AvL42
|
|
December 03, 2012, 05:54:23 PM |
|
I just withdrew 0.01BTC from my instawallet to someone else, and was surprised to see that you paid another 75% (0.0075 BTC) for miner fees! Now, I thought the minimum retrieval amount of 0.01 was exactly to avoid any miner fees at all, so I guess this might be a bug, which I hereby report. (To be clear: this "bug" is entirely irrelevant for my own money. It's instawallet's money that I think got spent too much to the miner, and I'm merely worrying on instawallet's behalf ;-) https://blockchain.info/tx/69e47b21d626827d30cfc76235755350767faa9c1831a56023274aae38de5d6a?show_adv=true
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
December 03, 2012, 08:36:41 PM |
|
Free transactions they said! Your case is a little extreme, we usually don't pay much fees because we can usually send aged coins even if you withdraw what you deposited 20 minutes earlier. But yea, the transaction sending code could use a little love, to bundle small transactions together for example.
|
|
|
|
MemoryDealers
VIP
Legendary
Offline
Activity: 1052
Merit: 1155
|
|
December 06, 2012, 06:13:40 AM Last edit: December 13, 2012, 12:40:45 PM by MemoryDealers |
|
Is instawallet under some kind of attack?
As I watch the site, the number of wallets is increasing faster than my eye can follow. (Thousands of new wallets per minute)
Also, my recent instawallet deposit was never credited to my wallet.
What is going on?
-------------------------Update-------------------------
Everyone at Instawallet is great and solved this problem very quickly.
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
December 06, 2012, 08:09:52 AM |
|
I'm on it.
|
|
|
|
yossarian
|
|
December 13, 2012, 11:14:29 AM |
|
I just transfered some BTC from instawallet to my clients BTC address. After hitting send, the site gave me an error, something like "oops, something went wrong". The amount was deducted from my instawallet but never showed up on my address/the blockchain.
I'm getting a little nervous here, what's happening? I triple-checked the address before sending, so that shouldn't be the issue.
|
|
|
|
yossarian
|
|
December 13, 2012, 12:44:18 PM |
|
I just transfered some BTC from instawallet to my clients BTC address. After hitting send, the site gave me an error, something like "oops, something went wrong". The amount was deducted from my instawallet but never showed up on my address/the blockchain.
I'm getting a little nervous here, what's happening? I triple-checked the address before sending, so that shouldn't be the issue.
Issue resolved, thanks a lot!
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
December 13, 2012, 08:14:42 PM |
|
With Paymium (operator of Instawallet)' Bitcoin-Central exchange becoming partnered to a Payment Services Provider (PSP), how will this affect Instawallet?
Specifically, let's say I buy a piece of silver bullion and send bitcoins as payment from my Instawallet. And that seller happened to use Bitcoin-Central. Then they cashed out and withdrew the funds via the PSP/bank. But unbeknownst to me the bullion seller was in trouble with the authorities for something and the EU authorities are monitoring each transaction of the seller.
Would that mean the link to my Instawallet might also be shared, and possibly all of my Instawallet transactions be shared with the authorities?
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
December 13, 2012, 09:40:16 PM |
|
With Paymium (operator of Instawallet)' Bitcoin-Central exchange becoming partnered to a Payment Services Provider (PSP), how will this affect Instawallet?
In no way. Bitcoins are and remain unregulated. No reporting requirements are imposed upon Bitcoin-only services, and even if Instawallet is operated by Paymium it remains a Bitcoin-only service. We welcome Tor users on Instawallet. Specifically, let's say I buy a piece of silver bullion and send bitcoins as payment from my Instawallet. And that seller happened to use Bitcoin-Central. Then they cashed out and withdrew the funds via the PSP/bank. But unbeknownst to me the bullion seller was in trouble with the authorities for something and the EU authorities are monitoring each transaction of the seller.
What we would do is pull the data we have from the Bitcoin-Central logs. We'd see a Bitcoin transaction incoming. And that would be it. We keep the strict minimum logs for Instawallet so there's really not much to share. Would that mean the link to my Instawallet might also be shared, and possibly all of my Instawallet transactions be shared with the authorities?
If as a company we get a court order, we have to comply. However : - we can only give what we log, which is, again, not much for Instawallet, - it's quite dubious a court would issue an order to surrender Instawallet data "just to see if the transaction didn't originate from there" The beauty with Bitcoin is that you don't have to trust my word. Your financial privacy is in your very own hands, all the tools are yours to use.
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
December 14, 2012, 03:52:32 AM |
|
No reporting requirements are imposed upon Bitcoin-only services, and even if Instawallet is operated by Paymium it remains a Bitcoin-only service.
But without Instawallet being a separate legal entity I am assuming that if Paymium were to be ordered to turn over any and all records relating to Bitcoin-Central account #nnnnn and those records included a deposit from an Instawallet bitcoin address that those Instawallet records too would need to be turned over, in order to comply with the order.
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
December 14, 2012, 08:21:18 AM |
|
No reporting requirements are imposed upon Bitcoin-only services, and even if Instawallet is operated by Paymium it remains a Bitcoin-only service.
But without Instawallet being a separate legal entity I am assuming that if Paymium were to be ordered to turn over any and all records relating to Bitcoin-Central account #nnnnn and those records included a deposit from an Instawallet bitcoin address that those Instawallet records too would need to be turned over, in order to comply with the order. My interpretation is different. BC really has no way to know whether a deposit came from Instawallet or not. Bitcoin-Central and instawallet are different services. They have no direct connection and communicate to each other only through the Bitcoin network itself.
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
December 24, 2012, 01:43:23 PM |
|
Instawallet's Bitcoin daemon apparently just crashed. Sit tight while it's starting up again. For the record, the Instawallet bitcoin client takes approximately an hour to start up.
|
|
|
|
ErebusBat
|
|
January 09, 2013, 04:24:32 AM |
|
Instawallet's Bitcoin daemon apparently just crashed. Sit tight while it's starting up again. For the record, the Instawallet bitcoin client takes approximately an hour to start up.
Why so long?
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
January 09, 2013, 09:53:19 AM |
|
Why so long?
Because the wallet is massive
|
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2311
Chief Scientist
|
|
January 21, 2013, 10:18:36 PM |
|
Why so long?
Because the wallet is massive ... and because bitcoind's wallet code hasn't been optimized for massive wallets. "patches welcome" (although I think the wallet code needs a complete rewrite, we've learned a lot over the last couple of years and need wallets that are much easier to back up and keep secure).
|
How often do you get the chance to work on a potentially world-changing project?
|
|
|
AvL42
|
|
February 22, 2013, 03:43:58 PM |
|
Recently, I saw a couple of instances (in chat rooms), where people published private URLs of instawallets, sometimes with some dust (less than 0.01 BTC) in it, sometimes empty. I think that newbies could be tricked by referrers to believe that the wallet they arrive at might be theirs, and start depositing money.
I'd like to see Instawallet make it perfectly clear to a user, whether a wallet displayed has just been created anew, or is being "re-visited".
In the former case the wallet should contain all the advisories about about saving it to a bookmark for lack of recovery-procedures (and of course about not sharing the wallet's URL).
If the user goes straight to an existing wallet, then it would be good to "welcome back" him, with an extra note, that if he hasn't previously created that one wallet himself, that it would then probably be unsafe to deposit funds there.
Please let me know, if my concern makes sense to you, or if I might need to clarify it a bit better.
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
February 22, 2013, 07:40:04 PM |
|
Please let me know, if my concern makes sense to you, or if I might need to clarify it a bit better. You are correct that the only secure way to use Instawallet is to use only an InstaWallet (URL) that was assigned to you by the site (which occurs EVERY time you access the URL without specifying any path, i.e,., https://instawallet.org ). If someone passes you some funds with another InstaWallet (URL), you can send the funds to the Bitcoin address to your own InstaWallet but you should never add new funds to that InstaWallet -- it should be treated as having been compromised. If the user goes straight to an existing wallet, then it would be good to "welcome back" The site does give the message: "Only share your bitcoin address, NOT the wallet URL or key, with the public." So if a person gets the wallet URL from elsewhere hopefully that person can realize that a problem exists.
|
|
|
|
AvL42
|
|
February 22, 2013, 08:03:53 PM |
|
Please let me know, if my concern makes sense to you, or if I might need to clarify it a bit better. You are correct that the only secure way to use Instawallet is to use only an InstaWallet (URL) that was assigned to you by the site (which occurs EVERY time you access the URL without specifying any path, i.e,., https://instawallet.org ). If someone passes you some funds with another InstaWallet (URL), you can send the funds to the Bitcoin address to your own InstaWallet but you should never add new funds to that InstaWallet -- it should be treated as having been compromised. If the user goes straight to an existing wallet, then it would be good to "welcome back" The site does give the message: "Only share your bitcoin address, NOT the wallet URL or key, with the public." So if a person gets the wallet URL from elsewhere hopefully that person can realize that a problem exists. The problem is, that bad guys in chat-rooms redirect newbies to "compromised" instawallets, labelling the links merely "Instawallet", thus tricking newbies into believing it was a new one. Since they typically use short-url services, it often really isn't obvious to the user where the link actually went to. Open your own wallet in one tab, and create a new wallet in a second tab: except for the identifiers, (and the balance) there's nothing that would tell one, if it is a newly created or a used wallet. So, to protect newbies from accidentally "adopting" a compromised wallet, the wallet-page itself should use specific wording like "welcome to your new wallet" versus "welcome back to your w." in big letters on top and explain, that if the "welcome back" sounds unexpected, then it definitely *is*. Also, there must definitely be no way to re-trigger the "new"-tag through crafted URLs, either. I hope the problem became clear, this time.
|
|
|
|
giszmo
Legendary
Offline
Activity: 1862
Merit: 1114
WalletScrutiny.com
|
|
February 23, 2013, 10:39:32 AM |
|
Oh this really looks like a big problem. I could advertise instawallet.org and claim there was some sort of referral program. You get 0.01Ƀ if you use my referral link: <a href=instawallet.org/w/myAddressBook43>instawallet.org/referrer/Giszmo</a>. The problem is the attacker could even use some new addresses here but generate them himself and send the "referrer reward" only seconds later. I think instawallet.org should definitely distinguish between deep link and generated url. I really feel sad for all the noobs that were and will get scammed This attack works with all the users that take help to get started no matter what wallet but with instawallet it is easier. I sold many people bitcoins that had no clue about bitcoin and could have easily installed them my wallet for their use without them noticing that now I will have access. I think the minimum instawallet should do is to show a creation time stamp of that wallet with some advice that if the user feels like he might have started using it later, he better should move on to a new wallet. Moving on to new wallets is actually a good advice to just about every user.
|
ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology) WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
February 23, 2013, 07:36:07 PM |
|
This is a simply problem that should have a simple fix. The URL https://instawallet.org should be set up as a landing page, populate with simple content and one button. Upon clicking the button, the familiar page, or similar, we now see would then appear showcasing the new wallet with 0 bitcoins, whereupon the newly generated URL will be the address of the user's new online wallet. Currently, as it is set up now, there is no instawallet.org page one can visit. This simple change would take very little effort. Problem solved! ~Bruno K~
|
|
|
|
giszmo
Legendary
Offline
Activity: 1862
Merit: 1114
WalletScrutiny.com
|
|
February 23, 2013, 08:08:10 PM |
|
This is a simply problem that should have a simple fix. The URL https://instawallet.org should be set up as a landing page, populate with simple content and one button. Upon clicking the button, the familiar page, or similar, we now see would then appear showcasing the new wallet with 0 bitcoins, whereupon the newly generated URL will be the address of the user's new online wallet. Currently, as it is set up now, there is no instawallet.org page one can visit. This simple change would take very little effort. Problem solved! ~Bruno K~ The problem is not the experienced user but the noob. You could still trick a noob into believing that <a href=instawallet.org/w/myAddressBook43>instawallet.org/referrer/Giszmo</a> is a referral link.
|
ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology) WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
|