Topic: bithra.com | Free and provably fair escrow - page 2. (Read 3193 times)
just do an escrow on bithra.com with lakuf,wish it work well
Sorry about the delay getting back to this:
Mozilla FireFox and SeaMonkey both don't show the balance, however, Maxthon Cloud does show the balance, so all I have to do now is have the funds released.
(The above versions are all PortableApps versions of the Browsers)...
Mozilla FireFox and SeaMonkey both don't show the balance, however, Maxthon Cloud does show the balance, so all I have to do now is have the funds released.
(The above versions are all PortableApps versions of the Browsers)...
I figured that by giving the link to blockchain.info that it would be taken as given that I had already checked the link to block trail https://www.blocktrail.com/BTC/address/1DeiTBRzQYhfwyTSXH5RP82u3xCcC7uAWf which also shows the funds as having landed.
However, the Bithra page still hasn't updated stating:
https://www.bithra.com/escrows/1DeiTBRzQYhfwyTSXH5RP82u3xCcC7uAWf
What browser can you see it on?
I'm sure I won't be the only one asking, traders and their customers will also want to see the funds are being held in Escrow before they continue.
Thanks again.
However, the Bithra page still hasn't updated stating:
Quote
? BTC
(+ ? BTC unconfirmed)
(+ ? BTC unconfirmed)
https://www.bithra.com/escrows/1DeiTBRzQYhfwyTSXH5RP82u3xCcC7uAWf
Quote
It seems to be showing now.
What browser can you see it on?
I'm sure I won't be the only one asking, traders and their customers will also want to see the funds are being held in Escrow before they continue.
Thanks again.
Ive dealt with some pretty mean traders in the past. They agree to use escrow, I provide them with the service, but they don't release the payment. It just sits in the escrow's wallet. How do you guys combat this?
Also, what if the recipient does not fulfil the job or you want to decrease his pay due to bad quality?
Also, what if the recipient does not fulfil the job or you want to decrease his pay due to bad quality?
In theory using Bithra the person who puts the coins into Escrow has already lost them, so it's in their best interest to make the deal happen. I can see somewhere down the track some serious coin will get "donated" to the Bithra creator, as I read something about he gets the cons after one year (still not sure how he manages that if he doesn't have the "release secret"
Ive dealt with some pretty mean traders in the past. They agree to use escrow, I provide them with the service, but they don't release the payment. It just sits in the escrow's wallet. How do you guys combat this?
Also, what if the recipient does not fulfill the job or you want to decrease his pay due to bad quality?
Also, what if the recipient does not fulfill the job or you want to decrease his pay due to bad quality?
Hi, I thought I'd try Bithra out,
On the Block Chain I have BTC 0.00164169 https://blockchain.info/address/1DeiTBRzQYhfwyTSXH5RP82u3xCcC7uAWf
However, on Bithra it says I have no funds: https://www.bithra.com/escrows/1DeiTBRzQYhfwyTSXH5RP82u3xCcC7uAWf
When does the page update? (Refreshing the page doesn't update the total).
Thanks.
On the Block Chain I have BTC 0.00164169 https://blockchain.info/address/1DeiTBRzQYhfwyTSXH5RP82u3xCcC7uAWf
However, on Bithra it says I have no funds: https://www.bithra.com/escrows/1DeiTBRzQYhfwyTSXH5RP82u3xCcC7uAWf
When does the page update? (Refreshing the page doesn't update the total).
Thanks.
It is good to have an easier way to do escrow. It was too complicated (IMO) to do it in the traditional way.
Brilliant! I was looking for exactly something like this!
Great job!
Thank you!
Great job!
Thank you!
- Other websites for wallet creations have from time to time had suggested to them that they could see the wallet private key "Release Secret:",
how are you prevented from seeing the private key "Release Secret:" that gets displayed on the home page when a user sets up an Escrow?
The release secret is 100% generated client-side, and NEVER sent to the server. You can verify this by either:
a) Check the source code (a bit tricky, because bitcoinjs-lib is minified and hard to check its not tampered with)
b) Check the network tab in chrome (you'll see only the address is sent)
c) Use the advanced mode, and generate an addresss totally off the site, and only provide the address (most recommended, if you're concerned)
Quote
- Once the "Release Secret:" is used to release the held funds does that wallet then become inoperable?
Quote
- If a person was making part payments (eg paying in installments, would the Destination act the same way a ordinary wallet address would in accepting any number of deposits?
Thanks for reading.
- Other websites for wallet creations have from time to time had suggested to them that they could see the wallet private key "Release Secret:", how are you prevented from seeing the private key "Release Secret:" that gets displayed on the home page when a user sets up an Escrow?
- Once the "Release Secret:" is used to release the held funds does that wallet then become inoperable?
- If a person was making part payments (eg paying in installments, would the Destination act the same way a ordinary wallet address would in accepting any number of deposits?
Thanks for reading.
Seems an impressive website, i might try it with some small transactions where it is not worth the time for a forum escrow.
It looks like you might have it setup so that the release transactions will get broadcast via blockchain.info's node (maybe via blockchain.info/pushtx), and although they are my personal favorite block explorer, they do have a lot of problems, especially DDoS type problems that prevent people from accessing their website (or broadcasting transactions via them).
Nicely spotted. But actually I push to both bc.info and blockr. The code if interested: https://dl.dropboxusercontent.com/spa/rmczv2tqcr196vz/oxrp5rgx.png
Quote
If running a full node is too costly for your service that you are not charging anything for, then I might suggest running electrum, using the "loan transaction -> from text" feature and then broadcasting the signed transaction via electrum (and possibly also providing the signed transaction that the user can broadcast themselves in case of other problems).
I already run a full node for bustabit, so I could push it to that node with a few minutes work. I actually store the transaction (and the release signature) before it's pushed in the database, so it's a TODO: to expose that to the user as well.
Quote
I might also suggest that you require some kind of cryptographic confirmation that the release secret (what appears to be a private key generated by your website) was actually backed up or that the user can in fact sign a message from the address they say they will sign from to release the funds prior to generating the escrow address. This will prevent someone from inadvertently creating an escrow address that is essentially impossible to release.
Good point
Quote
It also looks like your FAQ might have a typo:
[/quote]Quote from: What exactly is the release secret?
...You can it directly with our website....
I believe that you intended for this to say "...You can generate it directly with our website..."Yup, thanks
I tried it out and it seems there is some issue.
Uggh. And thanks! I threw 0.05 BTC into your escrow while you're waiting. Seems like my latest change has stopped the "Advanced" release from actually sending the signature to the server. Will have it fixed in a few minutes.
https://live.blockcypher.com/btc/tx/c5d19e91a26e50a8e5ca23f6b9a8187c389dafec1bfd25126f008047b256ffd0/
It looks like you might have it setup so that the release transactions will get broadcast via blockchain.info's node (maybe via blockchain.info/pushtx), and although they are my personal favorite block explorer, they do have a lot of problems, especially DDoS type problems that prevent people from accessing their website (or broadcasting transactions via them). If running a full node is too costly for your service that you are not charging anything for, then I might suggest running electrum, using the "loan transaction -> from text" feature and then broadcasting the signed transaction via electrum (and possibly also providing the signed transaction that the user can broadcast themselves in case of other problems).
I might also suggest that you require some kind of cryptographic confirmation that the release secret (what appears to be a private key generated by your website) was actually backed up or that the user can in fact sign a message from the address they say they will sign from to release the funds prior to generating the escrow address. This will prevent someone from inadvertently creating an escrow address that is essentially impossible to release.
It also looks like your FAQ might have a typo:
Quote from: What exactly is the release secret?
...You can it directly with our website....
I believe that you intended for this to say "...You can generate it directly with our website..." I am also curious to know what will happen after the one year period is up
If the funds are never released, they will be forever lost to bithra. They won't be sent to the destination, or returned to sender -- as picking either of them could encourage a type of scammers. It kind of mimicks what happens in a 2-of-2 escrow situation, when the parties don't come to agreement (except in this case, I keep the money instead of them being forever unspendable)
I tried it out and it seems there is some issue.
Uggh. And thanks! I threw 0.05 BTC into your escrow while you're waiting. Seems like my latest change has stopped the "Advanced" release from actually sending the signature to the server. Will have it fixed in a few minutes.
Note to self: Setup email alerts for errors
---
Thanks! Stupid mistake, fixed. And I used the interface to release the escrow.
(Posting it here, as you made the details public)
https://live.blockcypher.com/btc/tx/c5d19e91a26e50a8e5ca23f6b9a8187c389dafec1bfd25126f008047b256ffd0/
The fee on that is strangely small, but it's seems to be working correctly (blocktrail's api is telling me the optimal fee is 94.12 bits per KiB)
I tried it out and it seems there is some issue.
I am receiving an error message saying to check the console and upon inspection of the console it looks like the server is responding with a status of 500 ()
If possible can you please release the coins back to my address
{
"address": "1MGeKWdiUiKPBt3NUR7NsmNDsZT5LgycrW",
"message": "The address 1H8YMrRaQeYJELbcVqatuRETtiLKL5Pkvw was generated on 2016-05-03T03:15:47.203Z by bithra.com, and holds funds in escrow for 1GTpwVr3UJsMTkdqVnwymGXR1udtDpo5f9 and will be released with signed instructions from 1AiJ9npjZceutRaASKT77jucsWpLsRPMWB in the next year",
"signature": "IKKMZfp+sKPyDTSIPvvGZ5GYiFtTHkzrAYDY4y0lzL0xFxhNwFHRS3wGM2+PlWZi0ooGLrgR2Ww9B4APvXLIvq0="
}
{
"address": "1AiJ9npjZceutRaASKT77jucsWpLsRPMWB",
"message": "release all escrowed funds from 1H8YMrRaQeYJELbcVqatuRETtiLKL5Pkvw",
"signature": "ICyFNJtDTmzwHfroK4HDTxUsOTU3Dw2rOJ/8m/04dA5GSL/xT/yxmD/W6RMj46emfEZchmNlhoc8bKzn58sUvSw="
}
I am also curious to know what will happen after the one year period is up
I am receiving an error message saying to check the console and upon inspection of the console it looks like the server is responding with a status of 500 ()
If possible can you please release the coins back to my address
{
"address": "1MGeKWdiUiKPBt3NUR7NsmNDsZT5LgycrW",
"message": "The address 1H8YMrRaQeYJELbcVqatuRETtiLKL5Pkvw was generated on 2016-05-03T03:15:47.203Z by bithra.com, and holds funds in escrow for 1GTpwVr3UJsMTkdqVnwymGXR1udtDpo5f9 and will be released with signed instructions from 1AiJ9npjZceutRaASKT77jucsWpLsRPMWB in the next year",
"signature": "IKKMZfp+sKPyDTSIPvvGZ5GYiFtTHkzrAYDY4y0lzL0xFxhNwFHRS3wGM2+PlWZi0ooGLrgR2Ww9B4APvXLIvq0="
}
{
"address": "1AiJ9npjZceutRaASKT77jucsWpLsRPMWB",
"message": "release all escrowed funds from 1H8YMrRaQeYJELbcVqatuRETtiLKL5Pkvw",
"signature": "ICyFNJtDTmzwHfroK4HDTxUsOTU3Dw2rOJ/8m/04dA5GSL/xT/yxmD/W6RMj46emfEZchmNlhoc8bKzn58sUvSw="
}
I am also curious to know what will happen after the one year period is up
Very nice site. I'm impressed.
What happens in the case of disputes?
What happens in the case of disputes?
Thanks! The two parties need to work it out. It's the moral equivalent of 2-of-2 multisig, but designed to be easier to use (no public key sharing, both people don't need to sign the transaction). If you need arbitration or something more advanced, it's not really the service.
There was a good discussion of it in bustabit, but basically the summary is that it removes the upside in scamming -- but doesn't prevent people scamming.
That is only one part of it though, and probably one of the smaller parts. The main reason he should be trusted is because he owns bustabit, and previously owned moneypot. Moneypot had lots of bitcoin invested in the bankroll, and I don't believe a single satoshi was stolen since after the sale, people could access and withdraw their funds at mp.bustabit.com. Bustabit has also had a lot of bitcoin wagered, and large winners are paid out very quickly, with some huge 10+ bitcoin withdraws. There wouldn't be much of a point for Ryan to create a site, just to scam people since if he did, his site (which probably makes him nice profit) would get a lot smaller volume, and there would be less profit.
Yeah, I think at a single point of time I had held >1000 BTC of other peoples money that I could've stolen if dishonest, and in total processed a little over 16k BTC of peoples withdraws. It doesn't really prove I will always act ethically, but bithra.com is just supposed to be a light weight alternative to "Send me the money first", not the be all and end all. I specifically avoided any advanced features and usage just to make it simple.
The use case I'm trying to replace is: "Hey, I'm new and selling X. Please send me the money first, I promise I won't scam you. I don't have time to use a human escrow". It's not trying to replace trustless on-chain schemes, and things that offer better guarantees.
Quote
PROVABLY FAIR: We provide non-repudiable proofs for all our escrow services, and is operated by Ryan Havar (owner of bustabit), on bitcointalk's default trust list, and handled millions of dollars of bitcoins.
^^What is this? So, you are basically asking for a favor for being on default trust level 2! Where is the provable fairness in it?
Actually it offers a little more guarantee than what is typically called "provably fair". Because in addition to proving to yourself it's fair (like gambling) it allows you to prove to others to prove you were cheated (non-repudiation).
The provably fairness is explained in the FAQ, but here's a practical example:
Code:
{
"address": "1MGeKWdiUiKPBt3NUR7NsmNDsZT5LgycrW",
"message": "The address 12SbYg7CZL9pxkvJqmmFriJXBYXhTiXPep was generated on 2016-05-01T23:12:56.110Z by bithra.com, and holds funds in escrow for 1FDUdzgVhUbSpkbCKST11XoeQ3K5zxac8a and will be released with signed instructions from 14iik8PjwVKGhHPvTD3eJUCdpyR7dfjW2Y in the next year",
"signature": "IBGDmeCNLxx6KBCBjJJkvvWpQwKFAsZd3PKHmkzzPI8gL+6AgOqOxScU/uHKrJoksQ4S5FRcI2iQ9qqHGdGpLPk="
}
You need to verify three things:
* The address is indeed the one we use to sign guarantees
* The signature is valid ( I like this tool:
https://www.blocktrail.com/BTC?verifysignedmessage=1 )
* The details are correct
Now you can save that guarantee, and if we don't act according to it -- you can call us out on scamming!
Quote
PROVABLY FAIR: We provide non-repudiable proofs for all our escrow services, and is operated by Ryan Havar (owner of bustabit), on bitcointalk's default trust list, and handled millions of dollars of bitcoins.
^^What is this? So, you are basically asking for a favor for being on default trust level 2! Where is the provable fairness in it?
Jump to: