before you go out. I'm much too old for any such shenanigans now though. You'd just have to hope they can't figure out how to crack the wallet and export your seed/keys... which would render any wallet level protection meaningless. I think that's the bigger issue. Any password or PIN encryption on your wallet is going to be significantly more secure than any geofencing you can set up. If someone is specifically coming after your wallet, then this presents a minor obstacle, and if someone isn't specifically coming after your coins, then your password or PIN would protect them anyway. And in terms of protecting the user from themselves, it only takes a password to unlock Tasker and disable the task, achievable in ~10 seconds, to turn the whole thing off, so is not reliable for someone who already cannot be trusted to manage their money.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3850
Merit: 6583
Looking for campaign manager? Contact icopress!
|
|
November 20, 2021, 09:24:34 AM |
|
It's a fine line for wallet developers though... If you put too many fences up, even optional ones, users will simply throw their hands up and cry "arrrgh, too difficult" and move on... and if you don't enable those options by default, users generally won't enable them themselves... and then complain "why didn't your wallet stop me from being stupid?" Honestly, it's a lose/lose proposition I don't see it like that. I've seen a fair share of programs having "basic" or "advanced" interface or settings when you first start it, then somewhere pretty visible you can always switch between the two. Such a differentiation has a good chance to solve this problem. Of course, it's still not easy to find the best balance - if it would have been easy, it would be already done, I guess. The thing is that the advanced settings should be all there and well thought/implemented so the advanced users will go for this wallet, start suggesting it, start helping the newbies and so on. I mean that only the fences on and off are not enough for the success of such a project. Yeah.. maybe I'm hoping too much after all...
|
|
|
|
DaveF (OP)
Legendary
Offline
Activity: 3654
Merit: 6660
Crypto Swap Exchange
|
|
November 20, 2021, 10:10:27 AM |
|
I didn't originally mean the drunk boat buying / $300 of tequila just more of the security aspect.
As in everything else went wrong bit of security. If you are being held for the $5 wrench attack, they will eventually get all your BTC $50 at a time or have you turn off the geofence or drive you near your home / secure zone.
It's more of how I and and some people I knows spend BTC / crypto in general. And some of them even after a ton of screaming by me still have really poor security.
I have a hot wallet on my phone with more crypto then I should, that's on me and a recognize that. It's being spent, but slowly. But even with that and a fair amount of places I can spend it I really don't spend much crypto when I am outside my home or office.
A little digression here but; I am cheap to a certain extent, and I also use credit cards to my advantage as much as I can. Grocery stores I have a 4% cashback card, gas stations a different 4% cash back, restaurants a different card with 4+% cash back and so on. As of now BTC / crypto does not really get me that. So when I am spending it outside of my home / office is usually going to a friend for something or at the rare location that does take crypto and I only have a card that gives me 2% back there. Many of the people I know are the same way.
So if for whatever reason I am sending out a large amount of BTC / crypto when not at home or work something either went very wrong OR someone has gotten access to my phone and wallet due to MY sloppiness. BUT, there are plenty of users both new and somewhat experienced that do not have great security. This is just another layer for users like them and a bit more security for someone like me, who probably does not need it but it would be nice.
There would be a ton of implementation issues to be sure. But, it seemed reasonable when I posted it.
Like the equipment I was programming that brought this on, I was doing it in a secure facility that you have to go though a front door with a guard and you need a RFID pass to get in and then though a biometric door and another RFID secured door and then get into a locked cabinet. Then you can only program it when you are using a console cable plugged into a PC. I really think that it's overkill to need a BT signal too. But as several people pointed out on a different forum, that is that location. How many of these units are in a more relaxed office setting and although they should be in a locked server room, some tech actually does the initial setup in their cube. So now if the tech goes to the bathroom / get a cup of coffee and forgets to lock their PC you can't screw with the switch routing. I thought it's pointless, but everyone else thought it was a good idea.
-Dave
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
|
November 20, 2021, 10:58:23 AM |
|
And some of them even after a ton of screaming by me still have really poor security. I'm certainly not against the idea, and I think it would be a nice addition even though I would probably never use it personally, but I'm not sure it's a good solution for these people who already have poor security. If they are already keeping too much money on a mobile wallet because they are simply too lazy/naive (and not as a calculated risk as in your case), then their time would be much better spent setting up a better wallet and moving their funds there, rather than trying to apply a band aid to the poor security of their mobile wallet. There's also no way to implement a geofence that makes it anywhere near as secure as a long and complex password, so again, their time and efforts (and therefore your time and effort spent educating them) would be better directed down these avenues rather than setting up a scheme like this. As an aside, a more secure way of achieving the same outcome (you can only spend your coins when in a certain location) would be to set up a 2-of-2 multi-sig with the second signature stored on an airgapped computer in a locked safe in your house, or similar.
|
|
|
|
suchmoon
Legendary
Offline
Activity: 3836
Merit: 9059
https://bpip.org
|
|
November 20, 2021, 12:56:01 PM |
|
You can password protect Tasker so a thief cannot just immediately turn off the command.
Can't they just uninstall it?
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
|
November 20, 2021, 02:43:32 PM |
|
Can't they just uninstall it? Depends on your phone and maybe whether or not you've rooted it. On some versions of various Android OSs you can set an app to have administrator privileges, which will prevent you from uninstalling it the standard way and require a workaround. There are also other apps you can download which will password protect the uninstall feature for all your apps. If you've rooted your phone, you can always push Tasker as a system app and therefore be uninstallable, or even bundle it in to your custom ROM before you flash it. But this all goes back to what I was saying above - this is a complicated and time consuming process for minimal security benefits, when almost everyone would just be better of moving their coins off of their mobile wallet in the first place.
|
|
|
|
n0nce
|
|
November 20, 2021, 05:02:57 PM |
|
Since there has been much discussion on the question if it makes sense or not, I will just say: "there's a market for almost anything". Technically, it is quite easy to implement through the Google and Apple location APIs. On iOS, bypassing location services / spoofing a location is really not as trivial as some may think as well. Regarding something like servers breaking, phone GPS sensor malfunctioning etc., keep in mind you could always have either an emergency passphrase or directly use the seed words to restore that wallet in e.g. BlueWallet or Electrum.
|
|
|
|
Porfirii
Legendary
Offline
Activity: 1960
Merit: 2428
The Alliance Of Bitcointalk Translators - ENG>SPA
|
|
November 20, 2021, 05:42:53 PM |
|
I was just thinking about this thread I read a few days ago and had an idea: what about a wallet which you can configure a spending limit via geofencing?
I received a letter from my bank yesterday telling me that, for my safety, my online banking spending limit was lowered to X€. Maybe it could make sense a Bitcoin wallet that allows you to spend below some limit everywhere, for example, but above that limit only in a certain place or places.
It doesn't sound like a concept difficult for newbies to understand and it may be useful for some people.
|
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1652
Merit: 1901
Amazon Prime Member #7
|
|
November 21, 2021, 08:23:13 AM |
|
It would be very ill-advised to prevent someone from being able to spend all of their coin that is in their wallet unless a criterion is met (being within a geofence) as they could potentially mean the end-user is unable to spend all of their coin. Someone with login access to an iOS device can arbitrarily change the time/date, so it would be trivial to override any $/unit_of_time limitation. It would also be necessary to prevent someone from being able to access their private keys while outside of the geofence, or else an adversary could simply access the private keys and spend the entire unspent UTXO set controlled by a seed.
I do have one solution: The current implementation of iOS allows automation based on certain criteria, including leaving a location and arriving at a location.
If you have a LN wallet on your phone, and a LN node on a home computer, you could create an automation that causes your phone to create a LN invoice that requests x BTC (potentially based on the current price) and sends that invoice to your home computer whenever your phone leaves a particular location. You could also create an automaton that automatically sends the remaining unspent coin whenever your phone arrives at a location.
Separately, you could create a script that approves/pays a LN invoice received from whatever information channel you designate to receive payment requests from your phone, when certain criteria are met. Your script can also automatically receive a transaction from your phone when it arrives to your home geolocation.
If your phone wallet is a LN node with a direct open channel connected to your home computer, moving the coin back and forth will be free. If your phone wallet is bluewallet (a custodial wallet), or does not otherwise have a direct LN channel open with your home computer, you will have to pay tx fees to move the coin back and forth.
|
|
|
|
|