So, https://oniontip.com is a great help for tor-relay runners We do need more donations imho Whoever made it, thank you
- Justaguy
My concern (which has been highlighted before by Mike Perry) is that the site lacks accountability and transparency. There is no way to verify the donations actually reach the operators.
-T
On 28/09/2014 00:33, justaguy wrote:
So, https://oniontip.com is a great help for tor-relay runners We do need more donations imho Whoever made it, thank you
- Justaguy
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Considering the operators opt in to the system via changing their contact info (by appending a bitcoin address) merely checking that the bitcoin donation go to those addresses would seem very easily verified. A site like blockchain.info allows you to track bitcoin flows from address information. -Jason
On 09/27/2014 11:36 PM, Thomas White wrote:
My concern (which has been highlighted before by Mike Perry) is that the site lacks accountability and transparency. There is no way to verify the donations actually reach the operators.
-T
On 28/09/2014 00:33, justaguy wrote:
So, https://oniontip.com is a great help for tor-relay runners We do need more donations imho Whoever made it, thank you
- Justaguy
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
The process is completely transparent. All Bitcoin transactions are viewable by the public on the Bitcoin blockchain. The Bitcoin addresses are posted by the relay operators themselves in their contact info on their relay. I can confirm that I receive donations made to the address I posted on my relay.
My relay: https://globe.torproject.org/#/relay/3C49A7D9BEBC668352F627CE60B1FE9B628DD2E...
Blockchain.info web page showing donations received to my address: http://blockchain.info/address/1GXZVChXoxgrBzqMsCrWGu2ua6VTKSH6U1
My concern (which has been highlighted before by Mike Perry) is that the site lacks accountability and transparency. There is no way to verify the donations actually reach the operators.
-T
On 28/09/2014 00:33, justaguy wrote:
So, https://oniontip.com is a great help for tor-relay runners We do need more donations imho Whoever made it, thank you
- Justaguy
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hmmm... appears to be have been upgraded since I last checked then (which was only a few weeks ago!). Nicely done oniontip. I stand corrected.
On 28/09/2014 03:28, Ed Carter wrote:
The process is completely transparent. All Bitcoin transactions are viewable by the public on the Bitcoin blockchain. The Bitcoin addresses are posted by the relay operators themselves in their contact info on their relay. I can confirm that I receive donations made to the address I posted on my relay.
My relay: https://globe.torproject.org/#/relay/3C49A7D9BEBC668352F627CE60B1FE9B628DD2E...
Blockchain.info web page showing donations received to my address: http://blockchain.info/address/1GXZVChXoxgrBzqMsCrWGu2ua6VTKSH6U1
My concern (which has been highlighted before by Mike Perry) is that the site lacks accountability and transparency. There is no way to verify the donations actually reach the operators.
-T
On 28/09/2014 00:33, justaguy wrote:
So, https://oniontip.com is a great help for tor-relay runners We do need more donations imho Whoever made it, thank you
- Justaguy _______________________________________________
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Thomas White:
Hmmm... appears to be have been upgraded since I last checked then (which was only a few weeks ago!). Nicely done oniontip. I stand corrected.
Well, my original ask was for everyone to be able to verify that all 12.36 BTC that oniontip has received (as of right now) has actually been distributed how the users have asked.
I suppose that since individual users can easily inspect that their donation has gone to the relays they selected (by looking at blockchain.info for their one-time use address), it is unlikely that the system will get away with cheating for long. But it is still hard for a new donor to tell if any other donors have been swindled recently, using simple blockchain inspection. They basically have to click around on the individual relay recipient keys to make sure everything looks legit.
This makes me nervous in terms of endorsement. I can easily see hundreds of users getting swindled before one of them suddenly realizes that there is an extra bitcoin address in their transactions that is not in the original relay list they selected, or that the actual bitcoin distribution was slightly different than what they selected. If all users could inspect all donations easily, this type of compromise would be found quicker.
Ideally, it would be possible to verify all of these questions (and many more) with only the blockchain. For instance, a comment in the bitcoin transaction could indicate the OnionTip options selected, and a single page on the website could allow us to view all donations to the system.
Beyond this, I think there are actually interesting sociological questions we could answer with easy access to the OnionTip donation data and option selection. I'm very curious how donors are choosing to distribute their Bitcoin to the relays.
For instance:
1. Is OnionTip encouraging the type of network diversity we want? Do we want to suggest changes to the default donation mode to encourage better diversity?
2. UI is still confusing to me. Is this UI causing people to prefer a certain type of donation over others, where they probably shouldn't?
a. Is anyone actually using the Guard or Exit filters? If not, this means my super-cheap and unreliable FDC middle node will probably get me more OnionTip donations than either a more stable Guard node, or a more hassle-prone Exit node. This seems like an undesirable way to incentivize relay operation. Is it happening? Or are most people selecting Guard+Exit?
b. Are people taking advantage of the country selection dialog? Are they doing it in a way that is favoring underrepresented countries? Or are people just choosing countries based on the next World Cup match, the current Olympic gold medal count leader, or some other crazy notion that seems to make little sense to network diversity?
3. What are big donors doing? Do they always select the default choice?
a. If so, we should think waaay harder about what this choice is.
b. If not, what do they want? Do they like specific or strange countries? Do they like countries with the fewest relays? With the lowest current bandwidth? With the best laws? Do we agree with their choices, and want to make it easier for other donors to make them too? Or should we be concerned, and try to encourage other behavior?
c. Maybe only big donors get scammed with extra BTC destination addresses or a different transaction entirely? How can I see if other recent big donors have been scammed?
On 28/09/2014 03:28, Ed Carter wrote:
The process is completely transparent. All Bitcoin transactions are viewable by the public on the Bitcoin blockchain. The Bitcoin addresses are posted by the relay operators themselves in their contact info on their relay. I can confirm that I receive donations made to the address I posted on my relay.
My relay: https://globe.torproject.org/#/relay/3C49A7D9BEBC668352F627CE60B1FE9B628DD2E...
Blockchain.info web page showing donations received to my address: http://blockchain.info/address/1GXZVChXoxgrBzqMsCrWGu2ua6VTKSH6U1
My concern (which has been highlighted before by Mike Perry) is that the site lacks accountability and transparency. There is no way to verify the donations actually reach the operators.
Thanks everyone for all the feedback. I'm delighted to see OnionTip is being used and that relay operators are getting some (usually token) appreciation.
Mike, I've taken on board all the feedback you gave to this list on 2nd September. I've just pushed some changes. There is now a listing of all previous transactions sent from OnionTip, their size and the number or relays they have selected to pay.[1]
The number of selected relays gives a rough indication of how many people are just paying the default (to all the relays) or are setting their own criteria.
I've also published a Python script to validate the transactions completely from the blockchain based on the seed I use to generate addresses [2].
I'm open to all suggests for a better distribution strategy. At the moment I definitely think the incentive is somewhat wrong when someone gets a much larger share by running a middle relay in a cheap bandwidth location than someone running a smaller exit in a geographical diversity location.
As most people seem to use the defaults, for a start I'm going to add an option so that Exits receive a premium on their bandwidth share by default (maybe 1.5-2x).
If there are any particular questions anyone has about the data or donations so far, I'm happy to pull the data from the DB and try to answer them. For one, I'm going to try find out how many relays had bitcoin address listed in their first day or two. Maybe it can give an indication how many new relay operators are being pulled in because of OnionTip.
Thanks again for all the feedback so far. I look forward to seeing what we can do to improve OnionTip, and to continue supporting the growth of the Tor network.
Regards, Donncha
[1] https://oniontip.com/transactions [2] https://github.com/DonnchaC/oniontip/blob/master/scripts/payment-check.py
On Sun, 2014-09-28 at 02:32 -0700, Mike Perry wrote:
Thomas White:
Hmmm... appears to be have been upgraded since I last checked then (which was only a few weeks ago!). Nicely done oniontip. I stand corrected.
Well, my original ask was for everyone to be able to verify that all 12.36 BTC that oniontip has received (as of right now) has actually been distributed how the users have asked.
I suppose that since individual users can easily inspect that their donation has gone to the relays they selected (by looking at blockchain.info for their one-time use address), it is unlikely that the system will get away with cheating for long. But it is still hard for a new donor to tell if any other donors have been swindled recently, using simple blockchain inspection. They basically have to click around on the individual relay recipient keys to make sure everything looks legit.
This makes me nervous in terms of endorsement. I can easily see hundreds of users getting swindled before one of them suddenly realizes that there is an extra bitcoin address in their transactions that is not in the original relay list they selected, or that the actual bitcoin distribution was slightly different than what they selected. If all users could inspect all donations easily, this type of compromise would be found quicker.
Ideally, it would be possible to verify all of these questions (and many more) with only the blockchain. For instance, a comment in the bitcoin transaction could indicate the OnionTip options selected, and a single page on the website could allow us to view all donations to the system.
Beyond this, I think there are actually interesting sociological questions we could answer with easy access to the OnionTip donation data and option selection. I'm very curious how donors are choosing to distribute their Bitcoin to the relays.
For instance:
Is OnionTip encouraging the type of network diversity we want? Do we want to suggest changes to the default donation mode to encourage better diversity?
UI is still confusing to me. Is this UI causing people to prefer a certain type of donation over others, where they probably shouldn't?
a. Is anyone actually using the Guard or Exit filters? If not, this means my super-cheap and unreliable FDC middle node will probably get me more OnionTip donations than either a more stable Guard node, or a more hassle-prone Exit node. This seems like an undesirable way to incentivize relay operation. Is it happening? Or are most people selecting Guard+Exit?
b. Are people taking advantage of the country selection dialog? Are they doing it in a way that is favoring underrepresented countries? Or are people just choosing countries based on the next World Cup match, the current Olympic gold medal count leader, or some other crazy notion that seems to make little sense to network diversity?
What are big donors doing? Do they always select the default choice?
a. If so, we should think waaay harder about what this choice is.
b. If not, what do they want? Do they like specific or strange countries? Do they like countries with the fewest relays? With the lowest current bandwidth? With the best laws? Do we agree with their choices, and want to make it easier for other donors to make them too? Or should we be concerned, and try to encourage other behavior?
c. Maybe only big donors get scammed with extra BTC destination addresses or a different transaction entirely? How can I see if other recent big donors have been scammed?
On 28/09/2014 03:28, Ed Carter wrote:
The process is completely transparent. All Bitcoin transactions are viewable by the public on the Bitcoin blockchain. The Bitcoin addresses are posted by the relay operators themselves in their contact info on their relay. I can confirm that I receive donations made to the address I posted on my relay.
My relay: https://globe.torproject.org/#/relay/3C49A7D9BEBC668352F627CE60B1FE9B628DD2E...
Blockchain.info web page showing donations received to my address: http://blockchain.info/address/1GXZVChXoxgrBzqMsCrWGu2ua6VTKSH6U1
My concern (which has been highlighted before by Mike Perry) is that the site lacks accountability and transparency. There is no way to verify the donations actually reach the operators.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Well I'm happy to see OnionTip, I think it's certainly better than the reimbursement approach which uses far too much paperwork and time etc. Having said this we need to increase adoption before people like myself step into the frame because the moment I bring in my exit cluster is the moment it will sap more than 50% of all donations and even more for exit donations. For now I am refraining from joining. My own finances can support my current cluster for several years assuming no further income or support and I appreciate this isn't the case with everyone, so it is best the donations went to them first.
If we wanted to support diversity, we could place some multipliers based on bandwidth probability? So for example, if the country of the relay is one of the top 10 countries it reduces the share of donation by 40%, places 11-20 reduced by 20% and then 21-30 receives 20% boost and 31+ receive 40% boost? If you've been following the topic in tor-dev about scaling Tor, diversity is very important and I feel oniontip may go some way to assisting that by providing incentives to diversify.
- -T
On 28/09/2014 15:03, Donncha O'Cearbhaill wrote:
Thanks everyone for all the feedback. I'm delighted to see OnionTip is being used and that relay operators are getting some (usually token) appreciation.
Mike, I've taken on board all the feedback you gave to this list on 2nd September. I've just pushed some changes. There is now a listing of all previous transactions sent from OnionTip, their size and the number or relays they have selected to pay.[1]
The number of selected relays gives a rough indication of how many people are just paying the default (to all the relays) or are setting their own criteria.
I've also published a Python script to validate the transactions completely from the blockchain based on the seed I use to generate addresses [2].
I'm open to all suggests for a better distribution strategy. At the moment I definitely think the incentive is somewhat wrong when someone gets a much larger share by running a middle relay in a cheap bandwidth location than someone running a smaller exit in a geographical diversity location.
As most people seem to use the defaults, for a start I'm going to add an option so that Exits receive a premium on their bandwidth share by default (maybe 1.5-2x).
If there are any particular questions anyone has about the data or donations so far, I'm happy to pull the data from the DB and try to answer them. For one, I'm going to try find out how many relays had bitcoin address listed in their first day or two. Maybe it can give an indication how many new relay operators are being pulled in because of OnionTip.
Thanks again for all the feedback so far. I look forward to seeing what we can do to improve OnionTip, and to continue supporting the growth of the Tor network.
Regards, Donncha
[1] https://oniontip.com/transactions [2] https://github.com/DonnchaC/oniontip/blob/master/scripts/payment-check.py
On Sun, 2014-09-28 at 02:32 -0700, Mike Perry wrote:
Thomas White:
Hmmm... appears to be have been upgraded since I last checked then (which was only a few weeks ago!). Nicely done oniontip. I stand corrected.
Well, my original ask was for everyone to be able to verify that all 12.36 BTC that oniontip has received (as of right now) has actually been distributed how the users have asked.
I suppose that since individual users can easily inspect that their donation has gone to the relays they selected (by looking at blockchain.info for their one-time use address), it is unlikely that the system will get away with cheating for long. But it is still hard for a new donor to tell if any other donors have been swindled recently, using simple blockchain inspection. They basically have to click around on the individual relay recipient keys to make sure everything looks legit.
This makes me nervous in terms of endorsement. I can easily see hundreds of users getting swindled before one of them suddenly realizes that there is an extra bitcoin address in their transactions that is not in the original relay list they selected, or that the actual bitcoin distribution was slightly different than what they selected. If all users could inspect all donations easily, this type of compromise would be found quicker.
Ideally, it would be possible to verify all of these questions (and many more) with only the blockchain. For instance, a comment in the bitcoin transaction could indicate the OnionTip options selected, and a single page on the website could allow us to view all donations to the system.
Beyond this, I think there are actually interesting sociological questions we could answer with easy access to the OnionTip donation data and option selection. I'm very curious how donors are choosing to distribute their Bitcoin to the relays.
For instance:
- Is OnionTip encouraging the type of network diversity we want?
Do we want to suggest changes to the default donation mode to encourage better diversity?
- UI is still confusing to me. Is this UI causing people to
prefer a certain type of donation over others, where they probably shouldn't?
a. Is anyone actually using the Guard or Exit filters? If not, this means my super-cheap and unreliable FDC middle node will probably get me more OnionTip donations than either a more stable Guard node, or a more hassle-prone Exit node. This seems like an undesirable way to incentivize relay operation. Is it happening? Or are most people selecting Guard+Exit?
b. Are people taking advantage of the country selection dialog? Are they doing it in a way that is favoring underrepresented countries? Or are people just choosing countries based on the next World Cup match, the current Olympic gold medal count leader, or some other crazy notion that seems to make little sense to network diversity?
- What are big donors doing? Do they always select the default
choice?
a. If so, we should think waaay harder about what this choice is.
b. If not, what do they want? Do they like specific or strange countries? Do they like countries with the fewest relays? With the lowest current bandwidth? With the best laws? Do we agree with their choices, and want to make it easier for other donors to make them too? Or should we be concerned, and try to encourage other behavior?
c. Maybe only big donors get scammed with extra BTC destination addresses or a different transaction entirely? How can I see if other recent big donors have been scammed?
On 28/09/2014 03:28, Ed Carter wrote:
The process is completely transparent. All Bitcoin transactions are viewable by the public on the Bitcoin blockchain. The Bitcoin addresses are posted by the relay operators themselves in their contact info on their relay. I can confirm that I receive donations made to the address I posted on my relay.
My relay: https://globe.torproject.org/#/relay/3C49A7D9BEBC668352F627CE60B1FE9B628DD2E...
Blockchain.info web page showing donations received to my
address: http://blockchain.info/address/1GXZVChXoxgrBzqMsCrWGu2ua6VTKSH6U1
My concern (which has been highlighted before by Mike Perry) is
that the site lacks accountability and transparency. There is no way to verify the donations actually reach the operators.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Donncha O'Cearbhaill:
Thanks everyone for all the feedback. I'm delighted to see OnionTip is being used and that relay operators are getting some (usually token) appreciation.
Mike, I've taken on board all the feedback you gave to this list on 2nd September. I've just pushed some changes. There is now a listing of all previous transactions sent from OnionTip, their size and the number or relays they have selected to pay.[1]
The number of selected relays gives a rough indication of how many people are just paying the default (to all the relays) or are setting their own criteria.
I've also published a Python script to validate the transactions completely from the blockchain based on the seed I use to generate addresses [2].
I'm open to all suggests for a better distribution strategy. At the moment I definitely think the incentive is somewhat wrong when someone gets a much larger share by running a middle relay in a cheap bandwidth location than someone running a smaller exit in a geographical diversity location.
As most people seem to use the defaults, for a start I'm going to add an option so that Exits receive a premium on their bandwidth share by default (maybe 1.5-2x).
If there are any particular questions anyone has about the data or donations so far, I'm happy to pull the data from the DB and try to answer them. For one, I'm going to try find out how many relays had bitcoin address listed in their first day or two. Maybe it can give an indication how many new relay operators are being pulled in because of OnionTip.
Thanks again for all the feedback so far. I look forward to seeing what we can do to improve OnionTip, and to continue supporting the growth of the Tor network.
Regards, Donncha
[1] https://oniontip.com/transactions [2] https://github.com/DonnchaC/oniontip/blob/master/scripts/payment-check.py
Thank you for publishing these scripts!
I think the most important thing right now is for us to be able to easily tell what the system is doing, and I think you have done that.
As for what the default *should* be, I think we may want to think about that for a bit depending on what we think we want to encourage in the network. If we get an idea as to if Exits are actually more expensive to run than non-Exits, we can use that to guide these bonuses.
Thanks a lot for OnionTip! It's now got my vote for inclusion on the Tor donations page!
On Sun, 2014-09-28 at 02:32 -0700, Mike Perry wrote:
Thomas White:
Hmmm... appears to be have been upgraded since I last checked then (which was only a few weeks ago!). Nicely done oniontip. I stand corrected.
Well, my original ask was for everyone to be able to verify that all 12.36 BTC that oniontip has received (as of right now) has actually been distributed how the users have asked.
I suppose that since individual users can easily inspect that their donation has gone to the relays they selected (by looking at blockchain.info for their one-time use address), it is unlikely that the system will get away with cheating for long. But it is still hard for a new donor to tell if any other donors have been swindled recently, using simple blockchain inspection. They basically have to click around on the individual relay recipient keys to make sure everything looks legit.
This makes me nervous in terms of endorsement. I can easily see hundreds of users getting swindled before one of them suddenly realizes that there is an extra bitcoin address in their transactions that is not in the original relay list they selected, or that the actual bitcoin distribution was slightly different than what they selected. If all users could inspect all donations easily, this type of compromise would be found quicker.
Ideally, it would be possible to verify all of these questions (and many more) with only the blockchain. For instance, a comment in the bitcoin transaction could indicate the OnionTip options selected, and a single page on the website could allow us to view all donations to the system.
Beyond this, I think there are actually interesting sociological questions we could answer with easy access to the OnionTip donation data and option selection. I'm very curious how donors are choosing to distribute their Bitcoin to the relays.
For instance:
Is OnionTip encouraging the type of network diversity we want? Do we want to suggest changes to the default donation mode to encourage better diversity?
UI is still confusing to me. Is this UI causing people to prefer a certain type of donation over others, where they probably shouldn't?
a. Is anyone actually using the Guard or Exit filters? If not, this means my super-cheap and unreliable FDC middle node will probably get me more OnionTip donations than either a more stable Guard node, or a more hassle-prone Exit node. This seems like an undesirable way to incentivize relay operation. Is it happening? Or are most people selecting Guard+Exit?
b. Are people taking advantage of the country selection dialog? Are they doing it in a way that is favoring underrepresented countries? Or are people just choosing countries based on the next World Cup match, the current Olympic gold medal count leader, or some other crazy notion that seems to make little sense to network diversity?
What are big donors doing? Do they always select the default choice?
a. If so, we should think waaay harder about what this choice is.
b. If not, what do they want? Do they like specific or strange countries? Do they like countries with the fewest relays? With the lowest current bandwidth? With the best laws? Do we agree with their choices, and want to make it easier for other donors to make them too? Or should we be concerned, and try to encourage other behavior?
c. Maybe only big donors get scammed with extra BTC destination addresses or a different transaction entirely? How can I see if other recent big donors have been scammed?
On 28/09/2014 03:28, Ed Carter wrote:
The process is completely transparent. All Bitcoin transactions are viewable by the public on the Bitcoin blockchain. The Bitcoin addresses are posted by the relay operators themselves in their contact info on their relay. I can confirm that I receive donations made to the address I posted on my relay.
My relay: https://globe.torproject.org/#/relay/3C49A7D9BEBC668352F627CE60B1FE9B628DD2E...
Blockchain.info web page showing donations received to my address: http://blockchain.info/address/1GXZVChXoxgrBzqMsCrWGu2ua6VTKSH6U1
My concern (which has been highlighted before by Mike Perry) is that the site lacks accountability and transparency. There is no way to verify the donations actually reach the operators.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- PGP: 7EFB DDE8 FD21 11AE A7BE 1AA6 3B0D 706A 7FBF ED86
This e-mail should be PGP signed, which allows you to verify its authenticity. If it isn't, it may be fake. Check with me! Feel free to encrypt anything you send to me using my key.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Mike Perry transcribed 6.0K bytes:
Thomas White:
Hmmm... appears to be have been upgraded since I last checked then (which was only a few weeks ago!). Nicely done oniontip. I stand corrected.
Well, my original ask was for everyone to be able to verify that all 12.36 BTC that oniontip has received (as of right now) has actually been distributed how the users have asked.
Mike Perry and I took a look at the Oniontip codebase this afternoon. The primary concern was with respect to the `ONIONTIP_BITCOIN_PUBLIC_SEED` in your payment verification script, [0] which is passed to the `bitcoin.electrum_address()` function. [1]
The `bitcoin.electrum_address()` function is meant to take what they call a "masterkey". [2] (Check out that `crack_electrum_wallet()` function right beneath it!) It appears as if `electrum_address()` is merely a thin wrapper around `electrum_pubkey()` [3] which generates a new private key with the incremented counter, concatenating it with the "masterkey", taking the sha256 of that, and then generating the key by doing a (really crappily implemented, IMO) elliptic curve scalar multiplication of the (public, in the `bitcoin` module source code [4]) group generator times the private key, then shoving it into `privkey_to_pubkey()` to get the address. [5] Because all of these one-way functions are computable if one knows the original "masterkey" plus the incremented counter, this means that anyone who knows the `ONIONTIP_BITCOIN_PUBLIC_SEED` can generate all your private keys.
If you plan to keep using that Electrum API, you should regenerate that `ONIONTIP_BITCOIN_PUBLIC_SEED` and keep it secret.
[0]: https://github.com/DonnchaC/oniontip/blob/master/scripts/payment-check.py#L1... [1]: https://github.com/DonnchaC/oniontip/blob/master/scripts/payment-check.py#L3... [2]: https://github.com/vbuterin/pybitcointools/blob/fa9856fede9e601c4b9f5ed75f11... [3]: https://github.com/vbuterin/pybitcointools/blob/fa9856fede9e601c4b9f5ed75f11... [4]: https://github.com/vbuterin/pybitcointools/blob/master/bitcoin/main.py#L20 [5]: https://github.com/vbuterin/pybitcointools/blob/master/bitcoin/main.py#L342
Thomas White thomaswhite@riseup.net writes:
My concern (which has been highlighted before by Mike Perry) is that the site lacks accountability and transparency. There is no way to verify the donations actually reach the operators.
-T
Also, I think that oniontip is using Onionoo to get relay probabilities.
Hence, theoritecally, Onionoo is a single point of a failure that can control the donation percentages. I don't think this is a huge problem but just saying :)
On 28/09/14 16:00, George Kadianakis wrote:
Thomas White thomaswhite@riseup.net writes:
My concern (which has been highlighted before by Mike Perry) is that the site lacks accountability and transparency. There is no way to verify the donations actually reach the operators.
-T
Also, I think that oniontip is using Onionoo to get relay probabilities.
Hence, theoritecally, Onionoo is a single point of a failure that can control the donation percentages. I don't think this is a huge problem but just saying :)
Speaking of, we're looking for hosting for a second Onionoo instance. It would be set up and maintained by iwakeh, cc'ed, who recently contributed some great patches to Onionoo. If somebody has a spare server with 0.5 to 1TB disk space and 8 or 16GB RAM and reasonable CPU and connectivity, please let me know. We'd be happy to add a mirrors section to the Onionoo project page and credit the friendly sponsor.
All the best, Karsten
I have a server that can be used but I'd rather not personally maintain it so if somebody can manage it, I can provide the hardware & connection.
-T
On 28/09/2014 18:24, Karsten Loesing wrote:
On 28/09/14 16:00, George Kadianakis wrote:
Thomas White thomaswhite@riseup.net writes:
My concern (which has been highlighted before by Mike Perry) is that the site lacks accountability and transparency. There is no way to verify the donations actually reach the operators.
-T
Also, I think that oniontip is using Onionoo to get relay probabilities.
Hence, theoritecally, Onionoo is a single point of a failure that can control the donation percentages. I don't think this is a huge problem but just saying :)
Speaking of, we're looking for hosting for a second Onionoo instance. It would be set up and maintained by iwakeh, cc'ed, who recently contributed some great patches to Onionoo. If somebody has a spare server with 0.5 to 1TB disk space and 8 or 16GB RAM and reasonable CPU and connectivity, please let me know. We'd be happy to add a mirrors section to the Onionoo project page and credit the friendly sponsor.
All the best, Karsten
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 28/09/14 19:56, Thomas White wrote:
I have a server that can be used but I'd rather not personally maintain it so if somebody can manage it, I can provide the hardware & connection.
Thanks, Thomas, for the offer. Following up in private mail.
All the best, Karsten
On Mon, Sep 29, 2014 at 1:24 AM, Karsten Loesing karsten@torproject.org wrote:
Speaking of, we're looking for hosting for a second Onionoo instance. It would be set up and maintained by iwakeh, cc'ed, who recently contributed some great patches to Onionoo. If somebody has a spare server with 0.5 to 1TB disk space and 8 or 16GB RAM and reasonable CPU and connectivity, please let me know. We'd be happy to add a mirrors section to the Onionoo project page and credit the friendly sponsor.
I can provide a server in my Singapore DC. 1TB disk space, 12GB RAM, decent v4/v6 bandwidth. Please contact me off-list. There is a Tor non-exit relay on the same network.
On 29/09/14 16:45, Sanjeev Gupta wrote:
On Mon, Sep 29, 2014 at 1:24 AM, Karsten Loesing karsten@torproject.org wrote:
Speaking of, we're looking for hosting for a second Onionoo instance. It would be set up and maintained by iwakeh, cc'ed, who recently contributed some great patches to Onionoo. If somebody has a spare server with 0.5 to 1TB disk space and 8 or 16GB RAM and reasonable CPU and connectivity, please let me know. We'd be happy to add a mirrors section to the Onionoo project page and credit the friendly sponsor.
I can provide a server in my Singapore DC. 1TB disk space, 12GB RAM, decent v4/v6 bandwidth. Please contact me off-list. There is a Tor non-exit relay on the same network.
Thanks, followed up off-list.
All the best, Karsten
tor-relays@lists.torproject.org
-
Donncha O'Cearbhaill -
Ed Carter -
George Kadianakis -
isis -
jason@icetor.is -
justaguy -
Karsten Loesing -
Mike Perry -
Sanjeev Gupta -
Thomas White