--- title: "EDIT: Former CTO of Moon disavows the company and the product: "No…" date: 2019-04-22 source: facebook type: Archer T. Ships shared a link. --- # EDIT: Former CTO of Moon disavows the company and the product: "No… *April 22, 2019 · Facebook* ::::: {} ::: {} [https://www.coindesk.com/you-can-now-shop-with-bitcoin-on-amazon-using-lightning?utm_source=facebook&utm_medium=coindesk&utm_term&utm_content&utm_campaign=Organic+](https://www.coindesk.com/you-can-now-shop-with-bitcoin-on-amazon-using-lightning?utm_source=facebook&utm_medium=coindesk&utm_term&utm_content&utm_campaign=Organic+){target="_blank"} ::: ::: {} EDIT: Former CTO of Moon disavows the company and the product:\ \ \"No users have ever been asked explicitly if they would prefer to opt-out of tracking, a feature which I regularly insisted should be added. If you are a user and look under at terms and conditions stated under [https://paywithmoon.com/terms-conditions/](https://paywithmoon.com/terms-conditions/){target="_blank"} (dated 26 Feb 2019), you will find the agreement hidden under one of the terms and conditions. This is a huge breach of GDPR and privacy laws that are meant to protect user data.\ \ From the moment a user installs the browser extension, the company will know exactly what pages are open on the user\'s browser, what the content of those pages are, and what the user is doing with them.\ \ The biggest and most alarming issue of all, is the process of collection of how the browser extension works in the backend - Coinbase API keys. From the moment the user initiates the connection between the company and Coinbase, the company watches for changes in the user\'s current window, waiting for the user to complete the one-time passcode (OTP) verification process as required by Coinbase. Once that is done, the company programatically clicks the required permissions (scopes) required to create the API key as it sees fit.\ \ The API key is then shown only once on the next screen, but the user does not know this (done via CSS manipulation). The company extracts the API keys into the backend, stored in plain text on the company\'s database on AWS. This is a definite security antipattern. This API key is then able to be used indefinitely until manually revoked by the individual user.\"\ \ Thanks @\[6710936:2048:Joshua Be\] for the pointer.\ \ [https://busy.org/@kingsmind/moon-browser-extension-watch-out](https://busy.org/@kingsmind/moon-browser-extension-watch-out){target="_blank"}\ \ Good news, everyone!\ \ \"Bitcoin spenders can now use the lightning network to shop at e-commerce sites like Amazon.\ \ Crypto payment processing startup Moon announced today that any lightning-enabled wallet can now also be used through Moon's browser extension. Before this lightning feature, roughly 250 beta users already used Moon to spend crypto on e-commerce sites by connecting the browser extension to exchange accounts like Coinbase.\ \ Moon CEO Ken Kruger told CoinDesk:\ \ "\[The extension\] will pop up a QR code and it will have the lightning invoice, which you could also copy and paste if you can't use the QR code for some reason, and you'll be able to pay with your favorite lightning wallet."\ \ To be clear, Amazon itself never touches bitcoin. Kruger declined to specify which traditional financial institutions are helping convert the bitcoin to fiat on the backend so that Amazon merchants actually receive fiat currency for their wares. However, Kruger added that by 2020 the lightning-enabled feature should work on almost any e-commerce site, regardless of whether that platform accepts bitcoin directly.\ \ "There's no direct merchant integration," Kruger said, clarifying that Moon also manages payment channels and merely offers a simple interface for sending payments.\ \ "We're integrating with the Visa and Mastercard networks and we get a cut of the interchange fees that merchants pay every time they receive a credit card transaction," he said.\"\ \ [https://www.coindesk.com/you-can-now-shop-with-bitcoin-on-amazon-using-lightning](https://www.coindesk.com/you-can-now-shop-with-bitcoin-on-amazon-using-lightning){target="_blank"} ::: :::::