e.g. I don't know if the bot is trustless or it's able to run away with my tips.
It is not able to run away with your tips to my knowledge. The system was largely built to be trustless as [member=38688]kuro112[/member] [member=32130]Freebieservers[/member] and [member=40140]hybridd[/member] roll that way. They work with gamers...who also tend to be a demographic full of little hackers who like to cheat and gain substantial advantages using a whole slew of the most cutting edge attacks in the space (for some odd reason), so I am confident that their skillsets are very competent in accomplishing this. Of course that doesn't mean people are not allowed to test and attack it...I mean its going to happen anyway.
Interestingly, the only person on this forum who could potentially steal from you would be a moderator who reads your pms and grabs your security code (because it is sent to you via pm on this forum)
This isn't entirely true as fav points out (further down I quoted him), it is entirely possible that someone who has control of the deposit account could do something malicious with them. The other points of failure are as (close to what) you pointed out,
administrators not moderators.
From what I know at present, it will earn revenue in two ways (though it is in beta and at present is not earning anything to my knowledge):
A) when users withdraw to their wallet, a small % of the funds will be paid to do so.
B) if User A receives a tip and has no wallet, they can create one directly from the site through OpenLedger.info. If/when they do this, the bot's wallet will be the referrer and will share some referral fees gained from OpenLedger.
A is sort of correct... it's not a % but rather a fairly fixed value. B... is not a question I know the answer to.
e.g. I don't know if the bot is trustless or it's able to run away with my tips.
It is not able to run away with your tips to my knowledge. The system was largely built to be trustless as [member=38688]kuro112[/member] [member=32130]Freebieservers[/member] and [member=40140]hybridd[/member] roll that way. They work with gamers...who also tend to be a demographic full of little hackers who like to cheat and gain substantial advantages using a whole slew of the most cutting edge attacks in the space (for some odd reason), so I am confident that their skillsets are very competent in accomplishing this. Of course that doesn't mean people are not allowed to test and attack it...I mean its going to happen anyway.
Interestingly, the only person on this forum who could potentially steal from you would be a moderator who reads your pms and grabs your security code (because it is sent to you via pm on this forum)
And that's exactly why 2FA will be worked on, from my understanding.
the owner of sharebitsio can run with the money = centralized and not trust less. I don't think there's a way to get around this, multi sig maybe, but that would void (fast) withdrawals.
2FA only protects you from outside intrusion, the main account holder could still go rogue.
please correct me if I am wrong
What you are saying is entirely true. There is no
easy way to create a fully trustless system for this without us going very far out of our way to do so. The bitshares blockchain api doesn't provide an easy method to do so. If it were possible to create "sub accounts" (I'd have to greatly explain what I mean here, but I see no point cause it's not like someone's about to do some huge work on the block chian to make this possible) then a trustless system becomes more feasible.
Imo anyways, centralized isn't really a bad thing when people can be held accountable if shit hits the fan.