Re: [ANN][XCP] Counterparty - Pioneering Peer-to-Peer Finance

How safe is https://counterwallet.io?

Can somebody explain to me how is this working? How can we be sure that somebody is not putting a backdoor like form to steal our 12 words password upon login?

It's open-source, and everything is handled using javascript (on your computer). The actual login and transaction signing process isn't done on any server (in fact your passphrase is never sent to counterwallet.io), instead it all happens inside your browser: https://counterwallet.io/js/counterwallet-min.js?v=03f7c112aa43

If you are still worried, you could run Counterwallet, or counterpartyd (the command line client) on your own computer. CounterpartyGUI (graphical user interface for your local computer) is coming soon, see http://counterparty.io/news/counterparty-development-update-10/.

Does that mean that I can download the counterwallet.io and make a clone of it, and run it on localhost webserver?

I trust https://counterwallet.io but I can't trust it 24/7. You can never know if somebody's gonna be able at some point to inject some code into the javascript.

You can run your own CounterWallet instances. It should also be possible for a third party to run a service that verifies the CW assets hashes on github and compares them to the ones being served up to you on CounterWallet to be sure nobody has inserted anything malicous within. (Or a browser extension that achieves the same thing) You could even package the relevant assets directly into a chrome app and be sure they are running locally. For larger amounts of XCP it's recommended to do cold-storage or watch only wallets. You can always check the balance with block-explorers without logging in.

Quote from: infobel on January 11, 2015, 12:00:55 AM

Is there any archive with the counterparty.io web wallet? It's a paint to recreate all files one by one

https://github.com/CounterpartyXCP/counterwallet