Bump - I never did sell these so I'm going to have another go. Please send me a PM if you're interested.

Current price is ~3.5 BTC

Actually I reckon the backup is a weak point. One of the biggest risks you face is the possibility of a key-logger on your machine. Two factor authentication protects you against this (as long as an attacker can't use social engineering to get it removed). However if they can get the backup encrypted with the same password they can effectively bypass the two factor authentication.

A simple solution for this would be to encrypt the backups with a different (rarely typed in) password. I do hope blockchain.info offer this at some point.

Can't believe nobody has said this already:

Two Factor Authentication

Also make sure you're immune to social engineering, I don't want someone ringing up on my behalf claiming I've lost my token in order to get the security downgraded.

Because from the outside good security is indistinguishable from bad security...

until they get hacked of course!

It has some flaws certainly, the paper describes in more detail how they try to work around these problems so the curious should start by reading there. I don't think there's any serious issue with gaming, I guess you could buy an item cheaply then up the price shortly afterwards to make it appear like there's more turnover, which might not get spotted depending on how often the web-crawler runs. But really why would you bother? Bear in mind it costs a non-trivial amount of money to become a SR vendor in the first place. More likely there's privately listed items that don't get picked up at all.

Sure it's not perfect but as a method of calculating a ball-park figure for how much SR turnover there is, it seems pretty reasonable.

Depends a bit on what you think the default client is for. Newbies are going to wonder what on earth message signing is and why need to do it. However it's getting to the stage where this client isn't really ideal for newbies due to the amount of time it takes to download the blockchain anyway.

If you want to make the client newbie friendly I'd have a "basic mode" with just a create account / receive / send button, and an advanced mode with everything else. If you consider the default client a reference implementation then keep it there as a 1st class function.

Or if you can't be bothered to read it:

They automatically crawl the silk road and look at feedback for each listed item. 1 feedback = 1 sale. Multiply by the price of the item and tada! you have the turnover.

The fee schedule for listing on SR is known so you can also work out how much (gross) income SR is making.

As shown above with multisig you have to trust:
 - Gox's javascript - Which you must verify each and every time you connect as it could be different from last time.
 - Gox not to dissapear - Sure they should have emergency / backup procedures, but you can't prove they are doing this properly.
 - Your local PC not to be compromised. (As you rightly point out, yubikeys don't really help either way)

This is better than without multisig since without multisig you have to trust all the above, plus:
 - Gox itself doesn't get compromised.


But here's the thing. Blockchain.info keeps server side records encrypted with a client side password. However additionally you can backup your encrypted data locally, so if blockchain.info disappears you can still get your money. In this situation you only need to trust:
 - Blockchain.info's javascript - each and every time.
 - Your local PC not to be compromised. (Again yubikeys don't really help)

Still not perfect, but better than multsig, no?

I might not understand this completely but, there's a bit more to consider:

 - If MtGox suffers a data loss or is forcibly shut down by the feds, (depending on how paranoid you feel) your money is lost.
 - If your PC is compromised an attacker may well be able to use social engineering techniques to take the yubikey off your account. (Don't believe me? Email MtGox and tell them you lost your key, see for yourself how hard it is to get it removed).
 - You need to trust that when you enter your password it's not transmitted in plaintext to the serverside, or that MtGox doesn't secretly record your private key in the window when it has access to it. If it does either of these then when MtGox gets hacked you lose your money still. (Don't think this could happen? See here: http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/ ).

What advantage does multisig give you over Blockchain.info where the serverside account is encrypted with a client side password?

I don't see how it's changing the rules - worst case it's an additional game that we can play, the original rules still stand for those playing that way. I'd rather go direct to you since I need to trust you anyway in order for this game to work. I don't want to have to trust anyone else.

Fair enough. Would you be willing to accept bets from newbies if we pay our stake upfront. In the event of default you return double?

No risk to yourself, and everyone can check in the blockchain to show that you made good on every lost bet.

That's the, err, chaturbate business model. They seem to be doing well with it! Moving to bitcoin does seem an obvious step. Perhaps you should approach them about it?

On a technical note - I know you say your server doesn't hold any BTC but you might want to structure it so that the server operator can take a small % to cover costs etc.

I've got a spare copy of Borderlands 2 from buying a 4 pack, here's the link:

http://store.steampowered.com/app/49520/

Only 3.2 BTC
(or possibly less given the way the exchange rate is headed).



My address is: 1HJaB8Niz5Egw4uqF4w8uTrjdCFjE4BpjJ

This.

Also you can run it through some throwaway addresses, it might be traceable but it should give you plausable deniability. Depends what you're after.

FWIW My payments band to bank transfers into MtGox always appear at about 2am the day I make them, though I think I did it once in the evening and it took until 2am the next day.

What the heck...

How do we verify that you're rolling fairly?

Also doesn't roulette have quite a high house advantage (~5%, not sure what satoshi dice is by comparison).

Cool project though.

Hi, long time lurker finally decided to take the plunge and make a presence for myself. Hello everyone.