Project title: StellarGuard
Security for your Stellar account
Why spend $100 or more on a hardware wallet just so you can feel safe with your XLM, when you can use the built-in multisignature capabilities of the Stellar network with StellarGuard for free? StellarGuard works with your existing Stellar wallet to keep your account safe by adding 2 factor auth to any wallet. Even if your secret key is compromised your coins will stay. Lobstr, StellarTerm, Stellarport, Interstellar.Exchange, Stargazer and even the Stellar Account viewer: StellarGuard protect them all.
Here are StellarGuard's 2019 objectives:
- Rate limiting:
- Basic rules engine to let the user decide how much XLM they can send per time period (working on this now)
- Enable a mode for "automatic" co-signing for transactions that pass these rules. This would enable trade bots and/or anchors.
- Enhanced rules engine rules: additional assets, destinations, lockup rules, etc...
- Additional security features:
- U2F option for multi-factor authentication (physical keys)
- Scam/address blacklist + scoring how "risky" a transaction is based on previous transactions, destinations, etc.
- Enhanced privacy features:
- New co-signer per account you add instead of sharing the same one.
- Transaction source tumbler/obfuscation (this will take some research): imagine you send a transaction to someone but you don't want them to know how many XLM you have -- the goal of this feature is to send it through enough hops/mix with other operations that the source account is not able to easily be recovered
- Site Redesign + UI Changes
- New logo now that the Stellar rocketship is gone
- Cleaning up the UX of many pain points, especially the process where you add multiple signers to your account
- Color scheme/branding changes
- Better emails -- right now everything is plain text and boring
- Transaction details page revamp: this page is confusing and incomplete -- some transaction types are just JSON dumps
Github (all StellarGuard code is open source and MIT licensed): https://github.com/stellarguard
As the winner of the last SBC, some of you may be asking "why do you need more money?", and that's definitely a fair question to ask!
Here's how I've used the winnings from the last SBC:
Due to US tax laws, I ended up having to pay taxes on the USD value of what the lumens were worth when they were awarded. I unfortunately did not sell enough to cover my anticipated tax amount immediately when they were awarded. Because of the way the award was taxed (1099, with all the self-employment taxes that entails), it ended up being 35% of the present value. Because the value of the lumens had dropped so far from when it was awarded (worth around 50% of what it was), the taxes ended up consuming almost 80% of the entire award. I ended up paying that completely out of pocket because I just couldn't face it to sell at the low point to cover the taxes... hopefully it comes back. Lesson learned, I'll survive and move on.
Warning: personal background time -- this should not influence your decision about whether to choose this project, it should win or lose on its own merits; this explanation is just to add color to my decision about how I spent some of the winnings. I have a full time job and am a father of 3 with a 1 year old child with special needs. All of the time I've spent on this project has been nights or weekends after I've put the kids to sleep. It was not uncommon for me to work on StellarGuard from 11pm-3am and then wake up at 6:30am to get the kids ready for school. All of this started to take a toll on me, and I realized I was getting less and less done as I got more and more exhausted.
Because of that, I decided to look for a freelancer to help me accelerate one of the objectives I had (namely the throttling/spend limits and bot support feature). I found someone from a Hacker News thread and exchanged emails and discussed the features and the terms: we agreed on $6000, 1/3 up-front, 1/3 on the first milestone (working demo), and 1/3 when the code was delivered. Everything seemed great and I sent out a tweet a few months ago saying that the feature was "coming soon" after the first demo. Unfortunately, after I sent the 2/3 of the payment, the developer COMPLETELY stopped communicating with me. I cannot get ahold of him by phone or email and because he's based in another country I don't think it's worth it to pursue it legally. So now I'm back to building that feature from scratch by myself. Again lesson learned (I'm learning a lot, hah).
- Although I have not done this yet, I'd like to hire a part-time support person to answer emails and support requests. This surprisingly (to me at least, maybe not to others) takes up at least 20% of the time that I'm working on StellarGuard. A lot of the emails are something like "can you help me add multisig to my account" or "I tried to configure my account manually and messed up the weights, is there anything you can do?". I'd like to hire someone to answer those so I can focus on feature development/coding.
Additionally, I'd like to continue working on my "Anatomy of a Scam" series about spotting Stellar scams and how to avoid them. Possibly this will morph into a global "watchlist" of bad actors, websites, and addresses.
Thanks for supporting StellarGuard, let's all work together to keep eachother safe out there!