Hello, thank you very much for your comments, for the first part the intention of the multi-signature features is to make another additional use available to the public by using them as votes for decisions taken in a group where the majority wins, on whether they will use it I do not know but something If I am sure if they don't have it they will never use it.
I think the main problem here is who has control of the private keys and in fact had considered it from the beginning, the main problem is the way the telegram bots are thought, but I am thinking of solving it in later versions already be:
- encrypt the secret key with a password that the user sends and request it every time they make a transaction.
- do not store the secret key but constantly request it in each transaction.
in both cases the information would be used on the fly.
Even so, there are still questions to be solved depending on how paranoid I get, I make the source code available to everyone, but even if that is not a guarantee that I use the same code on the server and in the git (which I do not plan to do but for put an example) well then anyone is free to put their own server with the source code that I made available, or based on it, or create their own bot.
but if you are right as this is not very reliable I will try to do the transactions on the fly as a solution, I hope I can finish it before the end of this stage.
Lastly, the main difference between our bot and others (as far as I could see) is that we give the source code, export the keys (for the moment only direct chat -no group or assets-) and will soon allow transactions on the fly, my intention is that it is the easiest to use and implement, that's why I put buttons, so maybe in the future I will generate a container for docker, including instructions on how to generate the container in case there is no trust in the provided image.