Bitcoin Forum
July 19, 2019, 02:50:06 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Greenaddress uses deceptive buissness practices, could cost users millions.  (Read 5255 times)
henrydavidharris
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
June 29, 2014, 09:50:42 PM
Last edit: June 30, 2014, 10:15:01 PM by henrydavidharris
 #1

Hello everyone, something bothered me today as I was reading through some new services. I noticed a service called greenaddress, which boasts 2 of 2 "multisig" wallets. I assumed this was something that could benefit me as I'm quite protective of my bitcoin. I've always wanted to try multisig and this "looked" like an easy adoption tool, then I noticed they had a mobile app.

Boy was I wrong about all of that. First off I tried their mobile app, it didn't work I was running IOS 7.1 and all that happened upon logging in was an error message. It wasn't possible to get pass the pin login. This was offsetting but didn't deter me from trying the site out. The site was alright in general except it didn't run off of HSTS which just screams hackable, not to mention a quick review of their service points towards a central server. So we already have 2 things against them, they use central servers and they released an app without testing it to see if it was working.

Pointing towards that central server is the fact both keys are appointed on their service. No generation appears to be done by the user, us. A quick review of the source code PROVES this. Lets for a second assume these guys are running an honest service. I guess I'm fine with that fact they generate keys, however, I decided to do a little more research on these guys. Their location checked out and their VAT number was alright. So we can assume their a real business and the people behind the service is real or just well hidden. Affirming this I appointed my attention to site, features, and their white paper.

For starters you can look at their name, green address, which is simply an address you can trust without any confirmations because it's orgin from a reputable place. The name is decietful, really it's false security to users. Continuing on I noticed they had an instant confirmation feature, which comes from the idea of a "Green address" (see above). So I tried it out, It didn't work. I did some research on it and found out that for others it didn't work. So really it's just a box on their spend bitcoins page: http://prntscr.com/3wjezk (*They deleted the picture!!!) . More issues soon surfaced, not being exclusive to their ios app their android app was plagued with bugs and reports of coins going missing. This was alarming to me, almost as if they released green address without any kind of security review or code audit?

Let's focus on what they call a life line for users in their white paper. It stems from a protocol called n-locktime. To make it easy to understand it just means that after a certain amount of time their key "Expires" and is no longer needed to spend funds. A wallet provider is by default not to be trusted, but greenaddress doesn't want you to be cautious they make it cumbersome to be able to secure your funds. If you focus your attention on what's above about their central server it appears this may not be true. Now I wouldn't claim this without trying. I can attest this feature is cumbersome and requires you to constantly redopsit if you don't want to lost access to your funds forever. Doing this with their buggy interface was like trying to find the needle in the haystack, first I had to 2fa which didn't bother me that much since it's "security" but oh-well. Then it required me to pay another tx fee, I had around 3 bitcoin on the site so that was kinda costly. Finally after losing time and bitcoin I have another day until the whole nlocktime debacle happens again.

These lies and deceit should NOT be ignored. Their site is pretty but there are way too many red flags. I'm warning you some things are not right, an easy google search brings up more problems than positives. Upon my own personal experience I would NOT recommend greenaddress to anyone. Instead I would use https://www.coinkite.com , they're a leading innovator in bitcoins terminals, wallets and are supporting multisignature p2sh wallets which I feel are the easiest and most user friendly wallets you could use.



EDIT: I am not part of coinkite, I just recommend their service.
1563504606
Hero Member
*
Offline Offline

Posts: 1563504606

View Profile Personal Message (Offline)

Ignore
1563504606
Reply with quote  #2

1563504606
Report to moderator
1563504606
Hero Member
*
Offline Offline

Posts: 1563504606

View Profile Personal Message (Offline)

Ignore
1563504606
Reply with quote  #2

1563504606
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
c5h3ris1253
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
June 29, 2014, 10:26:32 PM
 #2

 Yeah what that guy said in comments. It looks like they're running a large peddling campaign.

 Thanks for bringing this up OP
+1

EDIT: WOW, Green address is peddling like crazy over that post hahah
c5h3ris1253
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
June 29, 2014, 11:04:06 PM
 #3

They're also back peddling on it aswell:

 Look here: http://www.reddit.com/r/Bitcoin/comments/29fdhu/greenaddress_is_using_peddlers_to_hide_bad/

Vintage
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
June 29, 2014, 11:12:02 PM
 #4

Saw this on reddit and it was removed. Did greenaddress get them to remove it cuz this isn't uplifting to them? I'm wondering what they have to say about this.
franky1
Legendary
*
Offline Offline

Activity: 2450
Merit: 1451



View Profile
June 29, 2014, 11:18:59 PM
 #5

im more surprised that people are just throwing money at services they do not know..

maybe i should rent a shop in my town, put the word bank on the entrance and see if the person quoted in the OP would throw $1700(3btc) at me without thinking or checking

rule one of bitcoin. if your not happy throwing X amount at a stranger on the street simply because he said he will look after your money. dont do it online. atleast on the street you can punch him in the face if he runs off

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
c5h3ris1253
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
June 29, 2014, 11:38:45 PM
 #6

im more surprised that people are just throwing money at services they do not know..

maybe i should rent a shop in my town, put the word bank on the entrance and see if the person quoted in the OP would throw $1700(3btc) at me without thinking or checking

rule one of bitcoin. if your not happy throwing X amount at a stranger on the street simply because he said he will look after your money. dont do it online. atleast on the street you can punch him in the face if he runs off

 I couldn't agree more, stick with opensource clients.

 And always

always


always

stay in control of your keys.
henrydavidharris
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
June 29, 2014, 11:47:13 PM
 #7

im more surprised that people are just throwing money at services they do not know..

maybe i should rent a shop in my town, put the word bank on the entrance and see if the person quoted in the OP would throw $1700(3btc) at me without thinking or checking

rule one of bitcoin. if your not happy throwing X amount at a stranger on the street simply because he said he will look after your money. dont do it online. atleast on the street you can punch him in the face if he runs off

 I couldn't agree more, stick with opensource clients.

 And always

always


always

stay in control of your keys.
Lol at reddit censorship, and greenaddress botting downvotes:

http://www.reddit.com/r/Bitcoin/comments/29f6zw/greenaddress_uses_deceptive_buissness_practices/?sort=new


http://www.reddit.com/r/Bitcoin/comments/29fdhu/greenaddress_is_using_peddlers_to_hide_bad/

 It appears reddit has censored the last post, someone saw what was happening and is calling greenaddress out about their botting and spamming tactics.
tryexcept
Full Member
***
Offline Offline

Activity: 195
Merit: 100



View Profile
June 30, 2014, 01:08:32 PM
 #8

I'm glad someone covered this! finally!   Roll Eyes

oh wait, you are full of it! how's your trolling working out on reddit?  Cry

Did you find the code you suggested being malicious? No ?  Shocked

You know, it's all on github!  Wink

https://github.com/greenaddress/WalletCordova

and

https://github.com/greenaddress/WalletCrx

Looking forward to get free code reviews!  Grin

p.s. Someone did mention my username but I didn't get the message (probably username case sensitive vs insensitive), so I only found out about it 12 hours later .. sounds like you are wasting your time anyway.



crazy_rabbit
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
June 30, 2014, 01:27:30 PM
 #9

I've met the guy from Greenaddress.it personally, and he doesn't strike me as trying to use deceptive business practices. Indeed he seems pretty focused on  making a solid product and pretty firm about not wanting to actually be able to hold IE: steal people's money.

So I'm skeptical about OP's claims at best.

more or less retired.
HostFat
Staff
Legendary
*
Offline Offline

Activity: 3178
Merit: 1091


I support freedom of choice


View Profile WWW
June 30, 2014, 01:44:12 PM
 #10

2 days old user that advertises coinkite.com at his first post? Undecided

NON DO ASSISTENZA PRIVATA - The Rock Trading (ref): A good exchange since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
tryexcept
Full Member
***
Offline Offline

Activity: 195
Merit: 100



View Profile
June 30, 2014, 01:56:41 PM
 #11

I don't think this has anything to do with the coinkite guys, simply OP is trying to make it appear as if the Coinkite guys are doing this but I'm pretty sure it is not them.

If I had to guess, I'd say there is someone else behind this trolling.

In case the account gets deleted.

nvK
Sr. Member
****
Offline Offline

Activity: 355
Merit: 250



View Profile WWW
June 30, 2014, 02:04:58 PM
 #12

Rodolfo from Coinkite here, I've seen this posts on reddit a few times. And chat with Lawrence from GreenAddress before, as much as I appreciate the vote of confidence on our product, this posts look like FUD to me.

Don't feed the troll.

It's the bitcoin incentive that makes the "blockchain" technology work, stupid.
Vintage
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
June 30, 2014, 04:55:28 PM
 #13

I don't think this has anything to do with the coinkite guys, simply OP is trying to make it appear as if the Coinkite guys are doing this but I'm pretty sure it is not them.

If I had to guess, I'd say there is someone else behind this trolling.

In case the account gets deleted.


Why point fingers at a random reddit user? There is no proof other than that he agrees with the troll.
tryexcept
Full Member
***
Offline Offline

Activity: 195
Merit: 100



View Profile
June 30, 2014, 05:11:06 PM
 #14

Random? Who said random? not random.

Either malice or incompetence but I really don't care, if you spread FUD you are a troll.

Perhaps the post and the user are only related in that they both spread FUD but otherwise they do look very correlated and hence the guess, feel free to ignore it but I would not be surprised in the least if someone that happily and knowingly does false advertising and spreading FUD on bitcointalk is also capable of doing so on reddit!

Edit: Sorry everyone, i've been feeding the troll sockpuppet

Vintage
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
June 30, 2014, 05:13:50 PM
 #15

Random? Who said random? not random.

Either malice or incompetence but I really don't care, if you spread FUD you are a troll.

Perhaps the post and the user are only related in that they both spread FUD but otherwise they do look very correlated and hence the guess, feel free to ignore it but I would not be surprised in the least if someone that happily and knowingly does false advertising and spreading FUD on bitcointalk is also capable of doing so on reddit!



Well it looks like he is just a fan of another wallet. Of course he would agree with someone who agrees with him. I wouldn't look too much into it. Not everyone uses or likes the same wallet.
tryexcept
Full Member
***
Offline Offline

Activity: 195
Merit: 100



View Profile
June 30, 2014, 05:20:26 PM
 #16

well, if you don't mind I'll wait for someone with no frozenbit history to tell me to not look into this Cheesy

especially given nobody can just go on the frozenbit site and register, it does not work, nor you can find any code on github

 

franky1
Legendary
*
Offline Offline

Activity: 2450
Merit: 1451



View Profile
June 30, 2014, 05:24:43 PM
 #17

So I'm skeptical about OP's claims at best.

the OP, c5h3ris1253 are both sockpuppets of frozenbit.

which im slowly finding out that they too are not going to offer an opensource tool

i guess its a bit of call someone else a bad name to make yourself look good, school playground tactics.

it surprised me more that i told the guy from frozen bit to make some javascriot code (for offline processing) where people can just type in a privkey offline, destination, amount. and it forms a signed TX. (most secure way) and only the signed TX gets sent to a website (pushTX api)

but he semed to think 2 multisigs, google 2FA, username and password was more user friendly..

(silly moronic minds) if you need to supply a service secret info... they then own it!

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
FrozenBit
Full Member
***
Offline Offline

Activity: 242
Merit: 100



View Profile
June 30, 2014, 05:26:42 PM
 #18

 It appears FrozenBit has been brought into this mix somehow. I have greater assumptions of why this is, mostly because greenaddress is pointing fingers.

If this is about what was on the front page of reddit yesterday which I've been messaged about I never clicked on that link and didn't know in detail what it was about. If you respond to bad criticism by feeding the troll you're just hurting yourself. Don't point fingers, instead address it which I haven't seen you do. However, I can assure you we are NOT behind this.

 Anyway I invite you to read about our service http://frozenbit.io, and wait for launch. Since we're both multisig I don't see what you're complaining for. Multisig is about awareness. All of my talks with https://www.BitGo.com have been about spreading awareness not crying when someone comes into the mix who does things a little different. I think you could learn some things from that playbook.

 Anyway the Gist is, don't point fingers and address what this guy is saying. It's not that hard is it?

 Now you can put your finger down.

EDIT: Link to Greenaddress using deceptive buissness practices - https://bitcointalk.org/index.php?topic=670613.msg7587965#msg7587965

EDIT: Link to Greenaddress using peddlers to hide that on reddit - http://www.reddit.com/r/Bitcoin/comments/29fdhu/greenaddress_is_using_peddlers_to_hide_bad/

 However, lawrence appears to be trolling, must not feed trolls.

EDIT: It doesn't matter if they're affiliated with FrozenBit or not. It's a matter of their opinion on what they see above, if you can't take criticism you're in the wrong business.

franky1
Legendary
*
Offline Offline

Activity: 2450
Merit: 1451



View Profile
June 30, 2014, 05:27:24 PM
 #19

well, if you don't mind I'll wait for someone with no frozenbit history to tell me to not look into this Cheesy

especially given nobody can just go on the frozenbit site and register, it does not work, nor you can find any code on github
 

same minds think alike. i have found many "coming soon" sites asking you to supply email usernames and passwords to get updates.

normally just an update subscriber asks for email only..

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
tryexcept
Full Member
***
Offline Offline

Activity: 195
Merit: 100



View Profile
June 30, 2014, 05:30:21 PM
 #20

so the question is, is frozenbit a scam or just incompetent people with stupid childish tactics?

i know what you are going to say: both.

Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!