Feature suggestion: Warning message to non-developers

[dolebas]

Non-developers, with insufficient knowledge of how to use this wallet securely, are continuously using this wallet.

This usage leads to bad press and the spreading of misinformation when funds are lost.

Hence I suggest a warning message empathizing informed usage, with links to relevant credible sources of information.

[NathanHazout]

And what is a recommended wallet?

[dolebas]

I'm only suggesting a warning/security notification inside the wallet. Since the wallet can be installed without the knowledge of how to use it properly, some users may not be aware of the credible and very helpful tutorials that can be trusted. If the wallet itself provides links to trusted sources, there's no question of the sources credibility?

[nazarimilad]

Just a little label "Warning: do not use online seed generators!" above the seed input field would be sufficient but it seems that even this is a too much for the devs.

[dolebas]

[dolebas]

Would a PR be appreciated or what is the rationale for rejecting this feature?

[dolebas]

So the Trinity UCL wallet beta is estimated for April. Meanwhile, new users go to:

iota.org -> GET STARTED -> DOWNLOAD GUI -> https://iota.readme.io/docs/general -> https://github.com/iotaledger/wallet/releases

And nowhere on the way are there any warnings of online seed generators. Naturally, when the clueless user opens the wallet for the first time, he or she will click on the help button, be even more confused and google "iota seed" or similar. The googling will lead to malicious seed generators and yet another user will be fooled.

The number of users that will fall for this until the next official wallet release is increasing every day, and when these users loose their funds they will be angry and reach out on social media.

90% of this can and should be prevented with a strong warning in the wallet (and the docs).

[one-three-three-seven]

There is also no warning or information about the danger of reuse of addresses.

@dolebas I have criticized the same thing in the Discord chat. (With a link to this issue.) The answer from some community members was "It's the fault of the user" or "Trinity will fix this".

The answer from a Foundation Member was "Shared to the wallet devs", but here is still no answer...

It seems to be useless to try helping the project.

[dolebas]

In light of the recent phishing attack on Binance, where "hackers accumulated user account credentials over a long period of time", it is clear that this issue needs to be addressed sooner rather than later.

@Xermio also makes a good point, maybe the address reuse information needs a separate issue?

@atypicalprogrammer , @chrisdukakis and @domschiener , reasonable arguments with regard to this issue would be much appreciated.