Project title : StellarGuard Summary : Security for your Stellar account Why spend $100 or more on a hardware wallet just so you can feel safe with your XLM, when you can use the built-in multisignature capabilities of the Stellar network with StellarGuard for free? StellarGuard works with your existing Stellar wallet to keep your account safe by adding 2 factor auth to any wallet. Even if your secret key is compromised your coins will stay. Lobstr, StellarTerm, Stellarport, Interstellar.Exchange, Stargazer and even the Stellar Account viewer: StellarGuard protect them all. Goals : Here are StellarGuard's 2019 objectives: Rate limiting: Basic rules engine to let the user decide how much XLM they can send per time period (working on this now) Enable a mode for "automatic" co-signing for transactions that pass these rules. This would enable trade bots and/or anchors. Enhanced rules engine rules: additional assets, destinations, lockup rules, etc... Additional security features: U2F option for multi-factor authentication (physical keys) Scam/address blacklist + scoring how "risky" a transaction is based on previous transactions, destinations, etc. Enhanced privacy features: New co-signer per account you add instead of sharing the same one. Transaction source tumbler/obfuscation (this will take some research): imagine you send a transaction to someone but you don't want them to know how many XLM you have -- the goal of this feature is to send it through enough hops/mix with other operations that the source account is not able to easily be recovered Site Redesign + UI Changes New logo now that the Stellar rocketship is gone Cleaning up the UX of many pain points, especially the process where you add multiple signers to your account Color scheme/branding changes Better emails -- right now everything is plain text and boring Transaction details page revamp: this page is confusing and incomplete -- some transaction types are just JSON dumps Links : Website: https://stellarguard.me Github (all StellarGuard code is open source and MIT licensed): https://github.com/stellarguard Blog: https://medium.com/@stellarguard Anything else: As the winner of the last SBC, some of you may be asking "why do you need more money?", and that's definitely a fair question to ask! Here's how I've used the winnings from the last SBC: Due to US tax laws, I ended up having to pay taxes on the USD value of what the lumens were worth when they were awarded. I unfortunately did not sell enough to cover my anticipated tax amount immediately when they were awarded. Because of the way the award was taxed (1099, with all the self-employment taxes that entails), it ended up being 35% of the present value. Because the value of the lumens had dropped so far from when it was awarded (worth around 50% of what it was), the taxes ended up consuming almost 80% of the entire award. I ended up paying that completely out of pocket because I just couldn't face it to sell at the low point to cover the taxes... hopefully it comes back. Lesson learned, I'll survive and move on. Warning: personal background time -- this should not influence your decision about whether to choose this project, it should win or lose on its own merits; this explanation is just to add color to my decision about how I spent some of the winnings. I have a full time job and am a father of 3 with a 1 year old child with special needs. All of the time I've spent on this project has been nights or weekends after I've put the kids to sleep. It was not uncommon for me to work on StellarGuard from 11pm-3am and then wake up at 6:30am to get the kids ready for school. All of this started to take a toll on me, and I realized I was getting less and less done as I got more and more exhausted. Because of that, I decided to look for a freelancer to help me accelerate one of the objectives I had (namely the throttling/spend limits and bot support feature). I found someone from a Hacker News thread and exchanged emails and discussed the features and the terms: we agreed on $6000, 1/3 up-front, 1/3 on the first milestone (working demo), and 1/3 when the code was delivered. Everything seemed great and I sent out a tweet a few months ago saying that the feature was "coming soon" after the first demo. Unfortunately, after I sent the 2/3 of the payment, the developer COMPLETELY stopped communicating with me. I cannot get ahold of him by phone or email and because he's based in another country I don't think it's worth it to pursue it legally. So now I'm back to building that feature from scratch by myself. Again lesson learned (I'm learning a lot, hah). Although I have not done this yet, I'd like to hire a part-time support person to answer emails and support requests. This surprisingly (to me at least, maybe not to others) takes up at least 20% of the time that I'm working on StellarGuard. A lot of the emails are something like "can you help me add multisig to my account" or "I tried to configure my account manually and messed up the weights, is there anything you can do?". I'd like to hire someone to answer those so I can focus on feature development/coding. Additionally, I'd like to continue working on my "Anatomy of a Scam" series about spotting Stellar scams and how to avoid them. Possibly this will morph into a global "watchlist" of bad actors, websites, and addresses. Thanks for supporting StellarGuard, let's all work together to keep eachother safe out there!

You will always have my support Paul!

You can never have enough security when it comes to ones money. Your background story about building everything in the late hours of the night sounds very familiar to me. Seeing all the trouble you went through with the previous prize money and your freelancer disappearing I really hope you manage to get funding through the SCF this time again. Best of luck to you!

I've launched a beta version of the logo + color scheme refresh to https://test.stellarguard.me . I'd really appreciate it any feedback about it! Additionally I updated https://github.com/stellarguard/multisig-utils and https://github.com/stellarguard/stellar-uri with versions of the JS SDK that support protocol 11 (as well as updating StellarGuard to supporting protocol 11). Regarding the throttling engine: I'm trying out the new Stellar Go SDK and seeing how the throttling engine would work as a Go microservice. So far so good! Thanks for your support so far everyone.

StellarGuard The logo + text colour looks a bit off, in combination with the background. Too bright perhaps, I don't have the words.. Compare that to the peachy colour of the CTA button, which is much more in harmony with the background. Logo itself is absolutely brilliant!

Agree with dzham, the logo color should be toned down a bit. About the logo, I would make a small change to where the shield connects to the new lines to keep it in line with the new stellar logo:

Thanks for the feedback! I'll definitely be adjusting the colors based on yours and other's feedback -- probably to something slightly and closer to the old blue.

And it's live! https://stellarguard.me . citystates There was an iteration of the logo where it did have that small curve, but it looked odd because of the different angle of approach of the shield, so we decided to just go with the flat one.

1) If you received a lumen award in the past, you should have taken immediate steps to safeguard it from a downswing in the lumen price to ensure you could complete the project for which the funds were granted. Not doing so was kind of irresponsible. 2) If you already have received funds, perhaps you should give other projects a chance. 3) I don't have connections on this board as I'm a new member, so I doubt I'll be able to get votes, but my project has merit, I don't have a family, children, or a day job. I can work 100 hours a week on my project and I can deliver. I would have loved to of received funding from the SBC. That's a once in a lifetime opportunity. I wouldn't have squandered it and then asked for more money while giving all kinds of excuses. I would have delivered GREAT RESULTS and I would have worked incredibly hard.

Additionally, I'd like to continue working on my "Anatomy of a Scam" series about spotting Stellar scams and how to avoid them. Unfortunately, after I sent the 2/3 of the payment, the developer COMPLETELY stopped communicating with me. I cannot get ahold of him by phone or email and because he's based in another country I don't think it's worth it to pursue it legally. I'm sorry to be critical, but you don't seem to be that great at spotting scams? If you are awarded more lumens, how do we know you can StellarGuard them? I do appreciate you being open and honest about what went wrong though. Everybody makes mistakes. But to be awarded another fund, it's important to ask tough questions. How do we know issues with family, children, and your day job won't get in the way? The more you use the funds to hire people instead of doing the work yourself, the greater the risk that something goes wrong again. Other developers and people you hire will only care about their paycheck and not whether the project succeeds.

@deylandra I agree that those considerations don't really have their place in a project entry. However, this is not just StellarGuard: most project that participated in last SBC suffered from the low amount of allocated fund and the market crash that happened right after we received those funds. After that we had 10 month without any contest. It has been hard for independent devs, and most of them left the boat. I've not seen anything like the lifetime opportunity you mentioned. Working on the economy 3.0 is the more precarious & unrewarding activity I ever had. That's why I definitely understand Paul's complain. Now if you think you're that great, maybe you'll do better. It will take more than words, though.

StellarGuard - Security for your Stellar account

dzham

StellarGuard

I've started implementing automated signing policies more times than I can remember. It always the communication layer needed that stops me from doing something more general purpose.

So, yeah, I'm a huge fan of that kind of functionality. I'm not sure if the general ecosystem is ready for it though, we might still be very early.

MisterTicot

Would be nice to see CosmicLinks put at use here 😉

Scopuly

StellarGuard We have been following the development of StellarGuard for a long time - we accept your offer to work together! As soon as the dust from the competition settles, we will look under the hood and play with your technology and, if possible, it would be cool to apply it in our project Scopuly.

StellarGuard

Scopuly Great to hear! Let me know if you have any questions when the time comes.

StellarGuard

One side effect of building out a rate limiting/throttling engine is that I'm able to repurpose it for other forms of throttling, not just payments.

In fact, tonight I'll be rolling out the first of those changes: you will not be able to use the same two factor authentication code more than once, even if it is still valid for the current 30 seconds.

This is a security measure to protect you from phishing: imagine an attacker sets up a clone of stellarguard.me, called steIIarguard.me (those are capital ii instead of L) and you fall for it and enter your username/password and a two factor authentication code. The attacker may gain access to your account, but if you have your security mode set to "high" they will not be able to perform any payments/account settings changes without entering a brand new valid two factor auth code, not the one they just phished from you.

This is just one small security improvement that I've got planned. Much more to come!

StellarGuard

I've launched the first usage of the throttling engine to throttle sign in attempts (6 per minute) and prevent re-use of 2 factor auth codes.

While I was waiting for a new Redis instance to spin up, I decided to write about a topic that has been in the back of my mind for a while. It's called "Stellar - What's in your Wallet" and it goes into a brief discussion about what functions your wallet actually performs and how it interacts with the Stellar network: https://medium.com/@stellarguard/stellar-whats-in-your-wallet-1b07b8f7123a

« Previous Page