TipIOTA makes it possible for everyone to earn money online with their creations. Our browser extension will soon allow you to easily tip everyone on any social media platform. Besides processing tips, we are working towards processing payments for a wide range of products and services.
Before we start talking about security, we would like to thank all of you for the awesome and enthusiastic feedback in regards to our first Medium announcement, our website as well as the intro video. We received a lot of questions about security and fees so we decided to dedicate this post to clear some things up for you.
In case you’ve missed the previous Medium article, you can catch up below.
IOTA Seed never leaves your wallet
What is an IOTA seed? The IOTA Foundation has an answer for you:
The starting point for everything is a seed (pun intended). To create an account with private keys and addresses you need to have a secure seed. A seed consists of 81-trytes (or less, which is not advised), and is your unique access key to your account and thus your funds. The seed has to be securely stored.
If someone has access to your seed, they can access your wallet. Save your seed securely since it cannot be recovered. Once you lose your seed, your funds cannot be recovered either. It’s also worth mentioning that you should never use any online seed generators. Generate a new seed/wallet locally on your own computer. Below are a few commands you can use.
Mac Terminal
cat /dev/urandom |LC_ALL=C tr -dc ‘A-Z9’ | fold -w 81 | head -n 1Linux Terminal
cat /dev/urandom |tr -dc A-Z9|head -c${1:-81}KeepPass app for Windows or Mac
Your security is very important to us and therefore we have designed TipIOTA in a way where your seed never leaves your browser. In case you do not want to take our word for it, most modern browsers allow you to see it in the developer console for yourself.
This screenshot illustrates exactly what data is being sent to us. As expected, none of this contains even a trace of your seed. In case you are not a technical type, you can ask one of your developer friends to verify this for you.
The entire client/user side of TipIOTA browser plugin is built in javascript and HTML. All data sent by the plugin can easily be seen in the developer console of any browser. All of your network traffic is shown there. Similarly to the rest of the IOTA wallets, we are using a safe IOTA-made javascript library.
How does the tipping process work?
When you tip someone, your tip is paired with a brand new auto-generated address and sent to a unique holder address (wallet). At this point, your tip is securely stored with us and an auto-generated message is sent to the receiving person. Heck, we will even leave them a comment to show the rest of the community how awesome you are by supporting another user.
Withdrawing your tips could not be any simpler than this. The receiving person is only required to paste/type in their wallet address in our withdrawal form that can be found here. That’s it. There are no hidden steps here.
As long as the receiving person has an IOTA wallet and their receiving address handy, it should not take any more than 5 to 10 seconds to initiate the withdrawal process.
We’ll briefly talk about the withdrawal number that you can see in the image above, what it does and we’ll also explain to you why we do not require your seed in the first place. Seeing Tip IOTA for the first time does raise a lot of questions. While building Tip IOTA, we had to ask and also answer all of these questions by ourselves. A few people believe that the seed is going to be transferred to the receiving party, thus, compromising the entire process but that’s simply not true.
TipIOTA allows you to tip people even without being signed-in a specific social media platform. You might be wondering how it’s possible but fortunately, we have a simple answer for you. The withdrawal number is the identifier. As we said before, once you tip someone, we will send them a personal message form our own profile on that specific social media website. This message is going to contain a unique auto-generated identification number that’s shared only with the receiving person and is presented in a form of a link. Once the receiving person clicks on this link, they are taken to our withdrawal form and we even pre-populate the withdrawal number for them.
We could have just taken an easy route and chosen to exchange the seed with the receiver but we wanted to avoid people using a wallet with a seed that has been sent over the internet. While building a product that is more secure, we use our own high-performance servers for handling PoW required to send the IOTA from our holder wallet to the receiving person.
Hosting our own node
What is a node and why do we need to host it by ourselves? In simple terms, a node is basically a server that processes transactions. IOTA transactions are supposed to be fast but unfortunately, a lot of times public nodes are overloaded and sometimes can take hours to process a transaction. Not to go into too much detail, this problem exists mainly because of these so-called network spammers. To offer a first-class service, we cannot let our users wait for hours to receive their funds. It’s not how we want to do things going forward.
People often assume that IOTA is free and for the most part this statement is true. IOTA is free at an expense of your own, or someones eases, electricity bill. IOTA requires PoW (Proof of Work).
Proof of Work prevents Denial of Service and spam attacks on the network. It’s a computationally hard puzzle to solve, but easy to verify.
To solve this puzzle your computer uses its CPU and, in some cases, the graphic card. It typically takes a few seconds to maximum a minute. If you only do 1 to 10 transactions a month, this is not going to affect you in the slightest, however, in our scenario, this is something that we will do all the time and that’s where we incur costs.
We require hosting our own node to process all outgoing transactions faster. A node can be run on an average laptop but as we grow, so does the need for faster and more reliable hardware. To run a server around the clock is not cheap. It can cost anywhere from a few hundred to a few thousand dollars a month, depending on the number of transactions we will be required to handle at any given time. We hope that this gives you some insight into why we need to charge a small transaction fee.
Current progress
At the moment Tip IOTA is in private beta. It’s already fully secure and usable within Reddit in the Chrome browser and we are working hard on all of the final touches. We expect to release it in public beta within a week or two. We are also expanding our website to support the withdrawal process and to provide you with more contextual information within the extension as well as on our website.
Check out our website. Follow us on Facebook, Twitter and Medium or join our Slack Channel to receive the latest updates.
If you would like to support our project, you’re more then welcome to do so. We can use tips of any size so that we can realise nodes and extend our services quickly. Our IOTA address:
KYBATNWTHMMFAUNQDCLCPKVLFGZCEXESYQZWBAFFENXGDQTDDF9USHSFRUN9JNYXRMOWCDZHWAIHIXPXDSIP9EP9IW
We’ve added a user feedback form where you are welcome to submit new ideas or upvote the existing ones. Every idea matters to us.
TipIOTA is an initiative by David Lamers and Roberts Ozoliņš.
