Closed tayvano closed 6 years ago
skubakdj
commented
7 years ago Phase 1: Add warning to discourage use: "We strongly discourage the use of private keys, keystore files, and mnemonic phrases. Please use an external signer, like MetaMask or a hardware wallet. It's safer & easier. Switch today ->"
Does this apply to all keystore files or just unencrypted keystore files from earlier versions of MEW? If so, what's the rationale?
Edit -- Probably to make phishing more difficult :wink:
tayvano
commented
7 years ago It's to make phishing more difficult and to teach people that entering their private key on a website is not something they should do. There have been a steadily increasing number of comments—not anything to be concerned about yet—pointing out that MEW has normalized people entering their private keys on websites.
We will never 100% not support keys, just make it a bitch to access via keys if you access them on a regular basis. This will enable folks who want to send from cold storage to do so without encouraging active use of keys. This will hopefully reduce the affect of phishers, but also encourage best-practices in the crypto space generally. It is not expected to make a tangible difference in phishing compromises in the short-term.
wbobeirne
commented
6 years ago I'm closing this issue out in favor of more granular, actionable issues. It's also gone a little stale, a lot of these are done. I think it might be good to have a living document off of GitHub that houses a roadmap like this.
This is not in any order in particular
[ ] Node Status Page
[ ] Making it very, very difficult for people to use raw private keys on MEW
Phase 1: Add warning to discourage use: "We strongly discourage the use of private keys, keystore files, and mnemonic phrases. Please use an external signer, like MetaMask or a hardware wallet. It's safer & easier. Switch today ->"
Phase 2: Gray out radio buttons / selects w/ more forceful version of the above
Phrase 3: Force user to wait 15 seconds before unlocking via private key / keystore file / etc. and read a message
[ ] Scan QR code — transactions, signed transactions, private keys
[ ] EUR / CHF functionality on Swap
[ ] Delayed TXs (Alarm Clock)
[ ] ENS Aftermarket
[ ] Auto-revealing ENS bids
[x] Handle loading of tokens in sidebar better.
[x] Equivalent Balances reflect token balances? Or Token balances have USD / EUR / BTC / ETH equiv. values. Super quick mockup:
[ ] Accepting URI / URL query strings
Adding Custom Node
Sending Transaction
Contracts (?) -- talk to Matt @ etherscan
[ ] ENS - Check validation thoroughly on both bidding on domains and resolving domains
[ ] ENS - Download calendar reminder for bid reveal
[ ] Copy to clipboard button on textareas / inputs
[ ] Anonymous Usage Analytics
[ ] iOS App
[ ] Android App
[ ] Quicktips loading screen. Copy is https://myetherwallet.groovehq.com/knowledge_base/topics/myetherwallets-quicktips-all-the-messages-that-display-as-the-site-loads
Security
[ ] Start HackerOne
[ ] Make page that has bug bounty winners and thanks
[ ] DNS SEC
[ ] Build System / Release Zips / Multifactor deployment
[ ] Copyright headers on all source files
[ ] CLA on pull requests (clahub?)
[ ] Document code review process
New Pages / Functionality
[x] Broadcast / pushTX page (paste signed TX, broadcasts it)
[x] Sign TX page (paste unsigned transaction / QR code, sign it, broadcast it.
[ ] Helpers Page (matches https://www.myetherwallet.com/helpers.html)
[x] Sign Page / Functionality w/ support of all key types: https://www.myetherwallet.com/signmsg.html
Usability / Content / Non-Dev-vy
[x] Team Page
[ ] Careers Page
[ ] User Onboarding improvements -- Different landing page. Walkthru of whats going on.
[ ] Updated disclaimer
[ ] Add Privacy Policy