Feature request: user-friendly import/export profile

HelloZeroNet / ZeroNet

ZeroNet - Decentralized websites using Bitcoin crypto and BitTorrent network

https://zeronet.io

Other

18.39k stars 2.27k forks source link

Feature request: user-friendly import/export profile #323

Open iShift opened 8 years ago

iShift commented 8 years ago

With key and sites: On ZeroHello we can have button import/export

HelloZeroNet commented 8 years ago

I dont really want to expose the private keys to webui.

TheNain38 commented 8 years ago

If there was a vulnerability in webUI, then it would be to easy to grab the private keys, this isn't a really good idea...

iShift commented 8 years ago

but in the future we need that - for example - if you have zero on phone and you want your profile on it.

HelloZeroNet commented 8 years ago

In that case it can be implemented in the mobile app.

krlf commented 8 years ago

Does it mean new key (and mail) for the phone?

iShift commented 8 years ago

but what about transfer? qrcode?

mancvso commented 8 years ago

Exposing qrcode has just the same vulnerabilities.

Another option could be wrapping the keys in an downloadable-encrypted file with a temporary password the user would choose just in time. But that would bring unnecessary complexity.

The transference should never be trough web ui.

OliverCole commented 8 years ago

Perhaps this would be possible by standing up a server on another port number just for serving this data - wouldn't that fail same origin policy?

HelloZeroNet commented 8 years ago

A bad browser plugin would able to stole it from the another port.

krlf commented 8 years ago

a malware can do the same under the windows

HelloZeroNet commented 8 years ago

Sure, but we should minimize the attack vectors

wigy-opensource-developer commented 8 years ago

Backing up your private keys to an off-line storage or to paper should be easy for site administrators. If it is not possible to do it using the WebUI, it should be easy to do using the ZeroNet client user interface. BIP39 makes paper storage easy. We would need password authentication for accessing the private key (#384) as a prerequisite for this issue.

rllola commented 8 years ago

+1 for BIP39 from cli for backup purpose.

ghost commented 7 years ago

+1 for cli, sending passwords across browser should be avoided IMO

slrslr commented 6 years ago

Hi, thought it may be helpful if Zeronet has some built in automatic backuper of the important files (users.json) because identity is important and not everyone is technically skilled or aware of the importance to backup certain file and also somehow automate the job.

For example if ZeroNet inform user how important is to backup users.json, ask him to define backup location and do the automated backups periodically. (on each start, etc.) filename would be example: Zeronet_user_profilebackup(keep_private)_12.12.2018.backup

then when user reinstall PC, Zeronet upon first-time start (missing or raw users.json) will ask user if he want to import identity backup. Preferably if user can see details of each identity backup like number of follows/subscribbed topics,

danimesq commented 6 years ago

In case of malwares, for extra security layer, ZeroNet could have a mode to not store user seed (but their data) and ask for login on every ZN startup

danimesq commented 6 years ago

@HelloZeroNet @shortcutme

Thunder33345 commented 6 years ago

a malware could infect zeronet as it starts...