Bitcoin Forum
November 05, 2024, 01:10:45 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [19] 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 »
  Print  
Author Topic: Bitcointalk Escrows - Trade Safely!  (Read 108536 times)
kingaltcoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 502


View Profile
January 31, 2016, 06:44:16 AM
 #361

I think Bitpop is doing a great job nowadays and all his escrows are done securely on Bitrated.
So he can be included on Big 5.
Or you may add a pole to this thread to see who votes whom.

In general it will be nicer if every escrowers start escrowing through multi-signature bitcoin addresses.
That way no scams can be possible.
mexxer-2
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1005


4 Mana 7/7


View Profile
January 31, 2016, 08:20:12 AM
 #362

I've updated the list with a 'BIG 3'.

Who would you choose as the other 2 escrows to make it the 'BIG 5' once again?
Just stating some stats to make it easier to choose

1) Highest online time:

  • bitpop- 843 days, 17 hours and 45 minutes
  • SebastianJu- 156 days, 16 hours and 25 minutes.
  • PsychoticBoy- 111 days, 7 hours and 55 minutes.
  • Blazr- 76 days, 10 hours and 36 minutes
  • Anon136 - 72 days, 12 hours and 21 minutes
  • Dabs- 59 days, 12 hours and 35 minutes
  • TwinWinnerD- 70 days, 13 hours and 54 minutes.

2) Trust rating(Number of feedbacks from DT members):
  • PsychoticBoy- 12
  • SebastianJu- 11
  • TwinWinnerD- 4
  • Dabs- 4
  • Blazr- 3
  • lyth0s - 2
  • Bitpop- 1

3) Time since they ran their service:

Not quite sure, feel free to fill this one but I believe Dabs was quite ahead there.

4) Last active(reference as to how active they are)(A random time as to make the list better):

  • SebastianJu: Yesterday, 07:14:25 PM
  • TwinWinner- Today, 12:57:44 AM
  • bitpop- Today, 12:10:28 PM
  • lyth0s- Today , 04:51:21 AM
  • PsychoticBoy- January 27, 2016, 12:51:32 PM
  • Blazr- November 03, 2015, 07:03:15 PM

Blazed
Casascius Addict
Legendary
*
Offline Offline

Activity: 2128
Merit: 1119



View Profile WWW
February 01, 2016, 12:39:01 AM
 #363

Also last time I spoke with TomatoCage (few days back) he said he was busy these days and not active here. So really we have the Big 2 currently.
Mitchell
Staff
Legendary
*
Offline Offline

Activity: 4102
Merit: 2301


Verified awesomeness ✔


View Profile WWW
February 01, 2016, 10:01:47 AM
 #364

I vote for SebastianJu and PsychoticBoy (started at 17 January 2014, 12:50:48).

.
Duelbits
            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀

Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█

Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █

Blackjack
|█▀▀▀▀▀█▄▄▄
       ▀████▄▄
         ██████▄
▄▄▄▄▄▄▄▄█▀    ▀▀█
████████▄        █
█████████▄        █
██████████▄     ▄██
█████████▀▀▀█▄▄████
▀▀███▀▀       ████
   █          ███
   █          █▀
▄█████▄▄▄ ▄▄▀▀
███████▀▀▀
.
                 NEW!                  
SPORTS BETTING 
|||
[ Đ ][ Ł ]
AVAILABLE NOW

Advertisements are not endorsed by me.
mexxer-2
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1005


4 Mana 7/7


View Profile
February 01, 2016, 02:11:34 PM
 #365

Also last time I spoke with TomatoCage (few days back) he said he was busy these days and not active here. So really we have the Big 2 currently.
That and his sig has been updated, seems he is temporarily closing his escrow service. Might wanna update the OP, marco.
BitNow
Legendary
*
Offline Offline

Activity: 1260
Merit: 1003



View Profile WWW
February 01, 2016, 05:45:46 PM
 #366

How exactly do you use the PGP key to prove that you are talking to the right person?

Could you post a Guide or a link to a Guide for proving identity from a PGP key?

I know you can sign Bitcoin addresses: could you sign a bitcoin address with a PGP, if so: how?

Thank You.


Best regards.


             ▐█████▄
            ▐█████████        ▄▄▄
            ▐████  ▐█████   ▀▀▀  █▌
            ▐███  ▐███████      ▐█▌
            ▐██▌   ▀█████▀     ▐█▀
       ▂▄▄▐██▌     ▀▀▀      ▐█▌
    ▐██████████████▄▄▄▄▄     ▄█▌
  ▐███       ▐███▀▀█████▄▄▄ ▐██
   ▐█▌        ▐███    ▀▀▀███████▄▄▄
    ▀▀▀        ▐███        ▐██▀█████▄▄
                ▐███      ▐██▌    ▀▀███▄▄
                 ▐███    ▐██▌  ▄▄▄▄▄  ███▄
         ▄████▄   ▐██▌  ▐███  ▐███████████
       ▐████████▌  ▐██▌▐██▌   ▐████████▀▀
        ▀██████▀    ▐████▀     ▀████▀
         ▐███▀     ▄█▐███
        ▐███▀   ▄████▌▀███
        ▐██████████▀    ▐█▌    █
         ▀████▀▀         ▐█▌  ██
                           ▀▀▀▀





























▶  TELEGRAM
▶  BITCOINTALK
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
February 01, 2016, 06:30:32 PM
 #367

How exactly do you use the PGP key to prove that you are talking to the right person?

Could you post a Guide or a link to a Guide for proving identity from a PGP key?

I know you can sign Bitcoin addresses: could you sign a bitcoin address with a PGP, if so: how?

Thank You.


Best regards.

Before you begin, understand that the pgp key must be aged. No one verifies it. Only time does. Anyone can make one that says bitpop today.

-XXIII-
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
February 01, 2016, 11:41:28 PM
 #368

How exactly do you use the PGP key to prove that you are talking to the right person?

Could you post a Guide or a link to a Guide for proving identity from a PGP key?

I know you can sign Bitcoin addresses: could you sign a bitcoin address with a PGP, if so: how?

Thank You.


Best regards.

For linux:

This will sign
Code:
$ echo "test" | gpg -u XXIII --clearsign

You need a passphrase to unlock the secret key for
user: "XXIII (crowedwg2kbyeyhs.onion) <support@keyscrow.com>"
4096-bit RSA key, ID 6281206B, created 2016-01-22

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

test
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWr+yNAAoJEI3wdmBigSBrnvMQAIuhoYHgv4QvSy4J1IIEv6Dh
eYeSNj6TBNs7SFiEMvkgpkeWXrXSl4oZodsxc22xvsT2S7Ynr+s8Md5uhrZ7rJ1b
gi6WIKyMpiEoPa8peNXYpaD6K7o/j3zBLCRbrFF0AxtcVrvERORxnaBxW0ELY9Hy
u1T+NYmwx49cSWMj26CFyi3S7Hg2cHoO+zOrG90qCcPj4hIPyXCYxzyId/ZzJJvx
E922c5bmuVOvhqpYz+M4ME8By0hYocvghwnHd/3i5XnkMnQ0TtVkir0kmiWsuz02
kdEIjM4sMCLV4OU+V/pBsvZftMCCKCkk+1IDeAp8dzoYPYYGN9+ZvmD4eidGn7SC
g0LCsk8NHUPBJpKI5EnnqOzQjIIBbaeCILHf6jntk20ZBYbs3YzfNxoZyAzDn/pB
b9qnMCsZctKCqI6xss3UnAykvqXdgCdStdF0+EECrTwCrMz/8mrVuNvqU4JRDbAu
3P0vR+Y9zA3H+087xgxxE89mgE9Kyoccut1LhTx4ex27ZgcYa2nM+gS+k+e7yVYg
gOJTfNmN1769iwmNl7JVPJo3wbVoZiE47CiLDAeETdDv4Tde39iRGEES06X7xC7Q
J8ZghDgZJ3dem79jlhaRgyuHBb/lL81ZIe8KkSDNi+jhoIWrDXY7VFHQmZK9LTO7
hLg4QOwDAquDOxOp2USj
=L5fS
-----END PGP SIGNATURE-----

You can verify a signature like so;

Code:
$ echo "-----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> test
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBAgAGBQJWr+yNAAoJEI3wdmBigSBrnvMQAIuhoYHgv4QvSy4J1IIEv6Dh
> eYeSNj6TBNs7SFiEMvkgpkeWXrXSl4oZodsxc22xvsT2S7Ynr+s8Md5uhrZ7rJ1b
> gi6WIKyMpiEoPa8peNXYpaD6K7o/j3zBLCRbrFF0AxtcVrvERORxnaBxW0ELY9Hy
> u1T+NYmwx49cSWMj26CFyi3S7Hg2cHoO+zOrG90qCcPj4hIPyXCYxzyId/ZzJJvx
> E922c5bmuVOvhqpYz+M4ME8By0hYocvghwnHd/3i5XnkMnQ0TtVkir0kmiWsuz02
> kdEIjM4sMCLV4OU+V/pBsvZftMCCKCkk+1IDeAp8dzoYPYYGN9+ZvmD4eidGn7SC
> g0LCsk8NHUPBJpKI5EnnqOzQjIIBbaeCILHf6jntk20ZBYbs3YzfNxoZyAzDn/pB
> b9qnMCsZctKCqI6xss3UnAykvqXdgCdStdF0+EECrTwCrMz/8mrVuNvqU4JRDbAu
> 3P0vR+Y9zA3H+087xgxxE89mgE9Kyoccut1LhTx4ex27ZgcYa2nM+gS+k+e7yVYg
> gOJTfNmN1769iwmNl7JVPJo3wbVoZiE47CiLDAeETdDv4Tde39iRGEES06X7xC7Q
> J8ZghDgZJ3dem79jlhaRgyuHBb/lL81ZIe8KkSDNi+jhoIWrDXY7VFHQmZK9LTO7
> hLg4QOwDAquDOxOp2USj
> =L5fS
> -----END PGP SIGNATURE-----
> " | gpg --verify
gpg: Signature made Mon 01 Feb 2016 07:38:53 PM AST using RSA key ID 6281206B
gpg: Good signature from "XXIII (crowedwg2kbyeyhs.onion) <support@keyscrow.com>"

For a more in depth guide, check out: https://www.gnupg.org/gph/en/manual/book1.html
SebastianJu
Legendary
*
Offline Offline

Activity: 2674
Merit: 1083


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
February 02, 2016, 03:43:20 AM
 #369

Hey, I have a question for the more reputable escrow providers:

What implications, if any, would arise from including one of you as a co-signer for keysCrow (see sig)? It would allow for 2-of-4 and 2-of-5 edit: 2-of-N is insecure, I realize now. But, the users could still choose their arbiter and use their public key in the multisig addresses, while still allowing minimal intervention from any of the co-signers. All we would need is your P2SH public key.

Let me know what you think, I'm strongly considering asking someone or two.

Grtthegreat was discussing such an escrow network on this thread: https://bitcointalk.org/index.php?topic=1308670

Including all the implications.

And someone was asking me if i would want to offer my escrow service on another platform.

The problem with other websites is that it is an additional layer you have to trust. And the escrow most probably takes the highest risk, since when the website scams it is not far fetched that the traders might try to get his coins back from the escrow.

What i mean, a secure communication is needed. But even when there is a way to communicate encrypted on that site only to establish a trade... how can an escrow really be sure that the encryption is safe? That it is impossible to change the content written or impersonate the escrow.

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
SebastianJu
Legendary
*
Offline Offline

Activity: 2674
Merit: 1083


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
February 02, 2016, 03:57:01 AM
 #370

Thanks for trusting me and suggesting me. Smiley



I think Bitpop is doing a great job nowadays and all his escrows are done securely on Bitrated.
So he can be included on Big 5.
Or you may add a pole to this thread to see who votes whom.

In general it will be nicer if every escrowers start escrowing through multi-signature bitcoin addresses.
That way no scams can be possible.

Though multi-sig needs a bit of knowledge for the trading partners too and most want to avoid that.

In all this time i was asked for this so seldom that it never came to the point that it was used. I take part in discussions about this but the reality simply is that demand seems so low that at the end no trading partner is interested.

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
SebastianJu
Legendary
*
Offline Offline

Activity: 2674
Merit: 1083


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
February 02, 2016, 04:06:29 AM
Last edit: February 02, 2016, 04:35:47 AM by SebastianJu
 #371

-snip-

Only two points for the stats... bitpops high count for online time reminds me on dogies time: https://bitcointalk.org/index.php?action=profile;u=87869;sa=statPanel

He once claimed that he is practically online 24 hours, but not really online but instead he uses a software to check his inbox or some other stats for him. So it looks like he is online all the time. Might be, since bitpop has an even higher online time, that he has a similar script running.

When i think about it, 800 days are 24 hour days. That would mean staying online for 2 years 365 days per year 24 hours per day. Surely a script is running.

And last active, sure, it's not possible to be on here all the time and it depends on the timezone the escrow is living in since a snapshot of these times might be nighttime for some escrows.

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
-XXIII-
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
February 02, 2016, 04:13:29 AM
 #372

Grtthegreat was discussing such an escrow network on this thread: https://bitcointalk.org/index.php?topic=1308670
Including all the implications.

Correct me if I'm wrong, but that read more like a guide to create 2-of-N multisig, while proposing trusted escrow providers coordinate future escrows? The thread has been inactive for a month, and keysCrow is nearing completion to allow third party dispute arbiters.  If a trusted escrow provider joins us, their public key would be used to create multisig addresses, and they would only be contact in the event of a dispute.

The problem with other websites is that it is an additional layer you have to trust. And the escrow most probably takes the highest risk, since when the website scams it is not far fetched that the traders might try to get his coins back from the escrow.

This is true, and hopefully we have provided everything needed to establish that trust, including redeemScript to verify. I was under the impression that multisig is an effective method of thwarting scams by the involved parties? Please remember that keysCrow will not automatically build nor sign rawtransactions.

What i mean, a secure communication is needed. But even when there is a way to communicate encrypted on that site only to establish a trade... how can an escrow really be sure that the encryption is safe? That it is impossible to change the content written or impersonate the escrow.

Users don't have to contact us to establish trade contracts, hence the anonymous boast. Multisig doesn't require the arbiter to sign and broadcast transactions, unless there is a dispute; as the definition of arbiter is synonymous with 'judge'. Secure communication is enabled by our users as long as they provide us their PGP key, all outgoing email from the server to them will be encrypted. We maintain this encryption for any manually written messages as well.
SebastianJu
Legendary
*
Offline Offline

Activity: 2674
Merit: 1083


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
February 02, 2016, 04:34:01 AM
 #373

Grtthegreat was discussing such an escrow network on this thread: https://bitcointalk.org/index.php?topic=1308670
Including all the implications.

Correct me if I'm wrong, but that read more like a guide to create 2-of-N multisig, while proposing trusted escrow providers coordinate future escrows? The thread has been inactive for a month, and keysCrow is nearing completion to allow third party dispute arbiters.  If a trusted escrow provider joins us, their public key would be used to create multisig addresses, and they would only be contact in the event of a dispute.

At the end it was decided that 2 of N would be too insecure.

Only contacted in case of dispute? I think that might not be sufficient. It happens alot that you have to give tips on how a trade can be secured so that in case of a dispute the escrow will be able at all to find out the truth. Traders would do errors often otherwise.

The problem with other websites is that it is an additional layer you have to trust. And the escrow most probably takes the highest risk, since when the website scams it is not far fetched that the traders might try to get his coins back from the escrow.

This is true, and hopefully we have provided everything needed to establish that trust, including redeemScript to verify. I was under the impression that multisig is an effective method of thwarting scams by the involved parties? Please remember that keysCrow will not automatically build nor sign rawtransactions.

I only know that traders don't really like to work much. For example, a newbie reads verify signature, don't know what it is, overreads it... the deal moves on anyway. So if the website would, i only point out potential risk, present a wrong signature containing a false bitcoin address then the escrow would only realize after everything is broken already. A site could even run normally but once the volume is high they might start to replace with their own addresses. It will be rare that a trader will check a signature.

What i mean, a secure communication is needed. But even when there is a way to communicate encrypted on that site only to establish a trade... how can an escrow really be sure that the encryption is safe? That it is impossible to change the content written or impersonate the escrow.

Users don't have to contact us to establish trade contracts, hence the anonymous boast. Multisig doesn't require the arbiter to sign and broadcast transactions, unless there is a dispute; as the definition of arbiter is synonymous with 'judge'. Secure communication is enabled by our users as long as they provide us their PGP key, all outgoing email from the server to them will be encrypted. We maintain this encryption for any manually written messages as well.

Ok, then the escrow would only get involved in case of dispute. Still i would be unsure if, for example, if my public key is used all the time.

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
-XXIII-
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
February 02, 2016, 05:05:40 AM
Last edit: February 02, 2016, 06:01:17 AM by -XXIII-
 #374

Quote from: SebastianJu
At the end it was decided that 2 of N would be too insecure.
Quote from: SebastianJu
Ok, then the escrow would only get involved in case of dispute. Still i would be unsure if, for example, if my public key is used all the time.
yes, 2-of-N is insecure, which is why we limit it to 2-of-4, with the fourth being the random server keys generated. I'm afraid I don't see the concern with reusing arbiter public keys, especially when no two multisig addresses we make are be the same.

Quote from: SebastianJu
Only contacted in case of dispute? I think that might not be sufficient. It happens alot that you have to give tips on how a trade can be secured so that in case of a dispute the escrow will be able at all to find out the truth. Traders would do errors often otherwise.
Quote from: SebastianJu
I only know that traders don't really like to work much. For example, a newbie reads verify signature, don't know what it is, overreads it... the deal moves on anyway.
You do kind of got me there, keysCrow isn't exactly built for newbies, but we who are running it aren't either. I can only imagine the people who need this kind of service already know how to sign and broadcast transactions, presumably merchants, so we've created a system to deliver the random private key to them, the bitcoin recipient, so they may sign their own transactions out of multisig. This is actioned by the btc sender. Having less functionality available may also allow arbiters to reap more donations from support tickets on general help issues.

Quote from: SebastianJu
So if the website would, i only point out potential risk, present a wrong signature containing a false bitcoin address then the escrow would only realize after everything is broken already. A site could even run normally but once the volume is high they might start to replace with their own addresses. It will be rare that a trader will check a signature.
Again, keysCrow does not sign nor broadcast transactions automatically, and the software creating multisig addresses is highly reputable and widely used. There's no doubting that this doesn't exempt it from any bugs, but we're always writing code (except weekends) and will respond to all concerns within a reasonable timeframe. Hopefully the 2-of-4 solves the ol-switcheroo trick of changing the deposit address, unless people stop checking redeemScripts.
SebastianJu
Legendary
*
Offline Offline

Activity: 2674
Merit: 1083


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
February 02, 2016, 06:01:39 AM
 #375

Quote from: SebastianJu
At the end it was decided that 2 of N would be too insecure.
Quote from: SebastianJu
Ok, then the escrow would only get involved in case of dispute. Still i would be unsure if, for example, if my public key is used all the time.
yes, 2-of-N is insecure, which is why we limit it to 2-of-4, with the fourth being the random server keys generated. This also solves the reusing arbiter public keys, as no two multisig addresses would be the same.

How can raising the second number increase security? I think it would decrease security because 2 of 4 means, i think, that 2 out of 4 users are needed to free the bitcoins. If you need 2 out of 40 then the chance of scam is very high. If you need 4 out of 4 then it would be very secure but it one of them dies then the coins are dead too.

Quote from: SebastianJu
Only contacted in case of dispute? I think that might not be sufficient. It happens alot that you have to give tips on how a trade can be secured so that in case of a dispute the escrow will be able at all to find out the truth. Traders would do errors often otherwise.
Quote from: SebastianJu
I only know that traders don't really like to work much. For example, a newbie reads verify signature, don't know what it is, overreads it... the deal moves on anyway.
You do kind of got me there, keysCrow isn't exactly built for newbies, but we who are running it aren't either. I can only imagine the people who need this kind of service already know how to sign and broadcast transactions, presumably merchants, so we've created a system to deliver the random private key to them, the bitcoin recipient, so they may sign their own transactions out of multisig. This is actioned by the btc sender. Having less functionality available may also allow arbiters to reap more donations from support tickets on general help issues.

Merchants might already have established enough trust to not having to care about escrow anymore. But if they do then an automated system looks faster.

Quote from: SebastianJu
So if the website would, i only point out potential risk, present a wrong signature containing a false bitcoin address then the escrow would only realize after everything is broken already. A site could even run normally but once the volume is high they might start to replace with their own addresses. It will be rare that a trader will check a signature.
Again, keysCrow does not sign nor broadcast transactions automatically, and the software creating multisig addresses is highly reputable and widely used. There's no doubting that this doesn't exempt it from any bugs, but we're always writing code (except weekends) and will respond to all concerns within a reasonable timeframe. Hopefully the 2-of-4 solves the ol-switcheroo trick of changing the deposit address, unless people stop checking redeemScripts.

Well if you handle experienced users then there might be no problem, or let's say there still can when they have to do it often and don't want to care about checking a signature out.

What i meant is no error or broadcasting but instead giving a wrong key to the buyer. The key will create a bitcoin address the site owner controls. So no error but manual change in code for purpose of scamming would be possible.

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
-XXIII-
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
February 02, 2016, 10:55:50 AM
Last edit: February 02, 2016, 12:40:34 PM by -XXIII-
 #376

Quote from: SebastianJu
How can raising the second number increase security?
Quote from: SebastianJu
The key will create a bitcoin address the site owner controls. So no error but manual change in code for purpose of scamming would be possible.
I think you misunderstood: not 'raises security', we understand 2-of-N's vulnerabilities and are limiting N to 4. We believe 2-of-4 provides added securites while limiting the risk involved. With 2-of-4, by your example, if someone dies then the coins wouldn't die, or if the site effs-off then there will still be 3 legit parties. If we only offered 2-of-3, people could reuse their keys, generating reused multisig addresses (as you know, three keys will always create the same multisig address). The fourth key is the random server private key.

Quote from: SebastianJu
Merchants might already have established enough trust to not having to care about escrow anymore. But if they do then an automated system looks faster.
There are faster and more user friendly systems available, however keysCrow was built to give our users the control over their transactions they deserve. Not automatically doing things for users gives them piece of mind of knowing exactly where their Bitcoin is going. What if the site begins to create faulty rawtransactions or changing destination addresses? This prevents that scenario.
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
February 02, 2016, 07:48:56 PM
 #377

I'm thinking of no longer doing manual escrows and only using bitrated. I don't have time for the all the communication. I only want to do something if there's a dispute. I'll have bitrated auto accept.

If you guys want me on the big 5, I'm willing to do bitrated only, flat fee of 0.002 and disputes are 1%. Actually I'm about to make this my policy anyway.

Ok new policy https://bitcointalk.org/index.php?topic=231416.0

Please update my listing to .002.

SebastianJu
Legendary
*
Offline Offline

Activity: 2674
Merit: 1083


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
February 03, 2016, 11:07:28 PM
 #378

Quote from: SebastianJu
How can raising the second number increase security?
Quote from: SebastianJu
The key will create a bitcoin address the site owner controls. So no error but manual change in code for purpose of scamming would be possible.
I think you misunderstood: not 'raises security', we understand 2-of-N's vulnerabilities and are limiting N to 4. We believe 2-of-4 provides added securites while limiting the risk involved. With 2-of-4, by your example, if someone dies then the coins wouldn't die, or if the site effs-off then there will still be 3 legit parties. If we only offered 2-of-3, people could reuse their keys, generating reused multisig addresses (as you know, three keys will always create the same multisig address). The fourth key is the random server private key.

I didn't know 2 of 3 would create always the same multisig address, though when i think about it it makes sense. I somehow awaited a random factor like with mnemonic phrases for wallets. Though makes sense.

But what i meant with lowering security is that the lower the first number and the higher the last number the higher the chance of a possible scam happening.

For example 2 of 4... it only needs a corrupt escrow who comes out as a trader and trades. Then one person has the power to release the coins. 3 of four would be more safe then since it will be harder and harder to impersonate more parties.

By the way, when will the server give his key? The one controlling the server might be one of the involved parties too.

And the higher the last number the higher the chance that 2 are the same person again.

Quote from: SebastianJu
Merchants might already have established enough trust to not having to care about escrow anymore. But if they do then an automated system looks faster.
There are faster and more user friendly systems available, however keysCrow was built to give our users the control over their transactions they deserve. Not automatically doing things for users gives them piece of mind of knowing exactly where their Bitcoin is going. What if the site begins to create faulty rawtransactions or changing destination addresses? This prevents that scenario.

Yeah, for some shops a buyer really would prefer protection. Though i think that the merchant needs to offer it first. I mean the merchant would agree that he only gets his payment after the buyer receives the goods. That surely is not for every merchant.

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
-XXIII-
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
February 04, 2016, 01:44:58 AM
Last edit: February 04, 2016, 04:25:48 AM by -XXIII-
 #379

For example 2 of 4... it only needs a corrupt escrow who comes out as a trader and trades. Then one person has the power to release the coins. 3 of four would be more safe then since it will be harder and harder to impersonate more parties.

By the way, when will the server give his key? The one controlling the server might be one of the involved parties too.

And the higher the last number the higher the chance that 2 are the same person again.

I knew 2-of-4 would be a focus point for security, and there's no denying the vulnerability involved with 2-of-4, a risk that is minute in comparison to that of trusting one person with 100% access to escrow funds.

I see most of the escrow service providers offer 1-of-1 escrow, which I don't have to explain the heightened risk involved here. We offer 2-of-3, and 2-of-4, more than what most multisig escrow providers can say. While fraud via collusion is possible, I want to point out how it's impossible for the site owner to 'run off' with everyones coins when they are in 2-of-3/4 multisig.

While 2-of-4 does have a small risk of theft, the benefits outweigh the risk in my opinion.

For example, if a dispute arises, and neither party can come to an agreement, the arbiter still has the power to finalize the transaction by involving keysCrow to help sign-off on the 50/50 split. With 2-of-3 and 3-of-4, this is impossible. Additionally, 3-of-4 would require manual intervention for every transaction to be finalized, more involvement from our arbiters than what we envisioned for keysCrow.

I'd like to stress the point: keysCrow is not full-service escrow: which means we don't "release funds on demand" (ie: sign/send rawtx). We create multisig addresses, and only get involved to provide support for transaction disputes.
SebastianJu
Legendary
*
Offline Offline

Activity: 2674
Merit: 1083


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
February 04, 2016, 11:37:53 AM
 #380

I'm thinking of no longer doing manual escrows and only using bitrated. I don't have time for the all the communication. I only want to do something if there's a dispute. I'll have bitrated auto accept.

You might think over that autoaccept. You surely did deny some trades on the forum manually. Or you would only have started an escrow when certain steps were done before in order to allow yourself to be able to handle a dispute.

So since you never know what traders come up with on bitrated then you might get into a not so nice situation.

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [19] 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!