Bitcoin Forum
November 12, 2024, 11:51:42 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Private Project: Crypto-Safe.io  (Read 310 times)
Crypto-Safe (OP)
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile WWW
June 03, 2022, 12:01:54 PM
Last edit: June 03, 2022, 12:23:11 PM by Crypto-Safe
 #1

Hello my friends,

Today I wanted to introduce you to a project I've been working on for a few months and it's finally time to go live with it. I would be happy if you take the time to look at the project Smiley
All in all, it's about a Crypto Safe that stores your data in encrypted form (AES-256 block cipher). This includes accounts, passwords, notes and soon also files and bitcoin wallets that you can generate with one click.
If you have any questions about the development or want to know more details, then let me know!

Long story short, here is the website (there is already an iPhone app - an Android app and a Chrome extension will be available soon):
https://crypto-safe.io

iPhone App: https://apps.apple.com/us/app/cryptosafe-your-secure-safe/id1624789739

Thanks and have a nice day!

BTC
dkbit98
Legendary
*
Offline Offline

Activity: 2408
Merit: 7563



View Profile WWW
June 03, 2022, 01:35:04 PM
 #2

Sorry, but I would NEVER use your website for storing any of my passwords or bitcoin wallets, and I have good reason for that.
After reading your privacy policy and terms of use, I saw that you can at any time ask users for their personal information like Name, Date of birth, Social media profiles, Phone number, Home or Work address, payment information, etc.
You are collecting all those information along with users IP address and you can share with with any third parties you want...
There is no information about bitcoin wallets you are creating with Bitcoin Core node, but I suspect those wallets are custodial for users, or you have some control over keys.

If I need to use password generator there are great open source alternatives like KeePass and I don't have to send them any of my personal information, same goes for bitcoin wallets like Electrum or my own Bitcoin Core node.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Crypto-Safe (OP)
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile WWW
June 03, 2022, 01:56:42 PM
 #3

Sorry, but I would NEVER use your website for storing any of my passwords or bitcoin wallets, and I have good reason for that.
After reading your privacy policy and terms of use, I saw that you can at any time ask users for their personal information like Name, Date of birth, Social media profiles, Phone number, Home or Work address, payment information, etc.
You are collecting all those information along with users IP address and you can share with with any third parties you want...
There is no information about bitcoin wallets you are creating with Bitcoin Core node, but I suspect those wallets are custodial for users, or you have some control over keys.

If I need to use password generator there are great open source alternatives like KeePass and I don't have to send them any of my personal information, same goes for bitcoin wallets like Electrum or my own Bitcoin Core node.


Thanks for your reply and for checking out the website! Kiss
What would you suggest as I can improve the whole thing? Make the code open source?
I copied the privacy policy and terms of use from the Internet and did not write them myself Cheesy
dkbit98
Legendary
*
Offline Offline

Activity: 2408
Merit: 7563



View Profile WWW
June 03, 2022, 02:02:56 PM
 #4

What would you suggest as I can improve the whole thing? Make the code open source?
Sure, making it open source would be much better, but that doesn't mean it's automatically better just because it has open source code.

I copied the privacy policy and terms of use from the Internet and did not write them myself Cheesy
Amateur move  Tongue
Now you could face accusations for plagiarism, so I would suggest that you change that and write your own terms and policy that matches services you are offering.
You can't just copy paste random text stuff found on internet, without single explanation how your service and wallets really works.
Having something like this fully centralized and controlled by single entity is a big NO for me.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Crypto-Safe (OP)
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile WWW
June 03, 2022, 02:14:32 PM
 #5

Sure, making it open source would be much better, but that doesn't mean it's automatically better just because it has open source code.

I'll start with that Smiley But just because it's open source doesn't make it better, you're right! Let's see what that brings.

Amateur move  Tongue
Now you could face accusations for plagiarism, so I would suggest that you change that and write your own terms and policy that matches services you are offering.
You can't just copy paste random text stuff found on internet, without single explanation how your service and wallets really works.
Having something like this fully centralized and controlled by single entity is a big NO for me.

Haha, yes I never read stuff like that myself. I'm actually just a developer and not a lawyer Grin I'll update the terms of use and privacy policy.
Anyway, thanks for your input, I really appreciate it!
The Cryptovator
Legendary
*
Offline Offline

Activity: 2394
Merit: 2226

Signature space for rent


View Profile WWW
June 04, 2022, 06:36:49 PM
 #6

Not a good idea so far. I don't even store by password and seed phrase on any online device. So how will I use your site to store wallet credentials even its open source? Anything could happen at any time over the internet, so I can't trust a third-party website for storing credentials. Rather than I always use my notebook in real life to store everything related to crypto. So even if I forget credentials my notebook helps to recover my wallets or accounts.

And plagiarism content is an unprofessional move so far. It look like another red sign for users. I am not a fan of that kind of service.

Signature Space for Rent
LoyceV
Legendary
*
Offline Offline

Activity: 3486
Merit: 17664


Thick-Skinned Gang Leader and Golden Feather 2021


View Profile WWW
June 05, 2022, 07:54:00 AM
Merited by BlackHatCoiner (2), SFR10 (1)
 #7

Sorry, but
I'm going to be less subtle.

Your entire website is a TERRIBLE idea! First thing I see:
Quote
Forget Your Keys & Passwords
We'll securely store them for you.
How about NO? I won't forget my passwords, I won't give any of it to anyone, and I won't trust anyone to keep them for me. Ever!

Quote
Storing your passwords with us is much more secure and convenient than other solutions.
This is a lie. Storing passwords with anyone online is not more secure than my current solution.

Quote
We use the AES-256 block cipher for encrypting your details securely.
Also activate the 2-Factor authentication for maximum security.
So access to my passwords depends on a third party? Let's not!

I clicked Create Account to see what data you ask, but nothing happened in Tor browser.
If I manually go to https://crypto-safe.io/user/register, I get:
Quote
An error occurred during execution; please try again later.
I guess that's for the best. Please don't fix it, the entire concept of your website should never have been created. And that's even without assuming you have bad intentions.

I copied the privacy policy and terms of use from the Internet and did not write them myself Cheesy
Be honest: did you even read what you copied?

▄▄███████████████████▄▄
▄█████████▀█████████████▄
███████████▄▐▀▄██████████
███████▀▀███████▀▀███████
██████▀███▄▄████████████
█████████▐█████████▐█████
█████████▐█████████▐█████
██████████▀███▀███▄██████
████████████████▄▄███████
███████████▄▄▄███████████
█████████████████████████
▀█████▄▄████████████████▀
▀▀███████████████████▀▀
Peach
BTC bitcoin
Buy and Sell
Bitcoin P2P
.
.
▄▄███████▄▄
▄████████
██████▄
▄██
█████████████████▄
▄███████
██████████████▄
███████████████████████
█████████████████████████
████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀

▀▀▀▀███▀▀▀▀
EUROPE | AFRICA
LATIN AMERICA
▄▀▀▀











▀▄▄▄


███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
████████████▀
▐███████████▌
▐███████████▌
████████████▄
██████████████
███▀███▀▀███▀
.
Download on the
App Store
▀▀▀▄











▄▄▄▀
▄▀▀▀











▀▄▄▄


▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀
.
GET IT ON
Google Play
▀▀▀▄











▄▄▄▀
hugeblack
Legendary
*
Offline Offline

Activity: 2688
Merit: 3977



View Profile WWW
June 05, 2022, 09:12:37 AM
 #8

What would happen if your site suddenly disappeared?

Quote
Every action on your account is logged
We take privacy and security very seriously.

Unfortunately your project will not be supported because you are talking about privacy data collection, storage and yet you don't have a legal/privacy team even you said you didn't write the privacy page yourself.

There is no policy to determine how data is shared, who can delete it, who can view it, what happens if there is a breach and so on.
Making it open source will not help much, but making it self-hosted and with the possibility of the user managing his data.

In general, focusing on privacy is not a commercially profitable thing, so if you are trying to make a profit from your project, it will be a difficult thing.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
arabspaceship123
Full Member
***
Offline Offline

Activity: 896
Merit: 193


web developer for hire


View Profile WWW
June 09, 2022, 04:00:37 PM
 #9

Established password managers do the job well so what's different about yours ?

1Password
NordPass
Dashlane
LastPass

I can't trust newbie password websites or established sites. I wouldn't do it but given choices I'd prefer using text files for my private keys. It's easy to upload on storage after it's encrypted on computer. Who'd trust your website it's risky business keeping keys and passwords on devices that don't belong to you.

Hello my friends,

Today I wanted to introduce you to a project I've been working on for a few months and it's finally time to go live with it. I would be happy if you take the time to look at the project Smiley
All in all, it's about a Crypto Safe that stores your data in encrypted form (AES-256 block cipher). This includes accounts, passwords, notes and soon also files and bitcoin wallets that you can generate with one click.
If you have any questions about the development or want to know more details, then let me know!

Long story short, here is the website (there is already an iPhone app - an Android app and a Chrome extension will be available soon):
https://crypto-safe.io

iPhone App: https://apps.apple.com/us/app/cryptosafe-your-secure-safe/id1624789739

Thanks and have a nice day!

BTC

██████████   ARABSPACESHIP 123     سفينة الفضاء العربية ١٢٣   ██████
|  | ||     |   
avatar & signature available to rent   |     || |  |

█████████████████  
Hire me to design your websites   █████████████████
arabspaceship123
Full Member
***
Offline Offline

Activity: 896
Merit: 193


web developer for hire


View Profile WWW
June 16, 2022, 11:30:04 AM
 #10

Thanks you mentioned Bitwarden it's 3rd party audited. I didn't see it before. I'm agreeing closed source shouldn't be trusted.

First of all, who's the target of your project? Your project isn't suitable for those who have very serious security/privacy concern or bother use self-hosted software/separate offline computer.

Established password managers do the job well so what's different about yours ?

1Password
NordPass
Dashlane
LastPass

While those cloud password manager has been around for some time, take note all of them are closed-source. Consider BitWarden if you prefer self-hosted/cloud service with better transparency.

██████████   ARABSPACESHIP 123     سفينة الفضاء العربية ١٢٣   ██████
|  | ||     |   
avatar & signature available to rent   |     || |  |

█████████████████  
Hire me to design your websites   █████████████████
Kakmakr
Legendary
*
Offline Offline

Activity: 3542
Merit: 1965

Leading Crypto Sports Betting & Casino Platform


View Profile
June 17, 2022, 08:05:30 AM
Merited by ABCbits (1)
 #11

Now, just for clarification ...

Are you still going to collect all of that information, even if you say that it was just a mistake by simply re-using a ToS from another site and not reading it?

Also... having the information online will have challenges on it's own... (Keyloggers on the user side, will grab the information when it is captured on your site or Malware can hijack the information when it is send back from your site) <== MITM attack

Are you planning to sell the site, once it is successful ? (Change of ownership will bring more challenges)

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
arabspaceship123
Full Member
***
Offline Offline

Activity: 896
Merit: 193


web developer for hire


View Profile WWW
June 17, 2022, 05:51:26 PM
 #12

He won't be able to make it successful so it's going to be dropped when his hosting deals expires. It isn't a business it's a hope he's feeling it'll make him money. I can't see him harvesting enough data for selling because it's not going to get far. How's he going to generate hits in the first step ?

Now, just for clarification ...

Are you still going to collect all of that information, even if you say that it was just a mistake by simply re-using a ToS from another site and not reading it?

Also... having the information online will have challenges on it's own... (Keyloggers on the user side, will grab the information when it is captured on your site or Malware can hijack the information when it is send back from your site) <== MITM attack

Are you planning to sell the site, once it is successful ? (Change of ownership will bring more challenges)

██████████   ARABSPACESHIP 123     سفينة الفضاء العربية ١٢٣   ██████
|  | ||     |   
avatar & signature available to rent   |     || |  |

█████████████████  
Hire me to design your websites   █████████████████
Pmalek
Legendary
*
Offline Offline

Activity: 2940
Merit: 7550


Playgram - The Telegram Casino


View Profile
June 19, 2022, 08:43:44 AM
 #13

That's a terrible idea. I have no idea what intentions you have, maybe they are bad, maybe they aren't, but there is no reason to trust a random site with personal information. There are many offline ways to secure seeds and passwords and they should never be stored on someone's server somewhere. Since when did your keys your coins become everyone's keys, but still only your coins? 

Hopefully you can use the feedback from this thread to create something the community will find useful, not privacy and security invasive.

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
arabspaceship123
Full Member
***
Offline Offline

Activity: 896
Merit: 193


web developer for hire


View Profile WWW
June 19, 2022, 11:04:11 AM
 #14

We don't know his intentions. It's just a random site that's it he hasn't history behind it. Even it's Microsoft or Apple who's putting their private keys on their servers?

We shouldn't trust only because he says it's safe to trust the encryption. It isn't safe we shouldn't trust it.
 

That's a terrible idea. I have no idea what intentions you have, maybe they are bad, maybe they aren't, but there is no reason to trust a random site with personal information. There are many offline ways to secure seeds and passwords and they should never be stored on someone's server somewhere. Since when did your keys your coins become everyone's keys, but still only your coins? 

Hopefully you can use the feedback from this thread to create something the community will find useful, not privacy and security invasive.

██████████   ARABSPACESHIP 123     سفينة الفضاء العربية ١٢٣   ██████
|  | ||     |   
avatar & signature available to rent   |     || |  |

█████████████████  
Hire me to design your websites   █████████████████
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!