RHavar (OP)
Legendary
 Offline
Activity: 2557
Merit: 1886
|
I'd like to announce bithra.com a completely free, automated and provably fair bitcoin escrow. It's something I've wanted to build for a while, with the goal of making escrow so easy, quick (and free) that there's no reason to not use it. Part of making it user-friendly, means I had to forgo some of the more fancy cryptography like M-of-N which would require users to work with public keys -- but I have managed to make it provably fair. It also comes with an API if that's your thing. Give it a try, I think you'll like it =) https://www.bithra.com/ |
Check out gamblingsitefinder.com for a decent list/rankings of crypto casinos. Note: I have no affiliation or interest in it, and don't even agree with all the rankings ... but it's the only uncorrupted review site I'm aware of. |
|
|
|
|
|
|
|
|
|
|
|
The block chain is the main innovation of Bitcoin. It is the
first distributed timestamping system.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
prtty2gal2
|
 |
May 02, 2016, 08:29:32 AM |
|
So with this site, you can basically become an escrow service provider yourself easily, right? (Correct me if I'm wrong)
This is absolutely amazing. I might use this sometime soon.
Note: There's no reason to not trust the site because the owner of bithra is the owner of bustabit too.
|
|
|
|
|
RHavar (OP)
Legendary
Offline
Activity: 2557
Merit: 1886
|
|
May 02, 2016, 06:24:00 PM |
|
So with this site, you can basically become an escrow service provider yourself easily, right? (Correct me if I'm wrong)
This is absolutely amazing. I might use this sometime soon.
Note: There's no reason to not trust the site because the owner of bithra is the owner of bustabit too.
Yeah, I act as escrow for all transactions on the site (just don't provide arbitration services). The moral equivalent of using 2-of-2 multisig, just with a nicer UX but worse guarantees. But yeah, there's definitely a lot less counter-party risk in using bithra than trusting some random stranger when trading |
Check out gamblingsitefinder.com for a decent list/rankings of crypto casinos. Note: I have no affiliation or interest in it, and don't even agree with all the rankings ... but it's the only uncorrupted review site I'm aware of. |
|
|
|
zenitzz
|
|
May 02, 2016, 07:24:31 PM |
|
sorry i dont understand with provably fair, it means every transaction would be transparent? and whether this escrow service would be free for forever  |
|
|
|
|
Johny Depp
Full Member
Offline
Activity: 211
Merit: 125
busting the bastards
|
|
May 02, 2016, 07:45:28 PM |
|
PROVABLY FAIR: We provide non-repudiable proofs for all our escrow services, and is operated by Ryan Havar (owner of bustabit), on bitcointalk's default trust list, and handled millions of dollars of bitcoins. ^^What is this? So, you are basically asking for a favor for being on default trust level 2! Where is the provable fairness in it? |
Exposing frauds since 2014
|
|
|
Dogedigital
Legendary
Offline
Activity: 1330
Merit: 1000
|
|
May 02, 2016, 07:48:23 PM |
|
Very nice site. I'm impressed.
What happens in the case of disputes?
|
|
|
|
|
DarkStar_
Legendary
Offline
Activity: 2758
Merit: 3282
|
|
May 02, 2016, 07:53:17 PM |
|
PROVABLY FAIR: We provide non-repudiable proofs for all our escrow services, and is operated by Ryan Havar (owner of bustabit), on bitcointalk's default trust list, and handled millions of dollars of bitcoins. ^^What is this? So, you are basically asking for a favor for being on default trust level 2! Where is the provable fairness in it? That is only one part of it though, and probably one of the smaller parts. The main reason he should be trusted is because he owns bustabit, and previously owned moneypot. Moneypot had lots of bitcoin invested in the bankroll, and I don't believe a single satoshi was stolen since after the sale, people could access and withdraw their funds at mp.bustabit.com. Bustabit has also had a lot of bitcoin wagered, and large winners are paid out very quickly, with some huge 10+ bitcoin withdraws. There wouldn't be much of a point for Ryan to create a site, just to scam people since if he did, his site (which probably makes him nice profit) would get a lot smaller volume, and there would be less profit. |
taking a break - expect delayed responses
|
|
|
RHavar (OP)
Legendary
Offline
Activity: 2557
Merit: 1886
|
|
May 02, 2016, 10:55:35 PM |
|
PROVABLY FAIR: We provide non-repudiable proofs for all our escrow services, and is operated by Ryan Havar (owner of bustabit), on bitcointalk's default trust list, and handled millions of dollars of bitcoins. ^^What is this? So, you are basically asking for a favor for being on default trust level 2! Where is the provable fairness in it? Actually it offers a little more guarantee than what is typically called "provably fair". Because in addition to proving to yourself it's fair (like gambling) it allows you to prove to others to prove you were cheated (non-repudiation). The provably fairness is explained in the FAQ, but here's a practical example: {
"address": "1MGeKWdiUiKPBt3NUR7NsmNDsZT5LgycrW",
"message": "The address 12SbYg7CZL9pxkvJqmmFriJXBYXhTiXPep was generated on 2016-05-01T23:12:56.110Z by bithra.com, and holds funds in escrow for 1FDUdzgVhUbSpkbCKST11XoeQ3K5zxac8a and will be released with signed instructions from 14iik8PjwVKGhHPvTD3eJUCdpyR7dfjW2Y in the next year",
"signature": "IBGDmeCNLxx6KBCBjJJkvvWpQwKFAsZd3PKHmkzzPI8gL+6AgOqOxScU/uHKrJoksQ4S5FRcI2iQ9qqHGdGpLPk="
}
You need to verify three things: * The address is indeed the one we use to sign guarantees * The signature is valid ( I like this tool: https://www.blocktrail.com/BTC?verifysignedmessage=1 ) * The details are correct Now you can save that guarantee, and if we don't act according to it -- you can call us out on scamming! |
Check out gamblingsitefinder.com for a decent list/rankings of crypto casinos. Note: I have no affiliation or interest in it, and don't even agree with all the rankings ... but it's the only uncorrupted review site I'm aware of. |
|
|
RHavar (OP)
Legendary
Offline
Activity: 2557
Merit: 1886
|
|
May 02, 2016, 11:01:23 PM |
|
That is only one part of it though, and probably one of the smaller parts. The main reason he should be trusted is because he owns bustabit, and previously owned moneypot. Moneypot had lots of bitcoin invested in the bankroll, and I don't believe a single satoshi was stolen since after the sale, people could access and withdraw their funds at mp.bustabit.com. Bustabit has also had a lot of bitcoin wagered, and large winners are paid out very quickly, with some huge 10+ bitcoin withdraws. There wouldn't be much of a point for Ryan to create a site, just to scam people since if he did, his site (which probably makes him nice profit) would get a lot smaller volume, and there would be less profit.
Yeah, I think at a single point of time I had held >1000 BTC of other peoples money that I could've stolen if dishonest, and in total processed a little over 16k BTC of peoples withdraws. It doesn't really prove I will always act ethically, but bithra.com is just supposed to be a light weight alternative to "Send me the money first", not the be all and end all. I specifically avoided any advanced features and usage just to make it simple. The use case I'm trying to replace is: "Hey, I'm new and selling X. Please send me the money first, I promise I won't scam you. I don't have time to use a human escrow". It's not trying to replace trustless on-chain schemes, and things that offer better guarantees. |
Check out gamblingsitefinder.com for a decent list/rankings of crypto casinos. Note: I have no affiliation or interest in it, and don't even agree with all the rankings ... but it's the only uncorrupted review site I'm aware of. |
|
|
RHavar (OP)
Legendary
Offline
Activity: 2557
Merit: 1886
|
|
May 02, 2016, 11:03:03 PM |
|
Very nice site. I'm impressed.
What happens in the case of disputes?
Thanks! The two parties need to work it out. It's the moral equivalent of 2-of-2 multisig, but designed to be easier to use (no public key sharing, both people don't need to sign the transaction). If you need arbitration or something more advanced, it's not really the service. There was a good discussion of it in bustabit, but basically the summary is that it removes the upside in scamming -- but doesn't prevent people scamming. |
Check out gamblingsitefinder.com for a decent list/rankings of crypto casinos. Note: I have no affiliation or interest in it, and don't even agree with all the rankings ... but it's the only uncorrupted review site I'm aware of. |
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2870
Merit: 2298
|
|
May 03, 2016, 03:37:10 AM |
|
I tried it out and it seems there is some issue. I am receiving an error message saying to check the console and upon inspection of the console it looks like the server is responding with a status of 500 () If possible can you please release the coins back to my address  { "address": "1MGeKWdiUiKPBt3NUR7NsmNDsZT5LgycrW", "message": "The address 1H8YMrRaQeYJELbcVqatuRETtiLKL5Pkvw was generated on 2016-05-03T03:15:47.203Z by bithra.com, and holds funds in escrow for 1GTpwVr3UJsMTkdqVnwymGXR1udtDpo5f9 and will be released with signed instructions from 1AiJ9npjZceutRaASKT77jucsWpLsRPMWB in the next year", "signature": "IKKMZfp+sKPyDTSIPvvGZ5GYiFtTHkzrAYDY4y0lzL0xFxhNwFHRS3wGM2+PlWZi0ooGLrgR2Ww9B4APvXLIvq0=" }
{ "address": "1AiJ9npjZceutRaASKT77jucsWpLsRPMWB", "message": "release all escrowed funds from 1H8YMrRaQeYJELbcVqatuRETtiLKL5Pkvw", "signature": "ICyFNJtDTmzwHfroK4HDTxUsOTU3Dw2rOJ/8m/04dA5GSL/xT/yxmD/W6RMj46emfEZchmNlhoc8bKzn58sUvSw=" }
I am also curious to know what will happen after the one year period is up |
|
|
|
|
RHavar (OP)
Legendary
Offline
Activity: 2557
Merit: 1886
|
|
May 03, 2016, 04:23:30 AM |
|
I tried it out and it seems there is some issue.
Uggh. And thanks! I threw 0.05 BTC into your escrow while you're waiting. Seems like my latest change has stopped the "Advanced" release from actually sending the signature to the server. Will have it fixed in a few minutes. Note to self: Setup email alerts for errors --- Thanks! Stupid mistake, fixed. And I used the interface to release the escrow. (Posting it here, as you made the details public) https://live.blockcypher.com/btc/tx/c5d19e91a26e50a8e5ca23f6b9a8187c389dafec1bfd25126f008047b256ffd0/The fee on that is strangely small, but it's seems to be working correctly (blocktrail's api is telling me the optimal fee is 94.12 bits per KiB) |
Check out gamblingsitefinder.com for a decent list/rankings of crypto casinos. Note: I have no affiliation or interest in it, and don't even agree with all the rankings ... but it's the only uncorrupted review site I'm aware of. |
|
|
RHavar (OP)
Legendary
Offline
Activity: 2557
Merit: 1886
|
|
May 03, 2016, 04:32:14 AM |
|
I am also curious to know what will happen after the one year period is up
If the funds are never released, they will be forever lost to bithra. They won't be sent to the destination, or returned to sender -- as picking either of them could encourage a type of scammers. It kind of mimicks what happens in a 2-of-2 escrow situation, when the parties don't come to agreement (except in this case, I keep the money instead of them being forever unspendable) |
Check out gamblingsitefinder.com for a decent list/rankings of crypto casinos. Note: I have no affiliation or interest in it, and don't even agree with all the rankings ... but it's the only uncorrupted review site I'm aware of. |
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2870
Merit: 2298
|
|
May 03, 2016, 05:12:10 AM |
|
Received, thanks and appreciated. It looks like you might have it setup so that the release transactions will get broadcast via blockchain.info's node (maybe via blockchain.info/pushtx), and although they are my personal favorite block explorer, they do have a lot of problems, especially DDoS type problems that prevent people from accessing their website (or broadcasting transactions via them). If running a full node is too costly for your service that you are not charging anything for, then I might suggest running electrum, using the "loan transaction -> from text" feature and then broadcasting the signed transaction via electrum (and possibly also providing the signed transaction that the user can broadcast themselves in case of other problems). I might also suggest that you require some kind of cryptographic confirmation that the release secret (what appears to be a private key generated by your website) was actually backed up or that the user can in fact sign a message from the address they say they will sign from to release the funds prior to generating the escrow address. This will prevent someone from inadvertently creating an escrow address that is essentially impossible to release. It also looks like your FAQ might have a typo: ...You can it directly with our website.... I believe that you intended for this to say "...You can generate it directly with our website..." |
|
|
|
|
RHavar (OP)
Legendary
Offline
Activity: 2557
Merit: 1886
|
|
May 03, 2016, 05:23:26 AM |
|
It looks like you might have it setup so that the release transactions will get broadcast via blockchain.info's node (maybe via blockchain.info/pushtx), and although they are my personal favorite block explorer, they do have a lot of problems, especially DDoS type problems that prevent people from accessing their website (or broadcasting transactions via them).
Nicely spotted. But actually I push to both bc.info and blockr. The code if interested: https://dl.dropboxusercontent.com/spa/rmczv2tqcr196vz/oxrp5rgx.png If running a full node is too costly for your service that you are not charging anything for, then I might suggest running electrum, using the "loan transaction -> from text" feature and then broadcasting the signed transaction via electrum (and possibly also providing the signed transaction that the user can broadcast themselves in case of other problems).
I already run a full node for bustabit, so I could push it to that node with a few minutes work. I actually store the transaction (and the release signature) before it's pushed in the database, so it's a TODO: to expose that to the user as well. I might also suggest that you require some kind of cryptographic confirmation that the release secret (what appears to be a private key generated by your website) was actually backed up or that the user can in fact sign a message from the address they say they will sign from to release the funds prior to generating the escrow address. This will prevent someone from inadvertently creating an escrow address that is essentially impossible to release.
Good point It also looks like your FAQ might have a typo: ...You can it directly with our website.... I believe that you intended for this to say "...You can generate it directly with our website..." [/quote] Yup, thanks |
Check out gamblingsitefinder.com for a decent list/rankings of crypto casinos. Note: I have no affiliation or interest in it, and don't even agree with all the rankings ... but it's the only uncorrupted review site I'm aware of. |
|
|
|
jtipt
|
|
May 03, 2016, 03:03:52 PM |
|
Seems an impressive website, i might try it with some small transactions where it is not worth the time for a forum escrow.
|
|
|
|
|
Timelord2067
Legendary
Offline
Activity: 3668
Merit: 2217
💲🏎️💨🚓
|
 |
May 07, 2016, 06:55:56 AM |
|
- Other websites for wallet creations have from time to time had suggested to them that they could see the wallet private key "Release Secret:", how are you prevented from seeing the private key "Release Secret:" that gets displayed on the home page when a user sets up an Escrow?
- Once the "Release Secret:" is used to release the held funds does that wallet then become inoperable?
- If a person was making part payments (eg paying in installments, would the Destination act the same way a ordinary wallet address would in accepting any number of deposits?
Thanks for reading. |
|
|
|
RHavar (OP)
Legendary
Offline
Activity: 2557
Merit: 1886
|
|
May 08, 2016, 01:13:41 PM |
|
- Other websites for wallet creations have from time to time had suggested to them that they could see the wallet private key "Release Secret:",
how are you prevented from seeing the private key "Release Secret:" that gets displayed on the home page when a user sets up an Escrow?
The release secret is 100% generated client-side, and NEVER sent to the server. You can verify this by either: a) Check the source code (a bit tricky, because bitcoinjs-lib is minified and hard to check its not tampered with) b) Check the network tab in chrome (you'll see only the address is sent) c) Use the advanced mode, and generate an addresss totally off the site, and only provide the address (most recommended, if you're concerned) - Once the "Release Secret:" is used to release the held funds does that wallet then become inoperable?
You can still put money in a released escrow, and re-release it. i.e. your money won't be lost. But because the escrow is released, it can't be used multiple times (the provably fair system only says "release the entire escrow" it doesn't say "release payments sent before X". So you should use a new escrow for new things. - If a person was making part payments (eg paying in installments, would the Destination act the same way a ordinary wallet address would in accepting any number of deposits?
Thanks for reading. You can make installment payments to the escrow address, yeah. And when it's released, all the outputs will be sent at once to the receiver. Super dusty payments (e.g. under ~20) won't be used, because they'll add more to the txfee than they would to the output amount |
Check out gamblingsitefinder.com for a decent list/rankings of crypto casinos. Note: I have no affiliation or interest in it, and don't even agree with all the rankings ... but it's the only uncorrupted review site I'm aware of. |
|
|
|
BitcoinLoan
|
|
May 09, 2016, 02:04:07 AM |
|
Brilliant! I was looking for exactly something like this!
Great job!
Thank you!
|
|
|
|
|
|
maokoto
|
|
May 09, 2016, 03:31:08 AM |
|
It is good to have an easier way to do escrow. It was too complicated (IMO) to do it in the traditional way.
|
|
|
|
|
