Re: [whatwg] URI scheme whitelisting and the case of cryptocurrencies from Michael A. Peters on 2015-03-07 (public-whatwg-archive@w3.org from March 2015)

From: Michael A. Peters <mpeters@domblogger.net>
Date: Sat, 07 Mar 2015 15:45:50 -0800
To: whatwg@lists.whatwg.org
Message-ID: <54FB8DAE.1070107@domblogger.net>

On 03/07/2015 03:40 PM, Michael A. Peters wrote:
>

> Especially crypto-currencies where even on Linux systems, the client is
> often not under a package management system control and may be out of date.
>
> QR codes pose the same problem but it is more difficult to trick a user
> into scanning a QR code, so it is harder to get the user's client to
> launch via a trick.

Another thing to consider, most crypto-currencies use the same Qt client 
codebase - so it is easy for a web site to specify a price in one 
crypto-currency but use the URI scheme for a different one, and some 
users may not realize the wrong client launched until it is too late and 
can't be undone.

e.g. `Please donate 3 QRK - that's all I ask'

but 3 bitcoins are sent before the user realize it was bitcoin-qt that 
the link launched.

Received on Saturday, 7 March 2015 23:46:15 UTC