Author Topic: Proposal to enhance the Fund Transfer Security  (Read 1874 times)

0 Members and 1 Guest are viewing this topic.

Offline testz

Step 1) Place a Star next to your favorite accounts and WARN if you are about to send to an account not in your favorites.
Step 2) Generate Random Art Icon for each account:  http://www.random-art.org/about/
+5%

just link for the random arts:
http://meta.stackexchange.com/questions/17443/how-is-the-default-user-avatar-generated

 +5%

Offline 8bit

  • Full Member
  • ***
  • Posts: 56
    • View Profile
This was a major topic at lunch time... I too am paranoid about this.   

Step 1) Place a Star next to your favorite accounts and WARN if you are about to send to an account not in your favorites.
Step 2) Generate Random Art Icon for each account:  http://www.random-art.org/about/

Great ideas! Especially the random art. A couple of questions, though. Will it be possible to skip the warning, through a "dont ask me again" checkbox in the GUI and a -f flag in the CLI? Also, can we have a something like random art but for the CLI? Maybe either a string of randomized words that form a sentence or a random art ASCII.

EDIT: Here's another idea. Add a trusted nodes system. All of the names that people who I favorite favorite come up as 'trusted' and also do not prompt before sending. People can also be flagged 'untrustworthy'. If someone you favorite marks one of your trusted nodes as 'untrustworthy', then they are removed from your list of trusted nodes. Also, the user's trust level is listed in their account, on the delegates pages, etc... This is a friend-to-friend, decentralized implementation of a 'ring of trust'. This also potentially creates a new industry: delegates (and other community members) who maintain easylists of trusted/untrusted nodes.
« Last Edit: July 23, 2014, 05:59:31 am by 8bit »
Code: [Select]
wallet_approve_delegate eightbitA VOTE FOR EIGHTBIT IS A VOTE FOR CRUDE DICK ART

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Step 1) Place a Star next to your favorite accounts and WARN if you are about to send to an account not in your favorites.
Step 2) Generate Random Art Icon for each account:  http://www.random-art.org/about/
+5%

just link for the random arts:
http://meta.stackexchange.com/questions/17443/how-is-the-default-user-avatar-generated

Offline bytemaster

Step 1) Place a Star next to your favorite accounts and WARN if you are about to send to an account not in your favorites.
Step 2) Generate Random Art Icon for each account:  http://www.random-art.org/about/
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I remember discussing a scheme like this
name-firstpartofkey
ie.
xeroc-BTSX14afa

or maybe use ":"
ie.
xeroc:BTSX14afa

hoever ":" breaks the 'doubleclick-select-all' feature of most OS! :(

Offline CalabiYau

Some friends complain that many accounts names similar to theirs' were created by changing one letter in their ID. Indeed, some letters are very similar, like 1 and l, 0 and o. When we transfer the fund to someone, all similar IDs will be displayed too. If you are not cautious, there is chance to mistakenly choose the wrong recipient.
 
One proposal to resolve this issue is that when someone want to receive fund from others, he'd better announce his public key besides his ID, so when we input the ID of the recipient, its public key can be automatically displayed, thus we can verify whether the ID matches the public key. 


I think it's possible to achieve this function through modifying the code of GUI. What the dev team think?     

I support this important proposal - at least the option to show the corresponding pubkey +5%

Offline bytemaster

This was a major topic at lunch time... I too am paranoid about this.   

Step 1) Place a Star next to your favorite accounts and WARN if you are about to send to an account not in your favorites.
Step 2) Generate Random Art Icon for each account:  http://www.random-art.org/about/
« Last Edit: July 22, 2014, 08:35:06 pm by bytemaster »
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline ripplexiaoshan

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 2300
    • View Profile
  • BitShares: jademont
Some friends complain that many accounts names similar to theirs' were created by changing one letter in their ID. Indeed, some letters are very similar, like 1 and l, 0 and o. When we transfer the fund to someone, all similar IDs will be displayed too. If you are not cautious, there is chance to mistakenly choose the wrong recipient.
 
One proposal to resolve this issue is that when someone want to receive fund from others, he'd better announce his public key besides his ID, so when we input the ID of the recipient, its public key can be automatically displayed, thus we can verify whether the ID matches the public key. 

I think it's possible to achieve this function through modifying the code of GUI. What the dev team think?     
BTS committee member:jademont