Hello everyone, something bothered me today as I was reading through some new services. I noticed a service called
greenaddress, which boasts 2 of 2 "multisig" wallets. I assumed this was something that could benefit me as I'm quite protective of my bitcoin. I've always wanted to try multisig and this "looked" like an easy adoption tool, then I noticed they had a mobile app.
Boy was I wrong about all of that. First off I tried their mobile app, it didn't work I was running IOS 7.1 and all that happened upon logging in was an error message. It wasn't possible to get pass the pin login. This was offsetting but didn't deter me from trying the site out. The site was alright in general except it didn't run off of HSTS which just screams hackable, not to mention a quick review of their service points towards a central server. So we already have 2 things against them, they use central servers and they released an app without testing it to see if it was working.
Pointing towards that central server is the fact both keys are appointed on their service. No generation appears to be done by the user, us. A quick review of the source code PROVES this. Lets for a second assume these guys are running an honest service. I guess I'm fine with that fact they generate keys, however, I decided to do a little more research on these guys. Their location checked out and their VAT number was alright. So we can assume their a real business and the people behind the service is real or just well hidden. Affirming this I appointed my attention to site, features, and their white paper.
For starters you can look at their name, green address, which is simply an address you can trust without any confirmations because it's orgin from a reputable place. The name is decietful, really it's false security to users. Continuing on I noticed they had an instant confirmation feature, which comes from the idea of a "Green address" (see above). So I tried it out, It didn't work. I did some research on it and found out that for others it didn't work. So really it's just a box on their spend bitcoins page:
http://prntscr.com/3wjezk (*They deleted the picture!!!) . More issues soon surfaced, not being exclusive to their ios app their android app was plagued with bugs and reports of coins going missing. This was alarming to me, almost as if they released green address without any kind of security review or code audit?
Let's focus on what they call a life line for users in their white paper. It stems from a protocol called n-locktime. To make it easy to understand it just means that after a certain amount of time their key "Expires" and is no longer needed to spend funds. A wallet provider is by default not to be trusted, but
greenaddress doesn't want you to be cautious they make it cumbersome to be able to secure your funds. If you focus your attention on what's above about their central server it appears this may not be true. Now I wouldn't claim this without trying. I can attest this feature is cumbersome and requires you to constantly redopsit if you don't want to lost access to your funds forever. Doing this with their buggy interface was like trying to find the needle in the haystack, first I had to 2fa which didn't bother me that much since it's "security" but oh-well. Then it required me to pay another tx fee, I had around
3 bitcoin on the site so that was kinda costly. Finally after losing time and bitcoin I have another day until the whole nlocktime debacle happens again.
These lies and deceit should NOT be ignored. Their site is pretty but there are way too many red flags. I'm warning you some things are not right, an easy google search brings up more problems than positives. Upon my own personal experience I would NOT recommend
greenaddress to anyone. Instead I would use
https://www.coinkite.com , they're a leading innovator in bitcoins terminals, wallets and are supporting multisignature p2sh wallets which I feel are the easiest and most user friendly wallets you could use.
EDIT: I am not part of coinkite, I just recommend their service.
