Closed jenbennings closed 9 years ago
@jenbennings it came up in my conversation with @javgh: our geo API is now open, meaning that anyone can upload their user data, so it can potentially be dangerous for users. For example, if I'm sending money to you, we are about to use waggle. @javgh happens to be nearby. He sees it happening, he quickly changes his name to be Ben and my waggle picks up the fake Ben first, I could be sending money to @javgh instead of you without me knowing it.
How can I know for sure that I'm indeed sending money to you? Once I select a user found on waggle, the address gets pre-populated in send form. We should remind users to double check that the populated address matches Ben's receive address before sending. That would be some copywriting I'd propose we add, unless you have better UX solution :)
Kind of why I proposed a "custom message" a while ago for sending via waggle, rather than just a name and email that can easily be spoofed.
Guessing/knowing someone's name vs. guessing the custom message, I have trouble asserting with confidence which one is easier. Also, would the custom message be one-time use or can be repeated?
In the interests of security I'd say one time (force them to write something even if it's just random characters). This might be too much of an extra barrier though, and maybe just asking them to double check the address is easier.
+1 for s/could/will/.
@mattatgit I like most of the suggestions here, let's incorporate into Hive 2.0.
@w yep, already have (copywriting for initial seed phrase handling at least). Re having a message in waggle etc – seems like an edge case, given that for anyone using mobile apps, the QR scan is faster & more secure. Waggle is already kind of a slow process, i don't think slowing it down further is such a great idea.
I will handle interface copywriting edits in the lead up to the beta release. If you find any grammatical errors, typos, or have any general suggestions—please put them here.
To-do: