Bitcoin Forum
March 19, 2024, 05:48:14 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 [10] 11 12 13 »  All
  Print  
Author Topic: New, simple online wallet: www.instawallet.org - no signup required  (Read 28846 times)
AvL42
Full Member
***
Offline Offline

Activity: 216
Merit: 100


View Profile
December 03, 2012, 05:54:23 PM
 #181

I just withdrew 0.01BTC from my instawallet to someone else, and was
surprised to see that you paid another 75% (0.0075 BTC) for miner fees!

Now, I thought the minimum retrieval amount of 0.01 was exactly
to avoid any miner fees at all, so I guess this might be a bug, which
I hereby report. (To be clear: this "bug" is entirely irrelevant for my
own money. It's instawallet's money that I think got spent too much
to the miner, and I'm merely worrying on instawallet's behalf ;-)

https://blockchain.info/tx/69e47b21d626827d30cfc76235755350767faa9c1831a56023274aae38de5d6a?show_adv=true
1710827294
Hero Member
*
Offline Offline

Posts: 1710827294

View Profile Personal Message (Offline)

Ignore
1710827294
Reply with quote  #2

1710827294
Report to moderator
1710827294
Hero Member
*
Offline Offline

Posts: 1710827294

View Profile Personal Message (Offline)

Ignore
1710827294
Reply with quote  #2

1710827294
Report to moderator
In order to get the maximum amount of activity points possible, you just need to post once per day on average. Skipping days is OK as long as you maintain the average.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1007


1davout


View Profile WWW
December 03, 2012, 08:36:41 PM
 #182

I just withdrew 0.01BTC from my instawallet to someone else, and was
surprised to see that you paid another 75% (0.0075 BTC) for miner fees!

[...]

https://blockchain.info/tx/69e47b21d626827d30cfc76235755350767faa9c1831a56023274aae38de5d6a?show_adv=true

Free transactions they said!

Your case is a little extreme, we usually don't pay much fees because we can usually send aged coins even if you withdraw what you deposited 20 minutes earlier.

But yea, the transaction sending code could use a little love, to bundle small transactions together for example.

MemoryDealers
VIP
Legendary
*
Offline Offline

Activity: 1052
Merit: 1055



View Profile WWW
December 06, 2012, 06:13:40 AM
Last edit: December 13, 2012, 12:40:45 PM by MemoryDealers
 #183

Is instawallet under some kind of attack?

As I watch the site,  the number of wallets is increasing faster than my eye can follow.  (Thousands of new wallets per minute)

Also,  my recent instawallet deposit was never credited to my wallet.

What is going on?


-------------------------Update-------------------------

Everyone at Instawallet is great and solved this problem very quickly.

davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1007


1davout


View Profile WWW
December 06, 2012, 08:09:52 AM
 #184

I'm on it.

yossarian
Hero Member
*****
Offline Offline

Activity: 492
Merit: 500


View Profile
December 13, 2012, 11:14:29 AM
 #185

I just transfered some BTC from instawallet to my clients BTC address. After hitting send, the site gave me an error, something like "oops, something went wrong". The amount was deducted from my instawallet but never showed up on my address/the blockchain.

I'm getting a little nervous here, what's happening? I triple-checked the address before sending, so that shouldn't be the issue.

I'm always buying and selling BTC, PM me for details. Rating and GPG-key: http://is.gd/yossarian

Buy and sell BTC via SEPA: https://www.bitcoin.de/r/nrnxg6

Bitmessage: BM-2DAoXPtLdQEnR2iSneCTjpgRPtzXsSAi1m
yossarian
Hero Member
*****
Offline Offline

Activity: 492
Merit: 500


View Profile
December 13, 2012, 12:44:18 PM
 #186

I just transfered some BTC from instawallet to my clients BTC address. After hitting send, the site gave me an error, something like "oops, something went wrong". The amount was deducted from my instawallet but never showed up on my address/the blockchain.

I'm getting a little nervous here, what's happening? I triple-checked the address before sending, so that shouldn't be the issue.

Issue resolved, thanks a lot! Cheesy

I'm always buying and selling BTC, PM me for details. Rating and GPG-key: http://is.gd/yossarian

Buy and sell BTC via SEPA: https://www.bitcoin.de/r/nrnxg6

Bitmessage: BM-2DAoXPtLdQEnR2iSneCTjpgRPtzXsSAi1m
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
December 13, 2012, 08:14:42 PM
 #187

With Paymium (operator of Instawallet)' Bitcoin-Central exchange becoming partnered to a Payment Services Provider (PSP), how will this affect Instawallet?

Specifically, let's say I buy a piece of silver bullion and send bitcoins as payment from my Instawallet.  And that seller happened to use Bitcoin-Central.  Then they cashed out and withdrew the funds via the PSP/bank.  But unbeknownst to me the bullion seller was in trouble with the authorities for something and the EU authorities are monitoring each transaction of the seller.  

Would that mean the link to my Instawallet might also be shared, and possibly all of my Instawallet transactions be shared with the authorities?

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1007


1davout


View Profile WWW
December 13, 2012, 09:40:16 PM
 #188

With Paymium (operator of Instawallet)' Bitcoin-Central exchange becoming partnered to a Payment Services Provider (PSP), how will this affect Instawallet?
In no way. Bitcoins are and remain unregulated.
No reporting requirements are imposed upon Bitcoin-only services, and even if Instawallet is operated by Paymium it remains a Bitcoin-only service.

We welcome Tor users on Instawallet.

Specifically, let's say I buy a piece of silver bullion and send bitcoins as payment from my Instawallet.  And that seller happened to use Bitcoin-Central.  Then they cashed out and withdrew the funds via the PSP/bank.  But unbeknownst to me the bullion seller was in trouble with the authorities for something and the EU authorities are monitoring each transaction of the seller.  
What we would do is pull the data we have from the Bitcoin-Central logs. We'd see a Bitcoin transaction incoming. And that would be it.
We keep the strict minimum logs for Instawallet so there's really not much to share.

Would that mean the link to my Instawallet might also be shared, and possibly all of my Instawallet transactions be shared with the authorities?
If as a company we get a court order, we have to comply.
However :
 - we can only give what we log, which is, again, not much for Instawallet,
 - it's quite dubious a court would issue an order to surrender Instawallet data "just to see if the transaction didn't originate from there"

The beauty with Bitcoin is that you don't have to trust my word. Your financial privacy is in your very own hands, all the tools are yours to use.

Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
December 14, 2012, 03:52:32 AM
 #189

No reporting requirements are imposed upon Bitcoin-only services, and even if Instawallet is operated by Paymium it remains a Bitcoin-only service.
But without Instawallet being a separate legal entity I am assuming that if Paymium were to be ordered to turn over any and all records relating to Bitcoin-Central account #nnnnn and those records included a deposit from an Instawallet bitcoin address that those Instawallet records too would need to be turned over, in order to comply with the order.

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1007


1davout


View Profile WWW
December 14, 2012, 08:21:18 AM
 #190

No reporting requirements are imposed upon Bitcoin-only services, and even if Instawallet is operated by Paymium it remains a Bitcoin-only service.
But without Instawallet being a separate legal entity I am assuming that if Paymium were to be ordered to turn over any and all records relating to Bitcoin-Central account #nnnnn and those records included a deposit from an Instawallet bitcoin address that those Instawallet records too would need to be turned over, in order to comply with the order.
My interpretation is different. BC really has no way to know whether a deposit came from Instawallet or not.
Bitcoin-Central and instawallet are different services.
They have no direct connection and communicate to each other only through the Bitcoin network itself.

davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1007


1davout


View Profile WWW
December 24, 2012, 01:43:23 PM
 #191

Instawallet's Bitcoin daemon apparently just crashed.
Sit tight while it's starting up again. For the record, the Instawallet bitcoin client takes approximately an hour to start up.

ErebusBat
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500

I am the one who knocks


View Profile
January 09, 2013, 04:24:32 AM
 #192

Instawallet's Bitcoin daemon apparently just crashed.
Sit tight while it's starting up again. For the record, the Instawallet bitcoin client takes approximately an hour to start up.
Why so long?

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1007


1davout


View Profile WWW
January 09, 2013, 09:53:19 AM
 #193

Why so long?
Because the wallet is massive

Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652
Merit: 2164


Chief Scientist


View Profile WWW
January 21, 2013, 10:18:36 PM
 #194

Why so long?
Because the wallet is massive

... and because bitcoind's wallet code hasn't been optimized for massive wallets.  "patches welcome"
(although I think the wallet code needs a complete rewrite, we've learned a lot over the last couple of years and need wallets that are much easier to back up and keep secure).

How often do you get the chance to work on a potentially world-changing project?
AvL42
Full Member
***
Offline Offline

Activity: 216
Merit: 100


View Profile
February 22, 2013, 03:43:58 PM
 #195

Recently, I saw a couple of instances (in chat rooms), where people published private URLs of instawallets, sometimes with some dust (less than 0.01 BTC) in it, sometimes empty. I think that newbies could be tricked by referrers to believe that the wallet they arrive at might be theirs, and start depositing money.

I'd like to see Instawallet make it perfectly clear to a user, whether a wallet displayed has just been created anew, or is being "re-visited".

In the former case the wallet should contain all the advisories about about saving it to a bookmark for lack of recovery-procedures (and of course about not sharing the wallet's URL).

If the user goes straight to an existing wallet, then it would be good to "welcome back" him, with an extra note, that if he hasn't previously created that one wallet himself, that it would then probably be unsafe to deposit funds there.

Please let me know, if my concern makes sense to you, or if I might need to clarify it a bit better.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
February 22, 2013, 07:40:04 PM
 #196

Please let me know, if my concern makes sense to you, or if I might need to clarify it a bit better.

You are correct that the only secure way to use Instawallet is to use only an InstaWallet (URL) that was assigned to you by the site (which occurs EVERY time you access the URL without specifying any path, i.e,., https://instawallet.org ).

If someone passes you some funds with another InstaWallet (URL), you can send the funds to the Bitcoin address to your own InstaWallet but you should never add new funds to that InstaWallet -- it should be treated as having been compromised.

If the user goes straight to an existing wallet, then it would be good to "welcome back"

The site does give the message:
"Only share your bitcoin address, NOT the wallet URL or key, with the public."
So if a person gets the wallet URL from elsewhere hopefully that person can realize that a problem exists.

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


AvL42
Full Member
***
Offline Offline

Activity: 216
Merit: 100


View Profile
February 22, 2013, 08:03:53 PM
 #197

Please let me know, if my concern makes sense to you, or if I might need to clarify it a bit better.

You are correct that the only secure way to use Instawallet is to use only an InstaWallet (URL) that was assigned to you by the site (which occurs EVERY time you access the URL without specifying any path, i.e,., https://instawallet.org ).

If someone passes you some funds with another InstaWallet (URL), you can send the funds to the Bitcoin address to your own InstaWallet but you should never add new funds to that InstaWallet -- it should be treated as having been compromised.

If the user goes straight to an existing wallet, then it would be good to "welcome back"

The site does give the message:
"Only share your bitcoin address, NOT the wallet URL or key, with the public."
So if a person gets the wallet URL from elsewhere hopefully that person can realize that a problem exists.

The problem is, that bad guys in chat-rooms redirect newbies to "compromised" instawallets, labelling
the links merely "Instawallet", thus tricking newbies into believing it was a new one.  Since they typically
use short-url services, it often really isn't obvious to the user where the link actually went to.

Open your own wallet in one tab, and create a new wallet in a second tab:  except for the identifiers,
(and the balance) there's nothing that would tell one, if it is a newly created or a used wallet.

So, to protect newbies from accidentally "adopting" a compromised wallet, the wallet-page itself
should use specific wording like "welcome to your new wallet" versus "welcome back to your w."
in big letters on top and explain, that if the "welcome back" sounds unexpected, then it definitely *is*.
Also, there must definitely be no way to re-trigger the "new"-tag through crafted URLs, either.

I hope the problem became clear, this time.
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1105


WalletScrutiny.com


View Profile WWW
February 23, 2013, 10:39:32 AM
 #198

Oh this really looks like a big problem. I could advertise instawallet.org and claim there was some sort of referral program. You get 0.01Ƀ if you use my referral link: <a href=instawallet.org/w/myAddressBook43>instawallet.org/referrer/Giszmo</a>.

The problem is the attacker could even use some new addresses here but generate them himself and send the "referrer reward" only seconds later.

I think instawallet.org should definitely distinguish between deep link and generated url. I really feel sad for all the noobs that were and will get scammed Sad This attack works with all the users that take help to get started no matter what wallet but with instawallet it is easier. I sold many people bitcoins that had no clue about bitcoin and could have easily installed them my wallet for their use without them noticing that now I will have access.

I think the minimum instawallet should do is to show a creation time stamp of that wallet with some advice that if the user feels like he might have started using it later, he better should move on to a new wallet. Moving on to new wallets is actually a good advice to just about every user.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1918
Merit: 1570


Bitcoin: An Idea Worth Spending


View Profile WWW
February 23, 2013, 07:36:07 PM
 #199

This is a simply problem that should have a simple fix.

The URL https://instawallet.org should be set up as a landing page, populate with simple content and one button. Upon clicking the button, the familiar page, or similar, we now see would then appear showcasing the new wallet with 0 bitcoins, whereupon the newly generated URL will be the address of the user's new online wallet.

Currently, as it is set up now, there is no instawallet.org page one can visit. This simple change would take very little effort.

Problem solved!

~Bruno K~
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1105


WalletScrutiny.com


View Profile WWW
February 23, 2013, 08:08:10 PM
 #200

This is a simply problem that should have a simple fix.

The URL https://instawallet.org should be set up as a landing page, populate with simple content and one button. Upon clicking the button, the familiar page, or similar, we now see would then appear showcasing the new wallet with 0 bitcoins, whereupon the newly generated URL will be the address of the user's new online wallet.

Currently, as it is set up now, there is no instawallet.org page one can visit. This simple change would take very little effort.

Problem solved!

~Bruno K~

The problem is not the experienced user but the noob. You could still trick a noob into believing that
<a href=instawallet.org/w/myAddressBook43>instawallet.org/referrer/Giszmo</a>
is a referral link.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
Pages: « 1 2 3 4 5 6 7 8 9 [10] 11 12 13 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!