Hi,
I like to suggest adding oniontip.com to the "Donate" section on the tor website. It's a nice possibility to help the Relay-Oerators.
Have a nice day.
Sebastian Urbach:
Hi,
I like to suggest adding oniontip.com to the "Donate" section on the tor website. It's a nice possibility to help the Relay-Oerators.
While I think OnionTip is awesome, I'm a little concerned about its apparently built-in lack of external auditability. Why is it generating one-time use Bitcoin addresses, for example?
If it is for key material protection reasons, why can't these one-time addresses flow through a single more protected address, that is easy to verify that it is performing as expected?
Amusingly, I'm perhaps the most vocal critic about the public visibility of bitcoin transactions on our lists, but in this case, it would provide a clean audit trail for the service, which is already mostly public anyway, at least on the output side. And the input side is the responsibility of the user to keep private with proper address use and/or mixes, at least in the Bitcoin world as it is today.
While I'm at it, I have a couple wishlist items for this thing. I don't think these are blockers to recommending the service as much as auditability is, but they sure would be cool:
1. It should allow me to select if I want to donate only to nodes that have the Exit flag. Running an exit is way more involved (and often more expensive) than running a normal node, and I think it would be good to give folks the option to target their donation in this way. And perhaps encourage it as the default donation mode.
2. It also already seems to have GeoIP information, at least on the country level. There are all sorts of interesting selectors that could be done with this. You could donate to relays in countries in inverse proportion to the number of relays they have, to encourage jurisdictional diversity, for example. Or more simply, just pick a country. This one is admittedly less cool and more complicated to figure out than just the Exit vs non-exit thing, though. (Do you also weight countries per-capita? Per internet user? Per Tor user? etc).
In my opinion, each of these breakout options should have their own dedicated (intermediate/flow-through?) BTC address, so it is possible to perform auditing for each of them using only the blockchain.
* on the Thu, Aug 28, 2014 at 08:31:36PM -0700, Mike Perry wrote:
- It should allow me to select if I want to donate only to nodes that
have the Exit flag. Running an exit is way more involved (and often more expensive) than running a normal node, and I think it would be good to give folks the option to target their donation in this way. And perhaps encourage it as the default donation mode.
- It also already seems to have GeoIP information, at least on the
country level. There are all sorts of interesting selectors that could be done with this. You could donate to relays in countries in inverse proportion to the number of relays they have, to encourage jurisdictional diversity, for example. Or more simply, just pick a country. This one is admittedly less cool and more complicated to figure out than just the Exit vs non-exit thing, though. (Do you also weight countries per-capita? Per internet user? Per Tor user? etc).
You already seem able to do stuff like, filter based on country and Exit status, and then donate only to those nodes that are listed.
Thanks everyone for all the feedback I've received about OnionTip. It was originally created in a rush during a hackathon so there is definitely room for improvement.
Mike Perry, as Mike Cardwell has said, it is currently possible to select a subset of relays to receive donations by using the filters (Country, Exit flag, Guard flag) at the the top of the OnionTip page. I'd like to expand these filters and maybe tweak the defaults to provide a greater share to exits. Exit bandwidth is more valuable to the network, and I believe it should be incentivised accordingly.
I completely agree that it's important the service and its payments are externally auditable. From an implementation point of view, when a user filters a particular set of relays and clicks the donate button, a new bitcoin keypair and address is derived and stored in the database along with the list of relays they've selected. Creating a new address for each donation is the simplest way of ensuring a users donation goes to the correct set of relays they select. Forwarding the donation directly from that one-time-use address to the receiving relay operators also allows the user to easily and immediately confirm on the blockchain that their donation was forwarded correctly.
From an external point of view, next week I'll add a page to the site where anyone can view all previously sent transactions. I'll also publish the master public key which corresponds to the addresses I'm generating along with a script to confirm they are being generated without any tricks.
There's a few other issues in the current implementation which I have outlined on the Github repo (https://github.com/DonnchaC/oniontip/issues). I'll send a post to the list early next week with my proposed solutions and and look for some feedback before I implement them.
Thanks again to everyone for the feedback and of course for donating to and supporting Tor relay operators.
Donncha
On Fri, 2014-08-29 at 10:02 +0100, Mike Cardwell wrote:
- on the Thu, Aug 28, 2014 at 08:31:36PM -0700, Mike Perry wrote:
- It should allow me to select if I want to donate only to nodes that
have the Exit flag. Running an exit is way more involved (and often more expensive) than running a normal node, and I think it would be good to give folks the option to target their donation in this way. And perhaps encourage it as the default donation mode.
- It also already seems to have GeoIP information, at least on the
country level. There are all sorts of interesting selectors that could be done with this. You could donate to relays in countries in inverse proportion to the number of relays they have, to encourage jurisdictional diversity, for example. Or more simply, just pick a country. This one is admittedly less cool and more complicated to figure out than just the Exit vs non-exit thing, though. (Do you also weight countries per-capita? Per internet user? Per Tor user? etc).
You already seem able to do stuff like, filter based on country and Exit status, and then donate only to those nodes that are listed.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Donncha O'Cearbhaill:
Thanks everyone for all the feedback I've received about OnionTip. It was originally created in a rush during a hackathon so there is definitely room for improvement.
Mike Perry, as Mike Cardwell has said, it is currently possible to select a subset of relays to receive donations by using the filters (Country, Exit flag, Guard flag) at the the top of the OnionTip page. I'd like to expand these filters and maybe tweak the defaults to provide a greater share to exits. Exit bandwidth is more valuable to the network, and I believe it should be incentivised accordingly.
Ah, it was in no way clear to me that I was actually restricting my donation to these nodes as opposed to just viewing them. I suppose I may be dense, but I expect many others will think similarly, especially since the UI for selection says "Only show ..." and not "Only donate to ...".
I completely agree that it's important the service and its payments are externally auditable. From an implementation point of view, when a user filters a particular set of relays and clicks the donate button, a new bitcoin keypair and address is derived and stored in the database along with the list of relays they've selected. Creating a new address for each donation is the simplest way of ensuring a users donation goes to the correct set of relays they select. Forwarding the donation directly from that one-time-use address to the receiving relay operators also allows the user to easily and immediately confirm on the blockchain that their donation was forwarded correctly.
Ah, I see. Ok. Makes sense.
From an external point of view, next week I'll add a page to the site where anyone can view all previously sent transactions. I'll also publish the master public key which corresponds to the addresses I'm generating along with a script to confirm they are being generated without any tricks.
Ok. I can't speak for everyone at Tor, but I think this kind of verifiability is what will make it much easier for us to agree to add a link to OnionTip on our donations page.
There's a few other issues in the current implementation which I have outlined on the Github repo (https://github.com/DonnchaC/oniontip/issues). I'll send a post to the list early next week with my proposed solutions and and look for some feedback before I implement them.
Great! Keep us in the loop.
tor-relays@lists.torproject.org
-
Donncha O'Cearbhaill -
Mike Cardwell -
Mike Perry -
Sebastian Urbach