Jump to content
peanut56

putting xrp in in escrow: Legit (?)

Recommended Posts

     I know some people have asked how to do this.I'm not sure if this is legit, if it works, and am not responsible if you use it. Someone with more technical knowledge and skill could steer you or me in the  right direction. https://www.secureblockchains.com/ . If the company is legit then I hope it helps.

Share this post


Link to post
Share on other sites

Have got a Harbor wallet precisely because of the Escrow feature. Appears to be quite easy to use. Just like the OP, I too am unsure how legit the company is. Waiting to hear some positive feedback before using it myself. I believe we have had some posters recently talking about having used the Escrow so let's hope they chime in.

Share this post


Link to post
Share on other sites

Harbor wallet is not open source and for that reason many will not use it.

It does have some neat features that are worth paying for but you have no guarantee that the closed source part of their implementation can't be hacked.

It's your money so if you trust them, go for it.

Share this post


Link to post
Share on other sites
12 minutes ago, n2it said:

Harbor wallet is not open source and for that reason many will not use it.

It does have some neat features that are worth paying for but you have no guarantee that the closed source part of their implementation can't be hacked.

It's your money so if you trust them, go for it.

Does labeling something open source mean it cant be hacked? Does the open source nature of Toast mean that they can't include some function that steals your secret or funds? I have 100% confidence in the Toast team and KNOW they wouldn't do that, however the open sourced nature of their code has nothing to do with that confidence. Our code can easily be decompiled and analyzed by someone with technical skill to confirm that the software doesn't operate in a malicious way. SBC has the goal of becoming the industry leader in creating solutions for businesses and consumers based on the XRPL technology. If we meet these goals and XRP reaches mass adoption, our anticipated revenue would likely be thousands of times larger than the balances of all Harbor users combined. (Though we have no idea what Harbor users balances are, Im basing this off of the ledgers average wallet balance) If we included malicious code, that would ruin our credibility and ensure we can never reach those goals. It would be like Jeff Bezos stealing credit card numbers from customers in the first year of building Amazon. It just doesn't make sense. Furthermore, we are a registered US based based business. The names of the founders are plainly visible on our homepage and information about our business is available via public records search. If we stole customers funds or did something that caused harm to customers, it would be REALLY easy to find us and take us to court.

We don't distribute Harbor as open source because:

1) We want to control how our code is modified and distributed.

2) We don't want cheap clones of our software on the market created by others wishing to profit from our work.

3) We are a for-profit business, it would be easy to strip the fee collection functionality from the wallet and if it was open source you would have the right to do so. We are a small development team of 2, funding SBC primarily with income from our "Day Jobs".

Share this post


Link to post
Share on other sites

@SBC-Daniel You're right in a narrow sense that Open Source can also be hacked, but only at the executable level. Open Source code gets reviewed at the source code level by more eyes and is generally seen as more secure.

I'm not bashing your software, as I am a former developer myself of software that was sold rather than given away free. So I know what you're up against.

Wish you good luck, but just pointing out the market you're in has it's own challenges.

Share this post


Link to post
Share on other sites
45 minutes ago, n2it said:

Open Source code gets reviewed at the source code level by more eyes and is generally seen as more secure.

The code only gets reviewed by more eyes if there is a capable and interested party to do so. Furthermore, unless there is a public repository of these 3rd party audits for the layperson to check, how would anyone know that there is or isn't something malicious in that code? I believe the common consensus that it is more secure because it is open source is a false sense of security because of the aforementioned lack of interest from developers. We have had countless people complain about our software being closed source, but we have yet to have anyone ask to see the code. (We have offered)

I recognize the challenges closed source software faces in this community, it is probably our largest obstacle in penetrating this market. I am confident that if "ABC Company" made "ABC Wallet" and labeled it open source... it would gain traction much faster than if they released a closed source version. I am also confident that if ABC Company included malicious code in the open source software, no one would catch it. There doesn't seem to be actual interest in reviewing the code or contributing to the codebase, just the interest in the title "open source".

Share this post


Link to post
Share on other sites
Guest
4 hours ago, SBC-Daniel said:

The code only gets reviewed by more eyes if there is a capable and interested party to do so. Furthermore, unless there is a public repository of these 3rd party audits for the layperson to check, how would anyone know that there is or isn't something malicious in that code? I believe the common consensus that it is more secure because it is open source is a false sense of security because of the aforementioned lack of interest from developers. We have had countless people complain about our software being closed source, but we have yet to have anyone ask to see the code. (We have offered)

I recognize the challenges closed source software faces in this community, it is probably our largest obstacle in penetrating this market. I am confident that if "ABC Company" made "ABC Wallet" and labeled it open source... it would gain traction much faster than if they released a closed source version. I am also confident that if ABC Company included malicious code in the open source software, no one would catch it. There doesn't seem to be actual interest in reviewing the code or contributing to the codebase, just the interest in the title "open source".

Are there any companies which audit software code?

Share this post


Link to post
Share on other sites

@SBC-Daniel Could you explain from a technical point of view how you implement price-based escrow? Is it proprietary code running on your own servers? Or use smart contracts in some way?

Share this post


Link to post
Share on other sites
12 hours ago, whitefanng said:

Are there any companies which audit software code?

There are companies that do just that. If they provide services and have adequate knowledge of XRP ledger functions is another question. We haven't done any research into it as I'm sure it would be quite expensive and it would need to be done every time we release an update to provide complete assurances. (The same audits would need to be performed on any software, open source or closed source, to gain the same level of assurances)

I also wouldn't personally trust an audit that was paid for by the company being audited. That's a blatant conflict of interest. I once read a scientific paper describing how Coke has exactly the same hydrating properties as water. (The paper and the underlying experiments were funded by Coke) If someone in the community would like to hire a software auditor to inspect our code and report on it, we would gladly provide them uninhibited access to the entire codebase.

Share this post


Link to post
Share on other sites
On 7/30/2018 at 9:26 AM, at3n said:

@SBC-Daniel Could you explain from a technical point of view how you implement price-based escrow? Is it proprietary code running on your own servers? Or use smart contracts in some way?

It is a smart contract that monitors the price of XRP across several major exchanges and executes the release command based on your selected parameters. It's automated, immune from external human influence, and decentralized. We are seeking patent protection for the process so I cannot go into any more detail at the moment without invalidating the patent request. Once we reach the "patent pending" stage, I would be happy to provide a complete rundown of the process.

Edited by SBC-Daniel
Clarification

Share this post


Link to post
Share on other sites

Loving the Harbor wallet so far, but the only thing I don't like about the Escrow feature is having to release it with a password once the date condition is met.

I'd like to set up some Escrow contracts up to send my god daughter XRP every year on her birthday but I have to release it with a password/file this is not going to work.

Share this post


Link to post
Share on other sites
2 hours ago, ChavasRegal said:

Loving the Harbor wallet so far, but the only thing I don't like about the Escrow feature is having to release it with a password once the date condition is met.

I'd like to set up some Escrow contracts up to send my god daughter XRP every year on her birthday but I have to release it with a password/file this is not going to work.

Thanks for your feedback, I’m glad your enjoying the wallet so far.

XRPL Escrows don’t automatically release at a certain time. Either an escrowCancel or an escrowFinish command must be sent by someone to change the status of escrowed funds.

We could build a smart contract that automatically releases escrows for users that wish to delegate this responsibility to someone else but it would require CPU power that costs money. Would you be willing to pay a modest fee for this feature? Perhaps 1-2XRP? Releasing funds from escrow yourself is free. 

Share this post


Link to post
Share on other sites
13 hours ago, SBC-Daniel said:

It is a smart contract that monitors the price of XRP across several major exchanges and executes the release command based on your selected parameters. It's automated, immune from influence by humans, and decentralized. We are seeking patent protection for the process so I cannot go into any more detail at the moment without invalidating the patent request. Once we reach the "patent pending" stage, I would be happy to provide a complete rundown of the process.

That’s pretty interesting. Without divulging any information you’re seeking to patent  can you answer the following questions:

1) Does the smart contract run on an existing platform like Codius or Ethereum?

2) When you say the contract is immune from influence by humans (upto human influence over pricing, of course) does that imply that the contract code cannot be updated? 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...