Closed CryptoGrampy closed 2 years ago
Thanks. I've had a skim of that issue and will continue to monitor.
Wiki amended: https://github.com/monero-ecosystem/PiNode-XMR/wiki/Monero-LWS-Install-and-Use/3002e90491fe096d80fbf812353b28cd78c36390
With the latest updates, we have resolved the leaking of view keys to the server. The only exception currently is the iOS app in beta has the fixes and not the older app in the store. This should change in about a week.
Originally the code sent a request with the critical info on every keypress. We have changed that to now send a blank request for each keypress and check if the response is an expected error, and after the user clicks save, it will then update the app to use the new URL and send the view key. If the URL is incorrect, the app will not fall back to using the mymonero API.
Thanks for the changes. I left this open for a little longer should anything else pop up related to it. Nothing heard. Closing.
Issues are described towards the end here: https://github.com/vtnerd/monero-lws/pull/30 . Basically, when you're setting your custom server field in MyMonero, it will send an API request to the MyMonero server with your view key... Not a very nice thing. Please add a warning to the LWS readme until these issues are resolved.