What is localethereum.com?
Localethereum is a private peer-to-peer platform where you can find others who are interested in trading ether for local currencies via an escrow smart contract.
Are there any fees?
Localethereum charges a 0.25% fee for the maker (the person who placed the offer listing) and 0.75% for the taker (the person responding to the offer). The reason for the significant discount on makers is because we want to encourage people to place offers.
What are those weird-looking circle icons?
We call these “identity icons”. When sending ether to a specific address, you can use them to ensure that you have copied the address correctly. The smallest difference in a typed address will result in a completely different identity icon. These are also compatible with the identity icons used in the Mist browser and on web tools such as etherscan.
Is it possible to change my username?
We currently do not allow changing of usernames.
Why do buyers and sellers see different prices?
Offer and trade rates on localethereum have fees priced into them by default, which is why buyers and sellers will see a different rate for the same trade. The prices you see are exactly what you should expect to receive after localethereum's fee.
Localethereum charges a 0.25% fee for the marker (the person who placed the offer) and 0.75% for the taker (the person responding to the offer).
Using your wallet
How does localethereum store my ether?
The localethereum.com wallet is completely embedded inside of your browser. Similar to how messages are secured, the localethereum wallet is designed so that your Ethereum address private keys are generated offline in your browser. Our servers do not have access to your ether.
How do I deposit into my localethereum wallet?
You can deposit into your wallet by using any of the addresses listed on your wallet page. For extra privacy and security, we always recommend you use the “unused” address that is listed at the top. It's recommended to use a new address for each you time you receive ether, and to dispose of old addresses eventually.
I sent ether to the wrong address. Can I get it back?
Transactions on the Ethereum blockchain are irreversible. The only the way to retrieve your ether is to contact the receiving party and ask for them to return it.
My outgoing transaction is still pending. What do I do?
You probably paid a fee that was too low for the miners to accept. If this is the case, the transaction will eventually time out and the funds will be returned to your wallet in a few hours, or a miner may eventually confirm it. If it has been less than a few hours, it's best to wait it out.
How is my privacy being protected?
There are a number of precautions taken by localethereum developers when designing the platform. Here are the most important ways you are protected:
- End-to-end message encryption
- Messaging forward secrecy
- Financial forward secrecy
- Signature system
How are messages end-to-end encrypted?
A non-technical explanation:
Every message sent via localethereum.com is end-to-end encrypted in your browser. No one — including the localethereum team — can read those messages. To localethereum's server, your message looks like a bunch of random indistinguishable numbers.
Once the keys used to encrypt the messages are destroyed, that conversation is gone forever. The only time in which our staff can read messages is when the key required to decrypt them is volunteered by one of the parties (this is done in the case of a dispute).
A technical explanation:
(Our protocol is heavily influenced by Open Whisper System's Signal Protocol, which is a trusted open source standard endorsed by Edward Snowden and used by Whatsapp, Facebook and Google Allo.)
Every localethereum user preemptively generates hundreds of signed key pairs and sends them to the localethereum server. These are called "maker keys" and they allow people to securely initiate trades, send secure messages, send ether to and deploy smart contracts with accounts that are offline, while maintaining forward secrecy.
The main purposes and benefits of the maker keys are:
- Full end-to-end encryption - Nobody can read your messages expect you and the person you are trading with.
- Asynchronous - Parties can send messages and ether to one another even when the other person is offline the entire time.
- Identity verification - Each pre‐key is signed by the identity key of its owner so that you know you are always talking to the right person.
- Forward secrecy - Messages have forward secrecy, as once the key is deleted there is no way to recover it, even if you can replay the ciphertext.
- Simple dispute resolution - Any party only needs to volunteer a shared secret to staff in order for us to read every message in the conversation.
As an example, say Alice is posting an offer on localethereum.
- She'll generate a random 256-bit secp256k1 public and private key pair securely in her browser (
- Alice will then make an ECDSA signature of
SHA3(MakerKeypublic) using her account's identity key (
MakerKeysignature are submitted to localethereum's server for safe-keeping. The private key is encrypted safely using AES-256 with a random IV and stored online too (at least for now).
- (Repeat x 100 times)
Similarly, Alice goes ahead and generates and signs (using her identity key) hundreds of Ethereum addresses.
When Bob comes along and wants to respond to one of Alice's offer, he'll ask localethereum for one of Alice's signed pre-keys, and one of Alice's signed Ethereum addresses. Localethereum will serve him Alice's next "unexposed" maker key (
MakerKeypublic) and Ethereum address (and will never show the same key or address to anybody else).
Once Bob verifies both signatures to Alice's public key, he can be sure that the key and the Ethereum address both belong to her. At this point, it would be possible for Bob to send ether to Alice, or send an encrypted message — but for a number of reasons it isn't that simple (Bob doesn't have a way for Alice to send him an encrypted forward-secret message yet, or a signed Ethereum address, and there's no mechanism yet for dispute resolution).
At this stage, Bob does three things:
- He goes ahead and generates his own brand-new one-time secp256k1 key pair as well (
- He grabs one of his own wallet addresses (
- To prove the validity of his new taker key, Ethereum address and his intention to make this particular trade, Bob bundles everything together and signs
SHA3(MakerKeypublic + MakerAddressaddress + TakerKeypublic + TakerAddress) using his identity key (
Now, he has everything we need to open a secure trade with Alice. He’ll post his
TakerAddress to localethereum, and the next time Alice is online she will make sure that signature is valid.
For secure messaging, the parties select a shared secret using an anonymous agreement. The way this works is through an asynchronous key exchange protocol called Elliptic curve Diffie–Hellman (ECDH) which allows Alice and Bob to derive the same shared secret using one party’s private key and the other’s public key.
The beauty of ECDH is that
ECDH(MakerKeypublic, TakerKeyprivate) produces the same output as
ECDH(TakerKeypublic, MakerKeyprivate). Using this equation, the
SharedSecretroot is used to generate more secure keys using the HKDF algorithm (
SharedSecretenc for AES-256 encryption and
SharedSecretmac for HMAC-SHA256 message authentication) — to prevent unwanted potential interactions in the different cryptographic schemes.
When sending messages to each other in the trade, Alice and Bob encrypt the messages using AES256-CBC to
SharedSecretenc with a random IV. For verification purposes, every message is signed using the account's identity key. For further authentication and integrity checking,
SharedSecretmac is used to verify HMAC-SHA256 hashes of each encrypted message.
In the case of a dispute, either party needs to volunteer
SharedSecretroot to localethereum staff. This will allow the team to go back and inspect messages, but it won't allow us to access your wallet or decrypt anything else.