Re: [ANN] MangoCoinz (official) - The mobile crypto currency
SCAM ALERT!
DO NOT PUT ANY MONEY INTO THIS COIN!
Read the whole post to understand! Some things may be technical at first, but I hope everyone will understand.
I have been silently reading the previous announcement thread since a few weeks now and have to say I'm surprised by how many people think this "coin" will yield anything good. Why do I think so follows:
- Centralized architecture, it's a huge red flag already. Devs can manipulate coin amount anytime they want. They can issue new coins from nothing. (The coin amount counter is running on their server, that data means nothing.) Given this much control they can manipulate the price any way they want, the fact they didn't do it just shows their incompetence in this field. Seriously, they could be rich already. The "blockchain" viewer also runs on their server, same here, it cannot be trusted. By the way, there isn't even a blockchain probably. It would make no sense with this setup. It's just a plain old database with the syncs stored. There are other problems with centralization though: a DDoS could bring the entire system down. (Currently, I would bet 90 % the server doesn't have DDoS protection.) A hacker could get into the server, issue random coins to random accounts, delete everything from the database (yeah, there are backups probably (if there are lol), but the outage and rollback would still be disastrous if the "coin" would get popular). They could also leak all user data depending on what is stored. Some simple misconfiguration could also bring the system down. Such an environment should be extremely robust. And I didn't even mention scaling: if this would get very popular, it would need scaling and since you're dealing with transactions and syncs you can't go NoSQL. Transaction management in a high-scale environment is really hard, banks have dedicated teams to do it.
- Syncs - wait what??? So without any kind of proof I can get stuff worth money? Hell yeah! Before you say it's mining: No, it isn't! There's an app checking accelerometer data and sending the server how much movement occurred. How about faking accelerometer data? Actually, since code is running on users' devices, it can be altered or fed fake data anytime. No, obfuscation won't help either. There are many ways to defeat it. Let's go through a few! Device software can be modified to provide data what I want. Virtual machines could be spawned to do the same, or some hybrid solution, virtualizing only the app. Possibilities are endless! One can modify the application itself to do what they want. One could create bots by reverse engineering the functionality and writing a program to mimic it. TOR and proxies would give them thousands of individual "miners" generating lots of "coins" every day (even if devs implemented TOR or proxy detection, they can't detect all proxies (see private ones) or one with a small-sized botnet could use totally legit IP addresses which you cannot filter (this is plausible, especially if you think about such groups, they would also have the capacity to maintain a solid bot)). The problem is that there is NO PROOF OF WORK/STAKE/ETC. mechanism. It simply trusts the environment and this is a huge no-go in cryptocurrency.
- The app - Even though I'm no expert in the field, it took me roughly half an hour reading about the APK decompilation process and doing it. Noticed the core parts are in a native library, finally something interesting. I already know why the app has (/had, newest one is said to be stable) so many bugs and crashes reported by other members. Sure, writing it in all Java would have revealed how there is no real proof for validating syncs, but the devs aren't competent enough probably to deal with C or C++ and implement a proper bug-free code natively. No, do not say it's a beta, it's still unacceptable.
- Closed source - Devs say the infrastructure is closed source because if it would be open, scammers would create clones and saturate the market. This is such a ridiculous contradiction.
Devs are the very scammers here. Yes, they say they are honest (why say it anyway? people either trust you or don't), but we cannot know this honesty will keep up later on. Also, what if a new member in the dev team comes and they won't be? This leads to another question - how many devs are there in the team anyway? Two? Three? (In a post one of them said they got another member.) Total lack of transparency. This does nothing good in the cryptocurrency ecosystem among lots of scammers. Also, open sourcing the app would reveal all the flaws I already mentioned.
- Mainly just to make an interesting point: The API - Without knowing much about the details, the API for integrating third-party systems works as follows: First of all, it's not open. You need to contact the dev team, supply them information about the system you're building, you have to prove that you're part of the team that's developing this particular system (read it somewhere on another forum) then you get the documentation which probably entails the following: You need to connect to the central server through some obscure HTTP(S)-based methods. UseCryptos had to integrate this system, that's why it took so long from initial announcement to actually get an up and running system. Why is this bad? First, it really slows down development time if you want to support this "coin", which is not something developers can allow themselves. This results in lower adaption rate as nobody would like to spend time for this specific coin when they can get up and running with all other JSONRPC coins in a few minutes. Bitcoin introduced the JSONRPC API and since lot of other coins are based on that, they too include it. BUT: Other, totally custom coded coins also include this API for the sake of good integration capabilities. They keep up with standards. The thing is, people have already written many wrappers and helper libraries so it really is a breeze to work with. Also, this approvement for every service is good now, but what if you got tens or hundreds of requests a day later? How would you cope with it? Also, since all of these services connect to the same server, making lots of requests, this also will increase server and bandwidth load. Got to scaling again...
- Getting popular - Seriously, I do not care if some people in the early (especially beta) days lose money. Heck, I wouldn't have written up all these (yeah, took a lot of time...) if I didn't think about the future. My problem is mainly the following: The "coin" is aimed at the masses, especially running clubs. These people know nothing about the workings of the system and they trust it. Also, traders on cryptocurrency exchanges put money into it and get scammed by those gaming the system. And here I have to say it again: They cannot secure the system against gaming. The design simply does not allow it. It would need a proper proof algorithm, but in the sense of running and acceleration checking it cannot be designed by our current knowledge (I also was thinking about it, it's a no-go.). One cannot simply trust code running on a user device. No matter how much obfuscation the devs do, if there is big money in it, people will hack it. This is not even something to talk about, it's fact.
- PayPal payout - Simply put, PayPal sees cryptocurrencies as one of its direct concurrency and disables accounts trading coins if it finds out. Even though Mango is not a cryptocurrency, I don't think they'll like it if it gets popular. This would not be a problem, but this option is there to make things simple (people don't have to deal with exchanges) and
I refer to it as "coin", because this is not a coin in terms of standard naming. Not at least here on BitcoinTalk. This site is about cryptocurrencies which have proper cryptographic algorithms to ensure mining hasn't been tampered with. I would rather call it a token if I were to give a description.
DO NOT PUT ANY MONEY INTO THIS COIN!
Read the whole post to understand! Some things may be technical at first, but I hope everyone will understand.
I have been silently reading the previous announcement thread since a few weeks now and have to say I'm surprised by how many people think this "coin" will yield anything good. Why do I think so follows:
- Centralized architecture, it's a huge red flag already. Devs can manipulate coin amount anytime they want. They can issue new coins from nothing. (The coin amount counter is running on their server, that data means nothing.) Given this much control they can manipulate the price any way they want, the fact they didn't do it just shows their incompetence in this field. Seriously, they could be rich already. The "blockchain" viewer also runs on their server, same here, it cannot be trusted. By the way, there isn't even a blockchain probably. It would make no sense with this setup. It's just a plain old database with the syncs stored. There are other problems with centralization though: a DDoS could bring the entire system down. (Currently, I would bet 90 % the server doesn't have DDoS protection.) A hacker could get into the server, issue random coins to random accounts, delete everything from the database (yeah, there are backups probably (if there are lol), but the outage and rollback would still be disastrous if the "coin" would get popular). They could also leak all user data depending on what is stored. Some simple misconfiguration could also bring the system down. Such an environment should be extremely robust. And I didn't even mention scaling: if this would get very popular, it would need scaling and since you're dealing with transactions and syncs you can't go NoSQL. Transaction management in a high-scale environment is really hard, banks have dedicated teams to do it.
- Syncs - wait what??? So without any kind of proof I can get stuff worth money? Hell yeah! Before you say it's mining: No, it isn't! There's an app checking accelerometer data and sending the server how much movement occurred. How about faking accelerometer data? Actually, since code is running on users' devices, it can be altered or fed fake data anytime. No, obfuscation won't help either. There are many ways to defeat it. Let's go through a few! Device software can be modified to provide data what I want. Virtual machines could be spawned to do the same, or some hybrid solution, virtualizing only the app. Possibilities are endless! One can modify the application itself to do what they want. One could create bots by reverse engineering the functionality and writing a program to mimic it. TOR and proxies would give them thousands of individual "miners" generating lots of "coins" every day (even if devs implemented TOR or proxy detection, they can't detect all proxies (see private ones) or one with a small-sized botnet could use totally legit IP addresses which you cannot filter (this is plausible, especially if you think about such groups, they would also have the capacity to maintain a solid bot)). The problem is that there is NO PROOF OF WORK/STAKE/ETC. mechanism. It simply trusts the environment and this is a huge no-go in cryptocurrency.
- The app - Even though I'm no expert in the field, it took me roughly half an hour reading about the APK decompilation process and doing it. Noticed the core parts are in a native library, finally something interesting. I already know why the app has (/had, newest one is said to be stable) so many bugs and crashes reported by other members. Sure, writing it in all Java would have revealed how there is no real proof for validating syncs, but the devs aren't competent enough probably to deal with C or C++ and implement a proper bug-free code natively. No, do not say it's a beta, it's still unacceptable.
- Closed source - Devs say the infrastructure is closed source because if it would be open, scammers would create clones and saturate the market. This is such a ridiculous contradiction.
Devs are the very scammers here. Yes, they say they are honest (why say it anyway? people either trust you or don't), but we cannot know this honesty will keep up later on. Also, what if a new member in the dev team comes and they won't be? This leads to another question - how many devs are there in the team anyway? Two? Three? (In a post one of them said they got another member.) Total lack of transparency. This does nothing good in the cryptocurrency ecosystem among lots of scammers. Also, open sourcing the app would reveal all the flaws I already mentioned.- Mainly just to make an interesting point: The API - Without knowing much about the details, the API for integrating third-party systems works as follows: First of all, it's not open. You need to contact the dev team, supply them information about the system you're building, you have to prove that you're part of the team that's developing this particular system (read it somewhere on another forum) then you get the documentation which probably entails the following: You need to connect to the central server through some obscure HTTP(S)-based methods. UseCryptos had to integrate this system, that's why it took so long from initial announcement to actually get an up and running system. Why is this bad? First, it really slows down development time if you want to support this "coin", which is not something developers can allow themselves. This results in lower adaption rate as nobody would like to spend time for this specific coin when they can get up and running with all other JSONRPC coins in a few minutes. Bitcoin introduced the JSONRPC API and since lot of other coins are based on that, they too include it. BUT: Other, totally custom coded coins also include this API for the sake of good integration capabilities. They keep up with standards. The thing is, people have already written many wrappers and helper libraries so it really is a breeze to work with. Also, this approvement for every service is good now, but what if you got tens or hundreds of requests a day later? How would you cope with it? Also, since all of these services connect to the same server, making lots of requests, this also will increase server and bandwidth load. Got to scaling again...
- Getting popular - Seriously, I do not care if some people in the early (especially beta) days lose money. Heck, I wouldn't have written up all these (yeah, took a lot of time...) if I didn't think about the future. My problem is mainly the following: The "coin" is aimed at the masses, especially running clubs. These people know nothing about the workings of the system and they trust it. Also, traders on cryptocurrency exchanges put money into it and get scammed by those gaming the system. And here I have to say it again: They cannot secure the system against gaming. The design simply does not allow it. It would need a proper proof algorithm, but in the sense of running and acceleration checking it cannot be designed by our current knowledge (I also was thinking about it, it's a no-go.). One cannot simply trust code running on a user device. No matter how much obfuscation the devs do, if there is big money in it, people will hack it. This is not even something to talk about, it's fact.
- PayPal payout - Simply put, PayPal sees cryptocurrencies as one of its direct concurrency and disables accounts trading coins if it finds out. Even though Mango is not a cryptocurrency, I don't think they'll like it if it gets popular. This would not be a problem, but this option is there to make things simple (people don't have to deal with exchanges) and
I refer to it as "coin", because this is not a coin in terms of standard naming. Not at least here on BitcoinTalk. This site is about cryptocurrencies which have proper cryptographic algorithms to ensure mining hasn't been tampered with. I would rather call it a token if I were to give a description.
Some VERY valid points, no question about it. But screaming "Scam Alert" kind of devalues them because, so far, there's no basis for such alarmist terminology. Mangocoinz is what it is, the good the bad and the ugly. And yes, it cannot be trusted. Then again, NOT a single cryptocurrency can. Not one. Not even Bitcoin. Simply put -as you adequately put it- "it is a FACT". So, on that preamble and frame, Mangocoinz, as an investment, es neither more secure nor less secure than an y other crypto currency. And yes, to cal it COIN -or "coinz"-, just like calling it cryptocurrency, is simply not adequate and I'm sure the developers chose it instead of "token" of whatever other term for unity of value can apply. This is, in idea, an "alternative currency". A CENTRALIZED one at that. For good, bad and in-between.
Can it be "gamed"? of course it can be. It probably is. It probably has been. It SURELY will. Will the developers game it themselves? That's for you to decide if to trust them or not. And for the rest of the community.
Those are NOT the main problems of this project. They are simply circumstances of it. As long as the total number of coins is not altered, the value would depend on the popularity and usability: What can you purchase with those coins that you either "mine" or buy in the exchanges? Is it something you put a big value on? Then they would be VERY valuable. You cannot buy anything of interest with it and the trading value is minimal in terms of BTC or others? then you have yet another failed project, whether scam, incompetence, or just lack of interest.That's all.
You are, again, right, very right, in mentioning that a new (fourth) developer seems to have come on board. Someone of whom no one knows anything. That, obviously, doesn't lend a lot of trustfulness to the project, which, being 100% centralized -and make no mistake about this: There's no other way possible for this project, now or ever, therefore I don't understand the pretense that they will work toward decentralization...-, is absolutely indispensable for the community to know and meet. Total transparency, in this case, is not a requirement only, it's a necessity.
You also don't want to hear "but it's beta"... well, still is, sorry. Even if this new thread comes with the pretense that, technically, they are done. They aren't. If there's no SECURITY -outside of the centralized system-, then it is alpha, not even beta, for no one will ever put any kind of serious money in something that is sure to be hacked and robbed. It's THAT simple. But it is also beta in that we so far don't even know where the developers are aiming. I hear ideas, nice, interesting ones, but
nothing specific, concrete, let alone already implemented. The merchandising idea is not just the obvious but the main -along with the sponsorships- attraction of this project in the beginning, but talking about it and implementing it EFFECTIVELY, are two very different things. So lets wait a bit and see what comes out of those ideas barely mentioned and what the final purpose of the whole project is, because I don't see it at all yet. I have asked, since the very beginning, AND THEN WHAT? I still don't have any answers, therefore it remains beta, an idea, perhaps chimeric, a path full of difficulties ahead and, when the total number of coins are "mined", "THEN WHAT?"
I was VERY supportive of this project, as everyone in the community knows. I have gotten considerably cold since I saw that not only the kids did not have a real plan but were very, very reluctant to open the gates so to speak to let the people with the means and knowledge in. Now, Srele even posts that they have "invested a lot of money" in this... this from three guys that didn't have a dime to their names and couldn't even afford an IPhone to work on the application... again, not a whole lot of trust gained with such statements that, if nothing else, indicate that the underhand is up for the taking. I also brought to question the net transfer fees, which are excessive... to no answer, no avail. So, although I remain supportive of Mangocoinz, my investment has been drastically reduced and my support is lukewarm while I keep observing the developments. I never ever lie and I'd be lying if I'd say that I like all or most of what I see here.
And the decentralization of the project, again, is NOT, a problem to me. On the contrary, actually.
One final thought regarding the new thread: The animated gif is horrible. Not just bad: horrible, actually. Aesthetically it cannot possibly make less attractive the exercise with the phone hanging out of the leg. Really, really horrible. The fact that it is men doing the exercise is another horrible choice when women is an evidently more attractive and bigger demographic Mango should pursue... Please take it down asap and susbtitute it for something more endearing and easier on the eye not that horrific image that would turn off immediately any prospective "miner". Please also, don't consider this just "an opinion", alright? That's the easy way out for losers. It is a VERY EXPERT one, ok?