Topic: bithra.com | Free and provably fair escrow - page 2. (Read 3153 times)

AMAZING SERVICE. RHaver is the REAL DEAL!

I lost 50$ earlier today to a scammer after not reading the details on escrow. I contacted RHaver and immediately got a response back. He blacklisted the guy who scammed me, neg trust him, and then graciously REFUNDED me out of his OWN POCKET!! AMAZING guy. Will be using his escrow service in the future and cant recommend his service enough to you guys!!

just do an escrow on bithra.com with lakuf,wish it work well

Sorry about the delay getting back to this:

Mozilla FireFox and SeaMonkey both don't show the balance, however, Maxthon Cloud does show the balance, so all I have to do now is have the funds released.

(The above versions are all PortableApps versions of the Browsers)...

I just tried in Chrome, Firefox and Safair and all seem to be working. Do you have an extension that blocks requests that would stop it loading? (Something like noscript or privacybadger or something?)

I figured that by giving the link to blockchain.info that it would be taken as given that I had already checked the link to block trail https://www.blocktrail.com/BTC/address/1DeiTBRzQYhfwyTSXH5RP82u3xCcC7uAWf which also shows the funds as having landed.

However, the Bithra page still hasn't updated stating:


https://www.bithra.com/escrows/1DeiTBRzQYhfwyTSXH5RP82u3xCcC7uAWf


What browser can you see it on?

I'm sure I won't be the only one asking, traders and their customers will also want to see the funds are being held in Escrow before they continue.

Thanks again.

Yeah, this definitely happens and I think the two motivations for this happening are:

a) The person is hoping that by not releasing the escrow they can get it back
b) The person is a troll


Bithra solves problem a)   (because it explicitly refuses to return escrowed funds to the sender to avoid this attack) but is open to b).  However with b) the person has no financial motivation, so hopefully it doesn't happen too much.

I had some ideas to combat this, like having configurable deposits for both the sender and receiver. And then *after* the deposit obligations are done, they do the escrow. Then if the deal is amicably resolved, everyone gets their deposit back. (if not, people would also lose their deposits). This would mean trolls would lose money themselves. But at the moment, I'm not sure it's worth the complexity.

Thanks for trying it out! It should have appeared instantly! Sorry about that. It seems to be showing now. The nerdy answer is that Bithra itself doesn't really update or is aware of how much is in escrow, if you look at the source of the page you'll see this:



i.e. your browser is querying blocktrail and then displaying the results, so blocktrail was probably lagging or behind. If this continues to happen, I'll switch API providers =)

(And on a side note, if you want to be extra-secure you should check using a different block explorer to make sure blocktrail isn't lying or anything)

In theory using Bithra the person who puts the coins into Escrow has already lost them, so it's in their best interest to make the deal happen.  I can see somewhere down the track some serious coin will get "donated" to the Bithra creator, as I read something about he gets the cons after one year (still not sure how he manages that if he doesn't have the "release secret"

Ive dealt with some pretty mean traders in the past. They agree to use escrow, I provide them with the service, but they don't release the payment. It just sits in the escrow's wallet. How do you guys combat this?

Also, what if the recipient does not fulfill the job or you want to decrease his pay due to bad quality?

Hi, I thought I'd try Bithra out,

On the Block Chain I have BTC 0.00164169 https://blockchain.info/address/1DeiTBRzQYhfwyTSXH5RP82u3xCcC7uAWf

However, on Bithra it says I have no funds: https://www.bithra.com/escrows/1DeiTBRzQYhfwyTSXH5RP82u3xCcC7uAWf

When does the page update?  (Refreshing the page doesn't update the total).

Thanks.

It is good to have an easier way to do escrow. It was too complicated (IMO) to do it in the traditional way.

Brilliant! I was looking for exactly something like this!
Great job!
Thank you!

The release secret is 100% generated client-side, and NEVER sent to the server. You can verify this by either:
a) Check the source code (a bit tricky, because bitcoinjs-lib is minified and hard to check its not tampered with)
b) Check the network tab in chrome (you'll see only the address is sent)
c) Use the advanced mode, and generate an addresss totally off the site, and only provide the address  (most recommended, if you're concerned)

You can still put money in a released escrow, and re-release it. i.e. your money won't be lost.  But because the escrow is released, it can't be used multiple times (the provably fair system only says "release the entire escrow" it doesn't say "release payments sent before X". So you should use a new escrow for new things.

You can make installment payments to the escrow address, yeah. And when it's released, all the outputs will be sent at once to the receiver. Super dusty payments (e.g. under ~20) won't be used, because they'll add more to the txfee than they would to the output amount

• Other websites for wallet creations have from time to time had suggested to them that they could see the wallet private key "Release Secret:", how are you prevented from seeing the private key "Release Secret:" that gets displayed on the home page when a user sets up an Escrow?
• Once the "Release Secret:" is used to release the held funds does that wallet then become inoperable?
• If a person was making part payments (eg paying in installments, would the Destination act the same way a ordinary wallet address would in accepting any number of deposits?

Thanks for reading.

Seems an impressive website, i might try it with some small transactions where it is not worth the time for a forum escrow.

Nicely spotted. But actually I push to both bc.info and blockr. The code if interested: https://dl.dropboxusercontent.com/spa/rmczv2tqcr196vz/oxrp5rgx.png


I already run a full node for bustabit, so I could push it to that node with a few minutes work. I actually store the transaction (and the release signature) before it's pushed in the database, so it's a TODO: to expose that to the user as well.



Good point

[/quote]
Yup, thanks

Received, thanks and appreciated.

It looks like you might have it setup so that the release transactions will get broadcast via blockchain.info's node (maybe via blockchain.info/pushtx), and although they are my personal favorite block explorer, they do have a lot of problems, especially DDoS type problems that prevent people from accessing their website (or broadcasting transactions via them). If running a full node is too costly for your service that you are not charging anything for, then I might suggest running electrum, using the "loan transaction -> from text" feature and then broadcasting the signed transaction via electrum (and possibly also providing the signed transaction that the user can broadcast themselves in case of other problems).

I might also suggest that you require some kind of cryptographic confirmation that the release secret (what appears to be a private key generated by your website) was actually backed up or that the user can in fact sign a message from the address they say they will sign from to release the funds prior to generating the escrow address. This will prevent someone from inadvertently creating an escrow address that is essentially impossible to release.

It also looks like your FAQ might have a typo:

I believe that you intended for this to say "...You can generate it directly with our website..."

If the funds are never released, they will be forever lost to bithra. They won't be sent to the destination, or returned to sender -- as picking either of them could encourage a type of scammers. It kind of mimicks what happens in a 2-of-2 escrow situation, when the parties don't come to agreement (except in this case, I keep the money instead of them being forever unspendable)

Uggh. And thanks! I threw 0.05 BTC into your escrow while you're waiting. Seems like my latest change has stopped the "Advanced" release from actually sending the signature to the server. Will have it fixed in a few minutes.

Note to self: Setup email alerts for errors

---

Thanks! Stupid mistake, fixed. And I used the interface to release the escrow.

(Posting it here, as you made the details public)

https://live.blockcypher.com/btc/tx/c5d19e91a26e50a8e5ca23f6b9a8187c389dafec1bfd25126f008047b256ffd0/


The fee on that is strangely small, but it's seems to be working correctly (blocktrail's api is telling me the optimal fee is 94.12 bits per KiB)

I tried it out and it seems there is some issue.

I am receiving an error message saying to check the console and upon inspection of the console it looks like the server is responding with a status of 500 ()

If possible can you please release the coins back to my address

{
  "address": "1MGeKWdiUiKPBt3NUR7NsmNDsZT5LgycrW",
  "message": "The address 1H8YMrRaQeYJELbcVqatuRETtiLKL5Pkvw was generated on 2016-05-03T03:15:47.203Z by bithra.com, and holds funds in escrow for 1GTpwVr3UJsMTkdqVnwymGXR1udtDpo5f9 and will be released with signed instructions from 1AiJ9npjZceutRaASKT77jucsWpLsRPMWB in the next year",
  "signature": "IKKMZfp+sKPyDTSIPvvGZ5GYiFtTHkzrAYDY4y0lzL0xFxhNwFHRS3wGM2+PlWZi0ooGLrgR2Ww9B4APvXLIvq0="
}

---

---

{
  "address": "1AiJ9npjZceutRaASKT77jucsWpLsRPMWB",
  "message": "release all escrowed funds from 1H8YMrRaQeYJELbcVqatuRETtiLKL5Pkvw",
  "signature": "ICyFNJtDTmzwHfroK4HDTxUsOTU3Dw2rOJ/8m/04dA5GSL/xT/yxmD/W6RMj46emfEZchmNlhoc8bKzn58sUvSw="
}

---

I am also curious to know what will happen after the one year period is up