Legedric / ptmagic

Magic addon for Profit Trailer cryptocurrency trading bot.
Other
209 stars 32 forks source link

Is PTMAGIC stealing your API KEYS and wiping Your Acccounts? #18

Closed toneking closed 6 years ago

toneking commented 6 years ago

"https://github.com/Legedric/ptmagic STAY AWAY FROM THIS - Its a rip off of PT TRACKER and PT FEEDER that could steal your API KEYS and Wipe Your Accounts. YOU'VE BEEN WARNED"

This was posted in a Dischord channel. Can you clarify your position to this claim?

Thanks, P

Legedric commented 6 years ago

Yes I am happy to clarify.

In theory, PT magic has access to the same files, settings and whatever else that Profit Trailer, PT Tracker, PT Feeder and every other software you install or simply run on your computer has. So being careful is of course advisable, no matter what software you are using.

PT Magic was developed by myself and a working collegue of mine (both being software developers) with the simple intention to build a more complete addon to Profit Trailer than currently existing and without the need for just us two to spend any additional money.

Somewhere during the development we decided to not just develop this addon for us two only, but to make it available to the public for free. In fact, I even used my real name to register a domain for this project etc. So why on earth should we do something so stupid to steal from others making it possible to sue the crap out of us?

We do understand that some people (especially the devs behin the other named two addons) are upset now that we jump right into this "game" and give away something for free - especially when we provide similar functions as they do (or even more, just for free).

We also do understand that there may be skepsis about our tool, but please be aware that only because our tool is free and others are asking to pay them upfront, that other tools (even like the named ones here) will not steal your things with a future update (not saying they will, just building an example here). And just btw, their source code is also close and not being given away (correct me if I am wrong)

Having that said, I can assure everyone that PT Magic is NOT accessing any personal API key. In fact, it does not use ANY API key to build the data as it only uses the public APIs of Bittrex, Binance etc.

May I ask in which community channel this was posted? Maybe we can arrange a chat with the owners to clarify somtehing or give them a rundown through our code if they are capable of judging it (meaning: being developers themselves).

Legedric commented 6 years ago

PS: I changed the title to make it more obvious that this is an actual question.

If you have any further questions or concerns, feel free to ask.

CryptoFace1 commented 6 years ago

Your link was posted on my youtube channel which has 3k subs from PT. Id love to set up a meeting we can record on the Tube.

toneking commented 6 years ago

This is what I posted on their site before your answer. As my instincts were that someone's biz was being threatened. was posted on #crypto-crow-chat " toneking - Today at 10:22 AM Is there an article that has API keys being stolen? or PT & PTF being threatened by competition? Does PT Magic do it better? is it smarter?"

Legedric commented 6 years ago

@CryptoFace1 Link your YT channel here and I will contact you via YT to arrange a meeting.

innerpartycolt commented 6 years ago

Nothing can steal/withdraw your funds via API unless 1) you EXPLICITLY give your API keys the permission to do that 2) the software you are using is actually trying to do that.

So EVEN IF ptmagic would try to do that, your API permissions wouldn't allow that. Every major exchange has this functionality.

To me it looks like devs of PTFeeder/PTwhatever are trying to tank PTMagic because it's free.

@Legedric please don't let this reconsider your choice to share this work with general public. You and your friend are doing a great thing here.

CryptoFace1 commented 6 years ago

https://www.youtube.com/channel/UCnpL_SpKLZpwAAIWmWpCIzQ

TwixRaider commented 6 years ago

Additional there may be some users of other tools that are upset/disappointed that they just payed money for a tool that others now get for free. This reaction is totally understandable. Nevertheless the conclusions regarding the API keys are unlogical as @innerpartycolt explained in his post.

Oh, and PT Magic may seem to unexperienced users like a RIP of the other tools because we are using the same HTML Template: https://themeforest.net/item/ubold-responsive-web-app-kit/13489470

CryptoFace1 commented 6 years ago

When devs and people on the good side of the crypto community do something to help others, we want them to be recognized 100%. Im on the good side, im sure you are too

planetofzog commented 6 years ago

I asked about it in the CryptoGnome discord and considering i'd found them to be really helpful before and generally good guys I was a little taken aback by the snotty replies I was given. They just mumbled something like unsafe/untested without giving a proper explanation. I did wonder if this was just a free 'competitor' thing because you were trampling on their patch. I mean if they've got nice affiliate link revenue for PT feeder, they may feel threatened. Who knows.

JB, who is part of cryptognome then on a video expanded on it a little and was more fair in his explanation. He said they were dubious about PT Magic because you wouldn't release any code and you seemed to have used a fair bit of code that is other peoples work, specifically feeder and these were red flags 7:32 in this video https://www.youtube.com/watch?v=yXeruZ2_XvA&t

Would like if you could respond to some of those criticisms thanks. Please don't take this as an endorsement of their views, it is natural for people to wary at first.

Arararararagi commented 6 years ago

JB, who is part of cryptognome then on a video expanded on it a little and was more fair in his explanation. He said they were dubious about PT Magic because you wouldn't release any code and you seemed to have used a fair bit of code that is other peoples work, specifically feeder and these were red flags

That's weird. AFAIK, Feeder is also closed source... And so is PT itself. So, some things can be closed source, and other can't because the boogieman will eat the API keys?

Just a random comment from a random guy.

BaGRoS commented 6 years ago

But with API key can setup for buy any pair... Somebody buy coins at price one satoshi and sell at one thousand, after using API start buying with every single account...

Zombato commented 6 years ago

Somebody buy coins at price one satoshi and sell at one thousand, after using API start buying with every single account... You're not alone on the market. Other bots will buy before you do.

Legedric commented 6 years ago

JB, who is part of cryptognome then on a video expanded on it a little and was more fair in his explanation. He said they were dubious about PT Magic because you wouldn't release any code and you seemed to have used a fair bit of code that is other peoples work, specifically feeder and these were red flags 7:32 in this video

Ok so let me ellaborate on this:

  1. Our project is not open source, that's correct. However, I already stated in this issue thread here that we may give someone (who understand coding) a rundown in a web session or something like that.
  2. PT Magic does change Profit Trailer's settings based on market trends. This is something that looks similar to what PT Feeder does.

    However, we built everything from scratch and did not have any access to any "code" from other projects (how should we? PTF is close source just as our project is). We built this project totally with our own ideas which you may also see from just looking at the settings.

    For example, PT Magic is allowing you to freely configure any market trend from different platforms with different timeframes. I do not know much about Feeder but I saw a video at sometime and I think it only allows one short and one long timeframe?

    Another example is, that PT Magic is taking Profit Trailer's original variable names like "ALL_min_buy_volume" to change the settings. I think I saw PTF is using own values there, correct?

    Regarding JB's DCA calculator, yes, his DCA calculator was an inspiration to build this into the project. So I used his calculator back when it still was a simple excel file and had only the simple calculation in it. So to be fair, his calculator is not something he invented, it is simple math and many others are doing it. In fact, I know that he extened his very own version by the DCA COST CHART taking it from here:
    https://docs.google.com/spreadsheets/d/1XFeBuZF1v-S1QrUlTaOhnjtZnDnV7eDtiZROURpKjU4/edit#gid=0
    I do not see where he mentions somewhere he took that from AltBoy. So in his video he is complaining about me not contacting him about doing my very own math, developing source code into our project (which I could hardly take from a Google Spreadsheet, right?) without contacting him first?
    Sorry but if anything, we took some inspiration from a free tool and built another free tool. So where is the part where we take benefit of something like this?
    JB contacted me on saturday, saying that he like what we've done so far, especially the DCA sestion wink. Nothing about that he is upset or something, which sounds way different in his video now.
    I just said to him that I used his DCA calc back when it was an Excel file and we took it as an inspiration to build it into PT Magic. I also said that whenever we add a credits page to the project, we may add his name - just because why not.

Arararararagi commented 6 years ago

Would you consider open source the project? It would allow for collaborative development, potentially calm those who are genuinely worried, and destroy the arguments of others.

CryptoFace1 commented 6 years ago

Legedric Message me buddy! I like your responses, youve done a brave thing and stepped into the nest of opening a creation to the public. The lynch mob is part of that public, especially in crypto. Reach out to me asap! Time goes by fast. Im teetering from Magic and Feeder so id suggest you reach out to me i can potentially showcase your project.

toneking commented 6 years ago

Many people will appreciate you willing to share your hard work with the community and please do not get discouraged by some who may not have thought the whole equation through.

just posted this on the Crypto Crow site

toneking

If their (PT Magic) product helps motivate PT Feeder to implement more feature quicker because now they have some competition then that will be a win for everyone who owns it. Does the PT Feeder team really believe their code is being used then they should be the ones voicing that? Can they also tell us that they were the first to bring the idea of a feeder to a trading platform and that the idea didn't exist before they had it? I can assure Wall Street has spent a fortune on these concepts. You might as well call Profit Trailer out for stealing its ideas from others. You are happy to pay once with ProfitTrailer instead of monthly like Hassbot and many others do. That is considered a win by many so why isn't free also considered a win? We should applaud Legedric for offering up his hard work for free and most of us thankful for Crypto Crow tireless assault on cracking the Crypto codes to wealth.

Competition is good and competing against free is tough unless you do it way better and have more features and we are business people and ultimately we care about our bottom line so we would be happy to pay a price for things that will give us more money or time!

Disclaimer: I do not use either at the moment but have been researching all the competition and prices for a while."

Legedric commented 6 years ago

Thank you all for your comments and we are still looking forward to answer any question and we will of course keep moving our project forward.

@Arararararagi Please see #36 where we are discussing why this is not an open source project at the moment.

CryptoGnome commented 6 years ago

We had a good chat yesterday, and I just wanted to chime in here and say what alot of us are probably thinking. Also all the drama in our discord is because we are concerned and generally don't trust others intentions. we have caused is going

WE ALL LOVE FREE TOOLS.

This project looks great, and uses alot of other things for inspiration, which is debatable but can be overlooked because what's done is done and I am not going to comment on these matters anymore in the future.

This first flag we had is both of you are new to Github.

Our second Flag is: If your real intentions are to give away a free tool and support the community, why not just release the source code on git?

You say you have no future plans to monetize this project and that other projects are not releasing their code and that is because they have to protect their projects from getting ripped off because the money they charge helps them support and develop it further.

This is my public call out to you, if you are truly hooking us up with a cool tool.... just release the source code and end the debate!

Also thanks for being open to the responses here. Gnome

jbhitman commented 6 years ago

I don't have time to be involved in drama, but I am 100% in agreement with Gnome's comment above. My opinions expressed on my videos are my own, and I say multiple times that people need to make their own choices on what products they use, especially when it comes to things dealing directly with their money. I am not an expert in this realm of crypto bot trading, again, as I state many times in my videos. My opinions could be and sometimes are wrong, Ultimately, people should use products they have reason to trust....and for me, that trust has to be gained. But to each his own.

Legedric commented 6 years ago

@CryptoGnome @jbhitman Thank you for coming here joining the discussion.

As I have to get back to my family I will answer some points very briefly:

  1. We are new on GitHub, yes. But I already developed, released and am still hosting a project called http://www.eve-skillplan.net with more than 25k registered users using over 31k API keys of them since 2014 for a game called EVE-Online. No, that doesn't make PT Magic necessarily safer to be fair, but it shows that we do not just release projects like PT Magic for the first time.
  2. We will not open the source right now. We may reconsider this anytime in the future but we will not do it. But again, if anyone is willing and capable of judge the code, I will give him or her a full overview in a web session explaining every single line if necessary.
Zombato commented 6 years ago

1) Commercial, closed-source, just a few soft pieces released, but have referrals for some gain - OK, can be trusted. 2) Free, closed-source, have no previous soft release, have no referrals - not OK, can't be trusted.

L for Logic.

I didn't see any of you (Crypto Gnome, JB, Crypto Crow) asking the same trust questions about PTF or PTT. Was it only cause those were gifted to you along with ref links? Why don't you ask PTF/PTT authors to release their sources? Why Legedric has to release his only on free software basis? He has the right to have the same fears about stolen code/whatever, as commercial soft authors.

As for me, I don't use PTM yet, I'm using PTF. But seeing all this bullying is just awful. Especially I'm disappointed with CG behaviour, cause his free settings and constant progress reports is what I'm really like PT community in general. I can't believe it's the same person. One one hand he shares his experience for free, and on the other he blames the authors of PTM for some trust issues, which aren't even proven.

jamesblackjr commented 6 years ago

I am happy to see this project, it looks like a great project. It's FREE, but I understand why that makes the people above nervous. They paid hundreds of dollars for similar products, and it's clear that there are some supporters of those products trying to cry foul. However, I'm here to extend some support. I setup PT Magic on my Linux VPS and I have noticed the wiki was lacking a few things. It is working very well, I do have a few suggestions for the Monitor. If you would like, I can help fill in some gaps on the Linux/Mac side.

innerpartycolt commented 6 years ago

@CryptoGnome let's see.

1) using public API to gather data; 2) temporary store data; 3) add a bunch of if/else to do X if number is A or Y if number is B; 4) rewrite config; 5) ... 6) profit!

and just as a nice touch:

  1. add a web UI (using a free theme) to visualize the whole process.

This pattern is so common and easy to implement, there is no real need for addons. Yet we see a team who are willing to bring this to a new level and they share their work for free.

Now, how can you say such a pathetic thing?

screen shot 2018-02-19 at 21 15 57

It's sounds almost like you give your permission for PT Magic to exist. Not cool, sir. Not cool.

@CryptoGnome, @jbhitman, Crow and any other crypto celebrities, especially ones suffering from a heavy form of affiliate marketing: Gents, you call PT Magic a scam on your channels, yet 1) you present no proofs; 2) you come here to end a discussion with something like 'everyone has their own opinions', but you are the ones spreading the 'drama' in the first place. Do you realize how your passive-aggressive attitude is speaking volumes? No need to be toxic.

PS I simplified the algorithm in the beginning of my comment, but the idea is there.

TwixRaider commented 6 years ago

@jamesblackjr We would be glad if you could help us out with the Linux/Mac stuff, yes!

And of course any suggestions are more than welcome. Just open some issues for that and label them as "enhancement"

RichardLuo0506 commented 6 years ago

innerpartycolt commented an hour ago @CryptoGnome let's see.

using public API to gather data; temporary store data; add a bunch of if/else to do X if number is A or Y if number is B; rewrite config; ... profit! and just as a nice touch:

  1. add a web UI (using a free theme) to visualize the whole process.

This pattern is so common and easy to implement, there is no real need for addons. Yet we see a team who are willing to bring this to a new level and they share their work for free.

Now, how can you say such a pathetic thing?

It's sounds almost like you give your permission for PT Magic to exist. Not cool, sir. Not cool.

@CryptoGnome, @jbhitman, Crow and any other crypto celebrities, especially ones suffering from a heavy form of affiliate marketing: Gents, you call PT Magic a scam on your channels, yet 1) you present no proofs; 2) you come here to end a discussion with something like 'everyone has their own opinions', but you are the ones spreading the 'drama' in the first place. Do you realize how your passive-aggressive attitude is speaking volumes? No need to be toxic.

PS I simplified the algorithm in the beginning of my comment, but the idea is there.

So "API calls" + "filewriter" needs secret code and anonymous Github because?

Zombato commented 6 years ago

And how exactly would you call exchange API w/o a secret key?

PTF in example, also requires those keys for the same reason.

jbhitman commented 6 years ago

@innerpartycolt I suggest you take a look at your own words and accusations. If you want to know my exact feelings about PTMagic have a look here: https://youtu.be/EiV-7VrM8xQ about 30 min in. If you feel like I'm calling PT Magic a "scam", and spreading "Drama" then you have a very strange concept of those terms.

innerpartycolt commented 6 years ago

@Zombato

https://api.binance.com/api/v1/ticker/24hr It's a list of objects formatted in JSON

the REST is here: https://github.com/binance-exchange/binance-official-api-docs/blob/master/rest-api.md

But the good 'ol logic is even cooler: there is nothing in the setup guide that suggests you need to provide an API key to PTM ;)

the absence of keys is also the reason why you have to hardcode your balance into the config file.

@RichardLuo0506 There are high level languages, there are low level languages. Some are scripting languages, some are compiled languages. It's a huge topic. Please do the research. I can only point you to these two things: 1) programmers tend to write code in the language they are most comfortable/proficient with; 2) you ask the wrong questions. Please learn programming so we can speak the same language, because everything else have already being said.

@jbhitman in one of your previous videos you claimed that the idea of DCA calculator was directly stolen from you. why change of heart? your sole intent of saying it was to slander PTMin hope to persuade people to buy PTF using your aff link. Now you sound like you're backing off, throwing extra excuses on the way out. While I don't see anything wrong with you making a buck from advertising PTF, I surely don't understand why you have to talk bull about PTM. I'm a lawyer, I know my stuff.

jbhitman commented 6 years ago

@innerpartycolt "I'm a lawyer, I know my stuff." Oh so that explains how you're bending or outright lying about things I've said and putting forth your own view of what was said as truth and fact. To be clear I said he took the idea for the DCA portion of PTM directly from me, and he admitted as much that it was the inspiration for it. Quote: "Legedric: Thanks you JB. I already extended the first dca sheet from you some weeks ago when it still was an Excel file so I implemented it directly into the tool. However, whenever we add a credits page, you will be mentioned" But whatever, Ultimately I hope PTM works out in the end, and if it does, I'll be the first to start using it. :) You do you man. Not going to feed you anymore. 👍

CryptoGnome commented 6 years ago

I made a video on this today after lot's of thought. https://youtu.be/b-OowRD6DM8

hope this clears some things up and I will be watching the project going forward.

cpass78 commented 6 years ago

Why are you all bitching about making it open source. Judging by your own githubs, you wouldn't know what the hell you were looking at even if they did OS it. Only one person here besides the developer and @RichardLuo0506 has a half meaningful Github page So CTFD..

jamesblackjr commented 6 years ago

@cpass78 I am a Lead Developer for a large corporation, but there is very little code in this repo. Most of the code I have worked on is private, just like @RichardLuo0506, I use my GitHub for sample projects/learning new languages. I do understand the reason for keeping the code closed source (though I do prefer open source). I'm happy they released the software at all and it is free.

RichardLuo0506 commented 6 years ago

We all want the community to grow with better tools. But calling us PTF shills for raising security concerns is not helpful, especially when you advocate for something you're not personally using.

Zombato commented 6 years ago

@RichardLuo0506 Did you raise security concerns about PT/PTF/PTT upon their initial releases?

sitespagando commented 6 years ago

Do you know what this is called? If it's called losing money, these guys suck referrals and earn thousands by SELLING PAID TOOLS! and now that a gratuitous one has appeared THAT SO GOOD BY SIGN IT IS ALWAYS CRYING! I hate these guys! say no to those suckers! who win on the backs of their nominees. To the creator of this tool, congratulations to the work! but be careful because these guys are hating you! success for us in PT

Legedric commented 6 years ago

Guys please all chill.

Neither me, nor TwixRaider wants this battle and constant bashing back and forth.

We never said something bad about other people being skeptic or maybe some being even hostile about our project. While we appreciate the support, the writing some are doing here and several people defending our project, we kindly ask everyone to chill down, grab a beer and take a walk around the block.

Thanks!

OatmealTokyo commented 6 years ago

Legedric,

Hi. I am a PT + Feeder user and obviously view/read discords/youtube channels that are related. I actually think the negative comments to your product is extremely unfair. I feel there are alternative motives behind them, you are new competition at no cost to the user. This take food off their table which have a following and in its infancy of their business lifecycle.

Thank you for offering this product. Once my bags clear in PT+Feeder, I will try your product, once I am out of bags, I will make a donation because you guys deserve it. It's almost as if you were better off charging money based on the 'feed back' of your product. Talk about a bunch of jiberish.

To the users who purposely judge this product to higher and different standards than Feeder, shame on your guys, this is how you ruin good intentions. Have an open mind and give this guy a break and a chance (just like you did for PT Feeder and PT. More competition will mean Feeder will also step up their game which is better for the add-on bot market.

Thanks again and I get what you guys are doing. Ignore the spam of BS.

alvinphang commented 6 years ago

I'm a PT owner but not a PT feeder so obviously I am happy PT magic is free.. :P it's very brave and nice that you release the code and coming from a background of over 11 years of doing affiliate marketing... I am sure those bigger names will feel something is wrong on the intentions of the release of this add on for free.. because there is nothing that good that is free :)

While I hope and support PT Magic and the team.. and do not expect the code to be open source and it's their work and we have to respect their work... it only makes the competition thinker further ahead and improve the tools we bought to improve so everyone benefits...

CryptoGnome does influences many people's decision to using PT Magic a not and I do admit his comments did stop me from installing PT Magic :P That is because of his honest concern of sharing his settings to the world to help others profit..

I know the developers of PT Magic do not have to do this.. and I believe they have good intention to help the community of PT users... but to make it solid would be nice if you guys make a video showing your faces and tell the community what are your truth intentions of releasing the code and future plans for it so gives people confident to use what you created and getting more people to support this project and clear all the drama created by others .. haha :)

creakyjoints commented 6 years ago

tell them to stick where the sun dont shine. they thought they were going to make a killing and now there not. sour grapes. you owe them nothing.

Crypto-Cowboy commented 6 years ago

Legedric, I for one enjoy PT Magic very much. The program is not giving me any issues and my account balance has not magically disappeared lol. I understand why paid services want to discredit your project. PT Magic provides more feature than the top 3 paid PT add-ons combined. They feel threatened because when your project grows in popularity their sales will drop. Keep up the good work, you have more support than you think.

HojouFotytu commented 6 years ago

@RichardLuo0506

when you advocate for something you're not personally using.

Like shouting "security risk" or "intellectual property infringement" for something you've not personally used?

Legedric commented 6 years ago

Closing this issue as it is not a "real" issue with the program itself.