Topic: [ENDED] ChipMixer Signature Campaign | Sr Member+ - page 4. (Read 303483 times)

Several months? One to two weeks is enough to figure out what's DarkStar's payout address.

As if you had a giant ChipMixer sign below your public posts which would indicate how much you make, and with whom you work with.  

It wouldn't be public information without a spreadsheet.

Yes, a determined adversary could certainly mimic DarkStar_'s job for several months and start to figure out who is who, but there is a big difference between that and a spreadsheet linking names and addresses. Just like someone could follow you for two weeks to learn your daily routine and when the best time would be to break in to your house, but there is a big difference between that and sticking a note on your door saying "I'm going to be at work for the next 12 hours".

And of course once people start changing their addresses, then the whole process becomes more difficult and less accurate.

But, there's no privacy in that part to begin with. Anyone with trivial blockchain analysis can figure out that certain transactions, which are sent in a specific time, every week, using the same addresses as inputs and outputs come from this campaign. A little more work, and you can figure out who owns which address, because participants are paid according to the number of posts they make, which is already public information.

As I mentioned above, I can see the argument for a public spreadsheet in short lived campaigns, those which have a high turn over of users, or those with untrusted managers. But in a stable campaign such as ChipMixer, which adds or removes users only a couple of times a year and is managed by a highly trusted manager, then I see no benefit. Whereas the benefit to privacy of not having one is significant.

This is correct. But then probably the whole procedure of joining to a campaign should be changed, from privately giving out addresses (by participants and possibly by campaign manager too) to private access to the spreadsheet for the participants.

However:
* this would be a huge hassle for CMs
* since members come and go the spreadsheet can become sooner or later almost public again if it isn't that everybody can see only his records
* this means that neither the CM nor the participants cannot be properly checked; and humans are inclined to cheat, you know...

So.. this half-solution is imho more hassle for not much of use/improvement, and.. I don't know how can this be done really good.
Don't take me wrong, I'd like to see a better solution. But for now, we don't have one.

Correct me if I'm wrong, but this link was made purely on the blockchain history of the payment addresses. Making such a link would still have been possible without the spreadsheet simply by pulling the payment addresses from the weekly payment transaction. The investigator might not have known the exact users linked to those addresses, but could easily just pass the blockchain evidence to DarkStar_ who could then respond accordingly.

I see no reason for there to be a public record linking usernames to addresses.

Surely you remember that not so long ago, one member was caught with his 2 alt accounts due to the public data of the campaign - and in the event that this data was visible only to the manager, he might still be abusing it today. I think the whole thing makes sense because of transparency, although I personally (and many others) wouldn't mind if the whole list were private and only available to those who would ask for it for some good reasons (not out of mere curiosity).

---

Regarding CryptPad, I tried to open the link via TOR and it was very slow, about 4 minutes for the list to load completely.

I reckon that with the ChipMixer spreadsheet it takes some time loading all the information. Regarding dark themes, it actually has for both the interface and ONLYOFFICE! For changing to the dark theme in the CryptoPad interface - as announced on their blog[1] - just go over to Settings -> Appearance -> Dark Mode. To change to dark theme in a ONLYOFFICE sheet just head over to File-> Advanced Settings...-> Interface Theme -> Dark. Now you should be able to run in a fully dark theme

---

[1]https://blog.cryptpad.org/2021/02/24/status-feb-2021/

I like it, let's continue with de-googling mission
Everything works fine for me with cryptpad.fr, but I just wish if it could load a bit faster and work with dark themes.
I think that n0nce or someone else recently posted another alternative called ethercalc.net that load super fast, but I am not sure it's encrypted and fully open source like cryptpad.

DarkStar_ posts the exchange rate he uses each week. (Exchange rate * how much you got paid)/6 = number of posts you were paid for. Very simple.

Maybe this will be a new trend...let me know how you got on with it.

How? They need to find the USD/BTC exchange rate of $6, and divide their paid amount with it to figure that out. The spreadsheet prevents this discomfort.

Genuine question: Why are people looking at the spreadsheet? What information are they taking from it? They have no need to know other users' addresses or post counts, and they can figure out how many of their own posts have been counted based on how much they are paid.

As I said, I haven't looked at the spreadsheet in years. I don't see why it needs to exist. I can maybe see an argument for a public spreadsheet in short lived campaigns, high turn over campaigns, or campaigns with a relatively new/inexperienced/untrusted manager, but not here.

My hatred of all things Google is well known, so I welcome a move away from Google Sheets, but at the end of the day the spreadsheet is still publicly viewable online to anyone and everyone.

Nice having you into this discussion NeuroticFish! Just a FYI - As it stands, I never participated in this campaign, these are just my opinions of what I would see as beneficial. Regarding your points, here are my thoughts:

That's a fact. However, one thing is to publish an address into the forum and other thing is to have that same address linked to a user in a single place where we can have all the transactions that were sent to that same address. This goes directly into your second point (blockchain is traceable until the genesis block), but I think that the way the information is presented in the spreadsheet makes whatever information is sent to Google way more easy to be compiled or even analyzed by a malicious actor. It's true that one can simply note which address belongs to who and start tracking it individually on the blockchain (assuming no spreadsheet existed), but that would take slighly more work when compared with the current solution.

While CryptoPad won't solve the argument that I've introduced as a reply to your points (publicly and compiled information), at least we'll know that no organization is doing whatever Google does in the background. If the process to transition to CryptoPad (or any other service alike) was a hassle, I would agree that it wouldn't be worth but I don't think that's the case as well.
My problem isn't only regarding accessing the service. I also fear what Google might do "behind" the scenes. Since we don't know what kind of analysis does Google make into the files that are hosted into their services, I will just assume that there's some kind of data that being analyzed and, in worst case scenarios, traded with someone that sees it as valuable (the "value" of the information in this case can be argued of course). After all, it wouldn't be the first time that reports of Google actively scanning your files[1] would happen (and keep happening).

---

While I understand that for the sake of transparency having the spreadsheet public is understandable, I also think there's room to debate here - would the overall users prefer to only those running in the campaign having access to the file? Or, if no one is looking at it, should it be kept private within the campaign manager (as a way to keep the records and facilitate payments)?

---

[1]https://libreddit.spike.codes/r/DataHoarder/comments/ya78r3/was_not_aware_google_scans_all_your_private_files/

Personally it seems like a bit of unnecessary hustle, but I am also a campaign manager and if I knew that switch like this would benefit any members of the campaign I am running I would probably make the switch. Will try it myself this week when uploading a spreadsheet. Thanks for bringing this to my attention.

@DarkStar_ Did you consider removing part of the spreadsheet. Let's say you post first 250 weeks on crypotpad once as an archive and then just update the current spreadsheet that always has just last 50 weeks in it? I don't think campaign would loose much with move like that and it could save you a hustle every week if cryptopad has problems with large spreadsheets.

I do appreciate it, because that means I can check it without visiting a Google page (and without having access to Tor Browser / waiting for it to connect to the network / waiting for the page to load over Tor...).

I don't think I've ever looked at the spreadsheet beyond the day I was accepted, and I would have no issue with there being no spreadsheet at all so that individuals could keep their addresses private if they wish.

I didn't follow *that closely* the debate on using this or that spreadsheet and I kind of miss the point of using this vs that. Let me explain why:
* the people have posted publicly their addresses into the forum
* the address the transactions are sent from is public, so the transactions can easily be traced
* both Google Docs and CryptoPad work with Tor browser if JS is enabled, so there's no such thing as logging IP is one wants to be careful

Hence, again, I miss the point of using this vs that. For me any of them is okay.

Like I've said you you in PM's, I'm really happy to know that you even considered using this service considering the overall positive response that my previous comment[1] about this generated. If anyone is curious about what CryptoPad is, my reply has a resume about the software.

The good thing about ChipMixer signature campaign eventually switching to CryptoPad (if it happens) is, from my perspective, something that could motivate other campaigns into doing the same - dropping Google Sheets and venturing into a more private friendly service. I honestly don't see anything bad in this aspect - assuming the spreadsheet is correctly imported into CryptoPad - as it would shield both users and campaign managers that every week access the Google Sheets and who knows what kind of information is Google secretly relaying to their servers ...

I do know that there's an application from Microsoft called "Spreadsheet Compare"[2] that allows users to check differences between files, but I would like to find a FOSS alternative (or even some code). I'm most certain that the spreadsheet should have been correctly imported by CryptoPad, but one can never be 100% certain without testing out for themselves.

---

[1]https://bitcointalksearch.org/topic/m.61360375
[2]https://support.microsoft.com/en-us/office/overview-of-spreadsheet-compare-13fafa61-62aa-451b-8674-242ce5f2c986

Payments for this week of the campaign have been sent, using an exchange rate of 1 BTC = $22810 USD. (a35c890221a758e7bfbb38df3691d99ec4726ba3aae3d782e4f09e954c68b278)

---

I've added a mirror of the spreadsheet to CryptPad: https://cryptpad.fr/sheet/#/2/sheet/view/eSplm+1JhNSpZ2vhLc8J08tS0p2nWrp0CiVXVjIQEnE/embed/
Getting this to work was a bit annoying (cryptpad broke trying to import the CM sheet quite a few times, likely because it's a pretty big spreadsheet) so please let me know if this is something you benefit from/would like to see continue going forward  

Also - if you have issues with it, please let me know as well.