Topic: Escrow question (Read 1262 times)

4000 coins in a few time

The thing is that you need someone to trust. If you can trust your seller than its ok. If not then you have to trust some other person to get the things done. If you think the escrow will take your money then don't use that escrow.
Look for feedback and comments.

hm.....and TF ran away with 4000 coins....

Try youtube.

I'll research up PGP now because it sounds useful for any purpose not just for escrow holders any one got any useful guides?

.

He meant like PP not Paypal itself. There are Bitcoin escrow companies, but it's probably better just to use a very trusted member of these forums.

Paypal wouldn't do escrow for Bitcoin I don't know any big websites/companies which offer escrow services for Bitcoin if you know any please let me see them.

I was thinking a website of the level of PayPal.

Oh ok my english isn't to good so I may have understood what he meaned.

.

.

He seems to know what he is doing and I don't think I could trust a script or a website to handle the money just in case that got hacked beucase I'm sure it would be a big target for hackers.

There should be a website for escrow, something a script should handle not a person.


I think he wasn't being serious.

You could but it's better to sign with the address itself, much better. Bitcoin natively supports pgp like features.

Also pgp is only useful if you save it now and make sure it didn't change right before you get a signed message.

Thanks for the explanation I do have some other questions:

So you can link a pgp key to your address just to verify that you own that address too?

Yes pgp proves I sent you an address. Someone could hack my account here and send an address while I'm sleeping and I wouldn't get it.

pgp is a cryptography system used for both encryption and verification.

In the case of escrow contracts it is mostly used for verification purposes.

Imagine the following:

• Albert creates an advertisement claiming to sell widgets for 1 BTC.
• Bobby sees Albert's advertisement and wants a widget so he contacts Albert.
• Bobby explains that he is unfamiliar with Albert's business, and would feel more comfortable if they could agree to use an escrow agent that they both trust.
• Albert asks Bobby which escrow agent he prefers to use.
• Bobby suggests that they use Carl as an escrow agent since Carl is well known and trusted in the community and has a lot of experience handling escrow.
• Albert tells Bobby that he will contact Carl and find out if Carl is available to handle escrow.
• Albert contacts Carl, and Carl sends an escrow agreement to Albert that has a bitcoin address controlled by Carl to store the bitcoins.
• Albert modifies the agreement changing the "escrow address" to an address that is controlled by Albert.
• Albert contacts Bobby, tells him that he got an escrow agreement from Carl, and sends him the modified agreement
• Other than a modified address, the agreement looks exactly like all of Carl's agreements, and since every escrow should have a unique address, there is no way for Bobby to know that the address has been modified.
• Bobby sends his bitcoin to the address in the agreement that he received from Albert, and Albert runs off with the bitcoin never to be seen again.
• Bobby contacts Carl, and demands his bitcoin back from escrow.
• Carl claims that the escrow address never received any bitcoins
• Bobby has no way of knowing if Albert stole his bitcoins or if Carl stole his bitcoins.  He doesn't have any way to prove who controls the address that he sent the bitcoins to

In this story there are 2 big problems.

First, Bobby accepted an escrow agreement from Albert on behalf of Carl.  Any good escrow agent will require that they communicate directly with all parties involved.  When Bobby received the agreement from Albert, he should immediately have been suspicious that the agreement didn't come to him directly from Carl.  He should have discarded that agreement and contacted Carl requesting his own copy of the agreement directly from Carl.

Even this doesn't guarantee that the agreement received will be legitimate though.  It is possible that Carl's communication account could be hacked by Albert allowing Albert to intercept the request and send the falsified agreement to Bobby.

The second big problem is that Bobby (and Albert) have no way to know that the agreement actually came from the "real" Carl that everyone trusts and not some third party that managed to gain control of Carl's communication account.  This is the problem that pgp verification is intended to solve.  If the escrow provider has a well distributed and known pgp public key, then they can provide a pgp digital signature with the agreement.  That signature is specific only to that EXACT agreement.  If ANYTHING in the agreement is modified at all, then the signature will not verify properly.  Anybody with the public key and an exact copy of the agreement can use pgp software to validate the signature, but ONLY the owner of the pgp private key can create the signature.  If everyone knows that the escrow provider ALWAYS provides a pgp signature with their agreements, then Bobby would immediately know that the agreement was fake when it arrived from Albert without a signature.  If Albert tried to change the address in the agreement, and still provide the original signature, then Bobby could have been alerted to the fact that the agreement was not the original agreement issued by Carl since pgp would tell him that the signature was invalid.

Because of the disappearing of John K I will have to find another escrow and this is why I wanted to ask these questions one question which hasn't been answered yet is what is a pgp? what does the contracts involve?

Nothing but their reputation, so I'd check for evidence of that and trade history first. Somebody who has done hundreds of trades and has held on to 100s of Bitcoins at a time probably isn't going to run off with your Bitcoins.