RickDeckard
Legendary
Offline
Activity: 1148
Merit: 3117
|
Nice having you into this discussion NeuroticFish! Just a FYI - As it stands, I never participated in this campaign, these are just my opinions of what I would see as beneficial. Regarding your points, here are my thoughts: * the people have posted publicly their addresses into the forum * the address the transactions are sent from is public, so the transactions can easily be traced
That's a fact. However, one thing is to publish an address into the forum and other thing is to have that same address linked to a user in a single place where we can have all the transactions that were sent to that same address. This goes directly into your second point (blockchain is traceable until the genesis block), but I think that the way the information is presented in the spreadsheet makes whatever information is sent to Google way more easy to be compiled or even analyzed by a malicious actor. It's true that one can simply note which address belongs to who and start tracking it individually on the blockchain (assuming no spreadsheet existed), but that would take slighly more work when compared with the current solution. While CryptoPad won't solve the argument that I've introduced as a reply to your points (publicly and compiled information), at least we'll know that no organization is doing whatever Google does in the background. If the process to transition to CryptoPad (or any other service alike) was a hassle, I would agree that it wouldn't be worth but I don't think that's the case as well. * both Google Docs and CryptoPad work with Tor browser if JS is enabled, so there's no such thing as logging IP is one wants to be careful
My problem isn't only regarding accessing the service. I also fear what Google might do "behind" the scenes. Since we don't know what kind of analysis does Google make into the files that are hosted into their services, I will just assume that there's some kind of data that being analyzed and, in worst case scenarios, traded with someone that sees it as valuable (the "value" of the information in this case can be argued of course). After all, it wouldn't be the first time that reports of Google actively scanning your files[1] would happen (and keep happening).
I don't think I've ever looked at the spreadsheet beyond the day I was accepted, and I would have no issue with there being no spreadsheet at all so that individuals could keep their addresses private if they wish.
While I understand that for the sake of transparency having the spreadsheet public is understandable, I also think there's room to debate here - would the overall users prefer to only those running in the campaign having access to the file? Or, if no one is looking at it, should it be kept private within the campaign manager (as a way to keep the records and facilitate payments)?
[1] https://libreddit.spike.codes/r/DataHoarder/comments/ya78r3/was_not_aware_google_scans_all_your_private_files/
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18718
|
|
January 22, 2023, 05:39:32 PM |
|
While I understand that for the sake of transparency having the spreadsheet public is understandable, I also think there's room to debate here - would the overall users prefer to only those running in the campaign having access to the file? Or, if no one is looking at it, should it be kept private within the campaign manager (as a way to keep the records and facilitate payments)? Genuine question: Why are people looking at the spreadsheet? What information are they taking from it? They have no need to know other users' addresses or post counts, and they can figure out how many of their own posts have been counted based on how much they are paid. As I said, I haven't looked at the spreadsheet in years. I don't see why it needs to exist. I can maybe see an argument for a public spreadsheet in short lived campaigns, high turn over campaigns, or campaigns with a relatively new/inexperienced/untrusted manager, but not here. My hatred of all things Google is well known, so I welcome a move away from Google Sheets, but at the end of the day the spreadsheet is still publicly viewable online to anyone and everyone.
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1666
Merit: 8239
Bitcoin is a royal fork
|
|
January 22, 2023, 06:23:25 PM |
|
and they can figure out how many of their own posts have been counted based on how much they are paid. How? They need to find the USD/BTC exchange rate of $6, and divide their paid amount with it to figure that out. The spreadsheet prevents this discomfort.
|
|
|
|
icopress
Legendary
Offline
Activity: 1792
Merit: 9018
light_warrior ... 🕯️
|
|
January 22, 2023, 06:28:54 PM |
|
Personally it seems like a bit of unnecessary hustle, but I am also a campaign manager and if I knew that switch like this would benefit any members of the campaign I am running I would probably make the switch. Will try it myself this week when uploading a spreadsheet. Thanks for bringing this to my attention.
Maybe this will be a new trend...let me know how you got on with it.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18718
|
|
January 22, 2023, 06:51:55 PM |
|
How? They need to find the USD/BTC exchange rate of $6, and divide their paid amount with it to figure that out. The spreadsheet prevents this discomfort.
DarkStar_ posts the exchange rate he uses each week. (Exchange rate * how much you got paid)/6 = number of posts you were paid for. Very simple.
|
|
|
|
dkbit98
Legendary
Offline
Activity: 2380
Merit: 7505
|
|
January 22, 2023, 09:05:29 PM |
|
I like it, let's continue with de-googling mission Everything works fine for me with cryptpad.fr, but I just wish if it could load a bit faster and work with dark themes. I think that n0nce or someone else recently posted another alternative called ethercalc.net that load super fast, but I am not sure it's encrypted and fully open source like cryptpad.
|
|
|
|
RickDeckard
Legendary
Offline
Activity: 1148
Merit: 3117
|
|
January 22, 2023, 11:41:46 PM |
|
(...) Everything works fine for me with cryptpad.fr, but I just wish if it could load a bit faster and work with dark themes. (...) I reckon that with the ChipMixer spreadsheet it takes some time loading all the information. Regarding dark themes, it actually has for both the interface and ONLYOFFICE! For changing to the dark theme in the CryptoPad interface - as announced on their blog[1] - just go over to Settings -> Appearance -> Dark Mode. To change to dark theme in a ONLYOFFICE sheet just head over to File-> Advanced Settings...-> Interface Theme -> Dark. Now you should be able to run in a fully dark theme
[1] https://blog.cryptpad.org/2021/02/24/status-feb-2021/
|
|
|
|
Lucius
Legendary
Offline
Activity: 3388
Merit: 6103
Crypto Swap Exchange🈺
|
|
January 23, 2023, 11:05:41 AM |
|
Genuine question: Why are people looking at the spreadsheet? What information are they taking from it? They have no need to know other users' addresses or post counts, and they can figure out how many of their own posts have been counted based on how much they are paid. ~snip~
Surely you remember that not so long ago, one member was caught with his 2 alt accounts due to the public data of the campaign - and in the event that this data was visible only to the manager, he might still be abusing it today. I think the whole thing makes sense because of transparency, although I personally (and many others) wouldn't mind if the whole list were private and only available to those who would ask for it for some good reasons (not out of mere curiosity).
Regarding CryptPad, I tried to open the link via TOR and it was very slow, about 4 minutes for the list to load completely.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18718
|
|
January 23, 2023, 01:50:39 PM |
|
Surely you remember that not so long ago, one member was caught with his 2 alt accounts due to the public data of the campaign - and in the event that this data was visible only to the manager, he might still be abusing it today. Correct me if I'm wrong, but this link was made purely on the blockchain history of the payment addresses. Making such a link would still have been possible without the spreadsheet simply by pulling the payment addresses from the weekly payment transaction. The investigator might not have known the exact users linked to those addresses, but could easily just pass the blockchain evidence to DarkStar_ who could then respond accordingly. I see no reason for there to be a public record linking usernames to addresses.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3822
Merit: 6553
Looking for campaign manager? Contact icopress!
|
|
January 23, 2023, 02:10:21 PM |
|
I see no reason for there to be a public record linking usernames to addresses.
This is correct. But then probably the whole procedure of joining to a campaign should be changed, from privately giving out addresses (by participants and possibly by campaign manager too) to private access to the spreadsheet for the participants. However: * this would be a huge hassle for CMs * since members come and go the spreadsheet can become sooner or later almost public again if it isn't that everybody can see only his records * this means that neither the CM nor the participants cannot be properly checked; and humans are inclined to cheat, you know... So.. this half-solution is imho more hassle for not much of use/improvement, and.. I don't know how can this be done really good. Don't take me wrong, I'd like to see a better solution. But for now, we don't have one.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18718
|
|
January 23, 2023, 02:33:48 PM |
|
* since members come and go the spreadsheet can become sooner or later almost public again if it isn't that everybody can see only his records * this means that neither the CM nor the participants cannot be properly checked; and humans are inclined to cheat, you know... As I mentioned above, I can see the argument for a public spreadsheet in short lived campaigns, those which have a high turn over of users, or those with untrusted managers. But in a stable campaign such as ChipMixer, which adds or removes users only a couple of times a year and is managed by a highly trusted manager, then I see no benefit. Whereas the benefit to privacy of not having one is significant.
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1666
Merit: 8239
Bitcoin is a royal fork
|
|
January 23, 2023, 02:40:10 PM |
|
Whereas the benefit to privacy of not having one is significant. But, there's no privacy in that part to begin with. Anyone with trivial blockchain analysis can figure out that certain transactions, which are sent in a specific time, every week, using the same addresses as inputs and outputs come from this campaign. A little more work, and you can figure out who owns which address, because participants are paid according to the number of posts they make, which is already public information.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18718
|
|
January 23, 2023, 02:45:01 PM |
|
A little more work, and you can figure out who owns which address, because participants are paid according to the number of posts they make, which is already public information. It wouldn't be public information without a spreadsheet. Yes, a determined adversary could certainly mimic DarkStar_'s job for several months and start to figure out who is who, but there is a big difference between that and a spreadsheet linking names and addresses. Just like someone could follow you for two weeks to learn your daily routine and when the best time would be to break in to your house, but there is a big difference between that and sticking a note on your door saying "I'm going to be at work for the next 12 hours". And of course once people start changing their addresses, then the whole process becomes more difficult and less accurate.
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1666
Merit: 8239
Bitcoin is a royal fork
|
|
January 23, 2023, 02:53:13 PM |
|
Yes, a determined adversary could certainly mimic DarkStar_'s job for several months and start to figure out who is who Several months? One to two weeks is enough to figure out what's DarkStar's payout address. Just like someone could follow you for two weeks to learn your daily routine and when the best time would be to break in to your house, but there is a big difference between that and sticking a note on your door saying "I'm going to be at work for the next 12 hours". As if you had a giant ChipMixer sign below your public posts which would indicate how much you make, and with whom you work with.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18718
|
|
January 23, 2023, 03:18:06 PM |
|
Several months? One to two weeks is enough to figure out what's DarkStar's payout address. It's not enough to figure out which address is mine, though. On the last payment there are 12 addresses which received the maximum payout.
|
|
|
|
PrivacyG
Legendary
Offline
Activity: 938
Merit: 1986
Crypto Swap Exchange
|
The replacement of Spreadsheet sounds so amazing. Keep it up, Dark Star. And F Google. But, there's no privacy in that part to begin with. Anyone with trivial blockchain analysis can figure out that certain transactions, which are sent in a specific time, every week, using the same addresses as inputs and outputs come from this campaign. A little more work, and you can figure out who owns which address, because participants are paid according to the number of posts they make, which is already public information.
Disagree. You can see there is a transaction spent every week in a specific time with the same Inputs and Outputs. But. Chip Mixer is a Privacy Friendly service and the Campaign can be organized as such too. I do not think participants would not like it. The manager can have a local file containing participants, payments and all of that. I really believe it is very useful for a manager. But I agree with o_e_l_e_o. An online Spreadsheet is not necessary. Most of the Campaigns I participated in had a Google Spreadsheet with all sorts of information on it. Want to see how you are doing as a participant? Go to Spreadsheet. Are you still a participant? The manager never sends a PM or publicly announces it. You can find out by checking just the Spreadsheet. But, wait. Google does not allow non Java Script browsing at all. Most of the links are unusable or display blank pages without it. So there it goes. I can not check the Spreadsheet anyway. There are solutions for everything, I believe. A manager can run a Campaign in a more Privacy friendly manner. Applications can be done without posting Addresses. Just user name, post count and Merits. Addresses can be sent through PM. Payments can be sent separately instead of batches. If I was a Chip Mixer participant, I would agree to be paid the amount minus fees. In fact. What if Dark Star paid from a Chip Mixer chip every week instead of using the same Address? What if Chip Mixer members gave Dark Star a list of 10 Addresses and Dark Star paid them weekly in a random Address from a Chip Mixer chip. Just an idea. Payment amounts are based on post counts per week. Sure. But not all posts are counted. Right? How accurate can a Blockchain Analysis tool be to link it all so accurately to participants. Why would anyone now even bother doing a Chip Mixer investigation any more. Too much work for what? A list of how much participants earn from this Campaign? All of this is what quickly came to my mind. There may be big flaws in every thing I said. And I am sorry for Dark Star because all of this might be a big extra stress to him and now he might hate me. But maybe he actually likes at least one of my ideas. Anyway. As I said above. Solutions can be found for all the issues. - Regards, PrivacyG
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3822
Merit: 6553
Looking for campaign manager? Contact icopress!
|
|
January 23, 2023, 05:37:34 PM |
|
* since members come and go the spreadsheet can become sooner or later almost public again if it isn't that everybody can see only his records * this means that neither the CM nor the participants cannot be properly checked; and humans are inclined to cheat, you know... As I mentioned above, I can see the argument for a public spreadsheet in short lived campaigns, those which have a high turn over of users, or those with untrusted managers. But in a stable campaign such as ChipMixer, which adds or removes users only a couple of times a year and is managed by a highly trusted manager, then I see no benefit. Whereas the benefit to privacy of not having one is significant. Well, another use case is users sharing the link to others from outside. I would add that I was there on the use case of having a spreadsheet. The direction of not having any at all is... intriguing. And I agree 100% that not having one at all significantly benefit on privacy. Just then there won't be any choice for scrutiny (of course, it can be debatable whether we need that or not). Interestingly we may get from 2 spreadsheets (as now, although temporarily) to none (at least not publicly). What if Chip Mixer members gave Dark Star a list of 10 Addresses and Dark Star paid them weekly in a random Address from a Chip Mixer chip. Just an idea. Not a bad idea, just it can be prone to mistakes, since as we stand now OP will have to handle correctly 540 addresses. I would clearly not mid to get the coins sent to a private list of addresses. --- However, private spreadsheet and private list of addresses... this can probably work at ChipMixer and maybe a handful of other campaigns, but in most cases (campaigns and campaign managers) it can become - sooner or later - the recipe for disaster.
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3458
Merit: 17515
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
January 23, 2023, 05:51:01 PM Last edit: January 23, 2023, 07:04:02 PM by LoyceV |
|
In fact. What if Dark Star paid from a Chip Mixer chip every week instead of using the same Address? What if Chip Mixer members gave Dark Star a list of 10 Addresses and Dark Star paid them weekly in a random Address from a Chip Mixer chip. Just an idea. I've thought about this, but it's prone to error. Manually selecting 50+ addresses per week every week means thousands of addresses per year. The only way to rule out mistakes is by automating the entire process. I've also thought of the possibility to be paid in CM chips directly, instead of on-chain, but that's also more likely to cause mistakes. It's much easier to leave it to the user to mix their coins if they want.
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1666
Merit: 8239
Bitcoin is a royal fork
|
|
January 25, 2023, 11:01:49 PM |
|
We can think of various ways to enhance privacy when it comes to the weekly payment. But, I don't like forcing my fellows participants do something that I may find bad practice for myself, for their good. If they don't prioritize privacy in Bitcoin transactions, coercion isn't appropriate. I know that we can "split" to one group that does prioritize privacy, and to another that is neutral (backwards compatible technically ), but I just don't find a reason. As I said, posts are public. Even a 10 year old kid, if you give it an hour can work out the total money each participant has received this month, without looking at the spreadsheet. In other words: it's a false sense of privacy. Now as for the chips: If you want them, go and get them from the onion site. Not from the forum, introducing further risks.
|
|
|
|
aesma
|
I like the irony of discussing all these privacy issues on a campaign thread for a product that allows you to...get privacy for your coins.
|
|
|
|
|