Any possibility of a mobile app appearing in the coming months / years?
It’s not a priority. Is there anything specific you feel lacking from using LocalMonero from your mobile browser?
I would say 2 things:
Login is particularly cumbersome, especially if you’re on mobile.
a) Only require CAPTCHA if username / password / one time password was input incorrectly 3 times.
b) If a is not feasible, only require CAPTCHA if MFA is not enabled.
QR Code Scanner for quickly obtaining someone’s XMR public address. If I’m meeting with someone to sell XMR for cash, I would like to use the LocalMonero wallet to send the XMR at the same time the user is giving me cash.
But it’s unreasonable to type an entire XMR public address letter by letter, on mobile.
If either of these have already been proposed, then my apologies in advance. I only searched the forum for mobile app.
As an addition, I would ask for an option to receive notifications via mobile message.
Some trades may be time-sensitive and checking e-mail notifications is sometimes not viable enough since they require a manual check.
Any possible update on these 2 suggestions?
Hi @xClaw , unfortunately I don’t agree with you about the possibility to input 3 times incorrectly user+password before seeing CAPTCHA.
The reason is very simple: in this way it would be very simple to start a brute force attack over Tor (so the IP change every time) and steal all the XMR in your wallet… I also find a little bit cumbersome but from the moment I have a currency stored on it I prefer security over an easy to handle site!
By the way we can think about something else to make this process easier !
With regards to the CAPTCHA, we can implement an option that would allow you to stay logged in for longer. This would save you from the trouble of having to relogin on your phone every time.
With regards to the QR code scanner, you can use an external QR scanner app and copy the resulting address to the clipboard to then paste it into LocalMonero. Otherwise, we’d have to implement getting camera permissions on the website, which increases the potential privacy and security risk.
Changing IP over Tor doesn’t mean the counter is going to reset. The counter is based on the account, not your source IP.
Also, a brute force attack is easily stopped by blocking access to the account for 15 minutes after 5 failed logins (or 10 if you want to be a little less strict).
Regarding logged in time, I think it’s fine now. Probably an option should be set to allow users to configure it, it will certainly not hurt
As for the QR Code Scanner, I know I can use an external one, but that’s missing the point.
I could also use Monerujo and completely bypass using LocalMonero to transfer, but again, missing the point.
I was however, not suggesting that this feature is added to the site. I agree with you that asking for camera permissions via a website on a browser would certainly not be the best way to go about this.
It was more of a thought, for a feature, if someday you decide that a mobile app to complement the website is viable. Perhaps in the future