by Captain Blackberry » Fri Feb 03, 2017 11:54 pm
I managed to get a 1 week token (a quick test so if it went wrong, not too much cash down)
I connected via Cryptofree. Created a guerrillamail temporary account (save the seed key and address to double check if you need to reload it!)
I just kept allowing all the stripe junk to run.
I also set Firefox to allow popup windows, since the Stripe is a popup Window.
I think this popup is what allows the web-page delivery of the token to appear rather than not, and relying entirely on the email delivery.
Also the popup brings up the QR code option.
The Firefox browser in question is pared back, so it's like vanilla at each load.
Only uMatrix was running.
I then paid via an iPhone and QR code from a phone based wallet (not a crappy online one!), connected via Cryptofree.
For thos running uMatrix here is the list that got me the token:
cryptostorm.is api.stripe.com * allow
cryptostorm.is b.stripecdn.com * allow
cryptostorm.is b.stripecdn.com frame allow
cryptostorm.is checkout.stripe.com * allow
cryptostorm.is checkout.stripe.com frame allow
cryptostorm.is cryptostorm.is * allow
cryptostorm.is js.stripe.com * allow
cryptostorm.is q.stripe.com * allow
cryptostorm.is q.stripe.com frame allow
cryptostorm.is stripe.com * allow
cryptostorm.is stripe.com frame allow
cryptostorm.is stripecdn.com * allow
cryptostorm.is stripecdn.com frame allow
Interestingly, as opposed to what you said df:
"""EDIT:
>>"Since there is no 'QR' payment system either, only an address, there is no trusted authentication (unlike the old Bitpay service)."
There is a QR feature in the Stripe checkout window though, just click that "Scan" button in the bottom right hand corning of the small window. That has nothing to do with trusted authentication though, nor did it whenever we were using Bitpay."""
Paying via QR code via the popup gave me the token within about 20s. The btc payment still hasn't confirmed.
Paying by QR, seems to allow the token to be sent well in advance of the confirmation.
So, a lesson to all trying to buy tokens for cryptostorm with btc.
Ideally I'd like to see a more robust system (more simple browser functionality), rather than having to run and rely on so much crap from Stripe.
Popups, CDNs, multiple domains, and many scripts, means you really have to have your wits about you if you want to get a token 'cleanly'
It'd be great to see a system that somehow utilises the open and hidden values within the blockchain to generate the cs keys automatically.
Ie, a payment to a provided address, and some specific of the senders details is the key.
I roll hex dice to then generate an address for example. That hash is visible to CS and is on the blockchain.
If that hash is allowable for a connection, then the original hex string would be a viable CS key?
Or something like that?
PS, any chance that the transaction I made, but the key I didn't get, can be reversed/reset?
If not fine, but I think it's important to ask. If I wanted PIA levels of anonymity and protection I'd be over there in a flash.
I want CS levels of anonymity but I also hope that you support that anonymity with the systems you use to sell the tokens without me losing money so easily!
I managed to get a 1 week token (a quick test so if it went wrong, not too much cash down)
I connected via Cryptofree. Created a guerrillamail temporary account (save the seed key and address to double check if you need to reload it!)
I just kept allowing all the stripe junk to run.
I also set Firefox to allow popup windows, since the Stripe is a popup Window.
I think this popup is what allows the web-page delivery of the token to appear rather than not, and relying entirely on the email delivery.
Also the popup brings up the QR code option.
The Firefox browser in question is pared back, so it's like vanilla at each load.
Only uMatrix was running.
I then paid via an iPhone and QR code from a phone based wallet (not a crappy online one!), connected via Cryptofree.
For thos running uMatrix here is the list that got me the token:
cryptostorm.is api.stripe.com * allow
cryptostorm.is b.stripecdn.com * allow
cryptostorm.is b.stripecdn.com frame allow
cryptostorm.is checkout.stripe.com * allow
cryptostorm.is checkout.stripe.com frame allow
cryptostorm.is cryptostorm.is * allow
cryptostorm.is js.stripe.com * allow
cryptostorm.is q.stripe.com * allow
cryptostorm.is q.stripe.com frame allow
cryptostorm.is stripe.com * allow
cryptostorm.is stripe.com frame allow
cryptostorm.is stripecdn.com * allow
cryptostorm.is stripecdn.com frame allow
Interestingly, as opposed to what you said df:
"""EDIT:
>>"Since there is no 'QR' payment system either, only an address, there is no trusted authentication (unlike the old Bitpay service)."
There is a QR feature in the Stripe checkout window though, just click that "Scan" button in the bottom right hand corning of the small window. That has nothing to do with trusted authentication though, nor did it whenever we were using Bitpay."""
Paying via QR code via the popup gave me the token within about 20s. The btc payment still hasn't confirmed.
Paying by QR, seems to allow the token to be sent well in advance of the confirmation.
So, a lesson to all trying to buy tokens for cryptostorm with btc.
Ideally I'd like to see a more robust system (more simple browser functionality), rather than having to run and rely on so much crap from Stripe.
Popups, CDNs, multiple domains, and many scripts, means you really have to have your wits about you if you want to get a token 'cleanly'
It'd be great to see a system that somehow utilises the open and hidden values within the blockchain to generate the cs keys automatically.
Ie, a payment to a provided address, and some specific of the senders details is the key.
I roll hex dice to then generate an address for example. That hash is visible to CS and is on the blockchain.
If that hash is allowable for a connection, then the original hex string would be a viable CS key?
Or something like that?
PS, any chance that the transaction I made, but the key I didn't get, can be reversed/reset?
If not fine, but I think it's important to ask. If I wanted PIA levels of anonymity and protection I'd be over there in a flash.
I want CS levels of anonymity but I also hope that you support that anonymity with the systems you use to sell the tokens without me losing money so easily!