My account password recovery "token" was sent via email. I thought that was a no-no wrt security.
Edit: This was the text below the token:
Keep this code SAFE. Anyone with this code and your username can gain access to your account. If you lose both your password and your recovery code, you will lose access to your funds so be safe!
This is extremely cool; I started putting together some of the same pieces after Stripe's blog post last week (https://stripe.com/blog/bitcoin-the-stripe-perspective) and figured it was only a matter of time before something was launched. I'm glad it's open source and not for profit.
I do have a few concerns, though. Some of them require a bit more digestion so I won't comment on those here, but one that I'm sure about: WTF is the reference client written in browser JS?? It doesn't make any sense, for all the same reasons as the last time someone dragged out that dead horse.
The reference client being in-browser is a very deliberate choice: most users aren't going to download a client to play around with a new currency. It's certainly our hope that people will start building non-browser clients, and because everything is open-source and available it should be easy to do so.
As soon as you're in-browser, you have a choice: do it server-side, which means you have access to people's funds (at least while they're logged in), or do it via client-side JS, in which case you don't. The choice there for Stellar ended up being pretty straightforward, though the simple implementation leads to some UX surprises such as: https://www.stellar.org/faq/#_Why_do_I_need_to_authenticate_....
> or do it via client-side JS, in which case you don't.
Of course you do, it just takes a teeny bit more work--you swap the contents of crypto.js with the contents of malicious-crypto.js. The threat model is exactly the same (users either trust the server or they don't) but the browser crypto option adds a layer of (respectfully, because I know you're a very intelligent person who means well) bullshit.
Ah, so certainly malicious JS code could misbehave and gain access to your account. But this is true also for someone publishing a desktop client — in practice, people aren't going to check the code going into each release, any more than they're going to inspect the JS running on their page before entering the password.
I think the question of where your password by design will go is very important. If it's transiting the server, suddenly there's a lot more surface area to worry about. Logfiles, databases, and the like suddenly can be called into scope, and an attacker might be able to steal credentials even without being able to substitute out code.
In any case, the great thing about an open ecosystem is that, if you don't like the choices someone else has made, you are more than welcome to make your own implementation with choices you prefer!
Calling yourself not-for-profit doesn't make it true. I'm not so sure why they needed $3M for something that only needs to pay for a few developers, and why they need to be in control of the issuing of the currency (unlike Bitcoin).
Right, and that's where (most of) the rest of my concerns lie. It's not completely clear to me why they needed to implement a new currency and why it's being distributed the way it is. It's possible there's a good reason though; I just haven't had time to think about it enough yet.
We chose to help fund Stellar because we were very impressed with their mission and their thoughtful approach to how to get cryptocurrency into the hands of as many people as possible.
I think we all would have preferred a route that didn't require creating a new currency, but this was the best approach they could find to moving forward on their vision. Certainly the long-term hope is that the stellar will mostly help provide liquidity between other currencies, rather than become something used primarily as a first-class currency itself.
The distribution strategy here is actually something that, as far as I know, has never been tried before. It's correspondingly very difficult to know exactly how it'll turn out. The underlying motivation is to distribute the stellar as fairly and as rapidly as possible, and this model (given lots of transparency and upfrontness) was the best they could think of. (If you come up with a better one, I'd certainly love to hear it — I'm gdb@stripe.com if you'd like to talk more.)
I work at Stellar. re: the distribution method: mining obviously has many benefits, but it's still limited to people who are highly technical and/or who have money to spend. That eliminates most people in the world. We wanted to provide much broader access to digital currency to normal folks, and so stellars will be given away for free at the click of a button. Hope that helps clarify.
But isn't Stellar intended for technical folk? Like, it's supposed to be a currency used between gateways, right? Where the gateways provide an interface to less technical people?
I understand that peer-to-peer is also a possible use case, but realistically the people who don't know how to mine aren't going to care about transferring cryptocurrencies... that's why the gateways are valuable in the first place.
The reason is strictly for fundraising. They have Naval Ravikant as an advisor and he is a proponent of using that model to fund a project. It's a viable model, but I don't think you can call yourself a nonprofit and use it.
Hi from Stellar. I know FB isn't the ideal login method. But our goals were to provide easy access to people and to have a method to detect spam accounts. Today is our first day out. We will be releasing other ways to claim soon so I hope you check back. Thanks.
We definitely want to expand beyond Facebook for distribution as quickly we can. We'd love to hear — do you have any suggestions for the best way of doing distribution within China?
I am one of the folks working at Stellar. Yes, FB isn't a login method that will work for everyone. But today is our first day saying hello to the world; we do plan on adding more methods soon. Thanks.
A few suggestions (which would probably need to be limited to over X age):
* Google accounts
* Github accounts
* Twitter accounts
* bitcoin-otc accounts (probably with a minimum reputation)
* GPG keys with some minimum threshold of age and "signedness"
* S/MIME certificates from issuers that verify government ID.
I'm guessing the difficulty with supporting multiple methods is a desire to limit this to 5k/person. I'm not sure there's a good solution to this, though I will say that you may have just added some additional incentive to steal Facebook credentials.
Interesting project, I only wish I'd understand the mechanics behind it (apart from what the site tells me). Hopefully there will be layman's video explanation about it.
On another notice, this is one of the situations where it makes a lot of sense to register a simple username just in case, so I don't regret it later where the only available are longer ones :)
Where do they explain the concept of what a stellar is used for? I assume you would convert other currencies to stellars but I cannot find that detailed
Decentralized as in bitcoin, where proofs of work confirm transactions? That is not news, since 6 years ago.
Decentralized as in any other electronic transfer system, where you trust a few nodes to confirm the transaction? "Each node in the network communicates with a set of other nodes that it believes will not collude (such as nodes run by universities, governments, and companies)" That is not news, it's from decades ago. (Some people even tried to put a patent on it, like 15 years ago: http://www.google.com/patents/US6173272)
Edit: This was the text below the token:
Keep this code SAFE. Anyone with this code and your username can gain access to your account. If you lose both your password and your recovery code, you will lose access to your funds so be safe!