 Show Posts
|
|
Pages: [1]
|
That seems like a good solution to me in regards to the second server. I'm not quite sure what is meant be a "non-hosted" server however. Do you mean a server rack of my own and not a third party server or?
Non-hosted simply means that it is not hosted (on a 3rd party hosting service). Like a small server at your physical place, which is only used for this one task. What sort of schedule would you suggest? Hourly? I feel the schedule would have to be frequent. The only issue I can see with the batching is that users would have to wait longer for their withdrawals instead of having them processed instantly?
This fully depends on what kind of service you are running. Since you can have a setup with hot-/cold wallet, you can let people withdraw at any time (and batch transactions every X minutes). You just have to keep your hot wallet filled enough to let people withdraw, but not too filled enough to lose too much in case of an incident. I wasn't actually aware yo ucould use one public key to generate further public keys/addresses. I assume that is how most crypto sites generate their deposit addresses? Sorry if that sounds outright noobish but I'm not currently that well versed in the actual technical aspects of bitcoin hence why I'm asking the questions I am. Thanks for all the help and advice though, I really appreciate it a lot!  What actually is used when deriving public keys is the xpub (extended public key). You can read about it here: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#Extended_keys. Thanks again for the great reply. I really appreciate it. X minutes sounds like a far better schedule time for sure. Will read up on the xpubs now! Thanks! |
|
|
|
I have answered your question in your other thread. Somehow i didn't notice you have replied in there. You could have simply bumped it instead of creating a new one. Sorry man,I assumed because it was a different topic and a specific question as opposed to the one asked in the other thread that I should make a new thread. I appreciate the answers a lot. From you and from everyone. Locking both threads now! Thanks a lot guys |
|
|
|
In reference to this quote, what is actually meant by a "non-hosted" server. I'm not familiar with the concept. Does it simply mean a server that is kept locally and turned off most the time (surely not)? I would greatly appreciate some input on what exactly this means. Thanks in advance for the replies Hope you might find some reference here: https://www.blackbaud.com/files/support/howto/nonvshosted.pdfIt was a google search result by the way. Apologies if the answer is simply able to be found with a basic google search. I had the question the other day and was under the impression I had already searched it myself. I'll chcek tghe liink now. Any other input is still greatly valued |
|
|
|
Store only the addresses (or better yet, generate the addresses from an xPub as needed) on the hosted server. That way the users can send the funds to you without needing any private keys on the hosted server at all.
Have a separate smaller system which is not hosted for sending funds out. The users can place requests for funds on the hosted server where the requests can be stored. The non-hosted server can retrieve the requests, run them through a set of sanity checks to make sure nothing unexpected is happening, and then can send out the funds in scheduled batches (reducing transaction costs).
The non-hosted server can be secured behind a firewall allowing NO incoming connections at all, and ONLY allowing the 1 outgoing connection to the hosted server.
In reference to this quote, what is actually meant by a "non-hosted" server. I'm not familiar with the concept. Does it simply mean a server that is kept locally and turned off most the time (surely not)? I would greatly appreciate some input on what exactly this means. Thanks in advance for the replies |
|
|
|
I can't really comment bceause I lack a lot of experience with mining (virtually none other than some basic hobbyist rubbish) but I'd suggest for better help you might want to move this thread to the mining section. You might get a more direct, faster answer there Sorry I can't be of much more help than that! |
|
|
|
It means Fortunejack is Prohibited on that place? Are you agree guys all gambling site or casino must have a KYC?
Yeah, I assumed it meant that but as previously noted often sites say the do not allow gambling in those areas but do not actively encforce it as a sort of bypass to the regulation. I assume fortunejack is doing the same. most of the casinos are operating licenced in Curacao you can read some about it here: https://www.gamblingsites.org/laws/curacao/some big dice sites like Stake,Bitsler,Primedice,Bustabit are all licensed many of the casinos are not licensed at all,but you have to understand that getting a license doesn't mean that this particular casino won't scam you but since the license is worth substancial sums of money and it does have some regulations and a semblance of control it is better to play at a licensed casino rather than at an unlicensed one Awesome, thank you for the read. And thank you everyone else for your detailed and incredibly helpful answers. I greatly appreciate it! Since you already satisfied on the answers given above by most members then you should locked out this thread to prevent repetition of suggestions.Thanks For on topic reply licensing would vary on which country you are planning to make a gambling site. Some of reputable sites do have the license some doesnt have and as said above as a gambler it would be much safer but not a guarantee to play into those licensed sites. Thank you, I wasn't aware tht I could lock threads. I will do so now |
|
|
|
It means Fortunejack is Prohibited on that place? Are you agree guys all gambling site or casino must have a KYC?
Yeah, I assumed it meant that but as previously noted often sites say the do not allow gambling in those areas but do not actively encforce it as a sort of bypass to the regulation. I assume fortunejack is doing the same. most of the casinos are operating licenced in Curacao you can read some about it here: https://www.gamblingsites.org/laws/curacao/some big dice sites like Stake,Bitsler,Primedice,Bustabit are all licensed many of the casinos are not licensed at all,but you have to understand that getting a license doesn't mean that this particular casino won't scam you but since the license is worth substancial sums of money and it does have some regulations and a semblance of control it is better to play at a licensed casino rather than at an unlicensed one Awesome, thank you for the read. And thank you everyone else for your detailed and incredibly helpful answers. I greatly appreciate it! |
|
|
|
This quote from DannyHamilton answering a question regarding hosted wallets (on an eventually non-secured provider) may already answer your question. It seems to be a sweat approach. Have a separate smaller system which is not hosted for sending funds out. The users can place requests for funds on the hosted server where the requests can be stored. The non-hosted server can retrieve the requests, run them through a set of sanity checks to make sure nothing unexpected is happening, and then can send out the funds in scheduled batches (reducing transaction costs).
The non-hosted server can be secured behind a firewall allowing NO incoming connections at all, and ONLY allowing the 1 outgoing connection to the hosted server.
but are there any commonplace security protocols/techniques that should be employed in order to minimise risk of hot wallet funds being stolen
To name the most obvious ones: Set up a proper firewall (only allowing connections/ports you need), make any sensitive calculations server-side, make sanity checks before withdrawals / crediting. With those basic steps you are already better secured than roughly 50% of online services.
or is there really not much I can do other than regularly move fnuds out of the hot wallet to the cold wallet?
You should definetely move funds out of your hot wallet (or don't even receive them to you hot wallet; use an maste public key to derive public keys / addresses) regularly. Only keep the amount in your hot wallet you need to run your business successfully. Anything above should be withdrawn to your cold storage. That seems like a good solution to me in regards to the second server. I'm not quite sure what is meant be a "non-hosted" server however. Do you mean a server rack of my own and not a third party server or? Otherwise that seems like solid advice in ters of batching and firewalls. What sort of schedule would you suggest? Hourly? I feel the schedule would have to be frequent. The only issue I can see with the batching is that users would have to wait longer for their withdrawals instead of having them processed instantly? As for sanity checks and important calulations, etc the practice seems similar to running non-crypto sites which is something I'm already familiar with so its nice to know those practices copy over. I wasn't actually aware yo ucould use one public key to generate further public keys/addresses. I assume that is how most crypto sites generate their deposit addresses? Sorry if that sounds outright noobish but I'm not currently that well versed in the actual technical aspects of bitcoin hence why I'm asking the questions I am. Thanks for all the help and advice though, I really appreciate it a lot! |
|
|
|
When runnning a crypto site, securing funds is obviously paramount. Now I know that most funds should be handled in a cold wallet away from any possible outside interactions. However, the funds on the hot wallet, I'm unsure about. I'd assume I'd run a wallet on a separate server with the bitcoind daemon to the web server of course, but are there any commonplace security protocols/techniques that should be employed in order to minimise risk of hot wallet funds being stolen if a breach of that second server is to occur or is there really not much I can do other than regularly move fnuds out of the hot wallet to the cold wallet? I assume this is the right section, if not a mod can happily move it |
|
|
|
Hey just checked out the validation for fortunejack and saw this "Under this license, apart from its own diligence and legalities, the license holder is not authorized to offer its services in the territories of USA, Netherlands, France, Dutch West Indies and Curacao. Before reporting such non-compliance, please make sure the license holder is not operating under multiple licenses, allowing the legal operation in the above regions. " I assume that you can essentially ignore this if you do as Don Pedro mentioned and note in your terms you do not allow play from these countries but then not actively check ips |
|
|
|
There are sites that tackle your problem, for instance this one: https://www.gamblingsites.com/online-gambling-jurisdictions/Some countries allow you to register a business online, but it's still better to be able to go there personally if a problem occurs, so choose a country that is nearby, or at least has a decent connection and you won't require you to pay 1k USD for a one way ticket. If you aren't familiar with the laws, hire a lawyer that is also a local resident. He'll handle things for you. I think that if you're willing to invest over 200 BTC in a business a legal advisor is a must. Thakn you, I will check this out site out. And yes of course, I fully intend on obtaining professional legal advice and planning. I just sought to obtain some base info as a precursor here. Which I am very grateful for all that I've received so far. You haven’t answered if it is going to be a crypto site, but I guess it will be. As for advertising, I would use this forum first of all. Have a look at the gambling section. I would give promotions and giveaways to get people on to your site. See what other sites have done and you can get an idea.
Yes it will be a crypto gambling site, with no focus on fiat at all as I'm aware that opens up more unecessary complexities. I already have plenty of mainstream sources and also influencers I am in contact with where I could run some pretty heavy advertising but Inotice as well this forum is very very big so I won't discard it. Especially for giveaways and promos. Thanks again for all the advice! There are two things where Cryptocurrency based gambling sites are still complying with the law and I can consider what they are doing as a loophole in most gambling laws. 1. Location - As you can see most of the Crypto-based gambling sites come from a country called, Curacao, it is a constituent country of the Kingdom of Netherlands and they are known for having the most easiest way on obtaining an online gambling license, aside from that the license offers a lot of benefits and that is involving the establishments of necessary accounts and sublicenses needed to operate your own gambling site. And of course in order to make this valid your operations must be located in Curacao. Just take a look on both License validation of FortuneJack and Bitsler. They are complying through gambling laws as governments are only strict when handling and providing licenses to local-based gambling sites they come and operate on their own country, and aside from that their own citizens are not prohibited from playing foreign-based gambling sites as they deemed it legal, even though it looks unfair for local operators. 2. Money - With crypto based gambling sites only accepting Bitcoin and other cryptocurrencies they are actually not touching any real Fiat currency of any country which means the money of their own country are not flowing in and out directly through them. And since these cryptocurrencies still have not any kind of legal or illegal standing (on most countries) they can freely run their operations without being bothered by these countries. Very interesting info. Thank you very much. I wasn't even aware Curacao was a place but I will certainly be looking into it as an option. I assume when looking for a country to setup operations the key factors of importance are bitcoin legality, gambling regulations/ease of acquiring the necessary licesnes and banking and also privacy as a bonus for my site's users. And of course lower corporate tax would be a benefit as well. As for point two, that was something I considred myself and ruled dealing with fiat would pose too much hassle and potential regulatory and compliance problems. Thanks again everyone for the help. I greatly appreciate the transparency and help especially from what seems like mostly potential competitors. It's really nice and refreshing to see. |
|
|
|
Hey, don’t worry, this is on the right section and it’s not too much for a first post. I wish we had more first posts like this one! You are welcome!
To run a crypto site, you only need a license from the country where it is based, usually a tax haven. Then, in theory, to operate in some countries you would need a valid license from that country, but up until now, it seems regulated countries are turning a blind eye.
For the moment, crypto sites get away by putting on his terms and conditions something like: “The player guarantees at all times not to be a resident or located in...” Followed by a list of the regulated countries, but they don’t check IPs to ban people from those countries.
How long this will last, I don’t know, but I’m sure it won’t remain like that forever. When regulated countries get tougher, the best option will be in my opinion not to run the site on those countries because to get a license you need a lot of money.
Oh wonderful. That's much better news than I thought. ANd thank you for being willing to provide an answer. I assumed not many with the knowledge would be keen to answer as to limit potential competition raised by an answer like yours. Any countries you'd recommend? I know it is especially easy to incorporate in belize and their privacy is very good as well. I do not however, know their stance on gambling so I will have to look into it. I really appreciate the answer. Are there any other pitfalls you'd recommend I watch out for, legal or otherwise when operating a crypto site. Perhaps specific terminology to avoid or things that may become a hinderence. 200btc bankroll capital should serve as enough to maintain playability at decently high volumes of users, should it not? I have a lot of resources, especially within advertising I'm willing to pool into this so I appreciate any advice greatly Thanks aain for being so willing to inform me before I take further action. |
|
|
|
Hey sorry if this in the wrong section or is too much for a first post but I've always wondered something and it's been hard to get an answer. I was curious when operating a bitcoin casino such as bustabit wouldn't you need gambling licensing in all of the countries you operate in, and wouldn't that be extremely costly in order to be legal/compliant? Or do certain sites like bustabit and other gambling site not require specific gambling licensing to operate? For example say I was going to develop my own site what would I legally need to do in order to be compliant and operate in as many countries as possible and are there any places where I would not be able to operate (countries or states/regions)? I can't really find any solid information on compliancy and legalities when running an online crypto gambling site. As far as I can see, most of the crypto sites out there do not openly display any licensing or certification seals but it would be awesome if I could get some info or some pointers towards info on the pitfalls and ways I would need to operate in order to be legal and compliant. I recognise that this is a question better suited to a legal professional but I hope some insight can be granted her before I persue any further legal advice (which I will be sure to do prior to any launch). |
|
|
|
|
