Topic: Bitcointalk Escrows - Trade Safely! - page 20. (Read 108567 times)

Yes, much thought has been and will continue to pour into this. For now, 2-of-3 works fine, at least multisig is an option.

True, nobody is innocent; except potential doesn't imply guarantee.

When you guys all quit, I will have to raise my minimum and my fee. Those who really need it will gladly pay, those who don't won't.


I don't consider ~23 BTC all that big. It wasn't just one transaction, it was many small ones that added up to that amount.

However the phrase and statement used is like saying "Anyone can steal." then you lump everyone, because it is a blanket statement that applies to all.

The following statements are all true:

1. Anyone can steal, murder, or commit a crime.
2. Trust no one, verify, and be suspicious anyway.

It applies to everyone, including the big five (or big three), but that's not really a nice thing to say about them.

I'm probably going to close mine

The escrow selection is pretty slim these days. Glad I never need escrow services myself 

A solution for the arbiter could be something like including a second escrow. Though i wonder who might chose his escrow. Potentially a Fake escrow could be chosen too then but generally safety should go up  at least when x of x is rising + 1. Running a scam then would be a lot of work, though an escrow should be able to deny the use of an unknown escrow chosen by one of the traders of course.

We spoke in the thread https://bitcointalksearch.org/topic/multi-sig-escrow-networks-2-of-345-network-a-proposal-1308670 about it. It should make scamming a lot harder at least. The downside is that two escrow would have to agree probably and the fees has to be higher since two escrows are involved. Of course it can be offered as the more safe solution to chose. A higher payment would be justified. Since you probably earn on fees then you would have 2 escrow involved in one trade too.

I think this might need more thoughts put into though.

Just to make it visible: Tomatocage is closing his escrow service temporarily(but from what I've seen, he seems to be very inactive, and the change might be permanent).

Reference: His sig


Also, considering marco has yet to answer my PM, I'd like to ask. Whats the requirement for being enlisted here?

You can't have one without the other my friend, not that I can see anyway.. With having it auto-accept and having a TOS, Arbiters have plausible deniability when the transaction took place without their knowledge. There are many open communication channels available to users, using them is suggested but we can't offer anonymous escrow by forcing people to talk to us.

edit 02/08: I've decided against including other people as arbiters for keysCrow and will just keep 2-of-3, at least for now.

I didn't think you might take this personal and i hope you didn't. I only pointed out a potential risk. Might be even possible someone hacks the site, can't get into the wallet but finds a way to impersonate.

I see what you want to do... so what i want to say is the following. Imagine being an escrow holding hundreds of bitcoins (Which iam not. ) then you are liable and you need to protect the traders since it is like protecting yourself. Then you get asked to Trust a third party with coins you hold. The coins are at least in a potential risk of not being controlled by you. Which raises the risk for the escrow especially.

I DON'T say that you would do something funny, i only say things like that happen, see master-P, trusted but... At the end it would mean the escrow is trusting someone with the funds he should have in escrow.


It happens alot that a trade is not starting because i explain the buyer the risks of paypal, skrill, giftcodes and whatever. And most traders have no big clue about how to make their case strong so they can win a dispute.

I would not have it running at autoaccept.


Ok, sounds like you target the business seller then. Probably not a big problem compared to bitcoin noobs.


I feel myself that it's tempting to not having to implement all the time into escrowing and letting it run automatically. Only going through disputes would not be hard, well it can be hard, but being asked what to do and seeing no evidences and nothing would be a problem. I would want to see the deal and suggest precautions, then accept the deal and i can be sure that either i will have ways to prove who is at fault on dispute or i know that the buyer accepted risks i pointed out. That could prevent hurting my trust or good name... i think.

I suppose now we're talking about me personally doing this impersonation. I understand what you're saying, and this boils down to trust. I'm not going to beg for your trust, but just look at what I'm offering the community, and how it evolved from a shitty idea into something that's almost bulletproof. I'm offering anonymous 2-of-3 multisig, with optional 2-of-4(possibly 3-of-4) with a trusted community member as dispute arbiter. Any of the big escrow names could just as easily take off with a large escrow, just as the recent MasterP thing happened. I'm actively trying to prevent theft and loss.


How often does this happen? Having records of sale would be outlined in the terms of use which users would agree to. We can't be responsible for every little detail; the sale is between the buyer and seller, dispute arbiters are judges, not money handlers.


It's easier for the buyer than the seller. The buyer only needs to know how to get public key, they can authorize keysCrow to deliver the server's private key to the seller, allowing the seller to sign the funds out of escrow manually. This way, transaction can take place without dispute arbiters ever knowing.
Yes, for sellers, almost everything is manually processed, sorry but not sorry. If a vendor needs multisig, they know how to use it. We've created an alright guide to using multisig, and can start building tools like a rawtransaction builder. We'll guide users through the process, but won't do it for them.


While it's entirely possible to enable 3-of-4, it would remove the element of anonymity as people would be required to contact arbiters to sign off on deals. This really isn't the idea behind keysCrow, but if that's what people want we can enable 3-of-4 for arbiter selections, and still have anonymous 2-of-3 via keysCrow.

That's right. Though the thing is, all the time i do escrow it VERY rare that someone asked for multisig. The times it did not happen for reasons i don't remember but most users seem to want the easy solution. Even when this means that there is a risk. Though they use a user they trust, so most might not think about potential risks that still might be there. Dunno.


With everyones maybe not. But they might be able to impersonate an escrow and initiate a trade with a party that pays in bitcoin. Doing that large scale, so impersonating seller and escrow, even by presenting the real users names, they could scam for a couple of days the paid in coins.

I wonder if it would be worth it. Maybe when a big sale buy offer show up?


What do you do when the trade was done in a way that makes it impossible to judge who was right? Normally an escrow would start with checking out risks of a trade and he would inform the traders about everything. If they want to go through then fine. The same goes for handling the trade so that there are evidences of who is right. Might be a problem since often enough people would do it wrongly out of inexperiene.

Regarding multisig, how easy is it for a trader to deal with the keys? What would traders have to do or specifically has to learn to do? I only want to see how scaring it would look to handle it that way instead simply sending bitcoins to the address the escrow tells to send to?

You might think over that autoaccept. You surely did deny some trades on the forum manually. Or you would only have started an escrow when certain steps were done before in order to allow yourself to be able to handle a dispute.

So since you never know what traders come up with on bitrated then you might get into a not so nice situation.

I knew 2-of-4 would be a focus point for security, and there's no denying the vulnerability involved with 2-of-4, a risk that is minute in comparison to that of trusting one person with 100% access to escrow funds.

I see most of the escrow service providers offer 1-of-1 escrow, which I don't have to explain the heightened risk involved here. We offer 2-of-3, and 2-of-4, more than what most multisig escrow providers can say. While fraud via collusion is possible, I want to point out how it's impossible for the site owner to 'run off' with everyones coins when they are in 2-of-3/4 multisig.

While 2-of-4 does have a small risk of theft, the benefits outweigh the risk in my opinion.

For example, if a dispute arises, and neither party can come to an agreement, the arbiter still has the power to finalize the transaction by involving keysCrow to help sign-off on the 50/50 split. With 2-of-3 and 3-of-4, this is impossible. Additionally, 3-of-4 would require manual intervention for every transaction to be finalized, more involvement from our arbiters than what we envisioned for keysCrow.

I'd like to stress the point: keysCrow is not full-service escrow: which means we don't "release funds on demand" (ie: sign/send rawtx). We create multisig addresses, and only get involved to provide support for transaction disputes.

I didn't know 2 of 3 would create always the same multisig address, though when i think about it it makes sense. I somehow awaited a random factor like with mnemonic phrases for wallets. Though makes sense.

But what i meant with lowering security is that the lower the first number and the higher the last number the higher the chance of a possible scam happening.

For example 2 of 4... it only needs a corrupt escrow who comes out as a trader and trades. Then one person has the power to release the coins. 3 of four would be more safe then since it will be harder and harder to impersonate more parties.

By the way, when will the server give his key? The one controlling the server might be one of the involved parties too.

And the higher the last number the higher the chance that 2 are the same person again.


Yeah, for some shops a buyer really would prefer protection. Though i think that the merchant needs to offer it first. I mean the merchant would agree that he only gets his payment after the buyer receives the goods. That surely is not for every merchant.

I'm thinking of no longer doing manual escrows and only using bitrated. I don't have time for the all the communication. I only want to do something if there's a dispute. I'll have bitrated auto accept.

If you guys want me on the big 5, I'm willing to do bitrated only, flat fee of 0.002 and disputes are 1%. Actually I'm about to make this my policy anyway.

Ok new policy https://bitcointalksearch.org/topic/bitpop-reputation-231416

Please update my listing to .002.

I think you misunderstood: not 'raises security', we understand 2-of-N's vulnerabilities and are limiting N to 4. We believe 2-of-4 provides added securites while limiting the risk involved. With 2-of-4, by your example, if someone dies then the coins wouldn't die, or if the site effs-off then there will still be 3 legit parties. If we only offered 2-of-3, people could reuse their keys, generating reused multisig addresses (as you know, three keys will always create the same multisig address). The fourth key is the random server private key.

There are faster and more user friendly systems available, however keysCrow was built to give our users the control over their transactions they deserve. Not automatically doing things for users gives them piece of mind of knowing exactly where their Bitcoin is going. What if the site begins to create faulty rawtransactions or changing destination addresses? This prevents that scenario.

How can raising the second number increase security? I think it would decrease security because 2 of 4 means, i think, that 2 out of 4 users are needed to free the bitcoins. If you need 2 out of 40 then the chance of scam is very high. If you need 4 out of 4 then it would be very secure but it one of them dies then the coins are dead too.


Merchants might already have established enough trust to not having to care about escrow anymore. But if they do then an automated system looks faster.


Well if you handle experienced users then there might be no problem, or let's say there still can when they have to do it often and don't want to care about checking a signature out.

What i meant is no error or broadcasting but instead giving a wrong key to the buyer. The key will create a bitcoin address the site owner controls. So no error but manual change in code for purpose of scamming would be possible.

yes, 2-of-N is insecure, which is why we limit it to 2-of-4, with the fourth being the random server keys generated. I'm afraid I don't see the concern with reusing arbiter public keys, especially when no two multisig addresses we make are be the same.

You do kind of got me there, keysCrow isn't exactly built for newbies, but we who are running it aren't either. I can only imagine the people who need this kind of service already know how to sign and broadcast transactions, presumably merchants, so we've created a system to deliver the random private key to them, the bitcoin recipient, so they may sign their own transactions out of multisig. This is actioned by the btc sender. Having less functionality available may also allow arbiters to reap more donations from support tickets on general help issues.

Again, keysCrow does not sign nor broadcast transactions automatically, and the software creating multisig addresses is highly reputable and widely used. There's no doubting that this doesn't exempt it from any bugs, but we're always writing code (except weekends) and will respond to all concerns within a reasonable timeframe. Hopefully the 2-of-4 solves the ol-switcheroo trick of changing the deposit address, unless people stop checking redeemScripts.

At the end it was decided that 2 of N would be too insecure.

Only contacted in case of dispute? I think that might not be sufficient. It happens alot that you have to give tips on how a trade can be secured so that in case of a dispute the escrow will be able at all to find out the truth. Traders would do errors often otherwise.


I only know that traders don't really like to work much. For example, a newbie reads verify signature, don't know what it is, overreads it... the deal moves on anyway. So if the website would, i only point out potential risk, present a wrong signature containing a false bitcoin address then the escrow would only realize after everything is broken already. A site could even run normally but once the volume is high they might start to replace with their own addresses. It will be rare that a trader will check a signature.


Ok, then the escrow would only get involved in case of dispute. Still i would be unsure if, for example, if my public key is used all the time.

Correct me if I'm wrong, but that read more like a guide to create 2-of-N multisig, while proposing trusted escrow providers coordinate future escrows? The thread has been inactive for a month, and keysCrow is nearing completion to allow third party dispute arbiters.  If a trusted escrow provider joins us, their public key would be used to create multisig addresses, and they would only be contact in the event of a dispute.


This is true, and hopefully we have provided everything needed to establish that trust, including redeemScript to verify. I was under the impression that multisig is an effective method of thwarting scams by the involved parties? Please remember that keysCrow will not automatically build nor sign rawtransactions.


Users don't have to contact us to establish trade contracts, hence the anonymous boast. Multisig doesn't require the arbiter to sign and broadcast transactions, unless there is a dispute; as the definition of arbiter is synonymous with 'judge'. Secure communication is enabled by our users as long as they provide us their PGP key, all outgoing email from the server to them will be encrypted. We maintain this encryption for any manually written messages as well.

Only two points for the stats... bitpops high count for online time reminds me on dogies time: https://bitcointalksearch.org/user/dogie-87869

He once claimed that he is practically online 24 hours, but not really online but instead he uses a software to check his inbox or some other stats for him. So it looks like he is online all the time. Might be, since bitpop has an even higher online time, that he has a similar script running.

When i think about it, 800 days are 24 hour days. That would mean staying online for 2 years 365 days per year 24 hours per day. Surely a script is running.

And last active, sure, it's not possible to be on here all the time and it depends on the timezone the escrow is living in since a snapshot of these times might be nighttime for some escrows.