BOScoin Congress forum Official answer – EN
Written by Service design Team of BOScoin
February 27th, 2019
Hello, this is BOScoin.
We want to thank all of our community members for all the attention, constructive feedback, and various questions that was given in regards to the new BOScoin Congress Forum.
We have prepared an official response to Community members’ various feedback and update requests; in regards to why we have released it with the current settings and security level in addition to our plans for improvement.
After the launch of BOScoin Congress Forum, we received many feedback through various channels from our Congress members expressing discomfort in using the Forum. The reason for it being the sign up requirement to input the Secret Seed.
The prevailing view was that the members were afraid to input their account password to participate in the Forum. As a result, the following updates were submitted to the BOScoin team.
- It would be best to log in through a different method which does not require the use of the Recovery Key or Secret Seed.
- Please review to add the Forum feature into the Congress Voting App.
Development Background Information
Our BOScoin Development Team developed and launched the “BOScoin Congress Forum” in response to our Congress Member’s December 2018 request.
We decided on the current login methods and service support because the only way to determine whether a user is a BOScoin Congress Member or not is to verify through the “Secret Seed”.
We also considered inserting the Forum into the Congress Voting App, but ruled out the idea due to the fatal drawback that users must run the “Congress Voting Desktop Application” in order to use the forum.
We ultimately decided to develop a forum service in the form of a website to maximize usability and accessibility for active engagement in discussions and debates.
Current Forum Situation Clarification
Entering the “Secret Seed” to the login page for the BOSCoin Congress Forum has been developed in the same way as the existing “BOScoin Web Wallet”. The difference between the two services is that the reached page through the “Secret Seed” is the BOScoin developed Wall Page vs. Forum page provided by Vanilla Forum.
We fully understand the fact that some users are reluctant to use it since the Forum arrival page is a product of an external company rather than our BOScoin’s development team; with questions such as, “Won’t Vanilla Forum have access to my Secret Seed?”.
To explain the technology behind it into simple terms, the Secret Seed is only used to create the ‘Signature’ that can be sent over to the server. (Note: the Secret Seed is never sent over the server.). The ‘Signature’ carries the user’s Public Address. Then, the ’Signature’ is verified by its Public Address and when verified, the user is granted access to log in to the forum.
It is not possible to extort the ‘Secret Seed’ even if there was a breach in the network because only the ‘Signature’ is sent over. There would only be a risk of extortion if what was sent over the server was the ‘Secret Seed’ instead of the ‘Signature’.
BOScoin Congress Forum Improvement Plans
For the users who are still concerned of logging in their Secret Seed, we will provide more methods to access the BOScoin Congress Forum when we update the BOScoin Congress Voting Application.
Also, by fortifying the CSP(Content-Security-Policy) on the login page, we will further strengthen security and protect all user information.
BOScoin Service URL
It is necessary to only use our services through the URL provided below.
- BOScoin Official Homepage URL : https://boscoin.io/
- BOScoin Web Wallet URL : https://wallet.boscoin.io/
- BOScoin App Wallet Download URL : https://play.google.com/store/apps/details?id=org.blockchainos.wallet.android.mainnet
- BOScoin Explorer URL : https://explorer.boscoin.io/
- Forum Login URL : https://mainnet-membership.blockchainos.org/login
- Forum Main URL : https://congress-forum.boscoin.io/
* The direct link to the BOScoin Congress Forum page is in the BOScoin official homepage> Congress voting page (bottom side).
Also, before entering the Secret Seed and logging in, always check if it is a trustable site. Does it start with “https”, and is it the correct URL?
Finally, individual users are encouraged to pay special attention when it comes to “Managing their own Secret Seed.”
Please be cautious not to access the Forum or Web Wallet through the web or the unconfirmed URL passed on by others: not through the official BOScoin website.
Pay special attention to not access the Forum or your Web wallet through any URL that is not verified or from an outside source.
5 Practices for Information Protection
01 Store Secret Seed and Recovery Key in a safe and separate storage medium
- Your Secret Seed and Recovery Key are the private keys to controlling all of your BOScoins in ‘My Account’.
02 Distribute your BOScoins across multiple accounts
- If you disperse your BOScoins across multiple accounts, you will lower the chances of losing all of your BOScoins even if you accidentally leak your account information.
03 Changing your password periodically
- It is best to update your password regularly. When doing so, please be cautious and do not use your name, birthday, phone number, etc. A new Recovery Key is also created when you update your password, so please make sure to back it up and store it in a safe place.
04 Do not visit suspicious websites
- If you enter your Secret Seed at a suspicious website, then you Secret Seed can be leaked right away. Please be careful about phishing sites or apps that are made similar to BOScoin.
05 Only download at Google Play or our Official Homepage
- You must download at our Official BOScoin homepage or Google Play. If you download the app from a link that was sent from someone else, there is a possibility of your Secret Seed being leaked.