Proposal “mydashwallet-continued-development“ (Active)Back

Title:MyDashWallet Continued Development
Owner:DeltaEngine
Monthly amount: 46 DASH (4275 USD)
Completed payments: no payments occurred yet (4 month remaining)
Payment start/end: 2019-08-16 / 2019-12-13 (added on 2019-08-11)
Final voting deadline: in 3 days
Votes: 398 Yes / 92 No / 48 Abstain
Will be funded: No. This proposal needs additional 184 Yes votes to become funded.
External information: app.dashnexus.org/proposals/mydashwallet-continued-development/overview
Manually vote on this proposal (DashCore - Tools - Debugconsole):
gobject vote-many 8df53798b8c052ed194ce092518497637bbe924870145e2c23d26e274aeee29d funding yes

Please login or create a new DashCentral account for comfortable one button voting!

Proposal description

Update 2019-08-23:
- BtcPayServer Dash InstantSend integration is mostly done: https://github.com/DeltaEngine/btcpayserver/commits/master
- Splawik also noticed an issue with /Redeem links, which is now fixed (mostly importantly for Twitter tips, but also useful for Discord, Telegram and Reddit private account links)
- DACH requested telegram links to all important communities worldwide, we added links to https://mydashwallet.org/tip and will notify newly registered telegram users of these links and give them a helpful guide
- Joel was reporting some problems with the new decentralized mixing experimental site, we are investigating and fixing issues
- Usability issues have been reported and will be worked on next week (making it easier to restore hd seed, initial guide for new users, etc.)
- Screenshot from the new site now live at https://mydashwallet.org
https://dashnexus.imgix.net/a92b6df0bbf811e999cd85f940679649

From https://app.dashnexus.org/proposals/mydashwallet-continued-development/overview

Quite a lot has happened since early 2019 on MyDashWallet and as you can see below in the Statistics the usage of almost all parts of the website, bots and mixing has seen 50-100% growth this year. This proposal is about the continued development of the site and many cool features like the world first decentralized mixing in the browser, which is already experimentally working and can be tested right now.
Sadly the major thing most will remember is the script hack on an external site that affected some newer MyDashWallet users (more on that below, many would believe we are a dead site now with all the bad news, but it seems users keep using it and all the noise is not affecting actual long time users).
  • Check out the new redesigned https://staging.mydashwallet.org (which will replace the old site in a few days after more testing)
  • The site is 100% re-written in React (Javascript) and uses only a few well known libraries including dashcore-lib, ledger-js and TrezorConnect, all from safe sources. There is no backend to the new site, it all runs locally in your browser, however it still needs to call the explorer and a few api calls to the https://old.mydashwallet.org for not yet supported features.
  • The new MyDashWallet redesign was started in Q1, we never found the time to finish all parts. We decided to release a earlier work-in-progress version, which works very well and we only have gotten very positive feedback about the snappiness and new features (while many old features are still missing and the old site will continue to serve those needs)
  • The new version is completely compatible for small devices and makes the native wallets obsolete
  • There was a lot of fixes to the bots and api, which are running very stable for months now. Telegram activity has also surpassed all other bot services combined (today alone over 400 commands were sent through the bot).
  • Most importantly we have reached a milestone with our decentralized mixing experiment, which you can check out at: https://staging.mydashwallet.org/mix
  • You can mix directly in your browser, it works great on any browser and on mobile (hardware wallets are supported, but during testing it was too annoying having to confirm each round, we will investigate on better solutions). Funds always stay in your hd wallet and never leave.
  • The complete source code is available at https://github.com/deltaengine/MyDashWallet
Ok, lets talk about the Elephant in the room, the script hack on the external site greasyfork, which provided a script that was used very early on (Q1 2018) for some CryptoJS compatibility with some legacy code from MyEtherWallet. Here is our public statement and more details about the issue: https://staging.mydashwallet.org/scripthack
  • While some code was removed and cleaned up in Q2 2018, this leftover script was still in the header. This was a bad oversight by us and could be seen by the hacker easily as all of the code was available on https://github.com/deltaengine/MyDashWallet we initially didn't believe this was actually this bad of an issue because none of our test or dev devices did have the hacked script and when we removed it 1h after discovery the greasyfork site did already remove it. Some users on discord were helpful in restoring the hack and looking into it.
  • Some of the new users and accusers we had to answer last month clearly didn't understand how MyDashWallet works, at not point did we hold any private keys of any user or hacker. There is simply no way we can reverse or restore any transaction made on the site or externally, details at https://staging.mydashwallet.org/help
  • In any case we were tracking the actual hacker (we suspect it was 2 different issues, maybe 2 different hackers) and trying to find a way to get funds back as the hacker was still using MyDashWallet to mix his stolen funds. Initially we weren't sure and didn't catch the hacker with huge amounts being mixed, this would have been big. However due Dash Core tweeting about the hack before we knew it (a warning would have been nice), it spread like wildfire through the crypto news sites and the hacker was quickly aware a few days later and stopped all activity. Many funds are still sitting unused on his stolen addresses.
  • We still recovered around 60 DASH and will give those back to affected users till the end of August, everyone that has contacted us was already made aware of this in the last week. More details on how this happened on https://staging.mydashwallet.org/scripthack
  • If you have any hints, addresses, updates, ip addresses to help track the hacker, let us know. We also contacted Binance about the hacker deposit address, but they ignore us as usual. We are also aware of groups forming and investigations going against us, no idea what the private discord channels, Reddit revolts, blockcypher or blockchainintel are going to investigate. Our information is always open and clear, anyone that asked us seriously about the hack was getting a quick reply.
  • Many crypto people told us to close shop and get rid of MyDashWallet, especially with all the hate we are getting, people trying to sue us, law enforcement involvement and all the stress we are going through, but that is not in our nature, we are going to continue running the highly successful MyDashWallet, most users are not affected and it would be a shame to close it all down.
  • If you look at the statistics, there is a clear dip in July, about 10% of bot users withdrew their funds, and less people were using the website in recent weeks
  • It seems crypto forgets quickly, 15% more bot user funds are available now in August, many users returned after the initial panic, the recent few days have been the most active ever on both the website, especially the mixing and the telegram usage (new records every week)
2019 Total Statistics
  • Transactions: 82932 (over 50% increase from start of 2019)
  • Dash Send: 312884.1 DASH (100% increase from start of 2019)
  • PrivateSend Transactions: 10139 (100% increase from start of 2019)
  • Dash Mixed: 133374.9 DASH (110%+ increase from start of 2019)
  • InstantSend Transactions: 5186 (35% increase, now meaningless as everything is InstantSend on what bots and users do)
  • Tip Accounts: 3895 (40% increase from start of 2019)
  • Tips: 57542 (about 20% increase)
  • CoinFlips (Bot Game): 15060 (only about 5% increase, not very popular atm)
  • Detailed stats are available at https://mydashwallet.org/Stats
We also worked on Special Transaction support in our libraries and tools and external libraries NBitcoinbitcoin-libBtcPayServer
  • InstantSend explorer support was integrated in May, but we switched back to a more stable version in June until 0.14 is released and stable. The new colorful explorer features will return soon.
  • Planning of new stress test around 0.14 has been prepared, we will discuss with Dash Core when it will be a good time (before v1.0 evolution release on testnet). Many smaller changes were done and tested on devnet after trying out different approaches in testnet back in April (when 0.14 went live in testnet)
  • Native Android and iOS wallets have been abandoned as there are already many great choices out there and the new MyDashWallet.org works great on mobile already. The only major feature missing from any other mobile wallet is PrivateSend, which we solved both with the old website in a more centralized setup and now experimental decentralized with the new website launch.
  • There is also still ongoing work happening with explorers, BtcPayServer InstantSend receive integration and better Ledger InstantSend integration into Ledger Live and the API. We can hopefully give an update later this month.
  • Our support team is also quick to answer any request and even though the hack was much worse than initially expected, it was no problem to answer most serious request in a very short amount of time (mostly in minutes or few hours)
  • History command to see all you have done (tips send, received, rains, etc.) has been integrated into all bots, plus a ton of other small features as requested by different communities on discord and telegram (see /help)
Other things are still in the pipeline, but do not have top priority because of low demand and a high amount of work required to finish:
  • Website for Swap Dash to BTC, BCH, ETH or LTC, which is already implemented in the bot (you can always simply type /swap to the MyDashWalletBot and try it out on Discord or Telegram)
  • Example Dash Webstore via BtcPayServer, we started work here, but it is super annoying to get anything up and working. We will finish our InstantSend integration, but currently have no time to dig deeper as the code base and the developers are too btc-centric.
  • Email notifications on receiving tips is already implemented on the old site, but doesn't have a front-end. In the new site no backend is available and we haven't found a good spot for this feature yet.
  • Integration of DashPay usernames once available (obviously not done as Evolution is not released yet)
Cost
  • $4500 per month (4000 euro in usd) for the next 4 months + 5 proposal fee reimbursement
  • We have hired a web developer to continue working on the front-end, the cost is mostly going towards this.
  • The main development areas are the new website, decentralized mixing efforts and getting all of the above features properly and cleanly implemented.
  • As promised in the last proposal support and hosting costs will be covered by us till the end of the year. However if there is no interest by the Dash community for our ongoing efforts some features will be put on ice till 2020 when we have more time to reevaluate.

Show full description ...

Discussion: Should we fund this proposal?

Submit comment
 
1 point,23 hours ago
Voted yes as well, and agree with Tao that MDW is a valuable resource for the network, it also runs tipbots for our chat servers and other social media outlets.
Reply
1 point,21 hours ago
Thanks, very much appreciated. Always good to see active users to use the services we provide, we will continue to support the website and all bots, no matter if this or future proposal pass or not. However it would also be a clear indication if the proposal doesn't pass that we should put much time or effort into the newer things yet (decentralized mixing in the browser, new website, more services, etc.). This is by far our worst performing proposal, 3 months ago we were at the very top of the list on dashnexus and now we are pretty much at the bottom dropping out .. just 4 days left and not much hope we make it this time ..
Reply
1 point,5 days ago
Update 2019-08-19: We finished the BtcPayServer Dash InstantSend integration: https://github.com/DeltaEngine/btcpayserver/commits/master

Splawik also noticed an issue with /Redeem links, which is now fixed (mostly importantly for Twitter tips, but also useful for Discord, Telegram and Reddit private account links)
Reply
3 points,8 days ago
Voting yes. I believe the MDW is a valuable resource.
Reply
0 points,8 days ago
Same here!
Reply
1 point,7 days ago
Thanks for your support, we hope there is more participation coming in, would need 5-6 times more votes in the next 10 days ..
Reply
1 point,9 days ago
Why does the wallet send my dash address to google servers? There is lots of qr-code libraries that you could use to generate a qr-code in the browser or mydashwallet.org server.
https://i.imgur.com/KTfjIW8.png
Reply
-1 point,9 days ago
Its by far the most common and popular QR-Code generator, but you are right, it can be exchanged to any other one, its not really a big part of the wallet (there is just 1 qr code for receiving).

For example just 1 line of code would have to change to support this qr api instead (or any other): http://goqr.me/api/
Reply
1 point,9 days ago
I think you should exchange it to mydashwallet.org/qr/[address] so that the address is not shared with third parties.

If you also changed the analytics from google analytics to something self hosted like matomo then no data would be shared with third parties.
Reply
0 points,10 days ago
wow, 50 no votes just came in with ~10 yes, doesn't look like we will get enough support .. lets see

for the no voters: if there is anything we can improve or if you really dislike mydashwallet or ongoing development, let us know so we don't waste everyones time.
Reply
3 points,11 days ago
About the new proposal, It would be possible for you to add an easy option for users to use the NGO-oriented BIP-47 feature connected to trezor etc.

About BIP-47: Reusable payment codes:

Payment codes are a technique for creating permanent addresses that can be reused and publicly associated with a real-life identity without creating a loss of financial privacy.

https://bitcointalk.org/index.php?topic=1095800.0
https://paynym.is/about

I consider it very important, since it allows NGOs and other institutions to publish a unique donation address with Dash, with a degree of privacy without using privatesend. Thank you.
Reply
2 points,11 days ago
Yes, that would be no problem, if you actually try out using trezor on the new site we switched from getting single addresses to getting the whole dash account, which allows the wallet to create new addresses and check all old addresses in one go (instead of doing it one by one like on the old site, which was very slow and cumbersome).

Question is what exactly you need, your hd wallet would always automatically create a new receive address if any funds get to the current receive address. The bip 47 standard is quite easy to implement into a hd wallet, but I haven't seen it exposed in the trezor or ledger api, without integration by them I don't think it is possible as only the xpubkey is know and exposed and not enough the way bip 47 or 75 works, just read this article from 2016 to refresh my memory, but bitcoin integration and especially hardware wallets are pretty slow to add these advanced features: https://coinjournal.net/bip-47-vs-bip-75-will-bitcoin-wallets-maintain-privacy-becoming-easier-use/

A far simpler solution would be to integrate hd wallet into the social accounts (email, discord, telegram, twitter, reddit) by providing a new fresh receive address any time funds arrive, which is already on our roadmap and planned once all new website features are done later this year.

Hope this helps, let me know if you have more details to discuss this. This is the api used on https://MyDashWallet.org : https://github.com/trezor/connect
Reply
0 points,8 days ago
Check the links that I indicated that solution is designed when a merchant/NGO shares a QR code publicly, they loses privacy, anyone can see, the balance he received if scan QR code. That technique provides privacy. I hope I explained myself well. Or maybe there is another solution to prevent this. https://paynym.is/about
Reply