BitShares Forum

Main => General Discussion => Topic started by: ripplexiaoshan on July 22, 2014, 08:25:36 pm

Title: Proposal to enhance the Fund Transfer Security
Post by: ripplexiaoshan on July 22, 2014, 08:25:36 pm

Some friends complain that many accounts names similar to theirs' were created by changing one letter in their ID. Indeed, some letters are very similar, like 1 and l, 0 and o. When we transfer the fund to someone, all similar IDs will be displayed too. If you are not cautious, there is chance to mistakenly choose the wrong recipient.
 
One proposal to resolve this issue is that when someone want to receive fund from others, he'd better announce his public key besides his ID, so when we input the ID of the recipient, its public key can be automatically displayed, thus we can verify whether the ID matches the public key. 

I think it's possible to achieve this function through modifying the code of GUI. What the dev team think？     

Title: Re: Proposal to enhance the Fund Transfer Security
Post by: bytemaster on July 22, 2014, 08:28:33 pm

This was a major topic at lunch time... I too am paranoid about this.   

Step 1) Place a Star next to your favorite accounts and WARN if you are about to send to an account not in your favorites.
Step 2) Generate Random Art Icon for each account:  http://www.random-art.org/about/

Title: Re: Proposal to enhance the Fund Transfer Security
Post by: CalabiYau on July 22, 2014, 08:32:00 pm

Quote from: ripplexiaoshan on July 22, 2014, 08:25:36 pm

Some friends complain that many accounts names similar to theirs' were created by changing one letter in their ID. Indeed, some letters are very similar, like 1 and l, 0 and o. When we transfer the fund to someone, all similar IDs will be displayed too. If you are not cautious, there is chance to mistakenly choose the wrong recipient.
 
One proposal to resolve this issue is that when someone want to receive fund from others, he'd better announce his public key besides his ID, so when we input the ID of the recipient, its public key can be automatically displayed, thus we can verify whether the ID matches the public key. 


I think it's possible to achieve this function through modifying the code of GUI. What the dev team think？     

I support this important proposal - at least the option to show the corresponding pubkey +5%

Title: Re: Proposal to enhance the Fund Transfer Security
Post by: xeroc on July 22, 2014, 08:32:31 pm

I remember discussing a scheme like this
name-firstpartofkey
ie.
xeroc-BTSX14afa

or maybe use ":"
ie.
xeroc:BTSX14afa

hoever ":" breaks the 'doubleclick-select-all' feature of most OS! :(

Title: Re: Proposal to enhance the Fund Transfer Security
Post by: bytemaster on July 22, 2014, 08:36:02 pm

Step 1) Place a Star next to your favorite accounts and WARN if you are about to send to an account not in your favorites.
Step 2) Generate Random Art Icon for each account:  http://www.random-art.org/about/

Title: Re: Proposal to enhance the Fund Transfer Security
Post by: xeroc on July 23, 2014, 05:31:37 am

Quote from: bytemaster on July 22, 2014, 08:36:02 pm

Step 1) Place a Star next to your favorite accounts and WARN if you are about to send to an account not in your favorites.
Step 2) Generate Random Art Icon for each account:  http://www.random-art.org/about/

+5%

just link for the random arts:
http://meta.stackexchange.com/questions/17443/how-is-the-default-user-avatar-generated

Title: Re: Proposal to enhance the Fund Transfer Security
Post by: 8bit on July 23, 2014, 05:41:18 am

Quote from: bytemaster on July 22, 2014, 08:28:33 pm

This was a major topic at lunch time... I too am paranoid about this.   

Step 1) Place a Star next to your favorite accounts and WARN if you are about to send to an account not in your favorites.
Step 2) Generate Random Art Icon for each account:  http://www.random-art.org/about/

Great ideas! Especially the random art. A couple of questions, though. Will it be possible to skip the warning, through a "dont ask me again" checkbox in the GUI and a -f flag in the CLI? Also, can we have a something like random art but for the CLI? Maybe either a string of randomized words that form a sentence or a random art ASCII.

EDIT: Here's another idea. Add a trusted nodes system. All of the names that people who I favorite favorite come up as 'trusted' and also do not prompt before sending. People can also be flagged 'untrustworthy'. If someone you favorite marks one of your trusted nodes as 'untrustworthy', then they are removed from your list of trusted nodes. Also, the user's trust level is listed in their account, on the delegates pages, etc... This is a friend-to-friend, decentralized implementation of a 'ring of trust'. This also potentially creates a new industry: delegates (and other community members) who maintain easylists of trusted/untrusted nodes.

Title: Re: Proposal to enhance the Fund Transfer Security
Post by: testz on July 23, 2014, 06:32:55 am

Quote from: xeroc on July 23, 2014, 05:31:37 am

Quote from: bytemaster on July 22, 2014, 08:36:02 pm

Step 1) Place a Star next to your favorite accounts and WARN if you are about to send to an account not in your favorites.
Step 2) Generate Random Art Icon for each account:  http://www.random-art.org/about/

+5%

just link for the random arts:
http://meta.stackexchange.com/questions/17443/how-is-the-default-user-avatar-generated

 +5%