English translation is here. (Английский перевод здесь).

До сих пор не было абсолютно никакой независимой оценки квалифицированными экспертами по безопасности и конфиденциальности ни одного из кошельков TON.

Таким образом, Tonkeeper до сих пор не имел независимой оценки конфиденциальности и безопасности.

С другой стороны, TON Foundation также проверил API Tonhub - и признал его безопасным. Это оценка, которой мы можем, по крайней мере на первый взгляд, доверять, потому что TON Foundation и Tonhub Whales не совсем друзья.

Если TON Foundation также проверила кошелек Tonhub, то неясно, что именно они проверили и как это связано с прошлыми или текущими версиями кошелька Tonhub.

Открытый исходный код, в данном контексте, означает, что код доступен для любого пользователя. Благодаря тому, что Tonhub имеет открытый исходный код, мы можем проверить код и увидеть, что они шпионят за всеми своими пользователями, а также привязывают их к адресам.

Это хорошо для гиков, которые могут посмотреть на такой код и понять его смысл, но это бессмысленно для широкой публики, вот почему независимые сертификаты что-то значат, при условии, что они исходят от авторитетных независимых профессионалов.

Сам блокчейн TON недавно был проверен Certik, и некоторые проблемы, не имеющие первостепенного значения для безопасности, были найдены и исправлены, и этот отчет был открыто опубликован TON Foundation. Поэтому мы можем быть уверены в открытом исходном коде TON.

А как насчет API, который TonSafe использует для подключения к блокчейну? Поскольку существуют API с открытым исходным кодом, которые можно использовать и которые уже разработаны экспертами по блокчейну TON, мы решили использовать один из них, а не создавать его самостоятельно.

Создание такого API мы бы ввели и взяли на себя дополнительную ответственность, которую мы не были готовы взять на себя, учитывая доступные ресурсы, и мы выбрали Tonhub API именно потому, что он не является частью TON Foundation, но был одобрен им.

Как мы заявляли ранее, собственный API TON Foundation должен был бы пройти независимую проверку, а на тот момент она не была проведена. Исходя из того, что было объяснено ранее, поэтому имеет смысл использовать API Tonhub, который содержит лицензию MIT.

Поэтому TonSafe не несет ответственности ни за блокчейн TON, ни за интерфейс между кошельком и блокчейном, а именно API. И то, и другое можно считать безопасным, учитывая количество квалифицированных специалистов по блокчейну, которые имеют к ним доступ.

Поэтому наша ответственность лежит исключительно на самом приложении кошелька: обеспечить максимальную безопасность, надежность и конфиденциальность для пользователей кошелька TonSafe. Итак, давайте теперь обратимся к кошелькам.

Как вы уже поняли, кошелек - это фронт-энд/лицо, с которым вы взаимодействуете, чтобы выполнять действия на блокчейне, который можно считать бэк-энд или базой данных, а невидимый интерфейс между ними - это API.

Как мы уже говорили, открытый исходный код - это хорошо, потому что он позволяет тем из нас, кто может разобраться в нем, проверить код на наличие каких-либо "черных дыр" или уязвимостей. Из этого мы видим, что Tonhub собирает всевозможные данные о пользователях своих кошельков, нарушающие конфиденциальность.

Хотя это может помочь в разработке, особенно пользовательского опыта (UX) и пользовательского интерфейса (UI), в которых команда китов очень слаба, потому что они могут анализировать все, что вы нажимаете и все, что вы делаете в кошельке, но действительно ли вам это нужно?

Как пользователь кошелька, хотите ли вы доверять команде, имеющей сомнительную историю майнинга, которая видна в их чате и освещается в других местах или вообще кому-либо, включая TonSafe, когда вы не знаете нас лично, с такой информацией, нарушающей конфиденциальность?

Они получают адрес вашего кошелька и то, что вы делали в приложении, когда и где вы нажали, какое окно вы открыли и что вы делали в этом окне. TonSafe абсолютно не делает ничего подобного, и вам нужно проверить, делает ли это Tonkeeper, поскольку мы не смотрели их код, нас больше волнует наш собственный код.

Так что открытый исходный код - это хорошо в том смысле, что мы можем видеть, что Tonhub - это не тот кошелек, который должен использовать тот, кто не хочет, чтобы за ним следили. Как будто это недостаточно плохо, у Tonhub также есть адресная книга, где все имена ваших контактов и адреса кошельков хранятся на сервере Tonhub, так что они могут объединять все эти данные.

До недавнего времени, в течение более чем шести месяцев, Tonkeeper был связан со всеми видами крупных технологических компаний, нарушающих конфиденциальность, включая Google. Это было даже заметно пользователям iPhone, которые могли использовать функцию Privacy, чтобы проверить, куда подключается Tonkeeper. Таким образом, и Tonkeeper, и Tonhub крайне небрежно относятся к конфиденциальности!

Но есть ли минусы у открытого кода? Безусловно. Злоумышленник может изучить код, к которому иначе он не имел бы доступа, и найти уязвимость, которую никто другой не заметил. Даже "лучшие программисты мира" допускают ошибки:

Помните, Certik выявил несколько проблем, которые "лучшие программисты в мире" (из Telegram/TON Foundation) пропустили. И они быстро исправили их. Но что если бы эта проверка не состоялась и что если бы существовала более серьезная не обнаруженная уязвимость?

"Andrew Python", еще один способный программист из команды Tegro, нашел такую уязвимость и сумел опустошить кошелек игорного сайта TON. Если бы он был злоумышленником, он мог бы просто оставить все деньги себе и молчать обо всем этом.

Так что обратная сторона открытого исходного кода заключается в том, что вы полагаетесь на способных и квалифицированных людей, которые действительно проверят, а затем тихо сообщат об этом и исправят, прежде чем это станет достоянием общественности. Много месяцев назад, был проведен конкурс с открытым исходным кодом, который обнаружил ряд ошибок в кошельках и некоторые из этих ошибок до сих пор не исправлены!

Кто-нибудь поднимал шум по поводу этих проблем? Нет. Поэтому злоумышленники могут манипулировать слабыми местами в коде или даже в стратегии безопасности, а также использовать другие формы инженерии для получения выгоды. Отказ от публикации кода останавливает такие проблемы.

И давайте не будем забывать, что TON Foundation, который утверждает, что поддерживает только проекты с открытым исходным кодом, а не с закрытым, все это время поддерживал и фактически владел кошельком Tonkeeper с закрытым исходным кодом. Так что давайте не будем поддаваться на этот аргумент.

Вместо того, чтобы исправить эту проблему, спустя много месяцев с момента выхода многочисленных обновлений, Tonkeeper не побеспокоился об этом. Вместо этого они закрыли свой публичный чат поддержки и теперь все запросы в поддержку поступают непосредственно к бедному Денису.

Опять же, закрытие публичного чата поддержки - это не обязательно плохо, но другие люди, которые теряют свои монеты с Tonkeeper, по крайней мере двумя известными мне способами, не будут знать об этой проблеме. Включая злоумышленников.

А поскольку TON-Telegram сам в значительной степени централизован вокруг сайта ton.org и владеет/продвигает Tonkeeper-ом и другими проектами, такими как fragment, нет необходимости беспокоиться о продвижении кошелька, которому не хватает качества UI/UX.

Это, конечно, полностью разрушается, когда личность человека связана с кошельком и это дает китам Tonhub богатую информацию о том, кто именно является их пользователями, на каких IP-адресах они находятся и что именно они делают со своими кошельками в мельчайших подробностях.

Но ничего, это все с открытым исходным кодом, верно? В том числе о вашей личной жизни. И это может быть даже связано с вашей личной безопасностью. И не говоря уже о вопиющем отсутствии функций безопасности и возможности «отправить весь» свой баланс, чего вы не найдете ни в одном банковском приложении, ни в TonSafe.

И неважно, что и Tonkeeper, и Tonhub обманывают своих пользователей и Apple, создавая фальшивую кнопку удаления аккаунта (а в случае с Tonhub даже поощряя пользователей отправить весь оставшийся баланс китам/Whales), в то время как TonSafe не делает ничего подобного, мы четко информируем пользователей, что аккаунт не может быть удален из блокчейна.

TonSafe задолго до других кошельков планировал адресную книгу или список контактов. Однако, как всегда, TonSafe никогда не выпускает ничего в бета-версии без надлежащего тестирования. Поэтому, когда это будет выпущено, вы увидите, что оно намного превосходит конкурентов, но также полностью заботится о вашей конфиденциальности, все остается на вашем телефоне.

И как будто, прочитав это, вы захотите доверять другим кошелькам больше, просто потому что они существуют дольше: TonSafe находится в разработке с апреля 2022 года, после нескольких месяцев исследований необходимых функций безопасности в других кошельках и месяцев тестирования был выпущен в магазины приложений.

И не выпущен как бета-версия: другие кошельки по-прежнему обозначают себя как бета-версию, чтобы защитить себя от любых обязательств и ответственности за потерю ваших монет. TonSafe не имеет открытого исходного кода и уж точно не является бета-версией. Мы уверены в нашем интерфейсе, который разработан с большой тщательностью и вниманием к деталям и вашей безопасности.

Для получения дополнительных изображений см. оригинал на английском языке.

Ref: https://developer.mixpanel.com/docs

Ref: https://github.com/tonwhales/wallet

🇷🇺 Русский перевод здесь. (Russian translation is here).

🇨🇺 La traducción al español está aquí. (Spanish translation is here).

Until now there has been absolutely no independent assessment by qualified security and privacy experts of any of the TON wallets.

Thus, Tonkeeper has had no independent privacy and security assessment to date.

TON Foundation on the other hand, has also reviewed the Tonhub API — and found it to be secure. This is an assessment we can at least on the face of it, give some credence to, because the TON Foundation and Tonhub Whales aren't exactly friends.

If TON Foundation has also reviewed the Tonhub wallet, then it isn't clear what exactly they have reviewed and how it relates to past or current versions of the Tonhub wallet.

Open Source, in this context, we take to mean that the code is available for anyone to inspect. Thanks to Tonhub having open source code, we can, for example, check the code and see that they spy on all their users and also associate them to addresses.

This is fine for the geeks who can look at such code and make sense of it but it is meaningless for the general public, which is why independent certifications mean something, provided they are from reputable independent professionals.

The TON blockchain itself was recently reviewed by Certik and some issues that were not paramount to security were found and fixed, and this report was openly published by the TON Foundation. Therefore, we can have confidence in the open source TON.

So, what about the API which TonSafe uses to connect to the blockchain? As there are existing open source API that can be used and which are already developed by experts in the TON blockchain, we chose to use one of those, rather than create it ourselves.

To create such an API by ourselves would introduce an additional responsibility which we were not ready to take on given the resources available, and we chose the Tonhub API precisely because it is not part of TON Foundation but has been approved by it.

As we stated earlier, the TON Foundation's own API would need to be independently reviewed, and at the time it had not been. On the basis of what was explained earlier, it therefore makes sense to use the Tonhub API which contains MIT license.

Therefore, TonSafe, is not responsible for the TON blockchain nor the interface between the wallet and blockchain, namely the API. Both these can be presumed secure given the amount of qualified blockchain technicians that have access to them.

Our responsibility then lies exclusively with the wallet app itself: to ensure maximum safety, security and privacy for TonSafe wallet users. So, let us now address wallets.

As you will have understood, the wallet is like a front end that you interact with, to perform actions on the blockchain which could be considered a back end, or data base, and the invisible interface between the two is the API.

As we said earlier, open source is a good thing because it allows those of us who can make sense of it, to inspect code for any back doors or vulnerabilities. From this we can see that Tonhub collect all sorts of privacy-invasive data on their wallet users.

While this can serve to assist in development, especially user experience (UX) and user interface (UI) both of which whales team are very weak on, because they can analyze everything you tap on and everything you do in the wallet, but do you really want this?

As a wallet user, do you want to trust a team that has a dubious history around mining, all visible in their chat, and covered elsewhere, or indeed, anyone including TonSafe, when you do not know us personally, with such privacy-invasive information?

They get your wallet address and exactly what you have done throughout the app, when and where you tapped, which window you opened, and what you did in that window. TonSafe absolutely does no such thing, and you need to check if Tonkeeper do, as we haven't looked at their code, we're more concerned with our own code.

So open source is a good thing in that sense that we can see that Tonhub is not a wallet anyone who does not want to be spied on should use. As if that isn't bad enough, tonhub also have an address book where all your contacts names and wallet addresses are stored on the tonhub server, so they can merge all of this data.

Tonkeeper, until fairly recently, and for more than six months, connected to all manner of privacy violating big tech companies including Google. This was even easily visible to iPhone users who could use the Privacy feature to check where Tonkeeper was connecting. Thus both Tonkeeper and Tonhub are extremely cavalier with privacy!

But are there downsides to open source code? Certainly. A bad actor can review code which they otherwise would not have access to, and find a vulnerability that no one else had noticed. Even the "top programmers in the world" made mistakes:

Remember, Certik identified several issues that the "top programmers in the world" (those of Telegram/TON Foundation) had missed. And they quickly patched them. But what if this review had not taken place, and what if there was a more serious undiscovered vulnerability?

"Andrew Python" another top capable programmer on the Tegro team, had found such a vulnerability and managed to empty the wallet of a TON gambling site. If he had been a bad actor, he could have simply kept all the money, and stayed quiet about it all.

So the downside of open source, is that you are relying on capable and qualified people to actually check, and then to report it quietly and have it fixed, before it goes public. There was a recent open source contest many months ago which found a number of bugs in the wallets, and some of these bugs still haven't been fixed!

Has anyone made any noise about any of these issues? No. So bad actors could manipulate weaknesses in the code, or even in the security strategy, so use other forms of engineering to take advantage. Not publishing code, stops such problems.

And let us not forget the the TON Foundation which claims to be all about supporting open source projects only, and not closed source, was all along supporting, and in fact owning, the Tonkeeper closed source wallet. So let us not fall for that argument.

Instead of fixing this issue, many months later with many updates since then, Tonkeeper have not bothered. Instead, they shut down their public support chat and now all the support requests go directly to the poor hapless Denis directly.

Again, shutting down a public support chat is not necessarily a bad thing, at least others who lose their coins with Tonkeeper in at least two common ways that I know of, won't have an audience made aware of these weeknesses. Including bad actors.

And with TON-Telegram itself heavily centralized around the ton.org website and owning and promoting Tonkeeper and its various other projects such as fragment, there is no need to worry about promoting a wallet that lacks in UI/UX quality.

This is of course completely destroyed when they two are linked, and gives Tonhub Whales a wealth of information about who exactly their users are, which IP addresses they are located at, and what exactly they do with their wallets, in fine detail.

But never mind, it is all open source, right? Including your personal privacy. And that could even be related to your personal security. And never mind the glaring lack of safety features, and the ability to "send all" your balance, something you won't find in any banking app nor in TonSafe.

And never mind that both Tonkeeper and Tonhub deceive their users, and Apple, by creating a fake delete account button (and in Tonhub case even encouraging users to send all their remaining balance to Whales themselves), while TonSafe again does no such thing, we clearly inform users that account cannot be deleted from blockchain.

TonSafe has long before the other wallets been planning an address book or contact list. However, as always, TonSafe never releases anything still in beta, without adequate testing. So when this is released, you will see that it is far superior to the competition but also fully takes care of your privacy, everything stays on your phone.

And as if, after reading this, you would still want to trust the other wallets more, simply because they have been around longer: TonSafe has been in development since April this year, after several months or research into the lack of required safety features of the other wallets, and only after months of testing was released into the app stores.

And, not released as beta: the other wallets still label themselves as beta, to protect themselves against any liabilities and responsibilities for loss of your coins. TonSafe is not open source code, and certainly is not Beta. We have confidence in our front end, which is developed with great care and attention to detail and your safety.

Ref: https://developer.mixpanel.com/docs

Ref: https://github.com/tonwhales/wallet

For those new to this, in brief, Apple stifles good projects and developments with a very inefficient review system and a very unfair financial system for its App Store.

It isn't about the size of a product (small like TonSafe currently or large like Telegram), it's about politics of the usual parasitic scum elite that is misruling the world.

Apple has one rule for them, one rule for us (from TonSafe to Telegram) and another rule for its users. Allow me to give some simple evidence of this.

Wise, formerly Transferwise.

It is a company I personally am very familiar with, having worked previously for the same company as its two founders, I was among the very first users and testers of Transferwise.

There is no doubt that the product is super great and useful to the world, and was and is disruptive to the banker control monopolies with hidden fees and exorbitant fees, and has transformed the landscape. Or that its customer service is mostly excellent.

However, let's face it: I have reported UX bugs to them, and they have not listened, I have pointed out privacy issues, and again they have not listened. I'm not some small backwater bug finder, I find bugs in all Apple products on a regular basis.

But let's deal with the issue of the evidence of Apple's favoritism: as far as I can tell, Wise has never had any issues releasing its updates to the App Store. However, Wise does not give iOS users the expected experience and does not make use of the expected flow and features of Apple such as the essential swipes.

Wise does not publish details to its users about the updates either, treating them somewhat with contempt, even if unintended or out of laziness or some policy directive, each and every update always simply repeats the same sales line.

Contrast this with TonSafe and Telegram both of which give proper information and also make proper use of the iOS user experience and platform expectations in design. Wise does not but gets all updates released immediately without fuss. Why?

It's not about size, Wise is smaller in user base than Telegram. It is about money.

What else can it be about? Political connections? Sitting around the fire at Davos?

And what about how Apple treats its users?

Apple would like to not only protect its users from the world wild west of the web but also be seen to be protecting of its users, but, even at the cost of lying to users just to be seen to be virtue signaling about users privacy and security.

This would have Steve Jobbs turning over in his grave.

The jury is not yet out, but this is exactly what Apple is trying to force its App Store apps to do: lie to the users. And the morally weak, which includes Tonkeeper and Tonhub, are happy to comply, and become complicit in lying to their users.

This issue is being addressed by TonSafe themselves and will be made public when the outcome is clearer, so far, Apple is persisting with threats and pressure to make TonSafe lie and cheat Apple users, sadly, whilst the evil Google is not.

Ethics

TonSafe has not given in, is not giving in and will never give in: the product is produces by an "old school" team with high morals and great capabilities and experience, and include many of Steve Jobbs generation. They won't lie to users nor cheat them.

Even if it comes at the cost of being unable to get updates into the App Store.

However, the fight has just begun, it may end if Apple sees reason of legalities of attempting to coerce app developers into cheating and lying to not only their users but Apple's users, and the maltreatment of those trying to make the web a safer place.

Hypocrisy

The contradictions are obvious, however, and the attempts have already been made. What Apple does, and indeed also what Durov does — whether he works with us all to facilitate strong legal actions against Apple or is selective in his approach — will determine the future of both companies and whether any of them can hold the moral high ground in the interests of Apple smart phone users everywhere.

BrainFucker = Durov friend = ton.app = donate bot without bot username = Tonkeeper = Getgems = stickerface = fragment = All Others Stay Away = Ton Community = Ton Foundation = Ton Society

These are all exactly the same group and = tg

And they lie and forget previous lies when telling new ones

Andrew Rogazov said yesterday on AMA that he was a founding member let me repeat that: founding member of the ton foundation. Not as we were told before that he joined later. When he was still at Vk he founded the foundation with Durov or for Durov and together with the three Olegs and others. And Steve Yun etc.

Therefore it becomes clear. The powerful centralized site Ton.org wasn’t given randomly as a free gift. Everything was planned from the beginning.

If I can spend ten months wading through endless Russian Ukrainian groups to sort out the lies and fiction then so may others.

And let’s not even begin with how this Egosystem helps itself: all big NFT from the devils advocate  Hellen and gamblers ends up paid for by the same fat wallet.

Look. You can do all that shit if you like but don’t expect that it will end well. The time for games is over. Durov reputation would be at stake. Let it end well. Support good projects and stop conspiring to give everything to your friends at the future expense of real mass entry because that’s what’s happening and it creates resentment among those who spent lots of time and money while being misled. We still don’t give up but keep that shit away now.

We love Telegram and we want it to succeed, not fail!!!

• I personally offered both Tonhub and Tonkeeper my services free of charge early in the year to assist them to recognize several UI and UX flaws in their wallets
• My offers of assistance were rejected, at worst very rudely and aggressively, and at best, in a very off-hand and disrespectful manner, they did not want any help
• I mused over what to do: if TON has a future it will be going viral, and the only way it can go viral, is with good wallet UI/UX and a safe experience for newbies
• I therefore mustered my own resources and brought together a project team to create a much better first user experience with TON
• Thus, TonSafe was born.

The response has been open hostility, such as unwarranted claims that TonSafe is a carbon copy of Tonhub, when this is clearly not the case. This issue has been addressed in more detail elsewhere. Tonhub API is open source and helpful and it is used for a number of important functions, it's security has been evaluated by TON Foundation, so it makes sense to use the API rather than construct one from scratch.

But why do I say Tonhub ("Whales") are not putting users rights and interests first?

There are several evidences of this. One, is too long to cover here, and is really a very nasty and dirty litany of appalling abuse of their community of miners over payments.

Others are less obvious: for example, if you look at the Tonhub repo, you'll see that they whitelist certain 'friendly addresses' including their own, to avoid the SPAM filter. This may be acceptable depending on which way you look at it, but when they first introduced their spam filter, they also censored the actual comments (messages) on the transactions, not just marking them as SPAM. That is a very paternalistic and centralized way of handling users, taking away from them all control.

They did however address this in a later update, but it just goes to show their attitude towards users is to treat them like sheep.

Others, include their dishonest implementation of a "Delete" button. You cannot delete a wallet from TON blockchain, and to let users think so, is deception — Tonkeeper is equally guilty of this, although Tonhub also by default have whatever balance is in the "deleted" wallet go to their own Whales account.

Such things won't go unnoticed by users in the longer term, and the track record of Whales will be besmirched by such cavalier attitude toward their users.

It would be safe to say that the "Support" offered by Whales, deliberately made difficult at best, usually very rude and condescending at best, is just because there is no way to get your app listed in the Stores if there is no Support contact.

So, they provided a contact, but that is really all it is. Steve Korshakov himself said to me many months ago (I'd have to dig up the record, but words to the effect of):

"WTF?! Support? This is free open source FFS. Why would we provide support?"

And yet, of course, there is a support button, emails that never get answered, and a group hidden away where little to know support is offered, and when it is mostly very rude and threatening: "If we receive further complaints we won't process payments!"

These are all reasons why TonSafe should receive good support from all those who truly care about building an ecosystem around TON and not an egosystem. But realistically I believe that is wishful thinking.

The mission still remains the same: bring in new users to TON, give them a good experience, protect them as much as possible from scams and losses, provide support and good educational materials, and don't think of profiting in the short term.

Where are our longer term benefits? Naturally it costs a lot of money to develop and maintain such projects, thus far we're already over $200k out of pocket. But our priorities on our roadmap are basically as follows:

1. Produce a great and stable bug free safe professional TON wallet
2. Provide a great user experience
3. Build and grow community toward a TonSafe ecosystem

Only then can we think of subsidizing the project with income from commissions, for example, TonSafe PRO membership, and a TonSafe Premium via in-app purchases.

For now all our focus, having achieve the first point above, and continuing to provide the second, is the third: growing the community. This is the next task for TonSafe.

As we do so, we could do what Pavel Durov does with Whatsapp: point out the flaws of the opposition and why Telegram is so much better. What do you think? Any ideas?

Should I continue to poke fun at the "opposition" and hope that some of it may trickle into TonSafe marketing? Or should I stop researching and ignore them completely?

So, let's put this "carbon copy" junk to rest... here a latest screen shot comparison of Tonhub UI and TonSafe UI side by side:

As can be seen, Tonhub is on the left, this image is not edited, it is an actual screen shot, showing that public releases are full of bugs and broken. On the right is TonSafe.

I cannot see how these two even look remotely similar. Yes, the curved borders, which were liked on Tonhub, yes, the colors (in night mode) which were liked in Tonkeeper.

So, let's get rid of the curved borders on TonSafe, shall we? And maybe Tonhub could respond by getting rid of the broken display? The beneficiaries: all the users!

First, some background, not the the history of "Whales" cheating, that can be kept for the future, and I'm sure others will discover it if they haven't already, but on how and why the "Whales Design Contest" came about.

TonSafe came about for these reasons which you can read on the BASED blog.

In doing so, the approach for TonSafe design was not to completely reinvent the TON wallet wheel from scratch, but to take all existing designs, compare them, and use one as a main foundation starting point, since the focus was on making firstly the safest TON wallet, not the most original sexy design.

This resulted in a mockup of a TON wallet which took Tonhub as the starting point, with heavy modifications where needed, to improve UX and safety, and also some factors from Tonkeeper and Toncoin wallets. However, this resulted in a few saying that "TonSafe was a carbon copy of Tonhub"!

So, after TonSafe introduces a night mode (the first TON wallet to have both night and day modes, Tonhub having only a day mode and Tonkeeper having only a night mode), Whales tried to make fun of TonSafe in front of its users, posting a "how do you like our new design" — but featuring the image of TonSafe, and not Tonhub!

So, what to do now... Tonhub's Whales could not now copy TonSafe, having accused the latter of copying the former. How ironic would that be. So, instead, realizing that their users were unhappy with the "childish design" of Tonhub, and evidently wanted a redesign, they opened a "Design Contest" with some big prize money for designers.

Now, here's how you can easily grab your prize money... well, no... here's how you can easily win the contest, given the track record of Whales when it comes to keeping promises to the community. And win, you well may, but again, you may not actually be announced as the winner by Whales. But, your design will be used, or parts of it...

In fact, they may end up taking different parts of different designs, while trying hard to avoid any similarity to TonSafe. But anyway, now that I've openly stated here that Whales don't keep their promises and pay up, maybe they'll actually have to pay up.

Part One: "Complete redesign of the steaking section of the app"

Keep in mind you can enter into two parts of the contest: one is the "steaking design" — my advice is NOT to enter this part of the contest. Because, I'm absolutely sure that if you submit various steak designs, they will not be accepted.

Part Two: "Redesign of the app's main screen"

So, you best enter the 2nd part of the contest, which broadly speaking, you are to do what TonSafe has done: put tokens, accounts, and the last transactions all visible above the fold. The easiest way? Simply copy TonSafe.

Or, be creative and make a new design. Maybe we'll even copy it! Or parts of it...

Careful readers will have noted in my long post about the "bug finding contest" that I made a prediction that two bugs — one serious which has already resulted in someone losing TON, and another hilarious but an important UX issue — would not be found?

Well, they weren't...

And I can finally say that they weren't, because 2.7 is now here and I've just installed it.

So, let me repeat: a hilarious bug that any user should see immediately (ok, perhaps not every user, I know that I'm a bug finder and bugs also find me, but this one is just too obvious) remains, and, a more serious one that can result in losing TON, remains.

To use the analogy of a modern aircraft crash: for civilian airliners, crashes are almost never the result of one single failure. Likewise, losing TON in a TON wallet is, with the current versions of the wallets, also not the point of one single failure.

But, you have to prevent things that can, when combined with even one other factor, and ideally more, by making appropriate changes to prevent such losses.

Tonkeeper thus remains a toy — for teens, to play with experimental new features — and still is the only wallet with built-in NFT handling, so those who require such a feature in a wallet currently don't have other options.

Let us immediately forget web wallets, since by nature those are high risk hot-hot wallets, and let's forget those wallets which are neither popular even after extensive marketing and do not take any real care about security and safety issues: and remember, it is not only about security itself but also about user safety during use.

So, will I reveal what these two bugs are, one hilarious, and one serious? No. Not yet*.

Yes, I should do my duty and report it as people will lose money. However, given the very unfair playing field currently around TON with Tonkeeper being part of those with unfair advantages and endless promotion, and given that at the start of the year there was no polite reception and appreciation when I freely offered my help...

And given that I instead decided to assist in the creation of a SAFE and professional TON wallet, which has now materialized as TonSafe, and given that TonSafe went through serious efforts to release stable and thoroughly tested versions before any marketing and promotion, without any experimentations on the masses, and using no resources from the TON Foundation, I'm really not going to help the "competition".

Bottom line is this: users wanting the safest TON wallet, are only going to find that in TonSafe (although the version 3 wallet Toncoin is still acceptable where it works), and the only safe ecosystem with high moral standards and values will also be TonSafe.

Until and unless the TON Foundation changes course and stops promoting questionable and even outright unprincipled projects (and here, I do not refer to Tonkeeper), and gives promotion and funding to projects which have proven their worth and value to the TON "ecosystem", that is not going to change any time soon.

What makes the latest release of Tonkeeper hilarious is the wording used to promote this latest update, and, it refers to two things: security and usability. The two bugs are exactly related to each concept promoted in its release marketing. Big fail.

That is not to say that the security features which they have released (without fixing the existing one, and look, it is open source, and those affected have already reported it to them, and as usual they did not listen, or understand, or care), are not good features: as always we must be grateful to Tonkeeper for leading the way in experimentation, and to Tonkeeper users for being guineapigs and unpaid beta testers.

A big thank you, and please carry on, it is good, and it helps projects such as TonSafe.

*) Of course, once they fix one or the other, I'll report the fact, and what it was.

PS: I have NOT done extensive bug finding on Tonkeeper, I don't have time nor interest in it, the two examples I've found, were only discovered during casual occasional use.

I test and advise for TonSafe and I do this is because TonSafe doesn’t release unfinished or buggy products. I also advised against listing on ton.app so as not to tarnish principles. It is easy to get listed at ton.app. Too easy. Submit via bot and your listing is there within a day. But TonSafe has chosen not to do this out of principles including the lack of credibility of @brainfucker ’s ton.app.

The BrainFucker (his username for real!) owns ton.app. Previously all subscriptions created with @donate were stored at data2.ton.app/api/… and Tonkeeper used to fetch data from there.

Perhaps the good people can support another good solid and honest project and join @tonsafe as well as use the product and also give some reactions to the post: https://t.me/toncoin_chat/83165 - by the way, another thing. TonSafe has not chased after marketing yet at all. Zero marketing campaigns. The product is being brought up to 2.0 before they even think of it. It’s not a rush project and not a scam. It wants to create a safe and reliable ecosystem.

In this post, I reveal that Telegram = TON = Wallet and why it matters

I've written before on my reasons not to participate in Bug Finding Contest and to miss out on some good financial rewards as well as a likely job at TON Foundation/Telegram.

And TON Foundation not having good Testers and QA Managers is now going to result in a negative impact upon Telegram. So this is interesting, let me share my findings.

Wallet has been integrating TON into Telegram. Everyone knows that any bot on Telegram that does have a username ending with "bot" is directly owned by Telegram.

This applies to @mobile, @wallet, @donate, as three examples. Donate, is infamous among Russian TON developer communities, who allege it belongs to @brainfucker.

In any case, it is well known and provable that the much reviled ton.app is owned by the @brainfucker and also it is known about the history between ton.org and ton.app.

TON.APP Fiasco

For those who do not know, a very short summary: there was a fiasco over another project ton.place (probably @brainfucker is involved there too). This involved ton.place being a carbon copy of an anime only fans site in Russia, and a very bad privacy policy.

There was great concern among Russian developer groups about why this awful project was getting verification marks and promotion at ton.app, and the response of TON Foundation, which owns the ton.org domain was "it's a third party, we'll cut links."

Another part of the complaint was that ton.app was not listing a great many other good projects on TON. TON Foundation then say that they instructed the @brainfucker to include anything an everything related to TON.

TON.app thus went from a closed shop that benefited @brainfucker and his friends, to an open chaos that accepted anything and everything without proper testing, no clear certification criteria, and a host of other things making ton.app an unprofessional site.

TON.org within a month had now put back links to ton.app and was now promoting it even more, in fact the ton.org/wallets directory would not directly go to ton.app.

Telegram, Durov

So let's forward now to Wallet. And how Wallet proves beyond all doubt, as if the VK staff close to Pavel Durov moving to Dubai with Telegram and joining the TON Foundation, was not enough evidence already, about how exactly TON = Telegram.

And let me put this into context: Telegram is a 5 star app. I cannot give Telegram a high enough rating for everything it does, and how it does it. And this is due to Durov brothers and their own standards and methods which are commendable.

Also let is be clear: I have always said that TON is NOT EQUAL to Telegram. Naturally Telegram has an interest, rightly so, and is supporting integration of TON into Telegram, and it is Telegram that will ultimately help propel TON to fame and value.

Let it also be clear that some USA organization extending its tentacles across the world and shutting down projects on spurious basis is not acceptable, even if it is the real world we live in, we can only sympathize with Telegram as the victim in that saga.

As we also know in a genius strategic move Telegram cut off TON and gave away ton.org to the winners of some Telegram contest, a couple of nerd gamers who were working and still are, on the core TON blockchain.

How random that was, is a big question. But let us assume it was random, and that TON now became TON Foundation, new owners of the all-powerful TON.org domain which gives complete centralized power to the characters sitting on TON Foundation.

Let us agree, Telegram and TON, closely related now, seek to dominate a future decentralized world, to use the buzz word very vaguely, or, let's say a better world, in the same way Telegram brought freedom to communications, TON should to the web.

In this case, the great reputation of Telegram is going to be tarnished by TON and its associates. Gambling is rampantly promoted by the @brainfucker's ton.app site, and thus, by TON. In fact, visit the TON Foundations own block chain account and see.

TON Foundation and Gambling

For months on end, the TON Foundation account is being used to play fruit poker, gambling. This can be seen from the address you can find at ton.sh, which was the first (I believe) TON explorer, and created by someone at TON Foundation.

Although, it appears that TON Foundation deny any connection with TON.sh, it doesn't matter. The example address in the search box is the TON Foundation wallet address, or, at least, one of its known addresses. Look at the transaction history. Gambling.

Of course, gambling, pornography, drugs, and anything else legal and illegal can find its way onto TON blockchain, just as it can on the web 2 "World Wide Web" but it is a very different matter when the "owners" of TON are using TON to promote such things.

And I'm sure this is not something the Durov's would want to be associated with.

So, let us get to the subject of my post, Wallet = TON, at least, in it's new P2P market.

@Wallet, Telegram, TON

At first, I was really happy that Wallet, owned by Telegram, even if possibly also by TON Foundation, but certainly by Telegram, introduced yet another new feature. This will further integrate TON into Telegram and bring TON millions more users over time.

For anyone wanting success of TON and projects that count on TON to function well and the growth of TON, this is what we all want. And so I was very pleased, and I learned of it directly from a lesser-known news channel run by Wallet, which I follow.

I immediately started to test it and saw that I was certainly among the very first, if not the first open tester. I thought: well done. And a good idea that you do not release this to the masses just yet, but in stages.

This is exactly what TonSafe has done, which no one will have heard about, there has been no marketing at all. All the focus of BASED where I am tester, has been about making a great and reliable product first, before doing any marketing.

Well, to my great disappointment, within half an hour Wallet put out the message on its main bot channel as a broadcast, and quickly followed by the (also, as with ton.app, much reviled) "TON Community" social media and Telegram channel.

So, within a few hours, there were thousands of trades going on, and we know this from the order numbers, as well as taking a look around at the P2P advertisements.

Bugs: Using Users as Unpaid Testers

And, I soon found several UX bugs in this P2P feature of Wallet.

Now, thinking this Wallet is a Telegram operation, I was really confused! First, Telegram doesn't even offer any real customer service (which is bad, but, as the product is really good, they can get away with it). But Wallet has a Telegram-based support bot.

For those that don't know, support bots on Telegram protect the support staff from revealing their Telegram identities, as messages from those seeking support, are relayed into a private group, which can contain any number of staff or volunteers.

But it is normally very difficult, with standard support bot set up, to separate out many different support requests: there is no ticketing, every message all ends up in the same private chat group, and if there are many support requests, could be missed.

I do not know if Wallet has a better set up for their support bot, but I can say from reports of other users that they are responding, even if, not yet able to refund lost TON or follow up on disputes, so time will tell, they must surely be overwhelmed.

But, now we have proof that this awful manner of releasing such an important new feature of Wallet, is not Telegram, but TON Foundation. And this fits in with many, but not all, TON projects (including popular wallets Tonkeeper and Tonhub) of using the masses as guinea pigs and unpaid testers, subjected to large amounts of bugs, losses.

Telegram = TON Foundation = Wallet

And this is clear from this post by TON Community (Foundation) here which claims that P2P in Wallet is the TON (Foundation's) project, not Telegram, "even though it uses Telegram". But, we cannot believe anything these guys say, based on past history.

They say ton.app has nothing to do with us, that TON Community channels are not our responsibility, and so on, and provide a really strange bot called TON_HELP_BOT which I have written about before.

All this can be put down to a lack of professionalism, early days, in a big project, where things are not clear, and where there is a long way to go before convincing us all that The Open Network is really that and not The Oligarch Network or Opaque Network.

What should Wallet have done in releasing P2P Market?

Aside from the obvious, they could have hired @abc9e, my hourly rate starts at only TON 300. It's so easy to answer, I feel bad writing it:

• They should have done more testing with good testers first
• They should not have announced it widely and immediately on public release
• They should have placed a better ticket-issue-dispute tracking system first

But it's all OK as far as they're concerned, because the 10% that notice these things and have bad experiences, doesn't matter, 90% won't, and by the time it become popular these bugs will be ironed out.

It's the new way of doing things in the "Wild West" and "New Frontier" of Crypto.

Only, in my view, that's not what TON needs to achieve "Mass Adoption".

Appendix

Update 6 October:

Source: Investmnent Kingyru

Thanks to the above research by Woody of Kingyru:

And from Artur's Telegram channel, sorry for the automatic translation, but a great observation, and at BASED we're blessed that developers are full of fire and love of the product they create, and at the same time very capable full stack developers!

Today I clearly realize how seemingly far from professional activities a person's qualities can influence what he does. A simple example. I have several developers on my team. The first is just beginning to understand what the Internet is. The second one has been brewing in all this for a long time, he is an expert and that's it. The first, with its unprofessionalism, is emotionally attached to the product. He likes what we do, he enjoys every release. The second is in the e-bat from the word at all. Well, that is, finally do not care what we do. Here is the problem - here is the solution, and the rest is none of my business. As a result, the first section of the application has already been delegated. And he develops it little by little. And I have zero worries about what's going on there. I know the person there is just as motivated to make something cool as I am. The second will make it so that then it will have to be redone three more times.Because ideal requirements do not exist in the real world. A person should always be critical of what he is asked to do. Something to add, something to change, something finally to throw out. If a person does not care, if he is not emotionally involved, there will be no criticism. And you should always stand next to this one and make sure that some garbage doesn’t get on the market. And it's kapets as exhausting.I used to think that only hard skills are important in a coder, and software is some kind of shamanism from HR. As usual, life has proven that finally everything is important. And knowledge of PL, and motivation, and even the manner of communication.

I love that he writes freely, same as I do, it helps to clear the thoughts!