Blockstream / green_ios

Blockstream Green Wallet for iOS
GNU General Public License v3.0
124 stars 33 forks source link

[Feature request] Notification of wallet restoration on different device #38

Open 1thales opened 3 years ago

1thales commented 3 years ago

Description

Would it be possible to get a notification whenever seed is used to restore 2of2 wallet? Would be a useful security measure to warn users that somebody got hold of the seed and trying to steal funds.

jgriffiths commented 3 years ago

Hi @1thales,

Assuming you mean allowing notification even when not logged in at the time that another device is used, then this would require the backend server to track your login/device activity in order to notify you. We currently do not track or store your login details (time of login, IP address etc) due to our commitment to user privacy.

If you enable sms, voice, email or telegram 2fa on your wallet, then any attempt to move coins by someone with access to your mnemonic will result in a 2fa message to you. If you receive a 2fa message that you did not initiate, you can be certain that your mnemonic has been compromised. Enabling 2fa will ensure that the risk to your wallet is minimised in the event soeone does get your mnemonic; your privacy would be compromised but not your coins (provided you keep your 2fa secure and separate from the wallet device). Hope this helps.

1thales commented 3 years ago

@jgriffiths thanks for your reply. That is all known to me. My point is that, in theory, if an attacker already got my mnemonic and entered it into Green 2of2, they probably already know that they do not have the 2fa yet and would not attempt a transaction. They probably restored the wallet to get info about what 2fa I am using and whether it is worth it to try to compromise my 2fa.

By having a notification ( email or sms ...) I would know that my mnemonic ( and at least my privacy) is compromised and I would have time to move my funds to a new wallet and do other security measures . Is that possible in theory?

BTW, right now I get an email notification that i received funds even though I deactivated my email 2fa which is fine to me.

jgriffiths commented 3 years ago

BTW, right now I get an email notification that i received funds even though I deactivated my email 2fa which is fine to me.

Email notifications are separate from 2fa, used for tx notifications and nlocktime emails. You should be able to disable these from settings if you wish.

Is that possible in theory?

As above, the only way to implement what you asked for would be to store login data in violation of our privacy principles.

However, we could potentially add a login notification that just sends an email whenever you log in, as this would not require us to store any data. You could then know that your mnemonic is compromised if you receive an unexpected login email. Would that work for your purposes?

1thales commented 3 years ago

Email notifications are separate from 2fa, used for tx notifications and nlocktime emails. You should be able to disable these from settings if you wish.

Couldn't find this notification settings on iOS. Is it the same as "Recovery Transaction"? I also don't have the telegram option.

However, we could potentially add a login notification that just sends an email whenever you log in, as this would not require us to store any data. You could then know that your mnemonic is compromised if you receive an unexpected login email. Would that work for your purposes?

That would absolutely work for me!

Thanks a lot @jgriffiths

jgriffiths commented 3 years ago

Couldn't find this notification settings on iOS. Is it the same as "Recovery Transaction"?

I'm not actually familiar with the iOS UX, since I work on the backend library gdk used by the wallets. Can I suggest you contact support via email or on the telegram chat if you have questions about these settings?

I also don't have the telegram option.

This may only be available on the desktop at present, as its a new 2fa method we are rolling it out gradually to ensure its reliability. It will also only show when another 2fa method is already enabled.

That would absolutely work for me!

I've raised an internal issue for us to track this, we can't promise an ETA but it seems like a useful feature with no downsides so should have no problems get scheduled in the near term.