Fruitwallet (ios wallet) discussion

[gweedo]

You should use multi-sig addresses to make it secure. Or make it so the wallet is encrypt and only using javascript to decrypt it and storing the private keys in local storage. This is way too risky even if you aren't looking to scam but if you get hacked or your hosting takes your Bitcoins then all the users loose their funds. You should research it there are better ways than shared hosting.

We are addicted to security, it is our main priority. The approach we use now is totally secure.
I even gave you my credentials, that means i'm confident about security.
We don't use shared hosting.

Have you tried the app by the way?

If you have access to my coins you don't have proper security and have not researched the best way to do this. Please don't look at coinbase as a model for this. This is a very much a flaw, and way better ways to handle this. Look at wallet services that use multi-sig and using javascript to decrypt and encrypt wallets so you can't have access to the private keys. Learn to use those models. If you continue to use this model I will continue to call you a scam and warn people to not use this.

Do you know any user friendly way to store keys on iphone taking in account that no ios apps can't be downloaded?
Updated. That is why we sign transaction with iphone hardware. But you probably didnt tried that either.

If you have my private keys then I don't care if you signed my transaction on the moon it is insecure. Yes you can use local storage a html 5 api to hold private keys. Remember html 5 is very powerful. But lets now say we don't trust the hardware, well then you can store a public key on your server, I can store a public key on my iphone I can create a transaction that I sign and you then sign, then you push to the network. This would be much more secure than a hosted shared wallet. Shared wallets are the most insecure way of handling user funds.

[1715342073]

1715342073

[1715342073]

1715342073

[fruitwallet]

Insecure to the user from us stealing their money?
If yes, then it is done.
We will not implement any difficult to the end user features, at least for now. Lets keep it simple. There are a lot of wallets that are secure but absolutely unusable
What you say means, that we have to store key in storage, we have to think what to do if user switches to other browser, moves file in the storage, or clears the cache or reset the device or just lose the phone? If user loses the phone, then what? "sorry we don't have your keys, your BTC stuck in the chain". That is the task to my CTO actually, but that sounds not too reliable comparing to what we have now.

Overall.
Just imagine fruitwallet it is like cash in you pocket, a bit risky to keep but convenient.

But don't worry, we will not steal anything and our servers are secured

[gweedo]

Insecure to the user from us stealing their money?
If yes, then it is done.
We will not implement any difficult to the end user features, at least for now. Lets keep it simple. There are a lot of wallets that are secure but absolutely unusable
What you say means, that we have to store key in storage, we have to think what to do if user switches to other browser, moves file in the storage, or clears the cache or reset the device or just lose the phone? If user loses the phone, then what? "sorry we don't have your keys, your BTC stuck in the chain". That is the task to my CTO actually, but that sounds not too reliable comparing to what we have now.

Overall.
Just imagine fruitwallet it is like cash in you pocket, a bit risky to keep but convenient.

But don't worry, we will not steal anything and our servers are secured

Multi-sig is very easy and not difficult to the end user, that is why there should be no answer but to include it. I also don't think you know much about bitcoin from a technical point either from what you are saying.

[BenAnh]

With all the hacks and collapses of exchanges recently, you don't expect people to use the wallet with their money on it for whatever reason. If you'd like everyone to use then open-source maybe an option but not the only one. In this world, no one trusts anyone so it doesn't matter if you're honest. Don't you see a problem of trust which no ones has been able to solve. Even the exchange you've trusted they can collapse the next day and your money is gone not to say a wallet is hacked. Will you guarantee that no one will steal the money and the wallet is so secured that it will never be hacked? And the answer is NO because no one can give such assurance unless you buy an insurance policy to ensure everyone that if it's hacked or you run away with their money then they can always get the money back from the insurance company. Simple prob, TRUST!

Hi BebAnh.
I really appreciate your time spent on typing such a long post.
And I support you in all you've said.

I live in Ukraine. I have seen scammers around. Our country is quite poor and has a lot of bad people. Here we just have to be careful everywhere.
Btw would never keep a lot BTC on MtGox, I don't keep a lot at BTC-e either.

But fruitwallet is a pocket service where you supposed to keep just a small amount that you might need for coffee, dinner or just to withdraw in BTC ATM.

So I would like that people look at us like they look at Bank which takes their money and gives them a plastic card. Bank can be closed any day, but people still use banks despite this possibility.

I can say that we implemented all needed security features including Bank security features. We don't want to be hacked as well as all our users don't want to lose their money

Cheers!

The apps doesn't look bad at all. It has potential but the business model will fail you because what's preventing a big boy to design the same apps and crush you?

[fruitwallet]

Multi-sig is very easy and not difficult to the end user, that is why there should be no answer but to include it. I also don't think you know much about bitcoin from a technical point either from what you are saying.

Agree.
But what will happen if user loses his phone or it got stolen?

[fruitwallet]

BenAnh, gweedo,

Discussed multi-sig with our CTO. He is very optimistic about this. I mean “hierarchical deterministic multisignature” (HDM)
Thank you guys for feedback.
I think to create reddit discussion about business model. Will post a link, you guys are very welcomed.
Want to see which model is more preferable.
If people want multi-sig, we will make multi-sig.

fruitwallet - the most client oriented ios wallet in the world

[BenAnh]

BenAnh, gweedo,

Discussed multi-sig with our CTO. He is very optimistic about this. I mean “hierarchical deterministic multisignature” (HDM)
Thank you guys for feedback.
I think to create reddit discussion about business model. Will post a link, you guys are very welcomed.
Want to see which model is more preferable.
If people want multi-sig, we will make multi-sig.

fruitwallet - the most client oriented ios wallet in the world

I like the design but have not tested out all functionalities. However a great business model is a must to succeed!

[fruitwallet]

I like the design but have not tested out all functionalities. However a great business model is a must to succeed!

Doing our best. Design will probably be improved as well as UX overall.

[gweedo]

Multi-sig is very easy and not difficult to the end user, that is why there should be no answer but to include it. I also don't think you know much about bitcoin from a technical point either from what you are saying.

Agree.
But what will happen if user loses his phone or it got stolen?

Do 2 of 3 you guys have one. Make user write one down and keep one in local storage if they lost their phone they can use your site to get them back.

[fruitwallet]

Do 2 of 3 you guys have one. Make user write one down and keep one in local storage if they lost their phone they can use your site to get them back.

Do you mean the one that user can "get back" will be stored on our server also? Or how can they "get back from our site"?

btw, we made a small demo video http://youtu.be/uhZ6GdEPhys. do you guys like it?

[gweedo]

Do 2 of 3 you guys have one. Make user write one down and keep one in local storage if they lost their phone they can use your site to get them back.

Do you mean the one that user can "get back" will be stored on our server also? Or how can they "get back from our site"?

Nothing will be stored on your server but your private key. So lets walk thru this together. User Alice loss her phone, she wrote down the private key for her back up public key which is used to create the multi-sig address but only requires you to use 2 of those keys. Alice goes to your site and says she lost her phone she A) can make a new account and send the bitcoins their or B) wants to send them to another address she has. Your site should sign either one of those transactions. One she gets that signed hex, she can either sign it on your site WITH Javascript so you don't have her public key and that is easy for the user or Alice being an advance user takes that hex and goes to another wallet to sign it and broadcast it. Then she has her bitcoins and not at once did you have a control over them.

[jbrnt]

Do you mean the one that user can "get back" will be stored on our server also? Or how can they "get back from our site"?

I believe your model involves fruitwallet moving user bitcoins out to addresses that only fruitwallet controls. Gweedo is suggesting you to use 2 of 3 multisig, so fruitwallet have NO control over users' bitcoins.

I think "get back" means you provide a page (preferably an offline tool), so users can easily send those bitcoins off to another address.

[fruitwallet]

yep, thanks! got it. It might need some time to develop, if there are quite a big percent of people who wouldn't use us without this feature, BUT will use us with this feature, then we will implement that

[gweedo]

Do you mean the one that user can "get back" will be stored on our server also? Or how can they "get back from our site"?

I believe your model involves fruitwallet moving user bitcoins out to addresses that only fruitwallet controls. Gweedo is suggesting you to use 2 of 3 multisig, so fruitwallet have NO control over users' bitcoins.

I think "get back" means you provide a page (preferably an offline tool), so users can easily send those bitcoins off to another address.

Get the bitcoins back incase I lose my phone or something like that which would have one of the multi-sig public keys on it

yep, thanks! got it. It might need some time to develop, if there are quite a big percent of people who wouldn't use us without this feature, BUT will use us with this feature, then we will implement that

This isn't a feature, it is safe guard against you or hack against you. This should be mantory of all wallets.

[fruitwallet]

This isn't a feature, it is safe guard against you or hack against you. This should be mantory of all wallets.

I'm just saying from technical point of view. It has to be implemented, then - feature.
But I got you

[jonald_fyookball]

I have not been keeping up with the entire conversation but it sounds like the community has some good suggestions for you... Keep up the development and let us know when the next version is ready. By the way I like the name fruit

[fruitwallet]

jonald_fyookball, agree. Thanks for compliment.

http://www.reddit.com/r/Bitcoin/comments/226dni/we_developed_ios_btc_wallet_which_works/

I think it is a good place to discuss business model.

[gweedo]

jonald_fyookball, agree. Thanks for compliment.

http://www.reddit.com/r/Bitcoin/comments/226dni/we_developed_ios_btc_wallet_which_works/

I think it is a good place to discuss business model.

So the question is: 1. Easy, light and working ios wallet, but maybe a bit risky? 2. Not too easy wallet with holding the keys, which you should not lose? 3. Or just make 2 registration ways. "Easy-to-use" mode and "Paranoid" mode?

Don't say easy or not easy to use, because it is your job as a designer or developer to make it easy and it can be easy. There are other wallets that take on the same technique and do it quite easily. https://www.bitgo.com/

[fruitwallet]

@jbrnt, @gweedo need you help guys.
As I told we are working on secure wallet.

We have some variants how to make secure EASY-to-use mobile wallet:
1. User generates key on the client side, Key saved in device LocalStorage encrypted with 4 digit PIN. User is offered to click backup to save the key encrypted with PIN on our server.
2. User do all stated above, but he is offered to encrypt backup key one more time with additional PASSPHRASE.

If key is backup-ed:
First variant means that we can theoretically steal money, but hackers can't.
Second means that even we will hardly decrypt the key. But he will probably LOSE his key (clearing the cache) and forget PASSPHRASE.

What do you think is the best variant to do it?

[fruitwallet]

@jbrnt, @gweedo need you help guys.
As I told we are working on secure wallet.

We have some variants how to make secure EASY-to-use mobile wallet:
1. User generates key on the client side, Key saved in device LocalStorage encrypted with 4 digit PIN. User is offered to click backup to save the key encrypted with PIN on our server.
2. User do all stated above, but he is offered to encrypt backup key one more time with additional PASSPHRASE.

If key is backup-ed:
First variant means that we can theoretically steal money, but hackers can't.
Second means that even we will hardly decrypt the key. But he will probably LOSE his key (clearing the cache) and forget PASSPHRASE.

What do you think is the best variant to do it?

Don't encrypt with just a 4 digit PIN unless you going to have a huge salt that goes with it that is very random.

I don't know what you are exactly asking? The user generated key should never leave the device, in an unencrypted form, and should be stored on the phone in an encrypted form. That requires the user to unlock.

You shouldn't need to access to the key, the javascript should be able to sign the transaction and you broadcast it for them. Unless you are doing multi-sig then you have them sign the transaction and then you sign the transaction with your own key.

We can technically do all the stuff.
I mean if we store only on device, what if user lose device? or clear cookies. He will not have any way to restore it from our server. right?
So we think probably we can store key encrypted on our server as a backup.

The questions are: Do we need a backup? Crypt one time? Or crypt 2 times?