BOScoin Congress forum Official answer – EN

Written by Service design Team of BOScoin
February 27th, 2019

Hello, this is BOScoin.

We want to thank all of our community members for all the attention, constructive feedback, and various questions that was given in regards to the new BOScoin Congress Forum.

We have prepared an official response to Community members’ various feedback and update requests; in regards to why we have released it with the current settings and security level in addition to our plans for improvement.

 

BACKGROUND INFORMATION

After the launch of BOScoin Congress Forum, we received many feedback through various channels from our Congress members expressing discomfort in using the Forum. The reason for it being the sign up requirement to input the Secret Seed.

The prevailing view was that the members were afraid to input their account password to participate in the Forum. As a result, the following updates were submitted to the BOScoin team.

 

Improvement Requests

 

Development Background Information

Our BOScoin Development Team developed and launched the “BOScoin Congress Forum” in response to our Congress Member’s December 2018 request.

We decided on the current login methods and service support because the only way to determine whether a user is a BOScoin Congress Member or not is to verify through the “Secret Seed”.

We also considered inserting the Forum into the Congress Voting App, but ruled out the idea due to the fatal drawback that users must run the “Congress Voting Desktop Application” in order to use the forum.

We ultimately decided to develop a forum service in the form of a website to maximize usability and accessibility for active engagement in discussions and debates.

 

Current Forum Situation Clarification

Entering the “Secret Seed” to the login page for the BOSCoin Congress Forum has been developed in the same way as the existing “BOScoin Web Wallet”. The difference between the two services is that the reached page through the “Secret Seed” is the BOScoin developed Wall Page vs. Forum page provided by Vanilla Forum.

We fully understand the fact that some users are reluctant to use it since the Forum arrival page is a product of an external company rather than our BOScoin’s development team; with questions such as, “Won’t Vanilla Forum have access to my Secret Seed?”.

To explain the technology behind it into simple terms, the Secret Seed is only used to create the ‘Signature’ that can be sent over to the server. (Note: the Secret Seed is never sent over the server.). The ‘Signature’ carries the user’s Public Address. Then, the ’Signature’ is verified by its Public Address and when verified, the user is granted access to log in to the forum.

It is not possible to extort the ‘Secret Seed’ even if there was a breach in the network because only the ‘Signature’ is sent over. There would only be a risk of extortion if what was sent over the server was the ‘Secret Seed’ instead of the ‘Signature’.

 

BOScoin Congress Forum Improvement Plans

For the users who are still concerned of logging in their Secret Seed, we will provide more methods to access the  BOScoin Congress Forum when we update the BOScoin Congress Voting Application.

Also, by fortifying the CSP(Content-Security-Policy) on the login page, we will further strengthen security and protect all user information.

 

BOScoin Service URL

It is necessary to only use our services through the URL provided below.

 

Also, before entering the Secret Seed and logging in, always check if it is a trustable site. Does it start with “https”, and is it the correct URL?

 

Finally, individual users are encouraged to pay special attention when it comes to “Managing their own Secret Seed.”

Please be cautious not to access the Forum or Web Wallet through the web or the unconfirmed URL passed on by others: not through the official BOScoin website.

Pay special attention to not access the Forum or your Web wallet through any URL that is not verified or from an outside source.

 

 

5 Practices for Information Protection

 

01 Store Secret Seed and Recovery Key in a safe and separate storage medium

 

02 Distribute your BOScoins across multiple accounts

 

03 Changing your password periodically

 

04 Do not visit suspicious websites

 

05 Only download at  Google Play or our Official Homepage