This is not a safe assumption. The previous places that coins were sent to may have nothing to do with the rightful recipient of returned coins, in common cases like shared wallets or in less common cases like various transaction privacy mechanisms. It's also incompatible with privacy preserving practices like using an address only once, and accounting practices (you may end up sending funds to some offline key of the senders or some key they've destroyed). Many wallets will also not recognize a pay to pubkey transaction as their own. The assumption that you can infer a working return address has observably caused people to lose funds in the past.

Fixing yourself on receiving only particular transaction types is also hostile to the ecosystem, since it denies people autonomy in how they manage their own wallets.  If you may need a refund, you should be collecting a refund address before you provide a pay to address.

The new payment protocol stuff handles that atomically.

Please don't be irresponsible. Do you plan on compensating people out of pocket for funds lost due to your practices?

No one was telling you to wait for anything.

You don't need an account at all.  You're already prompting for a destination email address before giving the user an address to pay to. Prompt for a return address at the same time, it's as trivial as that. This is the standard, widely adopted, best practice in industry right now.

A failure to do that makes your service available to fewer customers, risks customer confusion/dissatisfaction and funds loss (when not if), and reduces Bitcoin user's autonomy over their own wallet management practices.

It isn't just a matter of accepting, those funds may go to other people, they may go to keys that no longer exist. When the returned funds show up the recipient may have no idea which transaction they were being refunded for and may, as a result, double pay (or improperly credit someone else). There may not even be a service involved, but regardless shared wallet services have been a common feature of the Bitcoin ecosystem system 2010. They are common well supported and within best practices. What you are doing is not.

This is extremely IRRESPONSIBLE. You don't even warn people for not to use a shared wallet in the FAQ. This is just a TRAP

Your service strips control away from users— by sending funds back to random addresses. When they have funds randomly show up how will they know where they came from?  Is it the prior person that they gave that address to— the only person in the world they gave that address to— paying them again (and so should they ship out some more product as a result?)  is it one of your payto's refunding? Should they want to send the funds another way, how do they know which payto was refunded?

As I have said several times here, shared wallet services are not the only case where your service will cause funds to be lost (though they're currently the most common one). It's hostile to good key management retiring old keys, and it's hostile to wallets anonymizing payments by making joint transactions. Worst of all, it makes the users private wallet management practices— which should be their own personal business— constrained by you.  It degrades coin fungibility because the user may have coins they can pay you with (ones that were sent to convenient addresses they can receive more payments with) and ones they can't.

You are already taking a twitter-to address, just take a refund address as part of the same URL. Whats the big deal?

Is your own service even compatible with its own practices?  What happens if a paythru user releases their funds to an exchange using the same practices as your site (fortunately none currently do) which does an emergency shutdown and refunds all coins using the same algorithm you use? I assume you'll just uselessly loop at that point.

The impression I'm getting here is that I wouldn't personally trust you with my money. You seem to be somewhat blasé about putting other peoples funds at risk.

PAYTHRU don't want people's bitcoins, so you're absolutely right that you shouldn't trust the service.

But also, I think it's fairly clear that you don't have a grasp on what PAYTHRU actually attempts to do, so perhaps we can stick to OP's topic instead of making personal attacks.

I'm sorry, but you're just coming off as rude and unhelpful. The first thing on the page not part of the template itself says, "This is an unclaimed Bitcoin address". It's even styled/colored differently than the "This Bitcoin address is published!" message. The API also reflects this information through the `status` field.

Anyhow, an email was dispatched to president@whitehouse.gov, explaining how to publish their own bitcoin address and receive any bitcoins held. If that were to happen, the page text would update to reflect that, in which case it would be AMAZING.



If I find a wallet on the ground, I'm going to mail it back to the address on the ID card. Maybe they moved, but I have no way of knowing that.