Why did I make a web wallet?

I bought my first bitcoin in 2014 and have been in the cryptocurrency world ever since. in the summer of 2021, I got tired of constantly buying and selling on exchanges, bought a Grin mining machine and became a miner, and new troubles followed. When I finally managed to connect to the mining pool and get my first income, I couldn’t actually get it out of the pool.

I have tried all the Grin wallets. grin++ is the most famous and powerful and actually runs a node on the phone. But I don’t know what’s wrong, the interface is always stuck in syncing the node. Come on, I just want to use the wallet to receive money, I don’t want to run a node, but I can’t skip this step. After I don’t know how many attempts, I finally finished the sync and went to the wallet interface, and I saw my grin1 address. But after waiting for a few days, I didn’t receive a single payment from 2miners. It turns out that my address didn’t turn green, which means that the TOR network didn’t connect successfully, because I live in China.

Well, I tried Niffler, a wallet developed by a Chinese guy. But it doesn’t support TOR at all, and the developer is well aware of the network conditions in China. So what about Ironbelly? It has a simpler and easier to understand UI, but not only does it face the same TOR connection issue, but it often takes a long time to fix the wallet just in order to refresh the balance, and it often gets stuck in the sync screen. I went back to Grin++ while turning on the VPN and finally got my address to turn green after numerous attempts. But hell, 2miners only hit every few hours for an indeterminate amount of time, and I had to keep my VPN and wallet online for a few hours to get a chance to collect. It’s not easy to keep an app running for hours on your phone, knowing that I’m dealing with a bunch of memory settings, power saving settings, and security settings. And it’s not as if the settings are done and everything is fine, every time I want to collect money in the future I have to face similar but not exactly the same trouble.

It’s not just me, my fellow miners have these troubles and often struggle to receive money from the pool. It’s hard to receive payments and when you want to send them to the exchange to sell, you run into a new trouble. The exchange has only one account for receiving money, and it needs to distinguish users by memo. If you lose the wrong memo, you will not be credited, and you will have to tangle with customer service for a few days. It’s not easy to be a miner, but the mining machine has already been bought, so I’ll just have to get on with it.

How can a commodity like money, which requires a broad consensus to have value, form a consensus if even basic payments are so difficult? Without sufficient ease of use, only security and privacy, how to become electronic cash? It would be better to call it an electronic safe.

I looked for information in the official forum and also posted about the ease of use of the Grin coin (What is the most critical problem of Grin?) . In the end, I came to the conclusion that not many people listen to what I said, and not many people are willing to do something about it, and even if they start to do it, I don’t know when it will be online. Maybe in a country with free internet, the existing Grin wallet is not that hard to use. To be honest, for me, a programmer, there is no problem with running an official command line wallet on a Linux VPS, it’s just not as convenient as operating it in a mobile app. But there are two facts that can’t be ignored, one is that about 80% of Grin’s computing power is owned by Chinese miners, and the second is that the vast majority of people in the world are not programmers.

How about doing something on my own, after all I am a full stack developer. After comparing and studying all the Grin wallets, I came up with a few requirements to be met. First, the wallet needs to be online all the time. Second, the wallet balance needs to be up-to-date at all times, otherwise the same account in two wallets show different balances, very confusing. Third, it does not require tutorials and help from others to use. Fourth, the interface needs to be instantly responsive, with a progress bar for long operations and the ability to exit any UI at any time, without constantly giving me an inoperable interface (in fact, this is a basic requirement for usability of any software, but existing wallets don’t quite do it). I would also like to try some icing on the cake, such as changing the three steps of “Send-Reply-Finalizing” to “Send-Receive” for offline sending, which is more intuitive and convenient. Also, we can add automation features, such as automatic transfer out at regular intervals.

To meet these requirements, hosting users’ wallets on a US-based server with a live connection to the TOR network and operating them through a web interface was the simplest and most straightforward solution. A few months later, the web wallet service went live, and I called it “Easygrin Wallet” because I wanted to make the Grin experience easier. When I showed it to my miner friends, they were very excited and love to use it, it took away the pain they had been feeling for so long. But some unexpected things happened.

I mentioned this web wallet service on the official forum of Grin. It was soon strongly questioned because it was not open source software and security could not be guaranteed. There was also a web wallet service that was advertised on the official forum a few years ago, and after a few months it ran away with users’ money, which seriously hurt people’s trust in web wallets. They asked me to warn my users on the forum, and I took their advice and put the warning prominently on the registration page, but I don’t plan to open source for now, because an open source site that keeps property information will open the door to hackers and make it even more insecure.

Then, I added a feature to send Grin envelope. This feature is essentially a realization of my “two-step sending” idea. Set an amount to send, share the page link with a friend, and leave it alone. The friend can complete the transaction on their own after generating a reply to the slatepack. Plus, it is designed according to the Chinese culture “sending red envelopes”, which makes two-step sending more intuitive and easy to understand, and also adds a lot of fun. Friends love this feature.

But when a friend shared a Grin envelope in one of Grin’s telegram groups, it was met with another fierce criticism. They didn’t even check the website carefully, they just called us scammers, and the traditional Chinese culture of sending red envelopes was ridiculed, and I did a lot of explaining to no avail, which made me a little frustrated. These Grin bigwigs, whom I used to respect, also behaved rudely and arbitrarily, which disappointed me. But I could totally understand, after all, they had been hurt and the inaccurate English of my friend had triggered misunderstandings. I took their advice and stated in the user warning that the site will keep the user wallet’s private key and please do not deposit large amounts of money. I also changed the English name of “Red envelope” to “Grin envelope”.

Fortunately, this criticism has generated a lot of discussion, and many people agree that an easy-to-use web wallet is needed, except that it needs to be implemented in a way that ensures security, such as using rust+wasm to make the wallet run on the browser front-end instead of the server, using IPFS to store transaction data, etc.

As a matter of fact, I understood from the beginning that a centralized web wallet hosting service is definitely not the ultimate solution, and it even runs counter to the decentralization of cryptocurrencies. Why make such a service? Because it’s just a step, an experiment. The current Easygrin wallet service is not my goal, my real goal is to make Grin easy to use, so that everyone who is not tech savvy can easily use Grin to pay. This goal is not that easy to achieve, but a centralized web wallet service is easier to implement and can be used to validate many ideas and to discover the needs of users. And it has already solved the current problem of transferring Grin between mining pools and exchanges for many miners. While it is true that there is a risk of losing coins stored in the Easygrin wallet (I don’t actually keep large amounts of my Grin here either), the risk of loss can be kept small by transferring small amounts of Grin in and out quickly. For example, if a miner mines 100 Grin per day, retreive it to Easygrin wallet from the pool on the same day, and automatically transfers it to the exchange the next day using the auto-transfer function, then one day a year later, even if the website is unfortunately hacked, he will only lose 100 Grin in total, but this year, he saves a lot of time and effort.

In fact, most mining pools and exchanges are now one big centralized wallet that you need to top up in order to start trading, and it’s not a thing that you can be 100% sure that you’ll get your money back on the exchanges and mining pools. But people are willing to take that risk for the convenience of trading and mining. I personally lost 10 bitcoins in the Mtgox hack event. Despite this, I continue to trade on other exchanges, I’ve just learned not to put all my money on one exchange. While the ultimate goal of blockchain technology is to build a decentralized online world, centralized services are still an essential step in the process. Wouldn’t it be easier to think of the Easygrin wallet as a pipeline connecting mining pools and exchanges, rather than a safe where funds are stored?

So whether or not Easygrin Wallet as a centralized service is worth trying, varies from person to person and requires people to judge for themselves. If not many people find it valuable, then I’d better to close it. To ensure that Easygrin Wallet becomes a pipeline full of a fast flow of Grin and not a safe for coin hoarding, I will take some technical measures to limit users from storing too many Grin coins in it, in addition to a text warning. Maybe these are the differences between me and scammers.

In fact the value of Easygrin Wallet service has been initially confirmed. After a period of operation and improvement, the next course of action I might take are the following, one is to close the public service and open source the code so that technically savvy people can deploy it on their own servers. The second is to make the open source code well encapsulated so that noobs can potentially deploy it. Third, develop a mobile app, transplant the good features and experience in the web wallet (such as always-up-to-date, sending-Grin-envelope), and add a localized wallet with a better experience for the Grin community. Fourth is to use a framework like rust+wasm to create a decentralized secure web wallet that runs on the browser client. Also open to other possibilities that have not been thought of yet. If other developers are inspired to develop a Grin wallet that is both secure and newbie-friendly as soon as possible, making the Easygrin wallet obsolete, or making a major upgrade to the existing local wallet to significantly improve its usablity, then my goal is likewise achieved, and I don’t care if I’m the one who did it, because my goal is to make Grin easier to use.

Addition: I paste the website link here since somebody asked for it. https://wallet.easygrin.org If you want to take a look just remember, don’t put money in it, you won’t have any risk.

12 Likes

I have experienced all the frustrations that OP have been suffered. I will try easy grin. Looks a perfect solution for miners. I quit mining Grin months ago due to transfer problems.

1 Like

Thanks for your efforts
I used a Easygrin Wallet is very good!

1 Like

Thanks for describing your motivation behind this wallet.
@biganiseed Only history will tell if you wallet is safe to use or a scam such as this previous web-wallet. But potentially, your wallet could be what blockchain.com (former blockchain.info) was for Bitcoin, a very valuable addition to the ecosystem. I keep my fingers crossed and hope for the best :crossed_fingers:

Looking forward to it being open-source.

Thanks for describing your problem in such depth. It’s good to see people trying out things they feel would bring more usage to Grin. It seems you forgot to link to the wallet website.

I think we all agree with your point on usability. A GUI wallet on rust side will be tackled after the current features are finished. Today, we just lack the dev resources to make a change in that direction right now. It will happen, just not as fast as everyone would want it to.

Security through obscurity has been proven not to work time and time again. This approach requires even more trust because not only do users have to trust you not to run away with their money, they have to trust you know how to secure the coins e.g. can a user empty your wallet? It’s very easy to trust yourself, but much harder to trust someone you’ve never met or interacted with. If the disclaimer is on the website that people don’t actually own that Grin, then I have nothing against this, but the users have to realize they’re giving away the single most important feature of cryptocurrencies which is self-sovereignty, so it’s a tradeoff that improves usability but takes away self-sovereignty. It’s also fair to note that some people could use such wallet as a mixer for their utxos.

If this helps Grin miners overcome the current issues, that’s great, as long as people are aware of the downsides of such approach. :+1:

Thanks for your comment. Since you and @Anynomous talked about open source, I would like to discuss it more. Say if I open source the website, people know what the code doing and believe it is not evil, but how do they know I’m running the same code on the public site?

1 Like

They don’t unless it’s a github pages or whatever in which case they’d trust github. But it’s a different trust model. In one I have to trust that you’re not evil while in the other, I have to trust that you know how to protect the users. One is a scammer mindset, the other is just a person that needs to learn more about security. I can trust someone has a good intent and at the same time doubt their security skills.

2 Likes

So even if I open source the code, people still can not trust the website because of the nature of centralized service ? Then what’s the point of open source it ? What I can see is just for the convenience of deploying private web wallet for a small group of technicians , but no benifit for noobs. Am I right?

1 Like

Its a two side sword, get feedback but also potentially expose vulnerabilities to attackers.
In general open source works well because it lead to faster improvements, better long term security as well as showing that you have the ‘spirit of open source’.
Because anyone can copy. This also shows that you are not in it for the money, since I or anyone could start a competing service. So although there is always trust involved, it does take away some concerns IMO.

My point was that there is different trust involved. One is trusting you to be a good person, the other is trusting you to know how to secure my funds. Two very different things. I can trust you’re a good person and can check the code if it’s open source to convince myself it’s somewhat secure. I see your argument for closed source, but the concept of hiding the source with the goal to have better security is a known concept that’s usually not well received. Anyway, I don’t want to steer the direction from the point of the post which is the issues of Grin usability.

1 Like

Ok, so the point of open source is to improve the trust level but not completely resolve the issue, plus many other benefits. I will consider it seriously.

3 Likes

Please let me know when it’s open source. I’d love to contribute where I can.

1 Like

Would be nice if some people will test, or those who are already testing and using this wallet will share their experiences here and possible feedback for improvements.

Thank you @shush . So far I can tell is the following:

  1. How it works
    It’s a web UI wrapper of grin-wallet cli, and multi-users management system.
    There is one wallet folder per user, one listening port per user, and a specific grin-wallet process is started for owner_api calling whenver needed.
  2. Technology it based
    Rocky 8, Apache, Ruby on Rails 7, Passenger 6+, Mysql 5+, Redis, Sidekiq, Bootstrap.
  3. Plans
    I’m not urge to open source it because I’m think of building a web client implementing private key security based on rust+wasm tech which proposed by @davidtavarez to replace the core features of current web wallet, while some enhanced function such as 2-step sending is running on web server. I think it’s an ultimate solution for web wallet product, maybe I should go on this way directly.
1 Like

Web wallet works as intended. Sent from grinmint.comwallet.easygrin.org → grin rust wallet using grin tor addresses. UI is intuitive, fast, and responsive meaning refreshing wallet took seconds and wallet checks immediately if sending address is online. Yes time will tell if it can be trusted and I do hope the code becomes open source. Thank you @biganiseed for making this wallet!

3 Likes

Nice work :heart:
look forward to rust+wasm solution for web wallet.

When software is deployed as a web app, wide accessibility is the first thing that comes to mind. After all, the web is the most widely accessible cross device platform. Eth-hot-wallet is a PWA (progressive web app) that can be used from any modern web-browser.

1 Like

I added EasyGrin wallet to the list of available wallets on Grin Hub, with some disclaimer to only use it with small amounts or as intermediate wallet for mining.

4 Likes

This sounds amazing. If you have a work in progress for this re-architecture, putting it on Github might attract some contributors.

3 Likes

Thanks dude.

Sure, will work on it soon.

3 Likes