[BOUNTY] Electrum Firefox Extension

[ThomasV]

I want a Firefox extension that implements an Electrum client in javascript, and that users can install in one click.
I have no experience writing Firefox extensions, so I guess it is better to find someone else who can do that.

Here is what needs to be done in order to claim the bounty:
 - the client should be able to generate addresses, send and receive coins, show the transaction history.
 - the client should use the Electrum deterministic address generation and mnemonics. It must be able to read/write the wallet on disk, using the same file format.
 - the client should synchronize its wallet with the server (eg using a timer)
 - javascript. The code should be entirely included in the extension. No code should be downloaded by the extension.
 - the extension should detect bitcoin: URIs

Note that a big part of the work has already been done by Joric (see http://brainwallet.org/) : his brainwallet code can generate Electrum addresses and sign transactions. What needs to be done is the jsonrpc communication with Electrum servers, packaging the whole thing as a Firefox extension.

I am pledging 10 BTC for this task.
If you want to increase the bounty, please send your pledges to:  bitcoin:1NiiYDMxHgfUH2nFcu5A6z6rix8Yc4cgVs

If the bounty has not been claimed within 3 months (august 11th), plegdes will be returned to their originators (the first input address of the transaction).


Update (august 16, 2012): the bounty campaign was not successful. Pledge returned.

[1714907394]

1714907394

[1714907394]

1714907394

[da2ce7]

I applaud this effort, so much so I am willing to make add a 10 BTC bounty for a Google Chrome 'app' in the same style as the Firefox one.

Edit: To claim this bounty, the FF one must be first claimed to ThomasV's satisfaction.

[minimalB]

I pledge 5btc.

[ThomasV]

bumping this. 25 btc have been pledged so far.

[ThomasV]

bump again!
please participate!

A Firefox wallet addon would be as easy to use as a web wallet, with the security and availability of Electrum!

[ThomasV]

Clarification:

the extension has to read/write the wallet on disk.
this does not mean that the wallet has to reside on the path used by other clients; it can be in your .firefox directory

[Eli]

I applaud this effort, so much so I am willing to make add a 10 BTC bounty for a Google Chrome 'app' in the same style as the Firefox one.

Edit: To claim this bounty, the FF one must be first claimed to ThomasV's satisfaction.

I join this with a pledge of 5BTC generally, and add an extra 10BTC to the pledge if this is implemented for Safebit.

Safebit is currently a Chrome app, does this work for you, da2ce7?

[ThomasV]

I applaud this effort, so much so I am willing to make add a 10 BTC bounty for a Google Chrome 'app' in the same style as the Firefox one.

Edit: To claim this bounty, the FF one must be first claimed to ThomasV's satisfaction.

I join this with a pledge of 5BTC generally, and add an extra 10BTC to the pledge if this is implemented for Safebit.

Safebit is currently a Chrome app, does this work for you, da2ce7?

I am not sure to understand what you mean...
Safebit is currently a chrome frontend to bitcoind.
Are you proposing to extend it so that it works with an Electrum server? that would be terrific

[ffe]

track

[Xenland]

interesting.....

[molecular]

will the packages be signed? by who?

[ThomasV]

will the packages be signed? by who?

it depends on how the extension is distributed.
note that we currently have the same problem with windows builds.

[molecular]

will the packages be signed? by who?

it depends on how the extension is distributed.
note that we currently have the same problem with windows builds.

yes,... and android, I guess, right?

It's still unclear (as talked about on irc quite a while back) to me as to how package trust can be established. Surely you can't oversee / facilitate production of the packages for all the platforms and you're currently not the producer of the windows binaries, right? There also are no android packages as of now, correct?

sorry to have veered a little off-topic, bit this issue is nagging in the back of my head.

[ThomasV]

will the packages be signed? by who?

it depends on how the extension is distributed.
note that we currently have the same problem with windows builds.

yes,... and android, I guess, right?

It's still unclear (as talked about on irc quite a while back) to me as to how package trust can be established. Surely you can't oversee / facilitate production of the packages for all the platforms and you're currently not the producer of the windows binaries, right? There also are no android packages as of now, correct?

sorry to have veered a little off-topic, bit this issue is nagging in the back of my head.

No problem, it is indeed an important issue.
Note that the problem is a bit different for source code and compiled versions.

For the bitcoin-qt client, binaries are compiled independently by several developers, and they check that they get the same result (they publish a hash of the compiled file). It would be nice to have that kind of check for the Windows binaries of Electrum.

In addition, it would be good if the hashes would be published on a different website than the sitethat distributes the packages or binaries. (in case the site gets hacked)

[molecular]

will the packages be signed? by who?

it depends on how the extension is distributed.
note that we currently have the same problem with windows builds.

yes,... and android, I guess, right?

It's still unclear (as talked about on irc quite a while back) to me as to how package trust can be established. Surely you can't oversee / facilitate production of the packages for all the platforms and you're currently not the producer of the windows binaries, right? There also are no android packages as of now, correct?

sorry to have veered a little off-topic, bit this issue is nagging in the back of my head.

No problem, it is indeed an important issue.
Note that the problem is a bit different for source code and compiled versions.

For the bitcoin-qt client, binaries are compiled independently by several developers, and they check that they get the same result (they publish a hash of the compiled file). It would be nice to have that kind of check for the Windows binaries of Electrum.

That's not a bad idea. You need at least 2 packagers per platform for that to work and some mechanism by which a rogue packager can be prevented to distribute his "alternative version". I doubt you'll get the users to compare hashes from different sources, so there has to be some instance or collaborative effort to do that?

In addition, it would be good if the hashes would be published on a different website than the sitethat distributes the packages or binaries. (in case the site gets hacked)

maybe put them in the blockchain somehow?

[anfedorov]

- the client should use the Electrum deterministic address generation and mnemonics. It must be able to read/write the wallet on disk, using the same file format.

Could you explain the reasoning behind this? Will you be editing or accessing the wallet file directly on the filesystem? Browser extensions usually don't write to the filesystem, and actually can't in any browser but Firefox, where it gets a bit hairy since paths are platform-dependent. Would it be acceptable to write the file to localStorage (which is saved on the filesystem)?

[ThomasV]

- the client should use the Electrum deterministic address generation and mnemonics. It must be able to read/write the wallet on disk, using the same file format.

Could you explain the reasoning behind this? Will you be editing or accessing the wallet file directly on the filesystem? Browser extensions usually don't write to the filesystem, and actually can't in any browser but Firefox, where it gets a bit hairy since paths are platform-dependent. Would it be acceptable to write the file to localStorage (which is saved on the filesystem)?

yes it is acceptable to use localstorage.
the idea is that users should not be stuck with the extension;
the "restore from seed" procedure should be identical, and users should be able to export their wallet in a format that is read by the python client.

(note: it is also possible to export the wallet as a json object; it is trivial to adapt the python client to read json)

[ThomasV]

one month has elapsed! two more months to go..

several developers have expressed interest in this project.
it is still time to add a donation and increase the bounty!

[anfedorov]

Note that a big part of the work has already been done by Joric (see http://brainwallet.org/) : his brainwallet code can generate Electrum addresses and sign transactions. What needs to be done is the jsonrpc communication with Electrum servers, packaging the whole thing as a Firefox extension.

To anyone working on this, I cleaned up the address generation code to be a bit easier to understand. You can get it here: https://gist.github.com/2933373

[anfedorov]

(note: it is also possible to export the wallet as a json object; it is trivial to adapt the python client to read json)

ThomasV: could you implement import/export via JSON in the next version of the Electrum client? As you say, it shouldn't be too hard...