Image header: Project title: SendIt - Blockchain payment via Email Summary: SendIt is on a mission to simplify the use of blockchain for everyday users. SendIt is a simple but powerful wallet that allow anyone to send and receive payment via their normal email, users to use and interact with stellar blockchain just like they will use their normal bank app, without the need to know the technical part of it. It is no doubt that the greatest challenge to blockchain mass Adoption is caused by the complexity of Blockchain, fact that not everyone can understand the technical part of blockchain, not everyone will understand what public key, private key, consensus algorithm, validators, smart contract, hashing, cryptography, encryption, decentralization and other technical terms really mean, These terms makes Blockchain Really hard to use for someone who just want to enjoy control of their Money and the security blockchain provides, Sendit is solving this problem. Category: Applications, tools, infrastructure Goals: SendIt is on a mission to make Blockchain services accessible to everyone. Simplify the use of Blockchain for Everyday users, Encouraging mass adoption. Financial Inclusion for All through stellar Blockchain Timeline: We have launched the testnet version for everyone to check out (With limited features) and we will appreciate feedbacks, Within Two months we will launch on mainnet with Support for few stable coins and XLM. As we progress we will integrate more stable coin and other asset supported on StellarDex. Description: The present dapps are really doing a great job, but there is still need to embrace the everyday users(The masses), using any of the present wallet requires you to provide your recipient public key, Which can actually be a serious challenge to someone not in the space before. SendIt has provide an awesome solution to this, users don't need to Know anything about the public key part of blockchain to enjoy the benefit of blockchain, With SendIt users can send/transfer fund to anybody just by knowing their recipient email address(Not a Federated address). Say your friend Bob own the email address bob@yahoo.com , you will be able to transfer any Trusted asset to Bob just by typing his email address( bob@yahoo.com ) and he get a notification of the fund and can do whatever he wishes to do with his Fund, When sending to Bob for the first time, you will encrypt this transaction with a pin, Bob can only claim ownership of fund if he has the Pin for this Transaction. Reverse/Recall Transaction send to a wrong email- We understand that users can actually make mistake of typing a wrong email address when sending fund/asset to a new account, for this we provide a solution to be able to recall/reverse this transaction just in-case of any mistake(as long as the users of the email don't have the pin to the transaction) say you send asset/fund to bobb@yahoo.com instead of bob@yahoo.com , you will be able to reverse this transaction back to your account but you only get the destination asset. This feature is only available if you are sending to a new account. Transaction sent to an existing account can not be reverse. In another attempt to encourage mass adoption of stellar blockchain, Users of SendIt will be able to Hold Asset A and send Asset B to another Users, via their Email, Public address or a federated Account(This will be only for asset available on stellar Dex). Example You are a father/husband who works in the Uk and have your family in Nigeria, You will be able to transfer USD and Your family get NGN(Almost instant, thanks to stellar awesome structure) without the need for any of the parties to visit bank for this transaction, and fund is available to be withdraw immediately to you local account(Thanks To stellar Anchors). Imagine You seating on your couch at home(say London, UK, China. etc) and be able to send me Naira without the need to visit a bank for FX or the need to Visit the Exchange to sell one token for another. You get to See the amount that will be deducted from Your account before Sending. This feature will be available for all asset added to the wallet. It is no doubt that blockchain provides tons of advantage compare to the traditional Financial system, with SendIt, Users will be able to enjoy the benefit of Stellar Blockchain without the need to know the technical part of it. Users will be able to Fund their wallet just like they will fund their normal bank account, have TOTAL CONTROL OF Fund, SECURITY, LOW TRANSACTION FEE, FAST TRANSACTION TIME(3 secs) and many more will be available to user. Experience Users of Blockchain wallets are also welcome to use SendIt, transfer via federated and Public Key address will also be made available for everyone, Experienced Blockchain Users will be able to add custom asset and this custom asset will be available for email transfer too. Users will be able to receive trusted asset via their federated address and public key from other Experienced users and they will be able to get trusted asset via their email too. The test version for the wallet is available to be tested out by anyone, Custom adding of asset isn't available for the testnet version at the moment. For deposit You can mimic the deposit of both USD and NGN and the amount you enter will be credited for testing(not more than 20k). We plan to launch with USD, XLM, NGN, and adding custom asset, More asset will be added as we progress. ALL TRANSACTIONS PROCESSED ON SENDIT ARE BLOCKCHAIN BASED (Can be viewed Right on Stellar.expert) Links: Link to testnet https://bit.ly/2wVugX0 Tags: python, sendit,

SendIt - Payment via Email

umbrel

What region are you targetting? What are funding options?

Afolabi

umbrel
Thanks for the question.

Email fund transfer ontop of blockchain gives us world wide reach but we intend to take this one step at a time bearing In mind local regulations. For start it will be Africa and others who live in diaspora who just want to send money to their loved ones at home.

Afolabi

@umbrel
Our funding option include(but not limited to ) grants, equity funding and more but at the moment we are not considering having an ico, ieo or tokensale

umbrel

Afolabi sorry, I guess I wasn't clear enough, I meant funding options for users
on your website you have this

Afolabi

umbrel
Funding options for fiat deposit, users will be able to fund their fiat account using methods provided by anchors on the stellardex. We are working on more ways to make sure users can have many choice to fund their fiat wallet, this include using debit and credit card.
For crypto Funding, users can use any of the three methods supported on sendit, federated address, pure email, public key, option for phone number is in the pipeline too

Afolabi

@umbrel
And funding your wallet via crypto also gives you access to send crypto and specify what currency you want the end User to receive. This might be fiat stable coin or any other asset available on stellardex

John

It is not a decentralized solution and In my opinion, no one will use this app and will not give their asset to a third party
Also please change your screenshot in landing page because it's not related with your idea

Afolabi

John

Thanks for your contributions, but in the real sense sendit is not a centralized solution, we are just making stellar accessible to everyone by simplifying the process. Sendit doesn't keep anyone token/asset they are live on the blockchain and wallet created through sendit can be exported to any other wallet that support exporting wallet with private key.

Afolabi

@John hopes that helps

tyvdh

@John You need to relax with your decentralization demands and general aggressive tone. You're very clearly not acting in the spirit of the SCF. Hard questions are good but demands outside the requirements of the SCF and general disrespect for entries aren't helpful. Please provide kind and supportive feedback even as you do ask good, appropriate and direct questions. Thank you.

marcinx

Hey! Interesting approach. Moving money literally like email 🙂 How do you implement the payment triggers via email? Does it involve sharing any private keys? How do you protect yourself from nasty things like email spoofing and verifying the sending host etc.? Looking forward to see the final product!

PS: Thanks again for all your help with our NGN integration!

Afolabi

marcinx
Interesting questions.
When sending fund to anyone via sendit you are not sharing any details except your email address or name and this is mainly to indicate who send the fund, to view even public key of the sender the recipient will have to view transaction history on blockchain. SendIt is Created to accommodate crypto newbies, experienced users and users of all age.We at SendIt understand the importance of users details (secretkey) For this we implemented the structure to fit into everyone lifestyle.

For email spoofing each users need to confirm their email before full registration(full implementation when we launch) and there are plans to implement more advance email confirmation to avoid email spoofing and other malicious act.

Afolabi

During registration of new users keypair is generate and attached to the email address of the user making it possible to carry out email transfer of blockchain based asset/fund. When you initiate a transfer to an email, technically what happen behind the scene is just a typical sending from your public key to public key of the users on blockchain, this makes it possible for anyone to use stellar blockchain without even know this happen.
marcinx Hope this answer how We trigger email transfer on SendIt

Banke

Am new to crypto but this idea is really cool. I have some questions, If am sending fund or asset to someone email, does this person need to have an existing account on your platform and how safe is keypair generated. I mean the private key.

Afolabi

Banke

SendIt Uses bank-grade encryption to encrypt Users private key and all of this is handle client-side making sure raw private is not expose to anyone. We do not at any point have your raw private key stored with us, only the encrypted copy and this copy can only be decrypted using your password(Which should be know to only you). If you have further question(s), please do well to ask them.

thanks for your interest

Afolabi

H@Banke#13218 , thanks for your question, it a great one.

You can send asset/fund to any email address, the users do not need to have an account with SendIt before they can receive fund send to them, but on your part you will need to encrypt this transaction with a pin when sending fund/asset and the owner of this email can only claim this fund if they have the pin you used to encrypt this transaction. Instruction on how to claim fund is send to the recipient, this is just telling the recipient to claim fund by clicking a unique link and enter the pin attached to the transaction. You will find more details in the description section of this post.

galactictrade

Afolabi I checked your application and it is not important how you handle the user's private key because you get the user's password as plaintext in POST request while logging in and registering. You can get the password of the user you receive as plaintext by logging the POST request that reach the server whenever you want and thus you can reach the private key by this password.

enter image description here

Afolabi

galactictrade
will be great if you can give more details about this issue, Users password are not send in plaintext via post, they are hashed before sending to server, please provide more details.

galactictrade

Afolabi In your application, user password is sent as plaintext in POST request.

Check my screen record : https://cl.ly/444751656e49

... they are hashed before sending to server ...

You're not hashing the password before it is reach to the server. You can hash the password in your backend (server) but it doesn't mean it is safely hashed because you have plaintext version of it when it is sent to server for first time. You can log this plaintext password and can use it to reach user's private key. The screen record is proof of that.

I assuming you're using PHP

<?php

// you have plaintext version of password and getting it by POST request from the user
$password = $_POST['password'];

// think we have an abstract logPassword function which is saving given data into a file
// $password is plaintext password of the user from POST request
// we're sending $password into this function and tadaaa you have user's password now you can use it to decrypt
logPassword($password);

// now you can claim you're hashing the password for 1000000000000000 times
// but it doesnt matter because you have plaintext version of it when it is reach to the server
$very_secure_version_password = hashPasswordFor100000000Times($password);

I hope this simple example will help you understand that there is no security you claim.

Afolabi

galactictrade

Oook, now I get your concern. We don't store plaintext just like I said before and this is not exposed anywhere in the source code, only hashed one is save and this is securely hashed, thanks for your feedback. Feedbacks like this help improve the App

Funding will help us create a more robust system, intuitive UI and also add more feature. Thanks so much for your concern, if you have more concern(s) please share them we are happy to hear , this will help us improve