Proposal “mydashwallet-continued-development“ (Closed)Back
Title: | MyDashWallet Continued Development |
Owner: | DeltaEngine |
Monthly amount: | 46 DASH (1400 USD) |
Completed payments: | no payments occurred yet (4 month remaining) |
Payment start/end: | 2019-08-16 / 2019-12-13 (added on 2019-08-11) |
Votes: | 702 Yes / 208 No / 51 Abstain |
External information: | app.dashnexus.org/proposals/mydashwallet-continued-development/overview |
Proposal description
Update 2019-08-23:
- BtcPayServer Dash InstantSend integration is mostly done: https://github.com/DeltaEngine/btcpayserver/commits/master
- Splawik also noticed an issue with /Redeem links, which is now fixed (mostly importantly for Twitter tips, but also useful for Discord, Telegram and Reddit private account links)
- DACH requested telegram links to all important communities worldwide, we added links to https://mydashwallet.org/tip and will notify newly registered telegram users of these links and give them a helpful guide
- Joel was reporting some problems with the new decentralized mixing experimental site, we are investigating and fixing issues
- Usability issues have been reported and will be worked on next week (making it easier to restore hd seed, initial guide for new users, etc.)
- Screenshot from the new site now live at https://mydashwallet.org
From https://app.dashnexus.org/proposals/mydashwallet-continued-development/overview
Quite a lot has happened since early 2019 on MyDashWallet and as you can see below in the Statistics the usage of almost all parts of the website, bots and mixing has seen 50-100% growth this year. This proposal is about the continued development of the site and many cool features like the world first decentralized mixing in the browser, which is already experimentally working and can be tested right now.
Sadly the major thing most will remember is the script hack on an external site that affected some newer MyDashWallet users (more on that below, many would believe we are a dead site now with all the bad news, but it seems users keep using it and all the noise is not affecting actual long time users).
- BtcPayServer Dash InstantSend integration is mostly done: https://github.com/DeltaEngine/btcpayserver/commits/master
- Splawik also noticed an issue with /Redeem links, which is now fixed (mostly importantly for Twitter tips, but also useful for Discord, Telegram and Reddit private account links)
- DACH requested telegram links to all important communities worldwide, we added links to https://mydashwallet.org/tip and will notify newly registered telegram users of these links and give them a helpful guide
- Joel was reporting some problems with the new decentralized mixing experimental site, we are investigating and fixing issues
- Usability issues have been reported and will be worked on next week (making it easier to restore hd seed, initial guide for new users, etc.)
- Screenshot from the new site now live at https://mydashwallet.org
From https://app.dashnexus.org/proposals/mydashwallet-continued-development/overview
Quite a lot has happened since early 2019 on MyDashWallet and as you can see below in the Statistics the usage of almost all parts of the website, bots and mixing has seen 50-100% growth this year. This proposal is about the continued development of the site and many cool features like the world first decentralized mixing in the browser, which is already experimentally working and can be tested right now.
Sadly the major thing most will remember is the script hack on an external site that affected some newer MyDashWallet users (more on that below, many would believe we are a dead site now with all the bad news, but it seems users keep using it and all the noise is not affecting actual long time users).
- Check out the new redesigned https://staging.mydashwallet.org (which will replace the old site in a few days after more testing)
- The site is 100% re-written in React (Javascript) and uses only a few well known libraries including dashcore-lib, ledger-js and TrezorConnect, all from safe sources. There is no backend to the new site, it all runs locally in your browser, however it still needs to call the explorer and a few api calls to the https://old.mydashwallet.org for not yet supported features.
- The new MyDashWallet redesign was started in Q1, we never found the time to finish all parts. We decided to release a earlier work-in-progress version, which works very well and we only have gotten very positive feedback about the snappiness and new features (while many old features are still missing and the old site will continue to serve those needs)
- The new version is completely compatible for small devices and makes the native wallets obsolete
- There was a lot of fixes to the bots and api, which are running very stable for months now. Telegram activity has also surpassed all other bot services combined (today alone over 400 commands were sent through the bot).
- Most importantly we have reached a milestone with our decentralized mixing experiment, which you can check out at: https://staging.mydashwallet.org/mix
- You can mix directly in your browser, it works great on any browser and on mobile (hardware wallets are supported, but during testing it was too annoying having to confirm each round, we will investigate on better solutions). Funds always stay in your hd wallet and never leave.
- The complete source code is available at https://github.com/deltaengine/MyDashWallet
- While some code was removed and cleaned up in Q2 2018, this leftover script was still in the header. This was a bad oversight by us and could be seen by the hacker easily as all of the code was available on https://github.com/deltaengine/MyDashWallet we initially didn't believe this was actually this bad of an issue because none of our test or dev devices did have the hacked script and when we removed it 1h after discovery the greasyfork site did already remove it. Some users on discord were helpful in restoring the hack and looking into it.
- Some of the new users and accusers we had to answer last month clearly didn't understand how MyDashWallet works, at not point did we hold any private keys of any user or hacker. There is simply no way we can reverse or restore any transaction made on the site or externally, details at https://staging.mydashwallet.org/help
- In any case we were tracking the actual hacker (we suspect it was 2 different issues, maybe 2 different hackers) and trying to find a way to get funds back as the hacker was still using MyDashWallet to mix his stolen funds. Initially we weren't sure and didn't catch the hacker with huge amounts being mixed, this would have been big. However due Dash Core tweeting about the hack before we knew it (a warning would have been nice), it spread like wildfire through the crypto news sites and the hacker was quickly aware a few days later and stopped all activity. Many funds are still sitting unused on his stolen addresses.
- We still recovered around 60 DASH and will give those back to affected users till the end of August, everyone that has contacted us was already made aware of this in the last week. More details on how this happened on https://staging.mydashwallet.org/scripthack
- If you have any hints, addresses, updates, ip addresses to help track the hacker, let us know. We also contacted Binance about the hacker deposit address, but they ignore us as usual. We are also aware of groups forming and investigations going against us, no idea what the private discord channels, Reddit revolts, blockcypher or blockchainintel are going to investigate. Our information is always open and clear, anyone that asked us seriously about the hack was getting a quick reply.
- Many crypto people told us to close shop and get rid of MyDashWallet, especially with all the hate we are getting, people trying to sue us, law enforcement involvement and all the stress we are going through, but that is not in our nature, we are going to continue running the highly successful MyDashWallet, most users are not affected and it would be a shame to close it all down.
- If you look at the statistics, there is a clear dip in July, about 10% of bot users withdrew their funds, and less people were using the website in recent weeks
- It seems crypto forgets quickly, 15% more bot user funds are available now in August, many users returned after the initial panic, the recent few days have been the most active ever on both the website, especially the mixing and the telegram usage (new records every week)
- Transactions: 82932 (over 50% increase from start of 2019)
- Dash Send: 312884.1 DASH (100% increase from start of 2019)
- PrivateSend Transactions: 10139 (100% increase from start of 2019)
- Dash Mixed: 133374.9 DASH (110%+ increase from start of 2019)
- InstantSend Transactions: 5186 (35% increase, now meaningless as everything is InstantSend on what bots and users do)
- Tip Accounts: 3895 (40% increase from start of 2019)
- Tips: 57542 (about 20% increase)
- CoinFlips (Bot Game): 15060 (only about 5% increase, not very popular atm)
- Detailed stats are available at https://mydashwallet.org/Stats
- InstantSend explorer support was integrated in May, but we switched back to a more stable version in June until 0.14 is released and stable. The new colorful explorer features will return soon.
- Planning of new stress test around 0.14 has been prepared, we will discuss with Dash Core when it will be a good time (before v1.0 evolution release on testnet). Many smaller changes were done and tested on devnet after trying out different approaches in testnet back in April (when 0.14 went live in testnet)
- Native Android and iOS wallets have been abandoned as there are already many great choices out there and the new MyDashWallet.org works great on mobile already. The only major feature missing from any other mobile wallet is PrivateSend, which we solved both with the old website in a more centralized setup and now experimental decentralized with the new website launch.
- There is also still ongoing work happening with explorers, BtcPayServer InstantSend receive integration and better Ledger InstantSend integration into Ledger Live and the API. We can hopefully give an update later this month.
- Our support team is also quick to answer any request and even though the hack was much worse than initially expected, it was no problem to answer most serious request in a very short amount of time (mostly in minutes or few hours)
- History command to see all you have done (tips send, received, rains, etc.) has been integrated into all bots, plus a ton of other small features as requested by different communities on discord and telegram (see /help)
- Website for Swap Dash to BTC, BCH, ETH or LTC, which is already implemented in the bot (you can always simply type /swap to the MyDashWalletBot and try it out on Discord or Telegram)
- Example Dash Webstore via BtcPayServer, we started work here, but it is super annoying to get anything up and working. We will finish our InstantSend integration, but currently have no time to dig deeper as the code base and the developers are too btc-centric.
- Email notifications on receiving tips is already implemented on the old site, but doesn't have a front-end. In the new site no backend is available and we haven't found a good spot for this feature yet.
- Integration of DashPay usernames once available (obviously not done as Evolution is not released yet)
- $4500 per month (4000 euro in usd) for the next 4 months + 5 proposal fee reimbursement
- We have hired a web developer to continue working on the front-end, the cost is mostly going towards this.
- The main development areas are the new website, decentralized mixing efforts and getting all of the above features properly and cleanly implemented.
- As promised in the last proposal support and hosting costs will be covered by us till the end of the year. However if there is no interest by the Dash community for our ongoing efforts some features will be put on ice till 2020 when we have more time to reevaluate.
Show full description ...
Discussion: Should we fund this proposal?
Submit comment
No comments so far?
Be the first to start the discussion! |
MyDashWallet Continued Development by DeltaEngine
https://beta.dashwatch.org/r/NOV19/mydashwallet-continued-development
About the new proposal, I would like to know if you could enter BIP-47 Bitcoin so that a user can use this feature very easily.
About BIP-47: Reusable payment codes:
Payment codes are a technique for creating permanent addresses that can be reused and publicly associated with a real-life identity without creating a loss of financial privacy.
https://bitcointalk.org/index.php?topic=1095800.0
https://paynym.is/about
I consider it ->>very important<<-, since it allows NGOs and other institutions to publish a unique donation address with Dash, with a degree of privacy without using privatesend. Thank you.
You told me that you would study it. Since it is not difficult to implement it.
akhavr (proposal owner): Thanks, we will definitely check it.
--------
In what situation is the development?
Will it be possible to see it soon in MyDashWallet?
Thank You
The new site will be updated shortly and we focus on things that are actually used, many of the features from the old website were not really used or needed and more of an experiment. but you never know which things catch on and which are not really used after a few months (like the chat feature or some of the early planned features for twitter and email tipping, almost no one uses it, while telegram and discord are still strong).
Splawik also noticed an issue with /Redeem links, which is now fixed (mostly importantly for Twitter tips, but also useful for Discord, Telegram and Reddit private account links)
https://i.imgur.com/KTfjIW8.png
For example just 1 line of code would have to change to support this qr api instead (or any other): http://goqr.me/api/
If you also changed the analytics from google analytics to something self hosted like matomo then no data would be shared with third parties.
for the no voters: if there is anything we can improve or if you really dislike mydashwallet or ongoing development, let us know so we don't waste everyones time.
About BIP-47: Reusable payment codes:
Payment codes are a technique for creating permanent addresses that can be reused and publicly associated with a real-life identity without creating a loss of financial privacy.
https://bitcointalk.org/index.php?topic=1095800.0
https://paynym.is/about
I consider it very important, since it allows NGOs and other institutions to publish a unique donation address with Dash, with a degree of privacy without using privatesend. Thank you.
Question is what exactly you need, your hd wallet would always automatically create a new receive address if any funds get to the current receive address. The bip 47 standard is quite easy to implement into a hd wallet, but I haven't seen it exposed in the trezor or ledger api, without integration by them I don't think it is possible as only the xpubkey is know and exposed and not enough the way bip 47 or 75 works, just read this article from 2016 to refresh my memory, but bitcoin integration and especially hardware wallets are pretty slow to add these advanced features: https://coinjournal.net/bip-47-vs-bip-75-will-bitcoin-wallets-maintain-privacy-becoming-easier-use/
A far simpler solution would be to integrate hd wallet into the social accounts (email, discord, telegram, twitter, reddit) by providing a new fresh receive address any time funds arrive, which is already on our roadmap and planned once all new website features are done later this year.
Hope this helps, let me know if you have more details to discuss this. This is the api used on https://MyDashWallet.org : https://github.com/trezor/connect