I certainly understand the level of suspicion, after what's happened lately where we took people's word for something and got shafted ourselves. It's the same in the online casino industry, maybe more so. There's a whole bunch of ways people have tried to solve that trust problem, none of them completely successful:
1) crowd-sourced reputation monitoring, regulation-by-complaint, let-the-market-decide, etc. which doesn't always work (this is where most Bitcoin commerce is presently)
2) a few trustworthy independent sources emerging to act as magnets for the better operations, writing their own standards and stepping in personally to mediate casino/player disputes (like
http://casinomeister.com with their pitch-a-bitch complaint resolution procedure, where they contact casinos on the player's behalf; and their dreaded "rogue casino" list). The danger here is that power corrupts.
3) relatively weak government licensing jurisdictions which do a few audits and sign off, in some rare cases making good on defaults of companies in their orbit,
4) large governments like the US where the solution has been to nuke the industry completely, using the history of unaccountability as an excuse to curtail freedom.
There are a few outlying examples, like Galewind Software Co. paying out a player and shutting down an operator's casino when the operator running their software refused to pay; as great as it was, this was barnyard justice and no way for an industry to run.
So take your pick. It ain't pretty. IMHO, option #2 works best. Before we launched I spent almost a year on casinomeister talking to players, reading complaints against other casinos and trying to figure out how to build a site that would be safe, responsive to players, and would make sure that even under catastrophic circumstances we would always have enough backups and funds to cover it and never land on the rogue list. To me, this site isn't just a one-off little league Bitcoin casino, it's a platform I'm constantly improving that isn't limited to this market. So our site was built to casinomeister's standard, which is actually a lot higher than what most licensing jurisdictions ask for; and far higher than anyone in the Bitcoin community has ever asked for out loud. This is probably the first step in that direction, and I support it.
So. While we won't post details of our security procedures in a public forum, we would be willing to share some information with the OP, in confidence, based on which he can make a well-informed recommendation as to whether what I've said here is true. This obviously sets a precedent that gives Phineas a fair amount of power, potentially. But I do think his intentions are honest. I've been approached by certain scammers on this board out of the blue, saying they wanted access to our systems to "audit" us. Good luck. But if we can prove to Phineas that we are what we say we are, then hopefully that will set people at ease, and it would set my mind at ease if more Bitcoin companies were willing to be forthcoming with those kinds of details.
Specifically I'm proposing to show the following:
* List of servers we control
* Hourly cron backup scripts (redacted for usernames)
* Screenshots of daily offline backups in progress/completed (only 71 Mb!)
* A more thorough explanation than I'm willing to give here.
