* [Bitcoin-development] Fees UI warning @ 2013-12-16 10:13 Drak 2013-12-16 10:46 ` Jim ` (2 more replies) 0 siblings, 3 replies; 11+ messages in thread From: Drak @ 2013-12-16 10:13 UTC (permalink / raw) To: Bitcoin Dev [-- Attachment #1: Type: text/plain, Size: 1040 bytes --] Not sure if this is the right place, but since a few wallet authors congregate here I though it might be the best place. It seems every once in a while you see stories of people accidentally paying huge fees. Today I read about a man who paid a 20.14BTC fee for a 0.05 BTC transaction[1], oops. There was another recently where someone paid a fee of about 200BTC which fortunately the pool operator refunded. It just occurs to me this kind of sad story could be averted if wallets implemented a confirmation box if the fee amount seems crazy - for example, if it's >10x what the default fee should be, or if it's greater than x% of the sending amount. "the fee seems unusually high, are you really sure you want to pay X in fees?" I realise the exact details of this might need to be fleshed out given we want flexible fees, but it should be pretty simple to agree with what looks like an unusually large fee according to the going rate. Drak [1] http://www.reddit.com/r/Bitcoin/comments/1syu3h/i_lost_all_my_bitcoins_in_an_erroneous/ [-- Attachment #2: Type: text/html, Size: 1328 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bitcoin-development] Fees UI warning 2013-12-16 10:13 [Bitcoin-development] Fees UI warning Drak @ 2013-12-16 10:46 ` Jim 2013-12-16 11:08 ` Drak ` (2 more replies) 2013-12-16 11:27 ` Wladimir 2013-12-16 18:28 ` Mike Hearn 2 siblings, 3 replies; 11+ messages in thread From: Jim @ 2013-12-16 10:46 UTC (permalink / raw) To: bitcoin-development Yes I saw that on reddit too. I think it applies mainly to custom transactions rather than where fees are calculated automatically. Another variant of not understanding change that loses people's bitcoins I have encountered is: 1) Import a private key of a brainwallet/ paper wallet. 2) Send a small amount of bitcoin from that key. 3) The user then secure deletes all copies of the wallet 'for security'. If they are not careful they can delete a change address with funds on it. In MultiBit I have tried to reduce this possibility by: 1) Hiding the ability to delete wallet (in the next version I am removing it entirely) 2) There is always a single key in a new wallet. When a user imports a key then that makes two. I always send the change to the second address, if it is available. (This is bad for privacy but at least lessens the chances that the funds become lost). If users are determined to use a brain wallet and secure delete every copy of the wallet after they use them you cannot stop them (it is their machine after all) But these two options help lessen the chance of bitcoin loss if they do. For the HD version of MultiBit we are removing the import of individual private keys entirely and only supporting HD addresses, primarily for safety reasons. Jim On Mon, Dec 16, 2013, at 10:13 AM, Drak wrote: > Not sure if this is the right place, but since a few wallet authors > congregate here I though it might be the best place. > > It seems every once in a while you see stories of people accidentally > paying huge fees. Today I read about a man who paid a 20.14BTC fee for a > 0.05 BTC transaction[1], oops. There was another recently where someone > paid a fee of about 200BTC which fortunately the pool operator refunded. > > It just occurs to me this kind of sad story could be averted if wallets > implemented a confirmation box if the fee amount seems crazy - for example, > if it's >10x what the default fee should be, or if it's greater than x% of > the sending amount. "the fee seems unusually high, are you really sure you > want to pay X in fees?" > > I realise the exact details of this might need to be fleshed out given we > want flexible fees, but it should be pretty simple to agree with what looks > like an unusually large fee according to the going rate. > > Drak > > [1] > http://www.reddit.com/r/Bitcoin/comments/1syu3h/i_lost_all_my_bitcoins_in_an_erroneous/ > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- http://bitcoin-solutions.co.uk ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bitcoin-development] Fees UI warning 2013-12-16 10:46 ` Jim @ 2013-12-16 11:08 ` Drak 2013-12-16 11:31 ` Pieter Wuille 2013-12-16 11:37 ` Wladimir 2 siblings, 0 replies; 11+ messages in thread From: Drak @ 2013-12-16 11:08 UTC (permalink / raw) To: Jim; +Cc: Bitcoin Dev [-- Attachment #1: Type: text/plain, Size: 4454 bytes --] Jim, It's great to see the many ways wallet authors try to protect users from easy to make mistakes, especially against losing funds. But this issues isn't confined to custom transaction - some wallet implementations have a fee field and almost all wallets allow the fee rate to be configured in preferences. Sanity checking is sensible where a user can override the calculated fee. Some wallets don't allow the fee to be adjusted at all, but quite a few do. Drak On 16 December 2013 10:46, Jim <jim618@fastmail.co.uk> wrote: > Yes I saw that on reddit too. > > I think it applies mainly to custom transactions rather > than where fees are calculated automatically. > > Another variant of not understanding change that loses > people's bitcoins I have encountered is: > 1) Import a private key of a brainwallet/ paper wallet. > 2) Send a small amount of bitcoin from that key. > 3) The user then secure deletes all copies of the wallet > 'for security'. If they are not careful they can delete > a change address with funds on it. > > In MultiBit I have tried to reduce this possibility by: > 1) Hiding the ability to delete wallet (in the next version > I am removing it entirely) > 2) There is always a single key in a new wallet. When > a user imports a key then that makes two. I always send > the change to the second address, if it is available. > (This is bad for privacy but at least lessens the chances > that the funds become lost). > > If users are determined to use a brain wallet and > secure delete every copy of the wallet after they use > them you cannot stop them (it is their machine after all) > But these two options help lessen the chance of bitcoin > loss if they do. > > For the HD version of MultiBit we are removing the import > of individual private keys entirely and only supporting HD > addresses, primarily for safety reasons. > > Jim > > On Mon, Dec 16, 2013, at 10:13 AM, Drak wrote: > > Not sure if this is the right place, but since a few wallet authors > > congregate here I though it might be the best place. > > > > It seems every once in a while you see stories of people accidentally > > paying huge fees. Today I read about a man who paid a 20.14BTC fee for a > > 0.05 BTC transaction[1], oops. There was another recently where someone > > paid a fee of about 200BTC which fortunately the pool operator refunded. > > > > It just occurs to me this kind of sad story could be averted if wallets > > implemented a confirmation box if the fee amount seems crazy - for > example, > > if it's >10x what the default fee should be, or if it's greater than x% > of > > the sending amount. "the fee seems unusually high, are you really sure > you > > want to pay X in fees?" > > > > I realise the exact details of this might need to be fleshed out given we > > want flexible fees, but it should be pretty simple to agree with what > looks > > like an unusually large fee according to the going rate. > > > > Drak > > > > [1] > > > http://www.reddit.com/r/Bitcoin/comments/1syu3h/i_lost_all_my_bitcoins_in_an_erroneous/ > > > ------------------------------------------------------------------------------ > > Rapidly troubleshoot problems before they affect your business. Most IT > > organizations don't have a clear picture of how application performance > > affects their revenue. With AppDynamics, you get 100% visibility into > your > > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of > AppDynamics Pro! > > > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk > > _______________________________________________ > > Bitcoin-development mailing list > > Bitcoin-development@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > -- > http://bitcoin-solutions.co.uk > > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics > Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > [-- Attachment #2: Type: text/html, Size: 6071 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bitcoin-development] Fees UI warning 2013-12-16 10:46 ` Jim 2013-12-16 11:08 ` Drak @ 2013-12-16 11:31 ` Pieter Wuille 2013-12-16 18:26 ` Mike Hearn 2013-12-16 11:37 ` Wladimir 2 siblings, 1 reply; 11+ messages in thread From: Pieter Wuille @ 2013-12-16 11:31 UTC (permalink / raw) To: Jim; +Cc: Bitcoin Dev On Mon, Dec 16, 2013 at 11:46 AM, Jim <jim618@fastmail.co.uk> wrote: > For the HD version of MultiBit we are removing the import > of individual private keys entirely and only supporting HD > addresses, primarily for safety reasons. Will that also mean no longer reusing (change) addresses? -- Pieter ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bitcoin-development] Fees UI warning 2013-12-16 11:31 ` Pieter Wuille @ 2013-12-16 18:26 ` Mike Hearn 0 siblings, 0 replies; 11+ messages in thread From: Mike Hearn @ 2013-12-16 18:26 UTC (permalink / raw) To: Pieter Wuille; +Cc: Bitcoin Dev [-- Attachment #1: Type: text/plain, Size: 489 bytes --] On Mon, Dec 16, 2013 at 12:31 PM, Pieter Wuille <pieter.wuille@gmail.com>wrote: > Will that also mean no longer reusing (change) addresses? > Jim seems to be planning some parallel development to what I'm doing, but HD wallets and stopping address re-use is the current feature I'm working on for bitcoinj. Only code review and merging takes higher priority at the moment. So I think we might be able to stop re-using addresses at least on devices with sufficient memory some time in Q1 [-- Attachment #2: Type: text/html, Size: 878 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bitcoin-development] Fees UI warning 2013-12-16 10:46 ` Jim 2013-12-16 11:08 ` Drak 2013-12-16 11:31 ` Pieter Wuille @ 2013-12-16 11:37 ` Wladimir 2013-12-16 17:55 ` Taylor Gerring 2013-12-16 18:45 ` Gregory Maxwell 2 siblings, 2 replies; 11+ messages in thread From: Wladimir @ 2013-12-16 11:37 UTC (permalink / raw) To: Jim; +Cc: Bitcoin Dev [-- Attachment #1: Type: text/plain, Size: 707 bytes --] On Mon, Dec 16, 2013 at 11:46 AM, Jim <jim618@fastmail.co.uk> wrote: > For the HD version of MultiBit we are removing the import > of individual private keys entirely and only supporting HD > addresses, primarily for safety reasons. > I'd love to have the same in Bitcoin-Qt as well. Too many sob stories about people with outdated backups that lost part or all of their coins. These are much more common than fee messups. What we should really do is: - Use deterministic wallets. Making regular backups becomes optional (to retain label and transaction data and such) instead of mandatory. - Don't support importing private keys. Replace the importing of private keys by a "sweep" function. Wladimir [-- Attachment #2: Type: text/html, Size: 1161 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bitcoin-development] Fees UI warning 2013-12-16 11:37 ` Wladimir @ 2013-12-16 17:55 ` Taylor Gerring 2013-12-16 18:45 ` Gregory Maxwell 1 sibling, 0 replies; 11+ messages in thread From: Taylor Gerring @ 2013-12-16 17:55 UTC (permalink / raw) To: Bitcoin Dev [-- Attachment #1: Type: text/plain, Size: 3602 bytes --] Providing people with a great user experience is something that Hive Wallet is enthusiastic about, so this is stuff we’re thinking about constantly. For example, how do you alert the user to abnormal activity (i.e. sending “too much” on accident[1])? The removal of extraneous UI and functionality that can be automated is a priority, which is why we (to date) still don’t have a Preferences dialog. Smart defaults should be an important aspect of design decisions. Thinking about stripping UI away as much as possible, consider what was done with dat.wallet[2]: no wallet file whatsoever and it doesn't even reveal the address except when explicitly necessary. For privacy’s sake, the intent should be to detect the use of an address and automatically rotate it away from the user. This minimal interaction results in maximum benefit. Or take a look at the new Bitstamp app I’m writing for Hive[3]. How do you cram an entire trading API into a mobile-like window? Smart use of space and making intelligent event-driven decisions is often overlooked. In the linked screenshot, imagine the user actually clicks the deposit button. A “send bitcoins" dialog is pre-populated with the deposit address and the requested amount. Copying and pasting addresses is error-prone and not user-friendly in the least. I would urge all software developers to think about UX when developing applications. What can be automated? What can we make a best guess about? In the case of fees, we will hopefully have more control over them in the coming months, but in the meantime, consider what your application tries to accomplish and how it can do that without getting in the way too much. Software should enable the user, not encumber them. Lastly, I’ll leave everyone with an approach we’re considering once floating fees are feasible[4], something Mike Hearn asked about in a previous thread. [1] https://github.com/hivewallet/hive-osx/issues/107 [2] https://github.com/darkwallet/dat.wallet [3] https://github.com/tgerring/hiveapp-bitstamptrader [4] https://github.com/hivewallet/hive-osx/issues/148 Taylor On Dec 16, 2013, at 5:37 AM, Wladimir <laanwj@gmail.com> wrote: > On Mon, Dec 16, 2013 at 11:46 AM, Jim <jim618@fastmail.co.uk> wrote: > For the HD version of MultiBit we are removing the import > of individual private keys entirely and only supporting HD > addresses, primarily for safety reasons. > > I'd love to have the same in Bitcoin-Qt as well. Too many sob stories about people with outdated backups that lost part or all of their coins. These are much more common than fee messups. > > What we should really do is: > > - Use deterministic wallets. Making regular backups becomes optional (to retain label and transaction data and such) instead of mandatory. > > - Don't support importing private keys. Replace the importing of private keys by a "sweep" function. > > Wladimir > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk_______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development [-- Attachment #2: Type: text/html, Size: 4961 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bitcoin-development] Fees UI warning 2013-12-16 11:37 ` Wladimir 2013-12-16 17:55 ` Taylor Gerring @ 2013-12-16 18:45 ` Gregory Maxwell 1 sibling, 0 replies; 11+ messages in thread From: Gregory Maxwell @ 2013-12-16 18:45 UTC (permalink / raw) To: Wladimir; +Cc: Bitcoin Dev On Mon, Dec 16, 2013 at 3:37 AM, Wladimir <laanwj@gmail.com> wrote: > What we should really do is: > - Use deterministic wallets. Making regular backups becomes optional (to > retain label and transaction data and such) instead of mandatory. > - Don't support importing private keys. Replace the importing of private > keys by a "sweep" function. I'd add a third: make structured key-management possible, e.g. At a minimum: Users should be able to hit a "retire keys / keys possibly compromised" button, which creates a new seed, forces the user to make a backup (and allows more than one), then switches to the new seed and moves all their coins. On Mon, Dec 16, 2013 at 10:28 AM, Mike Hearn <mike@plan99.net> wrote: > I don't know how to solve this. Badly designed software that looks appealing > will always be a danger. "We didn't say it couldn't be done— We said don't do it!" Part of the challenge here is that the service does a number of things people _really_ shouldn't be doing— things so dangerous that I certainly won't do them— and as a result to not use the site turn into big education efforts rather than just "use this other thing (that also does the wrong headed thing you want to do)". ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bitcoin-development] Fees UI warning 2013-12-16 10:13 [Bitcoin-development] Fees UI warning Drak 2013-12-16 10:46 ` Jim @ 2013-12-16 11:27 ` Wladimir 2013-12-16 18:28 ` Mike Hearn 2 siblings, 0 replies; 11+ messages in thread From: Wladimir @ 2013-12-16 11:27 UTC (permalink / raw) To: Drak; +Cc: Bitcoin Dev [-- Attachment #1: Type: text/plain, Size: 576 bytes --] On Mon, Dec 16, 2013 at 11:13 AM, Drak <drak@zikula.org> wrote: > It just occurs to me this kind of sad story could be averted if wallets > implemented a confirmation box if the fee amount seems crazy - for example, > if it's >10x what the default fee should be, or if it's greater than x% of > the sending amount. "the fee seems unusually high, are you really sure you > want to pay X in fees?" > Bitcoin-qt (in master) always shows the fee and total amount that is going to be paid in the confirmation dialog, so it is very hard to accidentally a very high fee. Wladimir [-- Attachment #2: Type: text/html, Size: 969 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bitcoin-development] Fees UI warning 2013-12-16 10:13 [Bitcoin-development] Fees UI warning Drak 2013-12-16 10:46 ` Jim 2013-12-16 11:27 ` Wladimir @ 2013-12-16 18:28 ` Mike Hearn 2013-12-16 22:32 ` Andreas Schildbach 2 siblings, 1 reply; 11+ messages in thread From: Mike Hearn @ 2013-12-16 18:28 UTC (permalink / raw) To: Drak; +Cc: Bitcoin Dev [-- Attachment #1: Type: text/plain, Size: 927 bytes --] On Mon, Dec 16, 2013 at 11:13 AM, Drak <drak@zikula.org> wrote: > It just occurs to me this kind of sad story could be averted if wallets > implemented a confirmation box if the fee amount seems crazy - for example, > if it's >10x what the default fee should be, or if it's greater than x% of > the sending amount. > Most good wallets have UI's designed to be safe. Unfortunately this guy was using brainwallet.org which is by no means a "good" wallet in that sense (it's not really even a wallet app at all) I think most of us have expressed displeasure at the existence of this site before, and I once even asked the guy to stop running it, but he refused. It's an extremely sharp tool which makes it easy to cut yourself, except it doesn't look dangerous, it looks like ordinary software designed for ordinary people. I don't know how to solve this. Badly designed software that looks appealing will always be a danger. [-- Attachment #2: Type: text/html, Size: 1396 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bitcoin-development] Fees UI warning 2013-12-16 18:28 ` Mike Hearn @ 2013-12-16 22:32 ` Andreas Schildbach 0 siblings, 0 replies; 11+ messages in thread From: Andreas Schildbach @ 2013-12-16 22:32 UTC (permalink / raw) To: bitcoin-development On 12/16/2013 07:28 PM, Mike Hearn wrote: > I don't know how to solve this. Badly designed software that looks > appealing will always be a danger. One way would be to explicitly warn against some services. For example, on the "Choose you wallet" page of bitcoin.org. ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2013-12-16 22:32 UTC | newest] Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2013-12-16 10:13 [Bitcoin-development] Fees UI warning Drak 2013-12-16 10:46 ` Jim 2013-12-16 11:08 ` Drak 2013-12-16 11:31 ` Pieter Wuille 2013-12-16 18:26 ` Mike Hearn 2013-12-16 11:37 ` Wladimir 2013-12-16 17:55 ` Taylor Gerring 2013-12-16 18:45 ` Gregory Maxwell 2013-12-16 11:27 ` Wladimir 2013-12-16 18:28 ` Mike Hearn 2013-12-16 22:32 ` Andreas Schildbach
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox