Pages:
Author

Topic: bithra.com | Free and provably fair escrow - page 2. (Read 3218 times)

newbie
Activity: 37
Merit: 0
just do an escrow on bithra.com with lakuf,wish it work well Grin Grin
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
Sorry about the delay getting back to this:

Mozilla FireFox and SeaMonkey both don't show the balance, however, Maxthon Cloud does show the balance, so all I have to do now is have the funds released.

(The above versions are all PortableApps versions of the Browsers)...
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
I figured that by giving the link to blockchain.info that it would be taken as given that I had already checked the link to block trail https://www.blocktrail.com/BTC/address/1DeiTBRzQYhfwyTSXH5RP82u3xCcC7uAWf which also shows the funds as having landed.

However, the Bithra page still hasn't updated stating:

Quote
? BTC
(+ ? BTC unconfirmed)

https://www.bithra.com/escrows/1DeiTBRzQYhfwyTSXH5RP82u3xCcC7uAWf

Quote
It seems to be showing now.

What browser can you see it on?

I'm sure I won't be the only one asking, traders and their customers will also want to see the funds are being held in Escrow before they continue.

Thanks again.
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
Ive dealt with some pretty mean traders in the past. They agree to use escrow, I provide them with the service, but they don't release the payment. It just sits in the escrow's wallet. How do you guys combat this?

Also, what if the recipient does not fulfil the job or you want to decrease his pay due to bad quality?

In theory using Bithra the person who puts the coins into Escrow has already lost them, so it's in their best interest to make the deal happen.  I can see somewhere down the track some serious coin will get "donated" to the Bithra creator, as I read something about he gets the cons after one year (still not sure how he manages that if he doesn't have the "release secret"
legendary
Activity: 1232
Merit: 1030
give me your cryptos
Ive dealt with some pretty mean traders in the past. They agree to use escrow, I provide them with the service, but they don't release the payment. It just sits in the escrow's wallet. How do you guys combat this?

Also, what if the recipient does not fulfill the job or you want to decrease his pay due to bad quality?
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
Hi, I thought I'd try Bithra out,

On the Block Chain I have BTC 0.00164169 https://blockchain.info/address/1DeiTBRzQYhfwyTSXH5RP82u3xCcC7uAWf

However, on Bithra it says I have no funds: https://www.bithra.com/escrows/1DeiTBRzQYhfwyTSXH5RP82u3xCcC7uAWf

When does the page update?  (Refreshing the page doesn't update the total).

Thanks.
hero member
Activity: 770
Merit: 500
✪ NEXCHANGE | BTC, LTC, ETH & DOGE ✪
It is good to have an easier way to do escrow. It was too complicated (IMO) to do it in the traditional way.
sr. member
Activity: 602
Merit: 250
Brilliant! I was looking for exactly something like this!
Great job!
Thank you!
legendary
Activity: 1463
Merit: 1886
  • Other websites for wallet creations have from time to time had suggested to them that they could see the wallet private key "Release Secret:",
    how are you prevented from seeing the private key "Release Secret:" that gets displayed on the home page when a user sets up an Escrow?

The release secret is 100% generated client-side, and NEVER sent to the server. You can verify this by either:
a) Check the source code (a bit tricky, because bitcoinjs-lib is minified and hard to check its not tampered with)
b) Check the network tab in chrome (you'll see only the address is sent)
c) Use the advanced mode, and generate an addresss totally off the site, and only provide the address  (most recommended, if you're concerned)

Quote
  • Once the "Release Secret:" is used to release the held funds does that wallet then become inoperable?
You can still put money in a released escrow, and re-release it. i.e. your money won't be lost.  But because the escrow is released, it can't be used multiple times (the provably fair system only says "release the entire escrow" it doesn't say "release payments sent before X". So you should use a new escrow for new things.

Quote
  • If a person was making part payments (eg paying in installments, would the Destination act the same way a ordinary wallet address would in accepting any number of deposits?

Thanks for reading.
You can make installment payments to the escrow address, yeah. And when it's released, all the outputs will be sent at once to the receiver. Super dusty payments (e.g. under ~20) won't be used, because they'll add more to the txfee than they would to the output amount
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
  • Other websites for wallet creations have from time to time had suggested to them that they could see the wallet private key "Release Secret:", how are you prevented from seeing the private key "Release Secret:" that gets displayed on the home page when a user sets up an Escrow?
  • Once the "Release Secret:" is used to release the held funds does that wallet then become inoperable?
  • If a person was making part payments (eg paying in installments, would the Destination act the same way a ordinary wallet address would in accepting any number of deposits?

Thanks for reading.
hero member
Activity: 1050
Merit: 529
Seems an impressive website, i might try it with some small transactions where it is not worth the time for a forum escrow.
legendary
Activity: 1463
Merit: 1886
It looks like you might have it setup so that the release transactions will get broadcast via blockchain.info's node (maybe via blockchain.info/pushtx), and although they are my personal favorite block explorer, they do have a lot of problems, especially DDoS type problems that prevent people from accessing their website (or broadcasting transactions via them).

Nicely spotted. But actually I push to both bc.info and blockr. The code if interested: https://dl.dropboxusercontent.com/spa/rmczv2tqcr196vz/oxrp5rgx.png

Quote
If running a full node is too costly for your service that you are not charging anything for, then I might suggest running electrum, using the "loan transaction -> from text" feature and then broadcasting the signed transaction via electrum (and possibly also providing the signed transaction that the user can broadcast themselves in case of other problems).

I already run a full node for bustabit, so I could push it to that node with a few minutes work. I actually store the transaction (and the release signature) before it's pushed in the database, so it's a TODO: to expose that to the user as well.


Quote
I might also suggest that you require some kind of cryptographic confirmation that the release secret (what appears to be a private key generated by your website) was actually backed up or that the user can in fact sign a message from the address they say they will sign from to release the funds prior to generating the escrow address. This will prevent someone from inadvertently creating an escrow address that is essentially impossible to release.

Good point

Quote
It also looks like your FAQ might have a typo:

Quote from: What exactly is the release secret?
...You can it directly with our website....
I believe that you intended for this to say "...You can generate it directly with our website..."
[/quote]
Yup, thanks
copper member
Activity: 2996
Merit: 2374
I tried it out and it seems there is some issue.

Uggh. And thanks! I threw 0.05 BTC into your escrow while you're waiting. Seems like my latest change has stopped the "Advanced" release from actually sending the signature to the server. Will have it fixed in a few minutes.

https://live.blockcypher.com/btc/tx/c5d19e91a26e50a8e5ca23f6b9a8187c389dafec1bfd25126f008047b256ffd0/
Received, thanks and appreciated.

It looks like you might have it setup so that the release transactions will get broadcast via blockchain.info's node (maybe via blockchain.info/pushtx), and although they are my personal favorite block explorer, they do have a lot of problems, especially DDoS type problems that prevent people from accessing their website (or broadcasting transactions via them). If running a full node is too costly for your service that you are not charging anything for, then I might suggest running electrum, using the "loan transaction -> from text" feature and then broadcasting the signed transaction via electrum (and possibly also providing the signed transaction that the user can broadcast themselves in case of other problems).

I might also suggest that you require some kind of cryptographic confirmation that the release secret (what appears to be a private key generated by your website) was actually backed up or that the user can in fact sign a message from the address they say they will sign from to release the funds prior to generating the escrow address. This will prevent someone from inadvertently creating an escrow address that is essentially impossible to release.

It also looks like your FAQ might have a typo:

Quote from: What exactly is the release secret?
...You can it directly with our website....
I believe that you intended for this to say "...You can generate it directly with our website..."
legendary
Activity: 1463
Merit: 1886

I am also curious to know what will happen after the one year period is up

If the funds are never released, they will be forever lost to bithra. They won't be sent to the destination, or returned to sender -- as picking either of them could encourage a type of scammers. It kind of mimicks what happens in a 2-of-2 escrow situation, when the parties don't come to agreement (except in this case, I keep the money instead of them being forever unspendable)
legendary
Activity: 1463
Merit: 1886
I tried it out and it seems there is some issue.

Uggh. And thanks! I threw 0.05 BTC into your escrow while you're waiting. Seems like my latest change has stopped the "Advanced" release from actually sending the signature to the server. Will have it fixed in a few minutes.

Note to self: Setup email alerts for errors

---

Thanks! Stupid mistake, fixed. And I used the interface to release the escrow.

(Posting it here, as you made the details public)

https://live.blockcypher.com/btc/tx/c5d19e91a26e50a8e5ca23f6b9a8187c389dafec1bfd25126f008047b256ffd0/


The fee on that is strangely small, but it's seems to be working correctly (blocktrail's api is telling me the optimal fee is 94.12 bits per KiB)
copper member
Activity: 2996
Merit: 2374
I tried it out and it seems there is some issue.

I am receiving an error message saying to check the console and upon inspection of the console it looks like the server is responding with a status of 500 ()

If possible can you please release the coins back to my address Smiley

{
  "address": "1MGeKWdiUiKPBt3NUR7NsmNDsZT5LgycrW",
  "message": "The address 1H8YMrRaQeYJELbcVqatuRETtiLKL5Pkvw was generated on 2016-05-03T03:15:47.203Z by bithra.com, and holds funds in escrow for 1GTpwVr3UJsMTkdqVnwymGXR1udtDpo5f9 and will be released with signed instructions from 1AiJ9npjZceutRaASKT77jucsWpLsRPMWB in the next year",
  "signature": "IKKMZfp+sKPyDTSIPvvGZ5GYiFtTHkzrAYDY4y0lzL0xFxhNwFHRS3wGM2+PlWZi0ooGLrgR2Ww9B4APvXLIvq0="
}



{
  "address": "1AiJ9npjZceutRaASKT77jucsWpLsRPMWB",
  "message": "release all escrowed funds from 1H8YMrRaQeYJELbcVqatuRETtiLKL5Pkvw",
  "signature": "ICyFNJtDTmzwHfroK4HDTxUsOTU3Dw2rOJ/8m/04dA5GSL/xT/yxmD/W6RMj46emfEZchmNlhoc8bKzn58sUvSw="
}


I am also curious to know what will happen after the one year period is up
legendary
Activity: 1463
Merit: 1886
Very nice site.  I'm impressed.

What happens in the case of disputes?

Thanks! The two parties need to work it out. It's the moral equivalent of 2-of-2 multisig, but designed to be easier to use  (no public key sharing, both people don't need to sign the transaction). If you need arbitration or something more advanced, it's not really the service.

There was a good discussion of it in bustabit, but basically the summary is that it removes the upside in scamming -- but doesn't prevent people scamming.
legendary
Activity: 1463
Merit: 1886
That is only one part of it though, and probably one of the smaller parts. The main reason he should be trusted is because he owns bustabit, and previously owned moneypot. Moneypot had lots of bitcoin invested in the bankroll, and I don't believe a single satoshi was stolen since after the sale, people could access and withdraw their funds at mp.bustabit.com. Bustabit has also had a lot of bitcoin wagered, and large winners are paid out very quickly, with some huge 10+ bitcoin withdraws. There wouldn't be much of a point for Ryan to create a site, just to scam people since if he did, his site (which probably makes him nice profit) would get a lot smaller volume, and there would be less profit.

Yeah, I think at a single point of time I had held >1000 BTC of other peoples money that I could've stolen if dishonest, and in total processed a little over 16k BTC of peoples withdraws. It doesn't really prove I will always act ethically, but bithra.com is just supposed to be a light weight alternative to "Send me the money first", not the be all and end all. I specifically avoided any advanced features and usage just to make it simple.

The use case I'm trying to replace is: "Hey, I'm new and selling X. Please send me the money first, I promise I won't scam you. I don't have time to use a human escrow". It's not trying to replace trustless on-chain schemes, and things that offer better guarantees.
legendary
Activity: 1463
Merit: 1886
Quote
PROVABLY FAIR: We provide non-repudiable proofs for all our escrow services, and is operated by Ryan Havar (owner of bustabit), on bitcointalk's default trust list, and handled millions of dollars of bitcoins.

^^What is this? So, you are basically asking for a favor for being on default trust level 2! Where is the provable fairness in it?

Actually it offers a little more guarantee than what is typically called "provably fair". Because in addition to proving to yourself it's fair (like gambling) it allows you to prove to others to prove you were cheated (non-repudiation).

The provably fairness is explained in the FAQ, but here's a practical example:

Code:
{
  "address": "1MGeKWdiUiKPBt3NUR7NsmNDsZT5LgycrW",
  "message": "The address 12SbYg7CZL9pxkvJqmmFriJXBYXhTiXPep was generated on 2016-05-01T23:12:56.110Z by bithra.com, and holds funds in escrow for 1FDUdzgVhUbSpkbCKST11XoeQ3K5zxac8a and will be released with signed instructions from 14iik8PjwVKGhHPvTD3eJUCdpyR7dfjW2Y in the next year",
  "signature": "IBGDmeCNLxx6KBCBjJJkvvWpQwKFAsZd3PKHmkzzPI8gL+6AgOqOxScU/uHKrJoksQ4S5FRcI2iQ9qqHGdGpLPk="
}

You need to verify three things:
*  The address is indeed the one we use to sign guarantees
*  The signature is valid ( I like this tool:
https://www.blocktrail.com/BTC?verifysignedmessage=1 )
* The details are correct

Now you can save that guarantee, and if we don't act according to it -- you can call us out on scamming!
legendary
Activity: 2772
Merit: 3284
Quote
PROVABLY FAIR: We provide non-repudiable proofs for all our escrow services, and is operated by Ryan Havar (owner of bustabit), on bitcointalk's default trust list, and handled millions of dollars of bitcoins.

^^What is this? So, you are basically asking for a favor for being on default trust level 2! Where is the provable fairness in it?
That is only one part of it though, and probably one of the smaller parts. The main reason he should be trusted is because he owns bustabit, and previously owned moneypot. Moneypot had lots of bitcoin invested in the bankroll, and I don't believe a single satoshi was stolen since after the sale, people could access and withdraw their funds at mp.bustabit.com. Bustabit has also had a lot of bitcoin wagered, and large winners are paid out very quickly, with some huge 10+ bitcoin withdraws. There wouldn't be much of a point for Ryan to create a site, just to scam people since if he did, his site (which probably makes him nice profit) would get a lot smaller volume, and there would be less profit.
Pages:
Jump to: